doc: add NEWS about serial and CRL numbers

Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>
author: Martin Sucha <anty.sk+git@gmail.com> 2018-05-13 23:28:33 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-05-19 11:55:59 +0200
commit: d870611eb03831d79f263c8cda32fe0996ad5ffd (patch)
tree: a2173c12e124689c68ec8b44c92fc119f877f45f /NEWS
parent: 75ddd37796ee64c0e8b2cf0349a1f2a0ca4021fa (diff)
download: gnutls-d870611eb03831d79f263c8cda32fe0996ad5ffd.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index f7b397c57a..707ada24e1 100644
--- a/NEWS
+++ b/NEWS
@@ -49,6 +49,14 @@ See the end for copying conditions.
    unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API
    change for these functions which make them err towards safety.
 
+** certtool: It is now possible to specify certificate and serial CRL numbers greater
+   than 2**63-2 as a hex-encoded string both when prompted and in a template file.
+   Default certificate serial numbers are now fully random. Default CRL
+   numbers include more random bits and are larger than in previous GnuTLS versions.
+   Since CRL numbers are required to be monotonic, specify suitable CRL numbers manually
+   if you intend to later downgrade to previous versions as it was not possible
+   to specify large CRL numbers in previous versions of certtool.
+
 ** API and ABI modifications:
 gnutls_fips140_set_mode: Added
 gnutls_session_key_update: Added
author	Martin Sucha <anty.sk+git@gmail.com>	2018-05-13 23:28:33 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-05-19 11:55:59 +0200
commit	d870611eb03831d79f263c8cda32fe0996ad5ffd (patch)
tree	a2173c12e124689c68ec8b44c92fc119f877f45f /NEWS
parent	75ddd37796ee64c0e8b2cf0349a1f2a0ca4021fa (diff)
download	gnutls-d870611eb03831d79f263c8cda32fe0996ad5ffd.tar.gz