certtool: don't copy CRL distribution point from CA cert

Suggested by Thomas Karlsson in: https://gitlab.com/gnutls/gnutls/-/issues/1126 While this changes the default behavior, CDP can always be set through the template or interactive input. Signed-off-by: Daiki Ueno <ueno@gnu.org>
author: Daiki Ueno <ueno@gnu.org> 2021-04-28 11:04:20 +0200
committer: Daiki Ueno <ueno@gnu.org> 2021-04-28 15:23:49 +0200
commit: 46b739ac6d4b31a351b8a18af64baf10cc4a555c (patch)
tree: 511dbe30e08f23b3587b24a6953c471bf72fe3ca /NEWS
parent: a111a76d190af22bc54c3a5242d9ee65f1357d4a (diff)
download: gnutls-46b739ac6d4b31a351b8a18af64baf10cc4a555c.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index f4ebe43ffb..c1db7910d2 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,9 @@ See the end for copying conditions.
    benefit of 0-RTT, but also works under certain assumptions hold (e.g., the
    same ciphersuite is selected in initial and resumption handshake) (#1146).
 
+** certtool: When signing a CSR, CRL distribution point (CDP) is no longer
+   copied from the signing CA by default (#1126).
+
 * Version 3.7.1 (released 2021-03-10)
 
 ** libgnutls: Fixed potential use-after-free in sending "key_share"
author	Daiki Ueno <ueno@gnu.org>	2021-04-28 11:04:20 +0200
committer	Daiki Ueno <ueno@gnu.org>	2021-04-28 15:23:49 +0200
commit	46b739ac6d4b31a351b8a18af64baf10cc4a555c (patch)
tree	511dbe30e08f23b3587b24a6953c471bf72fe3ca /NEWS
parent	a111a76d190af22bc54c3a5242d9ee65f1357d4a (diff)
download	gnutls-46b739ac6d4b31a351b8a18af64baf10cc4a555c.tar.gz