From d870611eb03831d79f263c8cda32fe0996ad5ffd Mon Sep 17 00:00:00 2001
From: Martin Sucha <anty.sk+git@gmail.com>
Date: Sun, 13 May 2018 23:28:33 +0200
Subject: doc: add NEWS about serial and CRL numbers

Signed-off-by: Martin Sucha <anty.sk+git@gmail.com>
---
 NEWS | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/NEWS b/NEWS
index f7b397c57a..707ada24e1 100644
--- a/NEWS
+++ b/NEWS
@@ -49,6 +49,14 @@ See the end for copying conditions.
    unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API
    change for these functions which make them err towards safety.
 
+** certtool: It is now possible to specify certificate and serial CRL numbers greater
+   than 2**63-2 as a hex-encoded string both when prompted and in a template file.
+   Default certificate serial numbers are now fully random. Default CRL
+   numbers include more random bits and are larger than in previous GnuTLS versions.
+   Since CRL numbers are required to be monotonic, specify suitable CRL numbers manually
+   if you intend to later downgrade to previous versions as it was not possible
+   to specify large CRL numbers in previous versions of certtool.
+
 ** API and ABI modifications:
 gnutls_fips140_set_mode: Added
 gnutls_session_key_update: Added
-- 
cgit v1.2.1