From df3fa23fe956a80bb1509ec46f645085003dd1c4 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 7 Sep 2017 08:24:41 +0200
Subject: doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 NEWS | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/NEWS b/NEWS
index 21f568559a..f3ce39455b 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,15 @@ See the end for copying conditions.
 
 * Version 3.6.1 (unreleased)
 
+** libgnutls: gnutls_x509_crl_sign, gnutls_x509_crt_sign,
+   gnutls_x509_crq_sign, were modified to sign with a better algorithm than
+   SHA1. They will now sign with an algorithm that corresponds to the security
+   level of the signer's key.
+
+** libgnutls: gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign()
+   accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That will signal
+   the function to auto-detect an appropriate hash algorithm to use.
+
 ** p11tool: added options --sign-params and --hash. This allows testing
    signature with multiple algorithms, including RSA-PSS.
 
-- 
cgit v1.2.1