** libgnutls: Eliminated issues preventing buffers more than 2^32 bytes
to be used with hashing functions.
** libgnutls: Corrected leaks and other issues in gnutls_x509_crt_list_import().
** libgnutls: Fixes in DSA key handling for PKCS #11. Report and patches
by Jan Vcelak.
** libgnutls: Several fixes to prevent relying on undefined behavior of C
(found with libubsan).
* Version 3.4.11 (released 2016-04-11)
** libgnutls: Fixes in gnutls_record_get/set_state() with DTLS. Reported
by Fridolin Pokorny.
** libgnutls: Fixes in DSA key generation under PKCS #11. Report and patches
by Jan Vcelak.
** libgnutls: Corrected behavior of ALPN extension parsing during session
resumption. Report and patches by Yuriy M. Kaminskiy.
** libgnutls: Corrected regression (since 3.4.0) in gnutls_server_name_set()
which caused it not to accept non-null-terminated hostnames. Reported
by Tim Ruehsen.
** libgnutls: Corrected printing of the IP Adress name constraints.
** ocsptool: use HTTP/1.0 for requests. This avoids issue with servers
serving chunk encoding which ocsptool doesn't support. Reported by Thomas
Klute.
** certtool: do not require a CA for OCSP signing tag. This follows the
recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate OCSP
signing to another certificate without requiring it to be a CA. Reported
by Thomas Klute.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
