>From e754fae3890c6bc6b3548ee86dc28c4f9be85fee Mon Sep 17 00:00:00 2001
From: Andreas Metzler <address@hidden>
Date: Sat, 20 Nov 2010 15:40:05 +0100
Subject: [PATCH] Document gnutls-cli V1 CA policy change

GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is set for gnutls-cli. Document this
fact.
---
 ChangeLog |    3 ++-
 NEWS      |    3 +++
 2 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 59efa16..a7b5aed 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1794,7 +1794,8 @@
 
 	* lib/gnutls_x509.c: The gnutls-cli --x509cafile can now be a PKCS
 	#11 URL. It can read gnome-keyring's certificates and use them in
-	the trusted list.
+	the trusted list. Also gnutls-cli certificate verification accepts V1
+	CAs by default. (GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is set.)
 
 2010-05-16  Nikos Mavrogiannopoulos <address@hidden>
 
diff --git a/NEWS b/NEWS
index c959fb0..24aaade 100644
--- a/NEWS
+++ b/NEWS
@@ -325,6 +325,9 @@ gnutls_safe_negotiation_set_initial and gnutls_safe_renegotiation_set.
 (Remember that we don't promise ABI stability during development
 series, so this doesn't cause an shared library ABI increment.)
 
+** gnutls-cli accepts certificate verification accepts V1
+CAs by default. (GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is set.)
+
 ** tests: More self testing of safe renegotiation extension.
 See tests/safe-renegotiation/README for more information.
 
-- 
1.7.2.3