Index: CHANGELOG.md |
diff --git a/CHANGELOG.md b/CHANGELOG.md |
index e1ed14455afada92704cd512a155a9927cb11747..7c874dca2a917f8ae87fa2ed1597790aa03d2e60 100644 |
--- a/CHANGELOG.md |
+++ b/CHANGELOG.md |
@@ -7,6 +7,16 @@ |
[article on native extensions](https://www.dartlang.org/articles/dart-vm/native-extensions) |
to reflect the VM's improved behavior. |
+* We have improved the way the VM searches for trusted root certificates for |
+ secure socket connections on Linux. First, the VM will look for trusted root |
+ certificates in standard locations on the file system |
+ (/etc/pki/tls/certs/ca-bundle.crt followed by /etc/ssl/certs), and only if |
+ these do not exist will it fall back on the builtin trusted root certificates. |
+ This behavior can be overridden on Linux with the new flags |
+ --root-certs-file and --root-certs-cache. The former is the path to a file |
+ containing the trusted root certificates, and the latter is the path to a |
+ directory containing root certificate files hashed using `c_rehash`. |
+ |
### Core library changes |
* `dart:core`: Remove deprecated `Resource` class. |
Use the class in `package:resource` instead. |
@@ -21,7 +31,7 @@ |
* Added `WebSocket.addUtf8Text` to allow sending a pre-encoded text message |
without a round-trip UTF-8 conversion. |
-## Strong Mode |
+### Strong Mode |
* Breaking change - it is an error if a generic type parameter cannot be |
inferred (SDK issue [26992](https://github.com/dart-lang/sdk/issues/26992)). |