Added NEWS for ipsec.conf certpolicy and key strength options

author Martin Willi <martin@revosec.ch>

Fri, 7 Jan 2011 14:45:53 +0000 (15:45 +0100)

committer Martin Willi <martin@revosec.ch>

Fri, 7 Jan 2011 14:51:35 +0000 (15:51 +0100)
author Martin Willi <martin@revosec.ch>
Fri, 7 Jan 2011 14:45:53 +0000 (15:45 +0100)
committer Martin Willi <martin@revosec.ch>
Fri, 7 Jan 2011 14:51:35 +0000 (15:51 +0100)
diff --git a/NEWS b/NEWS

index e091fa0d08b5156a4a9ececc7831791cc86a5946..fbae771cbc176d76a9b3148934f8cf4ac274eb82 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -55,7 +55,11 @@ strongswan-4.5.1
    checking. In additon to X.509 pathLen constraints, the plugin checks for
    nameConstraints and certificatePolicies, including policyMappings and
    policyConstraints. The x509 certificate plugin and the pki tool have been
-  enhanced to support these extensions.
+  enhanced to support these extensions. The new left/rightcertpolicy ipsec.conf
+  connection keywords take OIDs a peer certificate must have.
+
+- The left/rightauth ipsec.conf keywords accept values with a minimum strength
+  for trustchain public keys in bits, such as rsa-2048 or ecdsa-256.
  
  - The revocation and x509 libstrongswan plugins and the pki tool gained basic
    support for delta CRLs.
author	Martin Willi <martin@revosec.ch>
	Fri, 7 Jan 2011 14:45:53 +0000 (15:45 +0100)
committer	Martin Willi <martin@revosec.ch>
	Fri, 7 Jan 2011 14:51:35 +0000 (15:51 +0100)