From f05a578b8bff4bb7750e461aaeb5094f0eca4a50 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Thu, 29 Jan 2015 11:57:44 +0100
Subject: [PATCH] NEWS: Introduce EAP constraints support for EAP-(T)TLS

---
 NEWS | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/NEWS b/NEWS
index 51688d264d..8dc5e314da 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,11 @@ strongswan-5.3.0
   Windows 7 IKEv2 clients, which announces its services over the tunnel if the
   negotiated IPsec policy allows it.
 
+- EAP server methods now can fulfill public key constraints, such as rightcert
+  or rightca. Additionally, public key and signature constraints can be
+  specified for EAP methods in the rightauth keyword. Currently the EAP-TLS and
+  EAP-TTLS methods provide verification details to constraints checking.
+
 - Upgrade of the BLISS post-quantum signature algorithm to the improved BLISS-B
   variant. Can be used in conjunction with the SHA256, SHA384 and SHA512 hash
   algorithms with SHA512 being the default.
-- 
2.47.2