NEWS: Mention the new addrblock features

author Martin Willi <martin@strongswan.org>

Thu, 2 Mar 2017 07:23:01 +0000 (08:23 +0100)

committer Martin Willi <martin@strongswan.org>

Thu, 2 Mar 2017 07:24:02 +0000 (08:24 +0100)
author Martin Willi <martin@strongswan.org>
Thu, 2 Mar 2017 07:23:01 +0000 (08:23 +0100)
committer Martin Willi <martin@strongswan.org>
Thu, 2 Mar 2017 07:24:02 +0000 (08:24 +0100)
diff --git a/NEWS b/NEWS

index ddb0be37cd8d6124cec3131c9d30b6b1f7bfd004..08c2a673be5229c511176bb50a8fe3b67c64f3b1 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,12 @@ strongswan-5.5.2
    TPM 2.0 object handle as keyid parameter, the pki --pub tool can extract
    the public key from the TPM thereby replacing the aikpub2 tool.
  
+- The pki tool gained support for generating certificates with the RFC 3779
+  addrblock extension. The charon addrblock plugin now dynamically narrows
+  traffic selectors based on the certificate addrblocks instead of rejecting
+  non-matching selectors completely. This allows generic connections, where
+  the allowed selectors are defined by the used certificates only.
+
  - In-place update of cached base and delta CRLs does not leave dozens
    of stale copies in cache memory.
author	Martin Willi <martin@strongswan.org>
	Thu, 2 Mar 2017 07:23:01 +0000 (08:23 +0100)
committer	Martin Willi <martin@strongswan.org>
	Thu, 2 Mar 2017 07:24:02 +0000 (08:24 +0100)