NEWS: Introduce EAP constraints support for EAP-(T)TLS

author Martin Willi <martin@revosec.ch>

Thu, 29 Jan 2015 10:57:44 +0000 (11:57 +0100)

committer Martin Willi <martin@revosec.ch>

Tue, 3 Mar 2015 13:08:47 +0000 (14:08 +0100)
author Martin Willi <martin@revosec.ch>
Thu, 29 Jan 2015 10:57:44 +0000 (11:57 +0100)
committer Martin Willi <martin@revosec.ch>
Tue, 3 Mar 2015 13:08:47 +0000 (14:08 +0100)
diff --git a/NEWS b/NEWS

index 51688d264da703afcdcba9e08ec68080e8f1917f..8dc5e314da59c0db80fe3b410836c99249821fe9 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,11 @@ strongswan-5.3.0
    Windows 7 IKEv2 clients, which announces its services over the tunnel if the
    negotiated IPsec policy allows it.
  
+- EAP server methods now can fulfill public key constraints, such as rightcert
+  or rightca. Additionally, public key and signature constraints can be
+  specified for EAP methods in the rightauth keyword. Currently the EAP-TLS and
+  EAP-TTLS methods provide verification details to constraints checking.
+
  - Upgrade of the BLISS post-quantum signature algorithm to the improved BLISS-B
    variant. Can be used in conjunction with the SHA256, SHA384 and SHA512 hash
    algorithms with SHA512 being the default.
author	Martin Willi <martin@revosec.ch>
	Thu, 29 Jan 2015 10:57:44 +0000 (11:57 +0100)
committer	Martin Willi <martin@revosec.ch>
	Tue, 3 Mar 2015 13:08:47 +0000 (14:08 +0100)