From: Martin Willi Date: Thu, 2 Mar 2017 07:23:01 +0000 (+0100) Subject: NEWS: Mention the new addrblock features X-Git-Tag: 5.5.2dr6~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7ae95468119583084d6373ce7890b20a64e0aa02;p=thirdparty%2Fstrongswan.git NEWS: Mention the new addrblock features --- diff --git a/NEWS b/NEWS index ddb0be37cd..08c2a673be 100644 --- a/NEWS +++ b/NEWS @@ -13,6 +13,12 @@ strongswan-5.5.2 TPM 2.0 object handle as keyid parameter, the pki --pub tool can extract the public key from the TPM thereby replacing the aikpub2 tool. +- The pki tool gained support for generating certificates with the RFC 3779 + addrblock extension. The charon addrblock plugin now dynamically narrows + traffic selectors based on the certificate addrblocks instead of rejecting + non-matching selectors completely. This allows generic connections, where + the allowed selectors are defined by the used certificates only. + - In-place update of cached base and delta CRLs does not leave dozens of stale copies in cache memory.