From: Martin Willi <martin@revosec.ch>
Date: Thu, 29 Jan 2015 10:57:44 +0000 (+0100)
Subject: NEWS: Introduce EAP constraints support for EAP-(T)TLS
X-Git-Tag: 5.3.0dr1~46^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f05a578b8bff4bb7750e461aaeb5094f0eca4a50;p=thirdparty%2Fstrongswan.git

NEWS: Introduce EAP constraints support for EAP-(T)TLS
---

diff --git a/NEWS b/NEWS
index 51688d264d..8dc5e314da 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,11 @@ strongswan-5.3.0
   Windows 7 IKEv2 clients, which announces its services over the tunnel if the
   negotiated IPsec policy allows it.
 
+- EAP server methods now can fulfill public key constraints, such as rightcert
+  or rightca. Additionally, public key and signature constraints can be
+  specified for EAP methods in the rightauth keyword. Currently the EAP-TLS and
+  EAP-TTLS methods provide verification details to constraints checking.
+
 - Upgrade of the BLISS post-quantum signature algorithm to the improved BLISS-B
   variant. Can be used in conjunction with the SHA256, SHA384 and SHA512 hash
   algorithms with SHA512 being the default.