From: Martin Willi <martin@revosec.ch>
Date: Fri, 7 Jan 2011 14:45:53 +0000 (+0100)
Subject: Added NEWS for ipsec.conf certpolicy and key strength options
X-Git-Tag: 4.5.1~127
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=96c4addcbd90860cc41086f932792293bcd66af9;p=thirdparty%2Fstrongswan.git

Added NEWS for ipsec.conf certpolicy and key strength options
---

diff --git a/NEWS b/NEWS
index e091fa0d08..fbae771cbc 100644
--- a/NEWS
+++ b/NEWS
@@ -55,7 +55,11 @@ strongswan-4.5.1
   checking. In additon to X.509 pathLen constraints, the plugin checks for
   nameConstraints and certificatePolicies, including policyMappings and
   policyConstraints. The x509 certificate plugin and the pki tool have been
-  enhanced to support these extensions.
+  enhanced to support these extensions. The new left/rightcertpolicy ipsec.conf
+  connection keywords take OIDs a peer certificate must have.
+
+- The left/rightauth ipsec.conf keywords accept values with a minimum strength
+  for trustchain public keys in bits, such as rsa-2048 or ecdsa-256.
 
 - The revocation and x509 libstrongswan plugins and the pki tool gained basic
   support for delta CRLs.