NEWS: Mention the new addrblock features

author: Martin Willi <martin@strongswan.org> 2017-03-02 08:23:01 +0100
committer: Martin Willi <martin@strongswan.org> 2017-03-02 08:24:02 +0100
commit: 7ae95468119583084d6373ce7890b20a64e0aa02 (patch)
tree: 1d98ba593d9b7c90d9c56295087cc17d95a5850a
parent: d536b94e0d12543e548ed4f0df2220384293f08e (diff)
download: strongswan-7ae95468119583084d6373ce7890b20a64e0aa02.tar.bz2
strongswan-7ae95468119583084d6373ce7890b20a64e0aa02.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index ddb0be37c..08c2a673b 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,12 @@ strongswan-5.5.2
   TPM 2.0 object handle as keyid parameter, the pki --pub tool can extract
   the public key from the TPM thereby replacing the aikpub2 tool.
 
+- The pki tool gained support for generating certificates with the RFC 3779
+  addrblock extension. The charon addrblock plugin now dynamically narrows
+  traffic selectors based on the certificate addrblocks instead of rejecting
+  non-matching selectors completely. This allows generic connections, where
+  the allowed selectors are defined by the used certificates only.
+
 - In-place update of cached base and delta CRLs does not leave dozens
   of stale copies in cache memory.
author	Martin Willi <martin@strongswan.org>	2017-03-02 08:23:01 +0100
committer	Martin Willi <martin@strongswan.org>	2017-03-02 08:24:02 +0100
commit	7ae95468119583084d6373ce7890b20a64e0aa02 (patch)
tree	1d98ba593d9b7c90d9c56295087cc17d95a5850a
parent	d536b94e0d12543e548ed4f0df2220384293f08e (diff)
download	strongswan-7ae95468119583084d6373ce7890b20a64e0aa02.tar.bz2 strongswan-7ae95468119583084d6373ce7890b20a64e0aa02.tar.xz