NEWS: Mention the new addrblock features

2017-03-02 08:23:01 +01:00 · 2017-03-02 08:23:01 +01:00 · 7ae9546811
parent d536b94e0d
commit 7ae9546811
1 changed files with 6 additions and 0 deletions
--- a/6
+++ b/6
@ -13,6 +13,12 @@ strongswan-5.5.2
  TPM 2.0 object handle as keyid parameter, the pki --pub tool can extract
  the public key from the TPM thereby replacing the aikpub2 tool.

+- The pki tool gained support for generating certificates with the RFC 3779
+  addrblock extension. The charon addrblock plugin now dynamically narrows
+  traffic selectors based on the certificate addrblocks instead of rejecting
+  non-matching selectors completely. This allows generic connections, where
+  the allowed selectors are defined by the used certificates only.
+
 - In-place update of cached base and delta CRLs does not leave dozens
  of stale copies in cache memory.