Added NEWS for ipsec.conf certpolicy and key strength options

2011-01-07 15:45:53 +01:00 · 2011-01-07 15:45:53 +01:00 · 96c4addcbd
parent 44e513a320
commit 96c4addcbd
1 changed files with 5 additions and 1 deletions
--- a/6
+++ b/6
@ -55,7 +55,11 @@ strongswan-4.5.1
  checking. In additon to X.509 pathLen constraints, the plugin checks for
  nameConstraints and certificatePolicies, including policyMappings and
  policyConstraints. The x509 certificate plugin and the pki tool have been
-  enhanced to support these extensions.
+  enhanced to support these extensions. The new left/rightcertpolicy ipsec.conf
+  connection keywords take OIDs a peer certificate must have.
+
+- The left/rightauth ipsec.conf keywords accept values with a minimum strength
+  for trustchain public keys in bits, such as rsa-2048 or ecdsa-256.

 - The revocation and x509 libstrongswan plugins and the pki tool gained basic
  support for delta CRLs.