From 900cfd4b551c63fd240af9886afcc0673795e372 Mon Sep 17 00:00:00 2001
From: Bob Beck <beck@openbsd.org>
Date: Thu, 8 Oct 2020 08:46:52 -0600
Subject: wordsmith some, and include mention of name constraints and bettertle
 test suite

---
 ChangeLog | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 179b3eb..51a8b27 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,12 +30,17 @@ LibreSSL Portable Release Notes:
 
 3.2.2 - Stable release
 
-	* This is the first stable release with the new TLSv1.3 implementation
-	  enabled for both server and client. The OpenSSL TLSv1.3 API is not
-	  yet available and will be provided in an upcoming release.
+	* This is the first stable release with the new TLSv1.3
+	  implementation enabled by default for both server and client. The
+ 	  OpenSSL 1.1 TLSv1.3 API is not yet available and will be provided
+	  in an upcoming release.
 
-	* New X509 certificate chain validator loosely based on Go's X509
-	  validator.
+	* New X509 certificate chain validator that correctly handles
+	  multiple paths through intermediate certificates. Loosely based on
+	  Go's X509 validator.
+
+	* New name constraints verification implementation which passes the
+	  bettertls.com certificate validation check suite.
 
 	* Improve the handling of BIO_read()/BIO_write() failures in the
 	  TLSv1.3 stack.
@@ -94,6 +99,8 @@ LibreSSL Portable Release Notes:
 
 	* Greatly expanded test coverage via the tlsfuzzer test scripts.
 
+	* Expanded test coverage via the bettertls certificate test suite.
+
 	* Test interoperability with the Botan TLS client.
 
 	* Make pthread_mutex static initialisation work on Windows.
-- 
cgit v1.2.3-55-g6feb