Changelog and docs re #1042

author: Jeff Forcier <jeff@bitprophet.org> 2017-08-28 11:51:41 -0700
committer: Jeff Forcier <jeff@bitprophet.org> 2017-08-28 11:51:41 -0700
commit: a8723e08aaff00ee068cbdefa119cd34dd6f0d6b (patch)
tree: a570281e91d94cf2350033d7ecbe07f2e063cc58 /sites
parent: aae69d5d9cf083ae29d92ac33a5ebd2607c1e8bc (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 15bf8ebf..3eb88485 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,21 @@
 Changelog
 =========
 
+* :feature:`1042` (also partially :issue:`531`) Implement generic (suitable for
+  all key types) client-side certificate authentication.
+
+  The core implementation is `PKey.load_certificate
+  <paramiko.pkey.PKey.load_certificate>` and its corresponding ``.public_blob``
+  attribute on key objects, which is honored in the auth and transport modules.
+  Additionally, `SSHClient.connect <paramiko.client.SSHClient.connect>` will
+  now automatically load certificate data alongside private key data when one
+  has appropriately-named cert files (e.g. ``id_rsa-cert.pub``) - see its
+  docstring for details.
+
+  Thanks to Paul Kapp for the final patch, and to Jason Rigby for earlier work
+  in :issue:`531` (which remains open as it contains additional functionality
+  that may get merged later.)
+
 * :support:`1041` Modify logic around explicit disconnect
   messages, and unknown-channel situations, so that they rely on centralized
   shutdown code instead of running their own. This is at worst removing some
author	Jeff Forcier <jeff@bitprophet.org>	2017-08-28 11:51:41 -0700
committer	Jeff Forcier <jeff@bitprophet.org>	2017-08-28 11:51:41 -0700
commit	a8723e08aaff00ee068cbdefa119cd34dd6f0d6b (patch)
tree	a570281e91d94cf2350033d7ecbe07f2e063cc58 /sites
parent	aae69d5d9cf083ae29d92ac33a5ebd2607c1e8bc (diff)