Merge pull request #2188 from reaperhulk/improve-changelog

Improve changelog
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 85f8447..4506a46 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -24,8 +24,26 @@
   and :class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHMAC`.
 * Raise a ``TypeError`` when passing objects that are not text as the value to
   :class:`~cryptography.x509.NameAttribute`.
+* Add support for :class:`~cryptography.x509.OtherName` as a general name
+  type.
+* Added new X.509 extension support in :class:`~cryptography.x509.Certificate`
+  The following new extensions are now supported:
+
+  * :class:`~cryptography.x509.OCSPNoCheck`
+  * :class:`~cryptography.x509.InhibitAnyPolicy`
+  * :class:`~cryptography.x509.IssuerAlternativeName`
+  * :class:`~cryptography.x509.NameConstraints`
+
+* Extension support was added to
+  :class:`~cryptography.x509.CertificateSigningRequest`.
 * Add support for creating certificate signing requests with
-  :class:`~cryptography.x509.CertificateSigningRequestBuilder`.
+  :class:`~cryptography.x509.CertificateSigningRequestBuilder`. This includes
+  support for the following extensions:
+
+  * :class:`~cryptography.x509.BasicConstraints`
+  * :class:`~cryptography.x509.ExtendedKeyUsage`
+  * :class:`~cryptography.x509.KeyUsage`
+  * :class:`~cryptography.x509.SubjectAlternativeName`
 
 0.9.3 - 2015-07-09
 ~~~~~~~~~~~~~~~~~~
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 9179468..c7d45c7 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -431,6 +431,25 @@
             >>> isinstance(csr.signature_hash_algorithm, hashes.SHA1)
             True
 
+    .. attribute:: extensions
+
+        :type: :class:`Extensions`
+
+        The extensions encoded in the certificate signing request.
+
+        :raises cryptography.x509.DuplicateExtension: If more than one
+            extension of the same type is found within the certificate signing request.
+
+        :raises cryptography.x509.UnsupportedExtension: If the certificate signing request
+            contains an extension that is not supported.
+
+        :raises cryptography.x509.UnsupportedGeneralNameType: If an extension
+            contains a general name that is not supported.
+
+        :raises UnicodeError: If an extension contains IDNA encoding that is
+            invalid or not compliant with IDNA 2008.
+
+
     .. method:: public_bytes(encoding)
 
         .. versionadded:: 1.0