Fixed error in the ordering of the certinfo_t records in the ocsp cache that caused multiple entries of the same serial number to be created.
Implementation of a simple EAP-MD5 module which provides CHAP authentication. This may be interesting in conjunction with certificate based server authentication, as weak passwords can't be brute forced (in contradiction to traditional IKEv2 PSK).
A complete software based implementation of EAP-AKA, using algorithms specified in 3GPP2 (S.S0055). This implementation does not use an USIM, but reads the secrets from ipsec.secrets. Make sure to read eap_aka.h before using it.
Support for vendor specific EAP methods using Expanded EAP types. The interface to EAP modules has been slightly changed, so make sure to check the changes if you're already rolling your own modules.