Version 4.2.0

  • libstrongswan has been modularized to attach crypto algorithms,
    credential implementations (keys, certificates) and fetchers dynamically
    through plugins. Existing code has been ported to plugins:
    • RSA/Diffie-Hellman implementation using the GNU Multi Precision library * X509 certificate system supporting CRLs, OCSP and attribute certificates * Multiple plugins providing crypto algorithms in software * CURL and OpenLDAP fetcher
  • libstrongswan gained a relational database API which uses pluggable database
    providers. Plugins for MySQL and SQLite are available.
  • The IKEv2 keying daemon charon is more extensible. Generic plugins may provide
    connection configuration, credentials and EAP methods or control the daemon.
    Existing code has been ported to plugins:
    • EAP-AKA, EAP-SIM, EAP-MD5 and EAP-Identity
    • stroke configuration, credential and control (compatible to pluto) * XML based management protocol to control and query the daemon
    The following new plugins are available:
    • An experimental SQL configuration, credential and logging plugin on
      top of either MySQL or SQLite * A unit testing plugin to run tests at daemon startup
  • The authentication and credential framework in charon has been heavily
    refactored to support modular credential providers, proper
    CERTREQ/CERT payload exchanges and extensible authorization rules.
  • The framework of strongSwan Manager has envolved to the web application
    framework libfast (FastCGI Application Server w/ Templates) and is usable
    by other applications.