Version 4.2.0¶

• libstrongswan has been modularized to attach crypto algorithms,
  credential implementations (keys, certificates) and fetchers dynamically
  through plugins. Existing code has been ported to plugins:
  • RSA/Diffie-Hellman implementation using the GNU Multi Precision library
  • X509 certificate system supporting CRLs, OCSP and attribute certificates
  • Multiple plugins providing crypto algorithms in software
  • CURL and OpenLDAP fetcher

• libstrongswan gained a relational database API which uses pluggable database
  providers. Plugins for MySQL and SQLite are available.

• The IKEv2 keying daemon charon is more extensible. Generic plugins may provide
  connection configuration, credentials and EAP methods or control the daemon.
  Existing code has been ported to plugins:
  • EAP-AKA, EAP-SIM, EAP-MD5 and EAP-Identity
  • stroke configuration, credential and control (compatible to pluto)
  • XML based management protocol to control and query the daemon

  The following new plugins are available:

  • An experimental SQL configuration, credential and logging plugin on
    top of either MySQL or SQLite
  • A unit testing plugin to run tests at daemon startup

• The authentication and credential framework in charon has been heavily
  refactored to support modular credential providers, proper
  CERTREQ/CERT payload exchanges and extensible authorization rules.

• The framework of strongSwan Manager has envolved to the web application
  framework libfast (FastCGI Application Server w/ Templates) and is usable
  by other applications.