Version 4.6.2

  • Upgraded the TCG IF-IMC and IF-IMV C API to the upcoming version 1.3
    which supports IF-TNCCS 2.0 long message types, the exclusive flags
    and multiple IMC/IMV IDs. Both the TNC Client and Server as well as
    the "Test", "Scanner", and "Attestation" IMC/IMV pairs were updated.
  • The EAP-RADIUS authentication backend supports RADIUS accounting. It sends
    start/stop messages containing Username, Framed-IP and Input/Output-Octets
    attributes and has been tested against FreeRADIUS and Microsoft NPS.

    Radius Accounting Example

  • Added support for PKCS#8 encoded private keys via the libstrongswan
    pkcs8 plugin. This is the default format used by some OpenSSL tools since
    version 1.0.0 (e.g. openssl req with -keyout).
  • Added session resumption support to the strongSwan TLS stack.
  • The maximum number of stroke messages concurrently handled by the charon
    daemon is now limited to avoid clogging the thread pool with potentially
    blocking jobs. How many messages are handled concurrently can be configured
    with the charon.plugins.stroke.max_concurrent option in strongswan.conf.
  • For Android builds the binaries to be installed on the final system have to be
    added to PRODUCT_PACKAGES in build/target/product/ Dependencies such as
    libraries are automatically installed. See the comments in the top-level
  • Debug output for low-level encoding/decoding (X.509, ASN.1 etc.) are now logged
    in a new ASN log group.
  • The native thread ID is logged in the LIB log group with log level 2 when a thread is created.