strongSwan

h1. Version 5.1.3

* Fixed an authentication bypass vulnerability triggered by rekeying an

  unestablished IKE_SA while it gets actively initiated. This allowed an

  attacker to trick a peer's IKE_SA state to established, without the need to

  provide any valid authentication credentials.  The vulnerability has been

  registered as "CVE-2014-2338":http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-2338.

  Refer to "our blog":http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-(cve-2014-2338).html for details.

* The _acert_ plugin evaluates X.509 Attribute Certificates. Group membership

  information encoded as strings can be used to fulfill authorization checks

  defined with the _rightgroups_ [[ConnSection|ipsec.conf]] option. Attribute Certificates can be

  loaded [[IpsecDirectoryAcerts|locally]] or get exchanged in IKEv2 certificate payloads.

* The [[IpsecPki|pki]] command gained support to generate X.509 Attribute Certificates

  using the [[IpsecPkiAcert|--acert]] subcommand, while the [[IpsecPkiPrint|--print]] command supports the _ac_ type.

  The _openac_ utility has been removed in favor of the new pki functionality.

* The _libtls_ TLS 1.2 implementation as used by EAP-(T)TLS and other protocols

  has been extended by AEAD mode support, currently limited to AES-GCM.

* Fixed an issue where CRL/OCSP trustchain validation broke enforcing CA constraints (commit:a844b6589034).

* Limited OCSP signing to specific certificates to improve performance (commit:91d71abb16a9).

* _authKeyIdentifier_ is not added to self-signed certificates anymore (commit:f7d04ba6c462).

* Fixed the comparison of IKE configs if only the cipher suites were different (commit:23f34f6ed504).

* Added a "Travis CI":https://travis-ci.org config, a test script, and some unit test improvements (e.g. the

  @TESTS_SUITES@ option), see [[DeveloperDocumentation]].