Version 5.8.1 » History » Version 2
Version 1 (Tobias Brunner, 29.04.2019 10:55) → Version 2/3 (Tobias Brunner, 28.08.2019 12:19)
h1. Version 5.8.1
* RDN(Relative Distinguished Name)s in DN(Distinguished Name)s of X.509 certificates can now optionally This will be matched less strict. The global [[strongswan.conf]] option
_charon.rdn_matching_ takes two alternative values that cause the matching algorithm to either ignore the order of
matched RDNs (_reordered_) or additionally (_relaxed_) accept DNs that contain more RDNs than configured (unmatched
RDNs are treated like wildcard matches).
* The [[updown]] plugin now passes the same interface to the script that is also used next minor release, see "Roadmap":http://wiki.strongswan.org/projects/strongswan/roadmap for the automatically
installed routes, that is, the interface over which the peer is reached instead of the interface updates on which the
local address is found (#3095).
* TPM 2.0 contexts are now protected by a mutex to prevent issues if multiple IKE_SAs use the same private
key concurrently (commit:4b25885025).
* Do a rekey check after the third QM message was received (#3060).
* If available, @explicit_bzero()@ is now used as @memwipe()@ instead of our own implementation.
* An @.editorconfig@ file has been added, mainly so Github shows files with proper indentation (commit:68346b6962).
* The internal certificate of the _load-tester_ plugin has been modified so it can again be used as end-entity
cert with version:5.6.3 and later (#3139).
* The maximum data length of received @COOKIE@ notifies (64 bytes) is now enforced (#
release date.
* RDN(Relative Distinguished Name)s in DN(Distinguished Name)s of X.509 certificates can now optionally This will be matched less strict. The global [[strongswan.conf]] option
_charon.rdn_matching_ takes two alternative values that cause the matching algorithm to either ignore the order of
matched RDNs (_reordered_) or additionally (_relaxed_) accept DNs that contain more RDNs than configured (unmatched
RDNs are treated like wildcard matches).
* The [[updown]] plugin now passes the same interface to the script that is also used next minor release, see "Roadmap":http://wiki.strongswan.org/projects/strongswan/roadmap for the automatically
installed routes, that is, the interface over which the peer is reached instead of the interface updates on which the
local address is found (#3095).
* TPM 2.0 contexts are now protected by a mutex to prevent issues if multiple IKE_SAs use the same private
key concurrently (commit:4b25885025).
* Do a rekey check after the third QM message was received (#3060).
* If available, @explicit_bzero()@ is now used as @memwipe()@ instead of our own implementation.
* An @.editorconfig@ file has been added, mainly so Github shows files with proper indentation (commit:68346b6962).
* The internal certificate of the _load-tester_ plugin has been modified so it can again be used as end-entity
cert with version:5.6.3 and later (#3139).
* The maximum data length of received @COOKIE@ notifies (64 bytes) is now enforced (#
release date.