strongSwan

h1. Version 5.8.1

* RDN(Relative Distinguished Name)s in DN(Distinguished Name)s of X.509 certificates can now optionally be matched less strict. The global [[strongswan.conf]] option

  _charon.rdn_matching_ takes two alternative values that cause the matching algorithm to either ignore the order of

  matched RDNs (_reordered_) or additionally (_relaxed_) accept DNs that contain more RDNs than configured (unmatched

  RDNs are treated like wildcard matches).

* The [[updown]] plugin now passes the same interface to the script that is also used for the automatically

  installed routes, that is, the interface over which the peer is reached instead of the interface on which the

  local address is found (#3095).

* TPM 2.0 contexts are now protected by a mutex to prevent issues if multiple IKE_SAs use the same private

  key concurrently (commit:4b25885025).

* Do a rekey check after the third QM message was received (#3060).

* If available, @explicit_bzero()@ is now used as @memwipe()@ instead of our own implementation.

* An @.editorconfig@ file has been added, mainly so Github shows files with proper indentation (commit:68346b6962).

* The internal certificate of the _load-tester_ plugin has been modified so it can again be used as end-entity

  cert with version:5.6.3 and later (#3139).

* The maximum data length of received @COOKIE@ notifies (64 bytes) is now enforced (#3160).