strongSwan

h1. Version 5.8.2

* Identity-based CA constraints, which enforce that the certificate chain of the remote peer contains a CA certificate

  with a specific identity, are supported via [[vici]]/[[swanctl.conf]].  This is similar to the existing CA constraints but

  doesn't require that the CA certificate is locally installed, for instance, intermediate CA certificates received from

  the peers. Wildcard identity matching (e.g. @..., OU=Research, CN=*@) could also be used for the latter but requires

  trust in the intermediate CAs to only issue certificates with legitimate subject DNs (e.g. the "Sales" CA must not

  issue certificates with @OU=Research@). With the new constraint that's not necessary as long as a path length basic

  constraint (@--pathlen@ for [[IpsecPkiIssue|pki --issue]]) prevents intermediate CAs from issuing further intermediate CAs.

* Intermediate CA certificates may now be sent in hash-and-URL encoding by configuring a base URL for the

  parent CA (#3234, {{tc(swanctl/rw-hash-and-url-multi-level)}}).

* Implemented NIST SP-800-90A Deterministic Random Bit Generator (DRBG) based on AES-CTR and SHA2-HMAC

  modes. Currently used by the _gmp_ and _ntru_ plugins.

* Random nonces sent in an OCSP requests are now expected in the corresponding OCSP responses.

* The _kernel-netlink_ plugin now ignores deprecated IPv6 addresses for MOBIKE.  Whether temporary or

  permanent IPv6 addresses are included now depends on the _charon.prefer_temporary_addrs_ setting (#3192).

* Extended Sequence Numbers (ESN) are configured via PF_KEY if supported by the kernel.

* The PF_KEY socket's receive buffer in the _kernel-pfkey_ plugin is now cleared before sending requests, as many

  of the messages sent by the kernel are sent as broadcasts to all PF_KEY sockets. This is an issue if an external

  tool is used to manage SAs/policies unrelated to IPsec (#3225).

* The [[vici]] plugin now uses unique section names for CHILD_SAs in child-updown events (commit:7c74ce9190).

* For individually deleted CHILD_SAs (in particular for IKEv1) the [[vici]] child-updown event now includes more

  information about the CHILD_SAs such as traffic statistics (#3198).

* Custom loggers are correctly re-registered if log levels are changed via @stroke loglevel@ (#3182).

* Avoid lockups during startup on low entropy systems when using OpenSSL 1.1.1 (commit:095a2c2eac).

* Instead of failing later when setting a key, creating HMACs via _openssl_ plugin now fails instantly if the underlying

  hash algorithm isn't supported (e.g. MD5 in FIPS-mode) so fallbacks to other plugins work properly (#3284).

* Exponents of RSA keys read from TPM 2.0 via SAPI are correctly converted (commit:8ee1242f1438).

* Routing table IDs > 255 are supported for custom routes on Linux.

* To avoid races, the check for hardware offloading support in the _kernel-netlink_ plugin is performed during

  initialization of the plugin (commit:a605452c03).

* The D-Bus config file for [[NetworkManager|charon-nm]] is now installed in @$(datadir)/dbus-1/system.d@ instead of

  @$(sysconfdir)/dbus-1/system.d@, which is intended for sysadmin overrides.

* @INVALID_MAJOR_VERSION@ notifies are now correctly sent in messages of the same exchange type and with the same

  message ID as the request.

* IKEv2 SAs are now immediately destroyed when sending or receiving @INVALID_SYNTAX@ notifies in authenticated

  messages.

* For developers working from the repository the configure script now aborts if GNU gperf is not found.