Remote attestation via TNC supports the SHA-256 based TPM 2.0 BIOS/EFI measurements introduced with the Linux 5.4 kernel. This includes support for the BIOS/EFI event log and variable sized PCR banks.
The tpm plugin supports SHA-3 and CMAC with TPM 2.0.
Nonces in OCSP responses are not enforced anymore (added with 5.8.2) and only validated if a nonce is actually contained (#3557).
Fixed an issue when only some fragments of a retransmitted IKEv2 message were received, which prevented processing a following fragmented message (non-fragmented messages were correctly processed, 6586f07162).
All remaining queued vici messages are now sent to subscribed clients during shutdown, which includes ike/child-updown events triggered when all established SAs are deleted (ef636316d2).
CHILD_SA IP addresses are now updated before installation of the IPsec SAs and policies to allow MOBIKE updates happening while retransmitting a CREATE_CHILD_SA request (#3164).
When looking for a route to the peer, the kernel-netlink plugin now ignores the current source address if it's deprecated. It also updates the flags associated with cached IP addresses and triggers a roam event if they change. So a MOBIKE update now switches to a new address if the current one gets deprecated (#3511).
The file and syslog loggers support logging the log level of each message after the subsystem (e.g. [IKE2], #3509).
For peers that don't send the EAP_ONLY_AUTHENTICATION notify but still expect to use EAP-only authentication, the charon.force_eap_only_authentication option can be enabled to force this type of authentication even on non-compliant peers.
DH groups are properly handled during migration of CHILD_SA-creating tasks when reestablishing (may have caused DH groups in the proposal sent during IKE_AUTH).
The vici plugin stores all CA certificates in one location, which avoids issues with unloading authority sections or clearing all credentials (GH#172).
When unloading a vici connection with start_action=start, any related IKE_SAs without children are now terminated (including those in CONNECTING state).
The hashtable implementation has been changed so it maintains insertion order (the old implementation, including the get_match() method and a new feature to sort keys, has been migrated to the hashlist_t class). This was mainly done so the vici plugin can store its connections in a hashtable, which makes managing high numbers of connections faster.
The default maximum size for vici messages (512 KiB) can now be changed via VICI_MESSAGE_SIZE_MAX compile option.
IPv6 virtual IPs are now always enumerated, ignoring the charon.prefer_temporary_addrs setting, which should fix route installation if the latter is enabled.
The version as obtained from the Git repository (via git describe) on which a build is based can now be used in executables (--enable-git-version). Tarballs include a text file with that information cached.
Connectivity with the Android client got a lot more stable on Android 6+ where the system aggressively suspends apps when the device is idle (Doze mode). We now use a custom scheduler that uses Android's AlarmManager, which allows waking up the app even if the system put it to sleep. It does require adding the app to the system's battery optimization whitelist, which is requested from the user automatically if necessary. With this, NAT keepalives and rekeyings are now scheduled accurately, with little changes to the battery usage (#3364). There are some related changes that could be useful outside of the Android client:
It's possible to use other clocks than CLOCK_MONOTONIC (e.g. CLOCK_BOOTTIME) via TIME_CLOCK_ID compile option if clock_gettime() is available and pthread_condattr_setclock() supports that clock (Android's bionic C library e.g. only supports CLOCK_MONOTONIC and CLOCK_REALTIME while the kernel would support CLOCK_BOOTTIME via clock_gettime()).
When using a clock that includes time spent suspended, the new charon.keep_alive_dpd_margin option may be used to trigger a DPD instead of a NAT keepalive if too much time has passed.
Another option (charon.check_current_path) allows forcing a DPD exchange to check if the current path still works whenever changes to interfaces/addresses are detected.