Minor Release


4 issues   (4 closed — 0 open)

Version 5.8.1

  • RDNs in DNs of X.509 certificates can now optionally be matched less strict. The global strongswan.conf option
    charon.rdn_matching takes two alternative values that cause the matching algorithm to either ignore the order of
    matched RDNs (reordered) or additionally (relaxed) accept DNs that contain more RDNs than configured (unmatched
    RDNs are treated like wildcard matches).
  • The updown plugin now passes the same interface to the script that is also used for the automatically
    installed routes, that is, the interface over which the peer is reached instead of the interface on which the
    local address is found (#3095).
  • TPM 2.0 contexts are now protected by a mutex to prevent issues if multiple IKE_SAs use the same private
    key concurrently (4b25885025).
  • Do a rekey check after the third QM message was received (#3060).
  • If available, explicit_bzero() is now used as memwipe() instead of our own implementation.
  • An .editorconfig file has been added, mainly so Github shows files with proper indentation (68346b6962).
  • The internal certificate of the load-tester plugin has been modified so it can again be used as end-entity
    cert with 5.6.3 and later (#3139).
  • The maximum data length of received COOKIE notifies (64 bytes) is now enforced (#3160).
Issues by