- Identity-based CA constraints, which enforce that the certificate chain of the remote peer contains a CA certificate
with a specific identity, are supported via vici/swanctl.conf. This is similar to the existing CA constraints but
doesn't require that the CA certificate is locally installed, for instance, intermediate CA certificates received from
the peers. Wildcard identity matching (e.g.
..., OU=Research, CN=*) could also be used for the latter but requires
trust in the intermediate CAs to only issue certificates with legitimate subject DNs (e.g. the "Sales" CA must not
issue certificates with
OU=Research). With the new constraint that's not necessary as long as a path length basic
--pathlenfor pki --issue) prevents intermediate CAs from issuing further intermediate CAs.
- Intermediate CA certificates may now be sent in hash-and-URL encoding by configuring a base URL for the
parent CA (#3234, swanctl/rw-hash-and-url-multi-level).
- Implemented NIST SP-800-90A Deterministic Random Bit Generator (DRBG) based on AES-CTR and SHA2-HMAC
modes. Currently used by the gmp and ntru plugins.
- Random nonces sent in an OCSP requests are now expected in the corresponding OCSP responses.
- The kernel-netlink plugin now ignores deprecated IPv6 addresses for MOBIKE. Whether temporary or
permanent IPv6 addresses are included now depends on the charon.prefer_temporary_addrs setting (#3192).
- Extended Sequence Numbers (ESN) are configured via PF_KEY if supported by the kernel.
- The PF_KEY socket's receive buffer in the kernel-pfkey plugin is now cleared before sending requests, as many
of the messages sent by the kernel are sent as broadcasts to all PF_KEY sockets. This is an issue if an external
tool is used to manage SAs/policies unrelated to IPsec (#3225).
- For individually deleted CHILD_SAs (in particular for IKEv1) the vici child-updown event now includes more
information about the CHILD_SAs such as traffic statistics (#3198).
- Custom loggers are correctly re-registered if log levels are changed via
- Avoid lockups during startup on low entropy systems when using OpenSSL 1.1.1 (095a2c2eac).
- Instead of failing later when setting a key, creating HMACs via openssl plugin now fails instantly if the underlying
hash algorithm isn't supported (e.g. MD5 in FIPS-mode) so fallbacks to other plugins work properly (#3284).
- Exponents of RSA keys read from TPM 2.0 via SAPI are correctly converted (8ee1242f1438).
- Routing table IDs > 255 are supported for custom routes on Linux.
- To avoid races, the check for hardware offloading support in the kernel-netlink plugin is performed during
initialization of the plugin (a605452c03).
- The D-Bus config file for charon-nm is now installed in
$(sysconfdir)/dbus-1/system.d, which is intended for sysadmin overrides.
INVALID_MAJOR_VERSIONnotifies are now correctly sent in messages of the same exchange type and with the same
message ID as the request.
- IKEv2 SAs are now immediately destroyed when sending or receiving
INVALID_SYNTAXnotifies in authenticated
- For developers working from the repository the configure script now aborts if GNU gperf is not found.