updated NEWS and ChangeLog for 4.0.4 release
This commit is contained in:
Martin Willi
parent
1ce2ad09c3
commit
48dc3934cc
73
ChangeLog
73
ChangeLog
|
|
@ -1,3 +1,76 @@
|
|||
strongswan-4.0.4 / R:1289
|
||||
===========================
|
||||
|
||||
fixed some compiler warnings
|
||||
extended statusall output
|
||||
added job/event-queue statistics
|
||||
added allocation statistics when using LEAK_DETECTIVE
|
||||
fixed include typo
|
||||
public declaration of all HASH_SIZEs in hasher.h
|
||||
support of encrypted private key files
|
||||
added copyright notice to sha2_hasher
|
||||
included SHA2 in build process
|
||||
implemented sha2_hasher which supports SHA-256, SHA-384 and SHA-512
|
||||
added support for 3DES encryption algorithm in IKE
|
||||
fixed the ids parsing bug
|
||||
fixed the ids parsing bug
|
||||
updated TODOs
|
||||
fixed memleak
|
||||
fixed proper handling of id parsing errors
|
||||
proper return value when no PSK found
|
||||
added HOST_ACCESS for firewall script as default
|
||||
more debugging output for PSK authentication
|
||||
some cleanups here and there
|
||||
added auth_method field
|
||||
added auth_method field
|
||||
cosmetics
|
||||
verify_emsa_pkcs1_signature returns status_t
|
||||
cosmetics
|
||||
added PSK support
|
||||
enabled firewall support
|
||||
proper error handling for socket creation
|
||||
handle certificate parsing error more generous
|
||||
fixed certificate verification bug!
|
||||
fixed memleak when receiving invalid certificate
|
||||
version bump to 4.0.4
|
||||
version bump to 4.0.4
|
||||
two new test scenarios
|
||||
fixed path to images directory
|
||||
implemented updown script to handle firewalling
|
||||
add priority management for kernel policy
|
||||
let ROUTED policies installed, until manuall removed
|
||||
introduced new naming scheme to allow proper shutdown of IKE/CHILD_SAs
|
||||
ike_sa_manager cleanups
|
||||
implemented handling of dpdaction and dpddelay ipsec.conf parameters
|
||||
reuse reqid when a ROUTED child_sa gets INSTALLED
|
||||
fixed a bug in retransmission code
|
||||
added support for the "keyingtries" ipsec.conf parameter
|
||||
added support for the "dpddelay" ipsec.conf parameter
|
||||
done some work for "dpdaction" behavior
|
||||
some other cleanups and fixes
|
||||
fixed a at-least-one-year-old bug which caused crashed in the scheduler
|
||||
added raw socket filter for IPv6
|
||||
implemented NAT detection for IPv6
|
||||
removed unneeded constructor
|
||||
initial support for IPv6 (more testing needed)
|
||||
socket works (without v6 filter)
|
||||
traffic selector handle IPv4/v4 cleanly
|
||||
improvements in traffic selector code
|
||||
kernel interface accepts v6 traffic selectors and hosts
|
||||
host_t class has full IPv6 support
|
||||
added stddef.h include for compilers which do not support the offsetof() directive
|
||||
moved interface enumeration code to socket, where it belongs
|
||||
query interfaces every time we need it to respect changes in network config
|
||||
added address listing on startup and "ipsec statusall"
|
||||
version bump of UML kernel to 2.6.17.11
|
||||
fixed crash bug when doing "ipsec down" with an unknown connection
|
||||
added name property in CHILD_SA, allows proper status output
|
||||
fixed bug which prevented port float when nat is detected
|
||||
version bumps
|
||||
'sha' and 'sha1' are now treated as synonyms
|
||||
updated Changelog and other docs
|
||||
|
||||
|
||||
strongswan-4.0.3 / R:1235
|
||||
===========================
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ echo " strongswan-4.x.x / R:$current " > ChangeLog.tmp
|
|||
echo "===========================" >> ChangeLog.tmp
|
||||
echo "" >> ChangeLog.tmp
|
||||
|
||||
svn log -r $current:$last | grep -v "| mwilli |" | grep -v "| andreas | " | grep -v ^$ | grep -v ^------ >> ChangeLog.tmp
|
||||
svn log -r $current:$last | grep -v "| martin |" | grep -v "| andreas | " | grep -v ^$ | grep -v ^------ >> ChangeLog.tmp
|
||||
|
||||
echo "" >> ChangeLog.tmp
|
||||
echo "" >> ChangeLog.tmp
|
||||
|
|
|
|||
32
NEWS
32
NEWS
|
|
@ -1,3 +1,35 @@
|
|||
strongswan-4.0.4
|
||||
----------------
|
||||
|
||||
- Implemented full support for IPv6-in-IPv6 tunnels.
|
||||
|
||||
- Added configuration options for dead peer detection in IKEv2. dpd_action
|
||||
types "clear", "hold" and "restart" are supported. The dpd_timeout
|
||||
value is not used, as the normal retransmission policy applies to
|
||||
detect dead peers. The dpd_delay parameter enables sending of empty
|
||||
informational message to detect dead peers in case of inactivity.
|
||||
|
||||
- Added support for preshared keys in IKEv2. PSK keys configured in
|
||||
ipsec.secrets are loaded. The authby parameter specifies the authentication
|
||||
method to authentificate ourself, the other peer may use PSK or RSA.
|
||||
|
||||
- Changed retransmission policy to respect the keyingtries parameter.
|
||||
|
||||
- Added private key decryption. PEM keys encrypted with AES or DES/3DES are
|
||||
supported.
|
||||
|
||||
- Implemented DES/3DES algorithms in libstrongswan. 3DES can be used to
|
||||
encrypt IKE traffic.
|
||||
|
||||
- Implemented SHA-256/384/512 in libstrongswan, allows usage of certificates
|
||||
signed with such a hash algorithm.
|
||||
|
||||
- Added initial support for updown scripts. The actions up-host/client and
|
||||
down-host/client are executed. The leftfirewall=yes parameter
|
||||
uses the default updown script to insert dynamic firewall rules, a custom
|
||||
updown script may be specified with the leftupdown parameter.
|
||||
|
||||
|
||||
strongswan-4.0.3
|
||||
----------------
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue