NEWS: VICI updates
This commit is contained in:
parent
8bd8dcd522
commit
e16d1005f7
16
NEWS
16
NEWS
|
@ -8,9 +8,23 @@ strongswan-5.5.2
|
||||||
draft-ietf-ipsecme-eddsa. Ed25519-based public key pairs, X.509 certificates
|
draft-ietf-ipsecme-eddsa. Ed25519-based public key pairs, X.509 certificates
|
||||||
and CRLs can be generated and printed by the pki tool.
|
and CRLs can be generated and printed by the pki tool.
|
||||||
|
|
||||||
- In-place update of cached base and delta CRLs does no leave dozens
|
- In-place update of cached base and delta CRLs does not leave dozens
|
||||||
of stale copies in cache memory.
|
of stale copies in cache memory.
|
||||||
|
|
||||||
|
- Several new features for the VICI interface and the swanctl utility: Querying
|
||||||
|
specific pools, enumerating and unloading keys and shared secrets, loading
|
||||||
|
keys and certificates from PKCS#11 tokens, the ability to initiate, install
|
||||||
|
and uninstall connections and policies by their exact name (if multiple child
|
||||||
|
sections in different connections share the same name), a command to initiate
|
||||||
|
the rekeying of IKE and IPsec SAs, support for settings previously only
|
||||||
|
supported by the old config files (plain pubkeys, dscp, certificate policies,
|
||||||
|
IPv6 Transport Proxy Mode, NT Hash secrets, mediation extension).
|
||||||
|
|
||||||
|
Important: Due to issues with VICI bindings that map sub-sections to
|
||||||
|
dictionaries the CHILD_SA sections returned via list-sas now have a unique
|
||||||
|
name, the original name of a CHILD_SA is returned in the "name" key of its
|
||||||
|
section.
|
||||||
|
|
||||||
|
|
||||||
strongswan-5.5.1
|
strongswan-5.5.1
|
||||||
----------------
|
----------------
|
||||||
|
|
Loading…
Reference in New Issue