forked from pool/strongswan
This commit is contained in:
OBS User unknown
committed by
Git OBS Bridge
Git OBS Bridge
parent
3a50c4dfde
commit
ece66d5641
@@ -1,3 +1,44 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 23 14:28:41 CEST 2008 - mt@suse.de
|
||||
|
||||
- Updated to 4.2.1 release. A lot of code refactoring in the 4.2
|
||||
release provides much more modularity and therefore much more
|
||||
extensiblity and offers the following new features:
|
||||
* libstrongswan has been modularized to attach crypto algorithms,
|
||||
credential implementations (secret and private keys, certificates)
|
||||
and http/ldap fetchers dynamically through plugins.
|
||||
* A relational database API that uses pluggable database providers
|
||||
was added to libstrongswan including plugins for MySQL and SQLite.
|
||||
* The IKEv2 keying charon daemon has become more extensible. Generic
|
||||
plugins can provide arbitrary interfaces to credential stores and
|
||||
connection management interfaces. Also any EAP method can be added.
|
||||
* The authentication and credential framework in charon has been
|
||||
heavily refactored to support modular credential providers, proper
|
||||
CERTREQ/CERT payload exchanges and extensible authorization rules.
|
||||
* Support for "Hash and URL" encoded certificate payloads has been
|
||||
implemented in the IKEv2 daemon charon.
|
||||
* The IKEv2 daemon charon now supports the "uniqueids" option to
|
||||
close multiple IKE_SAs with the same peer.
|
||||
* The crypto factory in libstrongswan additionally supports random
|
||||
number generators. Plugins may provide other sources of randomness.
|
||||
* Extended the credential framework by a caching option to allow
|
||||
plugins persistent caching of fetched credentials.
|
||||
* The new trust chain verification introduced in 4.2.0 has been
|
||||
parallelized. Threads fetching CRL or OCSP information no longer
|
||||
block other threads.
|
||||
* A new IKEv2 configuration attribute framework has been introduced
|
||||
allowing plugins to provide virtual IP addresses, and in the future,
|
||||
other configuration attribute services (e.g. DNS/WINS servers).
|
||||
* The stroke plugin has been extended to provide virtual IP addresses
|
||||
from a simple pool defined in ipsec.conf.
|
||||
* Fixed compilation on uClibc and a couple of other minor bugs.
|
||||
* The IKEv1 pluto daemon now supports the ESP encryption algorithm
|
||||
CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the
|
||||
authentication algorithm AES_XCBC_MAC.
|
||||
- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo
|
||||
and adding inclusion of limits.h for PATH_MAX availability.
|
||||
- Added rpmlintrc file and a libtoolize call to the spec file.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 19 11:44:03 CET 2008 - mt@suse.de
|
||||
|
||||
|
||||
Reference in New Issue
Block a user