rpm/strongswan
SHA256
1
0
Fork 0
forked from pool/strongswan
Code Pull Requests Activity
a937e6040b
strongswan/strongswan-5.9.11.tar.bz2.sig

15 lines
659 B
Standard ML
Raw Normal View History

Accepting request 1092621 from home:msaquib:branches:network:vpn - Update to release 5.9.11 * A long-standing deadlock in the vici plugin has been fixed that could get triggered when multiple connections were initiated/terminated concurrently and control-log events were raised by the watcher_t component (#566). * In compliance with RFC 5280, CRLs now have to be signed by a certificate that either encodes the cRLSign keyUsage bit (even if it is a CA certificate), or is a CA certificate without a keyUsage extension. strongSwan encodes a keyUsage extension with cRLSign bit set in all CA certificates since 13 years. And before that it didn't encode the extension, so these certificates would also be accepted as CRL issuer in case they are still valid (7dc82de). * Support for optional CA labels in EST server URIs (e.g. https://www.example.org/.well-known/est/arbitraryLabel1/<operation>) was added to the pki --est and pki --estca commands (#1614). * The pkcs7 and openssl plugins now support CMS-style signatures in PKCS#7 containers, which allows verifying RSA-PSS and ECDSA signatures (#1615). * Fixed a regression in the server implementation of EAP-TLS when using TLS 1.2 or earlier that was introduced with 5.9.10 (#1613, 3d0d3f5). * The EAP-TLS client does now enforce that the TLS handshake is complete when using TLS 1.2 or earlier. It was possible to shortcut it by sending an early EAP-Success message. Note that this isn't a security issue as the server is authenticated at that point (db87087). * On Linux, the kernel-libipsec plugin can now optionally handle ESP packets without UDP encapsulation (uses RAW sockets, disabled by default, e3cb756). The plugin and libipsec also gained support OBS-URL: https://build.opensuse.org/request/show/1092621 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=149
2023-06-12 17:41:55 +02:00
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmSGsnAACgkQ30LBcLNN
unfqXQv/Rfi3bcaIaULwNXnBgW2mWrsUFFUzQN/PB9fdPK/u0JUBWufUV/1/LUc9
yA1S3ESubQMOYkPmSrQRfXwkrdGTQ3DwApuFL/42Q/TOk8jpTVaPM28Gs6D+77YC
QjB3JYcR2VxvgsEFZatqFgUaGyety1dB1P364EPnzzb7L0+7HBWT0IVkdpvPT/zX
5tQ6M4czD2cqv1fi8+Tjaq3mpw0PdyZSIoLuD7kL6AeWcrtzhfhr1vXQKwo0K5wh
5uuUbxPZIrmxLGk1vkoMuEKZ7XVvs3ulFFK9EvJXWM9USce0Br0irGEdO2sDAxWA
20jFzsW2wL5mkVLvLfQQrNC1qwsYKq3s3PInZEoUICE4zNC6zWS8tTtaq5Ul8X1J
AFhcrdy6cVs87LDyvEWiMcSwLpYk1egWwmF9acuMUE6bYSNUnYMkYwS7CjWQUXix
JMf3b60Ztm+r8RfitpWHp+N1pAGZCNJ3ZXTV0/4d65HB4GA1dWZuubRvUXbV7Ayb
oYKPlR2G
=+d5Q
-----END PGP SIGNATURE-----
Copy Permalink