mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 08:46:58 +08:00
130 lines
4.9 KiB
Plaintext
130 lines
4.9 KiB
Plaintext
* Version 0.2.1 (released 2013-11-05)
|
|
|
|
- Added configuration directives 'rx-data-per-sec' and 'tx-data-per-sec' to allow
|
|
setting bandwidth limitations globally or per group/user.
|
|
- Call setgroups() after setgid() to avoid propagation of supplementary groups
|
|
to the unprivileged worker processes.
|
|
- If a system's libopts is available as well as automake then the system's
|
|
libopts will be used.
|
|
- Added --pid-file command line option to ocserv. This overrides any
|
|
configured pid-file.
|
|
- The ocserv binary is now installed in sbin instead of bin.
|
|
|
|
|
|
* Version 0.2.0 (released 2013-10-31)
|
|
|
|
- Added configuration directives 'config-per-user' and 'config-per-group'.
|
|
They allow loading an additional configuration file per user or per
|
|
group from a directory.
|
|
- Added the ipv6-prefix configuration option to replace ipv6-netmask. The
|
|
new option accepts IPv6 subnet prefixes.
|
|
- Added the 'iroute' configuration directive, applicable only to group or
|
|
user configuration files. It allows setting routes on the server based on
|
|
the connected client.
|
|
- Corrected authentication using only certificates.
|
|
- The UDP file descriptor from main to workers is forwarded once per minute
|
|
to avoid a duplicate DTLS client hello message tearing the worker's session.
|
|
- Corrected client disconnection issues when connect-script was specified.
|
|
|
|
|
|
* Version 0.1.7 (released 2013-10-25)
|
|
|
|
- Instead of suggesting different DTLS and CSTP MTU values, suggest a single
|
|
value to the peer. That avoids issues with openconnect which reads one of
|
|
the suggested values and ignores the other.
|
|
- Added config option "output-buffer" to allow selecting between high throughput
|
|
or low latency (following similar openconnect change).
|
|
- Enabled config option "mtu".
|
|
- Configuration file parsing was modified to allow detecting mispellings of
|
|
directives and unknown options.
|
|
|
|
|
|
* Version 0.1.6 (released 2013-09-02)
|
|
|
|
- Avoid a crash on the configuration file parser when non-ascii
|
|
characters are present. Reported by Artem Ivantsov.
|
|
|
|
|
|
* Version 0.1.5 (released 2013-07-15)
|
|
|
|
- More robust support of PAM by allowing more than one factor
|
|
authentication. In practice this allows authentication with more than
|
|
one password (e.g., with a permanent one and an one time password), as
|
|
well as changing the password.
|
|
- Cookies are no longer stored in the server side. The server is now
|
|
stateless. A randomly generated key is used to encrypt and authenticate
|
|
the cookies sent to the client.
|
|
- Added test suite. It requires "make check" to be run as root (in order
|
|
to be able to run the server).
|
|
- Bypass the AnyConnect auto-download mechanism. Patch by Kevin Cernekee.
|
|
- Unescape HTML-formatted passwords, or usernames. Reported by P.H. Vos.
|
|
|
|
|
|
* Version 0.1.4 (released 2013-06-15)
|
|
|
|
- On DTLS ensure that sent packets will not exceed the MTU.
|
|
|
|
|
|
* Version 0.1.3 (released 2013-06-12)
|
|
|
|
- Updated HTTP header parsing to correct issues seen with openconnect 3.20.
|
|
- seccomp will no longer force an exit if system calls cannot be disabled.
|
|
Patch by Faidon Liambiotis.
|
|
- Added support for Salsa20 + UMAC ciphers.
|
|
- Will now check X-CSTP-Address-Type header and will not send address types
|
|
that were not requested.
|
|
- X-CSTP-MTU and DTLS-MTU now contain the expected (but pretty non-sensical)
|
|
values.
|
|
|
|
|
|
* Version 0.1.2 (released 2013-05-07)
|
|
|
|
- Several updates to allow compilation in FreeBSD.
|
|
- Allow prior to leasing an IP to ping it in order to check if it is in use.
|
|
- ocpasswd accepts options to lock and unlock users.
|
|
- Several updates to allow CISCO's anyconnect clients to connect to this
|
|
server.
|
|
|
|
|
|
* Version 0.1.1 (released 2013-04-03)
|
|
|
|
- MTU discovery was simplified.
|
|
- Removed support for TLS session tickets to strengthen the
|
|
notion of privilege separation.
|
|
|
|
|
|
* Version 0.1.0 (released 2013-03-23)
|
|
|
|
- Corrected issue with ocsp-response configuration field.
|
|
- Added ability to specify multiple certificate and key pairs.
|
|
- Added support for TLS session tickets.
|
|
- Added the "plain" authentication option, which allows a simple password
|
|
file format. The ocpasswd tool can be used to generate entries for this
|
|
file.
|
|
- The private key operations are performed on a special process to
|
|
prevent loss of the private key in case of compromise of a worker
|
|
process.
|
|
|
|
|
|
* Version 0.0.2 (released 2013-03-05)
|
|
|
|
- Updated HTTP protocol handling (fixes issue with openconnect < 4).
|
|
Reported by Mike Miller.
|
|
- Use TCP wrappers (libwrap) when present.
|
|
- Fixed issue with the 'local' keyword in DNS server.
|
|
- Added configuration options 'user-profile' and 'always-require-cert' to
|
|
enable non-openconnect clients to connect. They are enabled with
|
|
the configure option --enable-anyconnect-compat.
|
|
- Allow setting a rate limit on the number of connections.
|
|
- Allow setting a reconnection delay time after a failed authentication
|
|
attempt (added min-reauth-time option).
|
|
- Eliminated memory leaks.
|
|
- Auto-detect xml content for username and password (fixes interoperability
|
|
with newer openconnect versions).
|
|
|
|
|
|
* Version 0.0.1 (released 2013-02-20)
|
|
|
|
- First public release
|
|
|