ocserv/NEWS

* Version 0.1.3 (unreleased)

- Updated HTTP header parsing to correct issues seen with openconnect 3.20.
- seccomp will no longer force an exit if system calls cannot be disabled.
  Patch by Faidon Liambiotis.
- Added support for Salsa20 + UMAC ciphers.


* Version 0.1.2 (released 2013-05-07)

- Several updates to allow compilation in FreeBSD.
- Allow prior to leasing an IP to ping it in order to check if it is in use.
- ocpasswd accepts options to lock and unlock users.
- Several updates to allow CISCO's anyconnect clients to connect to this
  server.


* Version 0.1.1 (released 2013-04-03)

- MTU discovery was simplified.
- Removed support for TLS session tickets to strengthen the
  notion of privilege separation.


* Version 0.1.0 (released 2013-03-23)

- Corrected issue with ocsp-response configuration field.
- Added ability to specify multiple certificate and key pairs.
- Added support for TLS session tickets.
- Added the "plain" authentication option, which allows a simple password
  file format. The ocpasswd tool can be used to generate entries for this
  file.
- The private key operations are performed on a special process to
  prevent loss of the private key in case of compromise of a worker
  process.


* Version 0.0.2 (released 2013-03-05)

- Updated HTTP protocol handling (fixes issue with openconnect < 4). 
  Reported by Mike Miller.
- Use TCP wrappers (libwrap) when present.
- Fixed issue with the 'local' keyword in DNS server.
- Added configuration options 'user-profile' and 'always-require-cert' to 
  enable non-openconnect clients to connect. They are enabled with
  the configure option --enable-anyconnect-compat.
- Allow setting a rate limit on the number of connections.
- Allow setting a reconnection delay time after a failed authentication
  attempt (added min-reauth-time option).
- Eliminated memory leaks.
- Auto-detect xml content for username and password (fixes interoperability
  with newer openconnect versions).


* Version 0.0.1 (released 2013-02-20)

- First public release