diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-11-16 19:51:24 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-11-16 19:51:24 +0000 |
commit | 29885c58f449609432522b83a7ff026b7fe3e206 (patch) | |
tree | 4282c820fad9cc460acf62c8ba947afd953f422c /ChangeLog | |
parent | Minor fix to previous commit (r3476). (diff) | |
download | openvpn-29885c58f449609432522b83a7ff026b7fe3e206.tar.xz |
Interim release.
Version 2.1_rc13b
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3494 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 86 |
1 files changed, 86 insertions, 0 deletions
@@ -3,6 +3,92 @@ Copyright (C) 2002-2008 OpenVPN Technologies, Inc. <sales@openvpn.net> $Id$ +2008.11.xx -- Version 2.1_rc13b + +* Added AC_GNU_SOURCE to configure.ac to enable struct ucred, + with the goal of fixing a build issue on Fedora 9 that was + introduced in 2.1_rc13. + +* Added additional warning messages about --script-security 2 + or higher being required to execute user-defined scripts or + executables. + +* Windows build system changes: + + Modified Windows domake-win build system to write all openvpn.nsi + input files to gen, so that gen can be disconnected from + the rest of the source tree and makensis openvpn.nsi will + still function correctly. + + Added additional SAMPCONF_(CA|CRT|KEY) macros to settings.in + (commented out by default). + + Added optional files SAMPCONF_CONF2 (second sample configuration + file) and SAMPCONF_DH (Diffie-Helman parameters) to Windows + build system, and may be defined in settings.in. + +* Extended Management Interface "bytecount" command + to work when OpenVPN is running as a server. + Documented Management Interface "bytecount" command in + management/management-notes.txt. + +* Fixed informational message in ssl.c to properly indicate + deferred authentication. + +* Added server-side --auth-user-pass-optional directive, to allow + connections by clients that do not specify a username/password, when a + user-defined authentication script/module is in place (via + --auth-user-pass-verify, --management-client-auth, or a plugin module). + +* Changes to easy-rsa/2.0/pkitool and related openssl.cnf: + + Calling scripts can set the KEY_NAME environmental variable to set + the "name" X509 subject field in generated certificates. + + Modified pkitool to allow flexibility in separating the Common Name + convention from the cert/key filename convention. + + For example: + + KEY_CN="James's Laptop" KEY_NAME="james" ./pkitool james + + will create a client certificate/key pair of james.crt/james.key + having a Common Name of "James's Laptop" and a Name of "james". + +* Added --no-name-remapping option to allow Common Name, X509 Subject, + and username strings to include any printable character including + space, but excluding control characters such as tab, newline, and + carriage-return (this is important for compatibility with external + authentication systems). + + As a related change, added --status-version 3 format (and "status 3" + in the management interface) which uses the version 2 format except + that tabs are used as delimiters instead of commas so that there + is no ambiguity when parsing a Common Name that contains a comma. + + Also, save X509 Subject fields to environment, using the naming + convention: + + X509_{cert_depth}_{name}={value} + + This is to avoid ambiguities when parsing out the X509 subject string + since "/" characters could potentially be used in the common name. + +* Fixed some ifconfig-pool issues that precluded it from being combined + with --server directive. + + Now, for example, we can configure thusly: + + server 10.8.0.0 255.255.255.0 nopool + ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0 + + to have ifconfig-pool manage only a subset + of the VPN subnet. + +* Added config file option "setenv FORWARD_COMPATIBLE 1" to relax + config file syntax checking to allow directives for future OpenVPN + versions to be ignored. + 2008.10.07 -- Version 2.1_rc13 * Bundled OpenSSL 0.9.8i with Windows installer. |