Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upcoming ipsec-tools 0.8.1

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    2 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dhatz
      last edited by

      http://sourceforge.net/mailarchive/forum.php?thread_name=20120829150102.08edec4c%40vostro&forum_name=ipsec-tools-devel

      [Ipsec-tools-devel] time for 0.8.1 ?
      From: Timo Teras <timo.teras@ik…>- 2012-08-23 11:55

      Hi,

      It's been almost 1.5 years since 0.8.0 was released. There's been only
      a handful [see below] of commits to 0.8 branch, but some of them are
      quite essential.

      I'm planning to do 0.8.1 release tarball soon. Please yell if we need
      to cherry-pick more commits, or you have pending things for the
      0_8-branch.

      Thanks,
      Timo

      ChangeLog for the 0.8 branch since 0.8.0 tagging:

      2012-08-23  Timo Teras <timo.teras@…>* src/racoon/crypto_openssl.c: From Nakano Takaharu: Fix bignum
                memory allocation.

      2012-01-01  Timo Teras <timo.teras@...>* src/racoon/isakmp_unity.c: From Rainer Weikusat
                <rweikusat@...>: Fix one byte too short memory
                allocation in isakmp_unity.c:splitnet_list_2str().

      2011-11-17  Yvan Vanhullebus <vanhu@...>* src/racoon/handler.c: fixed some crashes in LIST_FOREACH where
                current element could be removed during the loop

      2011-11-14  Timo Teras <timo.teras@...>* src/libipsec/pfkey.c: From Marcelo Leitner <mleitner@...>:
                do not shrink pfkey socket buffers (if system default is larger than
                what we want as minimum)

      2011-08-12  Timo Teras <timo.teras@...>* src/racoon/privsep.c: Have privilege separation child process
                exit if the parent exits.

      * Makefile.am: Create ChangeLog for proper CVS branch.

      2011-03-18  tag ipsec-tools-0_8_0</timo.teras@...></mleitner@...></timo.teras@...></vanhu@...></rweikusat@...></timo.teras@...></timo.teras@…></timo.teras@ik…>

      1 Reply Last reply Reply Quote 0
      • D
        dhatz
        last edited by

        Something seems to be moving afterall in the ipsec-tools front:

        http://sourceforge.net/mailarchive/forum.php?thread_name=20121212115419.1e94b02b%40vostro&forum_name=ipsec-tools-devel

        The patches applied since the original mail are:

        2012-08-29  Timo Teras <timo.teras@…>* src/racoon/isakmp_inf.c: From Roman Hoog Antink <rha@...>:
                  Accept DPD messages with cookies also in reversed order for
                  compatiblity. At least Cisco 836 running IOS 12.3(8)T does this.

        * src/racoon/oakley.c: From Roman Hoog Antink <rha@...>: add
                  remote's IP address to the "certificate not verified" error message.

        * src/racoon/oakley.c: From Roman Hoog Antink <rha@...>: do not
                  print unnecessary warning about non-verified certificate when using
                  raw plain-rsa.

        * src/racoon/isakmp.c: From Rainer Weikusat
                  <rweikusat@...>: Release unused phase2 of
                  passive remotes after acquire.

        * src/racoon/isakmp.c: From Wolfgang Schmieder
                  <wolfgang.schmieder@...>: setup phase1 port properly.

        * src/racoon/: cfparse.y, cftoken.l, racoon.conf.5: Allow inherited
                  remote blocks without additional remote statements to be specified
                  in a simpler way. patch by Roman Hoog Antink<rha@...></rha@...></wolfgang.schmieder@...></rweikusat@...></rha@...></rha@...></rha@...></timo.teras@…>

        According to the discussion, there are two last patches to be committed any day now:

        Attached patch is a somewhat smarter X509 subject name compare.
        X509 names may contain entries with different encodings (like UTF-8)
        The old code (some copy from the ancient openssl 0.9.7 release)
        did not handle that.
        The new code does only handle stripping of the wildcards from the name
        and let openssl do the compare of all non wildcard entries…

        And another patch to check that building ipsec-tools is done with a reasonably recent OpenSSL 0.9.7 or newer

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.