10037 – strongswan-4.6.2 has been released

Bug 10037 - strongswan-4.6.2 has been released

Summary: strongswan-4.6.2 has been released

Status:	CLOSED FIXED

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	strongswan (show other bugs)
Version:	2
Hardware:	unspecified Unspecified

Importance:	- Unknown - - Unknown -
Assignee:	Arne.F
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-02-21 18:25 UTC by Michael Tremer
Modified:	2012-05-06 11:16 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Tremer 2012-02-21 18:25:54 UTC

Version 4.6.2 of strongswan has been released. The changelog is as follows:

Trusted Network Connect
----------------------

- HSR master student Sansar Choinyambuu fully implemented the "TCG
  Attestation Platform Trust Service (PTS) Protocol: Binding to IF-M"
  standard (TLV-based messages only), making trustworthy remote
  attestation based on a Trusted Platform Module (TPM) of the Linux
  Integrity Measurement Architecture (IMA) or Intel TBOOT possible.

  http://linux-ima.sourceforge.net/

  Measurement reference values are automatically stored in an SQLite
  database that can be managed using the new ipsec attest command line
  tool.

  * PTS Integrity Measurement Collector:

  http://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMC

  * PTS Integrity Measurement Verifier:

  http://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMV

- Upgraded the TCG IF-IMC and IF-IMV C API to the upcoming version 1.3
  which supports IF-TNCCS 2.0 long message types, the exclusive flag
  and multiple IMC/IMV IDs. Both the TNC Client and Server as well as
  the "Test", "Scanner", and "Attestation" IMC/IMV pairs were updated.

  http://www.strongswan.org/uml/testresults/tnc/tnccs-20/

  Overview on strongSwan's support of the TCG TNC/IETF NEA Framework:

  http://www.strongswan.org/tnc/


RADIUS Accounting
-----------------

- The EAP-RADIUS authentication backend supports RADIUS accounting.
  It sends start/stop messages containing Username, Framed-IP and
  Input/Output-Octets attributes and has been tested against FreeRADIUS
  and Microsoft NPS.

  http://www.strongswan.org/uml/testresults/ikev2/rw-radius-accounting/

  Tue Feb  7 16:32:21 2012
	Acct-Status-Type = Start
	Acct-Session-Id = "1328628738-1"
	User-Name = "carol"
	NAS-Port-Type = Virtual
	NAS-Identifier = "strongSwan"
	NAS-IP-Address = 10.1.0.1
	Acct-Unique-Session-Id = "385526c5638de88a"
	Timestamp = 1328628741
	Request-Authenticator = Verified

  Tue Feb  7 16:32:29 2012
	Acct-Status-Type = Stop
	Acct-Session-Id = "1328628738-1"
	User-Name = "carol"
	Acct-Output-Octets = 7100
	Acct-Input-Octets = 7100
	Acct-Session-Time = 8
	NAS-Port-Type = Virtual
	NAS-Identifier = "strongSwan"
	NAS-IP-Address = 10.1.0.1
	Acct-Unique-Session-Id = "385526c5638de88a"
	Timestamp = 1328628749
	Request-Authenticator = Verified


PKCS#8 Encoded Private Keys
---------------------------

- Added support for PKCS#8 encoded private keys via the libstrongswan
  pkcs8 plugin.  This is the default format used by some OpenSSL tools
  since version 1.0.0 (e.g. openssl req with -keyout).

  http://www.strongswan.org/uml/testresults/ikev2/rw-pkcs8/

  http://www.strongswan.org/uml/testresults/openssl-ikev2/ecdsa-pkcs8/


TLS Session Resumption
----------------------

- Added session resumption support to the strongSwan TLS stack.

Comment 1 Stefan Schantl 2012-03-03 16:38:00 UTC

*** Bug 10038 has been marked as a duplicate of this bug. ***

Comment 2 Arne.F 2012-03-10 18:46:00 UTC

http://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=b21c471b731194c8cb43a1dec775685b5446e2c1

Comment 3 Arne.F 2012-05-06 11:16:44 UTC

Updated with core58