Version 4.6.2 of strongswan has been released. The changelog is as follows: Trusted Network Connect ---------------------- - HSR master student Sansar Choinyambuu fully implemented the "TCG Attestation Platform Trust Service (PTS) Protocol: Binding to IF-M" standard (TLV-based messages only), making trustworthy remote attestation based on a Trusted Platform Module (TPM) of the Linux Integrity Measurement Architecture (IMA) or Intel TBOOT possible. http://linux-ima.sourceforge.net/ Measurement reference values are automatically stored in an SQLite database that can be managed using the new ipsec attest command line tool. * PTS Integrity Measurement Collector: http://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMC * PTS Integrity Measurement Verifier: http://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMV - Upgraded the TCG IF-IMC and IF-IMV C API to the upcoming version 1.3 which supports IF-TNCCS 2.0 long message types, the exclusive flag and multiple IMC/IMV IDs. Both the TNC Client and Server as well as the "Test", "Scanner", and "Attestation" IMC/IMV pairs were updated. http://www.strongswan.org/uml/testresults/tnc/tnccs-20/ Overview on strongSwan's support of the TCG TNC/IETF NEA Framework: http://www.strongswan.org/tnc/ RADIUS Accounting ----------------- - The EAP-RADIUS authentication backend supports RADIUS accounting. It sends start/stop messages containing Username, Framed-IP and Input/Output-Octets attributes and has been tested against FreeRADIUS and Microsoft NPS. http://www.strongswan.org/uml/testresults/ikev2/rw-radius-accounting/ Tue Feb 7 16:32:21 2012 Acct-Status-Type = Start Acct-Session-Id = "1328628738-1" User-Name = "carol" NAS-Port-Type = Virtual NAS-Identifier = "strongSwan" NAS-IP-Address = 10.1.0.1 Acct-Unique-Session-Id = "385526c5638de88a" Timestamp = 1328628741 Request-Authenticator = Verified Tue Feb 7 16:32:29 2012 Acct-Status-Type = Stop Acct-Session-Id = "1328628738-1" User-Name = "carol" Acct-Output-Octets = 7100 Acct-Input-Octets = 7100 Acct-Session-Time = 8 NAS-Port-Type = Virtual NAS-Identifier = "strongSwan" NAS-IP-Address = 10.1.0.1 Acct-Unique-Session-Id = "385526c5638de88a" Timestamp = 1328628749 Request-Authenticator = Verified PKCS#8 Encoded Private Keys --------------------------- - Added support for PKCS#8 encoded private keys via the libstrongswan pkcs8 plugin. This is the default format used by some OpenSSL tools since version 1.0.0 (e.g. openssl req with -keyout). http://www.strongswan.org/uml/testresults/ikev2/rw-pkcs8/ http://www.strongswan.org/uml/testresults/openssl-ikev2/ecdsa-pkcs8/ TLS Session Resumption ---------------------- - Added session resumption support to the strongSwan TLS stack.
Also see #10037.
This update has already been reported at #10037. *** This bug has been marked as a duplicate of bug 10037 ***
This is NOT a duplicate of #10037.
Update done, please check my changes at: http://git.ipfire.org/?p=people/stevee/ipfire-3.x.git;a=commit;h=f59c3c0483649711d289e08648c08883ac06b176