$Id$
+2008.11.xx -- Version 2.1_rc13b
+
+* Added AC_GNU_SOURCE to configure.ac to enable struct ucred,
+ with the goal of fixing a build issue on Fedora 9 that was
+ introduced in 2.1_rc13.
+
+* Added additional warning messages about --script-security 2
+ or higher being required to execute user-defined scripts or
+ executables.
+
+* Windows build system changes:
+
+ Modified Windows domake-win build system to write all openvpn.nsi
+ input files to gen, so that gen can be disconnected from
+ the rest of the source tree and makensis openvpn.nsi will
+ still function correctly.
+
+ Added additional SAMPCONF_(CA|CRT|KEY) macros to settings.in
+ (commented out by default).
+
+ Added optional files SAMPCONF_CONF2 (second sample configuration
+ file) and SAMPCONF_DH (Diffie-Helman parameters) to Windows
+ build system, and may be defined in settings.in.
+
+* Extended Management Interface "bytecount" command
+ to work when OpenVPN is running as a server.
+ Documented Management Interface "bytecount" command in
+ management/management-notes.txt.
+
+* Fixed informational message in ssl.c to properly indicate
+ deferred authentication.
+
+* Added server-side --auth-user-pass-optional directive, to allow
+ connections by clients that do not specify a username/password, when a
+ user-defined authentication script/module is in place (via
+ --auth-user-pass-verify, --management-client-auth, or a plugin module).
+
+* Changes to easy-rsa/2.0/pkitool and related openssl.cnf:
+
+ Calling scripts can set the KEY_NAME environmental variable to set
+ the "name" X509 subject field in generated certificates.
+
+ Modified pkitool to allow flexibility in separating the Common Name
+ convention from the cert/key filename convention.
+
+ For example:
+
+ KEY_CN="James's Laptop" KEY_NAME="james" ./pkitool james
+
+ will create a client certificate/key pair of james.crt/james.key
+ having a Common Name of "James's Laptop" and a Name of "james".
+
+* Added --no-name-remapping option to allow Common Name, X509 Subject,
+ and username strings to include any printable character including
+ space, but excluding control characters such as tab, newline, and
+ carriage-return (this is important for compatibility with external
+ authentication systems).
+
+ As a related change, added --status-version 3 format (and "status 3"
+ in the management interface) which uses the version 2 format except
+ that tabs are used as delimiters instead of commas so that there
+ is no ambiguity when parsing a Common Name that contains a comma.
+
+ Also, save X509 Subject fields to environment, using the naming
+ convention:
+
+ X509_{cert_depth}_{name}={value}
+
+ This is to avoid ambiguities when parsing out the X509 subject string
+ since "/" characters could potentially be used in the common name.
+
+* Fixed some ifconfig-pool issues that precluded it from being combined
+ with --server directive.
+
+ Now, for example, we can configure thusly:
+
+ server 10.8.0.0 255.255.255.0 nopool
+ ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0
+
+ to have ifconfig-pool manage only a subset
+ of the VPN subnet.
+
+* Added config file option "setenv FORWARD_COMPATIBLE 1" to relax
+ config file syntax checking to allow directives for future OpenVPN
+ versions to be ignored.
+
2008.10.07 -- Version 2.1_rc13
* Bundled OpenSSL 0.9.8i with Windows installer.
projects / thirdparty / openvpn.git / commitdiff
