From: Tobias Brunner Date: Thu, 17 Jan 2013 16:00:05 +0000 (+0100) Subject: Merge branch 'debian-testing' X-Git-Tag: 5.0.2rc1~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0c006341f3789477c429cdfb547ad5ec59819bbf;p=thirdparty%2Fstrongswan.git Merge branch 'debian-testing' These changes update the integration test system. It previously was based on a pretty much unmaintainable Gentoo root image and the dated UML virtualization technology. Among many other changes the test environment is now based on KVM and uses reproducible Debian-based guest images. Conflicts: NEWS --- 0c006341f3789477c429cdfb547ad5ec59819bbf diff --cc NEWS index d644904b5e,4692b5d1a5..95f7e1c608 --- a/NEWS +++ b/NEWS @@@ -30,22 -27,9 +30,25 @@@ strongswan-5.0. batches can be triggered and monitored externally using the "ipsec load-tester" tool. +- PKCS#7 container parsing has been modularized, and the openssl plugin + gained an alternative implementation to decrypt and verify such files. + In contrast to our own DER parser, OpenSSL can handle BER files, which is + required for interoperability of our scepclient with EJBCA. + +- Support for the proprietary IKEv1 fragmentation extension has been added. + Fragments are always handled on receipt but only sent if supported by the peer + and if enabled with the new fragmentation ipsec.conf option. + +- IKEv1 in charon can now parse certificates received in PKCS#7 containers and + supports NAT traversal as used by Windows clients. Patches courtesy of + Volker Rümelin. + +- The new rdrand plugin provides a high quality / high performance random + source using the Intel rdrand instruction found on Ivy Bridge processors. + + - The integration test environment was updated and now uses KVM and reproducible + guest images based on Debian. + strongswan-5.0.1 ----------------