v2.6.9

OpenVPN Release v2.6.9

2024.02.11 -- Version 2.6.9

Arne Schwabe (15):
      Remove unused function prototype crypto_adjust_frame_parameters
      Log SSL alerts more prominently
      Document tls-exit option mainly as test option
      Remove TEST_GET_DEFAULT_GATEWAY as it duplicates --show-gateway
      Fix check_session_buf_not_used using wrong index
      Add missing check for nl_socket_alloc failure
      Add check for nice in cmake config
      Remove compat versionhelpers.h and remove cmake/configure check for it
      Extend the error message when TLS 1.0 PRF fails
      Fix unaligned access in macOS, FreeBSD, Solaris hwaddr
      Check PRF availability on initialisation and add --force-tls-key-material-export
      Make it more explicit and visible when pkg-config is not found
      Clarify that the tls-crypt-v2-verify has a very limited env set
      Implement the --tls-export-cert feature
      Remove conditional text for Apache2 linking exception

David Sommerseth (2):
      Remove --tls-export-cert
      Remove superfluous x509_write_pem()

Frank Lichtenheld (14):
      sample-keys: renew for the next 10 years
      GHA: clean up libressl builds with newer libressl
      configure.ac: Remove unused AC_TYPE_SIGNAL macro
      documentation: remove reference to removed option --show-proxy-settings
      unit_tests: remove includes for mock_msg.h
      documentation: improve documentation of --x509-track
      NTLM: add length check to add_security_buffer
      NTLM: increase size of phase 2 response we can handle
      proxy-options.rst: Add proper documentation for --http-proxy-user-pass
      buf_string_match_head_str: Fix Coverity issue 'Unsigned compared against 0'
      --http-proxy-user-pass: allow to specify in either order with --http-proxy
      README.cmake.md: Document minimum required CMake version for --preset
      documentation: Update and fix documentation for --push-peer-info
      documentation: Fixes for previous fixes to --push-peer-info

Gert Doering (4):
      OpenBSD: repair --show-gateway
      get_default_gateway() HWADDR overhaul
      fix uncrustify complaints about previous patch
      preparing release 2.6.9

Kristof Provost (1):
      dco-freebsd: dynamically re-allocate buffer if it's too small

Lev Stipakov (1):
      tun.c: don't attempt to delete DNS and WINS servers if they're not set

Marc Becker (1):
      vcpkg-ports/pkcs11-helper: bump to version 1.30

Max Fillinger (4):
      Add support for mbedtls 3.X.Y
      Update README.mbedtls
      Disable TLS 1.3 support with mbed TLS
      Enable key export with mbed TLS 3.x.y

Reynir Bjoernsson (1):
      protocol_dump: tls-crypt support

Steffan Karger (1):
      Fix IPv6 route add/delete message log level

yatta (1):
      fix(ssl): init peer_id when init tls_multi
-----BEGIN PGP SIGNATURE-----

iQGcBAABAgAGBQJlygwQAAoJEB2Cnv7KVigSsbcL/0YkCoWrPq4vhCiX/astyHWa
Tu3WUQkj384kb/2s9cj6FMmAkpiPTouohemi8EJHnfaTuml3yaW/8Y5B872La8bW
D90mT4xMiPVcSsTT0pYcaMwfpTEarC8BcK0UhCl2+F62yDtCzQ4YxGsqgWPdi4GC
H0s3VxlQ33FKVIVMqWntMyi0rSRG6cckNLDJNXnUY0kp6Rf3+i+0X+0ZH5H8JyDQ
Qse/sCgFdJzu88zuMOWO0leThYdZ1LMz4ATEaFSo5oIqt4W2q+FkscoVAs3yoLSp
yqNR5RWUKGm6MJQv1pyrtD1NqzfuKOJLg9Yvd0Ux21RVF2eBfDrFxBLpK2pnZOLp
SweosnEK7pr+Xyqp727a8Q+cGUfqhJNMeSQbbkbQQv17kMjY3FAnQY7aCei0QNJR
laEusfFc1ee7k0JvqO0dBG5M7UtC7l9HTPkBsCNnuwh/boEDOg8dRcmDhkhTPWzu
WknWkI5WwetCRXAmLXrqaHt8hjbcZpJYH8fNSOqGTA==
=i/iB
-----END PGP SIGNATURE-----