5.9.12
版本发布时间: 2023-11-20 21:31:15
strongswan/strongswan最新发布版本:5.9.14(2024-03-19 21:34:10)
Vulnerabilities
- Fixed a vulnerability in
charon-tkm
(the TKM-backed version of the charon IKE daemon) related to processing DH public values that can lead to a buffer overflow and potentially remote code execution. This vulnerability has been registered as CVE-2023-41913. Please refer to our blog for details.
New Feature Additions
-
The new
pki --ocsp
command produces OCSP responses based on certificate status information provided by implementations of the newocsp_responder_t
interface (#1958).Two sources are currently available, the openxpki plugin that directly accesses the OpenXPKI database and the command's
--index
argument, which reads certificate status information from OpenSSL-styleindex.txt
files (multiple CAs are supported concurrently). -
The new cert-enroll script handles the initial enrollment of an X.509 host certificate with a PKI server via the EST or SCEP protocols.
Run as a systemd timer or via a crontab entry, the script checks the expiration date of the host certificate daily. When a given deadline is reached, the host certificate is automatically renewed via EST or SCEP re-enrollment based on the possession of the old private key and the matching certificate.
-
Added a global option (
charon.reject_trusted_end_entity
) to prevent peers from authenticating with certificates that are locally trusted, in particular, our own local certificate, which safeguards against accidental reuse of certificates on multiple peers. As the name suggests, all trusted end-entity certificates are rejected if enabled, so peer certificates can't be configured explicitly anymore (e.g. viaremote.certs
in swanctl.conf). -
The
--priv
argument forcharon-cmd
allows the use of any type of private key (previously, only RSA keys were supported). -
The openssl plugin now supports the
nameConstraints
extension in X.509 certificates (#1990). -
Support for
nameConstraints
of typeiPAddress
are now supported by the x509, openssl and constraints plugins (#1991). -
Support for encoding
subjectAlternativeName
extensions of typeuniformResourceIdentifier
in X.509 certificates has been added via theuri:
prefix (e.g. for URNs, #1983). -
Support for password-less PKCS#12 and PKCS#8 files has been added (#1955).
Enhancements and Optimizations
-
Because of a relatively recent NIAP requirement (TD0527, Test 8b), loading of certificates with ECDSA keys that explicitly encode the curve parameters is rejected if possible. Explicit encoding is pretty rare to begin with and e.g. wolfSSL already rejects such keys, by default. All crypto plugins that support ECDSA enforce this by rejecting such public keys, except when using older versions of OpenSSL (< 1.1.1h) or Botan (< 3.2.0) (#1949).
-
Make the NetworkManager plugin (
charon-nm
) actually use the XFRM interface it creates since 5.9.10. This involves setting interface IDs on SAs and policies, and installing routes via the interface. To avoid routing loops if the remote traffic selectors include the VPN server, IKE and ESP packets are marked to bypass the routing table that contains the routes via XFRM interface (69e0c1161d54f0ecb5d18b0e0c5e39dcc69fba93).If available, the plugin now also adopts the interface name configured in
connection.interface-name
in a*.nmconnection
file as name for the XFRM interface instead of generating one randomly (e8f8d32494e2945f6f43b7ac46fa5d0491b417ec). -
The resolve plugin tries to maintain the order of DNS servers it installs via
resolvconf
orresolv.conf
(6440975bb40609e4894931ae3d679ecea73784c8, 8238ad480aa7b404e345cee06bc49389141ca269). -
The kernel-libipsec plugin now always installs routes to remote networks even if no address is found in the local traffic selectors, which allows forwarding traffic from networks the VPN host is not part of (190d8cbe1931ec57484d9bb451824a7fc57979bd).
-
Increased the default receive buffer size for Netlink sockets to 8 MiB (doubled by the kernel to account for overhead) and simplified the configuration (no need for a separate option to force overriding
rmem_max
). It's now also set for event sockets, which previously could cause issues on hosts with e.g. lots of route changes (#1757). -
When issuing certificates, the
subjectKeyIdentifier
of the issuing certificate, if available, is now copied asauthorityKeyIdentifier
, instead of always generating a SHA-1 hash of the issuer's subjectPublicKey (#1992, 6941dcb17aa5fb51b6fe7831794a4c3593480c3c). -
Explicitly request permission to display notifications on Android 13+ (ddf84c165d94811a025f128fb6016f5911d6b179), also enabled hardware acceleration for the Android-specific OpenSSL build.
Fixes
- Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with unrelated traffic selectors (#1855).
- Fixed an issue in
watcher_t
with handling errors on sockets (e.g. if the receive buffer is full), which caused an infinite loop ifpoll()
only signaledPOLLERR
as event (#1757). - Fixed an issue in the IKE_SA_INIT tracking code that was added with 5.9.6, which did not correctly untrack invalid messages with non-zero message IDs or SPIs (0b4735709189f9f3b20f64bce4f38211527fff5b).
- Fixed a regression introduced with 5.9.8 when handling IKE redirects during IKE_AUTH (595fa077b63c4cbea292fdb4a05606b65cf4f8c1).
- Fixed adding the
XFRMA_REPLAY_ESN_VAL
attribute twice when updating SAs in the kernel-netlink plugin, which prevented MOBIKE updates if a large anti-replay window was used (#1967). - Fixed a race condition in the kernel-pfroute plugin when adding virtual IPs if the TUN device is activated after the address was already added internally, which caused the installed route not to go via TUN device in order to force the virtual IP as source address (#1807).
- Fixed an issue in libtls that could cause the wrong ECDH group to get instantiated (b5e4bf4b6c2d5a3ac46cce78d69673c224256206).
- Fixed the encoding of the
CHILD_SA_NOT_FOUND
notify if a CHILD_SA is not found during rekeying. It was previously empty, now contains the SPI and sets the protocol to the values received in theREKEY_SA
notify (849c2c9707e00fc5210bd389631a2fc1a97089e6). - Fixed a possible issue with MOBIKE in the Android client on certain devices (#1691).
For Developers
- The new
ocsp_responder_t
interface can be implemented to provide certificate status information to thepki --ocsp
command. Responders can be (un-)registered via theocsp_responders_t
instance atlib->ocsp
. - For the
watcher_t
component,WATCHER_EXCEPT
has been removed as there is no way to explicitly listen for errors on sockets andpoll()
actually can returnPOLLERR
for any FD and it might even be the only signaled event (which caused an infinite loop previously). Now we simply notify the registered callbacks. The error is then reported by e.g.recvfrom()
, which was already the case before ifPOLLERR
was returned together with e.g.POLLIN
. - The reqids allocated for CHILD_SAs (including trap policies) via
kernel_interface_t::alloc_reqid()
are now refcounted. When recreating a CHILD_SA, a reference to the reqid can be requested viachild_sa_t::get_reqid_ref()
. If another reference is required afterwards, one can be acquired directly viakernel_interface_t::ref_reqid()
. Each reference has to be released viakernel_interface_t::release_reqid()
, whose interface was simplified. - The testing environment is now based on Debian 12 (bookworm), by default. Also, when copying files to guests, the guest-specific files are now copied after the default files, which allows overriding files per guest (fixes an issue with winnetou's
/etc/fstab
and mounting the test results).
Refer to the 5.9.12 milestone for a list of all closed issues and pull requests.
1、 strongswan-5.9.12.tar.bz2 4.6MB
2、 strongswan-5.9.12.tar.bz2.sig 659B
3、 strongswan-5.9.12.tar.gz 7.54MB
4、 strongswan-5.9.12.tar.gz.sig 659B