5.9.13
版本发布时间: 2023-12-01 16:05:21
strongswan/strongswan最新发布版本:5.9.14(2024-03-19 21:34:10)
Enhancements and Optimizations
- Added
charon.ocsp_nonce_len
setting that allows specifying the length of nonce values in OCSP requests. Since 5.9.12, the default length is set to 32 bytes, as required by RFC 8954 for newer clients. However, there might be older OCSP servers that don't support that, in which case reducing the length to e.g. 16, which was the previous default, might be necessary (f3af1704d94ed1db5277151d17e0d2661970d3a8). - OCSP error responses are now dropped immediately instead of trying to verify a non-existent signature (b3e66aca5c4af3721489ff7d934d90bc5108e12b, e7a58f46f97583a532b481bb1805aeb5208af565).
-
pki --ocsp --respond
replies with an internal error OCSP response if no signer certificate is found (e.g. if the request is sent to the wrong server) instead of failing silently (945be4ece57d92d9c3011efbdf9f27dd60279bc1).
Fixes
- Fixed a regression with handling OCSP error responses that was introduced with 5.9.12 (#2011, 585c40095a3a92e058c5d1d61137232f17f72195, 9c4846cdbe61af324f44f7e59a9e209fef112157).
- Added missing environment variables for
cert-install-ssl
cert-enroll script script (da45cf9f38207af7dced1762747c2d79ef3a3d02).
Refer to the 5.9.13 milestone for a list of all closed issues and pull requests.
1、 strongswan-5.9.13.tar.bz2 4.6MB
2、 strongswan-5.9.13.tar.bz2.sig 659B
3、 strongswan-5.9.13.tar.gz 7.54MB
4、 strongswan-5.9.13.tar.gz.sig 659B