You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Pkgsrc changes:
* The hosting of radsecproxy has changed to github.com.
* Add dependency on nettle.
* Update LICENSE, now only modified-bsd.
* Use gmake to build to avoid a couple of warnings.
* Relinquish exclusive maintainership.
Upstream changes:
20190704 1.8.0
New features:
- Rewrite: supplement attribute (add attribute if not present) (#19)
- Rewrite: modify vendor attribute
- Rewrite whitelist mode
- Autodetect status-server capability of servers
- Minimalistic status-server
- Explicit SubjectAltName:DNS and :IP match on certificates
Misc:
- No longer require docbook2x tools, but include plain manpages
- Fail on startup if overlapping clients with different tls blocks
Compile fixes:
- Fix compile issues on bsd
Bug fixes:
- Handle %00 in config correctly (#31)
- Fix server selection when udp were unreachable for long periods
2018-09-03 1.7.2
Misc:
- Always copy proxy-state attributes in own responses
- Authenticate own access-reject responses
- Retry outstanding requests after connection reset
Compile fixes:
- Fix compile issues on some platforms (#14)
- Fix compile issue when dtls disabled (#16)
- Fix compile issue on Cygwin (#18)
- Fix radsecproxy.conf manpage not installed when docbook2x
not available
Bug fixes:
- Fix request might be dropped if udp client uses multiple source ports
- Fix tls output might drop requests under high load
- Check for IP literals in Certificate SubjectAltName:DNS records
- Fix tls connection might hang during SSL_connect and SSL_accept
2018-07-05 1.7.1
License and copyright changes:
- Copyright SWITCH
- 3-clause BSD license only, no GPL.
Enhancements:
- Support the use of OpenSSL version 1.1 and 1.0 series
(RADSECPROXY-66, RADSECPROXY-74).
- Reload TLS certificate CRLs on SIGHUP (RADSECPROXY-78).
- Make use of SO_KEEPALIVE for tcp sockets (RADSECPROXY-12).
- Optionally include the thread-id in log messages
- Allow hashing MAC addresses in the log (same as for F-Ticks)
- Log certificate subject if rejected
- Log own responses (RADSECPROXY-61)
- Allow f-ticks prefix to be configured
- radsecproxy-hash: allow MAC addresses to be passed on command line
Misc:
- libnettle is now an unconditional dependency.
- FTicks support is now on by default and not optional.
- Experimental code for dynamic discovery has been removed.
- Replace several server status bits with a single state enum.
(RADSECPROXY-71)
- Use poll instead of select to allow > 1000 concurrent connections.
- Implement locking for all SSL objects (openssl states it
is not thread-safe)
- Rework DTLS code.
Bug fixes:
- Detect the presence of docbook2x-man correctly.
- Make clang less unhappy.
- Don't use a smaller pthread stack size than what's allowed.
- Avoid a deadlock situation with dynamic servers (RADSECPROXY-73).
- Don't forget about good dynamically discovered (TLS) connections
(RADSECPROXY-69).
- Fix refcounting in error cases when loading configuration
(RADSECPROXY-42)
- Fix potential crash when rewriting malformed vendor attributes.
- Properly cleanup expired requests from server output-queue.
- Fix crash when dynamic discovered server doesn't resolve.
0 commit comments