The OpenVPN community project team is proud to release OpenVPN 2.3.1. It
can be downloaded from here:
<http://openvpn.net/index.php/open-source/downloads.html>
This release adds supports for PolarSSL 1.2. It also adds a fix to
prevent potential side-channel attacks by switching to a constant-time
memcmp when comparing HMACs in the openvpn_decrypt function. In
addition, it contains several bugfixes and documentation updates, as
well as some minor enhancements. A full list of changes is available here:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>
The changelog is also attached to this email.
For generic help use these support channels:
- Official documentation:
<http://openvpn.net/index.php/open-source/documentation/howto.html>
- Wiki: <https://community.openvpn.net>
- Forums: <https://forums.openvpn.net>
- User mailing list: <http://sourceforge.net/mail/?group_id=48978>
- User IRC channel: #openvpn at irc.freenode.net
Please report bugs and ask development questions here:
- Bug tracker and Wiki: <https://community.openvpn.net>
- Developer mailing list: <http://sourceforge.net/mail/?group_id=48978>
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
Freenode registration)
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
irc freenode net: mattock
Arne Schwabe (4):
Remove dead code path and putenv functionality
Remove unused function xor
Move static prototype definition from header into c file
Remove unused function no_tap_ifconfig
Christian Hesse (1):
fix build with automake 1.13(.1)
Christian Niessner (1):
Fix corner case in NTLM authentication (trac #172)
Gert Doering (6):
Update README.IPv6 to match what is in 2.3.0
Repair "tcp server queue overflow" brokenness, more <stdbool.h> fallout.
Permit pool size of /64.../112 for ifconfig-ipv6-pool
Add MIN() compatibility macro
Fix directly connected routes for "topology subnet" on Solaris.
Preparing for v2.3.1 (ChangeLog, version.m4)
Heiko Hund (5):
close more file descriptors on exec
Ignore UTF-8 byte order mark
reintroduce --no-name-remapping option
make --tls-remote compatible with pre 2.3 configs
add new option for X.509 name verification
Jan Just Keijser (1):
man page patch for missing options
Josh Cepek (2):
Fix parameter listing in non-debug builds at verb 4
(updated) [PATCH] Warn when using verb levels >=7 without debug
Matthias Andree (1):
Enable TCP_NODELAY configuration on FreeBSD.
Samuli Seppänen (4):
Removed ChangeLog.IPv6
Added cross-compilation information INSTALL-win32.txt
Updated README
Cleaned up and updated INSTALL
Steffan Karger (7):
PolarSSL-1.2 support
Improve PolarSSL key_state_read_{cipher, plain}text messages
Improve verify_callback messages
Config compatibility patch. Added translate_cipher_name.
Switch to IANA names for TLS ciphers.
Fixed autoconf script to properly detect missing pkcs11 with polarssl.
Use constant time memcmp when comparing HMACs in openvpn_decrypt.
