[Openvpn-announce] OpenVPN 2.3-alpha1 released

[Samuli Seppänen]

The OpenVPN community project team is proud to release OpenVPN
2.3-alpha1. It can be downloaded from here:



This release includes a few new major features:

 * Complete IPv6 support, both transport and payload
 * Optional PolarSSL support (build time configuration)
 * Improved plug-in API (v3) which can more easily be expanded in the
   future: includes support for direct access to X.509 certificate data in
   plug-ins
 * Several improvements to the management interface
 * One-to-one NAT to circumvent IP address conflicts between local and
   remote networks
 * New OpenVPN-GUI

Note that a few changes have been made which may affect existing
installations. A list of new features and the changelog are available here:



The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:

- Wiki: 
- Forums: 
- User mailing list: 
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: 
- Developer mailing list: 
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock




2012.02.21 -- Version 2.3-alpha1
Adriaan de Jong (127):
  Added Doxygen doxyfile
  Changed configure to accept --with-ssl-type=openssl
  Refactored to rand_bytes for OpenSSL-independency
  Refactored OpenSSL-specific constants
  Refactored maximum cipher and hmac length constants
  Refactored show_available_* functions
  Refactored SSL_clear_error()
  Refactored crypto initialisation functions
  Refactored DES key manipulation functions
  Refactored NTLM DES key generation
  Refactored message digest type functions
  Refactored message digest functions
  Refactored HMAC functions
  Refactored cipher key types
  Refactored cipher functions
  Added PRNG doxygen
  Refactored: Moved crypto.h inline functions to end of file
  Removed stale OpenSSL defines from crypto.h
  Added a check for Openssl or PolarSSL defines
  Refactored: Added stubs for new files
  Refactored SSL initialisation functions
  Refactored TLS_PRF to new hmac and md primitives
  Refactored tls_show_available_ciphers
  Refactored get_highest_preference_tls_cipher
  Refactored root SSL context initialisation
  Refactored new external key code
  Refactored DH paramater loading
  Refactored root TLS option settings
  Refactored PKCS#12 key loading
  Refactored PKCS#11 loading
  Refactored windows cert loading
  Refactored load certificate functions
  Refactored private key loading code
  Refactored external key loading from management
  Refactored CA and extra certs code
  Refactored cipher restriction code
  Refactored tls_options, key_state, and key_source data structures
  Refactored initalisation of key_states
  Refactored key_state free code
  Refactored print_details
  Refactored key_state read code (including bio_read())
  Refactored key_state write functions
  Refactored: Moved BIO debug functions to OpenSSL backend
  Refactored: removed ks and ks_lame macro for clarity
  Refactored: moved write_empty_string function back
  Refactored Doxygen for tls_multi functions
  Migrated data structures needed by verification functions to ssl_common.h
  Refactored client_config_dir_exclusive function
  Refactored certificate hash lock checks
  Refactored common name locking functions
  Refactored username and password authentication code
  Add some extra comments
  Refactored: split verify_callback into two parts
  Added function to extract and verify the subject from a certificate
  Added function to verify and extract the username
  Refactored: removed global x509_username_field
  Refactored: separated environment setup during verification
  Refactored: Netscape certificate type verification
  Refactored key usage verification code
  Refactored EKU verification
  Refactored tls-remote checking
  Refactored tls-verify-plugin code
  Refactored tls-verify script code
  Refactored CRL checks
  Minor cleanup in verify_cert:
  Refactored: Moved verify_cert to ssl_verify
  Cleaned up ssl.h
  Refactored: made M_SSL dependent on USE_OPENSSL
  Refactored: renamed X509 functions from verify_*
  Separated OpenSSL-specific parts of the PKCS#11 driver
  Modified base64 code in preparation for PolarSSL 

[Openvpn-announce] OpenVPN 2.3-alpha1 released

[Samuli Seppänen]

The OpenVPN community project team is proud to release OpenVPN
2.3-alpha1. It can be downloaded from here:



This release includes a few new major features:

 * Complete IPv6 support, both transport and payload
 * Optional PolarSSL support (build time configuration)
 * Improved plug-in API (v3) which can more easily be expanded in the
   future: includes support for direct access to X.509 certificate data in
   plug-ins
 * Several improvements to the management interface
 * One-to-one NAT to circumvent IP address conflicts between local and
   remote networks
 * New OpenVPN-GUI

Note that a few changes have been made which may affect existing
installations. A list of new features and the changelog are available here:



The changelog is also attached to this email.

For generic help use these support channels:

- Official documentation:

- Wiki: 
- Forums: 
- User mailing list: 
- User IRC channel: #openvpn at irc.freenode.net

Please report bugs and ask development questions here:

- Bug tracker and Wiki: 
- Developer mailing list: 
- Developer IRC channel: #openvpn-devel at irc.freenode.net (requires
  Freenode registration)

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock




2012.02.21 -- Version 2.3-alpha1
Adriaan de Jong (127):
  Added Doxygen doxyfile
  Changed configure to accept --with-ssl-type=openssl
  Refactored to rand_bytes for OpenSSL-independency
  Refactored OpenSSL-specific constants
  Refactored maximum cipher and hmac length constants
  Refactored show_available_* functions
  Refactored SSL_clear_error()
  Refactored crypto initialisation functions
  Refactored DES key manipulation functions
  Refactored NTLM DES key generation
  Refactored message digest type functions
  Refactored message digest functions
  Refactored HMAC functions
  Refactored cipher key types
  Refactored cipher functions
  Added PRNG doxygen
  Refactored: Moved crypto.h inline functions to end of file
  Removed stale OpenSSL defines from crypto.h
  Added a check for Openssl or PolarSSL defines
  Refactored: Added stubs for new files
  Refactored SSL initialisation functions
  Refactored TLS_PRF to new hmac and md primitives
  Refactored tls_show_available_ciphers
  Refactored get_highest_preference_tls_cipher
  Refactored root SSL context initialisation
  Refactored new external key code
  Refactored DH paramater loading
  Refactored root TLS option settings
  Refactored PKCS#12 key loading
  Refactored PKCS#11 loading
  Refactored windows cert loading
  Refactored load certificate functions
  Refactored private key loading code
  Refactored external key loading from management
  Refactored CA and extra certs code
  Refactored cipher restriction code
  Refactored tls_options, key_state, and key_source data structures
  Refactored initalisation of key_states
  Refactored key_state free code
  Refactored print_details
  Refactored key_state read code (including bio_read())
  Refactored key_state write functions
  Refactored: Moved BIO debug functions to OpenSSL backend
  Refactored: removed ks and ks_lame macro for clarity
  Refactored: moved write_empty_string function back
  Refactored Doxygen for tls_multi functions
  Migrated data structures needed by verification functions to ssl_common.h
  Refactored client_config_dir_exclusive function
  Refactored certificate hash lock checks
  Refactored common name locking functions
  Refactored username and password authentication code
  Add some extra comments
  Refactored: split verify_callback into two parts
  Added function to extract and verify the subject from a certificate
  Added function to verify and extract the username
  Refactored: removed global x509_username_field
  Refactored: separated environment setup during verification
  Refactored: Netscape certificate type verification
  Refactored key usage verification code
  Refactored EKU verification
  Refactored tls-remote checking
  Refactored tls-verify-plugin code
  Refactored tls-verify script code
  Refactored CRL checks
  Minor cleanup in verify_cert:
  Refactored: Moved verify_cert to ssl_verify
  Cleaned up ssl.h
  Refactored: made M_SSL dependent on USE_OPENSSL
  Refactored: renamed X509 functions from verify_*
  Separated OpenSSL-specific parts of the PKCS#11 driver
  Modified base64 code in preparation for PolarSSL