| 4 | |
| 5 | == OpenVPN 2.3.7 == |
| 6 | |
| 7 | {{{ |
| 8 | Alexander Pyhalov (1): |
| 9 | Default gateway can't be determined on illumos/Solaris platforms |
| 10 | |
| 11 | Arne Schwabe (1): |
| 12 | Warn that tls-auth with free form files is going to be removed from OpenVPN 2.4 |
| 13 | |
| 14 | David Sommerseth (6): |
| 15 | autotools: Fix wrong ./configure help screen default values |
| 16 | down-root plugin: Replaced system() calls with execve() |
| 17 | down-root: Improve error messages |
| 18 | plugin, down-root: Fix compiler warnings |
| 19 | sockets: Remove the limitation of --tcp-nodelay to be server-only |
| 20 | plugins, down-root: Code style clean-up |
| 21 | |
| 22 | David Woodhouse (2): |
| 23 | pkcs11: Load p11-kit-proxy.so module by default |
| 24 | Make 'provider' option to --show-pkcs11-ids optional where p11-kit is present |
| 25 | |
| 26 | Felix Janda (1): |
| 27 | Use OPENVPN_ETH_P_* so that <netinet/if_ether.h> is unecessary |
| 28 | |
| 29 | Gert Doering (18): |
| 30 | New approach to handle peer-id related changes to link-mtu (2.3 version) |
| 31 | Fix incorrect use of get_ipv6_addr() for iroute options. |
| 32 | Print helpful error message on --mktun/--rmtun if not available. |
| 33 | explain effect of --topology subnet on --ifconfig |
| 34 | Add note about file permissions and --crl-verify to manpage. |
| 35 | repair --dev null breakage caused by db950be85d37 |
| 36 | assume res_init() is always there. |
| 37 | Correct note about DNS randomization in openvpn.8 |
| 38 | Disallow usage of --server-poll-timeout in --secret key mode. |
| 39 | slightly enhance documentation about --cipher |
| 40 | Enforce "serial-tests" behaviour for tests/Makefile |
| 41 | Revert "Enforce "serial-tests" behaviour for tests/Makefile" |
| 42 | On signal reception, return EAI_SYSTEM from openvpn_getaddrinfo(). |
| 43 | Use configure.ac hack to apply serial_test AM option only if supported. |
| 44 | Use EAI_AGAIN instead of EAI_SYSTEM for openvpn_getaddrinfo(). |
| 45 | Move res_init() call to inner openvpn_getaddrinfo() loop |
| 46 | Fix FreeBSD ifconfig for topology subnet tunnels. |
| 47 | Preparing for release v2.3.7 (ChangeLog, version.m4) |
| 48 | |
| 49 | Guy Yur (1): |
| 50 | Fix --redirect-private in --dev tap mode. |
| 51 | |
| 52 | Jan Just Keijser (1): |
| 53 | include ifconfig_ environment variables in --up-restart env set |
| 54 | |
| 55 | Jonathan K. Bullard (1): |
| 56 | Fix null pointer dereference in options.c |
| 57 | |
| 58 | Lev Stipakov (1): |
| 59 | Fix mssfix default value in connection_list context |
| 60 | |
| 61 | Matthias Andree (1): |
| 62 | Manual page update for Re-enabled TLS version negotiation. |
| 63 | |
| 64 | Mike Gilbert (1): |
| 65 | Include systemd units in the source tarball (make dist) |
| 66 | |
| 67 | Robert Fischer (1): |
| 68 | Updated manpage for --rport and --lport |
| 69 | |
| 70 | Samuli Seppänen (2): |
| 71 | Properly escape dashes on the man-page |
| 72 | Improve documentation in --script-security section of the man-page |
| 73 | |
| 74 | Steffan Karger (14): |
| 75 | Really fix '--cipher none' regression |
| 76 | Update doxygen (a bit) |
| 77 | Set tls-version-max to 1.1 if cryptoapicert is used |
| 78 | Account for peer-id in frame size calculation |
| 79 | Disable SSL compression |
| 80 | Fix frame size calculation for non-CBC modes. |
| 81 | Allow for CN/username of 64 characters (fixes off-by-one) |
| 82 | Remove unneeded parameter 'first_time' from possibly_become_daemon() |
| 83 | Re-enable TLS version negotiation by default |
| 84 | Remove size limit for files inlined in config |
| 85 | Improve --tls-cipher and --show-tls man page description |
| 86 | Re-read auth-user-pass file on (re)connect if required |
| 87 | Clarify --capath option in manpage |
| 88 | Call daemon() before initializing crypto library |
| 89 | }}} |