Permalink
Browse files

Version 2.1_rc21

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5152 e7ae566f-a301-0410-adde-c780ea21d3b5
  • Loading branch information...
1 parent 6eb2a9b commit 311ea893aa3aba4bb1314e2ce4acbf39a9d3fb57 james committed Nov 12, 2009
Showing with 18 additions and 2 deletions.
  1. +16 −0 ChangeLog
  2. +1 −1 install-win32/settings.in
  3. +1 −1 version.m4
View
@@ -1,6 +1,22 @@
OpenVPN Change Log
Copyright (C) 2002-2009 OpenVPN Technologies, Inc. <sales@openvpn.net>
+2009.11.12 -- Version 2.1_rc21
+
+* Rebuilt OpenVPN Windows installer with OpenSSL 0.9.8l to address
+ CVE-2009-3555. Note that OpenVPN has never relied on the session
+ renegotiation capabilities that are built into the SSL/TLS protocol,
+ therefore the fix in OpenSSL 0.9.8l (disable SSL/TLS renegotiation
+ completely) will not adversely affect OpenVPN mid-session SSL/TLS
+ renegotation or any other OpenVPN capabilities.
+
+* Added additional session renegotiation hardening. OpenVPN has always
+ required that mid-session renegotiations build up a new SSL/TLS
+ session from scratch. While the client certificate common name is
+ already locked against changes in mid-session TLS renegotiations, we
+ now extend this locking to the auth-user-pass username as well as all
+ certificate content in the full client certificate chain.
+
2009.10.01 -- Version 2.1_rc20
* Fixed a bug introduced in 2.1_rc17 (svn r4436) where using the
@@ -22,7 +22,7 @@
;!define OPENVPN_XGUI_DIR "../ovpnxml"
# Prebuilt libraries. DMALLOC is optional.
-!define OPENSSL_DIR "../openssl-0.9.8k"
+!define OPENSSL_DIR "../openssl-0.9.8l"
!define LZO_DIR "../lzo-2.02"
!define PKCS11_HELPER_DIR "../pkcs11-helper"
;!define DMALLOC_DIR "../dmalloc-5.4.2"
View
@@ -1,5 +1,5 @@
dnl define the OpenVPN version
-define(PRODUCT_VERSION,[2.1_rc20a])
+define(PRODUCT_VERSION,[2.1_rc21])
dnl define the TAP version
define(PRODUCT_TAP_ID,[tap0901])
define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])

0 comments on commit 311ea89

Please sign in to comment.