OpenVPN 2.3.1发布

OpenVPN 2.3.1发布。2013-03-29 上一个版本是2013-01-08的2.3.0 。

OpenVPN 是一个基于 OpenSSL 库的应用层 VPN 实现。和传统 VPN 相比，它的优点是简单易用。

OpenVPN允许参与建立VPN的单点使用共享金钥，电子证书，或者用户名/密码来进行身份验证。它大量使用了OpenSSL加密库中的SSLv3/TLSv1 协议函式库。目前OpenVPN能在Solaris、Linux、OpenBSD、FreeBSD、NetBSD、Mac OS X与Windows 2000/XP/Vista上运行，并包含了许多安全性的功能。它并不是一个基于Web的VPN软件，也不与IPsec及其他VPN软件包兼容。

OpenVPN使用OpenSSL库加密数据与控制信息：它使用了OpenSSL的加密以及验证功能，意味着，它能够使用任何OpenSSL支持的算法。它提供了可选的数据包HMAC功能以提高连接的安全性。此外，OpenSSL的硬件加速也能提高它的性能。

完全改进：This release adds supports for PolarSSL 1.2. It also adds a fix to prevent potential side-channel attacks by switching to a constant-time memcmp when comparing HMACs in the openvpn_decrypt function. In addition, it contains several bugfixes and documentation updates, as well as some minor enhancements.

OpenVPN 2.3.1
Arne Schwabe (4):
Remove dead code path and putenv functionality
Remove unused function xor
Move static prototype definition from header into c file
Remove unused function no_tap_ifconfig

Christian Hesse (1):
fix build with automake 1.13(.1)

Christian Niessner (1):
Fix corner case in NTLM authentication (trac #172)

Gert Doering (6):
Update README.IPv6 to match what is in 2.3.0
Repair "tcp server queue overflow" brokenness, more fallout.
Permit pool size of /64.../112 for ifconfig-ipv6-pool
Add MIN() compatibility macro
Fix directly connected routes for "topology subnet" on Solaris.
Preparing for v2.3.1 (ChangeLog, version.m4)

Heiko Hund (5):
close more file descriptors on exec
Ignore UTF-8 byte order mark
reintroduce --no-name-remapping option
make --tls-remote compatible with pre 2.3 configs
add new option for X.509 name verification

Jan Just Keijser (1):
man page patch for missing options

Josh Cepek (2):
Fix parameter listing in non-debug builds at verb 4
(updated) [PATCH] Warn when using verb levels >=7 without debug

Matthias Andree (1):
Enable TCP_NODELAY configuration on FreeBSD.

Samuli Seppänen (4):
Removed ChangeLog.IPv6
Added cross-compilation information INSTALL-win32.txt
Updated README
Cleaned up and updated INSTALL

Steffan Karger (7):
PolarSSL-1.2 support
Improve PolarSSL key_state_read_{cipher, plain}text messages
Improve verify_callback messages
Config compatibility patch. Added translate_cipher_name.
Switch to IANA names for TLS ciphers.
Fixed autoconf script to properly detect missing pkcs11 with polarssl.
Use constant time memcmp when comparing HMACs in openvpn_decrypt.

下载：ftp://61.135.158.199/pub/openvpn-2.3.1.tar.gz （主站因为众所周知的原因被墙了）

来自:开源中国社区