Most important change here is probably that we now implement DTLS
rekeying. With (for example) a session lifetime of 2 days and a DTLS
rekey time of only one day, some users were spending half their time
doing TCP-over-TCP.
Added a --force-dpd option to act as NAT keepalive when the server
doesn't request DPD.
Bitch about certificates which are almost out of date.
Work on Android. Probably.
David Woodhouse (16):
Link to knetworkmanager bug for OpenConnect support
Update ConnMan references
Elide webvpn cookie from debugging output.
Add --force-dpd option
Clean up option handling to use sane values for long-only options
Implement DTLS and CSTP rekeying.
Close existing connection and discard compressed packet in cstp_reconnect()
Check certificate expiry and complain
Use SSLv3 not TLSv1
Fix host selection in NM auth-dialog
Update --script-tun description, remove non-existent --tun-fd from manpage.
Update changelog
Android has /dev/tun, not /dev/net/tun
Don't crash on relative redirect when original urlpath was NULL
Update changelog
Tag version 2.26
Dominic Hargreaves (1):
Update status of Debian OpenSSL DTLS support
Eric Barkie (1):
Never use protocol family prefixes with a TUN script.
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
