Interim release.

Version 2.1_rc13b


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3494 e7ae566f-a301-0410-adde-c780ea21d3b5

ChangeLog

@@ -3,6 +3,92 @@ Copyright (C) 2002-2008 OpenVPN Technologies, Inc. <sales@openvpn.net>
 
 $Id$
 
+2008.11.xx -- Version 2.1_rc13b
+
+* Added AC_GNU_SOURCE to configure.ac to enable struct ucred,
+  with the goal of fixing a build issue on Fedora 9 that was
+  introduced in 2.1_rc13.
+
+* Added additional warning messages about --script-security 2
+  or higher being required to execute user-defined scripts or
+  executables.
+
+* Windows build system changes:
+
+  Modified Windows domake-win build system to write all openvpn.nsi
+  input files to gen, so that gen can be disconnected from
+  the rest of the source tree and makensis openvpn.nsi will
+  still function correctly.
+
+  Added additional SAMPCONF_(CA|CRT|KEY) macros to settings.in
+  (commented out by default).
+
+  Added optional files SAMPCONF_CONF2 (second sample configuration
+  file) and SAMPCONF_DH (Diffie-Helman parameters) to Windows
+  build system, and may be defined in settings.in.
+
+* Extended Management Interface "bytecount" command
+  to work when OpenVPN is running as a server.
+  Documented Management Interface "bytecount" command in
+  management/management-notes.txt.
+
+* Fixed informational message in ssl.c to properly indicate
+  deferred authentication.
+
+* Added server-side --auth-user-pass-optional directive, to allow
+  connections by clients that do not specify a username/password, when a
+  user-defined authentication script/module is in place (via
+  --auth-user-pass-verify, --management-client-auth, or a plugin module).
+
+* Changes to easy-rsa/2.0/pkitool and related openssl.cnf:
+
+  Calling scripts can set the KEY_NAME environmental variable to set
+  the "name" X509 subject field in generated certificates.
+
+  Modified pkitool to allow flexibility in separating the Common Name
+  convention from the cert/key filename convention.
+
+  For example:
+
+  KEY_CN="James's Laptop" KEY_NAME="james" ./pkitool james
+
+  will create a client certificate/key pair of james.crt/james.key
+  having a Common Name of "James's Laptop" and a Name of "james".
+
+* Added --no-name-remapping option to allow Common Name, X509 Subject,
+  and username strings to include any printable character including
+  space, but excluding control characters such as tab, newline, and
+  carriage-return (this is important for compatibility with external
+  authentication systems).
+
+  As a related change, added --status-version 3 format (and "status 3"
+  in the management interface) which uses the version 2 format except
+  that tabs are used as delimiters instead of commas so that there
+  is no ambiguity when parsing a Common Name that contains a comma.
+
+  Also, save X509 Subject fields to environment, using the naming
+  convention:
+
+  X509_{cert_depth}_{name}={value}
+
+  This is to avoid ambiguities when parsing out the X509 subject string
+  since "/" characters could potentially be used in the common name.
+
+* Fixed some ifconfig-pool issues that precluded it from being combined
+  with --server directive.
+
+  Now, for example, we can configure thusly:
+
+    server 10.8.0.0 255.255.255.0 nopool
+    ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0
+
+  to have ifconfig-pool manage only a subset
+  of the VPN subnet.
+
+* Added config file option "setenv FORWARD_COMPATIBLE 1" to relax
+  config file syntax checking to allow directives for future OpenVPN
+  versions to be ignored.
+
 2008.10.07 -- Version 2.1_rc13
 
 * Bundled OpenSSL 0.9.8i with Windows installer.

version.m4

@@ -1,5 +1,5 @@
 dnl define the OpenVPN version
-define(PRODUCT_VERSION,[2.1_rc13a])
+define(PRODUCT_VERSION,[2.1_rc13b])
 dnl define the TAP version
 define(PRODUCT_TAP_ID,[tap0901])
 define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])