Skip to content

3.2.2

Compare
Choose a tag to compare
@mcnewton mcnewton released this 16 Feb 15:03
· 34683 commits to master since this release
b9ed73e

Configuration changes

  • The linelog module now has a header configuration item, which places a header in any new file it creates.
  • The ldap module now supports setting cipher_list. See mods-available/ldap.
  • Add connect_timeout for outgoing TLS sockets. Helps with #3501.
  • Add config section for xlats in rlm_rest and an option to control REST body data encoding. Patches by Nick Porter.
  • Allow Operator-Name and Called-Station-Id in attr_filter when proxying. Helps with less work in eduroam configurations.
  • Ensure that the AcctUpdateTime field in SQL is always updated. This is so that we can track when the last packet arrived.
  • Update the default configuration to reply to NAS when accounting proxying fails, but we still write to the detail file.

Feature improvements

  • The configure process now gives a much clearer report when it's finished. Patches by Matthew Newton.
  • Fallback to uname -n on missing hostname. Fixes #4771
  • Export thread details in radmin stats threads. Fixes #4770
  • Improve queries for processing radacct into periodic usage data. Fix from Nick Porter.
  • Update dictionary.juniper
  • Add dictionary.calix
  • Fix dictionary.rfc6519 DS-Lite-Tunnel-Name to be octets
  • Update documentation for robust-proxy-accounting, and be more aggressive about sending packets.
  • Add per-module README.md files in the source.
  • Add default Visual Studio configuration for developers.
  • Postgres can now automatically use alternate queries for errors other than duplicate keys.
  • %{listen:TLS-PSK-Identity} is now set when using PSK and psk_query. This helps the server track the identity of the client which is connecting.
  • Include thread stats in Status-Server attributes. Fixes #4870.
  • Mark rlm_unbound stable and add to packages. Patches by Nick Porter.
  • Remove broken/unsupported Dockerfiles for centos8 and debian9.
  • Ensure Docker containers have stable uid/gid. Patches from Terry Burton.

Bug fixes

  • Preliminary support for non-blocking TLS sockets. Helps with #3501.
  • Fix support for partial certificate chains after adding reload support. Fixes #4753
  • Fix handling of debug_condition.
  • Clean up home server states, and re-sync with the dictionaries.
  • Correct certificate order when creating TLS-* attributes. Fixes #4785
  • Update use of isalpha() etc. so broken configurations have less impact on the server.
  • Outgoing TLS sockets now set SNI correctly from the "hostname" configuration item.
  • Support Apple Homebrew on the M1. Fixes #4754
  • Better error messages when %{listen:TLS-...} is used.
  • Getting statistics via Status-Server can now be done within a virtual server. Fixes #4868
  • Make TTLS+MS-CHAP work with TLS 1.3. Fixes #4878.
  • Fix md5 xlat memory leak when using OpenSSL 3. Fix by Terry Burton.