Bug Fixes:

• Fix Message-Authenticator validation for Accounting-Response

Bug Fixes:

• Fix wrong DN in certificate request (#154)
• Fix memory leak when using SIGHUP
• Fix exit when dyndisc script returns illegal PSKkey
• Fix logging during config check
• Fix invalid realm configs are ignored
• Fix default tls block selection

Misc:

• Improve message-authenticator logging

New features:

• TLS-PSK (#112)
• Long hex-strings in config
• Reload complete TLS context on SIGHUP, reload client/server cert and key (#76)
• Implement SSLKEYLOGFILE mechanism
• Options to require Message-Authenticator

Misc:

• Re-verify certificates on SIGHUP and terminate invalid connections (#5)
• Implement recommendations for deprecating insecure transports (#114)
• verify EAP message content length (#128)
• Close connection on radius attribute decode errors

Bug Fixes:

• Fix correct secret for DTLS (radius/dtls)
• Fix infinite loop when listening on tcp socket fails
• Fix crashes under high load (#75, #109, #129)

New features:

• TLS-PSK (#112)
• Long hex-strings in config
• Reload complete TLS context on SIGHUP, reload client/server cert and key (#76)
• Implement SSLKEYLOGFILE mechanism
• Options to require Message-Authenticator

Misc:

• Re-verify certificates on SIGHUP and terminate invalid connections (#5)
• Implement recommendations for deprecating insecure transports (#114)
• verify EAP message content length (#128)
• Close connection on radius attribute decode errors

Bug Fixes:

• Fix correct secret for DTLS (radius/dtls)
• Fix infinite loop when listening on tcp socket fails

Bug Fixes:

• Fix tcp connection not closed after idle timeout
• Fix tls/dtls logging (#127, #132)
• Fix dynamic connection not re-established after timeout if both auth- and accounting server
  are dynamically resolved (#131).
• Fix error in dyndisc script result might cause radsecproxy to exit.
• Fix some TLS config errors not reported at startup
• Fix referencing non-existant rewrite passed without error

Misc:

• Add Message-Authenticator to requests if missing

New features:

• Native dynamic discovery for NAPTR and SRV records (#2, #83)
• Optionally log accounting requests when respoinding directly (#72)
• SNI support for outgoing connections (#90)
• Optionally specify server name for certificate name check (#106)
• Manual MTU setting for DTLS on non-linux platforms

Misc:

• Don't require server type to be set by dyndisc scripts
• Improve locating openssl lib using pkg-config

Bug Fixes:

• Fix radius message length handling

Bug Fixes:

• Fix shutdown TLS connection on malformed radius message (#122)
• Fix handling of lost requests in DTLS
• Fix flush requests when dyndisc fails

New features:

• Native dynamic discovery for NAPTR and SRV records (#2, #83)
• Optionally log accounting requests when respoinding directly (#72)
• SNI support for outgoing connections (#90)
• Optionally specify server name for certificate name check (#106)
• Manual MTU setting for DTLS on non-linux platforms

Misc:

• Don't require server type to be set by dyndisc scripts
• Improve locating openssl lib using pkg-config

Bug Fixes:

• Fix radius message length handling
• Fix DTLS lost request and timeout handling

Bug Fixes:

• Fix potential segfault in tcp log message
• Fix DTLS over IPv6
• Fix SSL shutdown/EOF for openssl 3.x (#108)

Misc:

• OpenSSL 3.0 compatibility (#70)

Bug Fixes:

• Fix refused startup with openssl <1.1 (#82)
• Fix compiler issue for Fedora 33 on s390x (#84)
• Fix small memory leak in config parser
• Fix lazy certificate check when connecting to TLS servers
• Fix connect is aborted if first host in list has invalid certificate
• Fix setstacksize for glibc 2.34 (#91)
• Fix system defaults/settings for TLS version not honored (#92)