v2.3.3 OpenVPN v2.3.3

2014.04.08 -- Version 2.3.3
Alon Bar-Lev (1):
      pkcs11: use generic evp key instead of rsa

Arne Schwabe (8):
      Add support of utun devices under Mac OS X
      Add support to ignore specific options.
      Add a note what setenv opt does for OpenVPN < 2.3.3
      Add reporting of UI version to basic push-peer-info set.
      Fix compile error in ssl_openssl introduced by polar external-management patch
      Fix assertion when SIGUSR1 is received while getaddrinfo is successful
      Add warning for using connection block variables after connection blocks
      Introduce safety check for http proxy options

David Sommerseth (5):
      man page: Update man page about the tls_digest_{n} environment variable
      Remove the --disable-eurephia configure option
      plugin: Extend the plug-in v3 API to identify the SSL implementation used
      autoconf: Fix typo
      Fix file checks when --chroot is being used

Davide Brini (1):
      Document authfile for socks server

Gert Doering (9):
      Fix IPv6 examples in t_client.rc-sample
      Fix slow memory drain on each client renegotiation.
      t_client.sh: ignore fields from "ip -6 route show" output that distort results.
      Make code and documentation for --remote-random-hostname consistent.
      Reduce IV_OPENVPN_GUI_VERSION= to IV_GUI_VER=
      Document issue with --chroot, /dev/urandom and PolarSSL.
      Rename 'struct route' to 'struct route_ipv4'
      Replace copied structure elements with including <net/route.h>
      Workaround missing SSL_OP_NO_TICKET in earlier OpenSSL versions

Heikki Hannikainen (1):
      Always load intermediate certificates from a PKCS#12 file

Heiko Hund (2):
      Support non-ASCII TAP adapter names on Windows
      Support non-ASCII characters in Windows tmp path

James Yonan (3):
      TLS version negotiation
      Added "setenv opt" directive prefix.
      Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

Jens Wagner (1):
      Fix spurious ignoring of pushed config options (trac#349).

Joachim Schipper (3):
      Refactor tls_ctx_use_external_private_key()
      --management-external-key for PolarSSL
      external_pkcs1_sign: Support non-RSA_SIG_RAW hash_ids

Josh Cepek (2):
      Correct error text when no Windows TAP device is present
      Require a 1.2.x PolarSSL version

Klee Dienes (1):
      tls_ctx_load_ca: Improve certificate error messages

Max Muster (1):
      Remove duplicate cipher entries from TLS translation table.

Peter Sagerson (1):
      Fix configure interaction with static OpenSSL libraries

Steffan Karger (7):
      Do not pass struct tls_session* as void* in key_state_ssl_init().
      Require polarssl >= 1.2.10 for polarssl-builds, which fixes CVE-2013-5915.
      Use RSA_generate_key_ex() instead of deprecated, RSA_generate_key()
      Also update TLSv1_method() calls in support code to SSLv23_method() calls.
      Update TLSv1 error messages to SSLv23 to reflect changes from commit 4b67f98
      If --tls-cipher is supplied, make --show-tls parse the list.
      Add openssl-specific common cipher list names to ssl.c.

Tamas TEVESZ (1):
      Add support for client-cert-not-required for PolarSSL.

Thomas Veerman (1):
      Fix "." in description of utun.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (NetBSD)

iQCVAwUAU0QQaqkuBuNlUUl1AQJNkQP/RPRYGvKtEAUr5ZETIFth3tJ02iO900sV
4YwyFW05JeNt7t208bwCZKjpShBOpxdU8czP14QJhhBZTqMGq+RnrUVkVcO32jh+
LaBht/WsyoAvRzaQSD77fmYD/jtL3QTHVbEcUAc/EjararlH6W8CcGbxX5BmA+VV
tLK44Ro2LJs=
=TEYg
-----END PGP SIGNATURE-----