[Swan-dev] [Swan-announce] Libreswan 3.12 released

The Libreswan Project team at libreswan.org
Fri Nov 7 08:03:43 EET 2014

The Libreswan Project has released libreswan-3.12

This is a bugfix release, with mostly IKEv2 bugfixes, along with an
X509 chaining certificate bugfix.

You can download libreswan via https at:


or via ftp at:


The full changelog is available at:

Please report bugs either via one of the mailinglists or at our bug tracker:


Binary packages for RHEL/EPEL and Debian/Ubuntu can be found at

Binary packages for Fedora can be found in the respective fedora

See also https://libreswan.org/

v3.12 (November 6, 2014)
* IKEv2: CP payload now installs internal address and dns [Antony]
* IKEv2: Don't try to decrypt if DH is incomplete [Antony]
* IKEv2: If applicable, add a CERTREQ payload in IKE_SA_INIT response [Antony]
* IKEv2: Fix parent I2 replace event delay [Antony]
* IKEv2: Liveness fix for restarting instantiated connection [Antony]
* IKEv2: Schedule expire instead of replace when rekey=no [Antony]
* IKEv2: Zero out CP payload before sending [Antony]
* IKEv2: Fix message id in create child sa response [Antony]
* IKEv2: Don't try to instantiate unoriented connections [Antoy]
* XAUTH: Fix 2 missing breaks when deciding on sending ModeCFG payloads [Paul]
* X509: Ensure that root CA does not end up in the ca_path list [Matt]
* pluto: Cleanup DYNDNS code and other clang warnings [Hugh]
* pluto: lswconf.c: getNSSPassword: fix bugs and tidy [Hugh]
* pluto: check return value of ike_alg_register_enc for twofish/serpent [Paul]
* pluto: fix various uninitialised variables in out_struct() calls [Paul/Hugh]
* KLIPS: Fix missing breaks in spi command algo type parsing [Paul]
* building: disable libcap-ng and NM support for OSX [Paul]
Swan-announce mailing list
Swan-announce at lists.libreswan.org

More information about the Swan-dev mailing list