We are happy to announce the release of strongSwan 5.9.8, which fixes a denial-of-service vulnerability related to online certificate revocation checks, supports SCEP and EST via pki tool and comes with several other new features and fixes.
Vulnerability Related to Online Certificate Revocation Checks (CVE-2022-40617)
A vulnerability related to online certificate revocation checking was fixed. It was caused because the revocation plugin used potentially untrusted OCSP URIs and CRL distribution points in certificates. This allowed a remote attacker to initiate IKE_SAs and send crafted certificates that contain URIs pointing to servers under their control, which could have lead to a denial-of-service attack. All strongSwan versions may be affected.
More information is provided in a separate blog entry.
SCEP and EST in the pki Tool
pki --scep|--scepca commands implement the HTTP-based "Simple Certificate Enrollment Protocol" (RFC 8894 SCEP) replacing the old and long deprecated
scepclient tool that has been removed.
pki --est|estca commands implement the HTTPS-based "Enrollment over Secure Transport" (RFC 7070 EST) protocol.
pki --req command can create a certificate request based on an existing PKCS#10 template by replacing the public key and re-generating the signature with the new private key.
Later ike_updown() Event for IKEv2
For IKEv2, the
ike_updown() "up" event and the state change to
IKE_ESTABLISHED are now triggered after all IKE-related tasks are done. This ensures the IKE_SA is actually fully established, which now includes any assigned virtual IPs, additional MOBIKE peer addresses or a reauthentication time updated via
AUTH_LIFETIME notify. This was e.g. an issue for the selinux plugin if virtual IPs were used.
Other Notable Features and Fixes
ike_cfg_tobject is now always replaced together with the
peer_cfg_tobject that's set on an IKE_SA during authentication. This is more consistent and allows to properly take into account some settings that are also relevant during IKE_AUTH (e.g.
childless) and it was actually already handled this way during rekeying/reestablishing of IKE_SAs and e.g. for the DSCP setting.
- The gcm plugin has been enabled by default, so that the TLS 1.3 unit tests (now indirectly enabled if the
pkitool is built due to the implementation of EST) can be completed successfully with just the default plugins.
- The socket plugins don't set the
SO_REUSEADDRoption anymore on the IKE UDP sockets, so an error is triggered if e.g. two daemons (e.g.
charon-systemd) are running concurrently using the same ports.