[ol8_developer_EPEL] ocserv-1.4.1-1.el8.aarch64

Name:	ocserv
Version:	1.4.1
Release:	1.el8
Architecture:	aarch64
Group:	Unspecified
Size:	2293513
License:	GPLv2+ and BSD and MIT and CC0
RPM:	ocserv-1.4.1-1.el8.aarch64.rpm
Source RPM:	ocserv-1.4.1-1.el8.src.rpm
Build Date:	Mon Mar 09 2026
Build Host:	build-ol8-aarch64.oracle.com
Vendor:	Oracle America
URL:	https://gui.openconnect-vpn.net
Summary:	OpenConnect SSL VPN server
Description:	OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a secure, small, fast and configurable VPN server. It implements the OpenConnect SSL VPN protocol, and has also (currently experimental) compatibility with clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS to provide the secure VPN service.

Changelog (Show File list) (Show related packages)

Sat Feb 28 2026 Packit <hello@packit.dev> - 1.4.1-1

- [SECURITY] Fixed authentication bypass (medium severity) when using
  certificate authentication with cert-user-oid set to SAN(rfc822name):
  a client presenting a valid CA-signed certificate without the expected
  RFC822 SAN field could authenticate using password credentials alone,
  bypassing the intended certificate-to-username binding. Requires the
  attacker to possess both a valid CA-signed certificate and valid user
  credentials (#694)
- The bundled inih was updated to r62.
- The bundled protobuf-c was updated to 1.5.2.
- Fixed a bug where session timeout could be bypassed by reconnecting
  (e.g., closing/opening laptop lid) (#599)
- occtl: show user command now includes a Session started at: field,
  indicating when the VPN session was established
- occtl: Fix column misalignment in ban command outputs
- occtl: Fix show ip bans may produce invalid JSON (#683)
- Handle dotted client hostnames (e.g., .local) by stripping the domain suffix
- Renamed `min-reauth-time` configuration option to `ban-time` to better reflect
  its purpose (#676). This option defines the duration (in seconds) for which
  an IP address is banned after exceeding the maximum allowed `max-ban-score`.
  Default is 300 seconds (5 minutes).
- Fixed ocserv-worker process title
- Fixed ignored udp-port in vhost (#612)


- Resolves: rhbz#2443556

Sun May 05 2024 Packit <hello@packit.dev> - 1.3.0-1

- Switch to https://github.com/nodejs/llhttp from http-parser.
  http-parser was a liability as an unmaintained project (#598)
- Bump the number of groups per account from 128 to 512 (#219)
- Allow connecting users to select an authgroup by appending the
  group name to the URL, as in https://vpn.example.com/groupname;
  this introduces the select-group-by-url config option (#597).
- Informational messages due to configuration loading are not printed
  during worker initialization.


- Resolves: rhbz#2279186

Wed Jan 24 2024 Packit <hello@packit.dev> - 1.2.4-1

- Get connection speed limits (traffic shaping) from RADIUS (#554)
- Fix logging to stderr: add missing newline.
- Fixed compatibility with AnyConnect clients on Linux (#544)
- Detect the new AnyConnect-compatible identifier of OpenConnect clients
- occtl: Print bit rates as kb/s.

Thu Sep 21 2023 Packit <hello@packit.dev> - 1.2.2-1

- Fix session and accounting data tracking of ocserv. This
  reverts fix for #444 (#541)
- No longer account ICMP and IGMP data for idle session detection

Wed Aug 23 2023 Packit <hello@packit.dev> - 1.2.1-1

- Accept the Clavister OneConnect VPN Android client (#485)
- No longer require to set device name per vhost (#480)
- Account the correct number of points when proxyproto is in use (#529)
- nuttcp tests were replaced with iperf3 that is available
  in more environments
- occtl: fix duplicate key in `occtl --json show users` output

Tue Aug 15 2023 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.2.0-2
```
- Restart service on upgrade
```
Tue Jul 11 2023 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.2.0-1
```
- Updated to 1.2.0
```
Thu Jun 22 2023 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.7-2
```
- Updated to 1.1.7
- Backported patch for expired certificates
```
Thu Feb 17 2022 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.6-1
```
- Updated to 1.1.6
```
Sat Nov 13 2021 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.4-1
```
- Update to upstream 1.1.4 release
```