No IPv6

The default configuration breaks if you don't have IPv6 because it fails to set the IPv6 forwarder as bad. This fixes that.

No Nagel

Disable Nagel's algorithm and use OpenSSL's "DEFAULT" ciphers.

ARM64 release

Add an ARM64 build

GitHub Release

Move releases to GitHub Actions

Handshake pinning

Perform host name verification and certificate pinning at TLS handshake. Also add an option to disable certificate verification (which shouldn't be used).

Update cloudflare pin

The Cloudflare certificate has changed again.

Interface fixes

Add some extra logging and fixes for when binding to specific addresses.

Response Address

If bound to multiple addresses, the response may come from a different address to the one it was sent to. This has been fixed now.

Vyatta configuration

Support for VyOS configuration file loading.

Listening server can now be configured at custom-attribute/dote-serverN/value where N is a is a number starting from 0 increasing for multiple values.

Forwarding server can be configured at custom-attribute/dote-forwarderN/value where N is a number starting from 0 increasing for multiple values. The certificate pin may optionally be configured at custom-attribute/dote-forwarderN-pin and similarly the hostname pin can be configured at custom-attribute/dote-forwarderN-hostname.

If the dote-server value is changed, a manual re-start of the process is required as privileges will not allow it to listen to any new ports.

If the dote-forwarder is changed the new values will take effect immediately.

Command line arguments are added to the arguments configured.

First production release

Fix a reference leak for sessions and disable compression to reduce memory footprint.