net/ocserv: update 1.0.1 -> 1.1.1
- Fixed compatibility with OpenBSD that lacks procfs
- Improved rate-limit-ms and made it dependent on secmod backlog. This makes the server more resilient (and prevents connection failures) on multiple concurrent connections
- Added namespace support for listen address by introducing the listen-netns option
- Disable TLS1.3 when cisco client compatibility is enabled. New anyconnect clients seem to supporting TLS1.3 but are unable to handle a client with an RSA key
- Enable a race free user disconnection via occtl
- Added the config option of a pre-login-banner
- Ocserv siwtched to using multiple ocserv-sm processes to improve scale, with the number of ocserv-sm process dependent on maximum clients and number of CPUs. Configuration option sec-mod-scale can be used to override the heuristics.
- Fixed issue with group selection on radius servers sending multiple group class attribute.
PR: 250225
Submitted by: Juraj Lutter <juraj@lutter.sk>
Relnotes: https://gitlab.com/openconnect/ocserv/-/releases/1.1.1