1 strongswan-4.0.6 / R:2131
2 ===========================
5 readded tranport mode test using new status output
6 removed dublicated host2host-transport test
7 fixed reauthentication when using %any hosts
8 support for transport in create_child_sa
9 include TRANSPORT/TUNNEL information in statusall
10 load xauth module via dlopen()
11 define path to xauth module
12 added host2host-transport scenario
13 removed trailing lines
16 added XAUTH server and client support
17 load and unload XAUTH module
18 added xauth.h and xauth.c
19 added enable-cisco-quirks configure option
21 added config option for BEET mode
22 fixed reuathentication when connections other host is %any
23 fixed host conversion length check
24 negated POLICY_REAUTH to POLICY_DONT_REAUTH
25 negated POLICY_REAUTH to POLICY_DONT_REAUTH
26 enable XAUTH_VID by default
27 added support for transport mode and (experimental!) BEET mode
28 support for the type=transport/tunnel parameter in charon
29 fixed charset & cleanups
30 added XAUTH server and client support
31 additional parentheses for same_chunk() macro
32 renamed to appear in doxygen build
33 added a roadmap of the strongSwan project (TODO)
35 first try to update ipsec.conf manual
36 implemented reauthentication using the new reauth=yes|no parameter
37 fixed more uClibc issues
38 should compile against a uClibc > 0.9.28 (untested)
39 added XAUTH client states
41 fixed stddef.h include
42 fixed encoding rules string
44 fixed some byte-order issues
45 fixed HAVE_BACKTRACE checks
46 starter Makefile now uses proper $(COMPILE) to build pluto objects
47 made backtrace() calls optional to support uClibc
50 fixed bug in ifdef CISCO_QUIRKS
52 support of Cisco Unity VID
55 fixed case with wildcard peer ID and static peer address
56 added simple script to port trunk changes into branches
57 start kdevelop with project file from actual branch
62 strongswan-4.0.5 / R:1447
63 ===========================
66 improved selection of ipsec status|statusall <name>
67 fixed NEWS (runtime debug level options)
69 fixed very old bug in linked_list's remove_first and remove_last
70 proper "ipsec up" signal handling when initiating to %any
71 removed iterator hook for replace
72 fixed output of proto/port selectors
74 due to console logging, no need for final sleep anymore
75 adapted checks to changed ipsec status output
76 due to narrowing no need for rightsubnetwithin
77 no need to send certreq
78 fixed ipsec status|statusall <name>
79 log IKE SPIs on a separate line
80 redesigned formatting of ipsec status|statusall
82 version bumps of strongSwan, Linux kernel and Gentoo root file system
84 added dpd-hold scenario
87 solved 64 bit issue by changing long to int
88 solved 64 bit issue in push/pop stroke interface
90 some fixes for doxygen
91 better split up of library files "types.h" & "definitions.h"
92 centralized all printf specifier character definitions
93 reuse of arginfo handlers
95 fixed more AMD64 issues
96 added DEBUG_LEVEL compile flag to exclude DBGn() statements
97 added nodebug configure script without any debug messages and without -g
98 preparations to include certreqs in policy decisions
99 do not sent certreq payloads when the peer is known to use PSK
100 position of (myself) moved in log output
101 do not sent certreq payloads when using self-signed certs
102 moved (myself) in log output
103 moved typedefs to beginning of files to solve some include problems
104 splitted authenticator to have a separate implementation for each auth_method_t
105 using va_copy to clone va_lists, should fix proplems on AMD64
107 do not sanitize '*' character
108 fixed SIGSEGV when setup of an additional CHILD_SA fails
109 added IKEv2 clarifications RFC
110 changed debug level of certreq log output
111 cosmetics in debug output
112 support of certreq payload in IKE_AUTH messages
113 chunk_to_hex() function declaration deleted
114 added function certreq_payload_create_from_x509()
115 send a certreq as initiator if other_ca is set
116 added method get_ca_certificate()
117 added methods get_my_ca() and get_other_ca()
118 added methods get_my_ca() and get_other_ca()
119 added some missing 'AUD' entries
122 change due to change debug output
123 spaces should not be sanitized
124 fixed due to new logging concept
125 some improvements in signaling code
126 include only source NATD payloads really needed
128 improved signal handling and emitting
129 support of ModeCfg Push mode
130 support of mixed RSA/PSK static connections
131 support of ipsec statusall in state output
132 output of 'DPD active' in ISAKMP SAs
133 support of ipsec statusall in state output
136 added ModeCfg push policy and states
137 added ModeCfg push policy and states
138 fixed typo in debug statement
139 redesigned list output format
140 added 'modeconfig=pull|push' and 'left|rightnatip' keywords
143 added 'exit' statement in listcerts,.. case
144 fixed two bugs in the time_t and chunk_ct print functions
145 redesigned format of print function
146 replaced 'times' by 'dates'
147 added private flag to asn1_init
148 added private flag to asn1_ctx_t
149 removed DES-EDE3-CBC only comment
150 removed deprecated iterator methods (has_next & current)
151 added iterator hook to manipulate iterator the clean way
153 added list methods invoke(), destroy_offset(), destroy_function()
154 simplified list destruction when destroying its items
155 added verbosity level to stroke
156 upgrade to new Gentoo root file system and tcpdump command
159 renamed ikev1 scenario and added ikev2 scenario
161 Version bumps of UML kernel, Gentoo root file system and strongSwan release
162 code cleanups in printf handlers
163 added eap authentication draft for ikev2
164 updated stroke to allow run-time manipulation of debug levels
165 added charondebug config parameter to set debug level at startup
166 introduced new logging subsystem using bus:
167 passive listeners can register on the bus
168 active listeners wait for signals actively
169 multiplexing allows multiple listeners to receive debug signals
171 updated file filter for kdev project
172 include CREDITS file in distribution
173 moved various scripts in scripts/ dir
174 add configure script wrappers
175 removed txt files from doxygen
176 removed module tests, outdated. We need something more system-test like
177 added missing -DDEBUG compile option
178 fixed auxillary message data parsing for IPV6 socket
179 using SOL_* constants for socket level
180 fixed IPV6_PKTINFO setsockopt() to work with most kernel headers
181 replaced strerror(errno) with %m printf specifier
182 added stronger certs for moon, carol, and dave
183 added IPv6 hw and multicast addresses
184 adapted to new tcpdump ipv6 output
185 multi-level-ca scenarios use unencrypted private key
188 new gentoo root file system
189 fixed bug with openldap 2.3
190 removed ipsec.conf version information
191 carolKey.pem is now protected by 3DES passphrase
192 updated net runlevel scripts
193 updated net init scripts
194 new net configuration format
195 HW addresses must be predefined
199 found libraries are not appended to LIBS anymore
200 version bump to 4.0.5
201 fixed DPD to survive IKE_SA rekeying
202 introduced printf() specifiers for:
204 identification_t (%D)
206 memory pointer/length (%b)
207 added a signaling bus:
208 receives event and debug messages, sends them to its listeners
209 stream_logger, sys_logger, file_logger added, listen to bus
210 some other tweaks here and there
211 added often used RFCs and drafts
212 DES for private key encryption is not supported
213 updated NEWS and ChangeLog for 4.0.4 release
214 fixed retransmission policy for responder
215 fixed dpd for responder
216 added ID_ANY check to matches_binary()
217 replaced 'missing value' warning by zero length chunk_t value
218 defined maximum hash size
219 support of AES-192-CBC private key encryption
220 added hostaccess support
221 added hostaccess support
222 moved auth_method to policy
223 added hostaccess support
224 added hostaccess support
225 more consistent authentication logging
226 added hostaccess support
227 moved auth_method to policy
228 moved auth_method to policy
229 added hostaccess support; moved auth_method to policy
230 added hostaccess support
231 added hostaccess support
232 added new test scenarios
233 fixed some compiler warnings
236 strongswan-4.0.4 / R:1289
237 ===========================
239 fixed some compiler warnings
240 extended statusall output
241 added job/event-queue statistics
242 added allocation statistics when using LEAK_DETECTIVE
244 public declaration of all HASH_SIZEs in hasher.h
245 support of encrypted private key files
246 added copyright notice to sha2_hasher
247 included SHA2 in build process
248 implemented sha2_hasher which supports SHA-256, SHA-384 and SHA-512
249 added support for 3DES encryption algorithm in IKE
250 fixed the ids parsing bug
251 fixed the ids parsing bug
254 fixed proper handling of id parsing errors
255 proper return value when no PSK found
256 added HOST_ACCESS for firewall script as default
257 more debugging output for PSK authentication
258 some cleanups here and there
259 added auth_method field
260 added auth_method field
262 verify_emsa_pkcs1_signature returns status_t
265 enabled firewall support
266 proper error handling for socket creation
267 handle certificate parsing error more generous
268 fixed certificate verification bug!
269 fixed memleak when receiving invalid certificate
270 version bump to 4.0.4
271 version bump to 4.0.4
272 two new test scenarios
273 fixed path to images directory
274 implemented updown script to handle firewalling
275 add priority management for kernel policy
276 let ROUTED policies installed, until manuall removed
277 introduced new naming scheme to allow proper shutdown of IKE/CHILD_SAs
278 ike_sa_manager cleanups
279 implemented handling of dpdaction and dpddelay ipsec.conf parameters
280 reuse reqid when a ROUTED child_sa gets INSTALLED
281 fixed a bug in retransmission code
282 added support for the "keyingtries" ipsec.conf parameter
283 added support for the "dpddelay" ipsec.conf parameter
284 done some work for "dpdaction" behavior
285 some other cleanups and fixes
286 fixed a at-least-one-year-old bug which caused crashed in the scheduler
287 added raw socket filter for IPv6
288 implemented NAT detection for IPv6
289 removed unneeded constructor
290 initial support for IPv6 (more testing needed)
291 socket works (without v6 filter)
292 traffic selector handle IPv4/v4 cleanly
293 improvements in traffic selector code
294 kernel interface accepts v6 traffic selectors and hosts
295 host_t class has full IPv6 support
296 added stddef.h include for compilers which do not support the offsetof() directive
297 moved interface enumeration code to socket, where it belongs
298 query interfaces every time we need it to respect changes in network config
299 added address listing on startup and "ipsec statusall"
300 version bump of UML kernel to 2.6.17.11
301 fixed crash bug when doing "ipsec down" with an unknown connection
302 added name property in CHILD_SA, allows proper status output
303 fixed bug which prevented port float when nat is detected
305 'sha' and 'sha1' are now treated as synonyms
306 updated Changelog and other docs
309 strongswan-4.0.3 / R:1235
310 ===========================
312 fixed rekeying behavior when proposing an inacceptable DH group (INVALID_KE_PAYLOAD)
313 implement proper handling of most simultaneous IKE_SA rekeying cases
314 version bump to 4.0.3
315 implemented proper refcounting using atomic operations
316 implemented IKE_SA rekeying
317 uses ikelifetime, rekeymargin and rekeyfuzz config settings
318 no handling of simultaneus exchanges yet!
319 added possibility to route CHILD_SAs, without to set them up
320 support for auto=route parameter
321 support for ipsec route and ipsec unroute
322 initiating of CHILD and/or IKE_SAs based on kernel acquires
323 reuse an existing IKE_SA to set up additional CHILD_SAs
324 introduced refcounting on policy and connections
325 aren't stored in the IKE_SA anymore, they are queried on the fly
326 are immutable now, allows it to share them
327 policy selection based on traffic selectors, leads to valid lookup results
328 rekeying queries the policy based on its traffic selectors
329 cleanups in kernel interface code
330 added proper traffic selector to string conversion
331 some cleanups here & there
332 X.509 certificate trust path verification
334 fixed UDP decapsulation by adding inbound bypass policy for send socket
335 updated mixed tests to new charon output
337 reenabled module tests for charon
338 fixed bug which erroneously detected KE payload when rekeying
339 added IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2host tunnels when using NAT
340 improved logging on verify errors for some payloads
341 enforcing IKE_SA shutdown, even when transactions are outstanding
342 proper reject of CREATE_CHILD_SA message with KE payload
343 added test cases from NAT team
344 updated all IKEv2 tests to work with new status output
345 added tcpdumpcount function from NATT guys
346 added possibility to mount the strongswan tree into all UMLs
347 added script for installing from shared tree in all UMLs
348 added script to shut down all UMLs properly
349 removed in favour of tests from NAT team
350 fixed CREATE_CHILD_SA transaction dispatching
351 added CHILD_SA states, which allows us to detect further simultaneous transactions
352 reimplemented the buggy message id handling
353 updated some inline docs
354 fixed crypter/signer in/out to conform with standard
356 added message id logging
357 added all currently known notify payload types
358 added policy cache to kernel interface
359 allows refcounting of multiple installed policies
360 finally brings us stable simultaneous rekeying
361 leak detective blanks memory on free & alloc, allows further membug detection
363 identification_t.matches() supports multiple wildcard counts
364 identification_t.matches() supports multiple wildcard counts
365 further work done for simultaneous rekeying/delete
366 still some cases which cause trouble
367 fixed compiler warnings in parser when using -O2
368 reenabled check_expiry
369 updated copyright information
370 reimplemented CHILD_SA rekeying & delete
371 no simultanous transaction with CHILD_SAs yet!
372 removed NAT_TRAVERSAL and VIRTUAL_IP compile options
373 removed NAT_TRAVERSAL compile option
374 removed NAT_TRAVERSAL and VIRTUAL_IP compile options
377 added support for leftprotoport and rightprotoport
378 improved CHILD_SA output for "ipsec statusall"
379 updated whitelist (getprotobynumber)
380 redesigned IKE_SA using a transaction mechanism:
381 removed old state machine
382 reimplemented IKE_SA setup and delete
383 implemented dead peer detection
384 implemented keep-alives
387 fixed compiler warnings
388 made thread ids unsigned again, to avoid negative thread ids on some systems
389 fixed memleak when initiating a connection already up
390 updated leak detective whitelist
391 applied latest NATT patch with some fixes and cleanups
392 test currently without firewall
397 removed version information from ipsec.conf
398 log entries start with lowcercase character
399 restored lost IKEv2 packet suppression
400 added USE_LEAK_DETECTIVE option
401 fixed natd_hash memory leak
402 tests with subdirectory structure
404 introduced subdirectory structure
405 support of cert payloads
406 lowercase log entries
408 added support of updown parameter
409 generation of default key
411 added support of updown parameter
412 version bump to 4.0.2
413 added X.509 trust chain verification
414 version bump to 4.0.2
415 ESP packet size changed
416 fixed bad_proposal_syntax bug
417 updated ingorelist for stroke_keywords.c
418 applied new changes from NATT team
419 DPD only done when no IPsec and IKE traffic processed
420 minor changes here and there
421 some message code cleanups
422 fixed identification_t clone to apply function pointers
423 cleaner error handling on UDP encapsultion sockopt failure
424 added mysterious UDP encapsulation socket option to get encapsulation working
425 fixed BAD_PROPOSAL_SYNTAX vulnerability
426 first merge of NATT code
428 updated for 4.0.1 release
429 updated news for 4.0.1 release
430 fixed whitelist detection
433 strongswan-4.0.1 / R:1144
434 ===========================
436 fixed whitelist detection
437 reworked function ignore mechanism to not-report whitelist
438 rather than overriding functions
439 fixed execv call args to work when using strictcrl and syslog
440 fixed bug: usage of already freed mem
441 readded local_credential_store
442 added sendcert policy to connection
444 implemented rereadcrls rereadcacerts
445 implemented rereadcrls rereadcacerts
446 implemented rereadcrls rereadcacerts
447 removed local_credential_store
448 fixed SPI when acting as initiator of rekeying
449 fixed SPI when rekeying and deleting CHILD_SAs
450 change key derivation order to fullfill RFC
453 added chunk_equals_or_null()
455 changed tabs from 8 to 4 spaces
459 fixed compilation error
461 fixed aes code, we support now aes128, aes192, aes256 in IKE
462 added support for "ike" and "esp" keywords
463 fixed bugs in proposal code
464 algorithm selection for charon works now with ipsec.conf
466 implemented clean spi allocation behavior when using multiple proposals
467 fixed logleve(l) keyword typo
468 handling of "rekey=no" parameter added
469 changed default algorithms to:
470 ike: aes128-sha-modp2048
471 esp: aes128-sha1, 3des-md5
472 added default CRL directory path
473 added strictcrlpolicy command line argument
476 added rekeying parameters
477 corrected some descriptions
478 moved RSA key size constraints to definitions.h
480 debug and logging improvements
481 support for stroke listcerts|listcacerts|listcrls|listall
482 support for stroke listcerts|listcacerts|listall and left|rightca=
483 gperf creates optimum hash table for stroke keywords
484 using same reqid if a child sa rekeys an existing one
485 NULL string argument is treated as %any
486 add_certificate() now returns pointer to added cert
488 single tests now start up faster
489 workaround for peers rekeying at the same time
490 loading lifetime policies from ipsec.conf
491 old child_sa gets deleted after rekeying
492 rekeying almost complete, but:
493 IKE_SA get in an invalid state when both initiate rekeying at the same time,
495 improved kernel interface logging
496 fixed clone/destroy behavior when not using CAs
497 specifying keysize in bits, as it is required in IKEv2
498 added generic kernel SA algorithm handling, which brings us:
499 aes-128, aes-256, blowfish, des, 3des and null encryption for CHILD_SAs
500 added support for leftsendcert= and left|rightca= parameters
501 discard cert if CA basic constraints flag is not set and warn if cert is not valide
502 added public methods is_ca() and is_valid()
503 changed ASN.1 CONTROL log output to LEVEL2
505 removed unused Makefile
506 stroke.h requires libstrongswan/types.h
507 fixed compile warnings when using -Wall
508 further CHILD_SA rekeying work done:
509 creation of a new CHILD_SA on a expire from a kernel works
510 delete of old CHILD_SA still missing
511 some issues when both initiate rekeing
512 updated INSTALL to conform with autotools
513 added a short HACKING introduction
514 further work for rekeying:
515 get liftimes from policy
517 initiation of rekeying done
519 removed support for AH+ESP proposals
520 proper leak detective hook for realloc
521 excluded pthread_setspecific from leak detective
524 ipv6-host2host scenario added
525 created IPv6 environment
527 moved job code from thread_pool to job, jobs have an "execute" method now
528 added two new jobs: delete_child_sa & rekey_child_sa
530 listens now for ACQUIRE & EXPIRE
531 supports hard and soft lifetimes
532 fires jobs for delete and rekey child sa
534 can checkout IKE SAs by requid of owned CHILD SAs
535 we have now the infrastructure to do the rekeying... :-)
536 fixed some memleaks/freebugs
537 leak detective works almost usable now (?!)
538 added host2host test for ikev2
539 fixed host-host tunnel traffic selection, host-host works now
540 bug fixed circumventing an assertion in delete_connection when ikev1 is not set
541 minimized prefixed on stroke logger output
542 charon outputs strongSwan version
543 tests with subjectAltNames now
544 fixed event queue for events >36min
545 included charons module tests to build & dist
546 full support of ikev1 and ikev2 connection flags
547 cosmetics in log_status output
549 added testing files to dist
550 required the use of the "ustar" format to support
551 filenames longer than 99 chars
552 lookup of private key based on keyid of public key
553 new functions to add certificates and retrieve private and public keys
556 computation of SHA-1 hash over publicKeyInfo object
557 moved abbreviated thread_id in front of brackets
558 added has_key parameter to log_certificates()
559 log_certificates() now shows keyid and availability of matching private key
560 indented loaded file log entry
561 moved TIMETOA_BUF definition to types.h
562 moved TIMETOA_BUF definition from asn1.h
563 define default CA_CERTIFICATE_DIR
564 load all ca certificates
565 fixed daemon destruction order to prevent
566 crashes on termination
567 fixed memleak when deleting a connection
569 policies contain a connections name now
570 used for initiate and delete
571 connections won't get initiated twice anymore
572 deleting of connections is now possible, which allows us to use
573 ipsec update and ipsec reload
574 changed iterator->remove behavior
575 ipsec up|down|route|delete require a connection name
576 stroke now uses constant size string buffer
577 changed to standard connection log output
578 reworked parsing and matching of subjectAltNames
580 moved timetoa() from asn1.c to types.c
582 some logging improvements and cosmetics
583 handle IKE_SA setup without a piggy-packed CHILD_SA
585 initiate IKE_SA deletion befor manager destruction
586 improved code of chunk_equals
587 added streq() macro and defined default BUF_LEN
589 build gets perl and gperf from configure now
590 moved built sources to maintainer-clean
591 show connection templates in status & statusall
592 don't complain on termination of IKEv1 connections
593 updated ipsec.conf manual to reflect actual state of
594 keyexchange-parameter
595 using hubs instead of switches, which allows us
596 to sniff the traffic from the host system.
597 changed config load strategy:
598 starter loads both connections in charon & pluto,
599 charon ignores anything with keyexchange!=ikev2.
600 pluto needs the same behavior.
601 changed build order to fix build error after distclean
602 load_end_certificate() now loads certificates
604 moved definition of generalNames_t to identification.h; initialized subjectKeyID, authKeyID and authKeySerialNumber
605 moved definition of generalNames_t to identification.h
606 corrrected description
607 reimplemented proper IKE SA deletion using a seperate state,
608 should conform now to IKEv2
609 fixed build when using --enable-leak-detective
610 added removed files to svn:ignore
611 fixed bug in pluto/Makefile.am
612 removed perl-generated oid.c/h from svn,
613 added them to "dist" and "distclean"
614 removed lex, yacc and gperf output from svn,
615 added them to "dist" and "distclean"
616 storing release revision in svn property "release-revision", because I forget it all the times
617 fixed ignorelist, should work now
618 added ingorelist for builded files
619 re-added doxygen apidoc, buildable with "make apidoc"
620 added missing ipsec.conf.5 to distribution :-/
622 added missing ipsec.conf ipsec.conf.5
623 existing ipsec.conf won't get overwritten anymore
624 fixed typo in Makefile which corrupted the build
625 applied patch from the NAT-T team fixing several typos
626 applied patch from andreas, which allows certificate listing via stroke
627 added ipsec.conf template and man page back
628 removed old Makefiles
629 added new strongswan KDevelop project & startup hack
630 fixed Revision in changelog fo 4.0.0
632 simple script for ChangeLog update via "svn log"
633 fixed compliation error using --enable-smartcard
634 added test for ikev1-ikev2 mixed mode
635 added test ikev2 roadwarrior scenario
636 applied andreas's patch
637 logger output improvements
640 updated testsuite to autotools
641 added random source ./configure options
642 fixed default-pkcs11 option
644 fixed errors when --enable-pkcs11
647 first working version
648 make dist should work
653 started to rebuild source layout
654 fixed stroke error output to starter
655 using random SPIs now, but without collision checks
656 applied some -W's from strongswan
659 applied patch from andreas
660 added charonstart option to config
661 new ikev2 tests for UML
663 strongSwan-4.0.0 / R:967
664 ==========================
667 applied patch from andreas
668 added charonstart option to config
669 new ikev2 tests for UML
670 applied patch from andreas
674 some other additions here and there
675 connection termination is handled cleanly by name now
676 fixed bad bug, certs load now cleanly again
677 fixed make install (subdir order)
680 finished initial import of strongswan file tree
681 removed a lot of old and unused stuff
682 moved RFCs from ikev2 into doc dir
683 added missing files for starter
684 applied patch for charon (this time really)
685 import of strongswan-2.7.0
686 applied patch for charon
687 renamed get_block_size of hasher
688 reworked usage of IDs in various states
689 using ID_ANY for any, not NULL as before
690 initiator sends IDr payload in IKE_AUTH when ID unique
692 using status & statusall
694 add connection names to connections
695 stroke status / ipsec status shows them
696 added statusall for stroke
697 added status by connection name
698 some tests repaired, more to come
700 improved "stroke status" output
701 setup PID file after daemon initilization, to correctly inform
702 starter about daemon startup
703 added separate implementation for connection_store, credential_store, policy_store
704 added folder structure to config
705 credentials are fetched solely on IDs now
706 identification_t supports now almost all id types
707 x509 certificates work with identification_t now
708 fixes here, fixes there
710 seperates now in lib and charon
711 library initialization done at a central point (library.c)
712 some leak_detective fixes
714 fixed log-to-syslog behavior
715 added patch against strongswan-2.6.4
716 x509 certificate loading with pluto asn1 code
717 x509 needs a lot more attention!
719 using asn1 pluto stuff now
720 removed, since we use pluto asn1 stuff
721 leak detective is usable, but does not show static function names
722 a script which gets address via ldd and resolves address via addr2line would be nice
723 fixed a leak in child_sa with new detective ;-)
724 some improvements to new asn1 stuff
726 fixed bad bugs in kernel interface
727 added some logging info
728 works now much more stable
729 startet importing pluto ASN1 stuff
730 der PKCS#1 key loading works (as it did with der_decoder)
731 split up in libstrong, charon, stroke, testing done
732 new leak detective with malloc hook in library
733 useable, but needs improvements
734 logger_manager has now a single instance per library
735 allows use of loggers from any linking prog
736 a LOT of other things
738 added misssing stroke.h
743 rewrote a lot of RSA stuff
744 done major work for ASN1/decoder
745 allow loading of ASN1 der encoded private keys, public keys and certificates
746 extracting public key from certificates
747 passing certificates from stroke to charon
748 => basic authentication with RSA certificates works!
749 starter work on asn1 with der de/encoder
750 RSA private and public key can load read key from ASN1 DER
751 some other fixes here and there
752 rewrite of logger_manager, uses now one instance per context
753 cleanups for logger here and there
754 removed critical flag check in payload verification (conformance to IKEv2)
755 so thats and theres everywere... ;-)
756 patch for strongswan-2.6.3
757 added charon support for strongswan build process
758 ipsec starter supports charon startup and control
759 removed old diploma thesis scripts
761 compatibility to strongswan, Makefile can be called by "make programs"
762 and "make install" (ikev2 patch must be applied to strongswan)
763 first version of stroke control utility
764 moved output to doc/api, since doc is used for other docs now
765 some first documentation in english
766 removed old eclipse project files
767 works quite well now with ipsec.conf & ipsec starter
768 belongs to previous commit ;-)
769 reworked configuration framework completly
770 configuration is now split up in: connections, policies, credentials and daemon config
771 further alloc/free fixes needed!
772 first attempt for connection loading and starting via "stroke"
773 some improvements here and there
774 configuration_manager replaced by configuration_t interface
775 current configuration_manager is now static_configuration (testing)
776 first draft of starter_configuration, which should once interact with ipsec starter (via whack?)
778 socket_t uses RAW socket, which allows parallel service of pluto/charon
779 comments and cleanups
780 working policy installation and removal
781 fixed policy setup bug
782 proposal setup implementation begun
783 fixed socket code, so we know on which address we receive traffic
784 AH/ESP setup in kernel is working now!!! :-)))
785 installing of child sa works
786 need correct IP adresses to actually use IPsec
787 new RFCs of IKEv2, IKEv2 algs and IPSec arch added
788 update of IKEv2 clarification document
789 refactored ike proposal
790 uses now proposal_t, wich is also used by child proposals
791 ike key derivation refactored
792 crypter_t api has get_key_size now
793 some other improvements here and there
794 config uses uml hosts alice and bob
795 key derivation for child_sa works
796 some fixes here and there
798 works with new proposal code
799 still some(!) memleaks
800 fixed alot of bugs in child_proposal
801 near to working state ;-)
802 dead end implementation
804 ... there is a lot more of it, but nothing of interest