strongswan.git
10 years agoPorted AKA functions to 3gpp2 plugin
Martin Willi [Thu, 8 Oct 2009 11:01:49 +0000 (13:01 +0200)]
Ported AKA functions to 3gpp2 plugin

10 years agoAdded a stub for the EAP-AKA backend implementing the 3GPP2 functions in software
Martin Willi [Thu, 8 Oct 2009 08:29:43 +0000 (10:29 +0200)]
Added a stub for the EAP-AKA backend implementing the 3GPP2 functions in software

10 years agoImplemented a manager for USIM cards/providers very similar to the SIM manager
Martin Willi [Thu, 8 Oct 2009 07:08:46 +0000 (09:08 +0200)]
Implemented a manager for USIM cards/providers very similar to the SIM manager

10 years agocorrected caption
Andreas Steffen [Thu, 8 Oct 2009 22:16:33 +0000 (00:16 +0200)]
corrected caption

10 years agocreated identification_create_from_sockaddr() function
Andreas Steffen [Thu, 8 Oct 2009 22:13:02 +0000 (00:13 +0200)]
created identification_create_from_sockaddr() function

10 years agoAdded medsrv.fcgi to gitignore
Martin Willi [Thu, 8 Oct 2009 11:10:02 +0000 (13:10 +0200)]
Added medsrv.fcgi to gitignore

10 years agomedsrv.fcgi is not part of the git tree
Andreas Steffen [Thu, 8 Oct 2009 11:05:27 +0000 (13:05 +0200)]
medsrv.fcgi is not part of the git tree

10 years agohex_str() isn't used externally any more
Andreas Steffen [Thu, 8 Oct 2009 11:04:07 +0000 (13:04 +0200)]
hex_str() isn't used externally any more

10 years agoparsing of generalNames is not needed any more
Andreas Steffen [Thu, 8 Oct 2009 10:42:29 +0000 (12:42 +0200)]
parsing of generalNames is not needed any more

10 years agouse of asn1_build_known_oid()
Andreas Steffen [Thu, 8 Oct 2009 10:35:36 +0000 (12:35 +0200)]
use of asn1_build_known_oid()

10 years agomigrated public key IDs to identification_t
Andreas Steffen [Thu, 8 Oct 2009 09:25:33 +0000 (11:25 +0200)]
migrated public key IDs to identification_t

10 years agoReenabled acq_expires SA timer using rekey timeout
Martin Willi [Wed, 7 Oct 2009 09:40:36 +0000 (11:40 +0200)]
Reenabled acq_expires SA timer using rekey timeout

While not using a SA expiration for allocating SPIs works fine,
the situation is much more problematic for kernel-created temporary
SAs from acquires. If the negotiation of such a CHILD_SA fails,
the created temporary SA can not be deleted.

10 years agoCatch CHILD_SA state changes during acquire
Martin Willi [Wed, 7 Oct 2009 08:14:18 +0000 (10:14 +0200)]
Catch CHILD_SA state changes during acquire

If an acquire fails due to a TS_UNACCEPTABLE or other CHILD_SA only errors,
we have to reset the pending state in the trap manager.

10 years agolist subjectAltNames
Andreas Steffen [Tue, 6 Oct 2009 21:50:26 +0000 (23:50 +0200)]
list subjectAltNames

10 years agosome ipsec listall finetuning
Andreas Steffen [Tue, 6 Oct 2009 21:19:46 +0000 (23:19 +0200)]
some ipsec listall finetuning

10 years agopluto and charon now have the same ipsec listall output format
Andreas Steffen [Tue, 6 Oct 2009 14:49:46 +0000 (16:49 +0200)]
pluto and charon now have the same ipsec listall output format

10 years agothe ikev1 scenarios need the x509 plugin
Andreas Steffen [Tue, 6 Oct 2009 12:38:34 +0000 (14:38 +0200)]
the ikev1 scenarios need the x509 plugin

10 years agostreamlined output from get_validity()
Andreas Steffen [Tue, 6 Oct 2009 12:22:27 +0000 (14:22 +0200)]
streamlined output from get_validity()

10 years agofixed serial number conversion from hex
Andreas Steffen [Mon, 5 Oct 2009 21:52:35 +0000 (23:52 +0200)]
fixed serial number conversion from hex

10 years agodelete group attributes after use
Andreas Steffen [Mon, 5 Oct 2009 21:17:36 +0000 (23:17 +0200)]
delete group attributes after use

10 years agostroke_list outputs group attributes
Andreas Steffen [Mon, 5 Oct 2009 21:13:51 +0000 (23:13 +0200)]
stroke_list outputs group attributes

10 years agoipsec pki --issue suports --flag authServer option
Andreas Steffen [Mon, 5 Oct 2009 20:44:01 +0000 (22:44 +0200)]
ipsec pki --issue suports --flag authServer option

10 years agoipsec pki --issue supports --flag ocspSigning option
Andreas Steffen [Mon, 5 Oct 2009 19:20:42 +0000 (21:20 +0200)]
ipsec pki --issue supports --flag ocspSigning option

10 years agoCleaned up EAP-AKA en/decoding, eliminated unaligned half-word reads
Martin Willi [Mon, 5 Oct 2009 12:06:32 +0000 (14:06 +0200)]
Cleaned up EAP-AKA en/decoding, eliminated unaligned half-word reads

10 years agoCleaned up EAP-SIM en/decoding, eliminated unaligned half-word reads
Martin Willi [Mon, 5 Oct 2009 11:32:41 +0000 (13:32 +0200)]
Cleaned up EAP-SIM en/decoding, eliminated unaligned half-word reads

10 years agoDistinguish invalid free()s between corrupted magic and invalid pointer
Martin Willi [Mon, 5 Oct 2009 08:49:10 +0000 (10:49 +0200)]
Distinguish invalid free()s between corrupted magic and invalid pointer

10 years agopluto now uses x509 plugin for attribute certificate handling
Andreas Steffen [Mon, 5 Oct 2009 05:24:28 +0000 (07:24 +0200)]
pluto now uses x509 plugin for attribute certificate handling

10 years agofixed output of authKeyID
Andreas Steffen [Fri, 2 Oct 2009 19:20:45 +0000 (21:20 +0200)]
fixed output of authKeyID

10 years agomark embedded parsing in debug mode
Andreas Steffen [Fri, 2 Oct 2009 18:54:15 +0000 (20:54 +0200)]
mark embedded parsing in debug mode

10 years agoadded some notBefore/notAfter debugging info
Andreas Steffen [Fri, 2 Oct 2009 18:14:09 +0000 (20:14 +0200)]
added some notBefore/notAfter debugging info

10 years agoverify correctness of X.509 versions
Andreas Steffen [Fri, 2 Oct 2009 15:49:51 +0000 (17:49 +0200)]
verify correctness of X.509 versions

10 years agoadded all missing RFC 5280 OIDs
Andreas Steffen [Fri, 2 Oct 2009 12:10:27 +0000 (14:10 +0200)]
added all missing RFC 5280 OIDs

10 years agocreated ikev1/mode-config-multiple scenario
Andreas Steffen [Thu, 1 Oct 2009 07:42:35 +0000 (09:42 +0200)]
created ikev1/mode-config-multiple scenario

10 years agofixes multiple IPsec SAs with IKEv1 Mode Config
Andreas Steffen [Thu, 1 Oct 2009 07:41:35 +0000 (09:41 +0200)]
fixes multiple IPsec SAs with IKEv1 Mode Config

10 years agogenerate known OIDs dynamically
Andreas Steffen [Wed, 30 Sep 2009 09:49:32 +0000 (11:49 +0200)]
generate known OIDs dynamically

10 years agopluto's crl handling now uses the x509 plugin
Andreas Steffen [Wed, 30 Sep 2009 07:29:15 +0000 (09:29 +0200)]
pluto's crl handling now uses the x509 plugin

10 years agoscepclient uses pkcs10 from libstrongswan
Andreas Steffen [Mon, 28 Sep 2009 03:52:20 +0000 (05:52 +0200)]
scepclient uses pkcs10 from libstrongswan

10 years agoabbreviated struct connection by connection_t
Andreas Steffen [Sun, 27 Sep 2009 21:49:37 +0000 (23:49 +0200)]
abbreviated struct connection by connection_t

10 years agopluto and scepclient now use the x509 plugin for certificates
Andreas Steffen [Sun, 27 Sep 2009 21:09:30 +0000 (23:09 +0200)]
pluto and scepclient now use the x509 plugin for certificates

10 years agowhitelist Curl_client_write
Andreas Steffen [Sun, 27 Sep 2009 21:07:21 +0000 (23:07 +0200)]
whitelist Curl_client_write

10 years agoadded get_subjectKeyIdentifier() to x509_t
Andreas Steffen [Sat, 26 Sep 2009 20:10:36 +0000 (22:10 +0200)]
added get_subjectKeyIdentifier() to x509_t

10 years agoDo not increase the invalid-KE/Cookie retry counter for additional keyingtry attempts
Martin Willi [Thu, 24 Sep 2009 12:15:20 +0000 (14:15 +0200)]
Do not increase the invalid-KE/Cookie retry counter for additional keyingtry attempts

10 years agoDo not create a replacement IKE_SA if we have CHILD_SAs to route only
Martin Willi [Thu, 24 Sep 2009 12:14:30 +0000 (14:14 +0200)]
Do not create a replacement IKE_SA if we have CHILD_SAs to route only

10 years agoUsing the correct type for ME_ENDPOINT payloads in connectivity checks.
Tobias Brunner [Thu, 24 Sep 2009 09:28:43 +0000 (11:28 +0200)]
Using the correct type for ME_ENDPOINT payloads in connectivity checks.

10 years agoRight-align short options in pki usage
Martin Willi [Thu, 24 Sep 2009 09:28:31 +0000 (11:28 +0200)]
Right-align short options in pki usage

10 years agocertificate subject DNs are in double quotes
Andreas Steffen [Wed, 23 Sep 2009 20:03:52 +0000 (22:03 +0200)]
certificate subject DNs are in double quotes

10 years agostreamlining of credential loading debug output
Andreas Steffen [Wed, 23 Sep 2009 19:55:48 +0000 (21:55 +0200)]
streamlining of credential loading debug output

10 years agoadded fix of PKCS#7 wrapped certificates to NEWS
Andreas Steffen [Wed, 23 Sep 2009 19:50:56 +0000 (21:50 +0200)]
added fix of PKCS#7 wrapped certificates to NEWS

10 years agoadded and fixed debug output of version information
Andreas Steffen [Wed, 23 Sep 2009 14:21:18 +0000 (16:21 +0200)]
added and fixed debug output of version information

10 years agofixed PKCS#7 wrapped certificate parsing
Andreas Steffen [Wed, 23 Sep 2009 13:51:40 +0000 (15:51 +0200)]
fixed PKCS#7 wrapped certificate parsing

10 years agoUse mysql_config to query MySQL LIBS and CFLAGS
Martin Willi [Wed, 23 Sep 2009 10:45:03 +0000 (12:45 +0200)]
Use mysql_config to query MySQL LIBS and CFLAGS

10 years agoFixed a crash in source address lookup
Martin Willi [Wed, 23 Sep 2009 09:18:30 +0000 (11:18 +0200)]
Fixed a crash in source address lookup

10 years agoDefine ME for all charon plugins
Martin Willi [Wed, 23 Sep 2009 09:13:27 +0000 (11:13 +0200)]
Define ME for all charon plugins

10 years agoCorrectly handle --enable-mediation option
Martin Willi [Wed, 23 Sep 2009 08:49:38 +0000 (10:49 +0200)]
Correctly handle --enable-mediation option

10 years agoenforce coding rules
Andreas Steffen [Tue, 22 Sep 2009 19:50:28 +0000 (21:50 +0200)]
enforce coding rules

10 years agoenforce coding rules
Andreas Steffen [Tue, 22 Sep 2009 18:54:10 +0000 (20:54 +0200)]
enforce coding rules

10 years agoset XFRM_STATE_AF_UNSPEC flag
Andreas Steffen [Tue, 22 Sep 2009 18:00:49 +0000 (20:00 +0200)]
set XFRM_STATE_AF_UNSPEC flag

10 years agoEmit a ALERT_SHUTDOWN_SIGNAL before shutting down the daemon
Martin Willi [Tue, 22 Sep 2009 14:59:25 +0000 (16:59 +0200)]
Emit a ALERT_SHUTDOWN_SIGNAL before shutting down the daemon

10 years agoadding additional flags to loaded X.509 certificates
Andreas Steffen [Tue, 22 Sep 2009 10:55:25 +0000 (12:55 +0200)]
adding additional flags to loaded X.509 certificates

10 years agoreadying NEWS for the strongswan-4.3.5dr2 release
Andreas Steffen [Tue, 22 Sep 2009 10:44:58 +0000 (12:44 +0200)]
readying NEWS for the strongswan-4.3.5dr2 release

10 years agoshortened file loading debug output
Andreas Steffen [Tue, 22 Sep 2009 10:33:13 +0000 (12:33 +0200)]
shortened file loading debug output

10 years agocomputed hash-and-url for new certificates
Andreas Steffen [Tue, 22 Sep 2009 10:05:37 +0000 (12:05 +0200)]
computed hash-and-url for new certificates

10 years agoFixed encoding of hash-and-url cert payload
Martin Willi [Tue, 22 Sep 2009 08:07:04 +0000 (10:07 +0200)]
Fixed encoding of hash-and-url cert payload

10 years agoDo not assign SIM version to a volatile buffer on stack
Martin Willi [Tue, 22 Sep 2009 07:11:35 +0000 (09:11 +0200)]
Do not assign SIM version to a volatile buffer on stack

10 years agoCA certificates are looked up using the subjectPublicKeyInfo keyid
Martin Willi [Mon, 21 Sep 2009 16:13:25 +0000 (18:13 +0200)]
CA certificates are looked up using the subjectPublicKeyInfo keyid

10 years agoCredential backends use has_fingerprint() methods to select keys/certificates
Martin Willi [Mon, 21 Sep 2009 15:03:00 +0000 (17:03 +0200)]
Credential backends use has_fingerprint() methods to select keys/certificates

10 years agoPublic/Private keys implement a has_fingerprint() method
Martin Willi [Mon, 21 Sep 2009 14:47:25 +0000 (16:47 +0200)]
Public/Private keys implement a has_fingerprint() method

10 years agoCorrectly serve certificates if CERT_ANY requested
Martin Willi [Mon, 21 Sep 2009 13:34:29 +0000 (15:34 +0200)]
Correctly serve certificates if CERT_ANY requested

10 years agoEnforce a local address of the same family as remote address
Martin Willi [Mon, 21 Sep 2009 13:19:39 +0000 (15:19 +0200)]
Enforce a local address of the same family as remote address

10 years agoReturn certificates of requested kind only
Martin Willi [Mon, 21 Sep 2009 12:43:57 +0000 (14:43 +0200)]
Return certificates of requested kind only

10 years agoplugin has been renamed to resolve
Andreas Steffen [Sun, 20 Sep 2009 20:03:23 +0000 (22:03 +0200)]
plugin has been renamed to resolve

10 years agodelete resolv_conf_* files
Andreas Steffen [Sun, 20 Sep 2009 19:59:36 +0000 (21:59 +0200)]
delete resolv_conf_* files

10 years agoall arguments must be read
Andreas Steffen [Sun, 20 Sep 2009 19:56:22 +0000 (21:56 +0200)]
all arguments must be read

10 years agoresolv_conf plugin renamed to resolve
Andreas Steffen [Sun, 20 Sep 2009 17:06:58 +0000 (19:06 +0200)]
resolv_conf plugin renamed to resolve

10 years agoadapt evaltest.dat to changed debug output
Andreas Steffen [Sun, 20 Sep 2009 15:23:24 +0000 (17:23 +0200)]
adapt evaltest.dat to changed debug output

10 years agorenewed certs in dynamic-initiator/dynamic-responder scenarios
Andreas Steffen [Sat, 19 Sep 2009 06:18:42 +0000 (08:18 +0200)]
renewed certs in dynamic-initiator/dynamic-responder scenarios

10 years agouse new certificates
Andreas Steffen [Fri, 18 Sep 2009 22:26:55 +0000 (00:26 +0200)]
use new certificates

10 years agoeliminated double library_deinit()
Andreas Steffen [Fri, 18 Sep 2009 22:00:56 +0000 (00:00 +0200)]
eliminated double library_deinit()

10 years agokeyids of renewed keys
Andreas Steffen [Fri, 18 Sep 2009 19:44:57 +0000 (21:44 +0200)]
keyids of renewed keys

10 years agoupdated to renewed certs in SQL database
Andreas Steffen [Fri, 18 Sep 2009 19:22:37 +0000 (21:22 +0200)]
updated to renewed certs in SQL database

10 years agorenewal of end entity certificates
Andreas Steffen [Fri, 18 Sep 2009 19:17:03 +0000 (21:17 +0200)]
renewal of end entity certificates

10 years agofixed --enable-eap-md5 and --enable-eap-gtc options
Andreas Steffen [Fri, 18 Sep 2009 16:23:26 +0000 (18:23 +0200)]
fixed --enable-eap-md5 and --enable-eap-gtc options

10 years agobackwards compatibility with SQL format
Andreas Steffen [Fri, 18 Sep 2009 05:22:07 +0000 (07:22 +0200)]
backwards compatibility with SQL format

10 years agoUse helper functions to handle (non-)skippable attributes
Martin Willi [Fri, 18 Sep 2009 13:08:43 +0000 (15:08 +0200)]
Use helper functions to handle (non-)skippable attributes

10 years agoClients can handle AKA-Identity requests by sending the full identity
Martin Willi [Fri, 18 Sep 2009 12:51:35 +0000 (14:51 +0200)]
Clients can handle AKA-Identity requests by sending the full identity

10 years agonm uses the distributions trusted root CAs if none is explicitly specified
Martin Willi [Fri, 18 Sep 2009 12:29:50 +0000 (14:29 +0200)]
nm uses the distributions trusted root CAs if none is explicitly specified

10 years agosome reformulations
Andreas Steffen [Thu, 17 Sep 2009 20:20:35 +0000 (22:20 +0200)]
some reformulations

10 years agoget_private() in listcacerts requires a valid auth cfg
Martin Willi [Thu, 17 Sep 2009 10:47:03 +0000 (12:47 +0200)]
get_private() in listcacerts requires a valid auth cfg

10 years agoFixed nexthop lookup, used by source route installation
Martin Willi [Wed, 16 Sep 2009 11:55:32 +0000 (13:55 +0200)]
Fixed nexthop lookup, used by source route installation

10 years agoUse continue to advance to next iteration
Martin Willi [Wed, 16 Sep 2009 11:32:47 +0000 (13:32 +0200)]
Use continue to advance to next iteration

10 years agoComplain about missing %defaultroute support only if one is actually used
Martin Willi [Wed, 16 Sep 2009 11:27:49 +0000 (13:27 +0200)]
Complain about missing %defaultroute support only if one is actually used

10 years agoUse the default debug hook if possible
Martin Willi [Wed, 16 Sep 2009 11:16:00 +0000 (13:16 +0200)]
Use the default debug hook if possible

10 years agoDefault logger implementation can be modified by dbg_default_set_level/stream
Martin Willi [Wed, 16 Sep 2009 11:06:16 +0000 (13:06 +0200)]
Default logger implementation can be modified by dbg_default_set_level/stream

10 years agoRemoved obsolete per-command debug level option
Martin Willi [Wed, 16 Sep 2009 10:52:56 +0000 (12:52 +0200)]
Removed obsolete per-command debug level option

10 years agoFixed loading of DER encoded certificate files
Martin Willi [Wed, 16 Sep 2009 09:24:35 +0000 (11:24 +0200)]
Fixed loading of DER encoded certificate files

10 years agocorrected usage
Andreas Steffen [Tue, 15 Sep 2009 20:43:22 +0000 (22:43 +0200)]
corrected usage

10 years agopki --req generates a PKCS#10 certificate request
Andreas Steffen [Tue, 15 Sep 2009 20:33:32 +0000 (22:33 +0200)]
pki --req generates a PKCS#10 certificate request

10 years agoimplemented ASN.1 encoding of PKCS#10 attributes
Andreas Steffen [Tue, 15 Sep 2009 19:55:44 +0000 (21:55 +0200)]
implemented ASN.1 encoding of PKCS#10 attributes

10 years agofixed typo
Andreas Steffen [Tue, 15 Sep 2009 14:48:13 +0000 (16:48 +0200)]
fixed typo

10 years agoDisable rtnetlink defaultroute lookup if pluto is disabled
Martin Willi [Tue, 15 Sep 2009 11:13:45 +0000 (13:13 +0200)]
Disable rtnetlink defaultroute lookup if pluto is disabled

As we do not support Pluto on BSD/Mac, exclude the Linux specific
rtnetlink routing lookup; Charon doesn't require it anyway.