strongswan.git
12 years agoreverted changeset [4440], [4443] uses old algorithm name again
Martin Willi [Wed, 15 Oct 2008 08:50:14 +0000 (08:50 -0000)]
reverted changeset [4440], [4443] uses old algorithm name again

12 years agostore ESP keys in CHILD_SA
Martin Willi [Wed, 15 Oct 2008 08:37:56 +0000 (08:37 -0000)]
store ESP keys in CHILD_SA

12 years agoactivate compilation of the kernel_pfkey plugin
Andreas Steffen [Wed, 15 Oct 2008 00:22:51 +0000 (00:22 -0000)]
activate compilation of the kernel_pfkey plugin

12 years agoadded PFKEYv2 UML scenarios
Andreas Steffen [Wed, 15 Oct 2008 00:11:00 +0000 (00:11 -0000)]
added PFKEYv2 UML scenarios

12 years agoname of ESP algorithm changed to AES_XCBC_96-128
Andreas Steffen [Tue, 14 Oct 2008 23:55:19 +0000 (23:55 -0000)]
name of ESP algorithm changed to AES_XCBC_96-128

12 years agopassing chunks, not prf+, to kernel interface
Martin Willi [Tue, 14 Oct 2008 15:17:44 +0000 (15:17 -0000)]
passing chunks, not prf+, to kernel interface
gives us better control of keymat in CHILD_SA

12 years agotypos
Tobias Brunner [Tue, 14 Oct 2008 12:18:53 +0000 (12:18 -0000)]
typos

12 years agodirectory 'build' renamed as 'packages'
Tobias Brunner [Tue, 14 Oct 2008 11:53:23 +0000 (11:53 -0000)]
directory 'build' renamed as 'packages'

12 years agoreintegrated bus-refactoring branch
Martin Willi [Tue, 14 Oct 2008 08:52:13 +0000 (08:52 -0000)]
reintegrated bus-refactoring branch

12 years agomerging kernel_pfkey plugin back from kernel-interface branch
Tobias Brunner [Tue, 14 Oct 2008 08:46:31 +0000 (08:46 -0000)]
merging kernel_pfkey plugin back from kernel-interface branch

12 years agoversion bump to 4.2.9
Andreas Steffen [Tue, 14 Oct 2008 01:53:37 +0000 (01:53 -0000)]
version bump to 4.2.9

12 years agocorrected typo 4.2.8
Andreas Steffen [Mon, 13 Oct 2008 22:54:09 +0000 (22:54 -0000)]
corrected typo

12 years agoadded bug fix for addr_in_subnet() to NEWS
Andreas Steffen [Mon, 13 Oct 2008 00:15:16 +0000 (00:15 -0000)]
added bug fix for addr_in_subnet() to NEWS

12 years agoadd support of --enable-eap-sim-file and --enable-kernel-pfkey configuration options
Andreas Steffen [Mon, 13 Oct 2008 00:09:44 +0000 (00:09 -0000)]
add support of --enable-eap-sim-file and --enable-kernel-pfkey configuration options

12 years agoset guest-specific kernel parameters
Martin Willi [Fri, 10 Oct 2008 11:20:04 +0000 (11:20 -0000)]
set guest-specific kernel parameters
removed memory setting, use mem= instead

12 years agoreintegrated two-sim branch providing SIM card plugin API
Martin Willi [Fri, 10 Oct 2008 08:36:01 +0000 (08:36 -0000)]
reintegrated two-sim branch providing SIM card plugin API

12 years agotrimming additial / in some cases
Martin Willi [Fri, 10 Oct 2008 07:33:37 +0000 (07:33 -0000)]
trimming additial / in some cases

12 years agouse busybox compatible kill
Martin Willi [Fri, 10 Oct 2008 06:59:03 +0000 (06:59 -0000)]
use busybox compatible kill

12 years agoremove intermediate CA certs after UML test
Andreas Steffen [Thu, 9 Oct 2008 22:20:56 +0000 (22:20 -0000)]
remove intermediate CA certs after UML test

12 years agofixed MOBIKE roaming if clients address changes
Martin Willi [Thu, 9 Oct 2008 08:25:11 +0000 (08:25 -0000)]
fixed MOBIKE roaming if clients address changes

12 years agofaster implementation of addr_in_subnet()
Andreas Steffen [Thu, 9 Oct 2008 05:44:00 +0000 (05:44 -0000)]
faster implementation of addr_in_subnet()

12 years agoadded proposal parsing of uncommon DH groups 3072/6144
Martin Willi [Wed, 8 Oct 2008 12:57:11 +0000 (12:57 -0000)]
added proposal parsing of uncommon DH groups 3072/6144

12 years agosome mobike improvement NEWS
Martin Willi [Wed, 8 Oct 2008 12:24:08 +0000 (12:24 -0000)]
some mobike improvement NEWS

12 years agoignore routing events for our own routes
Martin Willi [Wed, 8 Oct 2008 08:29:49 +0000 (08:29 -0000)]
ignore routing events for our own routes

12 years agomobike: try to keep existing source address before switching to another
Martin Willi [Wed, 8 Oct 2008 08:23:46 +0000 (08:23 -0000)]
mobike: try to keep existing source address before switching to another

12 years agoraw public key support for charon
Andreas Steffen [Wed, 8 Oct 2008 07:03:39 +0000 (07:03 -0000)]
raw public key support for charon

12 years agoimplemented ipsec listalgs as a stroke command
Andreas Steffen [Wed, 8 Oct 2008 07:00:13 +0000 (07:00 -0000)]
implemented ipsec listalgs as a stroke command

12 years agocorrect fix that replaces Changeset 4378
Andreas Steffen [Wed, 8 Oct 2008 06:57:52 +0000 (06:57 -0000)]
correct fix that replaces Changeset 4378

12 years agoremoving fix applied by Changeset 4378
Andreas Steffen [Wed, 8 Oct 2008 06:15:41 +0000 (06:15 -0000)]
removing fix applied by Changeset 4378

12 years agoadded the sql/rw-rsa and sql/rw-rsa-keyid scenarios using raw RSA public keys
Andreas Steffen [Wed, 8 Oct 2008 03:37:40 +0000 (03:37 -0000)]
added the sql/rw-rsa and sql/rw-rsa-keyid scenarios using raw RSA public keys

12 years agoget_subject() of a CERT_TRUSTED_PUBKEY object returns ID_PUBKEY_INFO_SHA1 hash consis...
Andreas Steffen [Wed, 8 Oct 2008 03:35:52 +0000 (03:35 -0000)]
get_subject() of a CERT_TRUSTED_PUBKEY object returns ID_PUBKEY_INFO_SHA1 hash consistent with the IKEv2 keyid philosophy

12 years agoImplemented BUILD_BLOB_ASN1_DER for the CERT_TRUSTED_PUBKEY subtype
Andreas Steffen [Wed, 8 Oct 2008 01:19:26 +0000 (01:19 -0000)]
Implemented BUILD_BLOB_ASN1_DER for the CERT_TRUSTED_PUBKEY subtype

12 years agofixed loop termination criterion in addr_in_subnet(). Thanks go to Wolfgang Steudel...
Andreas Steffen [Tue, 7 Oct 2008 21:41:45 +0000 (21:41 -0000)]
fixed loop termination criterion in addr_in_subnet(). Thanks go to Wolfgang Steudel, TU Ilmenau

12 years agoguest bootup waits for init, not for network stack (fixes 2.6.27 guest kernels)
Martin Willi [Tue, 7 Oct 2008 16:31:41 +0000 (16:31 -0000)]
guest bootup waits for init, not for network stack (fixes 2.6.27 guest kernels)

12 years agoported mconsole-exec patch to 2.6.27-rc7
Martin Willi [Tue, 7 Oct 2008 09:09:34 +0000 (09:09 -0000)]
ported mconsole-exec patch to 2.6.27-rc7

12 years agouserland support to process notifies for new NAT mappings detected in UDP encapsulation
Martin Willi [Tue, 7 Oct 2008 07:55:28 +0000 (07:55 -0000)]
userland support to process notifies for new NAT mappings detected in UDP encapsulation

12 years agowait 5 seconds before deactivating eth1 interface on alice
Andreas Steffen [Tue, 7 Oct 2008 04:56:50 +0000 (04:56 -0000)]
wait 5 seconds before deactivating eth1 interface on alice

12 years agoexplicitly load kernel-netlink plugin in UML scenarios
Andreas Steffen [Tue, 7 Oct 2008 04:51:20 +0000 (04:51 -0000)]
explicitly load kernel-netlink plugin in UML scenarios

12 years agouse MOBIKE enabled DPD if we are NATed
Martin Willi [Mon, 6 Oct 2008 13:37:04 +0000 (13:37 -0000)]
use MOBIKE enabled DPD if we are NATed
update SAs if we detect changes in NAT mappings

12 years agofixed builder_cancel macro to return NULL on failed build
Martin Willi [Mon, 6 Oct 2008 13:08:49 +0000 (13:08 -0000)]
fixed builder_cancel macro to return NULL on failed build

12 years agodo not run CHILD_SA delete action if rekeying
Martin Willi [Fri, 3 Oct 2008 16:01:14 +0000 (16:01 -0000)]
do not run CHILD_SA delete action if rekeying

12 years agoadded --disable-kernel-netlink configure option
Andreas Steffen [Fri, 3 Oct 2008 03:27:42 +0000 (03:27 -0000)]
added --disable-kernel-netlink configure option

12 years agouse dpd_action also for remotely closed tunnels
Martin Willi [Thu, 2 Oct 2008 13:47:19 +0000 (13:47 -0000)]
use dpd_action also for remotely closed tunnels

12 years agoalso respect the mobike=no setting as responder
Martin Willi [Tue, 30 Sep 2008 12:36:58 +0000 (12:36 -0000)]
also respect the mobike=no setting as responder

12 years agousing signed return value for read()
Martin Willi [Tue, 30 Sep 2008 06:27:50 +0000 (06:27 -0000)]
using signed return value for read()

12 years agomerging renaming of mode_t to ipsec_mode_t back to trunk
Tobias Brunner [Thu, 25 Sep 2008 13:56:23 +0000 (13:56 -0000)]
merging renaming of mode_t to ipsec_mode_t back to trunk

12 years agomerging modularized kernel interface back to trunk
Tobias Brunner [Thu, 25 Sep 2008 07:56:58 +0000 (07:56 -0000)]
merging modularized kernel interface back to trunk

12 years agomissing '_' added
Tobias Brunner [Fri, 19 Sep 2008 13:20:09 +0000 (13:20 -0000)]
missing '_' added

12 years agoversion bump to 4.2.8
Andreas Steffen [Thu, 18 Sep 2008 00:42:22 +0000 (00:42 -0000)]
version bump to 4.2.8

12 years agocompleted NEWS for 4.2.7 release 4.2.7
Andreas Steffen [Thu, 18 Sep 2008 00:34:31 +0000 (00:34 -0000)]
completed NEWS for 4.2.7 release

12 years agofixed DH value range testing
Martin Willi [Wed, 17 Sep 2008 09:02:30 +0000 (09:02 -0000)]
fixed DH value range testing

12 years agochecking mpz_export return value properly
Martin Willi [Wed, 17 Sep 2008 08:10:48 +0000 (08:10 -0000)]
checking mpz_export return value properly
fixes a potential DoS attack if a DH value of zero gets processed

12 years agostroke parses and lists AC groups
Andreas Steffen [Wed, 17 Sep 2008 02:17:01 +0000 (02:17 -0000)]
stroke parses and lists AC groups

12 years agoupdated ubuntu packages for release compatible with NM svn20080908
Martin Willi [Fri, 12 Sep 2008 13:48:11 +0000 (13:48 -0000)]
updated ubuntu packages for release compatible with NM svn20080908

12 years agoported NM plugin to upstream NetworkManager changes
Martin Willi [Fri, 12 Sep 2008 13:28:31 +0000 (13:28 -0000)]
ported NM plugin to upstream NetworkManager changes
splitted secrets (4031)
using uuid in auth-dialog (4053)

12 years agoallow multiple DELETE payloads in an informational message
Martin Willi [Thu, 11 Sep 2008 11:14:09 +0000 (11:14 -0000)]
allow multiple DELETE payloads in an informational message

12 years agoupdated NEWS
Martin Willi [Fri, 5 Sep 2008 15:10:56 +0000 (15:10 -0000)]
updated NEWS

12 years agofixed ubuntu distribution/typos
Martin Willi [Fri, 5 Sep 2008 14:44:21 +0000 (14:44 -0000)]
fixed ubuntu distribution/typos

12 years agonew ubuntu package release
Martin Willi [Fri, 5 Sep 2008 14:01:47 +0000 (14:01 -0000)]
new ubuntu package release

12 years agoNM plugin supports (encrypted) private key files
Martin Willi [Fri, 5 Sep 2008 13:26:58 +0000 (13:26 -0000)]
NM plugin supports (encrypted) private key files

12 years agotime values in strongswan.conf can be optionally specified in days (d), hours (h...
Andreas Steffen [Thu, 4 Sep 2008 16:19:46 +0000 (16:19 -0000)]
time values in strongswan.conf can be optionally specified in days (d), hours (h), minutes (m), or seconds (s)

12 years agosome NEWS
Martin Willi [Thu, 4 Sep 2008 14:52:33 +0000 (14:52 -0000)]
some NEWS

12 years agofixed some translations/encoding
Martin Willi [Thu, 4 Sep 2008 13:51:35 +0000 (13:51 -0000)]
fixed some translations/encoding

12 years agoan initial German translation for NM plugin
Martin Willi [Thu, 4 Sep 2008 13:39:37 +0000 (13:39 -0000)]
an initial German translation for NM plugin

12 years agoupdated debian build to extended nm plugin
Martin Willi [Thu, 4 Sep 2008 11:55:31 +0000 (11:55 -0000)]
updated debian build to extended nm plugin

12 years agoreduced nm verbosity
Martin Willi [Thu, 4 Sep 2008 10:35:20 +0000 (10:35 -0000)]
reduced nm verbosity

12 years agoimplemented NetworkManager certificate/private key authentication using ssh-agent
Martin Willi [Thu, 4 Sep 2008 08:40:37 +0000 (08:40 -0000)]
implemented NetworkManager certificate/private key authentication using ssh-agent

12 years agoadded a configure option to select charon binary
Martin Willi [Thu, 4 Sep 2008 08:37:31 +0000 (08:37 -0000)]
added a configure option to select charon binary

12 years agoagent plugin optionally accepts a BUILD_PUBLIC_KEY to select a specific private key...
Martin Willi [Thu, 4 Sep 2008 08:35:11 +0000 (08:35 -0000)]
agent plugin optionally accepts a BUILD_PUBLIC_KEY to select a specific private key from the agent

12 years agocharon.keep_alive = 0 disables the sending of NAT keep alives
Andreas Steffen [Wed, 3 Sep 2008 19:00:08 +0000 (19:00 -0000)]
charon.keep_alive = 0 disables the sending of NAT keep alives

12 years agoconfigure NAT keep alive interval using the charon.keep_alive key
Andreas Steffen [Wed, 3 Sep 2008 18:49:06 +0000 (18:49 -0000)]
configure NAT keep alive interval using the charon.keep_alive key

12 years agotypos
Tobias Brunner [Wed, 3 Sep 2008 07:44:46 +0000 (07:44 -0000)]
typos

12 years agohandle INFORMATIONAL exchanges with NATD payloads in mobike task
Martin Willi [Tue, 2 Sep 2008 14:02:40 +0000 (14:02 -0000)]
handle INFORMATIONAL exchanges with NATD payloads in mobike task

12 years agolibstrongswan agent plugin to use ssh-agent for RSA signatures
Martin Willi [Tue, 2 Sep 2008 11:04:26 +0000 (11:04 -0000)]
libstrongswan agent plugin to use ssh-agent for RSA signatures

12 years agoported openac to credential factory changes
Martin Willi [Tue, 2 Sep 2008 11:01:05 +0000 (11:01 -0000)]
ported openac to credential factory changes

12 years agorefactored credential builder
Martin Willi [Tue, 2 Sep 2008 11:00:13 +0000 (11:00 -0000)]
refactored credential builder
allow enumeration of matching builders
try a second builder if the first one fails
builder clones resources internally on demand
caller frees added resources on failure and success
stricter handling of non-supported build parts

12 years agoOIDs used by strongSwan
Andreas Steffen [Mon, 1 Sep 2008 11:38:03 +0000 (11:38 -0000)]
OIDs used by strongSwan

12 years agoadded thread_analysis tool
Andreas Steffen [Mon, 1 Sep 2008 11:19:07 +0000 (11:19 -0000)]
added thread_analysis tool

12 years agouse libcap for capability dropping
Martin Willi [Fri, 29 Aug 2008 09:24:14 +0000 (09:24 -0000)]
use libcap for capability dropping
optional, must be enabled --with-capabilities=libcap
will be extended to support --with-capabilities=libcap2

12 years agostreamlined ipsec listalgs output
Andreas Steffen [Fri, 29 Aug 2008 05:35:09 +0000 (05:35 -0000)]
streamlined ipsec listalgs output

12 years agocapability API to allow plugin-controlled capability set
Martin Willi [Thu, 28 Aug 2008 16:27:48 +0000 (16:27 -0000)]
capability API to allow plugin-controlled capability set

12 years agocosmetics
Martin Willi [Thu, 28 Aug 2008 11:15:01 +0000 (11:15 -0000)]
cosmetics

12 years agocreating default IKE proposals dynamically using algorithm enumeration API
Martin Willi [Thu, 28 Aug 2008 11:07:57 +0000 (11:07 -0000)]
creating default IKE proposals dynamically using algorithm enumeration API

12 years agoseparated sha1_prf implementation from sha1_hasher
Martin Willi [Thu, 28 Aug 2008 10:57:24 +0000 (10:57 -0000)]
separated sha1_prf implementation from sha1_hasher

12 years agocrypto_factory algorithm enumeration API
Martin Willi [Thu, 28 Aug 2008 09:24:42 +0000 (09:24 -0000)]
crypto_factory algorithm enumeration API
implementation of "ipsec listalgs"

12 years ago * allow to load templates from arbitrary places
Tobias Brunner [Thu, 28 Aug 2008 08:05:07 +0000 (08:05 -0000)]
 * allow to load templates from arbitrary places
 * changed implementation of guest?/iface?

12 years agomkdir_p: utility function to create a directory and all required parent directories
Tobias Brunner [Thu, 28 Aug 2008 07:47:55 +0000 (07:47 -0000)]
mkdir_p: utility function to create a directory and all required parent directories

12 years agobuild scripts for ubuntu NetworkManager packages
Martin Willi [Wed, 27 Aug 2008 13:51:05 +0000 (13:51 -0000)]
build scripts for ubuntu NetworkManager packages

12 years agocheck user account validity after PAM authentication
Martin Willi [Wed, 27 Aug 2008 13:48:54 +0000 (13:48 -0000)]
check user account validity after PAM authentication

12 years agoversion bump to 4.2.7
Andreas Steffen [Wed, 27 Aug 2008 12:01:57 +0000 (12:01 -0000)]
version bump to 4.2.7

12 years agoadditional NEWS for 4.2.6 4.2.6
Martin Willi [Wed, 27 Aug 2008 08:39:09 +0000 (08:39 -0000)]
additional NEWS for 4.2.6

12 years ago * guest#running?
Tobias Brunner [Wed, 27 Aug 2008 07:35:20 +0000 (07:35 -0000)]
 * guest#running?
 * guest?, iface? (also Guest.include? resp. guest.include?)
 * easy accessors for guests and ifaces (Guest.sun instead of Guest["sun"] and guest.eth0 instead of guest["eth0"])
 * if a block is given for iface#add or iface#del then the change is only temporary while executing the block and gets reverted afterwards

12 years agomy changes for the 4.2.6 release
Andreas Steffen [Wed, 27 Aug 2008 07:19:40 +0000 (07:19 -0000)]
my changes for the 4.2.6 release

12 years agoadded ikev2/rw-eap-aka-identity scenario
Andreas Steffen [Tue, 26 Aug 2008 20:02:58 +0000 (20:02 -0000)]
added ikev2/rw-eap-aka-identity scenario

12 years agocosmetics
Andreas Steffen [Tue, 26 Aug 2008 19:54:47 +0000 (19:54 -0000)]
cosmetics

12 years agoipsec statusall lists eap_type and eap_identity
Andreas Steffen [Tue, 26 Aug 2008 19:45:44 +0000 (19:45 -0000)]
ipsec statusall lists eap_type and eap_identity

12 years agoenable-eap-identity in UML scenarios
Andreas Steffen [Tue, 26 Aug 2008 19:17:14 +0000 (19:17 -0000)]
enable-eap-identity in UML scenarios

12 years agousing strongSwan, not NetworkManager version number
Martin Willi [Tue, 26 Aug 2008 14:27:53 +0000 (14:27 -0000)]
using strongSwan, not NetworkManager version number

12 years agofixing charon path for now for ubuntu package
Martin Willi [Tue, 26 Aug 2008 14:27:12 +0000 (14:27 -0000)]
fixing charon path for now for ubuntu package

12 years agoadded ikev2/multi-level-ca-cr-init and ikev2/multi-level-ca-cr-resp scenarios
Andreas Steffen [Tue, 26 Aug 2008 05:34:33 +0000 (05:34 -0000)]
added ikev2/multi-level-ca-cr-init and ikev2/multi-level-ca-cr-resp scenarios