strongswan.git
8 years agomaemo: Enable pluto and starter.
Tobias Brunner [Fri, 4 Feb 2011 11:52:40 +0000 (12:52 +0100)]
maemo: Enable pluto and starter.

8 years agomaemo: Added Maemo specific fields (including icons) to packages.
Tobias Brunner [Fri, 4 Feb 2011 11:51:53 +0000 (12:51 +0100)]
maemo: Added Maemo specific fields (including icons) to packages.

8 years agomaemo: Don't include debian files in distribution.
Tobias Brunner [Fri, 4 Feb 2011 11:50:38 +0000 (12:50 +0100)]
maemo: Don't include debian files in distribution.

8 years agomaemo: Package dependencies and descriptions changed.
Tobias Brunner [Fri, 4 Feb 2011 11:49:41 +0000 (12:49 +0100)]
maemo: Package dependencies and descriptions changed.

8 years agomaemo: Touch icon dir to trigger update event.
Tobias Brunner [Fri, 4 Feb 2011 11:39:07 +0000 (12:39 +0100)]
maemo: Touch icon dir to trigger update event.

8 years agomaemo: Listen for IKE_SA state changes insted of CHILD_SA state changes.
Tobias Brunner [Fri, 4 Feb 2011 11:36:28 +0000 (12:36 +0100)]
maemo: Listen for IKE_SA state changes insted of CHILD_SA state changes.

If the IKE_SA_INIT request fails, there is not yet a CHILD_SA that could
trigger state changes.

8 years agomaemo: Reload icons on icon theme change.
Tobias Brunner [Fri, 4 Feb 2011 11:34:26 +0000 (12:34 +0100)]
maemo: Reload icons on icon theme change.

This is also needed during the installation because the applet might be
loaded before the icons are installed (or the icon cache is refreshed).

8 years agomaemo: Adding some missing files (required by automake).
Tobias Brunner [Fri, 4 Feb 2011 11:33:22 +0000 (12:33 +0100)]
maemo: Adding some missing files (required by automake).

8 years agoReplace hashtable key if a put operation replaces value
Martin Willi [Thu, 3 Feb 2011 15:58:12 +0000 (16:58 +0100)]
Replace hashtable key if a put operation replaces value

Fixes a crash if lifetime of key is bound to value (i.e. key == value)

8 years agoFix check to increase hashtable size properly
Martin Willi [Thu, 3 Feb 2011 15:57:39 +0000 (16:57 +0100)]
Fix check to increase hashtable size properly

8 years agoInvoke the per-round authorize() hook before purging current auth info on IKE_SA
Martin Willi [Thu, 3 Feb 2011 12:31:11 +0000 (13:31 +0100)]
Invoke the per-round authorize() hook before purging current auth info on IKE_SA

8 years agoFilter out non-matching ike_cfg in backend manager, so backends don't have to
Martin Willi [Thu, 3 Feb 2011 09:03:36 +0000 (10:03 +0100)]
Filter out non-matching ike_cfg in backend manager, so backends don't have to

8 years agodisable INITIAL_CONTACT message by setting unigueids=no
Andreas Steffen [Wed, 2 Feb 2011 14:58:34 +0000 (15:58 +0100)]
disable INITIAL_CONTACT message by setting unigueids=no

8 years agoMigrated ike_auth to INIT/METHOD macros, fixes missing initial_contact initialization
Martin Willi [Wed, 2 Feb 2011 14:13:39 +0000 (15:13 +0100)]
Migrated ike_auth to INIT/METHOD macros, fixes missing initial_contact initialization

8 years agoAccept non-encrypted INFORMATIONALs for ME connectivity checks
Martin Willi [Tue, 1 Feb 2011 08:46:32 +0000 (09:46 +0100)]
Accept non-encrypted INFORMATIONALs for ME connectivity checks

8 years agoDo not use destroyed rng/hasher if IKE_SA has been flush()ed
Martin Willi [Thu, 20 Jan 2011 09:32:37 +0000 (10:32 +0100)]
Do not use destroyed rng/hasher if IKE_SA has been flush()ed

8 years agoAdd missing AUTH_RULE for trusted self-signed peer certificates
Martin Willi [Tue, 1 Feb 2011 08:24:42 +0000 (09:24 +0100)]
Add missing AUTH_RULE for trusted self-signed peer certificates

8 years agoload constraints plugin in ikev2/multi-level-ca-pathlen scenario
Andreas Steffen [Mon, 31 Jan 2011 13:46:16 +0000 (14:46 +0100)]
load constraints plugin in ikev2/multi-level-ca-pathlen scenario

8 years agofixed checking of unknown critical extensions in openssl_x509
Andreas Steffen [Mon, 31 Jan 2011 13:37:48 +0000 (14:37 +0100)]
fixed checking of unknown critical extensions in openssl_x509

8 years agoadapted some UML timings
Andreas Steffen [Mon, 31 Jan 2011 08:38:22 +0000 (09:38 +0100)]
adapted some UML timings

8 years agomove sleep into host start if statement
Andreas Steffen [Mon, 31 Jan 2011 07:18:34 +0000 (08:18 +0100)]
move sleep into host start if statement

8 years agofixed typo
Andreas Steffen [Mon, 31 Jan 2011 07:07:28 +0000 (08:07 +0100)]
fixed typo

8 years agoadded ikev2/rw-eap-tnc-dynamic scenario
Andreas Steffen [Mon, 31 Jan 2011 06:30:41 +0000 (07:30 +0100)]
added ikev2/rw-eap-tnc-dynamic scenario

8 years agoupdated testing.conf UML configuration file
Andreas Steffen [Mon, 31 Jan 2011 04:47:39 +0000 (05:47 +0100)]
updated testing.conf UML configuration file

8 years agoadditional UML configuration options
Andreas Steffen [Mon, 31 Jan 2011 04:47:05 +0000 (05:47 +0100)]
additional UML configuration options

8 years agoversion bump to strongswan-4.5.1rc1
Andreas Steffen [Mon, 31 Jan 2011 04:39:17 +0000 (05:39 +0100)]
version bump to strongswan-4.5.1rc1

8 years agoadded tnccs_dynamic plugin and tnccs_11 refactoring to NEWS
Andreas Steffen [Mon, 31 Jan 2011 04:37:41 +0000 (05:37 +0100)]
added tnccs_dynamic plugin and tnccs_11 refactoring to NEWS

8 years agoadded comment to determine_tnccs_protocol() function
Andreas Steffen [Mon, 31 Jan 2011 04:31:22 +0000 (05:31 +0100)]
added comment to determine_tnccs_protocol() function

8 years agoimplemented dynamic detection of TNCCS protocol
Andreas Steffen [Sun, 30 Jan 2011 23:59:01 +0000 (00:59 +0100)]
implemented dynamic detection of TNCCS protocol

8 years agoDo not log potentially hundreds of cert requests for unknown CAs at level 1
Martin Willi [Thu, 27 Jan 2011 08:14:53 +0000 (09:14 +0100)]
Do not log potentially hundreds of cert requests for unknown CAs at level 1

8 years agoUse wrapped threading functions in ha plugin
Martin Willi [Thu, 20 Jan 2011 14:52:29 +0000 (15:52 +0100)]
Use wrapped threading functions in ha plugin

8 years agoLoad load-tester plugin before kernel interfaces, fixes fake_kernel option
Martin Willi [Wed, 19 Jan 2011 15:43:00 +0000 (16:43 +0100)]
Load load-tester plugin before kernel interfaces, fixes fake_kernel option

8 years agoIncrease tls_writer buffer by at least 4 bytes
Martin Willi [Wed, 19 Jan 2011 13:41:59 +0000 (14:41 +0100)]
Increase tls_writer buffer by at least 4 bytes

8 years agoFix potential use after free
Thomas Egerer [Tue, 18 Jan 2011 14:59:35 +0000 (15:59 +0100)]
Fix potential use after free

8 years agoWhitelist gnutls init function
Martin Willi [Mon, 17 Jan 2011 12:32:45 +0000 (13:32 +0100)]
Whitelist gnutls init function

8 years agoImplemented an alternative HTTP fetcher based on libsoup
Martin Willi [Mon, 17 Jan 2011 12:27:18 +0000 (13:27 +0100)]
Implemented an alternative HTTP fetcher based on libsoup

8 years agoAdded simple fetcher tool to test fetcher implementations
Martin Willi [Mon, 17 Jan 2011 12:26:12 +0000 (13:26 +0100)]
Added simple fetcher tool to test fetcher implementations

8 years agobacktrace->contains_function takes multiple names, speeding up whitelist check drasti...
Martin Willi [Mon, 17 Jan 2011 12:23:57 +0000 (13:23 +0100)]
backtrace->contains_function takes multiple names, speeding up whitelist check drastically

8 years agoAdd some common glib non-leaks to whitelist
Martin Willi [Mon, 17 Jan 2011 12:23:00 +0000 (13:23 +0100)]
Add some common glib non-leaks to whitelist

8 years agoAdd missing va_end to va_start in curl_fetcher
Martin Willi [Mon, 17 Jan 2011 12:21:35 +0000 (13:21 +0100)]
Add missing va_end to va_start in curl_fetcher

8 years agoDo not pass an enum type to va_arg
Martin Willi [Mon, 17 Jan 2011 12:21:12 +0000 (13:21 +0100)]
Do not pass an enum type to va_arg

8 years agoUse newer Linux capability native API, if available
Martin Willi [Sat, 15 Jan 2011 15:24:58 +0000 (16:24 +0100)]
Use newer Linux capability native API, if available

8 years agoDo not install config files with user/group, as it might not exist on build machine
Martin Willi [Sat, 15 Jan 2011 15:24:19 +0000 (16:24 +0100)]
Do not install config files with user/group, as it might not exist on build machine

8 years agoCompare ending address in ts->equals, fixes redundant traffic selector elimination
Martin Willi [Fri, 14 Jan 2011 12:22:19 +0000 (13:22 +0100)]
Compare ending address in ts->equals, fixes redundant traffic selector elimination

8 years agoRevert "Send INITIAL_CONTACT even if we have a unique policy"
Martin Willi [Thu, 13 Jan 2011 09:50:46 +0000 (10:50 +0100)]
Revert "Send INITIAL_CONTACT even if we have a unique policy"

It makes sense to omit INITIAL_CONTACT if don't have a unique policy,
as a client might want to connect from different devices to the same
account.

This reverts commit 719c33b41a1f9fe9b2585df3e7aa804a760c361c.

8 years agoFixed memory cleanup if no DHCP transaction found for an OFFER
Martin Willi [Wed, 12 Jan 2011 14:17:08 +0000 (15:17 +0100)]
Fixed memory cleanup if no DHCP transaction found for an OFFER

8 years agoForce port update as responder when initiator switches to 4500 in IKE_AUTH
Martin Willi [Wed, 12 Jan 2011 12:54:46 +0000 (13:54 +0100)]
Force port update as responder when initiator switches to 4500 in IKE_AUTH

8 years agoAvoid variable name overloading
Martin Willi [Wed, 12 Jan 2011 12:54:13 +0000 (13:54 +0100)]
Avoid variable name overloading

8 years agoterminate TNCCS 1.1 connection after sending recommendation
Andreas Steffen [Mon, 10 Jan 2011 06:22:02 +0000 (07:22 +0100)]
terminate TNCCS 1.1 connection after sending recommendation

8 years agofixed XML syntax for TNCCS-Recommendation messages
Andreas Steffen [Mon, 10 Jan 2011 06:21:03 +0000 (07:21 +0100)]
fixed XML syntax for TNCCS-Recommendation messages

8 years agoimplemented check_and_build_recommendation()
Andreas Steffen [Mon, 10 Jan 2011 05:46:17 +0000 (06:46 +0100)]
implemented check_and_build_recommendation()

8 years agocorrect numbering of batches
Andreas Steffen [Mon, 10 Jan 2011 04:08:48 +0000 (05:08 +0100)]
correct numbering of batches

8 years agoinitialize the reference count correctly
Andreas Steffen [Mon, 10 Jan 2011 04:08:07 +0000 (05:08 +0100)]
initialize the reference count correctly

8 years agohandle zero size Base64 conversions
Andreas Steffen [Mon, 10 Jan 2011 04:06:59 +0000 (05:06 +0100)]
handle zero size Base64 conversions

8 years agocommunicate DELETE state to IMCs and IMVs
Andreas Steffen [Sun, 9 Jan 2011 22:27:43 +0000 (23:27 +0100)]
communicate DELETE state to IMCs and IMVs

8 years agoSend INITIAL_CONTACT even if we have a unique policy
Martin Willi [Mon, 10 Jan 2011 10:54:10 +0000 (11:54 +0100)]
Send INITIAL_CONTACT even if we have a unique policy

8 years agoimplemented parsing of TNCCS 1.1 messages
Andreas Steffen [Sun, 9 Jan 2011 09:00:54 +0000 (10:00 +0100)]
implemented parsing of TNCCS 1.1 messages

8 years agosend notifyConnectionChange() to IMCs
Andreas Steffen [Sun, 9 Jan 2011 09:00:13 +0000 (10:00 +0100)]
send notifyConnectionChange() to IMCs

8 years agosuiteb directory hasn't been moved to Master yet
Andreas Steffen [Sat, 8 Jan 2011 01:17:14 +0000 (02:17 +0100)]
suiteb directory hasn't been moved to Master yet

8 years agogenerate TNCCS-Error messages
Andreas Steffen [Sat, 8 Jan 2011 01:16:14 +0000 (02:16 +0100)]
generate TNCCS-Error messages

8 years agocreated process() method for TNCCS messages
Andreas Steffen [Sat, 8 Jan 2011 01:15:10 +0000 (02:15 +0100)]
created process() method for TNCCS messages

8 years agoAdded NEWS for ipsec.conf certpolicy and key strength options
Martin Willi [Fri, 7 Jan 2011 14:45:53 +0000 (15:45 +0100)]
Added NEWS for ipsec.conf certpolicy and key strength options

8 years agoAdded support for trustchain key strength checking to rightauth option
Martin Willi [Fri, 7 Jan 2011 14:38:34 +0000 (15:38 +0100)]
Added support for trustchain key strength checking to rightauth option

8 years agoAdded a left/rightcertpolicy keyword to specify certificatePolicy requirements
Martin Willi [Fri, 7 Jan 2011 14:14:41 +0000 (15:14 +0100)]
Added a left/rightcertpolicy keyword to specify certificatePolicy requirements

8 years agoFix nonce comparison in rekey collisions, lowest nonce loses
Martin Willi [Fri, 7 Jan 2011 12:32:28 +0000 (13:32 +0100)]
Fix nonce comparison in rekey collisions, lowest nonce loses

8 years agocorrected naming of tnccs_reason_strings_msg_t object
Andreas Steffen [Fri, 7 Jan 2011 06:18:42 +0000 (07:18 +0100)]
corrected naming of tnccs_reason_strings_msg_t object

8 years agodo not forget to advance node
Andreas Steffen [Fri, 7 Jan 2011 06:17:52 +0000 (07:17 +0100)]
do not forget to advance node

8 years agolibcharon plugins depend on libtls and/or libsimaka
Andreas Steffen [Fri, 7 Jan 2011 05:28:08 +0000 (06:28 +0100)]
libcharon plugins depend on libtls and/or libsimaka

8 years agofixed cert_validator_t:validate interface
Andreas Steffen [Fri, 7 Jan 2011 04:41:01 +0000 (05:41 +0100)]
fixed cert_validator_t:validate interface

8 years agoimplemented TNCCS 1.1 without libtnc
Andreas Steffen [Fri, 7 Jan 2011 04:29:04 +0000 (05:29 +0100)]
implemented TNCCS 1.1 without libtnc

8 years agocompute memory requirement for PEM-encoding correctly
Andreas Steffen [Fri, 7 Jan 2011 04:28:17 +0000 (05:28 +0100)]
compute memory requirement for PEM-encoding correctly

8 years agoAdded delta CRL NEWS
Martin Willi [Wed, 5 Jan 2011 17:20:11 +0000 (18:20 +0100)]
Added delta CRL NEWS

8 years agoAdded constraints plugin NEWS
Martin Willi [Wed, 5 Jan 2011 17:15:44 +0000 (18:15 +0100)]
Added constraints plugin NEWS

8 years agoAdded conftest NEWS
Martin Willi [Wed, 5 Jan 2011 17:09:49 +0000 (18:09 +0100)]
Added conftest NEWS

8 years agoAdded NEWS about INITIAL_CONTACT support
Martin Willi [Wed, 5 Jan 2011 17:05:09 +0000 (18:05 +0100)]
Added NEWS about INITIAL_CONTACT support

8 years agoDestroy existing IKE_SAs with same identities when receiving INITIAL_CONTACT
Martin Willi [Wed, 5 Jan 2011 15:44:01 +0000 (16:44 +0100)]
Destroy existing IKE_SAs with same identities when receiving INITIAL_CONTACT

8 years agoSend INITIAL_CONTACT for the first IKE_SA if it has a unique policy
Martin Willi [Wed, 5 Jan 2011 14:58:38 +0000 (15:58 +0100)]
Send INITIAL_CONTACT for the first IKE_SA if it has a unique policy

8 years agoMigrated ike_sa_manager_t to INIT/METHOD macros, some cleanups
Martin Willi [Wed, 5 Jan 2011 14:15:34 +0000 (15:15 +0100)]
Migrated ike_sa_manager_t to INIT/METHOD macros, some cleanups

8 years agoAdded option to use a different key when rebuilding AUTH
Martin Willi [Thu, 23 Dec 2010 14:40:09 +0000 (15:40 +0100)]
Added option to use a different key when rebuilding AUTH

8 years agoDo not print empty DN identities as invalid
Martin Willi [Thu, 23 Dec 2010 14:22:32 +0000 (15:22 +0100)]
Do not print empty DN identities as invalid

8 years agoAdded support for empty subjects DNs to pki --issue
Martin Willi [Thu, 23 Dec 2010 14:21:52 +0000 (15:21 +0100)]
Added support for empty subjects DNs to pki --issue

8 years agoAdded support for OCSP responder URIs to conftest
Martin Willi [Thu, 23 Dec 2010 14:00:34 +0000 (15:00 +0100)]
Added support for OCSP responder URIs to conftest

8 years agoAdded support for delta CRL checking to revocation plugin
Martin Willi [Thu, 23 Dec 2010 13:51:00 +0000 (14:51 +0100)]
Added support for delta CRL checking to revocation plugin

8 years agoUse incremented serial of base CRL when signing delta CRL
Martin Willi [Thu, 23 Dec 2010 13:50:04 +0000 (14:50 +0100)]
Use incremented serial of base CRL when signing delta CRL

8 years agoShow base CRL of delta CRLs in listcrls
Martin Willi [Thu, 23 Dec 2010 13:40:37 +0000 (14:40 +0100)]
Show base CRL of delta CRLs in listcrls

8 years agoVerify trustchain for each candidate certificate only once
Martin Willi [Thu, 23 Dec 2010 13:36:20 +0000 (14:36 +0100)]
Verify trustchain for each candidate certificate only once

8 years agoProvide CRLs received in CERT payloads to trustchain verification
Martin Willi [Thu, 23 Dec 2010 11:18:15 +0000 (12:18 +0100)]
Provide CRLs received in CERT payloads to trustchain verification

8 years agoAdded an AUTH_HELPER for revocation certificates
Martin Willi [Thu, 23 Dec 2010 11:17:49 +0000 (12:17 +0100)]
Added an AUTH_HELPER for revocation certificates

8 years agoAdded support for CDPs to conftest
Martin Willi [Thu, 23 Dec 2010 10:54:17 +0000 (11:54 +0100)]
Added support for CDPs to conftest

8 years agoAdded CDP support to mem_cred
Martin Willi [Thu, 23 Dec 2010 10:54:01 +0000 (11:54 +0100)]
Added CDP support to mem_cred

8 years agoCheck for issuer only if we actually got a CRL
Martin Willi [Thu, 23 Dec 2010 10:44:36 +0000 (11:44 +0100)]
Check for issuer only if we actually got a CRL

8 years agoUpdated conftest README
Martin Willi [Wed, 22 Dec 2010 17:00:11 +0000 (18:00 +0100)]
Updated conftest README

8 years agoAdded support for custom file loggers, loglevel settings
Martin Willi [Wed, 22 Dec 2010 16:19:28 +0000 (17:19 +0100)]
Added support for custom file loggers, loglevel settings

8 years agoCheck inhibitAnyPolicy in constraints plugin
Martin Willi [Wed, 22 Dec 2010 15:08:20 +0000 (16:08 +0100)]
Check inhibitAnyPolicy in constraints plugin

8 years agoSlightly renamed different policyConstraints to distinguish them better
Martin Willi [Wed, 22 Dec 2010 14:58:00 +0000 (15:58 +0100)]
Slightly renamed different policyConstraints to distinguish them better

8 years agoAdded inhibitAnyPolicy constraint support to pki tool
Martin Willi [Wed, 22 Dec 2010 14:52:19 +0000 (15:52 +0100)]
Added inhibitAnyPolicy constraint support to pki tool

8 years agoAdded support for inhibitAnyPolicy constraint to x509 plugin
Martin Willi [Wed, 22 Dec 2010 14:52:02 +0000 (15:52 +0100)]
Added support for inhibitAnyPolicy constraint to x509 plugin

8 years agoUse a generic getter for all numerical X.509 constraints
Martin Willi [Wed, 22 Dec 2010 14:10:03 +0000 (15:10 +0100)]
Use a generic getter for all numerical X.509 constraints

8 years agoCheck inhibitPolicyMapping in constraints plugin
Martin Willi [Wed, 22 Dec 2010 13:53:46 +0000 (14:53 +0100)]
Check inhibitPolicyMapping in constraints plugin

8 years agoCheck requireExplicitPolicy in constraints plugin
Martin Willi [Wed, 22 Dec 2010 09:38:06 +0000 (10:38 +0100)]
Check requireExplicitPolicy in constraints plugin