strongswan.git
11 years agoAdded a doxygen group for libsimaka, some cleanups
Martin Willi [Thu, 22 Oct 2009 12:41:13 +0000 (14:41 +0200)]
Added a doxygen group for libsimaka, some cleanups

11 years agoAdded missing hasher include
Martin Willi [Thu, 22 Oct 2009 12:46:32 +0000 (14:46 +0200)]
Added missing hasher include

11 years agoEAP servers check if the received EAP message was expected
Martin Willi [Thu, 22 Oct 2009 12:05:10 +0000 (14:05 +0200)]
EAP servers check if the received EAP message was expected

11 years agoUse existing triplet length definitions
Martin Willi [Thu, 22 Oct 2009 11:57:37 +0000 (13:57 +0200)]
Use existing triplet length definitions

11 years agoSplitted EAP-AKA in peer and server implementations, use libsimaka helper library
Martin Willi [Thu, 22 Oct 2009 11:04:50 +0000 (13:04 +0200)]
Splitted EAP-AKA in peer and server implementations, use libsimaka helper library

11 years agoProper handling of non-skippable attributes and client error codes in EAP-SIM
Martin Willi [Thu, 22 Oct 2009 11:03:55 +0000 (13:03 +0200)]
Proper handling of non-skippable attributes and client error codes in EAP-SIM

11 years agoCentralized SIM/AKA notifications and client errors
Martin Willi [Thu, 22 Oct 2009 11:02:32 +0000 (13:02 +0200)]
Centralized SIM/AKA notifications and client errors

11 years agoUse the EAP-SIM/AKA crypto helper in EAP-SIM
Martin Willi [Wed, 21 Oct 2009 12:21:00 +0000 (14:21 +0200)]
Use the EAP-SIM/AKA crypto helper in EAP-SIM

11 years agolibsimaka provides cryptographic functionality used in EAP-SIM and EAP-AKA
Martin Willi [Wed, 21 Oct 2009 11:37:37 +0000 (13:37 +0200)]
libsimaka provides cryptographic functionality used in EAP-SIM and EAP-AKA

11 years agoMigrated EAP-SIM to libsimaka, separated server/peer implementations
Martin Willi [Tue, 20 Oct 2009 11:44:21 +0000 (13:44 +0200)]
Migrated EAP-SIM to libsimaka, separated server/peer implementations

11 years agoAdded a libsimaka library with shared message handling code for EAP-SIM/AKA
Martin Willi [Mon, 19 Oct 2009 13:37:36 +0000 (15:37 +0200)]
Added a libsimaka library with shared message handling code for EAP-SIM/AKA

11 years agosim_provider_t API gained support for pseudonym/fast reauthentication
Martin Willi [Wed, 14 Oct 2009 12:42:43 +0000 (14:42 +0200)]
sim_provider_t API gained support for pseudonym/fast reauthentication

11 years agosim_card_t API gained support for pseudonym/fast reauthentication
Martin Willi [Wed, 14 Oct 2009 11:35:35 +0000 (13:35 +0200)]
sim_card_t API gained support for pseudonym/fast reauthentication

11 years agomixed fingerprint / userid
Andreas Steffen [Wed, 11 Nov 2009 10:17:59 +0000 (11:17 +0100)]
mixed fingerprint / userid

11 years agofixed 4.3.6 ocsp regression
Andreas Steffen [Wed, 11 Nov 2009 10:06:07 +0000 (11:06 +0100)]
fixed 4.3.6 ocsp regression

11 years agoadapted log message
Andreas Steffen [Tue, 10 Nov 2009 22:55:55 +0000 (23:55 +0100)]
adapted log message

11 years agomerged pluto's PGP certificate parsing with charon's
Andreas Steffen [Tue, 10 Nov 2009 22:54:51 +0000 (23:54 +0100)]
merged pluto's PGP certificate parsing with charon's

11 years agomerged pluto's PGP certificate parsing with charon's
Andreas Steffen [Tue, 10 Nov 2009 22:54:04 +0000 (23:54 +0100)]
merged pluto's PGP certificate parsing with charon's

11 years agoadded separating line
Andreas Steffen [Tue, 10 Nov 2009 20:50:34 +0000 (21:50 +0100)]
added separating line

11 years agoadded some debugging to pgp certificate parsing
Andreas Steffen [Tue, 10 Nov 2009 09:04:55 +0000 (10:04 +0100)]
added some debugging to pgp certificate parsing

11 years agoaccept PGP v3 or v4 fingerprint as alternative to PGP user_id
Andreas Steffen [Mon, 9 Nov 2009 22:15:17 +0000 (23:15 +0100)]
accept PGP v3 or v4 fingerprint as alternative to PGP user_id

11 years agoIf cross-compiling, test for the existence of pthread_condattr_setclock only
Martin Willi [Mon, 9 Nov 2009 10:43:15 +0000 (11:43 +0100)]
If cross-compiling, test for the existence of pthread_condattr_setclock only

11 years agoInstall bypass policies after creating XFRM netlink socket, loading xfrm_user module
Martin Willi [Mon, 9 Nov 2009 12:23:24 +0000 (13:23 +0100)]
Install bypass policies after creating XFRM netlink socket, loading xfrm_user module

11 years agoput PGP userid in single quotes
Andreas Steffen [Sun, 8 Nov 2009 22:58:41 +0000 (23:58 +0100)]
put PGP userid in single quotes

11 years agoadded ikev2/net2net-pgp-v3 scenario
Andreas Steffen [Sun, 8 Nov 2009 22:49:04 +0000 (23:49 +0100)]
added ikev2/net2net-pgp-v3 scenario

11 years agoremoved nocrsend=yes statement
Andreas Steffen [Sun, 8 Nov 2009 22:48:26 +0000 (23:48 +0100)]
removed nocrsend=yes statement

11 years agoadded ikev2/net2net-pgp-v4 scenario
Andreas Steffen [Sun, 8 Nov 2009 22:23:45 +0000 (23:23 +0100)]
added ikev2/net2net-pgp-v4 scenario

11 years agolist v3 or v4 fingerprint
Andreas Steffen [Sun, 8 Nov 2009 22:21:03 +0000 (23:21 +0100)]
list v3 or v4 fingerprint

11 years agostroke_list supports listing of PGP certificates
Andreas Steffen [Sun, 8 Nov 2009 20:01:12 +0000 (21:01 +0100)]
stroke_list supports listing of PGP certificates

11 years agodefine TIME_32_BITS_SIGNED_MAX in utils.h
Andreas Steffen [Sun, 8 Nov 2009 17:55:52 +0000 (18:55 +0100)]
define TIME_32_BITS_SIGNED_MAX in utils.h

11 years agopluto ignores proprietary Juniper SRX notification 40001
Andreas Steffen [Thu, 5 Nov 2009 07:38:00 +0000 (08:38 +0100)]
pluto ignores proprietary Juniper SRX notification 40001

11 years agomoved multi-level-ca-pathlen scenario
Andreas Steffen [Wed, 4 Nov 2009 22:43:43 +0000 (23:43 +0100)]
moved multi-level-ca-pathlen scenario

11 years agoimplemented path length constraint checkinf for IKEv2
Andreas Steffen [Wed, 4 Nov 2009 22:37:15 +0000 (23:37 +0100)]
implemented path length constraint checkinf for IKEv2

11 years agodisplay printable characters in dntoa()
Andreas Steffen [Wed, 4 Nov 2009 19:17:12 +0000 (20:17 +0100)]
display printable characters in dntoa()

11 years agocheck if acerts linked_list has been initialized before destroying it
Andreas Steffen [Wed, 4 Nov 2009 18:36:02 +0000 (19:36 +0100)]
check if acerts linked_list has been initialized before destroying it

11 years agorenamed multi-level-pathlen scenario to multi-level-ca-pathlen
Andreas Steffen [Wed, 4 Nov 2009 17:18:43 +0000 (18:18 +0100)]
renamed multi-level-pathlen scenario to multi-level-ca-pathlen

11 years agoadded ikev1/multi-level-pathlen scenario
Andreas Steffen [Wed, 4 Nov 2009 17:15:26 +0000 (18:15 +0100)]
added ikev1/multi-level-pathlen scenario

11 years agoadded a subsidiary Duck Research CA
Andreas Steffen [Wed, 4 Nov 2009 17:13:06 +0000 (18:13 +0100)]
added a subsidiary Duck Research CA

11 years agoimplemented path length constraint checking for IKEv1
Andreas Steffen [Wed, 4 Nov 2009 17:10:31 +0000 (18:10 +0100)]
implemented path length constraint checking for IKEv1

11 years agoput directory path into single quotes
Andreas Steffen [Wed, 4 Nov 2009 13:34:14 +0000 (14:34 +0100)]
put directory path into single quotes

11 years agoremoved redundant and buggy debug statement
Andreas Steffen [Wed, 4 Nov 2009 13:28:10 +0000 (14:28 +0100)]
removed redundant and buggy debug statement

11 years agooutput optional pathLenConstraint in ipsec listcacerts
Andreas Steffen [Wed, 4 Nov 2009 06:30:07 +0000 (07:30 +0100)]
output optional pathLenConstraint in ipsec listcacerts

11 years agorefreshened and fortified strongSwan Root CA certificate
Andreas Steffen [Tue, 3 Nov 2009 23:16:48 +0000 (00:16 +0100)]
refreshened and fortified strongSwan Root CA certificate

11 years agoimplemented parsing of pathLenConstraint
Andreas Steffen [Tue, 3 Nov 2009 23:03:10 +0000 (00:03 +0100)]
implemented parsing of pathLenConstraint

11 years agoversion bump to 4.3.6
Andreas Steffen [Mon, 2 Nov 2009 21:47:55 +0000 (22:47 +0100)]
version bump to 4.3.6

11 years agoUse XFRM instead of PF_KEY IKE bypass policies in netlink based kernel interface
Martin Willi [Fri, 30 Oct 2009 10:19:32 +0000 (11:19 +0100)]
Use XFRM instead of PF_KEY IKE bypass policies in netlink based kernel interface

11 years agofixed a memory leak in OCSP fetching 4.3.5
Andreas Steffen [Thu, 29 Oct 2009 09:00:19 +0000 (10:00 +0100)]
fixed a memory leak in OCSP fetching

11 years agoQuery secrets in EAP-MD5 with me/other identities, fixing lookup in NetworkManager
Martin Willi [Mon, 26 Oct 2009 07:47:40 +0000 (08:47 +0100)]
Query secrets in EAP-MD5 with me/other identities, fixing lookup in NetworkManager

11 years agoShow the number of times a lock was acquired in lock profiler
Martin Willi [Fri, 23 Oct 2009 06:12:17 +0000 (08:12 +0200)]
Show the number of times a lock was acquired in lock profiler

11 years agoHand out shared secret of load tester for all identities
Martin Willi [Thu, 22 Oct 2009 14:44:07 +0000 (16:44 +0200)]
Hand out shared secret of load tester for all identities

11 years agoFixed all doxygen warnings
Martin Willi [Thu, 22 Oct 2009 12:34:10 +0000 (14:34 +0200)]
Fixed all doxygen warnings

11 years agoStore return value of getc() in an int to correctly test it against EOF
Martin Willi [Thu, 22 Oct 2009 11:13:06 +0000 (13:13 +0200)]
Store return value of getc() in an int to correctly test it against EOF

11 years agoLoad-testers PSK is used for all purposes, including EAP authentication
Martin Willi [Tue, 20 Oct 2009 13:54:13 +0000 (15:54 +0200)]
Load-testers PSK is used for all purposes, including EAP authentication

11 years agohyphenate eap-radius 4.3.5rc1
Andreas Steffen [Sat, 17 Oct 2009 07:23:09 +0000 (09:23 +0200)]
hyphenate eap-radius

11 years agoadded IKEv1 mixed tunnel fix to NEWS
Andreas Steffen [Fri, 16 Oct 2009 15:57:42 +0000 (17:57 +0200)]
added IKEv1 mixed tunnel fix to NEWS

11 years agoadded ipv6/net2net-ip4-in-ip6-ikev1 and ipv6/net2net-ip4-in-ip6-ikev1 scenarios
Andreas Steffen [Fri, 16 Oct 2009 13:04:17 +0000 (15:04 +0200)]
added ipv6/net2net-ip4-in-ip6-ikev1 and ipv6/net2net-ip4-in-ip6-ikev1 scenarios

11 years agosetting the IP family enables mixed tunnels
Heiko Hund [Fri, 16 Oct 2009 12:50:12 +0000 (14:50 +0200)]
setting the IP family enables mixed tunnels

11 years agoDo not null-terminate url in hash-and-url payloads
Martin Willi [Fri, 16 Oct 2009 07:21:28 +0000 (09:21 +0200)]
Do not null-terminate url in hash-and-url payloads

11 years agouse directory enumerator to load authcerts
Andreas Steffen [Thu, 15 Oct 2009 16:01:10 +0000 (18:01 +0200)]
use directory enumerator to load authcerts

11 years agocleaned out some bugs in refactoring of ac.c
Andreas Steffen [Thu, 15 Oct 2009 15:30:04 +0000 (17:30 +0200)]
cleaned out some bugs in refactoring of ac.c

11 years agocorrected description of ikev1/ip-pool-db scenario
Andreas Steffen [Thu, 15 Oct 2009 13:25:36 +0000 (15:25 +0200)]
corrected description of ikev1/ip-pool-db scenario

11 years agobuild eap-aka-3gpp2 plugin in UML scenarios
Andreas Steffen [Thu, 15 Oct 2009 13:22:48 +0000 (15:22 +0200)]
build eap-aka-3gpp2 plugin in UML scenarios

11 years agomoved .gitignore for pool
Andreas Steffen [Thu, 15 Oct 2009 12:57:21 +0000 (14:57 +0200)]
moved .gitignore for pool

11 years agomoved .gitignore for pool
Andreas Steffen [Thu, 15 Oct 2009 12:55:35 +0000 (14:55 +0200)]
moved .gitignore for pool

11 years agoAdded NEWS about streamlined plugin names
Martin Willi [Thu, 15 Oct 2009 09:12:13 +0000 (11:12 +0200)]
Added NEWS about streamlined plugin names

11 years agoRenamed plugin configuration sections to the actual plugin name
Martin Willi [Thu, 15 Oct 2009 08:13:25 +0000 (10:13 +0200)]
Renamed plugin configuration sections to the actual plugin name

11 years agoStreamlined EAP plugins to use a dash between eap-method, as used in all other places
Martin Willi [Thu, 15 Oct 2009 07:59:06 +0000 (09:59 +0200)]
Streamlined EAP plugins to use a dash between eap-method, as used in all other places

11 years agoRenamed --enable-load-tests to --enable-load-tester, like the plugin itself
Martin Willi [Thu, 15 Oct 2009 08:34:49 +0000 (10:34 +0200)]
Renamed --enable-load-tests to --enable-load-tester, like the plugin itself

11 years agoUpdated configuration directive of resolve plugin, renamed from resolv_conf
Martin Willi [Thu, 15 Oct 2009 08:07:01 +0000 (10:07 +0200)]
Updated configuration directive of resolve plugin, renamed from resolv_conf

11 years agoMigrated the lease_history option to the new libstrongswan plugin namespace
Martin Willi [Thu, 15 Oct 2009 08:10:54 +0000 (10:10 +0200)]
Migrated the lease_history option to the new libstrongswan plugin namespace

11 years agoadded ikev1/ip-pool-db-push scenario
Andreas Steffen [Wed, 14 Oct 2009 19:35:43 +0000 (21:35 +0200)]
added ikev1/ip-pool-db-push scenario

11 years agoNEWS for the 4.3.5dr3 release
Andreas Steffen [Wed, 14 Oct 2009 16:02:15 +0000 (18:02 +0200)]
NEWS for the 4.3.5dr3 release

11 years agoadded ikev1/ip-pool-db scenario
Andreas Steffen [Wed, 14 Oct 2009 12:51:12 +0000 (14:51 +0200)]
added ikev1/ip-pool-db scenario

11 years agopool should be in th gitignore list
Andreas Steffen [Wed, 14 Oct 2009 12:37:03 +0000 (14:37 +0200)]
pool should be in th gitignore list

11 years agopluto now supports SQL-based virtual IP pools
Andreas Steffen [Wed, 14 Oct 2009 12:30:14 +0000 (14:30 +0200)]
pluto now supports SQL-based virtual IP pools

11 years agopluto can now make use of the mysql and sqlite plugins
Andreas Steffen [Wed, 14 Oct 2009 10:43:54 +0000 (12:43 +0200)]
pluto can now make use of the mysql and sqlite plugins

11 years agofixed inconsistent triplets.dat files
Andreas Steffen [Wed, 14 Oct 2009 09:08:01 +0000 (11:08 +0200)]
fixed inconsistent triplets.dat files

11 years agoImproved debugging log in SIM triplet lookup
Martin Willi [Wed, 14 Oct 2009 07:55:14 +0000 (09:55 +0200)]
Improved debugging log in SIM triplet lookup

11 years agomove SQL-based pool functionality to new attr-sql libstrongswan plugin
Andreas Steffen [Tue, 13 Oct 2009 15:02:29 +0000 (17:02 +0200)]
move SQL-based pool functionality to new attr-sql libstrongswan plugin

11 years agocheck provenance of nameserver entry
Andreas Steffen [Tue, 13 Oct 2009 11:58:43 +0000 (13:58 +0200)]
check provenance of nameserver entry

11 years agouse definitions from libstrongswan/attributes/attributes.h
Andreas Steffen [Tue, 13 Oct 2009 11:55:06 +0000 (13:55 +0200)]
use definitions from libstrongswan/attributes/attributes.h

11 years agomoved attribute_manager to libstrongswan
Andreas Steffen [Tue, 13 Oct 2009 11:46:27 +0000 (13:46 +0200)]
moved attribute_manager to libstrongswan

11 years agoFixed assignment of get_triplet() dummy implementation
Martin Willi [Tue, 13 Oct 2009 09:04:15 +0000 (11:04 +0200)]
Fixed assignment of get_triplet() dummy implementation

11 years agoscepclient now requires x509 plugin
Andreas Steffen [Mon, 12 Oct 2009 17:56:21 +0000 (19:56 +0200)]
scepclient now requires x509 plugin

11 years agosql/rw-eap-aka-rsa scenario requires eapaka-3gpp2 plugin
Andreas Steffen [Mon, 12 Oct 2009 17:50:44 +0000 (19:50 +0200)]
sql/rw-eap-aka-rsa scenario requires eapaka-3gpp2 plugin

11 years agoupdated evaltest of ikev1/no-priv-key scenario
Andreas Steffen [Mon, 12 Oct 2009 17:48:20 +0000 (19:48 +0200)]
updated evaltest of ikev1/no-priv-key scenario

11 years agoINTERNAL_IP6_NETMASK needed for ModeConfig
Andreas Steffen [Mon, 12 Oct 2009 17:44:55 +0000 (19:44 +0200)]
INTERNAL_IP6_NETMASK needed for ModeConfig

11 years agoMerged SIM/USIM manager/card/provider, avoids code duplication
Martin Willi [Mon, 12 Oct 2009 12:40:21 +0000 (14:40 +0200)]
Merged SIM/USIM manager/card/provider, avoids code duplication

11 years agoAdded ${shlibs:Depends} dependency to Debian package
Martin Willi [Mon, 12 Oct 2009 09:43:23 +0000 (11:43 +0200)]
Added ${shlibs:Depends} dependency to Debian package

11 years agoAdded .gitignore for NM Debian package build
Martin Willi [Mon, 12 Oct 2009 09:18:43 +0000 (11:18 +0200)]
Added .gitignore for NM Debian package build

11 years agoprepended all ISAKMP notification message types with ISAKMP_
Andreas Steffen [Mon, 12 Oct 2009 11:47:22 +0000 (13:47 +0200)]
prepended all ISAKMP notification message types with ISAKMP_

11 years agoPass NULL as other identity in EAP-AKA 3GPP2 to find a match with all plugins
Martin Willi [Mon, 12 Oct 2009 07:50:28 +0000 (09:50 +0200)]
Pass NULL as other identity in EAP-AKA 3GPP2 to find a match with all plugins

11 years agoStroke plugin interprets NULL identities as ID_ANY in shared key lookup
Martin Willi [Mon, 12 Oct 2009 07:49:11 +0000 (09:49 +0200)]
Stroke plugin interprets NULL identities as ID_ANY in shared key lookup

11 years agoadded some pluto changes to NEWS
Andreas Steffen [Mon, 12 Oct 2009 06:05:48 +0000 (08:05 +0200)]
added some pluto changes to NEWS

11 years agofixed output of offered CA
Andreas Steffen [Sun, 11 Oct 2009 19:24:39 +0000 (21:24 +0200)]
fixed output of offered CA

11 years agofixed broken smartcard support (bug #91)
Andreas Steffen [Sun, 11 Oct 2009 19:14:05 +0000 (21:14 +0200)]
fixed broken smartcard support (bug #91)

11 years agosome missing refactoring changes
Andreas Steffen [Sun, 11 Oct 2009 18:14:18 +0000 (20:14 +0200)]
some missing refactoring changes

11 years agomyids might not be defined yet
Andreas Steffen [Sun, 11 Oct 2009 16:05:27 +0000 (18:05 +0200)]
myids might not be defined yet

11 years agofixed refactoring bug
Andreas Steffen [Sun, 11 Oct 2009 14:34:04 +0000 (16:34 +0200)]
fixed refactoring bug

11 years agoadapted ikev2/rw-eap-aka scenarios to eapaka-3gpp2 plugin
Andreas Steffen [Sat, 10 Oct 2009 22:35:01 +0000 (00:35 +0200)]
adapted ikev2/rw-eap-aka scenarios to eapaka-3gpp2 plugin