strongswan.git
12 years agotypo
Tobias Brunner [Tue, 2 Oct 2007 13:56:58 +0000 (13:56 -0000)]
typo

12 years agodo not attempt to encrypt payloads without crypter or signer (allows to override...
Tobias Brunner [Tue, 2 Oct 2007 13:31:12 +0000 (13:31 -0000)]
do not attempt to encrypt payloads without crypter or signer (allows to override message rules)

12 years agofixed "ipsec statusall" SPI formatting
Martin Willi [Tue, 2 Oct 2007 13:11:23 +0000 (13:11 -0000)]
fixed "ipsec statusall" SPI formatting

12 years agodestruction helper macros
Tobias Brunner [Tue, 2 Oct 2007 12:04:03 +0000 (12:04 -0000)]
destruction helper macros

12 years agofixed sqlite database path
Martin Willi [Tue, 2 Oct 2007 11:55:19 +0000 (11:55 -0000)]
fixed sqlite database path

12 years agoID payload with explicit payload type
Tobias Brunner [Tue, 2 Oct 2007 11:55:10 +0000 (11:55 -0000)]
ID payload with explicit payload type

12 years agoget_first_payload_type for message_t
Tobias Brunner [Tue, 2 Oct 2007 11:42:27 +0000 (11:42 -0000)]
get_first_payload_type for message_t

12 years agoupdated NEWS for 4.1.7
Martin Willi [Tue, 2 Oct 2007 11:36:54 +0000 (11:36 -0000)]
updated NEWS for 4.1.7

12 years agodummy callback added to interface manager
Tobias Brunner [Tue, 2 Oct 2007 11:33:16 +0000 (11:33 -0000)]
dummy callback added to interface manager

12 years agoadded thread initialization/deinitialization hooks
Martin Willi [Tue, 2 Oct 2007 11:23:14 +0000 (11:23 -0000)]
added thread initialization/deinitialization hooks
moved empty_enumerator to a public implementation

12 years agoremove control sockets on startup, as we don't have privileges on shutdown
Martin Willi [Tue, 2 Oct 2007 11:20:07 +0000 (11:20 -0000)]
remove control sockets on startup, as we don't have privileges on shutdown

12 years agoimproved debugging code for traffic selector processing
Martin Willi [Tue, 2 Oct 2007 07:39:56 +0000 (07:39 -0000)]
improved debugging code for traffic selector processing

12 years agorenamed force_encap to forceencaps (as it is named in openswan)
Martin Willi [Tue, 2 Oct 2007 06:57:58 +0000 (06:57 -0000)]
renamed force_encap to forceencaps (as it is named in openswan)

12 years agofixed path to the local libstrongswan build
Andreas Steffen [Mon, 1 Oct 2007 20:15:28 +0000 (20:15 -0000)]
fixed path to the local libstrongswan build

12 years agomoved force_encap to ike_config, enables responder to enforce udp encapsulation
Martin Willi [Mon, 1 Oct 2007 16:41:34 +0000 (16:41 -0000)]
moved force_encap to ike_config, enables responder to enforce udp encapsulation
fixed bugs in force_encap code

12 years agoremoved accidentally checked in debugging code
Martin Willi [Mon, 1 Oct 2007 12:25:26 +0000 (12:25 -0000)]
removed accidentally checked in debugging code

12 years agoimplemented IKEv2 force_encap connection parameter
Martin Willi [Mon, 1 Oct 2007 12:19:39 +0000 (12:19 -0000)]
implemented IKEv2 force_encap connection parameter
  enforces UDP encapsulation by faking NAT detection payloads
  to hurdle restrictive firewalls

12 years agofixed stuid()/setgid() and error handling
Martin Willi [Mon, 1 Oct 2007 09:07:10 +0000 (09:07 -0000)]
fixed stuid()/setgid() and error handling

12 years agofixed updown script privilige inheritance for pluto, too
Martin Willi [Fri, 28 Sep 2007 09:42:55 +0000 (09:42 -0000)]
fixed updown script privilige inheritance for pluto, too

12 years agoimplemented more aggressive MOBIKE path probing
Martin Willi [Fri, 28 Sep 2007 08:22:37 +0000 (08:22 -0000)]
implemented more aggressive MOBIKE path probing
do not queue more than one MOBIKE task

12 years agofixed CHILD_SA SPI byte order in XML interface
Martin Willi [Fri, 28 Sep 2007 07:05:15 +0000 (07:05 -0000)]
fixed CHILD_SA SPI byte order in XML interface

12 years agochanged inheritable capability set to the permitted one to execute firewall script...
Martin Willi [Fri, 28 Sep 2007 07:04:09 +0000 (07:04 -0000)]
changed inheritable capability set to the permitted one to execute firewall script with CAP_NET_ADMIN

12 years agoimplemented proper argument parsing code
Martin Willi [Fri, 28 Sep 2007 06:43:59 +0000 (06:43 -0000)]
implemented proper argument parsing code

12 years agoremoved colons from session cookie
Martin Willi [Thu, 27 Sep 2007 13:10:10 +0000 (13:10 -0000)]
removed colons from session cookie

12 years agoreduced debbugging level
Martin Willi [Thu, 27 Sep 2007 13:09:50 +0000 (13:09 -0000)]
reduced debbugging level

12 years agomade add_ip()/del_ip() calls synchron (waiting until kernel event received)
Martin Willi [Thu, 27 Sep 2007 12:48:00 +0000 (12:48 -0000)]
made add_ip()/del_ip() calls synchron (waiting until kernel event received)
  this should fix MOBIKE route migration with virtual IPs

12 years agotypos
Tobias Brunner [Thu, 27 Sep 2007 10:36:03 +0000 (10:36 -0000)]
typos

12 years agoimplemented SHA1 encrypted passwords for manager
Martin Willi [Thu, 27 Sep 2007 07:15:47 +0000 (07:15 -0000)]
implemented SHA1 encrypted passwords for manager

12 years agoadded vsyslog to leak detectives white list
Martin Willi [Thu, 27 Sep 2007 06:40:50 +0000 (06:40 -0000)]
added vsyslog to leak detectives white list
removed debugging hook on openac cleanup

12 years agoupdated TODO
Martin Willi [Wed, 26 Sep 2007 15:08:34 +0000 (15:08 -0000)]
updated TODO

12 years agofixed argument processing bug
Martin Willi [Wed, 26 Sep 2007 15:07:34 +0000 (15:07 -0000)]
fixed argument processing bug

12 years agorefactored strongswan manager
Martin Willi [Wed, 26 Sep 2007 14:02:21 +0000 (14:02 -0000)]
refactored strongswan manager
  removed buggy request parsing code, use ClearSilvers CGI kit instead
fixed CHILD_SA listing in manager (needs better design)
using secure XML communication through unix sockets
removed images with questionable (non-GPL) license

12 years agocleaning up
Andreas Steffen [Tue, 25 Sep 2007 20:13:06 +0000 (20:13 -0000)]
cleaning up

12 years agoupdated openac man page
Andreas Steffen [Tue, 25 Sep 2007 20:11:28 +0000 (20:11 -0000)]
updated openac man page

12 years agoupdated copyright
Andreas Steffen [Tue, 25 Sep 2007 20:10:58 +0000 (20:10 -0000)]
updated copyright

12 years agoignore : separators in hex input
Andreas Steffen [Tue, 25 Sep 2007 20:09:40 +0000 (20:09 -0000)]
ignore : separators in hex input

12 years agofixed bug occuring with multiple queued Quick Modes and NAT Traversal
Andreas Steffen [Tue, 25 Sep 2007 20:07:31 +0000 (20:07 -0000)]
fixed bug occuring with multiple queued Quick Modes and NAT Traversal

12 years agofixed bug occuring with multiple queued Quick Modes and NAT Traversal
Andreas Steffen [Tue, 25 Sep 2007 20:07:04 +0000 (20:07 -0000)]
fixed bug occuring with multiple queued Quick Modes and NAT Traversal

12 years agoimproved MOBIKE roaming between interfaces
Martin Willi [Mon, 24 Sep 2007 12:15:25 +0000 (12:15 -0000)]
improved MOBIKE roaming between interfaces

12 years agocorrect build of the ac signature
Andreas Steffen [Wed, 19 Sep 2007 04:57:45 +0000 (04:57 -0000)]
correct build of the ac signature

12 years agoreplace sizeof(buf) by BUF_LEN
Andreas Steffen [Tue, 18 Sep 2007 22:10:52 +0000 (22:10 -0000)]
replace sizeof(buf) by BUF_LEN

12 years agorecovered lost asn1_init() function
Andreas Steffen [Tue, 18 Sep 2007 21:21:19 +0000 (21:21 -0000)]
recovered lost asn1_init() function

12 years agodeclared timetoasn1()function
Andreas Steffen [Tue, 18 Sep 2007 21:04:55 +0000 (21:04 -0000)]
declared timetoasn1()function

12 years agomoved position of timetoas1n
Andreas Steffen [Tue, 18 Sep 2007 21:04:39 +0000 (21:04 -0000)]
moved position of timetoas1n

12 years agoadded all required includes
Andreas Steffen [Tue, 18 Sep 2007 20:49:05 +0000 (20:49 -0000)]
added all required includes

12 years agofixed to bugs in optionsfrom.c
Andreas Steffen [Tue, 18 Sep 2007 20:35:28 +0000 (20:35 -0000)]
fixed to bugs in optionsfrom.c

12 years agomoved loglite.c from openac to scepclient
Andreas Steffen [Tue, 18 Sep 2007 15:59:56 +0000 (15:59 -0000)]
moved loglite.c from openac to scepclient

12 years agofixed typo / include
Martin Willi [Tue, 18 Sep 2007 13:30:01 +0000 (13:30 -0000)]
fixed typo / include

12 years agoadded new version of optionsfrom using libstrongswan
Andreas Steffen [Tue, 18 Sep 2007 11:26:51 +0000 (11:26 -0000)]
added new version of optionsfrom using libstrongswan

12 years agoremoved some empty lines
Andreas Steffen [Tue, 18 Sep 2007 11:23:52 +0000 (11:23 -0000)]
removed some empty lines

12 years agoreturn argument has type size_t
Andreas Steffen [Tue, 18 Sep 2007 11:21:55 +0000 (11:21 -0000)]
return argument has type size_t

12 years agoprototype implemementation of an sqlite configuration backend
Martin Willi [Tue, 18 Sep 2007 07:12:21 +0000 (07:12 -0000)]
prototype implemementation of an sqlite configuration backend

12 years agoremoved unneded template logout.cs, fixes #10
Martin Willi [Tue, 18 Sep 2007 05:37:31 +0000 (05:37 -0000)]
removed unneded template logout.cs, fixes #10

12 years agoconnection name to IKE_SA initiating
Andreas Steffen [Sat, 15 Sep 2007 20:30:04 +0000 (20:30 -0000)]
connection name to IKE_SA initiating

12 years agoput IKE_SA and CHILD_SA names in single quotes
Andreas Steffen [Sat, 15 Sep 2007 16:06:58 +0000 (16:06 -0000)]
put IKE_SA and CHILD_SA names in single quotes

12 years agolog name of IKE_SA in state changes
Andreas Steffen [Sat, 15 Sep 2007 15:54:51 +0000 (15:54 -0000)]
log name of IKE_SA in state changes

12 years agolog name of established IKE_SA
Andreas Steffen [Sat, 15 Sep 2007 15:54:30 +0000 (15:54 -0000)]
log name of established IKE_SA

12 years agolog name of established CHILD_SA
Andreas Steffen [Sat, 15 Sep 2007 15:53:10 +0000 (15:53 -0000)]
log name of established CHILD_SA

12 years agoadapted format of IKE SPIs to strongSwan Manager's style
Andreas Steffen [Sat, 15 Sep 2007 15:35:02 +0000 (15:35 -0000)]
adapted format of IKE SPIs to strongSwan Manager's style

12 years agocorrected image title
Andreas Steffen [Sat, 15 Sep 2007 15:28:48 +0000 (15:28 -0000)]
corrected image title

12 years agoadded connection name to IKE_SA title
Martin Willi [Fri, 14 Sep 2007 14:18:09 +0000 (14:18 -0000)]
added connection name to IKE_SA title

12 years agoadded missing distribution/install files
Martin Willi [Fri, 14 Sep 2007 14:17:43 +0000 (14:17 -0000)]
added missing distribution/install files

12 years agoadded subnets of CHILD_SAs to xml interface
Martin Willi [Fri, 14 Sep 2007 14:07:30 +0000 (14:07 -0000)]
added subnets of CHILD_SAs to xml interface
a first design of Managers IKE_SA list page

12 years agopeer_cfg now knows about group memberships
Andreas Steffen [Thu, 13 Sep 2007 15:33:17 +0000 (15:33 -0000)]
peer_cfg now knows about group memberships

12 years agoadded missing 'break' in checkout_by_peer
Tobias Brunner [Thu, 13 Sep 2007 13:00:23 +0000 (13:00 -0000)]
added missing 'break' in checkout_by_peer

12 years agoadded DATA files to EXTRA_DIST
Martin Willi [Thu, 13 Sep 2007 08:32:14 +0000 (08:32 -0000)]
added DATA files to EXTRA_DIST

12 years agoadded compiler-soothing parentheses
Andreas Steffen [Thu, 13 Sep 2007 08:22:37 +0000 (08:22 -0000)]
added compiler-soothing parentheses

12 years agofixed 64bit issue with file descriptor
Martin Willi [Thu, 13 Sep 2007 08:19:15 +0000 (08:19 -0000)]
fixed 64bit issue with file descriptor

12 years agoadded debugging helper script for manager
Martin Willi [Thu, 13 Sep 2007 08:15:24 +0000 (08:15 -0000)]
added debugging helper script for manager

12 years agofixed scenario loading
Martin Willi [Thu, 13 Sep 2007 08:10:36 +0000 (08:10 -0000)]
fixed scenario loading

12 years agoadded missing enumerator.h to distribution
Martin Willi [Thu, 13 Sep 2007 08:06:17 +0000 (08:06 -0000)]
added missing enumerator.h to distribution

12 years agoreplaced a confusing template with an ugly one (ikesalist)
Martin Willi [Thu, 13 Sep 2007 07:59:51 +0000 (07:59 -0000)]
replaced a confusing template with an ugly one (ikesalist)

12 years agomanager can query and list IKE_SA status (no layout yet)
Martin Willi [Thu, 13 Sep 2007 07:45:04 +0000 (07:45 -0000)]
manager can query and list IKE_SA status (no layout yet)

12 years agoadded Daniel Wydler to copyright.c
Andreas Steffen [Thu, 13 Sep 2007 07:07:30 +0000 (07:07 -0000)]
added Daniel Wydler to copyright.c

12 years agoremoved unused LARGEST_HASH_OID_SIZE definition
Andreas Steffen [Thu, 13 Sep 2007 06:26:57 +0000 (06:26 -0000)]
removed unused LARGEST_HASH_OID_SIZE definition

12 years agoonly switch to port 4500 if we are on 500: fixed reauthentication in NAT
Martin Willi [Wed, 12 Sep 2007 11:11:10 +0000 (11:11 -0000)]
only switch to port 4500 if we are on 500: fixed reauthentication in NAT
scenarios

12 years agoreplaced 8 by BITS_PER_BYTE
Andreas Steffen [Wed, 12 Sep 2007 09:19:59 +0000 (09:19 -0000)]
replaced 8 by BITS_PER_BYTE

12 years agoerror message outputs hash size differences
Andreas Steffen [Wed, 12 Sep 2007 08:02:41 +0000 (08:02 -0000)]
error message outputs hash size differences

12 years agorenamed encoded_hash to digestInfo
Andreas Steffen [Wed, 12 Sep 2007 08:01:59 +0000 (08:01 -0000)]
renamed encoded_hash to digestInfo

12 years agoincluded pem.h and x509.h; fixed comparison bug
Andreas Steffen [Wed, 12 Sep 2007 07:56:00 +0000 (07:56 -0000)]
included pem.h and x509.h; fixed comparison bug

12 years agoremoved unused chunk variable
Andreas Steffen [Wed, 12 Sep 2007 07:54:56 +0000 (07:54 -0000)]
removed unused chunk variable

12 years agoincluded kernel_alg.h
Andreas Steffen [Wed, 12 Sep 2007 07:54:28 +0000 (07:54 -0000)]
included kernel_alg.h

12 years agomoving virtual IP when interface changes due mobike
Martin Willi [Wed, 12 Sep 2007 07:36:45 +0000 (07:36 -0000)]
moving virtual IP when interface changes due mobike

12 years agofixed NAT detection with mobike
Martin Willi [Wed, 12 Sep 2007 07:14:05 +0000 (07:14 -0000)]
fixed NAT detection with mobike

12 years agofixed shutdown order to prevent crash when kernel interface schedules events
Martin Willi [Wed, 12 Sep 2007 07:12:25 +0000 (07:12 -0000)]
fixed shutdown order to prevent crash when kernel interface schedules events

12 years agofixed warnings and memory leak
Martin Willi [Wed, 12 Sep 2007 07:11:41 +0000 (07:11 -0000)]
fixed warnings and memory leak

12 years agoadded error messages in signature verification
Andreas Steffen [Wed, 12 Sep 2007 07:06:52 +0000 (07:06 -0000)]
added error messages in signature verification

12 years agoincreased debug level for errors to DBG1
Andreas Steffen [Wed, 12 Sep 2007 06:56:59 +0000 (06:56 -0000)]
increased debug level for errors to DBG1

12 years agooverwrite shared_key with random bytes before freeing it
Andreas Steffen [Tue, 11 Sep 2007 21:06:46 +0000 (21:06 -0000)]
overwrite shared_key with random bytes before freeing it

12 years agocheck for surplus bytes in EM structure after the digestInfo
Andreas Steffen [Tue, 11 Sep 2007 20:45:59 +0000 (20:45 -0000)]
check for surplus bytes in EM structure after the digestInfo

12 years agocheck hash algorithms used in signatures
Andreas Steffen [Tue, 11 Sep 2007 20:10:38 +0000 (20:10 -0000)]
check hash algorithms used in signatures

12 years agoOID_UNKNOWN (-1) requires int type
Andreas Steffen [Tue, 11 Sep 2007 17:33:37 +0000 (17:33 -0000)]
OID_UNKNOWN (-1) requires int type

12 years agoremoved rsa_private_key clone() function
Andreas Steffen [Tue, 11 Sep 2007 16:26:08 +0000 (16:26 -0000)]
removed rsa_private_key clone() function

12 years agoadded md2, sha256, sha384, and sha512 ASN.1 algorithm IDs
Andreas Steffen [Tue, 11 Sep 2007 16:25:28 +0000 (16:25 -0000)]
added md2, sha256, sha384, and sha512 ASN.1 algorithm IDs

12 years agofirst revision of new manager webapp
Martin Willi [Tue, 11 Sep 2007 15:22:02 +0000 (15:22 -0000)]
first revision of new manager webapp

12 years agoreplaced get_rsa_private_key() by rsa_signature() in order restrict the distribution...
Andreas Steffen [Tue, 11 Sep 2007 10:18:25 +0000 (10:18 -0000)]
replaced get_rsa_private_key() by rsa_signature() in order restrict the distribution of private key material

12 years agompz_clear_randomized() overwrites private key material before releasing it
Andreas Steffen [Mon, 10 Sep 2007 19:34:46 +0000 (19:34 -0000)]
mpz_clear_randomized() overwrites private key material before releasing it

12 years agooverwrite storage used for shared secrets with pseudo-random bytes before releasing it
Andreas Steffen [Mon, 10 Sep 2007 19:12:01 +0000 (19:12 -0000)]
overwrite storage used for shared secrets with pseudo-random bytes before releasing it

12 years agoipsec barf is not supported by the strongSwan 4.1 branch
Andreas Steffen [Mon, 10 Sep 2007 13:32:15 +0000 (13:32 -0000)]
ipsec barf is not supported by the strongSwan 4.1 branch

12 years agothe new function chunk_free_randomized() overwrites the contents of a chunk with...
Andreas Steffen [Mon, 10 Sep 2007 12:16:24 +0000 (12:16 -0000)]
the new function chunk_free_randomized() overwrites the contents of a chunk with pseudo-random bytes before freeing it