strongswan.git
12 years agoconvert comma-separated RDNs into slash-separated OpenSSL --subject format
Andreas Steffen [Thu, 5 Jun 2008 19:28:08 +0000 (19:28 -0000)]
convert comma-separated RDNs into slash-separated OpenSSL --subject format

12 years agofixed --utc parsing position
Martin Willi [Thu, 5 Jun 2008 13:56:10 +0000 (13:56 -0000)]
fixed --utc parsing position
support for DN filtering usign id="CN=asdf, O=asdf",addr=1.1.1.1
changed order of --leases columns

12 years agoadded statistics functions and input validation checks to ipsec pool
Andreas Steffen [Thu, 5 Jun 2008 12:17:08 +0000 (12:17 -0000)]
added statistics functions and input validation checks to ipsec pool

12 years agofixed UTC identitation
Martin Willi [Thu, 5 Jun 2008 08:52:27 +0000 (08:52 -0000)]
fixed UTC identitation
implement filtering in --leases

12 years agofixed NULL string mysql parameter
Martin Willi [Thu, 5 Jun 2008 08:24:55 +0000 (08:24 -0000)]
fixed NULL string mysql parameter

12 years agomoved copying of tables.sql after the strongswan installation
Andreas Steffen [Thu, 5 Jun 2008 07:25:27 +0000 (07:25 -0000)]
moved copying of tables.sql after the strongswan installation

12 years agocosmetics in size field of ipsec pool --status command
Andreas Steffen [Wed, 4 Jun 2008 22:20:19 +0000 (22:20 -0000)]
cosmetics in size field of ipsec pool --status command

12 years agodo not roam IKE_SA in created or deleting state
Martin Willi [Wed, 4 Jun 2008 14:31:06 +0000 (14:31 -0000)]
do not roam IKE_SA in created or deleting state

12 years agoadded pool statistics (size, online, lease count, with usage ratio)
Martin Willi [Wed, 4 Jun 2008 14:01:44 +0000 (14:01 -0000)]
added pool statistics (size, online, lease count, with usage ratio)

12 years agosome input validation checks for --add and --resize
Martin Willi [Wed, 4 Jun 2008 13:18:55 +0000 (13:18 -0000)]
some input validation checks for --add and --resize
--purge keeps an entry for each address to allow their reallaction

12 years agotolerating chown failures on installation, required to build some packages
Martin Willi [Wed, 4 Jun 2008 12:09:24 +0000 (12:09 -0000)]
tolerating chown failures on installation, required to build some packages

12 years agoremoved unused variable
Martin Willi [Tue, 3 Jun 2008 12:14:02 +0000 (12:14 -0000)]
removed unused variable

12 years agoadded missing strongswan.conf
Andreas Steffen [Sat, 31 May 2008 08:56:13 +0000 (08:56 -0000)]
added missing strongswan.conf

12 years agodivided ipsec.sql into tables.sql and data.sql
Andreas Steffen [Sat, 31 May 2008 08:53:48 +0000 (08:53 -0000)]
divided ipsec.sql into tables.sql and data.sql

12 years agoadded missing TCPDUMPHOST alice
Andreas Steffen [Thu, 29 May 2008 08:58:49 +0000 (08:58 -0000)]
added missing TCPDUMPHOST alice

12 years agoadded two Elliptic Curve DH Group scenarios using the openssl library
Andreas Steffen [Thu, 29 May 2008 08:28:20 +0000 (08:28 -0000)]
added two Elliptic Curve DH Group scenarios using the openssl library

12 years agoCIRCLEQ patch submitted by Jay Pfeifer
Andreas Steffen [Thu, 29 May 2008 07:49:47 +0000 (07:49 -0000)]
CIRCLEQ patch submitted by Jay Pfeifer

12 years agoadded missing comma in enumeration
Andreas Steffen [Thu, 29 May 2008 06:55:03 +0000 (06:55 -0000)]
added missing comma in enumeration

12 years agoactivate --enable-openssl option in uml scenarios
Andreas Steffen [Wed, 28 May 2008 14:13:40 +0000 (14:13 -0000)]
activate --enable-openssl option in uml scenarios

12 years agoadded openssl/rw-cert uml scenario
Andreas Steffen [Wed, 28 May 2008 13:49:53 +0000 (13:49 -0000)]
added openssl/rw-cert uml scenario

12 years agohandle default key sizes in openssl_crypter
Andreas Steffen [Wed, 28 May 2008 12:20:38 +0000 (12:20 -0000)]
handle default key sizes in openssl_crypter

12 years agoadded ikev2/rw-eap-md5-rsa scenario
Andreas Steffen [Wed, 28 May 2008 10:38:12 +0000 (10:38 -0000)]
added ikev2/rw-eap-md5-rsa scenario

12 years agoreinsert hash_and_url = yes option in strongswan.conf
Andreas Steffen [Wed, 28 May 2008 08:35:28 +0000 (08:35 -0000)]
reinsert hash_and_url = yes option in strongswan.conf

12 years agodefine plugins to be loaded in strongswan.conf
Andreas Steffen [Wed, 28 May 2008 08:29:51 +0000 (08:29 -0000)]
define plugins to be loaded in strongswan.conf

12 years agoversion bump to 4.2.4
Andreas Steffen [Sun, 25 May 2008 10:35:39 +0000 (10:35 -0000)]
version bump to 4.2.4

12 years agodo not list empty certuribase strings 4.2.3
Andreas Steffen [Sat, 24 May 2008 05:47:37 +0000 (05:47 -0000)]
do not list empty certuribase strings

12 years agofixed copy-and-paste error
Andreas Steffen [Fri, 23 May 2008 19:23:04 +0000 (19:23 -0000)]
fixed copy-and-paste error

12 years agocheck if parsing of the RSA public key in an X.509 certificate was successful
Andreas Steffen [Fri, 23 May 2008 19:22:37 +0000 (19:22 -0000)]
check if parsing of the RSA public key in an X.509 certificate was successful

12 years agofix caption alignment if date is displayed in local time
Andreas Steffen [Fri, 23 May 2008 19:21:08 +0000 (19:21 -0000)]
fix caption alignment if date is displayed in local time

12 years agocheck if crypter is available in pem_to_bin()
Andreas Steffen [Fri, 23 May 2008 19:18:08 +0000 (19:18 -0000)]
check if crypter is available in pem_to_bin()

12 years agoprocess payload length more strictly
Martin Willi [Fri, 23 May 2008 18:23:17 +0000 (18:23 -0000)]
process payload length more strictly

12 years agosome bug fixes
Andreas Steffen [Fri, 23 May 2008 16:06:58 +0000 (16:06 -0000)]
some bug fixes

12 years agofixed some compiler warnings
Martin Willi [Fri, 23 May 2008 15:49:43 +0000 (15:49 -0000)]
fixed some compiler warnings

12 years agoadded --utc option to ipsec pool
Andreas Steffen [Fri, 23 May 2008 15:46:25 +0000 (15:46 -0000)]
added --utc option to ipsec pool

12 years agofiltering out non matching path probing pairs explicitly
Martin Willi [Fri, 23 May 2008 15:43:42 +0000 (15:43 -0000)]
filtering out non matching path probing pairs explicitly

12 years agoadded display of holderIssuer, holderSerial, and authorityKeyIdentifier
Andreas Steffen [Fri, 23 May 2008 14:24:24 +0000 (14:24 -0000)]
added display of holderIssuer, holderSerial, and authorityKeyIdentifier

12 years agofixed the strongswan.conf path
Andreas Steffen [Thu, 22 May 2008 21:59:54 +0000 (21:59 -0000)]
fixed the strongswan.conf path

12 years agofixed the strongswan.conf path
Andreas Steffen [Thu, 22 May 2008 21:59:30 +0000 (21:59 -0000)]
fixed the strongswan.conf path

12 years agoimplement basic listing of attribute certificates
Andreas Steffen [Thu, 22 May 2008 21:58:22 +0000 (21:58 -0000)]
implement basic listing of attribute certificates

12 years agolog received DH groups and PRFs if no common proposal is found
Andreas Steffen [Thu, 22 May 2008 14:18:44 +0000 (14:18 -0000)]
log received DH groups and PRFs if no common proposal is found

12 years agoId and typo
Tobias Brunner [Thu, 22 May 2008 12:13:10 +0000 (12:13 -0000)]
Id and typo

12 years agoadded the ECP groups from RFC 5114
Tobias Brunner [Thu, 22 May 2008 11:55:05 +0000 (11:55 -0000)]
added the ECP groups from RFC 5114

12 years agoadded ECDH with OpenSSL (see RFC 4753)
Tobias Brunner [Thu, 22 May 2008 11:39:17 +0000 (11:39 -0000)]
added ECDH with OpenSSL (see RFC 4753)

12 years agocorrectly initialize the mediation and connection manager
Tobias Brunner [Thu, 22 May 2008 11:33:35 +0000 (11:33 -0000)]
correctly initialize the mediation and connection manager

12 years agofixed segmentation fault caused by malformed attribute certificates
Andreas Steffen [Wed, 21 May 2008 22:53:45 +0000 (22:53 -0000)]
fixed segmentation fault caused by malformed attribute certificates

12 years agofixed parsing of UNKNOWN_PAYLOADs
Martin Willi [Wed, 21 May 2008 21:53:38 +0000 (21:53 -0000)]
fixed parsing of UNKNOWN_PAYLOADs

12 years agofixed typo
Andreas Steffen [Wed, 21 May 2008 21:52:59 +0000 (21:52 -0000)]
fixed typo

12 years agoversion bump to 4.2.3
Andreas Steffen [Wed, 21 May 2008 18:40:11 +0000 (18:40 -0000)]
version bump to 4.2.3

12 years agoreplying to COOKIE2 mobike notify properly 4.2.2
Martin Willi [Wed, 21 May 2008 17:56:21 +0000 (17:56 -0000)]
replying to COOKIE2 mobike notify properly
including COOKIE2 ourself after path probing

12 years agowriting guest pid to file (simplifies debugging)
Martin Willi [Wed, 21 May 2008 16:02:16 +0000 (16:02 -0000)]
writing guest pid to file (simplifies debugging)

12 years agousing fixed size keys in key derivation for AES-XCBC PRF
Martin Willi [Wed, 21 May 2008 14:58:03 +0000 (14:58 -0000)]
using fixed size keys in key derivation for AES-XCBC PRF

12 years agoadded more verbosity if signature hash OID is unknown
Martin Willi [Wed, 21 May 2008 13:01:58 +0000 (13:01 -0000)]
added more verbosity if signature hash OID is unknown

12 years agolist proposed ESP ENCRYPTION and INTEGRITY algorithms if no proposal is chosen
Andreas Steffen [Tue, 20 May 2008 21:54:33 +0000 (21:54 -0000)]
list proposed ESP ENCRYPTION and INTEGRITY algorithms if no proposal is chosen

12 years agoadded support of AES-CCM and AES-GCM
Andreas Steffen [Tue, 20 May 2008 19:38:28 +0000 (19:38 -0000)]
added support of AES-CCM and AES-GCM

12 years agocorrected evaltest.dat of ip-pool-db scenarios
Andreas Steffen [Tue, 20 May 2008 18:33:23 +0000 (18:33 -0000)]
corrected evaltest.dat of ip-pool-db scenarios

12 years agoadded the sql/ip-pool-db-restart and sql/ip-pool-db-expired scenarios
Andreas Steffen [Tue, 20 May 2008 18:30:39 +0000 (18:30 -0000)]
added the sql/ip-pool-db-restart and sql/ip-pool-db-expired scenarios

12 years agoremoved debug statement
Andreas Steffen [Tue, 20 May 2008 16:23:58 +0000 (16:23 -0000)]
removed debug statement

12 years agofixed whitespace eating in plugin loader
Andreas Steffen [Tue, 20 May 2008 15:03:15 +0000 (15:03 -0000)]
fixed whitespace eating in plugin loader

12 years agoadded missing break in case statement
Andreas Steffen [Mon, 19 May 2008 20:10:26 +0000 (20:10 -0000)]
added missing break in case statement

12 years agofixed loading of smp plugin
Martin Willi [Mon, 19 May 2008 14:20:07 +0000 (14:20 -0000)]
fixed loading of smp plugin

12 years agoadded an error message when strongswan.conf cannot be read
Tobias Brunner [Mon, 19 May 2008 13:20:33 +0000 (13:20 -0000)]
added an error message when strongswan.conf cannot be read

12 years agoadded a fixup for addresses from shared libraries in segmentation fault handler
Tobias Brunner [Mon, 19 May 2008 12:49:35 +0000 (12:49 -0000)]
added a fixup for addresses from shared libraries in segmentation fault handler

12 years agofixed the cleanup code when the credential factory fails to create a builder
Tobias Brunner [Mon, 19 May 2008 12:43:01 +0000 (12:43 -0000)]
fixed the cleanup code when the credential factory fails to create a builder

12 years agofixed a bug introduced in [3973]
Tobias Brunner [Mon, 19 May 2008 08:48:44 +0000 (08:48 -0000)]
fixed a bug introduced in [3973]

12 years agoadded ikev2/esp-alg-aes-ccm and ikev2/esp-alg-aes-gcm scenarios
Andreas Steffen [Sat, 17 May 2008 21:57:08 +0000 (21:57 -0000)]
added ikev2/esp-alg-aes-ccm and ikev2/esp-alg-aes-gcm scenarios

12 years agosuppress listing of integrity algorithm if it is undefined
Andreas Steffen [Sat, 17 May 2008 21:52:58 +0000 (21:52 -0000)]
suppress listing of integrity algorithm if it is undefined

12 years agoccm and gcm icv_sizes are accepted both in bits and octets
Andreas Steffen [Sat, 17 May 2008 21:51:47 +0000 (21:51 -0000)]
ccm and gcm icv_sizes are accepted both in bits and octets

12 years agofixed warning if plugin list has trailing whitespaces
Martin Willi [Fri, 16 May 2008 13:48:58 +0000 (13:48 -0000)]
fixed warning if plugin list has trailing whitespaces

12 years agoAdded support for AES-CCM and AES-GCM (authenticated encryption algorithms) in charon.
Tobias Brunner [Fri, 16 May 2008 13:27:21 +0000 (13:27 -0000)]
Added support for AES-CCM and AES-GCM (authenticated encryption algorithms) in charon.

12 years agoupdated xfrm.h to the version from the 2.6.25.4 kernel sources
Tobias Brunner [Fri, 16 May 2008 13:24:18 +0000 (13:24 -0000)]
updated xfrm.h to the version from the 2.6.25.4 kernel sources

12 years agofixed plugin names of EAP modules
Martin Willi [Fri, 16 May 2008 12:14:48 +0000 (12:14 -0000)]
fixed plugin names of EAP modules

12 years agomoved manager to its own subdirectory in ipsecdir
Martin Willi [Fri, 16 May 2008 09:13:23 +0000 (09:13 -0000)]
moved manager to its own subdirectory in ipsecdir

12 years agoloading default modules depending on configure options
Martin Willi [Fri, 16 May 2008 08:52:32 +0000 (08:52 -0000)]
loading default modules depending on configure options

12 years agoadded missing semicolon
Andreas Steffen [Thu, 15 May 2008 19:40:38 +0000 (19:40 -0000)]
added missing semicolon

12 years agosome NEWS for 4.2.2
Martin Willi [Thu, 15 May 2008 14:15:27 +0000 (14:15 -0000)]
some NEWS for 4.2.2

12 years agoplugin load configuration in strongswan.conf
Martin Willi [Thu, 15 May 2008 14:01:26 +0000 (14:01 -0000)]
plugin load configuration in strongswan.conf
  some components accept a "component.load" option with a space separated list of plugins to load
  libcharon- plugins are now handled the same way as libstrongswan- plugins

12 years agoRSA with OpenSSL
Tobias Brunner [Thu, 15 May 2008 12:41:06 +0000 (12:41 -0000)]
RSA with OpenSSL

12 years agocorrected deinitialisation of public key factory
Tobias Brunner [Thu, 15 May 2008 12:39:35 +0000 (12:39 -0000)]
corrected deinitialisation of public key factory

12 years agogeneric public key factory moved
Tobias Brunner [Thu, 15 May 2008 12:33:00 +0000 (12:33 -0000)]
generic public key factory moved

12 years agostatic leases use 0, not NULL timeout
Martin Willi [Thu, 15 May 2008 09:26:47 +0000 (09:26 -0000)]
static leases use 0, not NULL timeout
fixed static leases

12 years agoproperly removing bootup poll interface eth0
Martin Willi [Thu, 15 May 2008 08:41:00 +0000 (08:41 -0000)]
properly removing bootup poll interface eth0

12 years agoadded ikev2/compress scenario
Andreas Steffen [Wed, 14 May 2008 20:07:16 +0000 (20:07 -0000)]
added ikev2/compress scenario

12 years agoimplemented classical UML network scenario in dumm (ipsec testing)
Martin Willi [Wed, 14 May 2008 13:11:13 +0000 (13:11 -0000)]
implemented classical UML network scenario in dumm (ipsec testing)

12 years agopoll UML guests after startup using eth9=mcast, as networking is loaded after console
Martin Willi [Wed, 14 May 2008 11:48:00 +0000 (11:48 -0000)]
poll UML guests after startup using eth9=mcast, as networking is loaded after console

12 years agotypo
Tobias Brunner [Wed, 14 May 2008 11:10:37 +0000 (11:10 -0000)]
typo

12 years agoprototype of mediation client database plugin
Martin Willi [Wed, 14 May 2008 07:26:19 +0000 (07:26 -0000)]
prototype of mediation client database plugin

12 years agohandle ID_KEY_ID as a ID_PUBKEY_SHA1 for authentication
Martin Willi [Wed, 14 May 2008 06:49:31 +0000 (06:49 -0000)]
handle ID_KEY_ID as a ID_PUBKEY_SHA1 for authentication

12 years agofixed printing of %#H hosts
Martin Willi [Wed, 14 May 2008 06:34:54 +0000 (06:34 -0000)]
fixed printing of %#H hosts

12 years agoip pool now suppresses plugin loading debug output
Andreas Steffen [Tue, 13 May 2008 19:38:50 +0000 (19:38 -0000)]
ip pool now suppresses plugin loading debug output

12 years agoapplied aes-xcbc-96 to ike as well
Andreas Steffen [Tue, 13 May 2008 19:37:01 +0000 (19:37 -0000)]
applied aes-xcbc-96 to ike as well

12 years agoadded sql/ip-pool-db scenario
Andreas Steffen [Tue, 13 May 2008 19:35:10 +0000 (19:35 -0000)]
added sql/ip-pool-db scenario

12 years agoreverted [3945], proper fix for zero value ASN1 integer
Martin Willi [Tue, 13 May 2008 14:15:12 +0000 (14:15 -0000)]
reverted [3945], proper fix for zero value ASN1 integer

12 years agoupdated Makefile
Martin Willi [Tue, 13 May 2008 13:58:04 +0000 (13:58 -0000)]
updated Makefile

12 years agotool to calculate KEYIDs from keys
Martin Willi [Tue, 13 May 2008 13:57:42 +0000 (13:57 -0000)]
tool to calculate KEYIDs from keys

12 years agofixed unsave calculation of mpz_export length
Martin Willi [Tue, 13 May 2008 13:52:45 +0000 (13:52 -0000)]
fixed unsave calculation of mpz_export length

12 years agodecreased plugin load verbosity
Martin Willi [Tue, 13 May 2008 09:14:36 +0000 (09:14 -0000)]
decreased plugin load verbosity

12 years agofixed "pool --purge" on mysql
Martin Willi [Tue, 13 May 2008 07:39:24 +0000 (07:39 -0000)]
fixed "pool --purge" on mysql

12 years agofixed compiler warning (missing include)
Martin Willi [Tue, 13 May 2008 07:37:08 +0000 (07:37 -0000)]
fixed compiler warning (missing include)

12 years agofixed lookup for expired leases
Martin Willi [Tue, 13 May 2008 07:24:53 +0000 (07:24 -0000)]
fixed lookup for expired leases
initializing database if in inconsistent state

12 years agoadded caption to ipsec.sql file
Andreas Steffen [Tue, 13 May 2008 05:53:21 +0000 (05:53 -0000)]
added caption to ipsec.sql file