strongswan.git
13 years agoversion number selection fix
Martin Willi [Wed, 14 Mar 2007 11:20:34 +0000 (11:20 -0000)]
version number selection fix
some cleanups

13 years agocleaned up and fixed DPD handling code
Martin Willi [Wed, 14 Mar 2007 11:07:12 +0000 (11:07 -0000)]
cleaned up and fixed DPD handling code

13 years agoremoved cfg-payload dns test code
Martin Willi [Wed, 14 Mar 2007 11:04:31 +0000 (11:04 -0000)]
removed cfg-payload dns test code

13 years agoadded
Andreas Steffen [Wed, 14 Mar 2007 09:05:27 +0000 (09:05 -0000)]
added

13 years agoadded
Andreas Steffen [Wed, 14 Mar 2007 08:17:27 +0000 (08:17 -0000)]
added

13 years agoversion bump to strongswan-4.1.0 and linux-2.6.20.3
Andreas Steffen [Wed, 14 Mar 2007 08:15:36 +0000 (08:15 -0000)]
version bump to strongswan-4.1.0 and linux-2.6.20.3

13 years agocosmetics
Andreas Steffen [Wed, 14 Mar 2007 08:01:47 +0000 (08:01 -0000)]
cosmetics

13 years agoincreased control debugging output
Andreas Steffen [Wed, 14 Mar 2007 07:22:37 +0000 (07:22 -0000)]
increased control debugging output

13 years agoadded EAP-SIM authentication
Martin Willi [Tue, 13 Mar 2007 15:01:02 +0000 (15:01 -0000)]
added EAP-SIM authentication
  client side only
  uses an external SIM reader library specified with SIM_READER_LIB
  untested

13 years agonot detaching from bus when IKE_SA_INIT is retried
Martin Willi [Tue, 13 Mar 2007 14:55:53 +0000 (14:55 -0000)]
not detaching from bus when IKE_SA_INIT is retried

13 years agoadded AES-192/256 proposals to IKE
Martin Willi [Tue, 13 Mar 2007 14:55:03 +0000 (14:55 -0000)]
added AES-192/256 proposals to IKE

13 years agoadded generic EAP_IDENTITY client implementation using peers IKEv2 ID
Martin Willi [Tue, 13 Mar 2007 14:54:24 +0000 (14:54 -0000)]
added generic EAP_IDENTITY client implementation using peers IKEv2 ID

13 years agofixed compilation warnings and errors when not using curl
Martin Willi [Tue, 13 Mar 2007 14:52:18 +0000 (14:52 -0000)]
fixed compilation warnings and errors when not using curl

13 years agoresults from the single responses is stored in the corresponding certinfo_t structs
Andreas Steffen [Mon, 12 Mar 2007 13:42:31 +0000 (13:42 -0000)]
results from the single responses is stored in the corresponding certinfo_t structs

13 years agomoved credential_store.h from charon/config/credentials to libstrongswan
Andreas Steffen [Fri, 9 Mar 2007 16:50:19 +0000 (16:50 -0000)]
moved credential_store.h from charon/config/credentials to libstrongswan

13 years agolast patch removed, changed CURLOPT_FILE to CURLOPT_WRITEDATA
Andreas Steffen [Fri, 9 Mar 2007 16:12:51 +0000 (16:12 -0000)]
last patch removed, changed CURLOPT_FILE to CURLOPT_WRITEDATA

13 years agofixed memory leak by calling curl_slist_free_all(headers)
Andreas Steffen [Fri, 9 Mar 2007 16:09:49 +0000 (16:09 -0000)]
fixed memory leak by calling curl_slist_free_all(headers)

13 years agofixed memory leak by calling curl_slist_free_all(headers)
Andreas Steffen [Fri, 9 Mar 2007 16:08:28 +0000 (16:08 -0000)]
fixed memory leak by calling curl_slist_free_all(headers)

13 years agowhitelisting static Curl_getaddrinfo() memory leak
Andreas Steffen [Fri, 9 Mar 2007 16:07:22 +0000 (16:07 -0000)]
whitelisting static Curl_getaddrinfo() memory leak

13 years agofixed a certinfo_t memory leak in verify()
Andreas Steffen [Fri, 9 Mar 2007 14:59:28 +0000 (14:59 -0000)]
fixed a certinfo_t memory leak in verify()

13 years agofixed a memory leak in response_t
Andreas Steffen [Fri, 9 Mar 2007 14:44:34 +0000 (14:44 -0000)]
fixed a memory leak in response_t

13 years agoocsp signer certificate and ocsp response signature can be verified
Andreas Steffen [Thu, 8 Mar 2007 23:29:04 +0000 (23:29 -0000)]
ocsp signer certificate and ocsp response signature can be verified

13 years agofixed memleaks when using EAP authentication
Martin Willi [Thu, 8 Mar 2007 22:56:14 +0000 (22:56 -0000)]
fixed memleaks when using EAP authentication
fixed configuration payloads when using EAP

13 years agofixed payload order (again)
Martin Willi [Thu, 8 Mar 2007 20:21:17 +0000 (20:21 -0000)]
fixed payload order (again)

13 years agoincluding peers certificate when his certreq is empty
Martin Willi [Thu, 8 Mar 2007 20:19:24 +0000 (20:19 -0000)]
including peers certificate when his certreq is empty

13 years agoimplemented cookies as initiator
Martin Willi [Thu, 8 Mar 2007 20:18:39 +0000 (20:18 -0000)]
implemented cookies as initiator
proper logging of notifies in IKE_SA setup

13 years agodisabling routing for IPv6, does not work correctly
Martin Willi [Thu, 8 Mar 2007 20:17:34 +0000 (20:17 -0000)]
disabling routing for IPv6, does not work correctly

13 years agofixed call of add_auth_certificate()
Andreas Steffen [Thu, 8 Mar 2007 19:44:14 +0000 (19:44 -0000)]
fixed call of add_auth_certificate()

13 years agogeneralized get_ca_certificate() to get_auth_certificate(auth_flags)
Andreas Steffen [Thu, 8 Mar 2007 18:56:43 +0000 (18:56 -0000)]
generalized get_ca_certificate() to get_auth_certificate(auth_flags)

13 years agoadded fetcher_finalize() to clean up libcurl
Andreas Steffen [Thu, 8 Mar 2007 17:00:32 +0000 (17:00 -0000)]
added fetcher_finalize() to clean up libcurl

13 years agosome cleanups
Martin Willi [Thu, 8 Mar 2007 16:58:59 +0000 (16:58 -0000)]
some cleanups
not installing %any DNS servers

13 years agosupport of setting and getting authority flags
Andreas Steffen [Thu, 8 Mar 2007 16:48:16 +0000 (16:48 -0000)]
support of setting and getting authority flags

13 years agosupport if ocsp signing certificates
Andreas Steffen [Thu, 8 Mar 2007 16:47:18 +0000 (16:47 -0000)]
support if ocsp signing certificates

13 years agosupport if ocsp signing certificates
Andreas Steffen [Thu, 8 Mar 2007 16:46:50 +0000 (16:46 -0000)]
support if ocsp signing certificates

13 years agofixed payload order in IKE_AUTH
Martin Willi [Thu, 8 Mar 2007 15:59:21 +0000 (15:59 -0000)]
fixed payload order in IKE_AUTH

13 years agoremoved SHA2 kernel proposals from default, the kernel doesn't support them yet
Martin Willi [Thu, 8 Mar 2007 15:18:51 +0000 (15:18 -0000)]
removed SHA2 kernel proposals from default, the kernel doesn't support them yet

13 years agoallocation fixes, not complete
Martin Willi [Thu, 8 Mar 2007 14:41:30 +0000 (14:41 -0000)]
allocation fixes, not complete

13 years agohandling "No policy found" properly
Martin Willi [Thu, 8 Mar 2007 14:41:09 +0000 (14:41 -0000)]
handling "No policy found" properly

13 years agoadded more debugging output for policy lookup
Martin Willi [Thu, 8 Mar 2007 14:40:15 +0000 (14:40 -0000)]
added more debugging output for policy lookup
returning a (dummy) policy even when TS does not match, so we can properly send a TS_UNACCEPTABLE

13 years agofixed CHILD_SA creation within existing IKE_SA
Martin Willi [Thu, 8 Mar 2007 12:28:10 +0000 (12:28 -0000)]
fixed CHILD_SA creation within existing IKE_SA

13 years agoadded ocsp_parse_single_response
Andreas Steffen [Thu, 8 Mar 2007 00:35:20 +0000 (00:35 -0000)]
added ocsp_parse_single_response

13 years agoported changes from EAP branch, renabling EAP framework
Martin Willi [Thu, 8 Mar 2007 00:27:43 +0000 (00:27 -0000)]
ported changes from EAP branch, renabling EAP framework

13 years agoadded (not yet supported) sha2 algorithms to kernel
Martin Willi [Thu, 8 Mar 2007 00:17:57 +0000 (00:17 -0000)]
added (not yet supported) sha2 algorithms to kernel
only adding a route if using tunnel mode

13 years agoadded SHA2 MAC and PRF to default proposal
Martin Willi [Thu, 8 Mar 2007 00:16:33 +0000 (00:16 -0000)]
added SHA2 MAC and PRF to default proposal

13 years agoadded more debug output
Martin Willi [Thu, 8 Mar 2007 00:15:15 +0000 (00:15 -0000)]
added more debug output

13 years agoexperimental SHA2 HMAC and PRF implementations
Martin Willi [Thu, 8 Mar 2007 00:14:17 +0000 (00:14 -0000)]
experimental SHA2 HMAC and PRF implementations

13 years agoparsing basic ocsp response
Andreas Steffen [Thu, 8 Mar 2007 00:13:15 +0000 (00:13 -0000)]
parsing basic ocsp response

13 years agoforgot to assign public.is_ocsp_signer() method
Andreas Steffen [Wed, 7 Mar 2007 23:31:03 +0000 (23:31 -0000)]
forgot to assign public.is_ocsp_signer() method

13 years agoadded parsing level to x509_create_from_chunk()
Andreas Steffen [Wed, 7 Mar 2007 22:58:25 +0000 (22:58 -0000)]
added parsing level to x509_create_from_chunk()

13 years agoadded parsing level to x509_create_from_chunk() and added is_ocsp_signer() method
Andreas Steffen [Wed, 7 Mar 2007 22:57:50 +0000 (22:57 -0000)]
added parsing level to x509_create_from_chunk() and added is_ocsp_signer() method

13 years agohttp post fetching using libcurl implemented
Andreas Steffen [Wed, 7 Mar 2007 19:28:03 +0000 (19:28 -0000)]
http post fetching using libcurl implemented

13 years agoadded fetcher.h and fetcher.c
Andreas Steffen [Wed, 7 Mar 2007 14:13:01 +0000 (14:13 -0000)]
added fetcher.h and fetcher.c

13 years agoadded
Andreas Steffen [Wed, 7 Mar 2007 14:12:36 +0000 (14:12 -0000)]
added

13 years agocorrected @ingroup to utils
Andreas Steffen [Wed, 7 Mar 2007 14:11:47 +0000 (14:11 -0000)]
corrected @ingroup to utils

13 years agocorrected comment
Andreas Steffen [Wed, 7 Mar 2007 14:11:02 +0000 (14:11 -0000)]
corrected comment

13 years agostart ocsp checking only if there are any ocspuris present
Andreas Steffen [Wed, 7 Mar 2007 13:22:07 +0000 (13:22 -0000)]
start ocsp checking only if there are any ocspuris present

13 years agoconntrack -F is used to flush the NAT states
Andreas Steffen [Wed, 7 Mar 2007 04:45:12 +0000 (04:45 -0000)]
conntrack -F is used to flush the NAT states

13 years agothe hostaccess=yes parameters are not needed anymore
Andreas Steffen [Wed, 7 Mar 2007 04:44:25 +0000 (04:44 -0000)]
the hostaccess=yes parameters are not needed anymore

13 years agouse conntrack -F to flush NAT states
Andreas Steffen [Wed, 7 Mar 2007 04:29:13 +0000 (04:29 -0000)]
use conntrack -F to flush NAT states

13 years agoreplaced actual virtual IP addresses by symbolic ones
Andreas Steffen [Wed, 7 Mar 2007 04:28:34 +0000 (04:28 -0000)]
replaced actual virtual IP addresses by symbolic ones

13 years agoremoved unnecessary double quotes
Andreas Steffen [Wed, 7 Mar 2007 04:27:32 +0000 (04:27 -0000)]
removed unnecessary double quotes

13 years agononce in ocsp_t was not properly initialized
Andreas Steffen [Wed, 7 Mar 2007 04:22:21 +0000 (04:22 -0000)]
nonce in ocsp_t was not properly initialized

13 years agoocsp request is now fully built but without requestor signature
Andreas Steffen [Wed, 7 Mar 2007 03:39:40 +0000 (03:39 -0000)]
ocsp request is now fully built but without requestor signature

13 years agostarting to build ocsp request
Andreas Steffen [Tue, 6 Mar 2007 23:05:44 +0000 (23:05 -0000)]
starting to build ocsp request

13 years agoprevent from initiating multiple exchanges the same time
Martin Willi [Tue, 6 Mar 2007 22:17:53 +0000 (22:17 -0000)]
prevent from initiating  multiple exchanges the same time

13 years agoupdated apidoc documentation
Martin Willi [Tue, 6 Mar 2007 22:17:21 +0000 (22:17 -0000)]
updated apidoc documentation

13 years agofixed notify handling in IKE_AUTH
Martin Willi [Tue, 6 Mar 2007 20:58:39 +0000 (20:58 -0000)]
fixed notify handling in IKE_AUTH
moved nonce payload before TS in CHILD_SA setup

13 years agomoved REKEY_SA notify to the beginning of the message
Martin Willi [Tue, 6 Mar 2007 20:56:58 +0000 (20:56 -0000)]
moved REKEY_SA notify to the beginning of the message

13 years agofixed traffic selector redundancy removal code (not completely tested)
Martin Willi [Tue, 6 Mar 2007 20:55:19 +0000 (20:55 -0000)]
fixed traffic selector redundancy removal code (not completely tested)

13 years agoadd crl and ocsp uris to linked list after partial verification
Andreas Steffen [Tue, 6 Mar 2007 18:51:56 +0000 (18:51 -0000)]
add crl and ocsp uris to linked list after partial verification

13 years agoadded print hook for certinfo_t printing
Andreas Steffen [Tue, 6 Mar 2007 14:27:34 +0000 (14:27 -0000)]
added print hook for certinfo_t printing

13 years agofixed typo
Andreas Steffen [Tue, 6 Mar 2007 14:26:03 +0000 (14:26 -0000)]
fixed typo

13 years agosending an SPI of 0 as responder when IKE_SA_INIT fails
Martin Willi [Tue, 6 Mar 2007 13:06:47 +0000 (13:06 -0000)]
sending an SPI of 0 as responder when IKE_SA_INIT fails

13 years agoiterate certinfos linked list for matching serialNumber
Andreas Steffen [Mon, 5 Mar 2007 22:08:48 +0000 (22:08 -0000)]
iterate certinfos linked list for matching serialNumber

13 years agosome cleanups
Martin Willi [Mon, 5 Mar 2007 22:07:36 +0000 (22:07 -0000)]
some cleanups
not assigning %any virtual IPs to peer anymore

13 years agofixed double free bug
Martin Willi [Mon, 5 Mar 2007 22:02:14 +0000 (22:02 -0000)]
fixed double free bug

13 years agoadded
Andreas Steffen [Mon, 5 Mar 2007 19:15:33 +0000 (19:15 -0000)]
added

13 years agofixed ID selection bug when peer doesn't include IDr payload
Martin Willi [Mon, 5 Mar 2007 15:22:50 +0000 (15:22 -0000)]
fixed ID selection bug when peer doesn't include IDr payload
allowing vendor ID in any messag

13 years agomoved listing of crls to local_credential_store and ca
Andreas Steffen [Sat, 3 Mar 2007 21:10:22 +0000 (21:10 -0000)]
moved listing of crls to local_credential_store and ca

13 years agorefactored ca_info_t
Andreas Steffen [Sat, 3 Mar 2007 21:08:07 +0000 (21:08 -0000)]
refactored ca_info_t

13 years agorefactored ca_info_t
Andreas Steffen [Sat, 3 Mar 2007 21:07:23 +0000 (21:07 -0000)]
refactored ca_info_t

13 years agofixed netlink socket receiver code
Martin Willi [Sat, 3 Mar 2007 14:56:24 +0000 (14:56 -0000)]
fixed netlink socket receiver code
implemented interface enumeration code with netlink: no getifaddrs reqired anymore

13 years agorefactored kernel interface, works reliable again
Martin Willi [Sat, 3 Mar 2007 13:04:07 +0000 (13:04 -0000)]
refactored kernel interface, works reliable again

13 years agoimplemented get_iface() using RTM_GETADDR
Martin Willi [Fri, 2 Mar 2007 17:08:38 +0000 (17:08 -0000)]
implemented get_iface() using RTM_GETADDR
added support for multi-header netlink messages
really ugly now, need a lot of refactoring

13 years agoadded debuggin for interface lookup
Martin Willi [Thu, 1 Mar 2007 12:53:20 +0000 (12:53 -0000)]
added debuggin for interface lookup

13 years agofixed address lookup when !using getifaddrs()
Martin Willi [Thu, 1 Mar 2007 12:35:21 +0000 (12:35 -0000)]
fixed address lookup when !using getifaddrs()

13 years agoadded firewalling support when using virtual IPs
Martin Willi [Thu, 1 Mar 2007 12:31:58 +0000 (12:31 -0000)]
added firewalling support when using virtual IPs

13 years agoadded support for 0.0.0.0/0 traffic selectors
Martin Willi [Thu, 1 Mar 2007 11:42:08 +0000 (11:42 -0000)]
added support for 0.0.0.0/0 traffic selectors
fixed routing to make correct 0.0.0.0/0 routes

13 years agoconfig-payload scenario fixes
Andreas Steffen [Thu, 1 Mar 2007 08:20:50 +0000 (08:20 -0000)]
config-payload scenario fixes

13 years agopreparations for PLUTO_MY_SOURCEIP
Andreas Steffen [Thu, 1 Mar 2007 07:45:43 +0000 (07:45 -0000)]
preparations for PLUTO_MY_SOURCEIP

13 years agocorrected typo
Andreas Steffen [Thu, 1 Mar 2007 00:00:35 +0000 (00:00 -0000)]
corrected typo

13 years agoadded cert with OCSP access info
Andreas Steffen [Wed, 28 Feb 2007 23:25:13 +0000 (23:25 -0000)]
added cert with OCSP access info

13 years agodpd now takes 180 s and 5 retransmits
Andreas Steffen [Wed, 28 Feb 2007 23:19:20 +0000 (23:19 -0000)]
dpd now takes 180 s and 5 retransmits

13 years agochanged grep to creating aquire job for CHILD SA
Andreas Steffen [Wed, 28 Feb 2007 23:02:40 +0000 (23:02 -0000)]
changed grep to creating aquire job for CHILD SA

13 years agoreplaced actual virtual IPs by place holders 4.0.7
Andreas Steffen [Wed, 28 Feb 2007 22:38:49 +0000 (22:38 -0000)]
replaced actual virtual IPs by place holders

13 years agovirtual-ip scenario has been replaces by config-payload scenario
Andreas Steffen [Wed, 28 Feb 2007 22:21:58 +0000 (22:21 -0000)]
virtual-ip scenario has been replaces by config-payload scenario

13 years agoadded
Andreas Steffen [Wed, 28 Feb 2007 22:16:23 +0000 (22:16 -0000)]
added

13 years agoadded
Andreas Steffen [Wed, 28 Feb 2007 22:16:16 +0000 (22:16 -0000)]
added

13 years agoadded ocsp.h and ocsp.c
Andreas Steffen [Wed, 28 Feb 2007 20:31:07 +0000 (20:31 -0000)]
added ocsp.h and ocsp.c

13 years agoadded
Andreas Steffen [Wed, 28 Feb 2007 20:30:44 +0000 (20:30 -0000)]
added