strongswan.git
10 years agoall x509 based ipv6/*-ikev2 scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 21:02:17 +0000 (23:02 +0200)]
all x509 based ipv6/*-ikev2 scenarios require the revocation plugin

10 years agoall x509 based ike scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 20:40:20 +0000 (22:40 +0200)]
all x509 based ike scenarios require the revocation plugin

10 years agoall x509 based openssl-ikev2 scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 20:33:05 +0000 (22:33 +0200)]
all x509 based openssl-ikev2 scenarios require the revocation plugin

10 years agoall x509 based gcrypt-ikev2 scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 20:03:16 +0000 (22:03 +0200)]
all x509 based gcrypt-ikev2 scenarios require the revocation plugin

10 years agoall x509 based ikev2 scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 19:39:01 +0000 (21:39 +0200)]
all x509 based ikev2 scenarios require the revocation plugin

10 years agoikev2/net2net-psk-dscp does not need certificate support
Andreas Steffen [Thu, 15 Jul 2010 19:37:45 +0000 (21:37 +0200)]
ikev2/net2net-psk-dscp does not need certificate support

10 years agoadd revocation plugin to ikev2/rw-cert scenario
Andreas Steffen [Thu, 15 Jul 2010 18:03:04 +0000 (20:03 +0200)]
add revocation plugin to ikev2/rw-cert scenario

10 years agoWarn about manual plugin load directives for pluto/charon with --disable-load-warning...
Andreas Steffen [Thu, 15 Jul 2010 04:29:26 +0000 (06:29 +0200)]
Warn about manual plugin load directives for pluto/charon with --disable-load-warning compile option

10 years agoRevert "Warn about manual plugin load directives for pluto/charon"
Martin Willi [Wed, 14 Jul 2010 05:15:56 +0000 (07:15 +0200)]
Revert "Warn about manual plugin load directives for pluto/charon"

This reverts commit 5c46726d0d91db5b1fc4ea53326e73443133f22d.

10 years agoactivate --enable-addrblock configure option in UML scenarios
Andreas Steffen [Tue, 13 Jul 2010 19:04:20 +0000 (21:04 +0200)]
activate --enable-addrblock configure option in UML scenarios

10 years agoWarn about manual plugin load directives for pluto/charon
Martin Willi [Tue, 13 Jul 2010 12:43:45 +0000 (14:43 +0200)]
Warn about manual plugin load directives for pluto/charon

10 years agoRemove plugin load directives from default strongswan.conf
Martin Willi [Tue, 13 Jul 2010 12:28:11 +0000 (14:28 +0200)]
Remove plugin load directives from default strongswan.conf

10 years agoAdded NEWS about --signcrl and PEM support in pki utility
Martin Willi [Tue, 13 Jul 2010 12:18:19 +0000 (14:18 +0200)]
Added NEWS about --signcrl and PEM support in pki utility

10 years agoAdded pki PEM encoding support for certificates, CRLs and PKCS10 requests
Martin Willi [Tue, 13 Jul 2010 12:14:39 +0000 (14:14 +0200)]
Added pki PEM encoding support for certificates, CRLs and PKCS10 requests

10 years agoAdded support for Certificate, CRL and PKCS10 encoding to PEM plugin
Martin Willi [Tue, 13 Jul 2010 11:53:33 +0000 (13:53 +0200)]
Added support for Certificate, CRL and PKCS10 encoding to PEM plugin

10 years agoSupport different encoding types in certificate.get_encoding()
Martin Willi [Tue, 13 Jul 2010 11:34:04 +0000 (13:34 +0200)]
Support different encoding types in certificate.get_encoding()

10 years agoRenamed key_encod{ing,der}_t and constants, prepare for generic credential encoding
Martin Willi [Tue, 13 Jul 2010 09:28:04 +0000 (11:28 +0200)]
Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding

10 years agoMoved keys/key_encoding.[ch] to cred_encoding.[ch]
Martin Willi [Tue, 13 Jul 2010 09:01:08 +0000 (11:01 +0200)]
Moved keys/key_encoding.[ch] to cred_encoding.[ch]

10 years agoFixed doxygen group of cert_validator interface
Martin Willi [Tue, 13 Jul 2010 08:42:02 +0000 (10:42 +0200)]
Fixed doxygen group of cert_validator interface

10 years agoAdded NEWS for revocation/addrblock plugin
Martin Willi [Tue, 13 Jul 2010 07:34:57 +0000 (09:34 +0200)]
Added NEWS for revocation/addrblock plugin

10 years agoAdded addrblock plugin to RFC3779 test cases
Martin Willi [Tue, 13 Jul 2010 07:29:57 +0000 (09:29 +0200)]
Added addrblock plugin to RFC3779 test cases

10 years agoAdded revocation plugin to ikev2 crl/ocsp test cases
Martin Willi [Tue, 13 Jul 2010 07:28:44 +0000 (09:28 +0200)]
Added revocation plugin to ikev2 crl/ocsp test cases

10 years agoMoved X509 ipAddrBlock checking to the addrblock plugin
Martin Willi [Tue, 13 Jul 2010 07:19:39 +0000 (09:19 +0200)]
Moved X509 ipAddrBlock checking to the addrblock plugin

10 years agoAdded a hook to narrow traffic selectors for CHILD_SAs
Martin Willi [Tue, 13 Jul 2010 06:39:19 +0000 (08:39 +0200)]
Added a hook to narrow traffic selectors for CHILD_SAs

10 years agoMoved bus_t to METHOD/INIT macros
Martin Willi [Mon, 12 Jul 2010 14:25:56 +0000 (16:25 +0200)]
Moved bus_t to METHOD/INIT macros

10 years agoMoved addrblock plugin to libcharon
Martin Willi [Mon, 12 Jul 2010 13:57:25 +0000 (15:57 +0200)]
Moved addrblock plugin to libcharon

10 years agoMoved CRL/OCSP checking to a dedicated plugin called revocation
Martin Willi [Mon, 5 Jul 2010 13:26:35 +0000 (15:26 +0200)]
Moved CRL/OCSP checking to a dedicated plugin called revocation

10 years agoMade some useful methods in the credential manager public
Martin Willi [Mon, 5 Jul 2010 13:24:19 +0000 (15:24 +0200)]
Made some useful methods in the credential manager public

10 years agoMoved X509 addrBlock validation to a separate addrblock plugin
Martin Willi [Mon, 5 Jul 2010 12:36:05 +0000 (14:36 +0200)]
Moved X509 addrBlock validation to a separate addrblock plugin

10 years agoAdded a certificate validation hook to the credential manager
Martin Willi [Mon, 5 Jul 2010 12:21:09 +0000 (14:21 +0200)]
Added a certificate validation hook to the credential manager

10 years agoMigrated credential manager to INIT/METHOD macros
Martin Willi [Mon, 5 Jul 2010 10:51:17 +0000 (12:51 +0200)]
Migrated credential manager to INIT/METHOD macros

10 years agoMoved credential manager to libstrongswan
Martin Willi [Mon, 5 Jul 2010 09:54:25 +0000 (11:54 +0200)]
Moved credential manager to libstrongswan

10 years agoMove pathlen constraint checking to X509 specific checks
Martin Willi [Mon, 5 Jul 2010 07:36:30 +0000 (09:36 +0200)]
Move pathlen constraint checking to X509 specific checks

10 years agoCharon uses a generic trunstchain length limit, not only for X509 certificates
Martin Willi [Fri, 2 Jul 2010 08:29:36 +0000 (10:29 +0200)]
Charon uses a generic trunstchain length limit, not only for X509 certificates

10 years agoCombined the OCSP/CRL options to a signle Online check option
Martin Willi [Fri, 2 Jul 2010 07:58:59 +0000 (09:58 +0200)]
Combined the OCSP/CRL options to a signle Online check option

10 years agoadded mark, mark_in, and mark_out to the ipsec.conf.5 man page
Andreas Steffen [Tue, 13 Jul 2010 07:15:53 +0000 (09:15 +0200)]
added mark, mark_in, and mark_out to the ipsec.conf.5 man page

10 years agowe need some ordering
Andreas Steffen [Mon, 12 Jul 2010 20:44:27 +0000 (22:44 +0200)]
we need some ordering

10 years agochanged ordering of statusattr output
Andreas Steffen [Mon, 12 Jul 2010 20:38:18 +0000 (22:38 +0200)]
changed ordering of statusattr output

10 years agoupdated ikev2/ip-two-pools-db scenario to support pool and identity based dns attributes
Andreas Steffen [Mon, 12 Jul 2010 18:54:40 +0000 (20:54 +0200)]
updated ikev2/ip-two-pools-db scenario to support pool and identity based dns attributes

10 years agofixed alignment of caption
Andreas Steffen [Mon, 12 Jul 2010 18:48:14 +0000 (20:48 +0200)]
fixed alignment of caption

10 years agoupdated SQL templates to support attribute pool and identity parameters
Andreas Steffen [Mon, 12 Jul 2010 18:28:24 +0000 (20:28 +0200)]
updated SQL templates to support attribute pool and identity parameters

10 years agooutput identities correctly
Andreas Steffen [Mon, 12 Jul 2010 18:26:17 +0000 (20:26 +0200)]
output identities correctly

10 years agoadded second example scenario
Andreas Steffen [Mon, 12 Jul 2010 12:22:32 +0000 (14:22 +0200)]
added second example scenario

10 years agoapidoc is actually a directory not a file.
Tobias Brunner [Mon, 12 Jul 2010 13:28:55 +0000 (15:28 +0200)]
apidoc is actually a directory not a file.

10 years agoAdded missing pool parameter in DHCP attribute provider.
Tobias Brunner [Mon, 12 Jul 2010 10:27:49 +0000 (12:27 +0200)]
Added missing pool parameter in DHCP attribute provider.

10 years agoDo not interpret long class attributes (such as from NPS) as group
Martin Willi [Fri, 9 Jul 2010 11:53:43 +0000 (13:53 +0200)]
Do not interpret long class attributes (such as from NPS) as group

10 years agoGroup membership constraint is fulfilled if subject is member in one of the groups
Martin Willi [Fri, 9 Jul 2010 11:51:58 +0000 (13:51 +0200)]
Group membership constraint is fulfilled if subject is member in one of the groups

10 years agoAdded support for named attribute groups
Heiko Hund [Wed, 7 Jul 2010 14:45:36 +0000 (16:45 +0200)]
Added support for named attribute groups

Add the possibility to group attributes by a name and assign these
groups to connections. This allows a more granular configuration of
which client will receive what atrributes.

10 years agotransport reqid, mark_in and mark_out in whack message
Andreas Steffen [Fri, 9 Jul 2010 10:19:39 +0000 (12:19 +0200)]
transport reqid, mark_in and mark_out in whack message

10 years agoadded ikev2/net2net-psk-dscp2 DiffServ scenario
Andreas Steffen [Fri, 9 Jul 2010 09:55:01 +0000 (11:55 +0200)]
added ikev2/net2net-psk-dscp2 DiffServ scenario

10 years agoadded ikev2/nat-two-rw-mark-in-out scenario
Andreas Steffen [Fri, 9 Jul 2010 07:36:03 +0000 (09:36 +0200)]
added ikev2/nat-two-rw-mark-in-out scenario

10 years agosome changes to the ikev2/nat-two-rw-mark scenario
Andreas Steffen [Fri, 9 Jul 2010 07:35:02 +0000 (09:35 +0200)]
some changes to the ikev2/nat-two-rw-mark scenario

10 years agoconfiguration of different marks for inbound and outbound direction
Andreas Steffen [Fri, 9 Jul 2010 07:06:02 +0000 (09:06 +0200)]
configuration of different marks for inbound and outbound direction

10 years agoThe file logger supports a time prefix using a strftime() format specifier
Martin Willi [Thu, 8 Jul 2010 14:11:55 +0000 (16:11 +0200)]
The file logger supports a time prefix using a strftime() format specifier

10 years agoPrint identity to a lease address on the same line for simpler greping
Martin Willi [Thu, 8 Jul 2010 13:46:44 +0000 (15:46 +0200)]
Print identity to a lease address on the same line for simpler greping

10 years agoImplemented missing bypass_socket() method in load-testers faked kernel interface
Martin Willi [Wed, 7 Jul 2010 08:00:39 +0000 (10:00 +0200)]
Implemented missing bypass_socket() method in load-testers faked kernel interface

10 years agoadded req parameter to ipsec.conf man page
Andreas Steffen [Tue, 6 Jul 2010 18:32:15 +0000 (20:32 +0200)]
added req parameter to ipsec.conf man page

10 years agoShow mallinfo() data in statusall, if available
Martin Willi [Tue, 6 Jul 2010 14:26:59 +0000 (16:26 +0200)]
Show mallinfo() data in statusall, if available

10 years agoAvoid relocking while enumerator is alive
Martin Willi [Tue, 6 Jul 2010 13:44:37 +0000 (15:44 +0200)]
Avoid relocking while enumerator is alive

10 years agoAdded missing markt_t in load tester, also migrated to INIT/METHOD macros.
Tobias Brunner [Tue, 6 Jul 2010 07:29:18 +0000 (09:29 +0200)]
Added missing markt_t in load tester, also migrated to INIT/METHOD macros.

10 years agoSome Doxygen fixes.
Tobias Brunner [Mon, 5 Jul 2010 13:04:30 +0000 (15:04 +0200)]
Some Doxygen fixes.

10 years agoFixed typo.
Tobias Brunner [Mon, 5 Jul 2010 12:53:56 +0000 (14:53 +0200)]
Fixed typo.

10 years agoAdded support for group membership information containted in the RADIUS class attribute
Martin Willi [Mon, 28 Jun 2010 14:12:06 +0000 (16:12 +0200)]
Added support for group membership information containted in the RADIUS class attribute

10 years agoUse the group constraint in a more generic fashion, not only for attribute certificates
Martin Willi [Mon, 28 Jun 2010 13:46:13 +0000 (15:46 +0200)]
Use the group constraint in a more generic fashion, not only for attribute certificates

10 years agoUse the responder side configured EAP-Identity directly, if given
Martin Willi [Mon, 28 Jun 2010 13:45:07 +0000 (15:45 +0200)]
Use the responder side configured EAP-Identity directly, if given

10 years agoCopy EAP specific attributes to auth config only
Martin Willi [Mon, 28 Jun 2010 13:41:48 +0000 (15:41 +0200)]
Copy EAP specific attributes to auth config only

10 years agoDisable EAP-GTC on Android.
Tobias Brunner [Mon, 5 Jul 2010 07:37:49 +0000 (09:37 +0200)]
Disable EAP-GTC on Android.

The EAP-GTC plugin does not compile due to its dependency on PAM.

10 years agoadded IKEv2 xfrm marks support to NEWS
Andreas Steffen [Sat, 3 Jul 2010 20:14:45 +0000 (22:14 +0200)]
added IKEv2 xfrm marks support to NEWS

10 years agoregenerated loop intermediate CA certificates
Andreas Steffen [Sat, 3 Jul 2010 16:18:30 +0000 (18:18 +0200)]
regenerated loop intermediate CA certificates

10 years agoadded ikev2/nat-two-rw-mark scenario
Andreas Steffen [Sat, 3 Jul 2010 11:25:09 +0000 (13:25 +0200)]
added ikev2/nat-two-rw-mark scenario

10 years agosupport of xfrm marks for IKEv2
Andreas Steffen [Fri, 2 Jul 2010 21:45:57 +0000 (23:45 +0200)]
support of xfrm marks for IKEv2

10 years agoRecreate IKE_SA_INIT related tasks only if they have completed
Martin Willi [Wed, 30 Jun 2010 11:48:47 +0000 (13:48 +0200)]
Recreate IKE_SA_INIT related tasks only if they have completed

10 years agoUse enumerator for queued_tasks migration to avoid infinite loop
Thomas Egerer [Wed, 30 Jun 2010 11:10:56 +0000 (13:10 +0200)]
Use enumerator for queued_tasks migration to avoid infinite loop

10 years agoEnabling some EAP plugins on Android.
Tobias Brunner [Wed, 30 Jun 2010 08:02:15 +0000 (10:02 +0200)]
Enabling some EAP plugins on Android.

10 years agoThe x509 plugin is not needed anymore on Android, using OpenSSL.
Tobias Brunner [Wed, 30 Jun 2010 08:01:16 +0000 (10:01 +0200)]
The x509 plugin is not needed anymore on Android, using OpenSSL.

10 years agoCorrect check of traffic selectors before destruction
Thomas Egerer [Mon, 28 Jun 2010 20:18:25 +0000 (22:18 +0200)]
Correct check of traffic selectors before destruction

10 years agoMigrate queued_tasks tasks, to avoid dangling pointers
Thomas Egerer [Tue, 29 Jun 2010 06:53:05 +0000 (08:53 +0200)]
Migrate queued_tasks tasks, to avoid dangling pointers

10 years agoThe signature of keystore_get changed again.
Tobias Brunner [Mon, 28 Jun 2010 15:18:53 +0000 (17:18 +0200)]
The signature of keystore_get changed again.

With Android 2.2 (Froyo) the interface of keystore_get was changed once
again. The change was made to allow the keys to contain \0 characters.

10 years agoCompiler warning fixed.
Tobias Brunner [Thu, 24 Jun 2010 14:23:54 +0000 (16:23 +0200)]
Compiler warning fixed.

10 years agocheck for installed aead algorithms in kernel
Andreas Steffen [Sun, 27 Jun 2010 20:26:00 +0000 (22:26 +0200)]
check for installed aead algorithms in kernel

10 years agoupgraded xfrm.h to linux-2.6.34
Andreas Steffen [Sun, 27 Jun 2010 09:23:35 +0000 (11:23 +0200)]
upgraded xfrm.h to linux-2.6.34

10 years agoShow contents of the CP payload in message_t stringification
Martin Willi [Thu, 24 Jun 2010 13:45:38 +0000 (15:45 +0200)]
Show contents of the CP payload in message_t stringification

10 years agoSupport the subnet attribute in the attr plugin
Martin Willi [Thu, 24 Jun 2010 13:44:28 +0000 (15:44 +0200)]
Support the subnet attribute in the attr plugin

10 years agoIncreased the loglevel for the arguments received via Android control socket.
Tobias Brunner [Thu, 24 Jun 2010 12:44:45 +0000 (14:44 +0200)]
Increased the loglevel for the arguments received via Android control socket.

10 years agoTerminate charon from the Android plugin if the tunnel goes down after it was initiat...
Tobias Brunner [Thu, 24 Jun 2010 12:05:53 +0000 (14:05 +0200)]
Terminate charon from the Android plugin if the tunnel goes down after it was initiated successfully.

10 years agoInitiate the tunnel in the Android plugin asynchronously.
Tobias Brunner [Thu, 24 Jun 2010 12:02:52 +0000 (14:02 +0200)]
Initiate the tunnel in the Android plugin asynchronously.

Also track its initiation using the registered listener.

10 years agoImplement the listener_t interface in the Android plugin to track the status of an SA.
Tobias Brunner [Thu, 24 Jun 2010 12:00:39 +0000 (14:00 +0200)]
Implement the listener_t interface in the Android plugin to track the status of an SA.

10 years agoHelper function added to notify the Android frontend about status changes.
Tobias Brunner [Thu, 24 Jun 2010 11:57:03 +0000 (13:57 +0200)]
Helper function added to notify the Android frontend about status changes.

10 years agoInitiate consumes a child_sa reference, so get an additional one.
Tobias Brunner [Thu, 24 Jun 2010 11:42:57 +0000 (13:42 +0200)]
Initiate consumes a child_sa reference, so get an additional one.

10 years agoUse the same error code constants as in the Java frontend.
Tobias Brunner [Thu, 24 Jun 2010 11:41:07 +0000 (13:41 +0200)]
Use the same error code constants as in the Java frontend.

10 years agoFlush and destroy the send queue before unloading the socket plugins.
Tobias Brunner [Thu, 24 Jun 2010 08:34:48 +0000 (10:34 +0200)]
Flush and destroy the send queue before unloading the socket plugins.

10 years agoSelect subjectAltName address family using address length in openssl plugin
Martin Willi [Thu, 24 Jun 2010 10:00:56 +0000 (12:00 +0200)]
Select subjectAltName address family using address length in openssl plugin

10 years agoSelect subjectAltName address family using address length in x509 plugin
Martin Willi [Thu, 24 Jun 2010 09:59:20 +0000 (11:59 +0200)]
Select subjectAltName address family using address length in x509 plugin

10 years agoDo not install routes in the PF_KEY kernel interface if interface lookup failed.
Tobias Brunner [Wed, 23 Jun 2010 09:19:37 +0000 (11:19 +0200)]
Do not install routes in the PF_KEY kernel interface if interface lookup failed.

10 years agoThe signature of keystore_get was changed with Android 2.x.
Tobias Brunner [Tue, 22 Jun 2010 14:19:55 +0000 (16:19 +0200)]
The signature of keystore_get was changed with Android 2.x.

10 years agoAvoid a segmentation fault if opening the Android control socket failed.
Tobias Brunner [Tue, 22 Jun 2010 14:18:22 +0000 (16:18 +0200)]
Avoid a segmentation fault if opening the Android control socket failed.

10 years agoOpenSSL in Android 2.1+ lacks Elliptic Curve and ENGINE support.
Tobias Brunner [Tue, 22 Jun 2010 14:15:10 +0000 (16:15 +0200)]
OpenSSL in Android 2.1+ lacks Elliptic Curve and ENGINE support.

Unfortunately, opensslconf.h was not changed accordingly.

10 years agoAllow to enable the kernel-pfkey plugin via Android.mk.
Tobias Brunner [Tue, 22 Jun 2010 14:14:14 +0000 (16:14 +0200)]
Allow to enable the kernel-pfkey plugin via Android.mk.

10 years agoFixing the PF_KEY kernel interface on Android.
Tobias Brunner [Tue, 22 Jun 2010 14:04:13 +0000 (16:04 +0200)]
Fixing the PF_KEY kernel interface on Android.

In Android's in.h IPPROTO_COMP is not #defined but just an enum member.

10 years agoFixing compilation of the OpenSSL plugin if ENGINE support is disabled.
Tobias Brunner [Tue, 22 Jun 2010 09:33:21 +0000 (11:33 +0200)]
Fixing compilation of the OpenSSL plugin if ENGINE support is disabled.

That is, enable compilation if OpenSSL was configured with
OPENSSL_NO_ENGINE.