strongswan.git
8 years agoandroid: Show an error if VPN fails due to lock down mode in Android 4.2
Tobias Brunner [Thu, 15 Nov 2012 17:52:18 +0000 (18:52 +0100)]
android: Show an error if VPN fails due to lock down mode in Android 4.2

8 years agoandroid: Add error message as argument to "VPN not supported" dialog
Tobias Brunner [Thu, 15 Nov 2012 17:51:24 +0000 (18:51 +0100)]
android: Add error message as argument to "VPN not supported" dialog

8 years agoandroid: Content providers are not exported by default in Android 4.2
Tobias Brunner [Thu, 15 Nov 2012 16:29:01 +0000 (17:29 +0100)]
android: Content providers are not exported by default in Android 4.2

8 years agoandroid: Set target SDK to 17 (Android 4.2)
Tobias Brunner [Thu, 15 Nov 2012 16:28:33 +0000 (17:28 +0100)]
android: Set target SDK to 17 (Android 4.2)

8 years agoandroid: Private key bug has been fixed with Android 4.2
Tobias Brunner [Thu, 15 Nov 2012 16:25:44 +0000 (17:25 +0100)]
android: Private key bug has been fixed with Android 4.2

8 years agooverwrite sensitive prime with zeroes
Andreas Steffen [Sun, 18 Nov 2012 21:55:22 +0000 (22:55 +0100)]
overwrite sensitive prime with zeroes

8 years agostrndup() requires string.h header file
Andreas Steffen [Sun, 18 Nov 2012 18:41:03 +0000 (19:41 +0100)]
strndup() requires string.h header file

8 years agoimplemented generation of safe primes
Andreas Steffen [Sun, 18 Nov 2012 18:22:31 +0000 (19:22 +0100)]
implemented generation of safe primes

8 years agogenerate reason strings and remediation instructions for improper OS settings
Andreas Steffen [Sun, 18 Nov 2012 10:44:03 +0000 (11:44 +0100)]
generate reason strings and remediation instructions for improper OS settings

8 years agoprecautionary measures
Andreas Steffen [Sat, 17 Nov 2012 13:53:27 +0000 (14:53 +0100)]
precautionary measures

8 years agofixed a memory leak in pacman
Andreas Steffen [Sat, 17 Nov 2012 07:16:53 +0000 (08:16 +0100)]
fixed a memory leak in pacman

8 years agoremoved unused variable
Andreas Steffen [Sat, 17 Nov 2012 07:16:23 +0000 (08:16 +0100)]
removed unused variable

8 years agoAdd an ikesa_limit option to limit number of IKE_SAs as responder
Martin Willi [Fri, 16 Nov 2012 09:27:36 +0000 (10:27 +0100)]
Add an ikesa_limit option to limit number of IKE_SAs as responder

8 years agoPass PLUTO_XAUTH_ID to updown script
Martin Willi [Fri, 16 Nov 2012 08:56:05 +0000 (09:56 +0100)]
Pass PLUTO_XAUTH_ID to updown script

8 years agoversion bump to 5.0.2dr4
Andreas Steffen [Thu, 15 Nov 2012 20:56:27 +0000 (21:56 +0100)]
version bump to 5.0.2dr4

8 years agodiscovered the use of strndup()
Andreas Steffen [Thu, 15 Nov 2012 10:48:57 +0000 (11:48 +0100)]
discovered the use of strndup()

8 years agoimplemented blacklisting of software packages
Andreas Steffen [Wed, 14 Nov 2012 10:38:12 +0000 (11:38 +0100)]
implemented blacklisting of software packages

8 years agolibtnc can be initialized more than once
Martin Willi [Thu, 25 Oct 2012 13:23:49 +0000 (15:23 +0200)]
libtnc can be initialized more than once

8 years agolibcharon can be initialized more than once
Martin Willi [Thu, 25 Oct 2012 12:50:30 +0000 (14:50 +0200)]
libcharon can be initialized more than once

8 years agolibhydra can be initialized more than once
Martin Willi [Thu, 25 Oct 2012 12:44:06 +0000 (14:44 +0200)]
libhydra can be initialized more than once

8 years agolibstrongswan can be initialized more than once
Martin Willi [Thu, 25 Oct 2012 12:33:09 +0000 (14:33 +0200)]
libstrongswan can be initialized more than once

8 years agoLimit recursion when searching for source addresses
Tobias Brunner [Mon, 12 Nov 2012 18:39:34 +0000 (19:39 +0100)]
Limit recursion when searching for source addresses

This could be required if e.g. two default routes list gateways but the
corresponding outbound interfaces do not have any IP addresses on them.

8 years agoDon't call get_route recursively if a route's gateway matches the destination
Tobias Brunner [Mon, 12 Nov 2012 16:12:18 +0000 (17:12 +0100)]
Don't call get_route recursively if a route's gateway matches the destination

8 years agofixed remediation instructions output
Andreas Steffen [Tue, 13 Nov 2012 06:15:46 +0000 (07:15 +0100)]
fixed remediation instructions output

8 years agofixed memory leak
Andreas Steffen [Mon, 12 Nov 2012 12:08:58 +0000 (13:08 +0100)]
fixed memory leak

8 years agofixed typo in strcpy() function call
Andreas Steffen [Mon, 12 Nov 2012 11:31:16 +0000 (12:31 +0100)]
fixed typo in strcpy() function call

8 years agoFix destruction of tcg_pts_attr_file_meas_t when building from encoding
Tobias Brunner [Mon, 12 Nov 2012 11:12:07 +0000 (12:12 +0100)]
Fix destruction of tcg_pts_attr_file_meas_t when building from encoding

8 years agoupdated parameters
Andreas Steffen [Sun, 11 Nov 2012 17:40:03 +0000 (18:40 +0100)]
updated parameters

8 years agoimplemented reason string and remediation instructions for OS IMV
Andreas Steffen [Sun, 11 Nov 2012 17:37:56 +0000 (18:37 +0100)]
implemented reason string and remediation instructions for OS IMV

8 years agoupdated strongswan.conf man page
Andreas Steffen [Sun, 11 Nov 2012 10:05:21 +0000 (11:05 +0100)]
updated strongswan.conf man page

8 years agocentralized processing of assessment information
Andreas Steffen [Sun, 11 Nov 2012 09:51:19 +0000 (10:51 +0100)]
centralized processing of assessment information

8 years agoProperly define TSS_TROUSERS in configure script
Tobias Brunner [Mon, 12 Nov 2012 09:34:04 +0000 (10:34 +0100)]
Properly define TSS_TROUSERS in configure script

8 years agodefine TSS_TROUSERS compile option
Andreas Steffen [Sat, 10 Nov 2012 23:27:55 +0000 (00:27 +0100)]
define TSS_TROUSERS compile option

8 years agoimplemented get_remediation_instructions()
Andreas Steffen [Sat, 10 Nov 2012 22:47:06 +0000 (23:47 +0100)]
implemented get_remediation_instructions()

8 years agoremoved debug output
Andreas Steffen [Sat, 10 Nov 2012 20:37:33 +0000 (21:37 +0100)]
removed debug output

8 years agoimplement a preferred language enumerator
Andreas Steffen [Sat, 10 Nov 2012 20:35:46 +0000 (21:35 +0100)]
implement a preferred language enumerator

8 years agoabort if fatal error is received from peer
Andreas Steffen [Fri, 9 Nov 2012 15:07:03 +0000 (16:07 +0100)]
abort if fatal error is received from peer

8 years agocorrected debug class
Andreas Steffen [Fri, 9 Nov 2012 14:50:10 +0000 (15:50 +0100)]
corrected debug class

8 years agoadded missing method assignments
Andreas Steffen [Fri, 9 Nov 2012 14:08:01 +0000 (15:08 +0100)]
added missing method assignments

8 years agoMade TSS implementation configurable and thereby optional
Tobias Brunner [Thu, 8 Nov 2012 18:31:24 +0000 (19:31 +0100)]
Made TSS implementation configurable and thereby optional

8 years agoadded missing --update parameter
Andreas Steffen [Thu, 8 Nov 2012 10:02:17 +0000 (11:02 +0100)]
added missing --update parameter

8 years agocreated packman daily update script
Andreas Steffen [Thu, 8 Nov 2012 08:19:10 +0000 (09:19 +0100)]
created packman daily update script

8 years agopacman supports differential security updates
Andreas Steffen [Wed, 7 Nov 2012 21:20:39 +0000 (22:20 +0100)]
pacman supports differential security updates

8 years agofixed Android product string
Andreas Steffen [Wed, 7 Nov 2012 13:57:41 +0000 (14:57 +0100)]
fixed Android product string

8 years agoaccumulate package counts over multiple attributes
Andreas Steffen [Wed, 7 Nov 2012 13:20:47 +0000 (14:20 +0100)]
accumulate package counts over multiple attributes

8 years agouse OS type on IMV side
Andreas Steffen [Wed, 7 Nov 2012 12:39:44 +0000 (13:39 +0100)]
use OS type on IMV side

8 years agoInclude 'aggressive' when comparing peer_cfg_t objects
Tobias Brunner [Wed, 7 Nov 2012 11:41:17 +0000 (12:41 +0100)]
Include 'aggressive' when comparing peer_cfg_t objects

8 years agoFixed output of longer debug messages
Tobias Brunner [Wed, 7 Nov 2012 11:38:31 +0000 (12:38 +0100)]
Fixed output of longer debug messages

(v)snprintf(3) returns the length without terminating null byte but the
length given as parameter must include it.

8 years ago'signal' is a keyword in MySQL 5.5
Tobias Brunner [Tue, 6 Nov 2012 13:23:56 +0000 (14:23 +0100)]
'signal' is a keyword in MySQL 5.5

Fixes #251.

8 years agofixed debug output
Andreas Steffen [Mon, 5 Nov 2012 20:56:49 +0000 (21:56 +0100)]
fixed debug output

8 years agoeliminate deinstalled packages
Andreas Steffen [Mon, 5 Nov 2012 20:40:19 +0000 (21:40 +0100)]
eliminate deinstalled packages

8 years agocheck installed packages in OS database
Andreas Steffen [Mon, 5 Nov 2012 20:00:56 +0000 (21:00 +0100)]
check installed packages in OS database

8 years agoDefine and use an OS enumeration type
Andreas Steffen [Mon, 5 Nov 2012 13:48:43 +0000 (14:48 +0100)]
Define and use an OS enumeration type

8 years agocheck if assessment has already been done
Andreas Steffen [Mon, 5 Nov 2012 13:46:50 +0000 (14:46 +0100)]
check if assessment has already been done

8 years agocompute the optimum Installed Packages attribute size
Andreas Steffen [Mon, 5 Nov 2012 11:13:13 +0000 (12:13 +0100)]
compute the optimum Installed Packages attribute size

8 years agoAdded ITA Start/Stop Angel attributes to split bulk data into multiple attributes
Andreas Steffen [Mon, 5 Nov 2012 09:24:12 +0000 (10:24 +0100)]
Added ITA Start/Stop Angel attributes to split bulk data into multiple attributes

8 years agoenumerate over installed Debian/Ubuntu packages
Andreas Steffen [Sun, 4 Nov 2012 22:54:36 +0000 (23:54 +0100)]
enumerate over installed Debian/Ubuntu packages

8 years agodebug output in lower case letters
Andreas Steffen [Sun, 4 Nov 2012 22:52:34 +0000 (23:52 +0100)]
debug output in lower case letters

8 years agoadded second index
Andreas Steffen [Sun, 4 Nov 2012 22:51:04 +0000 (23:51 +0100)]
added  second index

8 years agoadd generation time to package versions
Andreas Steffen [Sun, 4 Nov 2012 17:55:37 +0000 (18:55 +0100)]
add generation time to package versions

8 years agoextract generation time of packages file
Andreas Steffen [Sun, 4 Nov 2012 16:27:55 +0000 (17:27 +0100)]
extract generation time of packages file

8 years agoadded pacman to .gitignore
Andreas Steffen [Sun, 4 Nov 2012 14:57:36 +0000 (15:57 +0100)]
added pacman to .gitignore

8 years agostore packages with security issues and their optional updates only
Andreas Steffen [Sun, 4 Nov 2012 14:42:31 +0000 (15:42 +0100)]
store packages with security issues and their optional updates only

8 years agocreated pacman - an Ubuntu/Debian package manager
Andreas Steffen [Sun, 4 Nov 2012 08:25:31 +0000 (09:25 +0100)]
created pacman - an Ubuntu/Debian package manager

8 years agoadded generation time to package versions
Andreas Steffen [Sun, 4 Nov 2012 16:47:06 +0000 (17:47 +0100)]
added generation time to package versions

8 years agoadded package management to ipsec attest
Andreas Steffen [Fri, 2 Nov 2012 22:16:54 +0000 (23:16 +0100)]
added package management to ipsec attest

8 years agoandroid: Use proper intent-filter for our VpnService
Tobias Brunner [Fri, 2 Nov 2012 14:55:08 +0000 (15:55 +0100)]
android: Use proper intent-filter for our VpnService

8 years agoLog sent vendor IDs for IKEv1
Tobias Brunner [Fri, 2 Nov 2012 14:40:32 +0000 (15:40 +0100)]
Log sent vendor IDs for IKEv1

8 years agoCompiler warning fixed
Tobias Brunner [Fri, 2 Nov 2012 14:39:51 +0000 (15:39 +0100)]
Compiler warning fixed

8 years agocheck if setting exists
Andreas Steffen [Thu, 1 Nov 2012 18:26:29 +0000 (19:26 +0100)]
check if setting exists

8 years agoimplemented ITA Get Settings and ITA Settings attributes
Andreas Steffen [Thu, 1 Nov 2012 17:00:40 +0000 (18:00 +0100)]
implemented ITA Get Settings and ITA Settings attributes

8 years agosome improvements in tcg_pts_attr_file_meas.c
Andreas Steffen [Thu, 1 Nov 2012 16:59:54 +0000 (17:59 +0100)]
some improvements in tcg_pts_attr_file_meas.c

8 years agouse countof()
Andreas Steffen [Thu, 1 Nov 2012 08:02:58 +0000 (09:02 +0100)]
use countof()

8 years agoscanner imc/imv pair uses IETF VPN PA-TNC message subtype
Andreas Steffen [Wed, 31 Oct 2012 20:58:21 +0000 (21:58 +0100)]
scanner imc/imv pair uses IETF VPN PA-TNC message subtype

8 years agotransmit Product Vendor ID if known
Andreas Steffen [Wed, 31 Oct 2012 19:29:36 +0000 (20:29 +0100)]
transmit Product Vendor ID if known

8 years agoadded some Linux OS PENs
Andreas Steffen [Wed, 31 Oct 2012 13:52:46 +0000 (14:52 +0100)]
added some Linux OS PENs

8 years agoExclude dynamic TS from Unity Split-Include attributes
Martin Willi [Tue, 30 Oct 2012 08:14:44 +0000 (09:14 +0100)]
Exclude dynamic TS from Unity Split-Include attributes

8 years agoFQDNs are actually not resolved when loading secrets
Tobias Brunner [Mon, 29 Oct 2012 09:06:43 +0000 (10:06 +0100)]
FQDNs are actually not resolved when loading secrets

8 years agoFixed log message when no shared secret is found during IKEv1 Main Mode
Tobias Brunner [Mon, 29 Oct 2012 09:01:46 +0000 (10:01 +0100)]
Fixed log message when no shared secret is found during IKEv1 Main Mode

8 years agoversion bump to 5.0.2dr3
Andreas Steffen [Sun, 28 Oct 2012 07:21:02 +0000 (08:21 +0100)]
version bump to 5.0.2dr3

8 years agoissue warning if sqlite finalize is missing
Andreas Steffen [Fri, 26 Oct 2012 11:22:02 +0000 (13:22 +0200)]
issue warning if sqlite finalize is missing

8 years agoAdded documentation for NTLM secrets
Tobias Brunner [Thu, 25 Oct 2012 07:51:47 +0000 (09:51 +0200)]
Added documentation for NTLM secrets

8 years agoFix RSA encryption padding terminator in gmp plugin, broken with 5025135f
Martin Willi [Wed, 24 Oct 2012 18:15:50 +0000 (20:15 +0200)]
Fix RSA encryption padding terminator in gmp plugin, broken with 5025135f

8 years agoAdded missing noskip_flag setter/getter to some pa_tnc_attr_t constructors
Tobias Brunner [Wed, 24 Oct 2012 15:57:19 +0000 (17:57 +0200)]
Added missing noskip_flag setter/getter to some pa_tnc_attr_t constructors

8 years agoAdd a scepclient option to specify a CA identifier to fetch certs for
Martin Willi [Wed, 24 Oct 2012 14:28:17 +0000 (16:28 +0200)]
Add a scepclient option to specify a CA identifier to fetch certs for

8 years agoRemove all ESP proposals with non-matching DH group during Quick Mode
Tobias Brunner [Thu, 18 Oct 2012 16:09:16 +0000 (18:09 +0200)]
Remove all ESP proposals with non-matching DH group during Quick Mode

According to RFC 2409, section 5.5, if PFS is used all proposals MUST
include the selected DH group, so we remove proposals without the
proposed group and remove other DH groups from the remaining proposals.

8 years agoproposal_t.strip_dh() takes a DH group to keep, using MODP_NONE will remove all
Tobias Brunner [Thu, 18 Oct 2012 15:15:32 +0000 (17:15 +0200)]
proposal_t.strip_dh() takes a DH group to keep, using MODP_NONE will remove all

8 years agoRemove MODP groups from default ESP proposal
Tobias Brunner [Thu, 18 Oct 2012 14:38:22 +0000 (16:38 +0200)]
Remove MODP groups from default ESP proposal

This now actually makes pfs=no the default and it equals the default
listed in ipsec.conf.5. efc69e9f preserved the default of pfs=yes.

8 years agoMoved utils.[ch] to utils folder
Tobias Brunner [Tue, 16 Oct 2012 14:17:57 +0000 (16:17 +0200)]
Moved utils.[ch] to utils folder

8 years agoMoved settings_t to utils folder
Tobias Brunner [Tue, 16 Oct 2012 14:08:43 +0000 (16:08 +0200)]
Moved settings_t to utils folder

8 years agoMoved debug.[ch] to utils folder
Tobias Brunner [Tue, 16 Oct 2012 14:03:21 +0000 (16:03 +0200)]
Moved debug.[ch] to utils folder

8 years agoMoved enum_name_t to utils folder
Tobias Brunner [Tue, 16 Oct 2012 13:58:19 +0000 (15:58 +0200)]
Moved enum_name_t to utils folder

8 years agoMoved chunk_t to utils folder
Tobias Brunner [Tue, 16 Oct 2012 13:53:49 +0000 (15:53 +0200)]
Moved chunk_t to utils folder

8 years agoMoved printf hooks to utils folder
Tobias Brunner [Tue, 16 Oct 2012 13:44:58 +0000 (15:44 +0200)]
Moved printf hooks to utils folder

8 years agoMoved integrity_checker_t to utils folder
Tobias Brunner [Tue, 16 Oct 2012 13:39:26 +0000 (15:39 +0200)]
Moved integrity_checker_t to utils folder

8 years agoMoved data structures to new collections subfolder
Tobias Brunner [Tue, 16 Oct 2012 12:54:16 +0000 (14:54 +0200)]
Moved data structures to new collections subfolder

8 years agoMoved packet_t and tun_device_t to networking folder
Tobias Brunner [Tue, 16 Oct 2012 12:33:28 +0000 (14:33 +0200)]
Moved packet_t and tun_device_t to networking folder

8 years agoMoved host_t and host_resolver_t to a new networking subfolder
Tobias Brunner [Tue, 16 Oct 2012 12:29:18 +0000 (14:29 +0200)]
Moved host_t and host_resolver_t to a new networking subfolder

8 years agoSend certificate requests in load-tester
Martin Willi [Fri, 19 Oct 2012 13:51:55 +0000 (15:51 +0200)]
Send certificate requests in load-tester

8 years agoAdd load-tester traffic selector configuration options
Martin Willi [Thu, 18 Oct 2012 09:32:52 +0000 (11:32 +0200)]
Add load-tester traffic selector configuration options