strongswan.git
11 years agoadded EAP-Identity package
Martin Willi [Tue, 24 Feb 2009 11:50:24 +0000 (11:50 -0000)]
added EAP-Identity package

11 years agoupdated debian packages to 4.2.12, supporting EAP-MSCHAPv2
Martin Willi [Mon, 23 Feb 2009 16:33:17 +0000 (16:33 -0000)]
updated debian packages to 4.2.12, supporting EAP-MSCHAPv2

11 years agoversion bump to 4.2.13
Andreas Steffen [Sat, 21 Feb 2009 17:53:10 +0000 (17:53 -0000)]
version bump to 4.2.13

11 years agochanges in 4.2.12 4.2.12
Andreas Steffen [Fri, 20 Feb 2009 19:52:14 +0000 (19:52 -0000)]
changes in 4.2.12

11 years agoadded eap=mschapv2 to ipsec.conf.5
Andreas Steffen [Thu, 19 Feb 2009 22:12:04 +0000 (22:12 -0000)]
added eap=mschapv2 to ipsec.conf.5

11 years agoadded ikev2/rw-eap-mschapv2 scenario
Andreas Steffen [Thu, 19 Feb 2009 22:02:28 +0000 (22:02 -0000)]
added ikev2/rw-eap-mschapv2 scenario

11 years agofixed some memleaks in mschapv2 plugin
Tobias Brunner [Thu, 19 Feb 2009 14:32:13 +0000 (14:32 -0000)]
fixed some memleaks in mschapv2 plugin

11 years agoECB mode added to the DES plugin
Tobias Brunner [Thu, 19 Feb 2009 14:29:25 +0000 (14:29 -0000)]
ECB mode added to the DES plugin

11 years agodes ecb enum value changed, ignores set for md4 plugin
Tobias Brunner [Thu, 19 Feb 2009 13:46:08 +0000 (13:46 -0000)]
des ecb enum value changed, ignores set for md4 plugin

11 years agoadded Id svn:keyword
Andreas Steffen [Thu, 19 Feb 2009 10:16:45 +0000 (10:16 -0000)]
added Id svn:keyword

11 years agosupport of MD4 hash
Andreas Steffen [Thu, 19 Feb 2009 10:06:58 +0000 (10:06 -0000)]
support of MD4 hash

11 years agocorrected typo
Andreas Steffen [Thu, 19 Feb 2009 09:54:31 +0000 (09:54 -0000)]
corrected typo

11 years agoadding plugin for EAP-MS-CHAPv2
Tobias Brunner [Wed, 18 Feb 2009 19:57:15 +0000 (19:57 -0000)]
adding plugin for EAP-MS-CHAPv2

11 years agoforce unique connections for mediation connections
Tobias Brunner [Wed, 18 Feb 2009 19:48:11 +0000 (19:48 -0000)]
force unique connections for mediation connections

11 years agoadding enum elements for MD4 and DES (ECB)
Tobias Brunner [Wed, 18 Feb 2009 19:45:46 +0000 (19:45 -0000)]
adding enum elements for MD4 and DES (ECB)

11 years agoadding MD4 and DES (ECB) to openssl plugin
Tobias Brunner [Wed, 18 Feb 2009 19:41:33 +0000 (19:41 -0000)]
adding MD4 and DES (ECB) to openssl plugin

11 years agoalways encode EAP usernames as ID_KEY_ID
Martin Willi [Wed, 18 Feb 2009 15:03:33 +0000 (15:03 -0000)]
always encode EAP usernames as ID_KEY_ID

11 years agoremoved unused extract_last_token() and the required memrchr implementation
Martin Willi [Wed, 18 Feb 2009 09:45:54 +0000 (09:45 -0000)]
removed unused extract_last_token() and the required memrchr implementation

11 years agodo not operate on strongswan-padlock on non-x86
Martin Willi [Tue, 17 Feb 2009 18:30:02 +0000 (18:30 -0000)]
do not operate on strongswan-padlock on non-x86

11 years agotypo
Tobias Brunner [Tue, 17 Feb 2009 17:14:15 +0000 (17:14 -0000)]
typo

11 years agoadded missing kernel-netlink plugin
Martin Willi [Tue, 17 Feb 2009 09:38:42 +0000 (09:38 -0000)]
added missing kernel-netlink plugin

11 years agofixed build on non-i386 architectures
Martin Willi [Tue, 17 Feb 2009 09:34:52 +0000 (09:34 -0000)]
fixed build on non-i386 architectures

11 years agobuild strongswan-padlock on i386 only
Martin Willi [Mon, 16 Feb 2009 16:49:43 +0000 (16:49 -0000)]
build strongswan-padlock on i386 only

11 years agouse separate distribution tarballs for NetworkManager applet
Martin Willi [Mon, 16 Feb 2009 16:11:16 +0000 (16:11 -0000)]
use separate distribution tarballs for NetworkManager applet

11 years agouse a slightly adopted package versioning scheme
Martin Willi [Mon, 16 Feb 2009 16:05:30 +0000 (16:05 -0000)]
use a slightly adopted package versioning scheme
  NM applet uses strongSwan independent versions

11 years agoadded Makefile to build ubuntu PPA source packages
Martin Willi [Mon, 16 Feb 2009 16:03:09 +0000 (16:03 -0000)]
added Makefile to build ubuntu PPA source packages

11 years agoinitial version of new modular strongswan debian packages
Martin Willi [Mon, 16 Feb 2009 12:48:35 +0000 (12:48 -0000)]
initial version of new modular strongswan debian packages
  "strongswan" metapackage adds similar functionality as old debian packages
  "network-manager-strongswan" depends on required strongSwan packages

11 years agoconfiguration of NBNS server assignment via strongswan.conf
Andreas Steffen [Fri, 13 Feb 2009 11:57:50 +0000 (11:57 -0000)]
configuration of NBNS server assignment via strongswan.conf

11 years agouse internal host venus as dns2
Andreas Steffen [Thu, 12 Feb 2009 09:18:42 +0000 (09:18 -0000)]
use internal host venus as dns2

11 years agoconfiguration of DNS server assignment via strongswan.conf
Andreas Steffen [Thu, 12 Feb 2009 09:02:15 +0000 (09:02 -0000)]
configuration of DNS server assignment via strongswan.conf

11 years ago[4859] caused crash when handling the %config case
Andreas Steffen [Wed, 11 Feb 2009 22:39:35 +0000 (22:39 -0000)]
[4859] caused crash when handling the %config case

11 years agocorrected syntax
Andreas Steffen [Wed, 11 Feb 2009 16:45:14 +0000 (16:45 -0000)]
corrected syntax

11 years agothis debug statement has only two arguments
Andreas Steffen [Wed, 11 Feb 2009 16:41:37 +0000 (16:41 -0000)]
this debug statement has only two arguments

11 years agofixed a 64-bit issue with time_t printf hooks
Andreas Steffen [Wed, 11 Feb 2009 16:37:16 +0000 (16:37 -0000)]
fixed a 64-bit issue with time_t printf hooks

11 years agochanged [4856] to dynamically choose traffic selector family
Martin Willi [Wed, 11 Feb 2009 13:09:52 +0000 (13:09 -0000)]
changed [4856] to dynamically choose traffic selector family

11 years agorespect family when assigning pool addresses
Martin Willi [Wed, 11 Feb 2009 12:50:04 +0000 (12:50 -0000)]
respect family when assigning pool addresses

11 years agosend proper AUTHENTICATION_FAILED if EAP method is successful, but AUTH mismatches
Martin Willi [Tue, 10 Feb 2009 17:21:44 +0000 (17:21 -0000)]
send proper AUTHENTICATION_FAILED if EAP method is successful, but AUTH mismatches

11 years agofree unneeded retransmission packet when exchange completes
Martin Willi [Mon, 9 Feb 2009 10:45:51 +0000 (10:45 -0000)]
free unneeded retransmission packet when exchange completes

11 years agosupport of dynamic/128 and %any6
Andreas Steffen [Thu, 5 Feb 2009 22:13:48 +0000 (22:13 -0000)]
support of dynamic/128 and %any6

11 years agodisable MOBIKE in load-tester
Andreas Steffen [Thu, 5 Feb 2009 10:10:20 +0000 (10:10 -0000)]
disable MOBIKE in load-tester

11 years agooutput pool name string rather than pool pointer
Andreas Steffen [Wed, 28 Jan 2009 00:37:11 +0000 (00:37 -0000)]
output pool name string rather than pool pointer

11 years agoversion bump to 4.2.12
Andreas Steffen [Wed, 21 Jan 2009 03:14:52 +0000 (03:14 -0000)]
version bump to 4.2.12

11 years agoadded two Microsoft proprietary configuration attribute types 4.2.11
Andreas Steffen [Tue, 20 Jan 2009 22:55:13 +0000 (22:55 -0000)]
added two Microsoft proprietary configuration attribute types

11 years agochanges in 4.2.11
Andreas Steffen [Tue, 20 Jan 2009 22:37:58 +0000 (22:37 -0000)]
changes in 4.2.11

11 years agoadded notify message types used by RFC 4739
Andreas Steffen [Mon, 19 Jan 2009 12:32:42 +0000 (12:32 -0000)]
added notify message types used by RFC 4739

11 years agoproper initialization and disposal of keying material
Andreas Steffen [Thu, 15 Jan 2009 01:52:44 +0000 (01:52 -0000)]
proper initialization and disposal of keying material

11 years agoadded pfkey/esp-alg-null scenario
Andreas Steffen [Thu, 15 Jan 2009 00:47:21 +0000 (00:47 -0000)]
added pfkey/esp-alg-null scenario

11 years agoadded ikev2/esp-alg-null scenario
Andreas Steffen [Thu, 15 Jan 2009 00:39:06 +0000 (00:39 -0000)]
added ikev2/esp-alg-null scenario

11 years agofixed ESP NULL encryption
Andreas Steffen [Thu, 15 Jan 2009 00:34:42 +0000 (00:34 -0000)]
fixed ESP NULL encryption

11 years agofixed broken listing of connections in ipsec statusall
Andreas Steffen [Wed, 14 Jan 2009 08:10:16 +0000 (08:10 -0000)]
fixed broken listing of connections in ipsec statusall

11 years agoadded eap=gtc option to ipsec.conf man page
Andreas Steffen [Wed, 14 Jan 2009 03:29:59 +0000 (03:29 -0000)]
added eap=gtc option to ipsec.conf man page

11 years agodisable DPD and sending of cert requests in load-tester
Andreas Steffen [Wed, 14 Jan 2009 00:13:21 +0000 (00:13 -0000)]
disable DPD and sending of cert requests in load-tester

11 years agofixing cross-compilation
Tobias Brunner [Tue, 13 Jan 2009 10:38:16 +0000 (10:38 -0000)]
fixing cross-compilation

11 years agocosmetics
Andreas Steffen [Tue, 13 Jan 2009 06:50:55 +0000 (06:50 -0000)]
cosmetics

11 years agochanged type definition of level from char* to int
Andreas Steffen [Tue, 13 Jan 2009 06:36:31 +0000 (06:36 -0000)]
changed type definition of level from char* to int

11 years agohiding XFRM message names from netlink
Andreas Steffen [Fri, 9 Jan 2009 09:37:13 +0000 (09:37 -0000)]
hiding XFRM message names from netlink

11 years agorenamed chunk
Andreas Steffen [Fri, 9 Jan 2009 08:51:41 +0000 (08:51 -0000)]
renamed chunk

11 years agorefactored DBG3 output of sent XFRM messages
Andreas Steffen [Fri, 9 Jan 2009 08:46:31 +0000 (08:46 -0000)]
refactored DBG3 output of sent XFRM messages

11 years agoDBG3 output of sent XFRM messages
Andreas Steffen [Fri, 9 Jan 2009 08:27:17 +0000 (08:27 -0000)]
DBG3 output of sent XFRM messages

11 years agoadded message for undefined ocsp status #4
Andreas Steffen [Fri, 9 Jan 2009 01:36:13 +0000 (01:36 -0000)]
added message for undefined ocsp status #4

11 years agoadd a compatible memrchr() function if the platform does not support it (e.g. old...
Andreas Steffen [Fri, 9 Jan 2009 01:19:45 +0000 (01:19 -0000)]
add a compatible memrchr() function if the platform does not support it (e.g. old glibc). Patch courtesy to Thomas Jarosch

11 years agothe Linux 2.6.28 uml guest kernel does not need any patches
Andreas Steffen [Fri, 9 Jan 2009 00:28:47 +0000 (00:28 -0000)]
the Linux 2.6.28 uml guest kernel does not need any patches

11 years agotest of ipsec leases command in ikev2/ip-pool and ikev2/ip-two-pools scenarios
Andreas Steffen [Fri, 9 Jan 2009 00:24:54 +0000 (00:24 -0000)]
test of ipsec leases command in ikev2/ip-pool and ikev2/ip-two-pools scenarios

11 years agoversion bump to 2.4.11
Andreas Steffen [Thu, 8 Jan 2009 22:23:42 +0000 (22:23 -0000)]
version bump to 2.4.11

11 years agoadapted ikev2/ip-pool-wish scenario to the new stroke ip pool function
Andreas Steffen [Thu, 8 Jan 2009 21:41:07 +0000 (21:41 -0000)]
adapted ikev2/ip-pool-wish scenario to the new stroke ip pool function

11 years agofixed two bugs introduced by the stroke ip pool refactoring 4.2.10
Andreas Steffen [Thu, 8 Jan 2009 21:34:44 +0000 (21:34 -0000)]
fixed two bugs introduced by the stroke ip pool refactoring

11 years agoincrease nonce size to 32 bytes, required when using SHA384/512 PRFs
Martin Willi [Wed, 31 Dec 2008 08:58:49 +0000 (08:58 -0000)]
increase nonce size to 32 bytes, required when using SHA384/512 PRFs

11 years agomissing LOGFILE in debug statement
Andreas Steffen [Tue, 23 Dec 2008 06:35:16 +0000 (06:35 -0000)]
missing LOGFILE in debug statement

11 years agoadded some NEWS for 4.2.10
Martin Willi [Mon, 22 Dec 2008 12:48:50 +0000 (12:48 -0000)]
added some NEWS for 4.2.10

11 years agofixed a potential memory leak when reusing mobike task
Martin Willi [Fri, 19 Dec 2008 14:34:40 +0000 (14:34 -0000)]
fixed a potential memory leak when reusing mobike task

11 years agoRNG tests based on FIPS 140-1
Martin Willi [Thu, 18 Dec 2008 16:24:22 +0000 (16:24 -0000)]
RNG tests based on FIPS 140-1

11 years agosupport for Padlock RNG
Martin Willi [Thu, 18 Dec 2008 16:21:05 +0000 (16:21 -0000)]
support for Padlock RNG

11 years agoproper feature probing for padlock
Martin Willi [Wed, 17 Dec 2008 15:40:01 +0000 (15:40 -0000)]
proper feature probing for padlock

11 years agocorrect use of calloc in hashtable_t
Tobias Brunner [Wed, 17 Dec 2008 09:56:05 +0000 (09:56 -0000)]
correct use of calloc in hashtable_t

11 years agoupdated documentation
Martin Willi [Wed, 17 Dec 2008 09:00:22 +0000 (09:00 -0000)]
updated documentation
some minor cleanups
calloc does not need an additional memset(0)

11 years agoimproved IKE_SA uniqueness check
Tobias Brunner [Tue, 16 Dec 2008 17:21:28 +0000 (17:21 -0000)]
improved IKE_SA uniqueness check

11 years agopurge certificates after IKE_AUTH response has been built
Martin Willi [Tue, 16 Dec 2008 15:48:36 +0000 (15:48 -0000)]
purge certificates after IKE_AUTH response has been built

11 years agoreimplemented certificate cache:
Martin Willi [Mon, 15 Dec 2008 15:41:48 +0000 (15:41 -0000)]
reimplemented certificate cache:
fixes unsafe certificate caching
use fixed array instead of a list
fine grained per-slot locking
use cache hits for housekeeping

11 years agosignal each entry condvar after enumeration, required if wait_for_entry is called
Martin Willi [Mon, 15 Dec 2008 09:19:04 +0000 (09:19 -0000)]
signal each entry condvar after enumeration, required if wait_for_entry is called

11 years agoadded an additional frame to lock profiling backtraces
Martin Willi [Mon, 15 Dec 2008 09:13:43 +0000 (09:13 -0000)]
added an additional frame to lock profiling backtraces

11 years agodo not respawn cancelled threads if we are shutting down
Martin Willi [Fri, 12 Dec 2008 15:57:12 +0000 (15:57 -0000)]
do not respawn cancelled threads if we are shutting down

11 years agofixed possible deadlock in checkin_and_destroy
Martin Willi [Fri, 12 Dec 2008 10:40:45 +0000 (10:40 -0000)]
fixed possible deadlock in checkin_and_destroy

11 years agoavoid DNS lookup if possible
Martin Willi [Fri, 12 Dec 2008 10:38:53 +0000 (10:38 -0000)]
avoid DNS lookup if possible

11 years agoexecute events if difference is 0, prevents a busywait
Martin Willi [Fri, 12 Dec 2008 09:16:31 +0000 (09:16 -0000)]
execute events if difference is 0, prevents a busywait

11 years agoload tester got a "shutdown_when_complete" option, allows performance test using...
Martin Willi [Fri, 12 Dec 2008 09:14:37 +0000 (09:14 -0000)]
load tester got a "shutdown_when_complete" option, allows performance test using "time"

11 years agodaemon exports main_thread_id, sends SIGTERM to the main thread in daemon_kill
Martin Willi [Fri, 12 Dec 2008 09:13:06 +0000 (09:13 -0000)]
daemon exports main_thread_id, sends SIGTERM to the main thread in daemon_kill

11 years agoleak detective binds execution to a signle core, avoids corruption on SMP machines
Martin Willi [Fri, 12 Dec 2008 09:10:52 +0000 (09:10 -0000)]
leak detective binds execution to a signle core, avoids corruption on SMP machines

11 years agowait until all IKE_SAs are in-house before destroying them
Martin Willi [Fri, 12 Dec 2008 08:33:48 +0000 (08:33 -0000)]
wait until all IKE_SAs are in-house before destroying them

11 years agoaddress extensions refactored
Tobias Brunner [Thu, 11 Dec 2008 13:39:30 +0000 (13:39 -0000)]
address extensions refactored

11 years agofixed usage of "leases" command
Martin Willi [Thu, 11 Dec 2008 12:49:41 +0000 (12:49 -0000)]
fixed usage of "leases" command

11 years agonat_traversal in manpage corrected
Tobias Brunner [Wed, 10 Dec 2008 17:45:44 +0000 (17:45 -0000)]
nat_traversal in manpage corrected

11 years agofixing checkout of IKE SAs with only the initiator SPI
Tobias Brunner [Wed, 10 Dec 2008 15:58:39 +0000 (15:58 -0000)]
fixing checkout of IKE SAs with only the initiator SPI

11 years agoincreasing the performance of checkout_duplicate by using a hash table.
Tobias Brunner [Wed, 10 Dec 2008 13:51:21 +0000 (13:51 -0000)]
increasing the performance of checkout_duplicate by using a hash table.

11 years agoinitial size of 1 is nonsense
Tobias Brunner [Wed, 10 Dec 2008 13:45:05 +0000 (13:45 -0000)]
initial size of 1 is nonsense

11 years agoincremental version of chunk_hash
Tobias Brunner [Wed, 10 Dec 2008 13:43:51 +0000 (13:43 -0000)]
incremental version of chunk_hash

11 years agolist assigned leases using "ipsec leases"
Martin Willi [Wed, 10 Dec 2008 13:00:02 +0000 (13:00 -0000)]
list assigned leases using "ipsec leases"

11 years agoadded IKE_SA established timer to "ipsec statusall"
Martin Willi [Wed, 10 Dec 2008 09:59:35 +0000 (09:59 -0000)]
added IKE_SA established timer to "ipsec statusall"

11 years agousing rwlock to parallel build credentials
Martin Willi [Tue, 9 Dec 2008 15:57:51 +0000 (15:57 -0000)]
using rwlock to parallel build credentials

11 years agouse thread-safe variant of gmtime
Martin Willi [Tue, 9 Dec 2008 15:00:30 +0000 (15:00 -0000)]
use thread-safe variant of gmtime

11 years agofixed load-tester shared key lookup
Martin Willi [Tue, 9 Dec 2008 14:45:56 +0000 (14:45 -0000)]
fixed load-tester shared key lookup