strongswan.git
13 years agosupport of right=%<FQDN> wildcard
Andreas Steffen [Mon, 25 Jun 2007 11:28:39 +0000 (11:28 -0000)]
support of right=%<FQDN> wildcard

13 years agodiscarded unused functions
Andreas Steffen [Mon, 25 Jun 2007 09:06:13 +0000 (09:06 -0000)]
discarded unused functions

13 years agomake starter behave more gracefully in the presence of non-fatal errors
Andreas Steffen [Mon, 25 Jun 2007 07:10:23 +0000 (07:10 -0000)]
make starter behave more gracefully in the presence of non-fatal errors

13 years agofurther MOBIKE stuff:
Martin Willi [Thu, 21 Jun 2007 15:25:28 +0000 (15:25 -0000)]
further MOBIKE stuff:
  kernel properly reports network reconfiguration and informs all IKE_SAs
  MOBIKE in IKE_AUTH: MOBIKE_SUPPORTED notify and address exchange
  reestablishment of IKE_SAs on network reconfiguration kinda works
  not stable yet!

13 years agoadded MOBIKE rfc
Martin Willi [Wed, 20 Jun 2007 10:12:11 +0000 (10:12 -0000)]
added MOBIKE rfc

13 years agoIKEv1 rightallowany flag introduced
Andreas Steffen [Wed, 20 Jun 2007 09:46:54 +0000 (09:46 -0000)]
IKEv1 rightallowany flag introduced

13 years agodon't modify des/3des input key anymore
Martin Willi [Tue, 19 Jun 2007 07:56:28 +0000 (07:56 -0000)]
don't modify des/3des input key anymore

13 years agofixed virtua IP: adding virtual IP to interface address list cache directly
Martin Willi [Tue, 19 Jun 2007 06:20:33 +0000 (06:20 -0000)]
fixed virtua IP: adding virtual IP to interface address list cache directly
corrected debug targets

13 years agoset nexthop to him when instantiating rightallowyes template with leftnexthop ==...
Andreas Steffen [Mon, 18 Jun 2007 20:07:47 +0000 (20:07 -0000)]
set nexthop to him when instantiating rightallowyes template with leftnexthop == right

13 years agosupport of right|leftallowany flag
Andreas Steffen [Mon, 18 Jun 2007 17:51:45 +0000 (17:51 -0000)]
support of right|leftallowany flag

13 years agoadded dynamic DNS scenarios
Andreas Steffen [Mon, 18 Jun 2007 17:50:54 +0000 (17:50 -0000)]
added dynamic DNS scenarios

13 years agoadded extensions management to IKE_SA
Martin Willi [Mon, 18 Jun 2007 10:32:01 +0000 (10:32 -0000)]
added extensions management to IKE_SA
fixed NATD payload (port) when using route lookup

13 years agosource address lookup in kernel interface
Martin Willi [Mon, 18 Jun 2007 07:25:58 +0000 (07:25 -0000)]
source address lookup in kernel interface
  use it for NAT detection if no source address known from config
  support for %any...%any connections

13 years agosupport for left=%any change our address dynamically
Martin Willi [Mon, 18 Jun 2007 05:57:59 +0000 (05:57 -0000)]
support for left=%any change our address dynamically

13 years agoincreased receive buffer to handle more interfaces
Martin Willi [Mon, 18 Jun 2007 05:56:18 +0000 (05:56 -0000)]
increased receive buffer to handle more interfaces

13 years ago eliminated nexthop
Andreas Steffen [Sun, 17 Jun 2007 15:29:49 +0000 (15:29 -0000)]
 eliminated nexthop

13 years agofixed typo
Andreas Steffen [Sat, 16 Jun 2007 20:22:05 +0000 (20:22 -0000)]
fixed typo

13 years agorecognize strongswan-2.8.5 VID
Andreas Steffen [Sat, 16 Jun 2007 20:21:14 +0000 (20:21 -0000)]
recognize strongswan-2.8.5 VID

13 years agoimplemented more flexible iterator hook API
Martin Willi [Fri, 15 Jun 2007 13:23:18 +0000 (13:23 -0000)]
implemented more flexible iterator hook API
kernel interface handles interface changes and updates address list

13 years agoimplemented address change notification (for MOBIKE)
Martin Willi [Thu, 14 Jun 2007 15:16:15 +0000 (15:16 -0000)]
implemented address change notification (for MOBIKE)
  implemented up to date address list cache to list interfaces

13 years agofixed memleak when initiating to %any
Martin Willi [Thu, 14 Jun 2007 08:44:19 +0000 (08:44 -0000)]
fixed memleak when initiating to %any

13 years agoadded missing files to the last commit
Martin Willi [Thu, 14 Jun 2007 08:17:23 +0000 (08:17 -0000)]
added missing files to the last commit

13 years agoproper reauthentication:
Martin Willi [Thu, 14 Jun 2007 08:13:05 +0000 (08:13 -0000)]
proper reauthentication:
  IKE_SA is closed completely before the new is initiated,
  resolves some issues when a dynamic IP is requested from a pool

13 years agocase insensitive identification_t.equals() for FQDN and RFC822ADDR
Martin Willi [Thu, 14 Jun 2007 07:02:01 +0000 (07:02 -0000)]
case insensitive identification_t.equals() for FQDN and RFC822ADDR

13 years agoported interfaces to new threading functions (incomplete)
Martin Willi [Mon, 11 Jun 2007 14:24:32 +0000 (14:24 -0000)]
ported interfaces to new threading functions (incomplete)

13 years agoadded setsid() to properly detach from console
Martin Willi [Mon, 11 Jun 2007 12:21:12 +0000 (12:21 -0000)]
added setsid() to properly detach from console

13 years agodocumentation fixes and updates
Martin Willi [Mon, 11 Jun 2007 12:11:41 +0000 (12:11 -0000)]
documentation fixes and updates

13 years agointroduced callback_job:
Martin Willi [Mon, 11 Jun 2007 10:57:19 +0000 (10:57 -0000)]
introduced callback_job:
  simple asynchronous method invocation
  use daemons thread pool for all threads
  proper cancellation and cleanups
  cancellation mechanism to dynamically unload multithreaded code
unified event_queue and scheduler => scheduler
unified job_queue and thread_pool => processor
removed job_type_t, not really needed
fixes here, there and everywhere

13 years agoremoved all nexthop statements
Andreas Steffen [Sun, 10 Jun 2007 18:52:14 +0000 (18:52 -0000)]
removed all nexthop statements

13 years agodisabling leak detective at runtime by setting LEAK_DETECTIVE_DISABLE env var
Martin Willi [Fri, 8 Jun 2007 07:21:03 +0000 (07:21 -0000)]
disabling leak detective at runtime by setting LEAK_DETECTIVE_DISABLE env var

13 years agoversion bumps to linux 2.6.21.3 kernel and strongswan 4.1.4
Andreas Steffen [Fri, 8 Jun 2007 07:11:06 +0000 (07:11 -0000)]
version bumps to linux 2.6.21.3 kernel and strongswan 4.1.4

13 years agoadded x as a wildcard for number of tests
Andreas Steffen [Fri, 8 Jun 2007 07:10:00 +0000 (07:10 -0000)]
added x as a wildcard for number of tests

13 years agopass eroutes now need explicit routes
Andreas Steffen [Fri, 8 Jun 2007 07:06:10 +0000 (07:06 -0000)]
pass eroutes now need explicit routes

13 years agono need for left|rightnexthop parameter any more
Andreas Steffen [Fri, 8 Jun 2007 07:03:14 +0000 (07:03 -0000)]
no need for left|rightnexthop parameter any more

13 years agodo not delete existing routes with NETKEY
Andreas Steffen [Fri, 8 Jun 2007 07:01:17 +0000 (07:01 -0000)]
do not delete existing routes with NETKEY

13 years ago_updown inserts routes only if a sourceip is defined
Andreas Steffen [Wed, 6 Jun 2007 13:37:43 +0000 (13:37 -0000)]
_updown inserts routes only if a sourceip is defined

13 years agoinsert route only in case of sourceip
Andreas Steffen [Wed, 6 Jun 2007 13:30:27 +0000 (13:30 -0000)]
insert route only in case of sourceip

13 years agodo not print nexthop in ipsec status[all]
Andreas Steffen [Wed, 6 Jun 2007 13:16:48 +0000 (13:16 -0000)]
do not print nexthop in ipsec status[all]

13 years agoincluded patch from Rene Mayrhofer to respect DESTDIR in make install
Martin Willi [Wed, 6 Jun 2007 05:55:18 +0000 (05:55 -0000)]
included patch from Rene Mayrhofer to respect DESTDIR in make install

13 years agoversion bump to 4.1.4
Andreas Steffen [Sat, 26 May 2007 19:07:39 +0000 (19:07 -0000)]
version bump to 4.1.4

13 years agoversion bump to 4.1.4
Andreas Steffen [Sat, 26 May 2007 19:05:34 +0000 (19:05 -0000)]
version bump to 4.1.4

13 years agomoved assignment of CERT_UNKNOWN 4.1.3
Andreas Steffen [Fri, 25 May 2007 14:04:39 +0000 (14:04 -0000)]
moved assignment of CERT_UNKNOWN

13 years agochanged exceeded to reached
Andreas Steffen [Fri, 25 May 2007 11:42:00 +0000 (11:42 -0000)]
changed exceeded to reached

13 years agolog trust pathlen
Andreas Steffen [Fri, 25 May 2007 11:41:06 +0000 (11:41 -0000)]
log trust pathlen

13 years agofixed html output
Andreas Steffen [Fri, 25 May 2007 11:33:49 +0000 (11:33 -0000)]
fixed html output

13 years agolibfreeswan kernel header problem fixed
Andreas Steffen [Fri, 25 May 2007 11:17:16 +0000 (11:17 -0000)]
libfreeswan kernel header problem fixed

13 years agoincluded a certificate label in the is_trusted() method
Andreas Steffen [Fri, 25 May 2007 11:10:35 +0000 (11:10 -0000)]
included a certificate label in the is_trusted() method

13 years agoupdated NEWS for 4.1.3
Martin Willi [Fri, 25 May 2007 11:06:03 +0000 (11:06 -0000)]
updated NEWS for 4.1.3

13 years agostop dave in posttest.dat
Andreas Steffen [Fri, 25 May 2007 09:29:10 +0000 (09:29 -0000)]
stop dave in posttest.dat

13 years agomulti-level-ca-strict scenario added
Andreas Steffen [Fri, 25 May 2007 09:23:24 +0000 (09:23 -0000)]
multi-level-ca-strict scenario added

13 years agovirtual-ip-override scenario added
Andreas Steffen [Fri, 25 May 2007 09:22:42 +0000 (09:22 -0000)]
virtual-ip-override scenario added

13 years agostop iptables on dave
Andreas Steffen [Fri, 25 May 2007 09:22:08 +0000 (09:22 -0000)]
stop iptables on dave

13 years agoDBG1 level now shows stepping up through the certifiate hierarchy up to the trust...
Andreas Steffen [Fri, 25 May 2007 08:29:35 +0000 (08:29 -0000)]
DBG1 level now shows stepping up through the certifiate hierarchy up to the trust anchor

13 years agoset certinfo status to CERT_UNKNOWN before crl and|or ocsp verification
Andreas Steffen [Fri, 25 May 2007 08:21:27 +0000 (08:21 -0000)]
set certinfo status to CERT_UNKNOWN before crl and|or ocsp verification

13 years agox509_t* argument in get_issuer() method is not constant any more because a short...
Andreas Steffen [Fri, 25 May 2007 08:17:29 +0000 (08:17 -0000)]
x509_t* argument in get_issuer() method is not constant any more because a short cut to the ca might be set

13 years agofixed virtual-ip scenario
Andreas Steffen [Fri, 25 May 2007 07:28:00 +0000 (07:28 -0000)]
fixed virtual-ip scenario

13 years agoversion bump to 4.1.3
Andreas Steffen [Fri, 25 May 2007 07:27:33 +0000 (07:27 -0000)]
version bump to 4.1.3

13 years agoadded parsing of charging and group attributes
Andreas Steffen [Fri, 25 May 2007 07:26:33 +0000 (07:26 -0000)]
added parsing of charging and group attributes

13 years agoversion bump to 4.1.3
Andreas Steffen [Fri, 25 May 2007 07:25:38 +0000 (07:25 -0000)]
version bump to 4.1.3

13 years agofixed man page
Martin Willi [Fri, 25 May 2007 07:19:49 +0000 (07:19 -0000)]
fixed man page

13 years agoupdated man-page for left/rightsourceip
Martin Willi [Fri, 25 May 2007 07:15:18 +0000 (07:15 -0000)]
updated man-page for left/rightsourceip

13 years agoremoved paranoid module checking
Martin Willi [Fri, 25 May 2007 05:45:41 +0000 (05:45 -0000)]
removed paranoid module checking

13 years agoadded compatibility names (pluto) for sha2 algorithms (sha2_256, ...)
Martin Willi [Fri, 25 May 2007 05:44:53 +0000 (05:44 -0000)]
added compatibility names (pluto) for sha2 algorithms (sha2_256, ...)

13 years agoadded #define LDAP_DEPRECATED in order to use old ldap_init() function
Andreas Steffen [Thu, 24 May 2007 12:09:48 +0000 (12:09 -0000)]
added #define LDAP_DEPRECATED in order to use old ldap_init() function

13 years agoremoved unneeded libdes files speed.c and des_opts.c
Andreas Steffen [Thu, 24 May 2007 12:08:44 +0000 (12:08 -0000)]
removed unneeded libdes files speed.c and des_opts.c

13 years agocecho changes in UML scripts
Andreas Steffen [Wed, 23 May 2007 22:24:47 +0000 (22:24 -0000)]
cecho changes in UML scripts

13 years agoadded virtual-ip scenario
Andreas Steffen [Wed, 23 May 2007 21:41:05 +0000 (21:41 -0000)]
added virtual-ip scenario

13 years agodefined ietfAttr_t type and its destroy function
Andreas Steffen [Wed, 23 May 2007 19:43:24 +0000 (19:43 -0000)]
defined ietfAttr_t type and its destroy function

13 years agoremoved old FreeS/WAN cvs revision entries
Andreas Steffen [Wed, 23 May 2007 19:27:48 +0000 (19:27 -0000)]
removed old FreeS/WAN cvs revision entries

13 years agoadded #include <linux/types.h> required by 2.6.21 linux headers
Andreas Steffen [Wed, 23 May 2007 19:27:02 +0000 (19:27 -0000)]
added #include <linux/types.h> required by 2.6.21 linux headers

13 years agoproper thread cancellation when using the charon->interfaces
Martin Willi [Wed, 23 May 2007 09:08:13 +0000 (09:08 -0000)]
proper thread cancellation when using the charon->interfaces

13 years agofixed crash when using 0.0.0.0/0 subnets
Martin Willi [Wed, 23 May 2007 06:33:22 +0000 (06:33 -0000)]
fixed crash when using 0.0.0.0/0 subnets

13 years agoremoved misleading warning when rekeying
Martin Willi [Wed, 23 May 2007 06:32:41 +0000 (06:32 -0000)]
removed misleading warning when rekeying

13 years agosupport for virtual IP definition on client side:
Martin Willi [Tue, 22 May 2007 13:49:31 +0000 (13:49 -0000)]
support for virtual IP definition on client side:
  if leftsourceip is defined, it is requested.
  server may define rightsourceip=%config to accept any,
  or it may overwrite it using rightsourceip.
  if server does not return an IP, client enforces its configured leftsourceip.

13 years agofixed memleak
Martin Willi [Tue, 22 May 2007 09:38:42 +0000 (09:38 -0000)]
fixed memleak

13 years agousing local address as gateway in installed routes
Martin Willi [Tue, 22 May 2007 07:47:16 +0000 (07:47 -0000)]
using local address as gateway in installed routes

13 years agosupport of left|rightgroups parameter
Andreas Steffen [Sun, 20 May 2007 15:38:36 +0000 (15:38 -0000)]
support of left|rightgroups parameter

13 years agoreduced crl validity of research and sales ca to 15 days
Andreas Steffen [Sat, 19 May 2007 19:47:24 +0000 (19:47 -0000)]
reduced crl validity of research and sales ca to 15 days

13 years agofixed nextUpdate and until behaviour in the non-strict case
Andreas Steffen [Sat, 19 May 2007 19:46:13 +0000 (19:46 -0000)]
fixed nextUpdate and until behaviour in the non-strict case

13 years agoset rightca= to root CA
Andreas Steffen [Fri, 18 May 2007 13:19:47 +0000 (13:19 -0000)]
set rightca= to root CA

13 years agoadded multi-level-ca-revoked scenario
Andreas Steffen [Fri, 18 May 2007 13:18:28 +0000 (13:18 -0000)]
added  multi-level-ca-revoked scenario

13 years agoadded multi-level-ca-loop scenario
Andreas Steffen [Fri, 18 May 2007 12:42:49 +0000 (12:42 -0000)]
added  multi-level-ca-loop scenario

13 years agosupport of CA-based ipsec policies
Andreas Steffen [Fri, 18 May 2007 12:28:05 +0000 (12:28 -0000)]
support of CA-based ipsec policies

13 years agosupport of CA-based ipsec policies
Andreas Steffen [Fri, 18 May 2007 12:25:37 +0000 (12:25 -0000)]
support of CA-based ipsec policies

13 years agosupport of crlnumber in research and sales CAs
Andreas Steffen [Fri, 18 May 2007 12:24:50 +0000 (12:24 -0000)]
support of crlnumber in research and sales CAs

13 years agoadded multi-level-ca-ldap scenario
Andreas Steffen [Fri, 18 May 2007 12:23:31 +0000 (12:23 -0000)]
added multi-level-ca-ldap scenario

13 years agoadded multi-level-ca scenario
Andreas Steffen [Fri, 18 May 2007 12:23:10 +0000 (12:23 -0000)]
added multi-level-ca scenario

13 years agoca-based policy now requires rightca=%any in the two-certs scenario
Andreas Steffen [Fri, 18 May 2007 10:53:58 +0000 (10:53 -0000)]
ca-based policy now requires rightca=%any in the two-certs scenario

13 years agoadd is_ca() method
Andreas Steffen [Fri, 18 May 2007 10:16:10 +0000 (10:16 -0000)]
add is_ca() method

13 years agoadded set_ca_info() and get_ca_info() methods
Andreas Steffen [Fri, 18 May 2007 10:15:23 +0000 (10:15 -0000)]
added set_ca_info() and get_ca_info() methods

13 years agooutput of eap_type_names requires %N format
Andreas Steffen [Fri, 18 May 2007 10:14:01 +0000 (10:14 -0000)]
output of eap_type_names requires %N format

13 years agoadded set_other_ca() and get_other_ca()
Andreas Steffen [Thu, 17 May 2007 17:55:29 +0000 (17:55 -0000)]
added set_other_ca() and get_other_ca()

13 years agoadded set_other_ca() and get_other_ca()
Andreas Steffen [Thu, 17 May 2007 17:55:02 +0000 (17:55 -0000)]
added set_other_ca() and get_other_ca()

13 years agoexport MAX_CA_PATH_LEN
Andreas Steffen [Thu, 17 May 2007 17:19:09 +0000 (17:19 -0000)]
export MAX_CA_PATH_LEN

13 years agocheck self-signedness of certificate at creation time
Andreas Steffen [Thu, 17 May 2007 17:18:38 +0000 (17:18 -0000)]
check self-signedness of certificate at creation time

13 years agoremoved route_job, handled all in interface_manager
Martin Willi [Wed, 16 May 2007 08:49:10 +0000 (08:49 -0000)]
removed route_job, handled all in interface_manager

13 years agorouting/unrouting through interface
Martin Willi [Wed, 16 May 2007 08:32:15 +0000 (08:32 -0000)]
routing/unrouting through interface

13 years agoremoved dead folder
Martin Willi [Wed, 16 May 2007 06:42:52 +0000 (06:42 -0000)]
removed dead folder

13 years agohierarchical display of tests
Andreas Steffen [Tue, 15 May 2007 20:30:21 +0000 (20:30 -0000)]
hierarchical display of tests

13 years agomultiple peer certificate support
Andreas Steffen [Tue, 15 May 2007 19:07:38 +0000 (19:07 -0000)]
multiple peer certificate support