strongswan.git
10 years agofixed segmentation fault due to null pointer
Andreas Steffen [Fri, 22 Apr 2011 08:11:16 +0000 (10:11 +0200)]
fixed segmentation fault due to null pointer

10 years agodebug type is EAP_TLS
Andreas Steffen [Thu, 21 Apr 2011 19:04:11 +0000 (21:04 +0200)]
debug type is EAP_TLS

10 years agodo not include length field in non-fragmented EAP-PEAP packets
Andreas Steffen [Thu, 21 Apr 2011 17:50:36 +0000 (19:50 +0200)]
do not include length field in non-fragmented EAP-PEAP packets

10 years agoWin 7 accepts compressed EAP Identity request
Andreas Steffen [Thu, 21 Apr 2011 17:17:18 +0000 (19:17 +0200)]
Win 7 accepts compressed EAP Identity request

10 years agoadded level 3 debug output of forwarded EAP payloads
Andreas Steffen [Thu, 21 Apr 2011 11:24:26 +0000 (13:24 +0200)]
added level 3 debug output of forwarded EAP payloads

10 years agoResolve and connect to RADIUS servers not before required
Martin Willi [Thu, 21 Apr 2011 09:40:25 +0000 (11:40 +0200)]
Resolve and connect to RADIUS servers not before required

10 years agoRevert alloc_str changes
Martin Willi [Thu, 21 Apr 2011 11:21:26 +0000 (13:21 +0200)]
Revert alloc_str changes

This reverts commit fdead26ffe1da8501a6ff5e0639a6f44c723e763.
This reverts commit 3e2419ebe32de72d824864eb2e0e677a7c197af1.
This reverts commit 17ce69b47a1efd6234960cf7d1f50712aee61db5.

10 years agoIf key not found, strdup default value, too
Martin Willi [Thu, 21 Apr 2011 08:57:17 +0000 (10:57 +0200)]
If key not found, strdup default value, too

10 years agoUse thread save settings alloc_str function where appropriate
Martin Willi [Thu, 21 Apr 2011 08:48:16 +0000 (10:48 +0200)]
Use thread save settings alloc_str function where appropriate

10 years agoAdded a thread save, allocating settings get_str variant called alloc_str
Martin Willi [Thu, 21 Apr 2011 08:10:26 +0000 (10:10 +0200)]
Added a thread save, allocating settings get_str variant called alloc_str

10 years agoBe a little more liberal in checking maximum payload count
Martin Willi [Wed, 20 Apr 2011 13:15:00 +0000 (15:15 +0200)]
Be a little more liberal in checking maximum payload count

10 years agoAccept IKE_SA_INIT responses without CERTIFICATE_REQUESTs
Martin Willi [Wed, 20 Apr 2011 13:04:02 +0000 (15:04 +0200)]
Accept IKE_SA_INIT responses without CERTIFICATE_REQUESTs

10 years agoCast size_t len arguments to %.*s to int
Martin Willi [Wed, 20 Apr 2011 11:08:32 +0000 (13:08 +0200)]
Cast size_t len arguments to %.*s to int

10 years agoRemove superfluous test for peer_cfg on established IKE_SAs
Martin Willi [Wed, 20 Apr 2011 10:31:29 +0000 (12:31 +0200)]
Remove superfluous test for peer_cfg on established IKE_SAs

10 years agoAdded charon.replay window to strongswan.conf.5
Martin Willi [Tue, 19 Apr 2011 12:45:52 +0000 (14:45 +0200)]
Added charon.replay window to strongswan.conf.5

10 years agoUpdated ipsec.conf.5 with new ESN options
Martin Willi [Mon, 18 Apr 2011 14:11:40 +0000 (16:11 +0200)]
Updated ipsec.conf.5 with new ESN options

10 years agoAdd NEWS for ESN/custom replay window support
Martin Willi [Mon, 18 Apr 2011 14:00:38 +0000 (16:00 +0200)]
Add NEWS for ESN/custom replay window support

10 years agoSynchronize ESN support in HA plugin
Martin Willi [Mon, 18 Apr 2011 13:46:25 +0000 (15:46 +0200)]
Synchronize ESN support in HA plugin

10 years agoAdd NO_EXT_SEQ_NUMBER to proposal only if it has not been specified in string
Martin Willi [Mon, 18 Apr 2011 13:43:59 +0000 (15:43 +0200)]
Add NO_EXT_SEQ_NUMBER to proposal only if it has not been specified in string

10 years agoAdded proposal keywords for ESN support
Martin Willi [Mon, 18 Apr 2011 13:43:20 +0000 (15:43 +0200)]
Added proposal keywords for ESN support

10 years agoInstall ESN SAs if such a proposal has been negotiated
Martin Willi [Mon, 18 Apr 2011 13:41:23 +0000 (15:41 +0200)]
Install ESN SAs if such a proposal has been negotiated

10 years agoCopy ESN enabled replay state during update_sa, if supported
Martin Willi [Mon, 18 Apr 2011 15:57:59 +0000 (17:57 +0200)]
Copy ESN enabled replay state during update_sa, if supported

10 years agoAdd ESN support to kernel netlink plugin, including custom replay windows
Martin Willi [Mon, 18 Apr 2011 13:16:54 +0000 (15:16 +0200)]
Add ESN support to kernel netlink plugin, including custom replay windows

10 years agoAdded an esn parameter to the kernel interface add_sa functions
Martin Willi [Mon, 18 Apr 2011 13:16:23 +0000 (15:16 +0200)]
Added an esn parameter to the kernel interface add_sa functions

10 years agoUpdated copy of linux/xfrm.h to 2.6.39, featuring ESN support
Martin Willi [Mon, 18 Apr 2011 12:51:05 +0000 (14:51 +0200)]
Updated copy of linux/xfrm.h to 2.6.39, featuring ESN support

10 years agoUse strncpy when reading smartcard keyids from ipsec.secrets.
Tobias Brunner [Tue, 19 Apr 2011 16:00:16 +0000 (18:00 +0200)]
Use strncpy when reading smartcard keyids from ipsec.secrets.

10 years agopluto: Replaced some strcpy usages with strncpy.
Tobias Brunner [Tue, 19 Apr 2011 14:13:28 +0000 (16:13 +0200)]
pluto: Replaced some strcpy usages with strncpy.

10 years agoopenac: --out is a mandatory argument.
Tobias Brunner [Tue, 19 Apr 2011 15:26:19 +0000 (17:26 +0200)]
openac: --out is a mandatory argument.

10 years agoopenac: Fixed potential overflow while reading passphrase.
Tobias Brunner [Tue, 19 Apr 2011 11:34:18 +0000 (13:34 +0200)]
openac: Fixed potential overflow while reading passphrase.

10 years agoopenac: Make sure path is null-terminated.
Tobias Brunner [Tue, 19 Apr 2011 11:22:32 +0000 (13:22 +0200)]
openac: Make sure path is null-terminated.

10 years agopluto: Make sure connection name is null-terminated during DPD restart.
Tobias Brunner [Tue, 19 Apr 2011 11:20:35 +0000 (13:20 +0200)]
pluto: Make sure connection name is null-terminated during DPD restart.

10 years agostarter: Make sure interface name is null-terminated.
Tobias Brunner [Tue, 19 Apr 2011 11:18:42 +0000 (13:18 +0200)]
starter: Make sure interface name is null-terminated.

10 years agoUse proper return value for ietf_attr_t.compare.
Tobias Brunner [Tue, 19 Apr 2011 11:10:18 +0000 (13:10 +0200)]
Use proper return value for ietf_attr_t.compare.

10 years agoscepclient: Proper handling of multiple received certificates.
Tobias Brunner [Tue, 19 Apr 2011 11:06:25 +0000 (13:06 +0200)]
scepclient: Proper handling of multiple received certificates.

10 years agopool: Proper cleanup in error cases when adding addresses from a file.
Tobias Brunner [Tue, 19 Apr 2011 10:55:58 +0000 (12:55 +0200)]
pool: Proper cleanup in error cases when adding addresses from a file.

10 years agopool: Proper handling of address family when adding addresses.
Tobias Brunner [Tue, 19 Apr 2011 10:43:00 +0000 (12:43 +0200)]
pool: Proper handling of address family when adding addresses.

10 years agoAdded missing return in iterator_t.insert_before of linked_list_t.
Tobias Brunner [Tue, 19 Apr 2011 10:30:23 +0000 (12:30 +0200)]
Added missing return in iterator_t.insert_before of linked_list_t.

10 years agopluto: Clarified parsing of long durations.
Tobias Brunner [Tue, 19 Apr 2011 10:20:50 +0000 (12:20 +0200)]
pluto: Clarified parsing of long durations.

10 years agoClearly mark switch cases that fall through.
Tobias Brunner [Tue, 19 Apr 2011 10:07:48 +0000 (12:07 +0200)]
Clearly mark switch cases that fall through.

10 years agoAdded missing break statement.
Tobias Brunner [Tue, 19 Apr 2011 10:07:32 +0000 (12:07 +0200)]
Added missing break statement.

10 years agopluto: Avoid potential null-pointer dereference when checking CRLs.
Tobias Brunner [Mon, 18 Apr 2011 14:35:04 +0000 (16:35 +0200)]
pluto: Avoid potential null-pointer dereference when checking CRLs.

10 years agopluto: Added missing PF_KEY debug messages.
Tobias Brunner [Mon, 18 Apr 2011 14:26:11 +0000 (16:26 +0200)]
pluto: Added missing PF_KEY debug messages.

libfreeswan does not use the version of the PF_KEY header file provided
in src/include/linux so this list is not exactly up to date.

10 years agoProperly copy interface name if unknown.
Tobias Brunner [Mon, 18 Apr 2011 14:10:36 +0000 (16:10 +0200)]
Properly copy interface name if unknown.

We use a static string if the interface name is unknown, so using memcpy
with IFNAMSIZ is incorrect as that would overrun the static string.

10 years agopluto: from_state is strictly lower than STATE_IKE_ROOF.
Tobias Brunner [Mon, 18 Apr 2011 13:46:00 +0000 (15:46 +0200)]
pluto: from_state is strictly lower than STATE_IKE_ROOF.

10 years agoFixed typo in unit-tester plugin.
Tobias Brunner [Mon, 18 Apr 2011 13:21:10 +0000 (15:21 +0200)]
Fixed typo in unit-tester plugin.

10 years agosupport unstructuredAddress in left|rightid
Andreas Steffen [Mon, 18 Apr 2011 21:40:31 +0000 (23:40 +0200)]
support unstructuredAddress in left|rightid

10 years agosend an empty EAP Ack client message if TLS was successful and handle it on the server
Andreas Steffen [Fri, 15 Apr 2011 13:02:08 +0000 (15:02 +0200)]
send an empty EAP Ack client message if TLS was successful and handle it on the server

10 years agoWindows 7 expects an uncompressed EAP Identity request
Andreas Steffen [Fri, 15 Apr 2011 13:00:37 +0000 (15:00 +0200)]
Windows 7 expects an uncompressed EAP Identity request

10 years agoAdd plugin reloading NEWS
Martin Willi [Fri, 15 Apr 2011 11:05:02 +0000 (13:05 +0200)]
Add plugin reloading NEWS

10 years agoSet broadcast flag in DHCP requests when sending broadcasts
Martin Willi [Thu, 14 Apr 2011 14:01:47 +0000 (16:01 +0200)]
Set broadcast flag in DHCP requests when sending broadcasts

10 years agoAdd reload support to attr plugin
Martin Willi [Fri, 15 Apr 2011 07:48:17 +0000 (09:48 +0200)]
Add reload support to attr plugin

10 years agoMigrated attr plugin to INIT/METHOD macros
Martin Willi [Fri, 15 Apr 2011 07:28:27 +0000 (09:28 +0200)]
Migrated attr plugin to INIT/METHOD macros

10 years agoAdded reload support to eap-radius plugin
Martin Willi [Tue, 12 Apr 2011 09:36:03 +0000 (11:36 +0200)]
Added reload support to eap-radius plugin

10 years agoReload strongswan.conf and plugins supporting reloading on SIGHUP
Martin Willi [Tue, 12 Apr 2011 09:20:25 +0000 (11:20 +0200)]
Reload strongswan.conf and plugins supporting reloading on SIGHUP

10 years agoAccept NULL files in load_files[_section] as we do in constructor
Martin Willi [Tue, 12 Apr 2011 09:15:54 +0000 (11:15 +0200)]
Accept NULL files in load_files[_section] as we do in constructor

10 years agoAdded a merge option to optionally reload files instead of merging them
Martin Willi [Tue, 12 Apr 2011 09:13:08 +0000 (11:13 +0200)]
Added a merge option to optionally reload files instead of merging them

10 years agoAdded plugin_loader method to reload plugin configurations
Martin Willi [Mon, 11 Apr 2011 17:40:30 +0000 (19:40 +0200)]
Added plugin_loader method to reload plugin configurations

10 years agoAdded a (not yet implemented) plugin_t method to reload plugin configuration
Martin Willi [Mon, 11 Apr 2011 17:12:45 +0000 (19:12 +0200)]
Added a (not yet implemented) plugin_t method to reload plugin configuration

10 years agoAdded a get_name() function to plugin_t, create_plugin_enumerator enumerates over...
Martin Willi [Mon, 11 Apr 2011 16:54:18 +0000 (18:54 +0200)]
Added a get_name() function to plugin_t, create_plugin_enumerator enumerates over plugin_t

10 years agoMigrated remaining plugin_t implementations to INIT/METHOD macros
Martin Willi [Mon, 11 Apr 2011 14:41:25 +0000 (16:41 +0200)]
Migrated remaining plugin_t implementations to INIT/METHOD macros

10 years agoMigrated plugin_loader to INIT/METHOD macros
Martin Willi [Mon, 11 Apr 2011 14:25:58 +0000 (16:25 +0200)]
Migrated plugin_loader to INIT/METHOD macros

10 years agoContinue without client authentication if no matching certificate found
Martin Willi [Thu, 14 Apr 2011 18:00:54 +0000 (20:00 +0200)]
Continue without client authentication if no matching certificate found

10 years agoIgnore TLS certificate requests as peer if peer authentication disabled
Martin Willi [Thu, 14 Apr 2011 17:54:02 +0000 (19:54 +0200)]
Ignore TLS certificate requests as peer if peer authentication disabled

10 years agoSend TLS Server Name Indication as peer if server identity is a FQDN
Martin Willi [Thu, 14 Apr 2011 17:42:32 +0000 (19:42 +0200)]
Send TLS Server Name Indication as peer if server identity is a FQDN

10 years agoFix tls_writer wrap functions
Martin Willi [Thu, 14 Apr 2011 17:41:57 +0000 (19:41 +0200)]
Fix tls_writer wrap functions

10 years agopluto: Fixed check for NAT-T keepalives.
Tobias Brunner [Thu, 14 Apr 2011 16:06:38 +0000 (18:06 +0200)]
pluto: Fixed check for NAT-T keepalives.

10 years agopluto: Properly initialize constants.
Tobias Brunner [Thu, 14 Apr 2011 15:59:53 +0000 (17:59 +0200)]
pluto: Properly initialize constants.

10 years agopluto: Avoid hiding outer parameter.
Tobias Brunner [Thu, 14 Apr 2011 15:48:07 +0000 (17:48 +0200)]
pluto: Avoid hiding outer parameter.

10 years agopluto: Use %zu to print values of type size_t.
Tobias Brunner [Thu, 14 Apr 2011 15:30:07 +0000 (17:30 +0200)]
pluto: Use %zu to print values of type size_t.

10 years agoUse %tx to print a value of type ptrdiff_t.
Tobias Brunner [Thu, 14 Apr 2011 15:28:08 +0000 (17:28 +0200)]
Use %tx to print a value of type ptrdiff_t.

10 years agoRemoved superfluous parameter to printf.
Tobias Brunner [Thu, 14 Apr 2011 15:25:25 +0000 (17:25 +0200)]
Removed superfluous parameter to printf.

10 years agoProper cleanup if IDs in ipsec.secrets cannot be parsed.
Tobias Brunner [Thu, 14 Apr 2011 13:38:43 +0000 (15:38 +0200)]
Proper cleanup if IDs in ipsec.secrets cannot be parsed.

10 years agoFixed potential memory leak in host_create_any.
Tobias Brunner [Thu, 14 Apr 2011 13:32:51 +0000 (15:32 +0200)]
Fixed potential memory leak in host_create_any.

10 years agopluto: Fixed potential memory leak in atoaddr.
Tobias Brunner [Thu, 14 Apr 2011 13:30:47 +0000 (15:30 +0200)]
pluto: Fixed potential memory leak in atoaddr.

10 years agoFixed potential memory leak when processing routes from the kernel.
Tobias Brunner [Thu, 14 Apr 2011 13:14:55 +0000 (15:14 +0200)]
Fixed potential memory leak when processing routes from the kernel.

10 years agoDo proper cleanup in error case in pki req.
Tobias Brunner [Thu, 14 Apr 2011 13:11:20 +0000 (15:11 +0200)]
Do proper cleanup in error case in pki req.

10 years agoDo proper cleanup in some error cases in pki signcrl.
Tobias Brunner [Thu, 14 Apr 2011 13:09:30 +0000 (15:09 +0200)]
Do proper cleanup in some error cases in pki signcrl.

10 years agopluto: Fixed potential memory leak when processing requested virtual IPs.
Tobias Brunner [Thu, 14 Apr 2011 13:01:18 +0000 (15:01 +0200)]
pluto: Fixed potential memory leak when processing requested virtual IPs.

10 years agopluto: Properly free buffer in error cases in read_packet.
Tobias Brunner [Thu, 14 Apr 2011 12:36:40 +0000 (14:36 +0200)]
pluto: Properly free buffer in error cases in read_packet.

10 years agoNeither rekey nor del can be NULL.
Tobias Brunner [Thu, 14 Apr 2011 11:19:09 +0000 (13:19 +0200)]
Neither rekey nor del can be NULL.

10 years agoIn scanf the maxmium length of %s does not include the null-terminator.
Tobias Brunner [Thu, 14 Apr 2011 09:26:25 +0000 (11:26 +0200)]
In scanf the maxmium length of %s does not include the null-terminator.

10 years agostarter_conn_t.id is an unsigned long.
Tobias Brunner [Thu, 14 Apr 2011 09:25:31 +0000 (11:25 +0200)]
starter_conn_t.id is an unsigned long.

10 years agoFix compiler warnings at creation of CRL cache filenames.
Tobias Brunner [Thu, 14 Apr 2011 08:44:19 +0000 (10:44 +0200)]
Fix compiler warnings at creation of CRL cache filenames.

This was not really a problem because ptr is the first member of a chunk_t
and it contains a null-terminated string at that point.  But it's clearer
this way.

10 years agoFixed output in ietf_attributes_t.get_string.
Tobias Brunner [Thu, 14 Apr 2011 08:24:46 +0000 (10:24 +0200)]
Fixed output in ietf_attributes_t.get_string.

10 years agoFix "set nexthop to him when instantiating rightallowyes template with leftnexthop...
Tobias Brunner [Thu, 14 Apr 2011 07:31:26 +0000 (09:31 +0200)]
Fix "set nexthop to him when instantiating rightallowyes template with leftnexthop == right"

This fixes commit 280f6b1ab2.

10 years agoadded TLS renegotiation_info extension
Andreas Steffen [Thu, 14 Apr 2011 14:54:34 +0000 (16:54 +0200)]
added TLS renegotiation_info extension

10 years agoShow full blown traffic selector in log_ts hook
Martin Willi [Thu, 14 Apr 2011 07:12:08 +0000 (09:12 +0200)]
Show full blown traffic selector in log_ts hook

10 years agoFixed check for member of stroke_msg_t in pop_string.
Tobias Brunner [Wed, 13 Apr 2011 16:18:03 +0000 (18:18 +0200)]
Fixed check for member of stroke_msg_t in pop_string.

Because of the cast to char** the length of the message was multiplied
by sizeof(char*), i.e. 4 or 8 bytes (depending on the architecture) instead
of by 1 (sizeof(char)).

10 years agopluto: Properly initialize a.continuation.
Tobias Brunner [Tue, 12 Apr 2011 15:39:11 +0000 (17:39 +0200)]
pluto: Properly initialize a.continuation.

10 years agopluto: Properly initialize ta.encrypter.
Tobias Brunner [Tue, 12 Apr 2011 15:22:50 +0000 (17:22 +0200)]
pluto: Properly initialize ta.encrypter.

10 years agopluto: Fixed off by one error when reading private keys.
Tobias Brunner [Tue, 12 Apr 2011 13:54:29 +0000 (15:54 +0200)]
pluto: Fixed off by one error when reading private keys.

10 years agoRemoved unused variables.
Tobias Brunner [Tue, 12 Apr 2011 12:28:18 +0000 (14:28 +0200)]
Removed unused variables.

10 years agoFix compiler warning after fetcher_t.fetch signature change
Martin Willi [Mon, 11 Apr 2011 16:56:08 +0000 (18:56 +0200)]
Fix compiler warning after fetcher_t.fetch signature change

10 years agoversion bump to 4.5.2dr5
Andreas Steffen [Mon, 11 Apr 2011 04:24:31 +0000 (06:24 +0200)]
version bump to 4.5.2dr5

10 years agoupdated NEWS
Andreas Steffen [Mon, 11 Apr 2011 04:23:52 +0000 (06:23 +0200)]
updated NEWS

10 years agoUse an IV size of zero for DES in ECB mode
Martin Willi [Fri, 8 Apr 2011 12:55:46 +0000 (14:55 +0200)]
Use an IV size of zero for DES in ECB mode

10 years agoFixed debug statement if algorithm benchmarking enabled
Martin Willi [Fri, 8 Apr 2011 12:55:10 +0000 (14:55 +0200)]
Fixed debug statement if algorithm benchmarking enabled

10 years agowith the 2.6.38 kernel alice is preferred for handling the IKE connections
Andreas Steffen [Fri, 8 Apr 2011 05:50:05 +0000 (07:50 +0200)]
with the 2.6.38 kernel alice is preferred for handling the IKE connections

10 years agofixed bit mask
Duncan Salerno [Thu, 7 Apr 2011 19:41:41 +0000 (21:41 +0200)]
fixed bit mask

10 years agoadded EAP-PEAP options to strongswan.conf
Andreas Steffen [Wed, 6 Apr 2011 18:08:56 +0000 (20:08 +0200)]
added EAP-PEAP options to strongswan.conf