strongswan.git
9 years agoCast size_t len arguments to %.*s to int
Martin Willi [Wed, 20 Apr 2011 11:08:32 +0000 (13:08 +0200)]
Cast size_t len arguments to %.*s to int

9 years agoRemove superfluous test for peer_cfg on established IKE_SAs
Martin Willi [Wed, 20 Apr 2011 10:31:29 +0000 (12:31 +0200)]
Remove superfluous test for peer_cfg on established IKE_SAs

9 years agoAdded charon.replay window to strongswan.conf.5
Martin Willi [Tue, 19 Apr 2011 12:45:52 +0000 (14:45 +0200)]
Added charon.replay window to strongswan.conf.5

9 years agoUpdated ipsec.conf.5 with new ESN options
Martin Willi [Mon, 18 Apr 2011 14:11:40 +0000 (16:11 +0200)]
Updated ipsec.conf.5 with new ESN options

9 years agoAdd NEWS for ESN/custom replay window support
Martin Willi [Mon, 18 Apr 2011 14:00:38 +0000 (16:00 +0200)]
Add NEWS for ESN/custom replay window support

9 years agoSynchronize ESN support in HA plugin
Martin Willi [Mon, 18 Apr 2011 13:46:25 +0000 (15:46 +0200)]
Synchronize ESN support in HA plugin

9 years agoAdd NO_EXT_SEQ_NUMBER to proposal only if it has not been specified in string
Martin Willi [Mon, 18 Apr 2011 13:43:59 +0000 (15:43 +0200)]
Add NO_EXT_SEQ_NUMBER to proposal only if it has not been specified in string

9 years agoAdded proposal keywords for ESN support
Martin Willi [Mon, 18 Apr 2011 13:43:20 +0000 (15:43 +0200)]
Added proposal keywords for ESN support

9 years agoInstall ESN SAs if such a proposal has been negotiated
Martin Willi [Mon, 18 Apr 2011 13:41:23 +0000 (15:41 +0200)]
Install ESN SAs if such a proposal has been negotiated

9 years agoCopy ESN enabled replay state during update_sa, if supported
Martin Willi [Mon, 18 Apr 2011 15:57:59 +0000 (17:57 +0200)]
Copy ESN enabled replay state during update_sa, if supported

9 years agoAdd ESN support to kernel netlink plugin, including custom replay windows
Martin Willi [Mon, 18 Apr 2011 13:16:54 +0000 (15:16 +0200)]
Add ESN support to kernel netlink plugin, including custom replay windows

9 years agoAdded an esn parameter to the kernel interface add_sa functions
Martin Willi [Mon, 18 Apr 2011 13:16:23 +0000 (15:16 +0200)]
Added an esn parameter to the kernel interface add_sa functions

9 years agoUpdated copy of linux/xfrm.h to 2.6.39, featuring ESN support
Martin Willi [Mon, 18 Apr 2011 12:51:05 +0000 (14:51 +0200)]
Updated copy of linux/xfrm.h to 2.6.39, featuring ESN support

9 years agoUse strncpy when reading smartcard keyids from ipsec.secrets.
Tobias Brunner [Tue, 19 Apr 2011 16:00:16 +0000 (18:00 +0200)]
Use strncpy when reading smartcard keyids from ipsec.secrets.

9 years agopluto: Replaced some strcpy usages with strncpy.
Tobias Brunner [Tue, 19 Apr 2011 14:13:28 +0000 (16:13 +0200)]
pluto: Replaced some strcpy usages with strncpy.

9 years agoopenac: --out is a mandatory argument.
Tobias Brunner [Tue, 19 Apr 2011 15:26:19 +0000 (17:26 +0200)]
openac: --out is a mandatory argument.

9 years agoopenac: Fixed potential overflow while reading passphrase.
Tobias Brunner [Tue, 19 Apr 2011 11:34:18 +0000 (13:34 +0200)]
openac: Fixed potential overflow while reading passphrase.

9 years agoopenac: Make sure path is null-terminated.
Tobias Brunner [Tue, 19 Apr 2011 11:22:32 +0000 (13:22 +0200)]
openac: Make sure path is null-terminated.

9 years agopluto: Make sure connection name is null-terminated during DPD restart.
Tobias Brunner [Tue, 19 Apr 2011 11:20:35 +0000 (13:20 +0200)]
pluto: Make sure connection name is null-terminated during DPD restart.

9 years agostarter: Make sure interface name is null-terminated.
Tobias Brunner [Tue, 19 Apr 2011 11:18:42 +0000 (13:18 +0200)]
starter: Make sure interface name is null-terminated.

9 years agoUse proper return value for ietf_attr_t.compare.
Tobias Brunner [Tue, 19 Apr 2011 11:10:18 +0000 (13:10 +0200)]
Use proper return value for ietf_attr_t.compare.

9 years agoscepclient: Proper handling of multiple received certificates.
Tobias Brunner [Tue, 19 Apr 2011 11:06:25 +0000 (13:06 +0200)]
scepclient: Proper handling of multiple received certificates.

9 years agopool: Proper cleanup in error cases when adding addresses from a file.
Tobias Brunner [Tue, 19 Apr 2011 10:55:58 +0000 (12:55 +0200)]
pool: Proper cleanup in error cases when adding addresses from a file.

9 years agopool: Proper handling of address family when adding addresses.
Tobias Brunner [Tue, 19 Apr 2011 10:43:00 +0000 (12:43 +0200)]
pool: Proper handling of address family when adding addresses.

9 years agoAdded missing return in iterator_t.insert_before of linked_list_t.
Tobias Brunner [Tue, 19 Apr 2011 10:30:23 +0000 (12:30 +0200)]
Added missing return in iterator_t.insert_before of linked_list_t.

9 years agopluto: Clarified parsing of long durations.
Tobias Brunner [Tue, 19 Apr 2011 10:20:50 +0000 (12:20 +0200)]
pluto: Clarified parsing of long durations.

9 years agoClearly mark switch cases that fall through.
Tobias Brunner [Tue, 19 Apr 2011 10:07:48 +0000 (12:07 +0200)]
Clearly mark switch cases that fall through.

9 years agoAdded missing break statement.
Tobias Brunner [Tue, 19 Apr 2011 10:07:32 +0000 (12:07 +0200)]
Added missing break statement.

9 years agopluto: Avoid potential null-pointer dereference when checking CRLs.
Tobias Brunner [Mon, 18 Apr 2011 14:35:04 +0000 (16:35 +0200)]
pluto: Avoid potential null-pointer dereference when checking CRLs.

9 years agopluto: Added missing PF_KEY debug messages.
Tobias Brunner [Mon, 18 Apr 2011 14:26:11 +0000 (16:26 +0200)]
pluto: Added missing PF_KEY debug messages.

libfreeswan does not use the version of the PF_KEY header file provided
in src/include/linux so this list is not exactly up to date.

9 years agoProperly copy interface name if unknown.
Tobias Brunner [Mon, 18 Apr 2011 14:10:36 +0000 (16:10 +0200)]
Properly copy interface name if unknown.

We use a static string if the interface name is unknown, so using memcpy
with IFNAMSIZ is incorrect as that would overrun the static string.

9 years agopluto: from_state is strictly lower than STATE_IKE_ROOF.
Tobias Brunner [Mon, 18 Apr 2011 13:46:00 +0000 (15:46 +0200)]
pluto: from_state is strictly lower than STATE_IKE_ROOF.

9 years agoFixed typo in unit-tester plugin.
Tobias Brunner [Mon, 18 Apr 2011 13:21:10 +0000 (15:21 +0200)]
Fixed typo in unit-tester plugin.

9 years agosupport unstructuredAddress in left|rightid
Andreas Steffen [Mon, 18 Apr 2011 21:40:31 +0000 (23:40 +0200)]
support unstructuredAddress in left|rightid

9 years agosend an empty EAP Ack client message if TLS was successful and handle it on the server
Andreas Steffen [Fri, 15 Apr 2011 13:02:08 +0000 (15:02 +0200)]
send an empty EAP Ack client message if TLS was successful and handle it on the server

9 years agoWindows 7 expects an uncompressed EAP Identity request
Andreas Steffen [Fri, 15 Apr 2011 13:00:37 +0000 (15:00 +0200)]
Windows 7 expects an uncompressed EAP Identity request

9 years agoAdd plugin reloading NEWS
Martin Willi [Fri, 15 Apr 2011 11:05:02 +0000 (13:05 +0200)]
Add plugin reloading NEWS

9 years agoSet broadcast flag in DHCP requests when sending broadcasts
Martin Willi [Thu, 14 Apr 2011 14:01:47 +0000 (16:01 +0200)]
Set broadcast flag in DHCP requests when sending broadcasts

9 years agoAdd reload support to attr plugin
Martin Willi [Fri, 15 Apr 2011 07:48:17 +0000 (09:48 +0200)]
Add reload support to attr plugin

9 years agoMigrated attr plugin to INIT/METHOD macros
Martin Willi [Fri, 15 Apr 2011 07:28:27 +0000 (09:28 +0200)]
Migrated attr plugin to INIT/METHOD macros

9 years agoAdded reload support to eap-radius plugin
Martin Willi [Tue, 12 Apr 2011 09:36:03 +0000 (11:36 +0200)]
Added reload support to eap-radius plugin

9 years agoReload strongswan.conf and plugins supporting reloading on SIGHUP
Martin Willi [Tue, 12 Apr 2011 09:20:25 +0000 (11:20 +0200)]
Reload strongswan.conf and plugins supporting reloading on SIGHUP

9 years agoAccept NULL files in load_files[_section] as we do in constructor
Martin Willi [Tue, 12 Apr 2011 09:15:54 +0000 (11:15 +0200)]
Accept NULL files in load_files[_section] as we do in constructor

9 years agoAdded a merge option to optionally reload files instead of merging them
Martin Willi [Tue, 12 Apr 2011 09:13:08 +0000 (11:13 +0200)]
Added a merge option to optionally reload files instead of merging them

9 years agoAdded plugin_loader method to reload plugin configurations
Martin Willi [Mon, 11 Apr 2011 17:40:30 +0000 (19:40 +0200)]
Added plugin_loader method to reload plugin configurations

9 years agoAdded a (not yet implemented) plugin_t method to reload plugin configuration
Martin Willi [Mon, 11 Apr 2011 17:12:45 +0000 (19:12 +0200)]
Added a (not yet implemented) plugin_t method to reload plugin configuration

9 years agoAdded a get_name() function to plugin_t, create_plugin_enumerator enumerates over...
Martin Willi [Mon, 11 Apr 2011 16:54:18 +0000 (18:54 +0200)]
Added a get_name() function to plugin_t, create_plugin_enumerator enumerates over plugin_t

9 years agoMigrated remaining plugin_t implementations to INIT/METHOD macros
Martin Willi [Mon, 11 Apr 2011 14:41:25 +0000 (16:41 +0200)]
Migrated remaining plugin_t implementations to INIT/METHOD macros

9 years agoMigrated plugin_loader to INIT/METHOD macros
Martin Willi [Mon, 11 Apr 2011 14:25:58 +0000 (16:25 +0200)]
Migrated plugin_loader to INIT/METHOD macros

9 years agoContinue without client authentication if no matching certificate found
Martin Willi [Thu, 14 Apr 2011 18:00:54 +0000 (20:00 +0200)]
Continue without client authentication if no matching certificate found

9 years agoIgnore TLS certificate requests as peer if peer authentication disabled
Martin Willi [Thu, 14 Apr 2011 17:54:02 +0000 (19:54 +0200)]
Ignore TLS certificate requests as peer if peer authentication disabled

9 years agoSend TLS Server Name Indication as peer if server identity is a FQDN
Martin Willi [Thu, 14 Apr 2011 17:42:32 +0000 (19:42 +0200)]
Send TLS Server Name Indication as peer if server identity is a FQDN

9 years agoFix tls_writer wrap functions
Martin Willi [Thu, 14 Apr 2011 17:41:57 +0000 (19:41 +0200)]
Fix tls_writer wrap functions

9 years agopluto: Fixed check for NAT-T keepalives.
Tobias Brunner [Thu, 14 Apr 2011 16:06:38 +0000 (18:06 +0200)]
pluto: Fixed check for NAT-T keepalives.

9 years agopluto: Properly initialize constants.
Tobias Brunner [Thu, 14 Apr 2011 15:59:53 +0000 (17:59 +0200)]
pluto: Properly initialize constants.

9 years agopluto: Avoid hiding outer parameter.
Tobias Brunner [Thu, 14 Apr 2011 15:48:07 +0000 (17:48 +0200)]
pluto: Avoid hiding outer parameter.

9 years agopluto: Use %zu to print values of type size_t.
Tobias Brunner [Thu, 14 Apr 2011 15:30:07 +0000 (17:30 +0200)]
pluto: Use %zu to print values of type size_t.

9 years agoUse %tx to print a value of type ptrdiff_t.
Tobias Brunner [Thu, 14 Apr 2011 15:28:08 +0000 (17:28 +0200)]
Use %tx to print a value of type ptrdiff_t.

9 years agoRemoved superfluous parameter to printf.
Tobias Brunner [Thu, 14 Apr 2011 15:25:25 +0000 (17:25 +0200)]
Removed superfluous parameter to printf.

9 years agoProper cleanup if IDs in ipsec.secrets cannot be parsed.
Tobias Brunner [Thu, 14 Apr 2011 13:38:43 +0000 (15:38 +0200)]
Proper cleanup if IDs in ipsec.secrets cannot be parsed.

9 years agoFixed potential memory leak in host_create_any.
Tobias Brunner [Thu, 14 Apr 2011 13:32:51 +0000 (15:32 +0200)]
Fixed potential memory leak in host_create_any.

9 years agopluto: Fixed potential memory leak in atoaddr.
Tobias Brunner [Thu, 14 Apr 2011 13:30:47 +0000 (15:30 +0200)]
pluto: Fixed potential memory leak in atoaddr.

9 years agoFixed potential memory leak when processing routes from the kernel.
Tobias Brunner [Thu, 14 Apr 2011 13:14:55 +0000 (15:14 +0200)]
Fixed potential memory leak when processing routes from the kernel.

9 years agoDo proper cleanup in error case in pki req.
Tobias Brunner [Thu, 14 Apr 2011 13:11:20 +0000 (15:11 +0200)]
Do proper cleanup in error case in pki req.

9 years agoDo proper cleanup in some error cases in pki signcrl.
Tobias Brunner [Thu, 14 Apr 2011 13:09:30 +0000 (15:09 +0200)]
Do proper cleanup in some error cases in pki signcrl.

9 years agopluto: Fixed potential memory leak when processing requested virtual IPs.
Tobias Brunner [Thu, 14 Apr 2011 13:01:18 +0000 (15:01 +0200)]
pluto: Fixed potential memory leak when processing requested virtual IPs.

9 years agopluto: Properly free buffer in error cases in read_packet.
Tobias Brunner [Thu, 14 Apr 2011 12:36:40 +0000 (14:36 +0200)]
pluto: Properly free buffer in error cases in read_packet.

9 years agoNeither rekey nor del can be NULL.
Tobias Brunner [Thu, 14 Apr 2011 11:19:09 +0000 (13:19 +0200)]
Neither rekey nor del can be NULL.

9 years agoIn scanf the maxmium length of %s does not include the null-terminator.
Tobias Brunner [Thu, 14 Apr 2011 09:26:25 +0000 (11:26 +0200)]
In scanf the maxmium length of %s does not include the null-terminator.

9 years agostarter_conn_t.id is an unsigned long.
Tobias Brunner [Thu, 14 Apr 2011 09:25:31 +0000 (11:25 +0200)]
starter_conn_t.id is an unsigned long.

9 years agoFix compiler warnings at creation of CRL cache filenames.
Tobias Brunner [Thu, 14 Apr 2011 08:44:19 +0000 (10:44 +0200)]
Fix compiler warnings at creation of CRL cache filenames.

This was not really a problem because ptr is the first member of a chunk_t
and it contains a null-terminated string at that point.  But it's clearer
this way.

9 years agoFixed output in ietf_attributes_t.get_string.
Tobias Brunner [Thu, 14 Apr 2011 08:24:46 +0000 (10:24 +0200)]
Fixed output in ietf_attributes_t.get_string.

9 years agoFix "set nexthop to him when instantiating rightallowyes template with leftnexthop...
Tobias Brunner [Thu, 14 Apr 2011 07:31:26 +0000 (09:31 +0200)]
Fix "set nexthop to him when instantiating rightallowyes template with leftnexthop == right"

This fixes commit 280f6b1ab2.

9 years agoadded TLS renegotiation_info extension
Andreas Steffen [Thu, 14 Apr 2011 14:54:34 +0000 (16:54 +0200)]
added TLS renegotiation_info extension

9 years agoShow full blown traffic selector in log_ts hook
Martin Willi [Thu, 14 Apr 2011 07:12:08 +0000 (09:12 +0200)]
Show full blown traffic selector in log_ts hook

9 years agoFixed check for member of stroke_msg_t in pop_string.
Tobias Brunner [Wed, 13 Apr 2011 16:18:03 +0000 (18:18 +0200)]
Fixed check for member of stroke_msg_t in pop_string.

Because of the cast to char** the length of the message was multiplied
by sizeof(char*), i.e. 4 or 8 bytes (depending on the architecture) instead
of by 1 (sizeof(char)).

9 years agopluto: Properly initialize a.continuation.
Tobias Brunner [Tue, 12 Apr 2011 15:39:11 +0000 (17:39 +0200)]
pluto: Properly initialize a.continuation.

9 years agopluto: Properly initialize ta.encrypter.
Tobias Brunner [Tue, 12 Apr 2011 15:22:50 +0000 (17:22 +0200)]
pluto: Properly initialize ta.encrypter.

9 years agopluto: Fixed off by one error when reading private keys.
Tobias Brunner [Tue, 12 Apr 2011 13:54:29 +0000 (15:54 +0200)]
pluto: Fixed off by one error when reading private keys.

9 years agoRemoved unused variables.
Tobias Brunner [Tue, 12 Apr 2011 12:28:18 +0000 (14:28 +0200)]
Removed unused variables.

9 years agoFix compiler warning after fetcher_t.fetch signature change
Martin Willi [Mon, 11 Apr 2011 16:56:08 +0000 (18:56 +0200)]
Fix compiler warning after fetcher_t.fetch signature change

9 years agoversion bump to 4.5.2dr5
Andreas Steffen [Mon, 11 Apr 2011 04:24:31 +0000 (06:24 +0200)]
version bump to 4.5.2dr5

9 years agoupdated NEWS
Andreas Steffen [Mon, 11 Apr 2011 04:23:52 +0000 (06:23 +0200)]
updated NEWS

9 years agoUse an IV size of zero for DES in ECB mode
Martin Willi [Fri, 8 Apr 2011 12:55:46 +0000 (14:55 +0200)]
Use an IV size of zero for DES in ECB mode

9 years agoFixed debug statement if algorithm benchmarking enabled
Martin Willi [Fri, 8 Apr 2011 12:55:10 +0000 (14:55 +0200)]
Fixed debug statement if algorithm benchmarking enabled

9 years agowith the 2.6.38 kernel alice is preferred for handling the IKE connections
Andreas Steffen [Fri, 8 Apr 2011 05:50:05 +0000 (07:50 +0200)]
with the 2.6.38 kernel alice is preferred for handling the IKE connections

9 years agofixed bit mask
Duncan Salerno [Thu, 7 Apr 2011 19:41:41 +0000 (21:41 +0200)]
fixed bit mask

9 years agoadded EAP-PEAP options to strongswan.conf
Andreas Steffen [Wed, 6 Apr 2011 18:08:56 +0000 (20:08 +0200)]
added EAP-PEAP options to strongswan.conf

9 years agodefine MSCHAPv2 as default phase2 algorithm for EAP-PEAP
Andreas Steffen [Wed, 6 Apr 2011 18:07:59 +0000 (20:07 +0200)]
define MSCHAPv2 as default phase2 algorithm for EAP-PEAP

9 years agoadded ikev2/rw-eap-peap-mschapv2 scenario
Andreas Steffen [Wed, 6 Apr 2011 17:44:58 +0000 (19:44 +0200)]
added ikev2/rw-eap-peap-mschapv2 scenario

9 years agoadded ikev2/rw-eap-peap-md5 scenario
Andreas Steffen [Wed, 6 Apr 2011 17:44:30 +0000 (19:44 +0200)]
added ikev2/rw-eap-peap-md5 scenario

9 years agoadded ikev2/rw-eap-peap-radius scenario
Andreas Steffen [Wed, 6 Apr 2011 17:42:52 +0000 (19:42 +0200)]
added ikev2/rw-eap-peap-radius scenario

9 years agoallow multi-pass authentication schemes as e.g. MSCHAPv2
Andreas Steffen [Wed, 6 Apr 2011 17:39:00 +0000 (19:39 +0200)]
allow multi-pass authentication schemes as e.g. MSCHAPv2

9 years agodisplay EAP identifiers in HEX format
Andreas Steffen [Wed, 6 Apr 2011 15:34:27 +0000 (17:34 +0200)]
display EAP identifiers in HEX format

9 years agono EAP identifier offset required in build() function
Andreas Steffen [Wed, 6 Apr 2011 15:33:01 +0000 (17:33 +0200)]
no EAP identifier offset required in build() function

9 years agoadded missing function pointers in eap_identity_create_server()
Andreas Steffen [Wed, 6 Apr 2011 13:47:49 +0000 (15:47 +0200)]
added missing function pointers in eap_identity_create_server()

9 years agoimplemented the PEAP tunneling protocol as an EAP plugin
Andreas Steffen [Wed, 6 Apr 2011 12:42:02 +0000 (14:42 +0200)]
implemented the PEAP tunneling protocol as an EAP plugin

9 years agoadded get|set_identifier() methods to eap_tnc_t
Andreas Steffen [Wed, 6 Apr 2011 05:50:42 +0000 (07:50 +0200)]
added get|set_identifier() methods to eap_tnc_t

9 years agoadded EAP identifier to debug output
Andreas Steffen [Tue, 5 Apr 2011 18:53:46 +0000 (20:53 +0200)]
added EAP identifier to debug output

9 years agoadded get|set_identifier() methods to eap_tls_t and eap_ttls_t
Andreas Steffen [Tue, 5 Apr 2011 16:35:22 +0000 (18:35 +0200)]
added get|set_identifier() methods to eap_tls_t and eap_ttls_t