strongswan.git
8 years agofixed mapping of IKEv1 algorithms
Andreas Steffen [Sat, 5 May 2012 21:25:34 +0000 (23:25 +0200)]
fixed mapping of IKEv1 algorithms

8 years agovendor ID cosmetics
Andreas Steffen [Sat, 5 May 2012 16:13:05 +0000 (18:13 +0200)]
vendor ID cosmetics

8 years agoinserted space
Andreas Steffen [Sat, 5 May 2012 13:51:24 +0000 (15:51 +0200)]
inserted space

8 years agoupgraded pfkey scenarios to 5.0.0
Andreas Steffen [Sat, 5 May 2012 09:55:48 +0000 (11:55 +0200)]
upgraded pfkey scenarios to 5.0.0

8 years agomissing references to daemon.h
Andreas Steffen [Sat, 5 May 2012 09:36:38 +0000 (11:36 +0200)]
missing references to daemon.h

8 years agoremoved leftover ipsec.conf parameters
Andreas Steffen [Sat, 5 May 2012 07:20:42 +0000 (09:20 +0200)]
removed leftover ipsec.conf parameters

8 years agoupgraded sql scenarios to 5.0.0
Andreas Steffen [Sat, 5 May 2012 07:16:15 +0000 (09:16 +0200)]
upgraded sql scenarios to 5.0.0

8 years agofixed feature dependencies for CERT_TRUSTED_PUBKEY
Andreas Steffen [Sat, 5 May 2012 06:54:36 +0000 (08:54 +0200)]
fixed feature dependencies for CERT_TRUSTED_PUBKEY

8 years agoupgrade p2pnat scenarios to 5.0.0
Andreas Steffen [Fri, 4 May 2012 12:56:09 +0000 (14:56 +0200)]
upgrade p2pnat scenarios to 5.0.0

8 years agoupdated af-alg scenarios to 5.0.0
Andreas Steffen [Fri, 4 May 2012 10:15:30 +0000 (12:15 +0200)]
updated af-alg scenarios to 5.0.0

8 years agoadded openssl-ikev1 pluto interoperability tests
Andreas Steffen [Fri, 4 May 2012 10:12:39 +0000 (12:12 +0200)]
added openssl-ikev1 pluto interoperability tests

8 years agodeleted unneeded openssl-ikev1 files
Andreas Steffen [Fri, 4 May 2012 10:11:57 +0000 (12:11 +0200)]
deleted unneeded openssl-ikev1 files

8 years agoupgraded openssl-ikev1 scenarios to 5.0.0
Andreas Steffen [Fri, 4 May 2012 10:06:45 +0000 (12:06 +0200)]
upgraded openssl-ikev1 scenarios to 5.0.0

8 years agoupgraded openssl-ikev2 scenarios to 5.0.0
Andreas Steffen [Fri, 4 May 2012 10:03:05 +0000 (12:03 +0200)]
upgraded openssl-ikev2 scenarios to 5.0.0

8 years agoupgraded tnc scenarios to 5.0.0
Andreas Steffen [Fri, 4 May 2012 09:57:31 +0000 (11:57 +0200)]
upgraded tnc scenarios to 5.0.0

8 years agocharon is now an IKE daemon
Andreas Steffen [Thu, 3 May 2012 18:48:01 +0000 (20:48 +0200)]
charon is now an IKE daemon

8 years agoIt seems charon-nm has to be linked against libnm-util.
Tobias Brunner [Thu, 3 May 2012 13:16:08 +0000 (15:16 +0200)]
It seems charon-nm has to be linked against libnm-util.

That's at least the case for NetworkManager 0.9.4 in Ubuntu 12.04.

8 years agoUse proper getter for settings in sender and receiver.
Tobias Brunner [Tue, 24 Apr 2012 13:06:31 +0000 (15:06 +0200)]
Use proper getter for settings in sender and receiver.

8 years agoUse name from initialization to access settings in libcharon.
Tobias Brunner [Tue, 24 Apr 2012 12:10:06 +0000 (14:10 +0200)]
Use name from initialization to access settings in libcharon.

Also fixes several whitespace errors.

8 years agoStore the name of the binary using libcharon to enable specific settings.
Tobias Brunner [Tue, 24 Apr 2012 09:07:56 +0000 (11:07 +0200)]
Store the name of the binary using libcharon to enable specific settings.

8 years agoChanged default path to charon for NM frontend.
Tobias Brunner [Thu, 19 Apr 2012 15:23:48 +0000 (17:23 +0200)]
Changed default path to charon for NM frontend.

8 years agoIntegrate nm plugin directly in charon-nm.
Tobias Brunner [Thu, 19 Apr 2012 14:40:21 +0000 (16:40 +0200)]
Integrate nm plugin directly in charon-nm.

8 years agoAdded a small libcharon wrapper intended to directly host the nm plugin.
Tobias Brunner [Thu, 19 Apr 2012 14:35:44 +0000 (16:35 +0200)]
Added a small libcharon wrapper intended to directly host the nm plugin.

For this reason it reclaims the --enable-nm configure option.

8 years agoProvide plugin list from charon, not internally in libcharon.
Tobias Brunner [Thu, 19 Apr 2012 11:32:51 +0000 (13:32 +0200)]
Provide plugin list from charon, not internally in libcharon.

8 years agodisplay (soft) same as (not loaded)
Andreas Steffen [Thu, 3 May 2012 09:54:56 +0000 (11:54 +0200)]
display (soft) same as (not loaded)

8 years agocharon is now an IKE daemon
Andreas Steffen [Thu, 3 May 2012 09:49:30 +0000 (11:49 +0200)]
charon is now an IKE daemon

8 years agoIf we load new features from a plugin, restart loading from first plugin
Martin Willi [Thu, 3 May 2012 09:08:09 +0000 (11:08 +0200)]
If we load new features from a plugin, restart loading from first plugin

8 years agostroke plugin sdepends on building CERT_ANY certificates
Martin Willi [Thu, 3 May 2012 09:07:21 +0000 (11:07 +0200)]
stroke plugin sdepends on building CERT_ANY certificates

8 years agoBuilding CERT_ANY through PEM requires either a CERT_X509 or a CERT_PGP builder
Martin Willi [Thu, 3 May 2012 07:39:35 +0000 (09:39 +0200)]
Building CERT_ANY through PEM requires either a CERT_X509 or a CERT_PGP builder

8 years agoUpdated Android.mk for 5.0 (no IKEv1 support yet).
Tobias Brunner [Thu, 3 May 2012 07:37:35 +0000 (09:37 +0200)]
Updated Android.mk for 5.0 (no IKEv1 support yet).

8 years agoupdated tnc-pdp plugin for 5.0.0
Andreas Steffen [Wed, 2 May 2012 20:53:45 +0000 (22:53 +0200)]
updated tnc-pdp plugin for 5.0.0

8 years agoupdated testing.conf for 5.0.0
Andreas Steffen [Wed, 2 May 2012 20:53:11 +0000 (22:53 +0200)]
updated testing.conf for 5.0.0

8 years agotwo new options for 5.0.0 UML testing
Andreas Steffen [Wed, 2 May 2012 19:13:14 +0000 (21:13 +0200)]
two new options for 5.0.0 UML testing

8 years agoNEWS about route reinstallation added.
Tobias Brunner [Wed, 1 Feb 2012 15:02:33 +0000 (16:02 +0100)]
NEWS about route reinstallation added.

8 years agoRoute reinstallation in kernel_ipsec_t implementations is not needed anymore.
Tobias Brunner [Tue, 20 Dec 2011 14:01:06 +0000 (15:01 +0100)]
Route reinstallation in kernel_ipsec_t implementations is not needed anymore.

8 years agoReinstall routes in kernel-netlink plugin, if interfaces get reactivated or IPs reappear.
Tobias Brunner [Tue, 20 Dec 2011 13:59:21 +0000 (14:59 +0100)]
Reinstall routes in kernel-netlink plugin, if interfaces get reactivated or IPs reappear.

8 years agoKeep track of installed source routes in kernel-netlink plugin.
Tobias Brunner [Tue, 20 Dec 2011 13:30:10 +0000 (14:30 +0100)]
Keep track of installed source routes in kernel-netlink plugin.

8 years agoNEWS about bus_t refactorings added.
Tobias Brunner [Wed, 1 Feb 2012 15:23:47 +0000 (16:23 +0100)]
NEWS about bus_t refactorings added.

8 years agoLoggers specify what log messages they want to receive during registration.
Tobias Brunner [Mon, 23 Jan 2012 12:51:21 +0000 (13:51 +0100)]
Loggers specify what log messages they want to receive during registration.

This also allows us to generate the log message only once for all
loggers that need it (avoids calls to custom printf specifier callbacks).

To update the log levels loggers can simply be registered again.

8 years agoEnsure that multi-line log messages are not torn apart.
Tobias Brunner [Mon, 23 Jan 2012 12:38:48 +0000 (13:38 +0100)]
Ensure that multi-line log messages are not torn apart.

8 years agoAdded recursive read_lock support to our own implementation of rwlock_t.
Tobias Brunner [Sat, 21 Jan 2012 15:11:28 +0000 (16:11 +0100)]
Added recursive read_lock support to our own implementation of rwlock_t.

8 years agoUse a separate interface for loggers.
Tobias Brunner [Sat, 21 Jan 2012 13:47:13 +0000 (14:47 +0100)]
Use a separate interface for loggers.

The new interface does not allow loggers to unregister themselves from
the bus.  This allows us to use a rwlock_t for them.

The latter also means that loggers can now be called concurrently by
multiple threads.

8 years agoUse a separate list and mutex for loggers.
Tobias Brunner [Thu, 29 Dec 2011 18:13:08 +0000 (19:13 +0100)]
Use a separate list and mutex for loggers.

This avoids deadlocks caused by extensive listener_t implementations
which might want to acquire a lock which is currently held by another
thread wanting to log messages. Since the latter requires that thread
to acquire the same lock the initial thread currently holds this
previously resulted in a deadlock.

With this change logging messages does not require threads to acquire
the main lock in bus_t and thus avoids the deadlock.

8 years agoFixed return value of controller_t functions if callback returns FALSE.
Tobias Brunner [Thu, 22 Dec 2011 12:54:30 +0000 (13:54 +0100)]
Fixed return value of controller_t functions if callback returns FALSE.

8 years agoUse wrapped semaphore in callback_job_t.
Tobias Brunner [Thu, 22 Dec 2011 09:59:47 +0000 (10:59 +0100)]
Use wrapped semaphore in callback_job_t.

8 years agoRemoved remaining parts of controller_t.listen() implementation.
Tobias Brunner [Thu, 22 Dec 2011 09:47:44 +0000 (10:47 +0100)]
Removed remaining parts of controller_t.listen() implementation.

8 years agoRemove obsolete bus_t.listen() method.
Tobias Brunner [Wed, 21 Dec 2011 17:27:10 +0000 (18:27 +0100)]
Remove obsolete bus_t.listen() method.

8 years agoImplement wait_for_listener in controller_t with semaphores.
Tobias Brunner [Wed, 21 Dec 2011 17:23:56 +0000 (18:23 +0100)]
Implement wait_for_listener in controller_t with semaphores.

This eliminates even the slightest chance of a deadlock.

8 years agoAdded a wrapper class around POSIX semaphores.
Tobias Brunner [Wed, 21 Dec 2011 17:22:23 +0000 (18:22 +0100)]
Added a wrapper class around POSIX semaphores.

8 years agoImplement bus_t.listen() directly in controller_t (the only user).
Tobias Brunner [Wed, 21 Dec 2011 16:15:33 +0000 (17:15 +0100)]
Implement bus_t.listen() directly in controller_t (the only user).

This will hopefully allow us to later simplify bus_t.

8 years agoAdd plugin features support to stroke plugin
Martin Willi [Thu, 1 Mar 2012 16:07:08 +0000 (17:07 +0100)]
Add plugin features support to stroke plugin

8 years agoCertificate decoding soft-depends on public key decoding of specific types
Martin Willi [Wed, 29 Feb 2012 15:09:11 +0000 (16:09 +0100)]
Certificate decoding soft-depends on public key decoding of specific types

8 years agoPEM loading plugin features depend on the same feature, they are helpers only
Martin Willi [Wed, 29 Feb 2012 15:08:07 +0000 (16:08 +0100)]
PEM loading plugin features depend on the same feature, they are helpers only

8 years agoDon't depend on a feature that has a dependency to the same feauture during unload
Martin Willi [Wed, 29 Feb 2012 15:07:16 +0000 (16:07 +0100)]
Don't depend on a feature that has a dependency to the same feauture during unload

8 years agoMerge branch 'ikev1'
Martin Willi [Wed, 2 May 2012 09:12:31 +0000 (11:12 +0200)]
Merge branch 'ikev1'

Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c

8 years agoAdded a dedicated sender flush method, delay sender destruction until users gone
Martin Willi [Wed, 2 May 2012 07:03:23 +0000 (09:03 +0200)]
Added a dedicated sender flush method, delay sender destruction until users gone

8 years agoDocumented strongswan.conf options for radattr plugin.
Tobias Brunner [Tue, 1 May 2012 11:32:43 +0000 (13:32 +0200)]
Documented strongswan.conf options for radattr plugin.

8 years agoadd AUTH_RULE_SUBJECT_CERT for raw public keys 4.6.3
Andreas Steffen [Mon, 30 Apr 2012 11:40:48 +0000 (13:40 +0200)]
add AUTH_RULE_SUBJECT_CERT for raw public keys

8 years agoadded missing whitespace
Andreas Steffen [Mon, 30 Apr 2012 09:42:09 +0000 (11:42 +0200)]
added missing whitespace

8 years agoProperly initialize optional subject in PEM builder.
Tobias Brunner [Mon, 30 Apr 2012 08:48:57 +0000 (10:48 +0200)]
Properly initialize optional subject in PEM builder.

8 years agoTypo fixed.
Tobias Brunner [Mon, 30 Apr 2012 08:47:42 +0000 (10:47 +0200)]
Typo fixed.

8 years agoversion bump to 4.6.3
Andreas Steffen [Mon, 30 Apr 2012 07:48:21 +0000 (09:48 +0200)]
version bump to 4.6.3

8 years agooutput validity of raw public key if available
Andreas Steffen [Mon, 30 Apr 2012 07:47:34 +0000 (09:47 +0200)]
output validity of raw public key if available

8 years agoikev2/net2net-pubkey scenario does not need dnskey plugin
Andreas Steffen [Mon, 30 Apr 2012 05:02:08 +0000 (07:02 +0200)]
ikev2/net2net-pubkey scenario does not need dnskey plugin

8 years agoadded ikev2/net2net-pubkey scenario
Andreas Steffen [Sun, 29 Apr 2012 22:33:18 +0000 (00:33 +0200)]
added ikev2/net2net-pubkey scenario

8 years agoadded ikev2/net2net-rsa scenario
Andreas Steffen [Sun, 29 Apr 2012 22:32:58 +0000 (00:32 +0200)]
added ikev2/net2net-rsa scenario

8 years agoadded support for raw RSA public keys to stroke
Andreas Steffen [Sun, 29 Apr 2012 22:31:42 +0000 (00:31 +0200)]
added support for raw RSA public keys to stroke

8 years agoadded ikev2/rw-eap-md5-id-prompt scenario
Andreas Steffen [Sun, 29 Apr 2012 17:10:25 +0000 (19:10 +0200)]
added ikev2/rw-eap-md5-id-prompt scenario

8 years agoFixed Android null terminated password fixup in xauth-eap
Martin Willi [Thu, 26 Apr 2012 12:35:27 +0000 (14:35 +0200)]
Fixed Android null terminated password fixup in xauth-eap

8 years agoFixed null-pointer dereference in smp plugin.
Tobias Brunner [Thu, 26 Apr 2012 06:50:39 +0000 (08:50 +0200)]
Fixed null-pointer dereference in smp plugin.

8 years agoCERT_TRUSTED_PUBKEY stores notBefore, notAfter and subject information
Andreas Steffen [Wed, 25 Apr 2012 18:53:08 +0000 (20:53 +0200)]
CERT_TRUSTED_PUBKEY stores notBefore, notAfter and subject information

8 years agopluto: Fix for null-terminated XAuth secrets (as sent by Android 4).
Tobias Brunner [Tue, 24 Apr 2012 07:25:38 +0000 (09:25 +0200)]
pluto: Fix for null-terminated XAuth secrets (as sent by Android 4).

8 years agoactivated cmac plugin in UML test suites
Andreas Steffen [Sun, 22 Apr 2012 20:22:25 +0000 (22:22 +0200)]
activated cmac plugin in UML test suites

8 years agoisolate a TNC client if an error occurs
Andreas Steffen [Sun, 22 Apr 2012 18:24:59 +0000 (20:24 +0200)]
isolate a TNC client if an error occurs

8 years agoversion bump to 4.6.3rc2
Andreas Steffen [Sun, 22 Apr 2012 15:41:20 +0000 (17:41 +0200)]
version bump to 4.6.3rc2

8 years agoexit if TBOOT dummy measurements are not defined
Andreas Steffen [Sun, 22 Apr 2012 15:40:59 +0000 (17:40 +0200)]
exit if TBOOT dummy measurements are not defined

8 years agoOption added to set identifier for syslog(3) logging.
Tobias Brunner [Fri, 20 Apr 2012 07:21:03 +0000 (09:21 +0200)]
Option added to set identifier for syslog(3) logging.

This identifier is added to each log message by syslog.

8 years agoRemoved auth_cfg_t.replace_value() and replaced usages with add().
Tobias Brunner [Tue, 17 Apr 2012 15:44:10 +0000 (17:44 +0200)]
Removed auth_cfg_t.replace_value() and replaced usages with add().

replace_value() was used to replace identities. Since for these the latest is
now returned by get(), adding the new identity with add() is sufficient.

8 years agoChanged the order and semantics of rules we expect only once in auth_cfg_t.
Tobias Brunner [Tue, 17 Apr 2012 15:37:30 +0000 (17:37 +0200)]
Changed the order and semantics of rules we expect only once in auth_cfg_t.

These rules are now inserted at the front of the internal list, this
allows to retrieve the rule added last with get(). For other rules the
order in which they are added is maintained (this allows to properly
enumerate them).

8 years agoStore password with remote ID to tie it stronger to a specific connection.
Tobias Brunner [Tue, 17 Apr 2012 11:58:18 +0000 (13:58 +0200)]
Store password with remote ID to tie it stronger to a specific connection.

8 years agoAdded stroke user-creds command, to set username/password for a connection.
Tobias Brunner [Tue, 17 Apr 2012 09:18:37 +0000 (11:18 +0200)]
Added stroke user-creds command, to set username/password for a connection.

8 years agoAdded method to add additional shared secrets to stroke_cred_t.
Tobias Brunner [Tue, 17 Apr 2012 09:14:38 +0000 (11:14 +0200)]
Added method to add additional shared secrets to stroke_cred_t.

8 years agoAdditional prompt keyword added to stroke.
Tobias Brunner [Tue, 17 Apr 2012 09:13:44 +0000 (11:13 +0200)]
Additional prompt keyword added to stroke.

8 years agoTypo fixed.
Tobias Brunner [Tue, 17 Apr 2012 09:11:24 +0000 (11:11 +0200)]
Typo fixed.

8 years agoKeep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a few secs
Martin Willi [Tue, 17 Apr 2012 07:36:39 +0000 (09:36 +0200)]
Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a few secs

Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as
initiator, we can't know if the completing IKE_SA_INIT message is to our first
request or the one with the COOKIE. If the responder just enabled/disabled
COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE
behavior toggling improves the situation, but does not solve the problem during
the initial COOKIE activation.

8 years agoAdded a note about DH/keymat lifecycle for custom implementations
Martin Willi [Mon, 16 Apr 2012 14:57:18 +0000 (16:57 +0200)]
Added a note about DH/keymat lifecycle for custom implementations

8 years agoReuse existing DH value when retrying IKE_SA_INIT with a COOKIE
Martin Willi [Mon, 16 Apr 2012 14:55:14 +0000 (16:55 +0200)]
Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE

8 years agoFix iteration through half-open IKE_SA table
Martin Willi [Mon, 16 Apr 2012 14:47:17 +0000 (16:47 +0200)]
Fix iteration through half-open IKE_SA table

8 years agoUse IP address as ID as responder if not configured or no IDr received.
Tobias Brunner [Mon, 16 Apr 2012 09:55:07 +0000 (11:55 +0200)]
Use IP address as ID as responder if not configured or no IDr received.

8 years agoFall back on IP address as IDi if none is configured at all.
Tobias Brunner [Mon, 16 Apr 2012 09:53:06 +0000 (11:53 +0200)]
Fall back on IP address as IDi if none is configured at all.

8 years agoUse auth_cfg_t.replace_value where appropriate.
Tobias Brunner [Fri, 13 Apr 2012 13:47:25 +0000 (15:47 +0200)]
Use auth_cfg_t.replace_value where appropriate.

8 years agoAdded a simple method to replace the value of a rule in auth_cfg_t.
Tobias Brunner [Fri, 13 Apr 2012 13:46:23 +0000 (15:46 +0200)]
Added a simple method to replace the value of a rule in auth_cfg_t.

8 years agoFixed IDi in case neither left nor leftid is configured.
Tobias Brunner [Wed, 4 Apr 2012 09:46:59 +0000 (11:46 +0200)]
Fixed IDi in case neither left nor leftid is configured.

8 years agofixed parsing of port ranges in Scanner IMV
Andreas Steffen [Sun, 15 Apr 2012 21:39:27 +0000 (23:39 +0200)]
fixed parsing of port ranges in Scanner IMV

8 years agoTypo fixed in NEWS.
Tobias Brunner [Sat, 14 Apr 2012 06:40:27 +0000 (08:40 +0200)]
Typo fixed in NEWS.

8 years agoDon't invoke child_updown hook twice as responder
Martin Willi [Wed, 11 Apr 2012 15:43:30 +0000 (17:43 +0200)]
Don't invoke child_updown hook twice as responder

8 years agoAccept zero-length certificate request payloads
Martin Willi [Tue, 3 Apr 2012 06:35:25 +0000 (08:35 +0200)]
Accept zero-length certificate request payloads

8 years agoProperly initialize src in ike_sa_t.is_any_path_valid().
Tobias Brunner [Fri, 6 Apr 2012 08:53:47 +0000 (10:53 +0200)]
Properly initialize src in ike_sa_t.is_any_path_valid().

8 years agochecksum need a libradius_init() symbol
Andreas Steffen [Thu, 5 Apr 2012 14:52:37 +0000 (16:52 +0200)]
checksum need a libradius_init() symbol

8 years agoversion bump to 4.6.3rc1
Andreas Steffen [Thu, 5 Apr 2012 07:11:47 +0000 (09:11 +0200)]
version bump to 4.6.3rc1