strongswan.git
12 years agoadded hash-and-url certs
Andreas Steffen [Fri, 18 Apr 2008 21:46:26 +0000 (21:46 -0000)]
added hash-and-url certs

12 years agoadded ikev2/rw-hash-and-url scenario
Andreas Steffen [Fri, 18 Apr 2008 21:43:05 +0000 (21:43 -0000)]
added ikev2/rw-hash-and-url scenario

12 years agoupdated NEWS: support of AES_XCBC_MAC and CAMELLIA
Andreas Steffen [Fri, 18 Apr 2008 21:42:31 +0000 (21:42 -0000)]
updated NEWS: support of AES_XCBC_MAC and CAMELLIA

12 years agoHash and URL cosmetics
Andreas Steffen [Fri, 18 Apr 2008 21:27:08 +0000 (21:27 -0000)]
Hash and URL cosmetics

12 years agoadded ikev1/esp-alg-camellia scenario
Andreas Steffen [Fri, 18 Apr 2008 20:02:42 +0000 (20:02 -0000)]
added ikev1/esp-alg-camellia scenario

12 years agofixed cbc(camellia) netlink configuration error
Andreas Steffen [Fri, 18 Apr 2008 20:01:49 +0000 (20:01 -0000)]
fixed cbc(camellia) netlink configuration error

12 years agouse ip xfrm state in crypto evaltests
Andreas Steffen [Fri, 18 Apr 2008 19:07:46 +0000 (19:07 -0000)]
use ip xfrm state in crypto evaltests

12 years agoadded ikev1/esp-alg-aesxcbc scenario
Andreas Steffen [Fri, 18 Apr 2008 19:06:43 +0000 (19:06 -0000)]
added ikev1/esp-alg-aesxcbc scenario

12 years agofixed aes-xcbc netlink configuration error
Andreas Steffen [Fri, 18 Apr 2008 18:37:57 +0000 (18:37 -0000)]
fixed aes-xcbc netlink configuration error

12 years agosupport of AES_XCBC and CAMELLIA ESP cipher by pluto
Andreas Steffen [Fri, 18 Apr 2008 17:01:45 +0000 (17:01 -0000)]
support of AES_XCBC and CAMELLIA ESP cipher by pluto

12 years agofixed AES default key length
Andreas Steffen [Fri, 18 Apr 2008 17:00:30 +0000 (17:00 -0000)]
fixed AES default key length

12 years agoshipping a default strongswan.conf
Martin Willi [Fri, 18 Apr 2008 12:52:47 +0000 (12:52 -0000)]
shipping a default strongswan.conf

12 years agoupdated pfkeyv2.h
Andreas Steffen [Fri, 18 Apr 2008 12:27:50 +0000 (12:27 -0000)]
updated pfkeyv2.h

12 years agosql pool prototype
Martin Willi [Fri, 18 Apr 2008 11:51:58 +0000 (11:51 -0000)]
sql pool prototype

12 years agofunctions invoked on all linked list items now support up to five additional arguments
Tobias Brunner [Fri, 18 Apr 2008 11:48:53 +0000 (11:48 -0000)]
functions invoked on all linked list items now support up to five additional arguments

12 years agonews (hash and url)
Tobias Brunner [Fri, 18 Apr 2008 11:43:20 +0000 (11:43 -0000)]
news (hash and url)

12 years agoupdated list of ESP and AH algorithms
Andreas Steffen [Fri, 18 Apr 2008 11:25:37 +0000 (11:25 -0000)]
updated list of ESP and AH algorithms

12 years agosupport for hash and URL encoded certificate payloads in charon
Tobias Brunner [Fri, 18 Apr 2008 11:24:45 +0000 (11:24 -0000)]
support for hash and URL encoded certificate payloads in charon

12 years agotypo
Tobias Brunner [Fri, 18 Apr 2008 10:58:36 +0000 (10:58 -0000)]
typo

12 years agofixed peer config equality check
Martin Willi [Fri, 18 Apr 2008 10:30:52 +0000 (10:30 -0000)]
fixed peer config equality check

12 years agotype corrected
Tobias Brunner [Fri, 18 Apr 2008 10:11:41 +0000 (10:11 -0000)]
type corrected

12 years agomore NEWS
Martin Willi [Fri, 18 Apr 2008 08:09:32 +0000 (08:09 -0000)]
more NEWS

12 years agocorrected description
Andreas Steffen [Fri, 18 Apr 2008 07:44:39 +0000 (07:44 -0000)]
corrected description

12 years agofixed another transport mode evaltest
Andreas Steffen [Fri, 18 Apr 2008 07:42:57 +0000 (07:42 -0000)]
fixed another transport mode evaltest

12 years agoadded ipv6/net2net-ipv4-ikev2 scenario
Andreas Steffen [Fri, 18 Apr 2008 07:24:01 +0000 (07:24 -0000)]
added ipv6/net2net-ipv4-ikev2 scenario

12 years agofixed two evaltests
Andreas Steffen [Fri, 18 Apr 2008 07:21:49 +0000 (07:21 -0000)]
fixed two evaltests

12 years agoupdated NEWS
Andreas Steffen [Thu, 17 Apr 2008 20:38:47 +0000 (20:38 -0000)]
updated NEWS

12 years agochanged logging of crl writing to old style
Andreas Steffen [Thu, 17 Apr 2008 20:23:31 +0000 (20:23 -0000)]
changed logging of crl writing to old style

12 years agocorrected variable name
Andreas Steffen [Thu, 17 Apr 2008 18:56:55 +0000 (18:56 -0000)]
corrected variable name

12 years agofixed compiler warning
Martin Willi [Thu, 17 Apr 2008 15:08:48 +0000 (15:08 -0000)]
fixed compiler warning

12 years agorespecting ipsec.conf cachecrls= option
Martin Willi [Thu, 17 Apr 2008 15:01:57 +0000 (15:01 -0000)]
respecting ipsec.conf cachecrls= option

12 years agoadded missing bits for credential caching
Martin Willi [Thu, 17 Apr 2008 15:00:51 +0000 (15:00 -0000)]
added missing bits for credential caching

12 years agocaching of CRLs to /etc/ipsec.d/crls
Martin Willi [Thu, 17 Apr 2008 14:08:38 +0000 (14:08 -0000)]
caching of CRLs to /etc/ipsec.d/crls

12 years agocosmetics to chunk_write()
Martin Willi [Thu, 17 Apr 2008 14:06:37 +0000 (14:06 -0000)]
cosmetics to chunk_write()

12 years agoadded missing credential_set method to stroke_ca
Martin Willi [Thu, 17 Apr 2008 13:00:05 +0000 (13:00 -0000)]
added missing credential_set method to stroke_ca

12 years agoextended credential_set_t interface by a cache_cert() method
Martin Willi [Thu, 17 Apr 2008 11:22:37 +0000 (11:22 -0000)]
extended credential_set_t interface by a cache_cert() method
allows persistent or in-memory caching of fetched certificates

12 years agosplitted IKE_SA manager destroy to allow plugin interaction
Martin Willi [Thu, 17 Apr 2008 10:46:25 +0000 (10:46 -0000)]
splitted IKE_SA manager destroy to allow plugin interaction

12 years agoadding rightsourceip=%poolname properly to peer config
Martin Willi [Thu, 17 Apr 2008 08:55:32 +0000 (08:55 -0000)]
adding rightsourceip=%poolname properly to peer config

12 years agoslightly optimized IKE_SA checkin
Martin Willi [Wed, 16 Apr 2008 08:43:32 +0000 (08:43 -0000)]
slightly optimized IKE_SA checkin

12 years agoparallelized trust chain verification
Martin Willi [Wed, 16 Apr 2008 08:38:15 +0000 (08:38 -0000)]
parallelized trust chain verification
temporary imported certificates are thread-local only
read-write locking on credential manager
credential sets must be thread-save now

12 years agooptimized half-open IKE_SA lookup (no checkout)
Martin Willi [Wed, 16 Apr 2008 08:34:52 +0000 (08:34 -0000)]
optimized half-open IKE_SA lookup (no checkout)

12 years agodisable DPD if dpddelay is set but dpdaction=none
Martin Willi [Wed, 16 Apr 2008 05:50:56 +0000 (05:50 -0000)]
disable DPD if dpddelay is set but dpdaction=none

12 years agoupdated sql testcases to new table schema
Martin Willi [Tue, 15 Apr 2008 15:14:32 +0000 (15:14 -0000)]
updated sql testcases to new table schema

12 years agoupdated sql plugin to respect config changes
Martin Willi [Tue, 15 Apr 2008 15:13:53 +0000 (15:13 -0000)]
updated sql plugin to respect config changes

12 years agodisabled SQL logging by default, as tests scenarios do not have a logging table
Martin Willi [Tue, 15 Apr 2008 15:13:08 +0000 (15:13 -0000)]
disabled SQL logging by default, as tests scenarios do not have a logging table

12 years agoadded error logging to sqlite plugin
Martin Willi [Tue, 15 Apr 2008 15:12:01 +0000 (15:12 -0000)]
added error logging to sqlite plugin

12 years agofixed build of smp plugin
Martin Willi [Tue, 15 Apr 2008 11:51:46 +0000 (11:51 -0000)]
fixed build of smp plugin

12 years agoset long-forgotten DPD defaults
Andreas Steffen [Tue, 15 Apr 2008 11:27:45 +0000 (11:27 -0000)]
set long-forgotten DPD defaults

12 years agobuild plugins after daemon/libstrongswan
Martin Willi [Tue, 15 Apr 2008 07:57:01 +0000 (07:57 -0000)]
build plugins after daemon/libstrongswan

12 years agoadded API for random number generators, served through credential factory
Martin Willi [Tue, 15 Apr 2008 05:56:35 +0000 (05:56 -0000)]
added API for random number generators, served through credential factory
ported randomizer_t to a rng_t on top of /dev/(u)random (plugin random)

12 years agoimplemented IKE_SA uniqueness using ipsec.conf uniqueids paramater
Martin Willi [Mon, 14 Apr 2008 13:23:24 +0000 (13:23 -0000)]
implemented IKE_SA uniqueness using ipsec.conf uniqueids paramater
additionally supports a "keep" value to keep the old IKE_SA

12 years agoike_sa_manager enumerable, not iterable
Martin Willi [Mon, 14 Apr 2008 11:37:46 +0000 (11:37 -0000)]
ike_sa_manager enumerable, not iterable

12 years agoupdated rightsourceip parameter in man page
Martin Willi [Mon, 14 Apr 2008 08:27:05 +0000 (08:27 -0000)]
updated rightsourceip parameter in man page

12 years agoadded close_action as a seperate config option to dpd_action
Martin Willi [Mon, 14 Apr 2008 08:17:18 +0000 (08:17 -0000)]
added close_action as a seperate config option to dpd_action

12 years agofixed jumping IKE_SA unique ids
Martin Willi [Mon, 14 Apr 2008 07:55:23 +0000 (07:55 -0000)]
fixed jumping IKE_SA unique ids

12 years agofixed rightsourceip=%config scenarios
Martin Willi [Mon, 14 Apr 2008 07:18:16 +0000 (07:18 -0000)]
fixed rightsourceip=%config scenarios

12 years agouse ip6tables in sql/rw-psk-ipv6 scenario
Andreas Steffen [Mon, 14 Apr 2008 06:10:10 +0000 (06:10 -0000)]
use ip6tables in sql/rw-psk-ipv6 scenario

12 years agofixed suppression of cert requests in eap-sim and eap-aka scenarios
Andreas Steffen [Mon, 14 Apr 2008 04:33:17 +0000 (04:33 -0000)]
fixed suppression of cert requests in eap-sim and eap-aka scenarios

12 years agohost_srcip was not properly initialized in starterwhack.c
Andreas Steffen [Sun, 13 Apr 2008 21:42:44 +0000 (21:42 -0000)]
host_srcip was not properly initialized in starterwhack.c

12 years agoadded sql/rw-psk-ipv6 scenario
Andreas Steffen [Sun, 13 Apr 2008 19:50:15 +0000 (19:50 -0000)]
added sql/rw-psk-ipv6 scenario

12 years agoadded sql/rw-psk-rsa-split scenario
Andreas Steffen [Sun, 13 Apr 2008 19:49:20 +0000 (19:49 -0000)]
added sql/rw-psk-rsa-split scenario

12 years agofixed disabling the sending of cert requests
Andreas Steffen [Sun, 13 Apr 2008 17:31:07 +0000 (17:31 -0000)]
fixed disabling the sending of cert requests

12 years agousing dpd actions to enforce connection state
Martin Willi [Fri, 11 Apr 2008 08:14:48 +0000 (08:14 -0000)]
using dpd actions to enforce connection state
dpd actions a per child-, not peer ike-sa

12 years agoenabling acquire for mediated connections
Tobias Brunner [Thu, 10 Apr 2008 12:51:04 +0000 (12:51 -0000)]
enabling acquire for mediated connections

12 years agoenabling reauthentication on mediation connections
Tobias Brunner [Thu, 10 Apr 2008 08:42:27 +0000 (08:42 -0000)]
enabling reauthentication on mediation connections

12 years agofixing a problem if the mediation server initiates the rekeying
Tobias Brunner [Thu, 10 Apr 2008 07:24:30 +0000 (07:24 -0000)]
fixing a problem if the mediation server initiates the rekeying

12 years agomediation connections should now properly rekey
Tobias Brunner [Wed, 9 Apr 2008 18:12:22 +0000 (18:12 -0000)]
mediation connections should now properly rekey

12 years agoimplemented a simple attribute provider for stroke
Martin Willi [Wed, 9 Apr 2008 12:56:20 +0000 (12:56 -0000)]
implemented a simple attribute provider for stroke

12 years agoimplementation of an CFG attribute framework, currently supporting virtual IPs
Martin Willi [Wed, 9 Apr 2008 12:54:47 +0000 (12:54 -0000)]
implementation of an CFG attribute framework, currently supporting virtual IPs
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool

12 years agosignature in connectivity checks is now built with the message id in network byte...
Tobias Brunner [Tue, 8 Apr 2008 13:45:30 +0000 (13:45 -0000)]
signature in connectivity checks is now built with the message id in network byte order

12 years agochanged force_encap to forceencaps
Martin Willi [Tue, 8 Apr 2008 12:53:36 +0000 (12:53 -0000)]
changed force_encap to forceencaps

12 years agoprinting the checklist, two bugfixes
Tobias Brunner [Tue, 8 Apr 2008 12:31:27 +0000 (12:31 -0000)]
printing the checklist, two bugfixes

12 years agoconnect manager: restart the sender if it is not running anymore
Tobias Brunner [Tue, 8 Apr 2008 09:21:27 +0000 (09:21 -0000)]
connect manager: restart the sender if it is not running anymore

12 years agobetter logging for chunks in connect manager
Tobias Brunner [Tue, 8 Apr 2008 08:41:23 +0000 (08:41 -0000)]
better logging for chunks in connect manager

12 years agorefactored callback data in connect manager
Tobias Brunner [Tue, 8 Apr 2008 08:33:15 +0000 (08:33 -0000)]
refactored callback data in connect manager

12 years agoremoved stale ocsp header
Martin Willi [Tue, 8 Apr 2008 06:27:04 +0000 (06:27 -0000)]
removed stale ocsp header

12 years agofast finishing connectivity checks on the initiators side
Tobias Brunner [Mon, 7 Apr 2008 15:45:37 +0000 (15:45 -0000)]
fast finishing connectivity checks on the initiators side

12 years agocorrected the logging for retransmissions of connectivity checks
Tobias Brunner [Mon, 7 Apr 2008 14:45:39 +0000 (14:45 -0000)]
corrected the logging for retransmissions of connectivity checks

12 years agochanged how retransmissions of connectivity checks are sent
Tobias Brunner [Mon, 7 Apr 2008 11:26:15 +0000 (11:26 -0000)]
changed how retransmissions of connectivity checks are sent

12 years agofixed doxygen groups to avoid recursion
Martin Willi [Mon, 7 Apr 2008 10:37:14 +0000 (10:37 -0000)]
fixed doxygen groups to avoid recursion

12 years agowildcard matching in shared secrets not implemented yet
Andreas Steffen [Mon, 7 Apr 2008 10:29:08 +0000 (10:29 -0000)]
wildcard matching in shared secrets not implemented yet

12 years agoadded sql/rw-psk-ipv4 scenario
Andreas Steffen [Mon, 7 Apr 2008 10:24:49 +0000 (10:24 -0000)]
added sql/rw-psk-ipv4 scenario

12 years agofixing another memory leak
Tobias Brunner [Mon, 7 Apr 2008 09:36:52 +0000 (09:36 -0000)]
fixing another memory leak

12 years agoset accelerated rekeying defaults in ipsec.sql for UML scenarios
Andreas Steffen [Mon, 7 Apr 2008 09:10:58 +0000 (09:10 -0000)]
set accelerated rekeying defaults in ipsec.sql for UML scenarios

12 years agoadded sql/rw-cert scenario
Andreas Steffen [Mon, 7 Apr 2008 08:57:46 +0000 (08:57 -0000)]
added sql/rw-cert scenario

12 years agouse cert->equals() to filter out equal certificates in seperate instances
Martin Willi [Mon, 7 Apr 2008 08:48:08 +0000 (08:48 -0000)]
use cert->equals() to filter out equal certificates in seperate instances

12 years agotry to cache the same instance of equal certificates
Martin Willi [Mon, 7 Apr 2008 08:44:43 +0000 (08:44 -0000)]
try to cache the same instance of equal certificates

12 years agocompare certificates against full encoding to allow equality check of untrusted certs
Martin Willi [Mon, 7 Apr 2008 08:28:35 +0000 (08:28 -0000)]
compare certificates against full encoding to allow equality check of untrusted certs

12 years agofixed bad cleanup which results in segfault if no issuer cert found, fixes #43
Martin Willi [Mon, 7 Apr 2008 08:06:02 +0000 (08:06 -0000)]
fixed bad cleanup which results in segfault if no issuer cert found, fixes #43

12 years agofixed path to ipsec.sql
Andreas Steffen [Mon, 7 Apr 2008 07:57:38 +0000 (07:57 -0000)]
fixed path to ipsec.sql

12 years agoipsec.sql remains in /etc/ipsec.d
Andreas Steffen [Mon, 7 Apr 2008 07:25:04 +0000 (07:25 -0000)]
ipsec.sql remains in /etc/ipsec.d

12 years agomoved strongswan.conf to /etc
Andreas Steffen [Mon, 7 Apr 2008 07:21:06 +0000 (07:21 -0000)]
moved strongswan.conf to /etc

12 years agocosmetics
Andreas Steffen [Mon, 7 Apr 2008 07:02:47 +0000 (07:02 -0000)]
cosmetics

12 years agoadded ./configure option --with-strongswan-conf=
Martin Willi [Mon, 7 Apr 2008 06:56:33 +0000 (06:56 -0000)]
added ./configure option --with-strongswan-conf=
defaults to /etc/strongswan.conf

12 years agofixed segfault when opening a SQLite database fails
Martin Willi [Mon, 7 Apr 2008 06:49:13 +0000 (06:49 -0000)]
fixed segfault when opening a SQLite database fails

12 years agodo-tests now lists strongswan.conf and ip xfrm policy|state
Andreas Steffen [Mon, 7 Apr 2008 06:14:21 +0000 (06:14 -0000)]
do-tests now lists strongswan.conf and ip xfrm policy|state

12 years agoadded helper scripts to create SQL scripts
Martin Willi [Mon, 7 Apr 2008 06:06:42 +0000 (06:06 -0000)]
added helper scripts to create SQL scripts

12 years agoadded sql/net2net-psk scenario
Andreas Steffen [Sun, 6 Apr 2008 18:11:19 +0000 (18:11 -0000)]
added sql/net2net-psk scenario

12 years agocorrected description
Andreas Steffen [Sun, 6 Apr 2008 18:10:57 +0000 (18:10 -0000)]
corrected description

12 years agolog shared secret with debug level 4
Andreas Steffen [Sun, 6 Apr 2008 17:51:29 +0000 (17:51 -0000)]
log shared secret with debug level 4