strongswan.git
12 years agowildcard matching in shared secrets not implemented yet
Andreas Steffen [Mon, 7 Apr 2008 10:29:08 +0000 (10:29 -0000)]
wildcard matching in shared secrets not implemented yet

12 years agoadded sql/rw-psk-ipv4 scenario
Andreas Steffen [Mon, 7 Apr 2008 10:24:49 +0000 (10:24 -0000)]
added sql/rw-psk-ipv4 scenario

12 years agofixing another memory leak
Tobias Brunner [Mon, 7 Apr 2008 09:36:52 +0000 (09:36 -0000)]
fixing another memory leak

12 years agoset accelerated rekeying defaults in ipsec.sql for UML scenarios
Andreas Steffen [Mon, 7 Apr 2008 09:10:58 +0000 (09:10 -0000)]
set accelerated rekeying defaults in ipsec.sql for UML scenarios

12 years agoadded sql/rw-cert scenario
Andreas Steffen [Mon, 7 Apr 2008 08:57:46 +0000 (08:57 -0000)]
added sql/rw-cert scenario

12 years agouse cert->equals() to filter out equal certificates in seperate instances
Martin Willi [Mon, 7 Apr 2008 08:48:08 +0000 (08:48 -0000)]
use cert->equals() to filter out equal certificates in seperate instances

12 years agotry to cache the same instance of equal certificates
Martin Willi [Mon, 7 Apr 2008 08:44:43 +0000 (08:44 -0000)]
try to cache the same instance of equal certificates

12 years agocompare certificates against full encoding to allow equality check of untrusted certs
Martin Willi [Mon, 7 Apr 2008 08:28:35 +0000 (08:28 -0000)]
compare certificates against full encoding to allow equality check of untrusted certs

12 years agofixed bad cleanup which results in segfault if no issuer cert found, fixes #43
Martin Willi [Mon, 7 Apr 2008 08:06:02 +0000 (08:06 -0000)]
fixed bad cleanup which results in segfault if no issuer cert found, fixes #43

12 years agofixed path to ipsec.sql
Andreas Steffen [Mon, 7 Apr 2008 07:57:38 +0000 (07:57 -0000)]
fixed path to ipsec.sql

12 years agoipsec.sql remains in /etc/ipsec.d
Andreas Steffen [Mon, 7 Apr 2008 07:25:04 +0000 (07:25 -0000)]
ipsec.sql remains in /etc/ipsec.d

12 years agomoved strongswan.conf to /etc
Andreas Steffen [Mon, 7 Apr 2008 07:21:06 +0000 (07:21 -0000)]
moved strongswan.conf to /etc

12 years agocosmetics
Andreas Steffen [Mon, 7 Apr 2008 07:02:47 +0000 (07:02 -0000)]
cosmetics

12 years agoadded ./configure option --with-strongswan-conf=
Martin Willi [Mon, 7 Apr 2008 06:56:33 +0000 (06:56 -0000)]
added ./configure option --with-strongswan-conf=
defaults to /etc/strongswan.conf

12 years agofixed segfault when opening a SQLite database fails
Martin Willi [Mon, 7 Apr 2008 06:49:13 +0000 (06:49 -0000)]
fixed segfault when opening a SQLite database fails

12 years agodo-tests now lists strongswan.conf and ip xfrm policy|state
Andreas Steffen [Mon, 7 Apr 2008 06:14:21 +0000 (06:14 -0000)]
do-tests now lists strongswan.conf and ip xfrm policy|state

12 years agoadded helper scripts to create SQL scripts
Martin Willi [Mon, 7 Apr 2008 06:06:42 +0000 (06:06 -0000)]
added helper scripts to create SQL scripts

12 years agoadded sql/net2net-psk scenario
Andreas Steffen [Sun, 6 Apr 2008 18:11:19 +0000 (18:11 -0000)]
added sql/net2net-psk scenario

12 years agocorrected description
Andreas Steffen [Sun, 6 Apr 2008 18:10:57 +0000 (18:10 -0000)]
corrected description

12 years agolog shared secret with debug level 4
Andreas Steffen [Sun, 6 Apr 2008 17:51:29 +0000 (17:51 -0000)]
log shared secret with debug level 4

12 years agodisable mobike in sql/net2net-cert scenario
Andreas Steffen [Sun, 6 Apr 2008 12:53:57 +0000 (12:53 -0000)]
disable mobike in sql/net2net-cert scenario

12 years agodefault is hostaccess=no
Andreas Steffen [Sun, 6 Apr 2008 12:15:05 +0000 (12:15 -0000)]
default is hostaccess=no

12 years agoversion bump to 4.2.1
Andreas Steffen [Sun, 6 Apr 2008 12:12:13 +0000 (12:12 -0000)]
version bump to 4.2.1

12 years agoadded sql/net2net-cert scenario
Andreas Steffen [Sun, 6 Apr 2008 12:06:33 +0000 (12:06 -0000)]
added sql/net2net-cert scenario

12 years agosupport of SQL databases in UML scenarios
Andreas Steffen [Sun, 6 Apr 2008 12:05:42 +0000 (12:05 -0000)]
support of SQL databases in UML scenarios

12 years agodo not build leak_detective.o if not enabled
Martin Willi [Fri, 4 Apr 2008 11:38:16 +0000 (11:38 -0000)]
do not build leak_detective.o if not enabled

12 years agodefining hook functions ourself as definition in uClibc and glibc differ, fixes #36
Martin Willi [Fri, 4 Apr 2008 11:37:19 +0000 (11:37 -0000)]
defining hook functions ourself as definition in uClibc and glibc differ, fixes #36

12 years agoremoved unused gmp.h to build libstrongswan without libgmp
Martin Willi [Fri, 4 Apr 2008 11:13:14 +0000 (11:13 -0000)]
removed unused gmp.h to build libstrongswan without libgmp

12 years agoand another
Tobias Brunner [Thu, 3 Apr 2008 15:22:06 +0000 (15:22 -0000)]
and another

12 years agofixed two other memory leaks
Tobias Brunner [Thu, 3 Apr 2008 15:13:25 +0000 (15:13 -0000)]
fixed two other memory leaks

12 years agoredirecting all leak_report information to stderr
Martin Willi [Thu, 3 Apr 2008 11:25:08 +0000 (11:25 -0000)]
redirecting all leak_report information to stderr

12 years agosome code cleanups
Martin Willi [Thu, 3 Apr 2008 10:22:17 +0000 (10:22 -0000)]
some code cleanups

12 years agoreplaced mutex in leak detective with thread scheduling
Tobias Brunner [Thu, 3 Apr 2008 09:24:35 +0000 (09:24 -0000)]
replaced mutex in leak detective with thread scheduling

12 years agothread locking for sender and processor optimized
Tobias Brunner [Thu, 3 Apr 2008 09:19:12 +0000 (09:19 -0000)]
thread locking for sender and processor optimized

12 years agoconfigure option in strongswan.conf for thread count
Martin Willi [Thu, 3 Apr 2008 08:37:24 +0000 (08:37 -0000)]
configure option in strongswan.conf for thread count

12 years agoupdated test data to use correct encoding data
Martin Willi [Thu, 3 Apr 2008 06:45:17 +0000 (06:45 -0000)]
updated test data to use correct encoding data

12 years agodemoted more notify debug messages to level 2 4.2.0
Andreas Steffen [Wed, 2 Apr 2008 19:15:05 +0000 (19:15 -0000)]
demoted more notify debug messages to level 2

12 years agomake peer IP address and peer IP available to the xauth_module.verify_secret() method
Andreas Steffen [Wed, 2 Apr 2008 19:04:45 +0000 (19:04 -0000)]
make peer IP address and peer IP available to the xauth_module.verify_secret() method

12 years agorenamed AES_cbc_encrypt to SS_AES_cbc_encrypt due to name collision with OpenSSL...
Andreas Steffen [Wed, 2 Apr 2008 18:51:10 +0000 (18:51 -0000)]
renamed AES_cbc_encrypt to SS_AES_cbc_encrypt due to name collision with OpenSSL library

12 years agosupport of force_keepalive parameter
Andreas Steffen [Wed, 2 Apr 2008 18:35:23 +0000 (18:35 -0000)]
support of force_keepalive parameter

12 years agofixing some memory leaks
Tobias Brunner [Wed, 2 Apr 2008 18:21:03 +0000 (18:21 -0000)]
fixing some memory leaks

12 years agosecuring total_threads with the mutex while destroying the processor
Tobias Brunner [Wed, 2 Apr 2008 15:28:08 +0000 (15:28 -0000)]
securing total_threads with the mutex while destroying the processor

12 years agogenerate debug output if ocsp response does not contain status information for a...
Andreas Steffen [Wed, 2 Apr 2008 14:28:17 +0000 (14:28 -0000)]
generate debug output if ocsp response does not contain status information for a given certificate

12 years agoupdated TODO
Martin Willi [Wed, 2 Apr 2008 13:21:02 +0000 (13:21 -0000)]
updated TODO

12 years agoadded some NEWS for the 4.2 release
Martin Willi [Wed, 2 Apr 2008 13:20:46 +0000 (13:20 -0000)]
added some NEWS for the 4.2 release

12 years agoupdated RFCs/drafts
Martin Willi [Wed, 2 Apr 2008 13:20:14 +0000 (13:20 -0000)]
updated RFCs/drafts

12 years agofixed med_db test
Martin Willi [Wed, 2 Apr 2008 12:27:39 +0000 (12:27 -0000)]
fixed med_db test

12 years agoupdated mediation database to public key authentication
Martin Willi [Wed, 2 Apr 2008 12:25:14 +0000 (12:25 -0000)]
updated mediation database to public key authentication
added mysql table definition, test data
testcase

12 years agofixed compile warnings
Martin Willi [Wed, 2 Apr 2008 09:54:20 +0000 (09:54 -0000)]
fixed compile warnings

12 years agoadditional debug line makes certificate status checking more understandable
Andreas Steffen [Wed, 2 Apr 2008 06:25:59 +0000 (06:25 -0000)]
additional debug line makes certificate status checking more understandable

12 years agoworkaround for parsing IPv6 PSKs requires extract_last_token()
Andreas Steffen [Tue, 1 Apr 2008 20:40:29 +0000 (20:40 -0000)]
workaround for parsing IPv6 PSKs requires extract_last_token()

12 years agodemoted received notify debug message to level 2
Andreas Steffen [Tue, 1 Apr 2008 20:22:38 +0000 (20:22 -0000)]
demoted received notify debug message to level 2

12 years agoadapted ikev2 uml scenarios for the 4.2 version
Andreas Steffen [Tue, 1 Apr 2008 20:05:02 +0000 (20:05 -0000)]
adapted ikev2 uml scenarios for the 4.2 version

12 years agoadded missing files for commit [3721]
Martin Willi [Tue, 1 Apr 2008 15:03:02 +0000 (15:03 -0000)]
added missing files for commit [3721]

12 years agoloading of subjectPublicKeyInfo wrapped keys using KEY_ANY (openssl format)
Martin Willi [Tue, 1 Apr 2008 14:51:31 +0000 (14:51 -0000)]
loading of subjectPublicKeyInfo wrapped keys using KEY_ANY (openssl format)
testcase

12 years agoand a fix for it
Martin Willi [Tue, 1 Apr 2008 14:26:31 +0000 (14:26 -0000)]
and a fix for it

12 years agosimple converter from binary data to a c array
Martin Willi [Tue, 1 Apr 2008 14:19:22 +0000 (14:19 -0000)]
simple converter from binary data to a c array

12 years agoremoved unneded publicKeyInfo ASN1 structure
Martin Willi [Tue, 1 Apr 2008 13:39:12 +0000 (13:39 -0000)]
removed unneded publicKeyInfo ASN1 structure

12 years agominimal stroke_list_ocsp() implementation
Andreas Steffen [Tue, 1 Apr 2008 12:11:09 +0000 (12:11 -0000)]
minimal stroke_list_ocsp() implementation

12 years agostopping connectivity checks on the responders side after receiving an IKE_SA_INIT...
Tobias Brunner [Tue, 1 Apr 2008 11:38:18 +0000 (11:38 -0000)]
stopping connectivity checks on the responders side after receiving an IKE_SA_INIT request with the proper ME_CONNECTID

12 years agosome simplifications to trusted_enumerator_t
Martin Willi [Tue, 1 Apr 2008 10:56:08 +0000 (10:56 -0000)]
some simplifications to trusted_enumerator_t

12 years agochecking pretrusted but bad certificates only once
Martin Willi [Tue, 1 Apr 2008 10:43:44 +0000 (10:43 -0000)]
checking pretrusted but bad certificates only once

12 years agostroke_list groups certificates by issuer
Andreas Steffen [Tue, 1 Apr 2008 10:26:27 +0000 (10:26 -0000)]
stroke_list groups certificates by issuer

12 years agoreplaced the example manager database by a sql script
Martin Willi [Tue, 1 Apr 2008 07:16:48 +0000 (07:16 -0000)]
replaced the example manager database by a sql script

12 years agochanged enumerator implementation to handle reentrant code
Martin Willi [Tue, 1 Apr 2008 06:51:55 +0000 (06:51 -0000)]
changed enumerator implementation to handle reentrant code

12 years agominor changes in debug output
Andreas Steffen [Mon, 31 Mar 2008 21:59:32 +0000 (21:59 -0000)]
minor changes in debug output

12 years agoput DN in double quotes
Andreas Steffen [Mon, 31 Mar 2008 21:08:56 +0000 (21:08 -0000)]
put DN in double quotes

12 years agooutput error message if maximum ca path length is reached
Andreas Steffen [Mon, 31 Mar 2008 20:42:57 +0000 (20:42 -0000)]
output error message if maximum ca path length is reached

12 years agoipsec list suppresses duplicates
Andreas Steffen [Mon, 31 Mar 2008 20:21:24 +0000 (20:21 -0000)]
ipsec list suppresses duplicates

12 years agotiming of connectivity checks adjusted
Tobias Brunner [Mon, 31 Mar 2008 15:04:38 +0000 (15:04 -0000)]
timing of connectivity checks adjusted

12 years agodefining ME globally, as we need it in plugins
Martin Willi [Mon, 31 Mar 2008 15:01:43 +0000 (15:01 -0000)]
defining ME globally, as we need it in plugins

12 years agoutc argument in %#T was missing
Andreas Steffen [Mon, 31 Mar 2008 14:36:00 +0000 (14:36 -0000)]
utc argument in %#T was missing

12 years agosignal fixed
Tobias Brunner [Mon, 31 Mar 2008 14:27:16 +0000 (14:27 -0000)]
signal fixed

12 years agodisabled build of outdated dbus interface
Andreas Steffen [Mon, 31 Mar 2008 12:59:39 +0000 (12:59 -0000)]
disabled build of outdated dbus interface

12 years agochanged order of server and peer reflexive endpoints (and also the priorities)
Tobias Brunner [Mon, 31 Mar 2008 10:56:49 +0000 (10:56 -0000)]
changed order of server and peer reflexive endpoints (and also the priorities)

12 years agoreceived certificates have least priority
Martin Willi [Mon, 31 Mar 2008 08:43:18 +0000 (08:43 -0000)]
received certificates have least priority
fixed manager unlocking

12 years agofixed refcounting in certificate trustchain validation
Martin Willi [Mon, 31 Mar 2008 07:16:12 +0000 (07:16 -0000)]
fixed refcounting in certificate trustchain validation

12 years agoadapted configure options in testing.conf and build-umlrootfs
Andreas Steffen [Sat, 29 Mar 2008 19:33:02 +0000 (19:33 -0000)]
adapted configure options in testing.conf and build-umlrootfs

12 years agochanged error message
Andreas Steffen [Sat, 29 Mar 2008 13:26:53 +0000 (13:26 -0000)]
changed error message

12 years agooutput uptime in status in local time
Andreas Steffen [Sat, 29 Mar 2008 08:55:09 +0000 (08:55 -0000)]
output uptime in status in local time

12 years agoshortened menu item
Andreas Steffen [Fri, 28 Mar 2008 22:46:09 +0000 (22:46 -0000)]
shortened menu item

12 years agodemoted ldap debug output to level 2
Andreas Steffen [Fri, 28 Mar 2008 22:44:45 +0000 (22:44 -0000)]
demoted ldap debug output to level 2

12 years agoremove xml directory
Andreas Steffen [Fri, 28 Mar 2008 19:49:59 +0000 (19:49 -0000)]
remove xml directory

12 years agoleak detective detects heap over- and underflow
Martin Willi [Fri, 28 Mar 2008 14:51:26 +0000 (14:51 -0000)]
leak detective detects heap over- and underflow

12 years agoupdated leak_detective whitelist: libxml and clearsilver functions
Martin Willi [Fri, 28 Mar 2008 13:16:36 +0000 (13:16 -0000)]
updated leak_detective whitelist: libxml and clearsilver functions

12 years agorenamed xml plugin to smp to avoid confusion
Martin Willi [Fri, 28 Mar 2008 12:44:01 +0000 (12:44 -0000)]
renamed xml plugin to smp to avoid confusion
added some dependency checks to configure
configure checks ClearSilver and fastcgi
cleanups in the build system here and there

12 years agofixed manager plugin loading
Martin Willi [Fri, 28 Mar 2008 12:41:05 +0000 (12:41 -0000)]
fixed manager plugin loading
manager uses strongswan.conf to read its configuration

12 years agofixed crash if crl fetching fails
Martin Willi [Fri, 28 Mar 2008 12:00:51 +0000 (12:00 -0000)]
fixed crash if crl fetching fails

12 years agofixed all pluto compiler warnings
Martin Willi [Fri, 28 Mar 2008 11:48:14 +0000 (11:48 -0000)]
fixed all pluto compiler warnings

12 years agofixed compiler warning in openace
Martin Willi [Fri, 28 Mar 2008 11:47:11 +0000 (11:47 -0000)]
fixed compiler warning in openace
fixed pem loading bug

12 years agofixed compiler warning in libfreeswan
Martin Willi [Fri, 28 Mar 2008 11:46:30 +0000 (11:46 -0000)]
fixed compiler warning in libfreeswan

12 years agofixed compiler warning in scepclient
Martin Willi [Fri, 28 Mar 2008 11:45:56 +0000 (11:45 -0000)]
fixed compiler warning in scepclient

12 years agoremoved unused yynuput to fix compiler warning
Martin Willi [Fri, 28 Mar 2008 11:45:01 +0000 (11:45 -0000)]
removed unused yynuput to fix compiler warning

12 years agofixed compiler warning
Martin Willi [Fri, 28 Mar 2008 10:21:04 +0000 (10:21 -0000)]
fixed compiler warning

12 years agoreentrant save cert_cache
Martin Willi [Fri, 28 Mar 2008 08:38:51 +0000 (08:38 -0000)]
reentrant save cert_cache

12 years agocaching of CRLs
Martin Willi [Fri, 28 Mar 2008 08:14:47 +0000 (08:14 -0000)]
caching of CRLs

12 years agoreplaced get_public() by create_public_enumerator() to try multiple public keys for...
Martin Willi [Thu, 27 Mar 2008 19:07:23 +0000 (19:07 -0000)]
replaced get_public() by create_public_enumerator() to try multiple public keys for signature verification

12 years agouse trusted self-signed root CA certificates as trust anchor only
Martin Willi [Thu, 27 Mar 2008 13:38:02 +0000 (13:38 -0000)]
use trusted self-signed root CA certificates as trust anchor only

12 years agochanged external interface to the mediation extension.
Tobias Brunner [Thu, 27 Mar 2008 12:31:35 +0000 (12:31 -0000)]
changed external interface to the mediation extension.

12 years agocorrected ME_ENDPOINT length check
Tobias Brunner [Thu, 27 Mar 2008 12:29:51 +0000 (12:29 -0000)]
corrected ME_ENDPOINT length check