strongswan.git
10 years agorefreshened and fortified strongSwan Root CA certificate
Andreas Steffen [Tue, 3 Nov 2009 23:16:48 +0000 (00:16 +0100)]
refreshened and fortified strongSwan Root CA certificate

10 years agoimplemented parsing of pathLenConstraint
Andreas Steffen [Tue, 3 Nov 2009 23:03:10 +0000 (00:03 +0100)]
implemented parsing of pathLenConstraint

10 years agoversion bump to 4.3.6
Andreas Steffen [Mon, 2 Nov 2009 21:47:55 +0000 (22:47 +0100)]
version bump to 4.3.6

10 years agoUse XFRM instead of PF_KEY IKE bypass policies in netlink based kernel interface
Martin Willi [Fri, 30 Oct 2009 10:19:32 +0000 (11:19 +0100)]
Use XFRM instead of PF_KEY IKE bypass policies in netlink based kernel interface

10 years agofixed a memory leak in OCSP fetching 4.3.5
Andreas Steffen [Thu, 29 Oct 2009 09:00:19 +0000 (10:00 +0100)]
fixed a memory leak in OCSP fetching

10 years agoQuery secrets in EAP-MD5 with me/other identities, fixing lookup in NetworkManager
Martin Willi [Mon, 26 Oct 2009 07:47:40 +0000 (08:47 +0100)]
Query secrets in EAP-MD5 with me/other identities, fixing lookup in NetworkManager

10 years agoShow the number of times a lock was acquired in lock profiler
Martin Willi [Fri, 23 Oct 2009 06:12:17 +0000 (08:12 +0200)]
Show the number of times a lock was acquired in lock profiler

10 years agoHand out shared secret of load tester for all identities
Martin Willi [Thu, 22 Oct 2009 14:44:07 +0000 (16:44 +0200)]
Hand out shared secret of load tester for all identities

10 years agoFixed all doxygen warnings
Martin Willi [Thu, 22 Oct 2009 12:34:10 +0000 (14:34 +0200)]
Fixed all doxygen warnings

10 years agoStore return value of getc() in an int to correctly test it against EOF
Martin Willi [Thu, 22 Oct 2009 11:13:06 +0000 (13:13 +0200)]
Store return value of getc() in an int to correctly test it against EOF

10 years agoLoad-testers PSK is used for all purposes, including EAP authentication
Martin Willi [Tue, 20 Oct 2009 13:54:13 +0000 (15:54 +0200)]
Load-testers PSK is used for all purposes, including EAP authentication

10 years agohyphenate eap-radius 4.3.5rc1
Andreas Steffen [Sat, 17 Oct 2009 07:23:09 +0000 (09:23 +0200)]
hyphenate eap-radius

10 years agoadded IKEv1 mixed tunnel fix to NEWS
Andreas Steffen [Fri, 16 Oct 2009 15:57:42 +0000 (17:57 +0200)]
added IKEv1 mixed tunnel fix to NEWS

10 years agoadded ipv6/net2net-ip4-in-ip6-ikev1 and ipv6/net2net-ip4-in-ip6-ikev1 scenarios
Andreas Steffen [Fri, 16 Oct 2009 13:04:17 +0000 (15:04 +0200)]
added ipv6/net2net-ip4-in-ip6-ikev1 and ipv6/net2net-ip4-in-ip6-ikev1 scenarios

10 years agosetting the IP family enables mixed tunnels
Heiko Hund [Fri, 16 Oct 2009 12:50:12 +0000 (14:50 +0200)]
setting the IP family enables mixed tunnels

10 years agoDo not null-terminate url in hash-and-url payloads
Martin Willi [Fri, 16 Oct 2009 07:21:28 +0000 (09:21 +0200)]
Do not null-terminate url in hash-and-url payloads

10 years agouse directory enumerator to load authcerts
Andreas Steffen [Thu, 15 Oct 2009 16:01:10 +0000 (18:01 +0200)]
use directory enumerator to load authcerts

10 years agocleaned out some bugs in refactoring of ac.c
Andreas Steffen [Thu, 15 Oct 2009 15:30:04 +0000 (17:30 +0200)]
cleaned out some bugs in refactoring of ac.c

10 years agocorrected description of ikev1/ip-pool-db scenario
Andreas Steffen [Thu, 15 Oct 2009 13:25:36 +0000 (15:25 +0200)]
corrected description of ikev1/ip-pool-db scenario

10 years agobuild eap-aka-3gpp2 plugin in UML scenarios
Andreas Steffen [Thu, 15 Oct 2009 13:22:48 +0000 (15:22 +0200)]
build eap-aka-3gpp2 plugin in UML scenarios

10 years agomoved .gitignore for pool
Andreas Steffen [Thu, 15 Oct 2009 12:57:21 +0000 (14:57 +0200)]
moved .gitignore for pool

10 years agomoved .gitignore for pool
Andreas Steffen [Thu, 15 Oct 2009 12:55:35 +0000 (14:55 +0200)]
moved .gitignore for pool

10 years agoAdded NEWS about streamlined plugin names
Martin Willi [Thu, 15 Oct 2009 09:12:13 +0000 (11:12 +0200)]
Added NEWS about streamlined plugin names

10 years agoRenamed plugin configuration sections to the actual plugin name
Martin Willi [Thu, 15 Oct 2009 08:13:25 +0000 (10:13 +0200)]
Renamed plugin configuration sections to the actual plugin name

10 years agoStreamlined EAP plugins to use a dash between eap-method, as used in all other places
Martin Willi [Thu, 15 Oct 2009 07:59:06 +0000 (09:59 +0200)]
Streamlined EAP plugins to use a dash between eap-method, as used in all other places

10 years agoRenamed --enable-load-tests to --enable-load-tester, like the plugin itself
Martin Willi [Thu, 15 Oct 2009 08:34:49 +0000 (10:34 +0200)]
Renamed --enable-load-tests to --enable-load-tester, like the plugin itself

10 years agoUpdated configuration directive of resolve plugin, renamed from resolv_conf
Martin Willi [Thu, 15 Oct 2009 08:07:01 +0000 (10:07 +0200)]
Updated configuration directive of resolve plugin, renamed from resolv_conf

10 years agoMigrated the lease_history option to the new libstrongswan plugin namespace
Martin Willi [Thu, 15 Oct 2009 08:10:54 +0000 (10:10 +0200)]
Migrated the lease_history option to the new libstrongswan plugin namespace

10 years agoadded ikev1/ip-pool-db-push scenario
Andreas Steffen [Wed, 14 Oct 2009 19:35:43 +0000 (21:35 +0200)]
added ikev1/ip-pool-db-push scenario

10 years agoNEWS for the 4.3.5dr3 release
Andreas Steffen [Wed, 14 Oct 2009 16:02:15 +0000 (18:02 +0200)]
NEWS for the 4.3.5dr3 release

10 years agoadded ikev1/ip-pool-db scenario
Andreas Steffen [Wed, 14 Oct 2009 12:51:12 +0000 (14:51 +0200)]
added ikev1/ip-pool-db scenario

10 years agopool should be in th gitignore list
Andreas Steffen [Wed, 14 Oct 2009 12:37:03 +0000 (14:37 +0200)]
pool should be in th gitignore list

10 years agopluto now supports SQL-based virtual IP pools
Andreas Steffen [Wed, 14 Oct 2009 12:30:14 +0000 (14:30 +0200)]
pluto now supports SQL-based virtual IP pools

10 years agopluto can now make use of the mysql and sqlite plugins
Andreas Steffen [Wed, 14 Oct 2009 10:43:54 +0000 (12:43 +0200)]
pluto can now make use of the mysql and sqlite plugins

10 years agofixed inconsistent triplets.dat files
Andreas Steffen [Wed, 14 Oct 2009 09:08:01 +0000 (11:08 +0200)]
fixed inconsistent triplets.dat files

10 years agoImproved debugging log in SIM triplet lookup
Martin Willi [Wed, 14 Oct 2009 07:55:14 +0000 (09:55 +0200)]
Improved debugging log in SIM triplet lookup

10 years agomove SQL-based pool functionality to new attr-sql libstrongswan plugin
Andreas Steffen [Tue, 13 Oct 2009 15:02:29 +0000 (17:02 +0200)]
move SQL-based pool functionality to new attr-sql libstrongswan plugin

10 years agocheck provenance of nameserver entry
Andreas Steffen [Tue, 13 Oct 2009 11:58:43 +0000 (13:58 +0200)]
check provenance of nameserver entry

10 years agouse definitions from libstrongswan/attributes/attributes.h
Andreas Steffen [Tue, 13 Oct 2009 11:55:06 +0000 (13:55 +0200)]
use definitions from libstrongswan/attributes/attributes.h

10 years agomoved attribute_manager to libstrongswan
Andreas Steffen [Tue, 13 Oct 2009 11:46:27 +0000 (13:46 +0200)]
moved attribute_manager to libstrongswan

10 years agoFixed assignment of get_triplet() dummy implementation
Martin Willi [Tue, 13 Oct 2009 09:04:15 +0000 (11:04 +0200)]
Fixed assignment of get_triplet() dummy implementation

10 years agoscepclient now requires x509 plugin
Andreas Steffen [Mon, 12 Oct 2009 17:56:21 +0000 (19:56 +0200)]
scepclient now requires x509 plugin

10 years agosql/rw-eap-aka-rsa scenario requires eapaka-3gpp2 plugin
Andreas Steffen [Mon, 12 Oct 2009 17:50:44 +0000 (19:50 +0200)]
sql/rw-eap-aka-rsa scenario requires eapaka-3gpp2 plugin

10 years agoupdated evaltest of ikev1/no-priv-key scenario
Andreas Steffen [Mon, 12 Oct 2009 17:48:20 +0000 (19:48 +0200)]
updated evaltest of ikev1/no-priv-key scenario

10 years agoINTERNAL_IP6_NETMASK needed for ModeConfig
Andreas Steffen [Mon, 12 Oct 2009 17:44:55 +0000 (19:44 +0200)]
INTERNAL_IP6_NETMASK needed for ModeConfig

10 years agoMerged SIM/USIM manager/card/provider, avoids code duplication
Martin Willi [Mon, 12 Oct 2009 12:40:21 +0000 (14:40 +0200)]
Merged SIM/USIM manager/card/provider, avoids code duplication

10 years agoAdded ${shlibs:Depends} dependency to Debian package
Martin Willi [Mon, 12 Oct 2009 09:43:23 +0000 (11:43 +0200)]
Added ${shlibs:Depends} dependency to Debian package

10 years agoAdded .gitignore for NM Debian package build
Martin Willi [Mon, 12 Oct 2009 09:18:43 +0000 (11:18 +0200)]
Added .gitignore for NM Debian package build

10 years agoprepended all ISAKMP notification message types with ISAKMP_
Andreas Steffen [Mon, 12 Oct 2009 11:47:22 +0000 (13:47 +0200)]
prepended all ISAKMP notification message types with ISAKMP_

10 years agoPass NULL as other identity in EAP-AKA 3GPP2 to find a match with all plugins
Martin Willi [Mon, 12 Oct 2009 07:50:28 +0000 (09:50 +0200)]
Pass NULL as other identity in EAP-AKA 3GPP2 to find a match with all plugins

10 years agoStroke plugin interprets NULL identities as ID_ANY in shared key lookup
Martin Willi [Mon, 12 Oct 2009 07:49:11 +0000 (09:49 +0200)]
Stroke plugin interprets NULL identities as ID_ANY in shared key lookup

10 years agoadded some pluto changes to NEWS
Andreas Steffen [Mon, 12 Oct 2009 06:05:48 +0000 (08:05 +0200)]
added some pluto changes to NEWS

10 years agofixed output of offered CA
Andreas Steffen [Sun, 11 Oct 2009 19:24:39 +0000 (21:24 +0200)]
fixed output of offered CA

10 years agofixed broken smartcard support (bug #91)
Andreas Steffen [Sun, 11 Oct 2009 19:14:05 +0000 (21:14 +0200)]
fixed broken smartcard support (bug #91)

10 years agosome missing refactoring changes
Andreas Steffen [Sun, 11 Oct 2009 18:14:18 +0000 (20:14 +0200)]
some missing refactoring changes

10 years agomyids might not be defined yet
Andreas Steffen [Sun, 11 Oct 2009 16:05:27 +0000 (18:05 +0200)]
myids might not be defined yet

10 years agofixed refactoring bug
Andreas Steffen [Sun, 11 Oct 2009 14:34:04 +0000 (16:34 +0200)]
fixed refactoring bug

10 years agoadapted ikev2/rw-eap-aka scenarios to eapaka-3gpp2 plugin
Andreas Steffen [Sat, 10 Oct 2009 22:35:01 +0000 (00:35 +0200)]
adapted ikev2/rw-eap-aka scenarios to eapaka-3gpp2 plugin

10 years agocorrected ikev1/nat-two-rw evaltest.dat
Andreas Steffen [Sat, 10 Oct 2009 22:14:20 +0000 (00:14 +0200)]
corrected ikev1/nat-two-rw evaltest.dat

10 years agoremoved orphaned sha1.c
Andreas Steffen [Sat, 10 Oct 2009 20:05:59 +0000 (22:05 +0200)]
removed orphaned sha1.c

10 years agocorrected evaltest.dat
Andreas Steffen [Sat, 10 Oct 2009 19:41:36 +0000 (21:41 +0200)]
corrected evaltest.dat

10 years agoreplaced struct id by identification_t
Andreas Steffen [Sat, 10 Oct 2009 19:16:46 +0000 (21:16 +0200)]
replaced struct id by identification_t

10 years agoAdded NEWS about EAP-AKA split
Martin Willi [Fri, 9 Oct 2009 11:31:19 +0000 (13:31 +0200)]
Added NEWS about EAP-AKA split

10 years agoSIM card interface takes IMSI as parameter (same as in USIM)
Martin Willi [Fri, 9 Oct 2009 08:59:34 +0000 (10:59 +0200)]
SIM card interface takes IMSI as parameter (same as in USIM)

10 years agoFixed USIM parameter description
Martin Willi [Fri, 9 Oct 2009 07:14:53 +0000 (09:14 +0200)]
Fixed USIM parameter description

10 years agoDo not use monotonic time for AKA sequence numbers, it has an undefined starting...
Martin Willi [Fri, 9 Oct 2009 07:03:13 +0000 (09:03 +0200)]
Do not use monotonic time for AKA sequence numbers, it has an undefined starting point

10 years agoUse constants instead of sizeof(), sizeof() does not work for function arguments
Martin Willi [Thu, 8 Oct 2009 15:25:44 +0000 (17:25 +0200)]
Use constants instead of sizeof(), sizeof() does not work for function arguments

10 years agoCalculate missing CK/IK values in USIM
Martin Willi [Thu, 8 Oct 2009 15:25:10 +0000 (17:25 +0200)]
Calculate missing CK/IK values in USIM

10 years agoLink 3gpp2 EAP-AKA plugin to libgmp
Martin Willi [Thu, 8 Oct 2009 15:24:20 +0000 (17:24 +0200)]
Link 3gpp2 EAP-AKA plugin to libgmp

10 years agoSeparated 3gpp2 USIM card and provider functionality
Martin Willi [Thu, 8 Oct 2009 14:49:29 +0000 (16:49 +0200)]
Separated 3gpp2 USIM card and provider functionality

10 years agoPorted AKA functions to 3gpp2 plugin
Martin Willi [Thu, 8 Oct 2009 11:01:49 +0000 (13:01 +0200)]
Ported AKA functions to 3gpp2 plugin

10 years agoAdded a stub for the EAP-AKA backend implementing the 3GPP2 functions in software
Martin Willi [Thu, 8 Oct 2009 08:29:43 +0000 (10:29 +0200)]
Added a stub for the EAP-AKA backend implementing the 3GPP2 functions in software

10 years agoImplemented a manager for USIM cards/providers very similar to the SIM manager
Martin Willi [Thu, 8 Oct 2009 07:08:46 +0000 (09:08 +0200)]
Implemented a manager for USIM cards/providers very similar to the SIM manager

10 years agocorrected caption
Andreas Steffen [Thu, 8 Oct 2009 22:16:33 +0000 (00:16 +0200)]
corrected caption

10 years agocreated identification_create_from_sockaddr() function
Andreas Steffen [Thu, 8 Oct 2009 22:13:02 +0000 (00:13 +0200)]
created identification_create_from_sockaddr() function

10 years agoAdded medsrv.fcgi to gitignore
Martin Willi [Thu, 8 Oct 2009 11:10:02 +0000 (13:10 +0200)]
Added medsrv.fcgi to gitignore

10 years agomedsrv.fcgi is not part of the git tree
Andreas Steffen [Thu, 8 Oct 2009 11:05:27 +0000 (13:05 +0200)]
medsrv.fcgi is not part of the git tree

10 years agohex_str() isn't used externally any more
Andreas Steffen [Thu, 8 Oct 2009 11:04:07 +0000 (13:04 +0200)]
hex_str() isn't used externally any more

10 years agoparsing of generalNames is not needed any more
Andreas Steffen [Thu, 8 Oct 2009 10:42:29 +0000 (12:42 +0200)]
parsing of generalNames is not needed any more

10 years agouse of asn1_build_known_oid()
Andreas Steffen [Thu, 8 Oct 2009 10:35:36 +0000 (12:35 +0200)]
use of asn1_build_known_oid()

10 years agomigrated public key IDs to identification_t
Andreas Steffen [Thu, 8 Oct 2009 09:25:33 +0000 (11:25 +0200)]
migrated public key IDs to identification_t

10 years agoReenabled acq_expires SA timer using rekey timeout
Martin Willi [Wed, 7 Oct 2009 09:40:36 +0000 (11:40 +0200)]
Reenabled acq_expires SA timer using rekey timeout

While not using a SA expiration for allocating SPIs works fine,
the situation is much more problematic for kernel-created temporary
SAs from acquires. If the negotiation of such a CHILD_SA fails,
the created temporary SA can not be deleted.

10 years agoCatch CHILD_SA state changes during acquire
Martin Willi [Wed, 7 Oct 2009 08:14:18 +0000 (10:14 +0200)]
Catch CHILD_SA state changes during acquire

If an acquire fails due to a TS_UNACCEPTABLE or other CHILD_SA only errors,
we have to reset the pending state in the trap manager.

10 years agolist subjectAltNames
Andreas Steffen [Tue, 6 Oct 2009 21:50:26 +0000 (23:50 +0200)]
list subjectAltNames

10 years agosome ipsec listall finetuning
Andreas Steffen [Tue, 6 Oct 2009 21:19:46 +0000 (23:19 +0200)]
some ipsec listall finetuning

10 years agopluto and charon now have the same ipsec listall output format
Andreas Steffen [Tue, 6 Oct 2009 14:49:46 +0000 (16:49 +0200)]
pluto and charon now have the same ipsec listall output format

10 years agothe ikev1 scenarios need the x509 plugin
Andreas Steffen [Tue, 6 Oct 2009 12:38:34 +0000 (14:38 +0200)]
the ikev1 scenarios need the x509 plugin

10 years agostreamlined output from get_validity()
Andreas Steffen [Tue, 6 Oct 2009 12:22:27 +0000 (14:22 +0200)]
streamlined output from get_validity()

10 years agofixed serial number conversion from hex
Andreas Steffen [Mon, 5 Oct 2009 21:52:35 +0000 (23:52 +0200)]
fixed serial number conversion from hex

10 years agodelete group attributes after use
Andreas Steffen [Mon, 5 Oct 2009 21:17:36 +0000 (23:17 +0200)]
delete group attributes after use

10 years agostroke_list outputs group attributes
Andreas Steffen [Mon, 5 Oct 2009 21:13:51 +0000 (23:13 +0200)]
stroke_list outputs group attributes

10 years agoipsec pki --issue suports --flag authServer option
Andreas Steffen [Mon, 5 Oct 2009 20:44:01 +0000 (22:44 +0200)]
ipsec pki --issue suports --flag authServer option

10 years agoipsec pki --issue supports --flag ocspSigning option
Andreas Steffen [Mon, 5 Oct 2009 19:20:42 +0000 (21:20 +0200)]
ipsec pki --issue supports --flag ocspSigning option

10 years agoCleaned up EAP-AKA en/decoding, eliminated unaligned half-word reads
Martin Willi [Mon, 5 Oct 2009 12:06:32 +0000 (14:06 +0200)]
Cleaned up EAP-AKA en/decoding, eliminated unaligned half-word reads

10 years agoCleaned up EAP-SIM en/decoding, eliminated unaligned half-word reads
Martin Willi [Mon, 5 Oct 2009 11:32:41 +0000 (13:32 +0200)]
Cleaned up EAP-SIM en/decoding, eliminated unaligned half-word reads

10 years agoDistinguish invalid free()s between corrupted magic and invalid pointer
Martin Willi [Mon, 5 Oct 2009 08:49:10 +0000 (10:49 +0200)]
Distinguish invalid free()s between corrupted magic and invalid pointer

10 years agopluto now uses x509 plugin for attribute certificate handling
Andreas Steffen [Mon, 5 Oct 2009 05:24:28 +0000 (07:24 +0200)]
pluto now uses x509 plugin for attribute certificate handling

10 years agofixed output of authKeyID
Andreas Steffen [Fri, 2 Oct 2009 19:20:45 +0000 (21:20 +0200)]
fixed output of authKeyID

10 years agomark embedded parsing in debug mode
Andreas Steffen [Fri, 2 Oct 2009 18:54:15 +0000 (20:54 +0200)]
mark embedded parsing in debug mode

10 years agoadded some notBefore/notAfter debugging info
Andreas Steffen [Fri, 2 Oct 2009 18:14:09 +0000 (20:14 +0200)]
added some notBefore/notAfter debugging info