strongswan.git
8 years agomaemo: Build dependencies fixed.
Tobias Brunner [Mon, 7 Feb 2011 15:13:37 +0000 (16:13 +0100)]
maemo: Build dependencies fixed.

8 years agomaemo: Makefile target to build source-only packages.
Tobias Brunner [Mon, 7 Feb 2011 15:12:30 +0000 (16:12 +0100)]
maemo: Makefile target to build source-only packages.

8 years agoReport correct key size if a cipher is not supported
Martin Willi [Mon, 7 Feb 2011 15:38:54 +0000 (16:38 +0100)]
Report correct key size if a cipher is not supported

8 years agoremoved keyblobtoid.c from libfreeswan
Andreas Steffen [Mon, 7 Feb 2011 14:47:43 +0000 (15:47 +0100)]
removed keyblobtoid.c from libfreeswan

8 years agoremoved atosa.c and satoa.c from libfreeswan
Andreas Steffen [Mon, 7 Feb 2011 14:35:24 +0000 (15:35 +0100)]
removed atosa.c and satoa.c from libfreeswan

8 years agoremoved prng.c from libfreeswan
Andreas Steffen [Mon, 7 Feb 2011 14:19:06 +0000 (15:19 +0100)]
removed prng.c from libfreeswan

8 years agoRemoved empty man page for starter.
Tobias Brunner [Mon, 7 Feb 2011 10:37:12 +0000 (11:37 +0100)]
Removed empty man page for starter.

8 years agoRemoved useless man page for _copyright.
Tobias Brunner [Mon, 7 Feb 2011 10:28:44 +0000 (11:28 +0100)]
Removed useless man page for _copyright.

8 years agoSome typos fixed.
Tobias Brunner [Mon, 7 Feb 2011 10:13:27 +0000 (11:13 +0100)]
Some typos fixed.

8 years agoFixed whatis entry of pluto manpage.
Tobias Brunner [Mon, 7 Feb 2011 10:09:03 +0000 (11:09 +0100)]
Fixed whatis entry of pluto manpage.

8 years agoEscape - in manpages when used as minus sign.
Tobias Brunner [Mon, 7 Feb 2011 09:52:54 +0000 (10:52 +0100)]
Escape - in manpages when used as minus sign.

8 years agomaemo: Register with the GtkIconTheme "changed" signal not until the GUI is initialized.
Tobias Brunner [Mon, 7 Feb 2011 09:43:28 +0000 (10:43 +0100)]
maemo: Register with the GtkIconTheme "changed" signal not until the GUI is initialized.

8 years agointroduced libstrongswan.x509.enforce_critical parameter
Andreas Steffen [Sat, 5 Feb 2011 08:01:18 +0000 (09:01 +0100)]
introduced libstrongswan.x509.enforce_critical parameter

8 years agoversion bump to 4.5.1rc2
Andreas Steffen [Sat, 5 Feb 2011 07:59:36 +0000 (08:59 +0100)]
version bump to 4.5.1rc2

8 years agoProperly initialize variable 'critical'.
Tobias Brunner [Fri, 4 Feb 2011 17:01:47 +0000 (18:01 +0100)]
Properly initialize variable 'critical'.

8 years agomaemo: Moved package sources.
Tobias Brunner [Fri, 4 Feb 2011 17:01:10 +0000 (18:01 +0100)]
maemo: Moved package sources.

8 years agomaemo: Added Maemo specific patches for strongswan.conf.
Tobias Brunner [Fri, 4 Feb 2011 17:00:18 +0000 (18:00 +0100)]
maemo: Added Maemo specific patches for strongswan.conf.

8 years agomaemo: Use newer Debian source package format.
Tobias Brunner [Fri, 4 Feb 2011 16:59:31 +0000 (17:59 +0100)]
maemo: Use newer Debian source package format.

8 years agomaemo: Adding Makefiles to build Debian packages.
Tobias Brunner [Fri, 4 Feb 2011 16:58:55 +0000 (17:58 +0100)]
maemo: Adding Makefiles to build Debian packages.

8 years agomaemo: Move debian/ directory for applet to packages/.
Tobias Brunner [Fri, 4 Feb 2011 16:41:15 +0000 (17:41 +0100)]
maemo: Move debian/ directory for applet to packages/.

8 years agomaemo: Enable pluto and starter.
Tobias Brunner [Fri, 4 Feb 2011 11:52:40 +0000 (12:52 +0100)]
maemo: Enable pluto and starter.

8 years agomaemo: Added Maemo specific fields (including icons) to packages.
Tobias Brunner [Fri, 4 Feb 2011 11:51:53 +0000 (12:51 +0100)]
maemo: Added Maemo specific fields (including icons) to packages.

8 years agomaemo: Don't include debian files in distribution.
Tobias Brunner [Fri, 4 Feb 2011 11:50:38 +0000 (12:50 +0100)]
maemo: Don't include debian files in distribution.

8 years agomaemo: Package dependencies and descriptions changed.
Tobias Brunner [Fri, 4 Feb 2011 11:49:41 +0000 (12:49 +0100)]
maemo: Package dependencies and descriptions changed.

8 years agomaemo: Touch icon dir to trigger update event.
Tobias Brunner [Fri, 4 Feb 2011 11:39:07 +0000 (12:39 +0100)]
maemo: Touch icon dir to trigger update event.

8 years agomaemo: Listen for IKE_SA state changes insted of CHILD_SA state changes.
Tobias Brunner [Fri, 4 Feb 2011 11:36:28 +0000 (12:36 +0100)]
maemo: Listen for IKE_SA state changes insted of CHILD_SA state changes.

If the IKE_SA_INIT request fails, there is not yet a CHILD_SA that could
trigger state changes.

8 years agomaemo: Reload icons on icon theme change.
Tobias Brunner [Fri, 4 Feb 2011 11:34:26 +0000 (12:34 +0100)]
maemo: Reload icons on icon theme change.

This is also needed during the installation because the applet might be
loaded before the icons are installed (or the icon cache is refreshed).

8 years agomaemo: Adding some missing files (required by automake).
Tobias Brunner [Fri, 4 Feb 2011 11:33:22 +0000 (12:33 +0100)]
maemo: Adding some missing files (required by automake).

8 years agoReplace hashtable key if a put operation replaces value
Martin Willi [Thu, 3 Feb 2011 15:58:12 +0000 (16:58 +0100)]
Replace hashtable key if a put operation replaces value

Fixes a crash if lifetime of key is bound to value (i.e. key == value)

8 years agoFix check to increase hashtable size properly
Martin Willi [Thu, 3 Feb 2011 15:57:39 +0000 (16:57 +0100)]
Fix check to increase hashtable size properly

8 years agoInvoke the per-round authorize() hook before purging current auth info on IKE_SA
Martin Willi [Thu, 3 Feb 2011 12:31:11 +0000 (13:31 +0100)]
Invoke the per-round authorize() hook before purging current auth info on IKE_SA

8 years agoFilter out non-matching ike_cfg in backend manager, so backends don't have to
Martin Willi [Thu, 3 Feb 2011 09:03:36 +0000 (10:03 +0100)]
Filter out non-matching ike_cfg in backend manager, so backends don't have to

8 years agodisable INITIAL_CONTACT message by setting unigueids=no
Andreas Steffen [Wed, 2 Feb 2011 14:58:34 +0000 (15:58 +0100)]
disable INITIAL_CONTACT message by setting unigueids=no

8 years agoMigrated ike_auth to INIT/METHOD macros, fixes missing initial_contact initialization
Martin Willi [Wed, 2 Feb 2011 14:13:39 +0000 (15:13 +0100)]
Migrated ike_auth to INIT/METHOD macros, fixes missing initial_contact initialization

8 years agoAccept non-encrypted INFORMATIONALs for ME connectivity checks
Martin Willi [Tue, 1 Feb 2011 08:46:32 +0000 (09:46 +0100)]
Accept non-encrypted INFORMATIONALs for ME connectivity checks

8 years agoDo not use destroyed rng/hasher if IKE_SA has been flush()ed
Martin Willi [Thu, 20 Jan 2011 09:32:37 +0000 (10:32 +0100)]
Do not use destroyed rng/hasher if IKE_SA has been flush()ed

8 years agoAdd missing AUTH_RULE for trusted self-signed peer certificates
Martin Willi [Tue, 1 Feb 2011 08:24:42 +0000 (09:24 +0100)]
Add missing AUTH_RULE for trusted self-signed peer certificates

8 years agoload constraints plugin in ikev2/multi-level-ca-pathlen scenario
Andreas Steffen [Mon, 31 Jan 2011 13:46:16 +0000 (14:46 +0100)]
load constraints plugin in ikev2/multi-level-ca-pathlen scenario

8 years agofixed checking of unknown critical extensions in openssl_x509
Andreas Steffen [Mon, 31 Jan 2011 13:37:48 +0000 (14:37 +0100)]
fixed checking of unknown critical extensions in openssl_x509

8 years agoadapted some UML timings
Andreas Steffen [Mon, 31 Jan 2011 08:38:22 +0000 (09:38 +0100)]
adapted some UML timings

8 years agomove sleep into host start if statement
Andreas Steffen [Mon, 31 Jan 2011 07:18:34 +0000 (08:18 +0100)]
move sleep into host start if statement

8 years agofixed typo
Andreas Steffen [Mon, 31 Jan 2011 07:07:28 +0000 (08:07 +0100)]
fixed typo

8 years agoadded ikev2/rw-eap-tnc-dynamic scenario
Andreas Steffen [Mon, 31 Jan 2011 06:30:41 +0000 (07:30 +0100)]
added ikev2/rw-eap-tnc-dynamic scenario

8 years agoupdated testing.conf UML configuration file
Andreas Steffen [Mon, 31 Jan 2011 04:47:39 +0000 (05:47 +0100)]
updated testing.conf UML configuration file

8 years agoadditional UML configuration options
Andreas Steffen [Mon, 31 Jan 2011 04:47:05 +0000 (05:47 +0100)]
additional UML configuration options

8 years agoversion bump to strongswan-4.5.1rc1
Andreas Steffen [Mon, 31 Jan 2011 04:39:17 +0000 (05:39 +0100)]
version bump to strongswan-4.5.1rc1

8 years agoadded tnccs_dynamic plugin and tnccs_11 refactoring to NEWS
Andreas Steffen [Mon, 31 Jan 2011 04:37:41 +0000 (05:37 +0100)]
added tnccs_dynamic plugin and tnccs_11 refactoring to NEWS

8 years agoadded comment to determine_tnccs_protocol() function
Andreas Steffen [Mon, 31 Jan 2011 04:31:22 +0000 (05:31 +0100)]
added comment to determine_tnccs_protocol() function

8 years agoimplemented dynamic detection of TNCCS protocol
Andreas Steffen [Sun, 30 Jan 2011 23:59:01 +0000 (00:59 +0100)]
implemented dynamic detection of TNCCS protocol

8 years agoDo not log potentially hundreds of cert requests for unknown CAs at level 1
Martin Willi [Thu, 27 Jan 2011 08:14:53 +0000 (09:14 +0100)]
Do not log potentially hundreds of cert requests for unknown CAs at level 1

8 years agoUse wrapped threading functions in ha plugin
Martin Willi [Thu, 20 Jan 2011 14:52:29 +0000 (15:52 +0100)]
Use wrapped threading functions in ha plugin

8 years agoLoad load-tester plugin before kernel interfaces, fixes fake_kernel option
Martin Willi [Wed, 19 Jan 2011 15:43:00 +0000 (16:43 +0100)]
Load load-tester plugin before kernel interfaces, fixes fake_kernel option

8 years agoIncrease tls_writer buffer by at least 4 bytes
Martin Willi [Wed, 19 Jan 2011 13:41:59 +0000 (14:41 +0100)]
Increase tls_writer buffer by at least 4 bytes

8 years agoFix potential use after free
Thomas Egerer [Tue, 18 Jan 2011 14:59:35 +0000 (15:59 +0100)]
Fix potential use after free

8 years agoWhitelist gnutls init function
Martin Willi [Mon, 17 Jan 2011 12:32:45 +0000 (13:32 +0100)]
Whitelist gnutls init function

8 years agoImplemented an alternative HTTP fetcher based on libsoup
Martin Willi [Mon, 17 Jan 2011 12:27:18 +0000 (13:27 +0100)]
Implemented an alternative HTTP fetcher based on libsoup

8 years agoAdded simple fetcher tool to test fetcher implementations
Martin Willi [Mon, 17 Jan 2011 12:26:12 +0000 (13:26 +0100)]
Added simple fetcher tool to test fetcher implementations

8 years agobacktrace->contains_function takes multiple names, speeding up whitelist check drasti...
Martin Willi [Mon, 17 Jan 2011 12:23:57 +0000 (13:23 +0100)]
backtrace->contains_function takes multiple names, speeding up whitelist check drastically

8 years agoAdd some common glib non-leaks to whitelist
Martin Willi [Mon, 17 Jan 2011 12:23:00 +0000 (13:23 +0100)]
Add some common glib non-leaks to whitelist

8 years agoAdd missing va_end to va_start in curl_fetcher
Martin Willi [Mon, 17 Jan 2011 12:21:35 +0000 (13:21 +0100)]
Add missing va_end to va_start in curl_fetcher

8 years agoDo not pass an enum type to va_arg
Martin Willi [Mon, 17 Jan 2011 12:21:12 +0000 (13:21 +0100)]
Do not pass an enum type to va_arg

8 years agoUse newer Linux capability native API, if available
Martin Willi [Sat, 15 Jan 2011 15:24:58 +0000 (16:24 +0100)]
Use newer Linux capability native API, if available

8 years agoDo not install config files with user/group, as it might not exist on build machine
Martin Willi [Sat, 15 Jan 2011 15:24:19 +0000 (16:24 +0100)]
Do not install config files with user/group, as it might not exist on build machine

8 years agoCompare ending address in ts->equals, fixes redundant traffic selector elimination
Martin Willi [Fri, 14 Jan 2011 12:22:19 +0000 (13:22 +0100)]
Compare ending address in ts->equals, fixes redundant traffic selector elimination

8 years agoRevert "Send INITIAL_CONTACT even if we have a unique policy"
Martin Willi [Thu, 13 Jan 2011 09:50:46 +0000 (10:50 +0100)]
Revert "Send INITIAL_CONTACT even if we have a unique policy"

It makes sense to omit INITIAL_CONTACT if don't have a unique policy,
as a client might want to connect from different devices to the same
account.

This reverts commit 719c33b41a1f9fe9b2585df3e7aa804a760c361c.

8 years agoFixed memory cleanup if no DHCP transaction found for an OFFER
Martin Willi [Wed, 12 Jan 2011 14:17:08 +0000 (15:17 +0100)]
Fixed memory cleanup if no DHCP transaction found for an OFFER

8 years agoForce port update as responder when initiator switches to 4500 in IKE_AUTH
Martin Willi [Wed, 12 Jan 2011 12:54:46 +0000 (13:54 +0100)]
Force port update as responder when initiator switches to 4500 in IKE_AUTH

8 years agoAvoid variable name overloading
Martin Willi [Wed, 12 Jan 2011 12:54:13 +0000 (13:54 +0100)]
Avoid variable name overloading

8 years agoterminate TNCCS 1.1 connection after sending recommendation
Andreas Steffen [Mon, 10 Jan 2011 06:22:02 +0000 (07:22 +0100)]
terminate TNCCS 1.1 connection after sending recommendation

8 years agofixed XML syntax for TNCCS-Recommendation messages
Andreas Steffen [Mon, 10 Jan 2011 06:21:03 +0000 (07:21 +0100)]
fixed XML syntax for TNCCS-Recommendation messages

8 years agoimplemented check_and_build_recommendation()
Andreas Steffen [Mon, 10 Jan 2011 05:46:17 +0000 (06:46 +0100)]
implemented check_and_build_recommendation()

8 years agocorrect numbering of batches
Andreas Steffen [Mon, 10 Jan 2011 04:08:48 +0000 (05:08 +0100)]
correct numbering of batches

8 years agoinitialize the reference count correctly
Andreas Steffen [Mon, 10 Jan 2011 04:08:07 +0000 (05:08 +0100)]
initialize the reference count correctly

8 years agohandle zero size Base64 conversions
Andreas Steffen [Mon, 10 Jan 2011 04:06:59 +0000 (05:06 +0100)]
handle zero size Base64 conversions

8 years agocommunicate DELETE state to IMCs and IMVs
Andreas Steffen [Sun, 9 Jan 2011 22:27:43 +0000 (23:27 +0100)]
communicate DELETE state to IMCs and IMVs

8 years agoSend INITIAL_CONTACT even if we have a unique policy
Martin Willi [Mon, 10 Jan 2011 10:54:10 +0000 (11:54 +0100)]
Send INITIAL_CONTACT even if we have a unique policy

8 years agoimplemented parsing of TNCCS 1.1 messages
Andreas Steffen [Sun, 9 Jan 2011 09:00:54 +0000 (10:00 +0100)]
implemented parsing of TNCCS 1.1 messages

8 years agosend notifyConnectionChange() to IMCs
Andreas Steffen [Sun, 9 Jan 2011 09:00:13 +0000 (10:00 +0100)]
send notifyConnectionChange() to IMCs

8 years agosuiteb directory hasn't been moved to Master yet
Andreas Steffen [Sat, 8 Jan 2011 01:17:14 +0000 (02:17 +0100)]
suiteb directory hasn't been moved to Master yet

8 years agogenerate TNCCS-Error messages
Andreas Steffen [Sat, 8 Jan 2011 01:16:14 +0000 (02:16 +0100)]
generate TNCCS-Error messages

8 years agocreated process() method for TNCCS messages
Andreas Steffen [Sat, 8 Jan 2011 01:15:10 +0000 (02:15 +0100)]
created process() method for TNCCS messages

8 years agoAdded NEWS for ipsec.conf certpolicy and key strength options
Martin Willi [Fri, 7 Jan 2011 14:45:53 +0000 (15:45 +0100)]
Added NEWS for ipsec.conf certpolicy and key strength options

8 years agoAdded support for trustchain key strength checking to rightauth option
Martin Willi [Fri, 7 Jan 2011 14:38:34 +0000 (15:38 +0100)]
Added support for trustchain key strength checking to rightauth option

8 years agoAdded a left/rightcertpolicy keyword to specify certificatePolicy requirements
Martin Willi [Fri, 7 Jan 2011 14:14:41 +0000 (15:14 +0100)]
Added a left/rightcertpolicy keyword to specify certificatePolicy requirements

8 years agoFix nonce comparison in rekey collisions, lowest nonce loses
Martin Willi [Fri, 7 Jan 2011 12:32:28 +0000 (13:32 +0100)]
Fix nonce comparison in rekey collisions, lowest nonce loses

8 years agocorrected naming of tnccs_reason_strings_msg_t object
Andreas Steffen [Fri, 7 Jan 2011 06:18:42 +0000 (07:18 +0100)]
corrected naming of tnccs_reason_strings_msg_t object

8 years agodo not forget to advance node
Andreas Steffen [Fri, 7 Jan 2011 06:17:52 +0000 (07:17 +0100)]
do not forget to advance node

8 years agolibcharon plugins depend on libtls and/or libsimaka
Andreas Steffen [Fri, 7 Jan 2011 05:28:08 +0000 (06:28 +0100)]
libcharon plugins depend on libtls and/or libsimaka

8 years agofixed cert_validator_t:validate interface
Andreas Steffen [Fri, 7 Jan 2011 04:41:01 +0000 (05:41 +0100)]
fixed cert_validator_t:validate interface

8 years agoimplemented TNCCS 1.1 without libtnc
Andreas Steffen [Fri, 7 Jan 2011 04:29:04 +0000 (05:29 +0100)]
implemented TNCCS 1.1 without libtnc

8 years agocompute memory requirement for PEM-encoding correctly
Andreas Steffen [Fri, 7 Jan 2011 04:28:17 +0000 (05:28 +0100)]
compute memory requirement for PEM-encoding correctly

8 years agoAdded delta CRL NEWS
Martin Willi [Wed, 5 Jan 2011 17:20:11 +0000 (18:20 +0100)]
Added delta CRL NEWS

8 years agoAdded constraints plugin NEWS
Martin Willi [Wed, 5 Jan 2011 17:15:44 +0000 (18:15 +0100)]
Added constraints plugin NEWS

8 years agoAdded conftest NEWS
Martin Willi [Wed, 5 Jan 2011 17:09:49 +0000 (18:09 +0100)]
Added conftest NEWS

8 years agoAdded NEWS about INITIAL_CONTACT support
Martin Willi [Wed, 5 Jan 2011 17:05:09 +0000 (18:05 +0100)]
Added NEWS about INITIAL_CONTACT support

8 years agoDestroy existing IKE_SAs with same identities when receiving INITIAL_CONTACT
Martin Willi [Wed, 5 Jan 2011 15:44:01 +0000 (16:44 +0100)]
Destroy existing IKE_SAs with same identities when receiving INITIAL_CONTACT

8 years agoSend INITIAL_CONTACT for the first IKE_SA if it has a unique policy
Martin Willi [Wed, 5 Jan 2011 14:58:38 +0000 (15:58 +0100)]
Send INITIAL_CONTACT for the first IKE_SA if it has a unique policy

8 years agoMigrated ike_sa_manager_t to INIT/METHOD macros, some cleanups
Martin Willi [Wed, 5 Jan 2011 14:15:34 +0000 (15:15 +0100)]
Migrated ike_sa_manager_t to INIT/METHOD macros, some cleanups

8 years agoAdded option to use a different key when rebuilding AUTH
Martin Willi [Thu, 23 Dec 2010 14:40:09 +0000 (15:40 +0100)]
Added option to use a different key when rebuilding AUTH

8 years agoDo not print empty DN identities as invalid
Martin Willi [Thu, 23 Dec 2010 14:22:32 +0000 (15:22 +0100)]
Do not print empty DN identities as invalid