strongswan.git
10 years agoipsec pool --statusattr [--hexout] outputs attribute values in correct format if...
Andreas Steffen [Tue, 1 Jun 2010 14:47:56 +0000 (16:47 +0200)]
ipsec pool --statusattr [--hexout] outputs attribute values in correct format if known

10 years agoadded unity_def_domain keyword tip ipsec pool
Andreas Steffen [Mon, 31 May 2010 14:46:47 +0000 (16:46 +0200)]
added unity_def_domain keyword tip ipsec pool

10 years agoAdded generated manpages to .gitignore
Martin Willi [Mon, 31 May 2010 11:41:25 +0000 (13:41 +0200)]
Added generated manpages to .gitignore

10 years agoChanged default lifetime of certificates to 3 years
Martin Willi [Mon, 31 May 2010 11:14:36 +0000 (13:14 +0200)]
Changed default lifetime of certificates to 3 years

10 years agoSupport extendedKeyUsage flags in self-signed certificates
Martin Willi [Mon, 31 May 2010 11:12:46 +0000 (13:12 +0200)]
Support extendedKeyUsage flags in self-signed certificates

10 years agoIPSEC_CONFDIR in ipsec script fixed.
Tobias Brunner [Sun, 30 May 2010 11:07:32 +0000 (13:07 +0200)]
IPSEC_CONFDIR in ipsec script fixed.

10 years agoAdding the version number to the most relevant manual pages.
Tobias Brunner [Sun, 30 May 2010 11:03:04 +0000 (13:03 +0200)]
Adding the version number to the most relevant manual pages.

10 years agoUpdated and corrected the ipsec.secrets(5) manual page.
Tobias Brunner [Sun, 30 May 2010 09:51:30 +0000 (11:51 +0200)]
Updated and corrected the ipsec.secrets(5) manual page.

10 years agoUpdated and corrected the ipsec.conf(5) manual page.
Tobias Brunner [Sat, 29 May 2010 19:10:18 +0000 (21:10 +0200)]
Updated and corrected the ipsec.conf(5) manual page.

10 years agoUpdated and corrected the ipsec(8) manual page.
Tobias Brunner [Sat, 29 May 2010 15:34:00 +0000 (17:34 +0200)]
Updated and corrected the ipsec(8) manual page.

10 years agoadded --leases command line option to synopsis
Andreas Steffen [Sat, 29 May 2010 11:29:23 +0000 (13:29 +0200)]
added --leases command line option to synopsis

10 years agoadded --showattr command line option to synopsys
Andreas Steffen [Sat, 29 May 2010 11:23:20 +0000 (13:23 +0200)]
added --showattr command line option to synopsys

10 years agoadded X.509 support by openssl plugin to NEWS
Andreas Steffen [Sat, 29 May 2010 09:22:36 +0000 (11:22 +0200)]
added X.509 support by openssl plugin to NEWS

10 years agoremove x509 plugin from openssl-ikev1 scenarios
Andreas Steffen [Fri, 28 May 2010 21:22:15 +0000 (23:22 +0200)]
remove x509 plugin from openssl-ikev1 scenarios

10 years agoDo not install trap policy if remote host is %any.
Tobias Brunner [Fri, 28 May 2010 13:43:12 +0000 (15:43 +0200)]
Do not install trap policy if remote host is %any.

10 years agobe lenient towards wrong attribute encodings
Andreas Steffen [Fri, 28 May 2010 13:07:09 +0000 (15:07 +0200)]
be lenient towards wrong attribute encodings

10 years agoSend empty SIM/AKA-NOTIFICATION response for non-success codes, too
Martin Willi [Thu, 27 May 2010 13:04:25 +0000 (15:04 +0200)]
Send empty SIM/AKA-NOTIFICATION response for non-success codes, too

10 years agoAdded support for reading raw PUT/POST data from HTTP request
Martin Willi [Thu, 27 May 2010 07:30:14 +0000 (09:30 +0200)]
Added support for reading raw PUT/POST data from HTTP request

10 years agoUnwrap subjectKeyIdentifier from OCTET_STRING
Martin Willi [Wed, 26 May 2010 14:09:50 +0000 (16:09 +0200)]
Unwrap subjectKeyIdentifier from OCTET_STRING

10 years agoremove x509 plugin from remaining openssl-ikev2 scenarios
Andreas Steffen [Tue, 25 May 2010 13:49:58 +0000 (15:49 +0200)]
remove x509 plugin from remaining openssl-ikev2 scenarios

10 years agoopenssl-ikev2/rw-cert scenario doesn't need x509 plugin any more
Andreas Steffen [Tue, 25 May 2010 13:26:46 +0000 (15:26 +0200)]
openssl-ikev2/rw-cert scenario doesn't need x509 plugin any more

10 years agoseveral subnets can be concatenated
Andreas Steffen [Sat, 22 May 2010 20:53:24 +0000 (22:53 +0200)]
several subnets can be concatenated

10 years agoadded --showattr command to usage()
Andreas Steffen [Sat, 22 May 2010 08:46:15 +0000 (10:46 +0200)]
added --showattr command to usage()

10 years agoFixed compiler warning in invocation of crl_is_newer()
Martin Willi [Fri, 21 May 2010 14:41:13 +0000 (16:41 +0200)]
Fixed compiler warning in invocation of crl_is_newer()

10 years agoUse CAs subjectKeyIdentifier as CRLs authorityKeyIdentifier
Martin Willi [Fri, 21 May 2010 14:38:19 +0000 (16:38 +0200)]
Use CAs subjectKeyIdentifier as CRLs authorityKeyIdentifier

10 years agoAdded a --signcrl command to the pki utility
Martin Willi [Fri, 21 May 2010 13:53:31 +0000 (15:53 +0200)]
Added a --signcrl command to the pki utility

10 years agoAdded support for CRL generation to x509 plugin
Martin Willi [Fri, 21 May 2010 13:52:20 +0000 (15:52 +0200)]
Added support for CRL generation to x509 plugin

10 years agoRemoved is_newer() from certificate_t, obsoleting all implementations
Martin Willi [Fri, 21 May 2010 07:53:23 +0000 (09:53 +0200)]
Removed is_newer() from certificate_t, obsoleting all implementations

10 years agoAdded generic implementations for crl_is_newer/certificate_is_newer
Martin Willi [Fri, 21 May 2010 07:48:23 +0000 (09:48 +0200)]
Added generic implementations for crl_is_newer/certificate_is_newer

10 years agoMigrated x509_crl_t to INIT/METHOD macros
Martin Willi [Fri, 21 May 2010 07:18:27 +0000 (09:18 +0200)]
Migrated x509_crl_t to INIT/METHOD macros

10 years agoImplemented X.509 CRL reading using OpenSSL
Martin Willi [Thu, 20 May 2010 15:33:52 +0000 (17:33 +0200)]
Implemented X.509 CRL reading using OpenSSL

10 years agoImplemented X.509 certificate reading using OpenSSL
Martin Willi [Thu, 20 May 2010 08:09:04 +0000 (08:09 +0000)]
Implemented X.509 certificate reading using OpenSSL

10 years agooops, removed stray parenthesis
Andreas Steffen [Thu, 20 May 2010 15:38:39 +0000 (17:38 +0200)]
oops, removed stray parenthesis

10 years agoFixed doxygen group
Martin Willi [Thu, 20 May 2010 11:22:13 +0000 (13:22 +0200)]
Fixed doxygen group

10 years agoWhitelist OpenSSLs ERR_put_error() in leak-detective
Martin Willi [Thu, 20 May 2010 07:44:59 +0000 (09:44 +0200)]
Whitelist OpenSSLs ERR_put_error() in leak-detective

As we do not invoke ERR_get/clear_error() in all error cases, the
error codes are not removed from the error queue. But it is save
to whitelist the put function, as it uses a circular buffer that
does not grow beyond ERR_NUM_ERRORS errors (16 by default).

10 years agoAdded a --print command to pki that dumps different credentials
Martin Willi [Thu, 20 May 2010 07:41:47 +0000 (09:41 +0200)]
Added a --print command to pki that dumps different credentials

10 years agoOption to skip slow addr2line resolution in leak-detective
Martin Willi [Wed, 19 May 2010 13:22:12 +0000 (15:22 +0200)]
Option to skip slow addr2line resolution in leak-detective

10 years agorange check for configuration attribute types
Andreas Steffen [Thu, 20 May 2010 15:35:10 +0000 (17:35 +0200)]
range check for configuration attribute types

10 years agoimplement ipsec pool -showattr function
Andreas Steffen [Thu, 20 May 2010 15:24:43 +0000 (17:24 +0200)]
implement ipsec pool -showattr function

10 years agoremoved deprecated use of ipsec pool --attr|del dns|nbns from usage()
Andreas Steffen [Thu, 20 May 2010 14:30:15 +0000 (16:30 +0200)]
removed deprecated use of ipsec pool --attr|del dns|nbns from usage()

10 years agoOnly include C files that start with the plugin name when building for Android.
Tobias Brunner [Thu, 20 May 2010 10:01:12 +0000 (12:01 +0200)]
Only include C files that start with the plugin name when building for Android.

10 years agoadded ipsec pool attribute support to NEWS
Andreas Steffen [Wed, 19 May 2010 19:53:55 +0000 (21:53 +0200)]
added ipsec pool attribute support to NEWS

10 years agomanagement of any attribute by ipsec pool
Andreas Steffen [Wed, 19 May 2010 19:51:21 +0000 (21:51 +0200)]
management of any attribute by ipsec pool

10 years agoupdated ikev1/rw-cert scenario to support xauth integrity test
Andreas Steffen [Wed, 19 May 2010 06:31:39 +0000 (08:31 +0200)]
updated ikev1/rw-cert scenario to support xauth integrity test

10 years agochecksum_builder() needs the pluto symbol
Andreas Steffen [Wed, 19 May 2010 06:02:22 +0000 (08:02 +0200)]
checksum_builder() needs the pluto symbol

10 years agoupdated ikev1/xauth-rsa-mode-config scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 20:57:12 +0000 (22:57 +0200)]
updated ikev1/xauth-rsa-mode-config scenario to support xauth plugin

10 years agoupdated ikev1/xauth-psk-mode-config scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 20:56:42 +0000 (22:56 +0200)]
updated ikev1/xauth-psk-mode-config scenario to support xauth plugin

10 years agoupdated ikev1/xauth-psk-mode-config scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 20:48:37 +0000 (22:48 +0200)]
updated ikev1/xauth-psk-mode-config scenario to support xauth plugin

10 years agoregister virtual IPs under the XAUTH identity
Andreas Steffen [Tue, 18 May 2010 20:41:22 +0000 (22:41 +0200)]
register virtual IPs under the XAUTH identity

10 years agoupdated ikev1/xauth-rsa-nosecret scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 18:20:55 +0000 (20:20 +0200)]
updated ikev1/xauth-rsa-nosecret scenario to support xauth plugin

10 years agocreated ikev1/xauth-id-psk scenario
Andreas Steffen [Tue, 18 May 2010 18:04:52 +0000 (20:04 +0200)]
created ikev1/xauth-id-psk scenario

10 years agoupdated ikev1/xauth-psk scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 18:04:02 +0000 (20:04 +0200)]
updated ikev1/xauth-psk scenario to support xauth plugin

10 years agoclarified secret loading debug output
Andreas Steffen [Tue, 18 May 2010 14:54:20 +0000 (16:54 +0200)]
clarified secret loading debug output

10 years agoupdated ikev1/xauth-rsa-fail scenario to xauth plugin
Andreas Steffen [Tue, 18 May 2010 14:53:34 +0000 (16:53 +0200)]
updated ikev1/xauth-rsa-fail scenario to xauth plugin

10 years agocreated ikev1/xauth-id-rsa scenario using XAUTH identities
Andreas Steffen [Tue, 18 May 2010 14:53:00 +0000 (16:53 +0200)]
created ikev1/xauth-id-rsa scenario using XAUTH identities

10 years agoupdated ikev1/xauth-rsa scenario to xauth plugin
Andreas Steffen [Tue, 18 May 2010 14:52:12 +0000 (16:52 +0200)]
updated ikev1/xauth-rsa scenario to xauth plugin

10 years agoTypo fixed.
Tobias Brunner [Tue, 18 May 2010 11:59:23 +0000 (13:59 +0200)]
Typo fixed.

10 years agoimplemented xauth as a pluto plugin
Andreas Steffen [Tue, 18 May 2010 11:51:15 +0000 (13:51 +0200)]
implemented xauth as a pluto plugin

10 years agoHandle collisions between rekey and the following delete properly
Martin Willi [Tue, 18 May 2010 10:21:38 +0000 (12:21 +0200)]
Handle collisions between rekey and the following delete properly

10 years agoAdded simple conditional packet receive delay
Martin Willi [Tue, 18 May 2010 10:21:05 +0000 (12:21 +0200)]
Added simple conditional packet receive delay

10 years agoAdded simple conditional packet send delay
Martin Willi [Tue, 18 May 2010 10:20:32 +0000 (12:20 +0200)]
Added simple conditional packet send delay

10 years agoExplicitly link gpg-error to gcrypt plugin
Martin Willi [Mon, 17 May 2010 10:36:30 +0000 (12:36 +0200)]
Explicitly link gpg-error to gcrypt plugin

10 years agoLink to libgpg-error to resolve additional symbols when testing for libgcrypt
Martin Willi [Mon, 17 May 2010 09:08:13 +0000 (11:08 +0200)]
Link to libgpg-error to resolve additional symbols when testing for libgcrypt

10 years agoit's too late on Saturday evening
Andreas Steffen [Sat, 15 May 2010 16:52:59 +0000 (18:52 +0200)]
it's too late on Saturday evening

10 years agoroll back some changes
Andreas Steffen [Sat, 15 May 2010 16:48:35 +0000 (18:48 +0200)]
roll back some changes

10 years agoencoding of MODE_TUNNEL changed
Andreas Steffen [Sat, 15 May 2010 16:36:14 +0000 (18:36 +0200)]
encoding of MODE_TUNNEL changed

10 years agothe keyid is a subjectKeyIdentifier
Andreas Steffen [Sat, 15 May 2010 15:03:04 +0000 (17:03 +0200)]
the keyid is a subjectKeyIdentifier

10 years agofixed keyids in sql/rw-psk-rsa-split scenario
Andreas Steffen [Sat, 15 May 2010 14:55:08 +0000 (16:55 +0200)]
fixed keyids in sql/rw-psk-rsa-split scenario

10 years agofixed keyids in sql/rw-eap-aka-rsa scenario
Andreas Steffen [Sat, 15 May 2010 14:44:53 +0000 (16:44 +0200)]
fixed keyids in sql/rw-eap-aka-rsa scenario

10 years agofixed keyids in sql/rw-cert scenario
Andreas Steffen [Sat, 15 May 2010 14:34:50 +0000 (16:34 +0200)]
fixed keyids in sql/rw-cert scenario

10 years agofixed keyids in sql/net2net-cert scenario
Andreas Steffen [Sat, 15 May 2010 14:20:34 +0000 (16:20 +0200)]
fixed keyids in sql/net2net-cert scenario

10 years agoinserted newline
Andreas Steffen [Sat, 15 May 2010 14:13:22 +0000 (16:13 +0200)]
inserted newline

10 years agofixed keyids in sql/ip-split-pools-db-restart scenario
Andreas Steffen [Sat, 15 May 2010 14:11:08 +0000 (16:11 +0200)]
fixed keyids in sql/ip-split-pools-db-restart scenario

10 years agofixed keyids in sql/ip-split-pools-db scenario
Andreas Steffen [Sat, 15 May 2010 11:40:11 +0000 (13:40 +0200)]
fixed keyids in sql/ip-split-pools-db scenario

10 years agofixed keyids in sql/ip-pool-db-restart scenario
Andreas Steffen [Sat, 15 May 2010 11:22:49 +0000 (13:22 +0200)]
fixed keyids in sql/ip-pool-db-restart scenario

10 years agofixed keyids in sql/ip-pool-db-expired scenario
Andreas Steffen [Sat, 15 May 2010 11:07:22 +0000 (13:07 +0200)]
fixed keyids in sql/ip-pool-db-expired scenario

10 years agofixed keyids in sql/ip-pool-db scenario
Andreas Steffen [Sat, 15 May 2010 11:06:48 +0000 (13:06 +0200)]
fixed keyids in sql/ip-pool-db scenario

10 years agointroduced xauth_identity keyword
Andreas Steffen [Sat, 15 May 2010 08:18:29 +0000 (10:18 +0200)]
introduced xauth_identity keyword

10 years agoadapted evaltest of ikev1/ip-pool-db-push scenario to resolve plugin
Andreas Steffen [Fri, 14 May 2010 15:26:59 +0000 (17:26 +0200)]
adapted evaltest of ikev1/ip-pool-db-push scenario to resolve plugin

10 years agoadapted evaltest of ikev1/ip-pool-db scenario to resolve plugin
Andreas Steffen [Fri, 14 May 2010 15:20:28 +0000 (17:20 +0200)]
adapted evaltest of ikev1/ip-pool-db scenario to resolve plugin

10 years agorefactoring of Mode Config functionality allows transport and handling of any attribute
Andreas Steffen [Fri, 14 May 2010 15:07:03 +0000 (17:07 +0200)]
refactoring of Mode Config functionality allows transport and handling of any attribute

10 years agoadapted evaltest of ikev1/mode-config-push scenario to resolve plugin
Andreas Steffen [Fri, 14 May 2010 13:12:03 +0000 (15:12 +0200)]
adapted evaltest of ikev1/mode-config-push scenario to resolve plugin

10 years agoadapted evaltest to resolve plugin
Andreas Steffen [Fri, 14 May 2010 09:07:26 +0000 (11:07 +0200)]
adapted evaltest to resolve plugin

10 years agoimplemented support of resolve plugin
Andreas Steffen [Sat, 8 May 2010 14:09:02 +0000 (16:09 +0200)]
implemented support of resolve plugin

10 years agoinclude demux.h only once
Andreas Steffen [Thu, 6 May 2010 19:55:19 +0000 (21:55 +0200)]
include demux.h only once

10 years agoalready defined in attributes/attributes.h
Andreas Steffen [Thu, 6 May 2010 19:44:15 +0000 (21:44 +0200)]
already defined in attributes/attributes.h

10 years agoinclude state.h only once
Andreas Steffen [Thu, 6 May 2010 19:35:00 +0000 (21:35 +0200)]
include state.h only once

10 years agoremoved stray file
Andreas Steffen [Thu, 6 May 2010 08:35:25 +0000 (10:35 +0200)]
removed stray file

10 years agoSupport decoding of subjectPublicKeyInfo in openssl without pkcs1 plugin
Martin Willi [Wed, 5 May 2010 11:48:10 +0000 (13:48 +0200)]
Support decoding of subjectPublicKeyInfo in openssl without pkcs1 plugin

10 years agoDo not check pointer, but length of a chunk
Martin Willi [Wed, 5 May 2010 09:30:18 +0000 (11:30 +0200)]
Do not check pointer, but length of a chunk

10 years agoDouble-check that a blob passed to is_asn1() is not empty
Martin Willi [Wed, 5 May 2010 09:26:17 +0000 (11:26 +0200)]
Double-check that a blob passed to is_asn1() is not empty

10 years agoDo not print filename twice if plugin loading fails, dlerror() contains the filename
Martin Willi [Wed, 5 May 2010 09:15:10 +0000 (11:15 +0200)]
Do not print filename twice if plugin loading fails, dlerror() contains the filename

10 years agoImplemented base32 encoding of chunks.
Martin Willi [Wed, 5 May 2010 08:40:52 +0000 (10:40 +0200)]
Implemented base32 encoding of chunks.

10 years agomoved resolve plugin from libcharon to libhydra
Andreas Steffen [Tue, 4 May 2010 21:52:44 +0000 (23:52 +0200)]
moved resolve plugin from libcharon to libhydra

10 years agoDo a proper cleanup when printing usage info.
Tobias Brunner [Tue, 4 May 2010 15:33:35 +0000 (17:33 +0200)]
Do a proper cleanup when printing usage info.

10 years agoMoved syslog.h include.
Tobias Brunner [Tue, 4 May 2010 15:40:10 +0000 (17:40 +0200)]
Moved syslog.h include.

10 years agoCompiler warning fixed.
Tobias Brunner [Tue, 4 May 2010 15:00:43 +0000 (17:00 +0200)]
Compiler warning fixed.

10 years agofixed typo
Andreas Steffen [Tue, 4 May 2010 04:18:10 +0000 (06:18 +0200)]
fixed typo

10 years agoAdd 'flush_line' option to filelog section.
Adrian-Ken Rueegsegger [Sun, 2 May 2010 12:37:16 +0000 (14:37 +0200)]
Add 'flush_line' option to filelog section.

The new boolean 'flush_line' option in the filelog section of
strongswan.conf specifies if log messages should be flushed to the given
file for each new line.

10 years agoUse reqid from connection config if present.
Reto Buerki [Thu, 22 Apr 2010 15:03:30 +0000 (17:03 +0200)]
Use reqid from connection config if present.