strongswan.git
9 years agoImplemented X.509 CRL reading using OpenSSL
Martin Willi [Thu, 20 May 2010 15:33:52 +0000 (17:33 +0200)]
Implemented X.509 CRL reading using OpenSSL

9 years agoImplemented X.509 certificate reading using OpenSSL
Martin Willi [Thu, 20 May 2010 08:09:04 +0000 (08:09 +0000)]
Implemented X.509 certificate reading using OpenSSL

9 years agooops, removed stray parenthesis
Andreas Steffen [Thu, 20 May 2010 15:38:39 +0000 (17:38 +0200)]
oops, removed stray parenthesis

9 years agoFixed doxygen group
Martin Willi [Thu, 20 May 2010 11:22:13 +0000 (13:22 +0200)]
Fixed doxygen group

9 years agoWhitelist OpenSSLs ERR_put_error() in leak-detective
Martin Willi [Thu, 20 May 2010 07:44:59 +0000 (09:44 +0200)]
Whitelist OpenSSLs ERR_put_error() in leak-detective

As we do not invoke ERR_get/clear_error() in all error cases, the
error codes are not removed from the error queue. But it is save
to whitelist the put function, as it uses a circular buffer that
does not grow beyond ERR_NUM_ERRORS errors (16 by default).

9 years agoAdded a --print command to pki that dumps different credentials
Martin Willi [Thu, 20 May 2010 07:41:47 +0000 (09:41 +0200)]
Added a --print command to pki that dumps different credentials

9 years agoOption to skip slow addr2line resolution in leak-detective
Martin Willi [Wed, 19 May 2010 13:22:12 +0000 (15:22 +0200)]
Option to skip slow addr2line resolution in leak-detective

9 years agorange check for configuration attribute types
Andreas Steffen [Thu, 20 May 2010 15:35:10 +0000 (17:35 +0200)]
range check for configuration attribute types

9 years agoimplement ipsec pool -showattr function
Andreas Steffen [Thu, 20 May 2010 15:24:43 +0000 (17:24 +0200)]
implement ipsec pool -showattr function

9 years agoremoved deprecated use of ipsec pool --attr|del dns|nbns from usage()
Andreas Steffen [Thu, 20 May 2010 14:30:15 +0000 (16:30 +0200)]
removed deprecated use of ipsec pool --attr|del dns|nbns from usage()

9 years agoOnly include C files that start with the plugin name when building for Android.
Tobias Brunner [Thu, 20 May 2010 10:01:12 +0000 (12:01 +0200)]
Only include C files that start with the plugin name when building for Android.

9 years agoadded ipsec pool attribute support to NEWS
Andreas Steffen [Wed, 19 May 2010 19:53:55 +0000 (21:53 +0200)]
added ipsec pool attribute support to NEWS

9 years agomanagement of any attribute by ipsec pool
Andreas Steffen [Wed, 19 May 2010 19:51:21 +0000 (21:51 +0200)]
management of any attribute by ipsec pool

9 years agoupdated ikev1/rw-cert scenario to support xauth integrity test
Andreas Steffen [Wed, 19 May 2010 06:31:39 +0000 (08:31 +0200)]
updated ikev1/rw-cert scenario to support xauth integrity test

9 years agochecksum_builder() needs the pluto symbol
Andreas Steffen [Wed, 19 May 2010 06:02:22 +0000 (08:02 +0200)]
checksum_builder() needs the pluto symbol

9 years agoupdated ikev1/xauth-rsa-mode-config scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 20:57:12 +0000 (22:57 +0200)]
updated ikev1/xauth-rsa-mode-config scenario to support xauth plugin

9 years agoupdated ikev1/xauth-psk-mode-config scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 20:56:42 +0000 (22:56 +0200)]
updated ikev1/xauth-psk-mode-config scenario to support xauth plugin

9 years agoupdated ikev1/xauth-psk-mode-config scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 20:48:37 +0000 (22:48 +0200)]
updated ikev1/xauth-psk-mode-config scenario to support xauth plugin

9 years agoregister virtual IPs under the XAUTH identity
Andreas Steffen [Tue, 18 May 2010 20:41:22 +0000 (22:41 +0200)]
register virtual IPs under the XAUTH identity

9 years agoupdated ikev1/xauth-rsa-nosecret scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 18:20:55 +0000 (20:20 +0200)]
updated ikev1/xauth-rsa-nosecret scenario to support xauth plugin

9 years agocreated ikev1/xauth-id-psk scenario
Andreas Steffen [Tue, 18 May 2010 18:04:52 +0000 (20:04 +0200)]
created ikev1/xauth-id-psk scenario

9 years agoupdated ikev1/xauth-psk scenario to support xauth plugin
Andreas Steffen [Tue, 18 May 2010 18:04:02 +0000 (20:04 +0200)]
updated ikev1/xauth-psk scenario to support xauth plugin

9 years agoclarified secret loading debug output
Andreas Steffen [Tue, 18 May 2010 14:54:20 +0000 (16:54 +0200)]
clarified secret loading debug output

9 years agoupdated ikev1/xauth-rsa-fail scenario to xauth plugin
Andreas Steffen [Tue, 18 May 2010 14:53:34 +0000 (16:53 +0200)]
updated ikev1/xauth-rsa-fail scenario to xauth plugin

9 years agocreated ikev1/xauth-id-rsa scenario using XAUTH identities
Andreas Steffen [Tue, 18 May 2010 14:53:00 +0000 (16:53 +0200)]
created ikev1/xauth-id-rsa scenario using XAUTH identities

9 years agoupdated ikev1/xauth-rsa scenario to xauth plugin
Andreas Steffen [Tue, 18 May 2010 14:52:12 +0000 (16:52 +0200)]
updated ikev1/xauth-rsa scenario to xauth plugin

9 years agoTypo fixed.
Tobias Brunner [Tue, 18 May 2010 11:59:23 +0000 (13:59 +0200)]
Typo fixed.

9 years agoimplemented xauth as a pluto plugin
Andreas Steffen [Tue, 18 May 2010 11:51:15 +0000 (13:51 +0200)]
implemented xauth as a pluto plugin

9 years agoHandle collisions between rekey and the following delete properly
Martin Willi [Tue, 18 May 2010 10:21:38 +0000 (12:21 +0200)]
Handle collisions between rekey and the following delete properly

9 years agoAdded simple conditional packet receive delay
Martin Willi [Tue, 18 May 2010 10:21:05 +0000 (12:21 +0200)]
Added simple conditional packet receive delay

9 years agoAdded simple conditional packet send delay
Martin Willi [Tue, 18 May 2010 10:20:32 +0000 (12:20 +0200)]
Added simple conditional packet send delay

9 years agoExplicitly link gpg-error to gcrypt plugin
Martin Willi [Mon, 17 May 2010 10:36:30 +0000 (12:36 +0200)]
Explicitly link gpg-error to gcrypt plugin

9 years agoLink to libgpg-error to resolve additional symbols when testing for libgcrypt
Martin Willi [Mon, 17 May 2010 09:08:13 +0000 (11:08 +0200)]
Link to libgpg-error to resolve additional symbols when testing for libgcrypt

9 years agoit's too late on Saturday evening
Andreas Steffen [Sat, 15 May 2010 16:52:59 +0000 (18:52 +0200)]
it's too late on Saturday evening

9 years agoroll back some changes
Andreas Steffen [Sat, 15 May 2010 16:48:35 +0000 (18:48 +0200)]
roll back some changes

9 years agoencoding of MODE_TUNNEL changed
Andreas Steffen [Sat, 15 May 2010 16:36:14 +0000 (18:36 +0200)]
encoding of MODE_TUNNEL changed

9 years agothe keyid is a subjectKeyIdentifier
Andreas Steffen [Sat, 15 May 2010 15:03:04 +0000 (17:03 +0200)]
the keyid is a subjectKeyIdentifier

9 years agofixed keyids in sql/rw-psk-rsa-split scenario
Andreas Steffen [Sat, 15 May 2010 14:55:08 +0000 (16:55 +0200)]
fixed keyids in sql/rw-psk-rsa-split scenario

9 years agofixed keyids in sql/rw-eap-aka-rsa scenario
Andreas Steffen [Sat, 15 May 2010 14:44:53 +0000 (16:44 +0200)]
fixed keyids in sql/rw-eap-aka-rsa scenario

9 years agofixed keyids in sql/rw-cert scenario
Andreas Steffen [Sat, 15 May 2010 14:34:50 +0000 (16:34 +0200)]
fixed keyids in sql/rw-cert scenario

9 years agofixed keyids in sql/net2net-cert scenario
Andreas Steffen [Sat, 15 May 2010 14:20:34 +0000 (16:20 +0200)]
fixed keyids in sql/net2net-cert scenario

9 years agoinserted newline
Andreas Steffen [Sat, 15 May 2010 14:13:22 +0000 (16:13 +0200)]
inserted newline

9 years agofixed keyids in sql/ip-split-pools-db-restart scenario
Andreas Steffen [Sat, 15 May 2010 14:11:08 +0000 (16:11 +0200)]
fixed keyids in sql/ip-split-pools-db-restart scenario

9 years agofixed keyids in sql/ip-split-pools-db scenario
Andreas Steffen [Sat, 15 May 2010 11:40:11 +0000 (13:40 +0200)]
fixed keyids in sql/ip-split-pools-db scenario

9 years agofixed keyids in sql/ip-pool-db-restart scenario
Andreas Steffen [Sat, 15 May 2010 11:22:49 +0000 (13:22 +0200)]
fixed keyids in sql/ip-pool-db-restart scenario

9 years agofixed keyids in sql/ip-pool-db-expired scenario
Andreas Steffen [Sat, 15 May 2010 11:07:22 +0000 (13:07 +0200)]
fixed keyids in sql/ip-pool-db-expired scenario

9 years agofixed keyids in sql/ip-pool-db scenario
Andreas Steffen [Sat, 15 May 2010 11:06:48 +0000 (13:06 +0200)]
fixed keyids in sql/ip-pool-db scenario

9 years agointroduced xauth_identity keyword
Andreas Steffen [Sat, 15 May 2010 08:18:29 +0000 (10:18 +0200)]
introduced xauth_identity keyword

9 years agoadapted evaltest of ikev1/ip-pool-db-push scenario to resolve plugin
Andreas Steffen [Fri, 14 May 2010 15:26:59 +0000 (17:26 +0200)]
adapted evaltest of ikev1/ip-pool-db-push scenario to resolve plugin

9 years agoadapted evaltest of ikev1/ip-pool-db scenario to resolve plugin
Andreas Steffen [Fri, 14 May 2010 15:20:28 +0000 (17:20 +0200)]
adapted evaltest of ikev1/ip-pool-db scenario to resolve plugin

9 years agorefactoring of Mode Config functionality allows transport and handling of any attribute
Andreas Steffen [Fri, 14 May 2010 15:07:03 +0000 (17:07 +0200)]
refactoring of Mode Config functionality allows transport and handling of any attribute

9 years agoadapted evaltest of ikev1/mode-config-push scenario to resolve plugin
Andreas Steffen [Fri, 14 May 2010 13:12:03 +0000 (15:12 +0200)]
adapted evaltest of ikev1/mode-config-push scenario to resolve plugin

9 years agoadapted evaltest to resolve plugin
Andreas Steffen [Fri, 14 May 2010 09:07:26 +0000 (11:07 +0200)]
adapted evaltest to resolve plugin

9 years agoimplemented support of resolve plugin
Andreas Steffen [Sat, 8 May 2010 14:09:02 +0000 (16:09 +0200)]
implemented support of resolve plugin

9 years agoinclude demux.h only once
Andreas Steffen [Thu, 6 May 2010 19:55:19 +0000 (21:55 +0200)]
include demux.h only once

9 years agoalready defined in attributes/attributes.h
Andreas Steffen [Thu, 6 May 2010 19:44:15 +0000 (21:44 +0200)]
already defined in attributes/attributes.h

9 years agoinclude state.h only once
Andreas Steffen [Thu, 6 May 2010 19:35:00 +0000 (21:35 +0200)]
include state.h only once

9 years agoremoved stray file
Andreas Steffen [Thu, 6 May 2010 08:35:25 +0000 (10:35 +0200)]
removed stray file

9 years agoSupport decoding of subjectPublicKeyInfo in openssl without pkcs1 plugin
Martin Willi [Wed, 5 May 2010 11:48:10 +0000 (13:48 +0200)]
Support decoding of subjectPublicKeyInfo in openssl without pkcs1 plugin

9 years agoDo not check pointer, but length of a chunk
Martin Willi [Wed, 5 May 2010 09:30:18 +0000 (11:30 +0200)]
Do not check pointer, but length of a chunk

9 years agoDouble-check that a blob passed to is_asn1() is not empty
Martin Willi [Wed, 5 May 2010 09:26:17 +0000 (11:26 +0200)]
Double-check that a blob passed to is_asn1() is not empty

9 years agoDo not print filename twice if plugin loading fails, dlerror() contains the filename
Martin Willi [Wed, 5 May 2010 09:15:10 +0000 (11:15 +0200)]
Do not print filename twice if plugin loading fails, dlerror() contains the filename

9 years agoImplemented base32 encoding of chunks.
Martin Willi [Wed, 5 May 2010 08:40:52 +0000 (10:40 +0200)]
Implemented base32 encoding of chunks.

9 years agomoved resolve plugin from libcharon to libhydra
Andreas Steffen [Tue, 4 May 2010 21:52:44 +0000 (23:52 +0200)]
moved resolve plugin from libcharon to libhydra

9 years agoDo a proper cleanup when printing usage info.
Tobias Brunner [Tue, 4 May 2010 15:33:35 +0000 (17:33 +0200)]
Do a proper cleanup when printing usage info.

9 years agoMoved syslog.h include.
Tobias Brunner [Tue, 4 May 2010 15:40:10 +0000 (17:40 +0200)]
Moved syslog.h include.

9 years agoCompiler warning fixed.
Tobias Brunner [Tue, 4 May 2010 15:00:43 +0000 (17:00 +0200)]
Compiler warning fixed.

9 years agofixed typo
Andreas Steffen [Tue, 4 May 2010 04:18:10 +0000 (06:18 +0200)]
fixed typo

9 years agoAdd 'flush_line' option to filelog section.
Adrian-Ken Rueegsegger [Sun, 2 May 2010 12:37:16 +0000 (14:37 +0200)]
Add 'flush_line' option to filelog section.

The new boolean 'flush_line' option in the filelog section of
strongswan.conf specifies if log messages should be flushed to the given
file for each new line.

9 years agoUse reqid from connection config if present.
Reto Buerki [Thu, 22 Apr 2010 15:03:30 +0000 (17:03 +0200)]
Use reqid from connection config if present.

9 years agoAdd reqid field and getter function to child_cfg_t.
Reto Buerki [Thu, 22 Apr 2010 15:03:29 +0000 (17:03 +0200)]
Add reqid field and getter function to child_cfg_t.

9 years agoInclude reqid in stroke add connection message.
Reto Buerki [Thu, 22 Apr 2010 15:03:28 +0000 (17:03 +0200)]
Include reqid in stroke add connection message.

9 years agoAdd reqid keyword to config connection section.
Reto Buerki [Thu, 22 Apr 2010 15:03:27 +0000 (17:03 +0200)]
Add reqid keyword to config connection section.

9 years agodelete release files
Andreas Steffen [Mon, 3 May 2010 07:31:22 +0000 (09:31 +0200)]
delete release files

9 years agoversion bump to 4.4.1
Andreas Steffen [Mon, 3 May 2010 07:09:43 +0000 (09:09 +0200)]
version bump to 4.4.1

9 years agoadded getprotobyname to whitelist 4.4.0
Andreas Steffen [Sun, 2 May 2010 19:13:10 +0000 (21:13 +0200)]
added getprotobyname to whitelist

9 years agoremove subnet from sourceip
Andreas Steffen [Sun, 2 May 2010 15:58:36 +0000 (17:58 +0200)]
remove subnet from sourceip

9 years agofinal fix for cloning and deleting sourceip strings
Andreas Steffen [Sun, 2 May 2010 13:55:46 +0000 (15:55 +0200)]
final fix for cloning and deleting sourceip strings

9 years agofixed end->sourceip memory leak in ipsec starter
Andreas Steffen [Sun, 2 May 2010 12:56:35 +0000 (14:56 +0200)]
fixed end->sourceip memory leak in ipsec starter

9 years agoupdated options in testing.conf
Andreas Steffen [Sun, 2 May 2010 09:47:24 +0000 (11:47 +0200)]
updated options in testing.conf

9 years agofixed flex parser memory leaks in ipsec starter
Andreas Steffen [Sun, 2 May 2010 09:40:46 +0000 (11:40 +0200)]
fixed flex parser memory leaks in ipsec starter

9 years agofree config before exiting since library_deinit() calls leak detective
Andreas Steffen [Sun, 2 May 2010 09:00:21 +0000 (11:00 +0200)]
free config before exiting since library_deinit() calls leak detective

9 years agoWe have to rename thread_create on Mac OS X because it conflicts with a syscall.
Tobias Brunner [Thu, 29 Apr 2010 12:44:31 +0000 (14:44 +0200)]
We have to rename thread_create on Mac OS X because it conflicts with a syscall.

9 years agoInitialize libstrongswan in stroke (fixes Vstr logging).
Tobias Brunner [Thu, 29 Apr 2010 12:51:44 +0000 (14:51 +0200)]
Initialize libstrongswan in stroke (fixes Vstr logging).

9 years agoInitialize libstrongswan in starter (fixes Vstr logging).
Tobias Brunner [Thu, 29 Apr 2010 12:33:29 +0000 (14:33 +0200)]
Initialize libstrongswan in starter (fixes Vstr logging).

9 years agoThe mutex of a thread has to be locked when destroying it.
Tobias Brunner [Thu, 29 Apr 2010 11:30:51 +0000 (13:30 +0200)]
The mutex of a thread has to be locked when destroying it.

9 years agoFixing out-of-tree build after adding dependency to config.status.
Tobias Brunner [Thu, 29 Apr 2010 11:29:53 +0000 (13:29 +0200)]
Fixing out-of-tree build after adding dependency to config.status.

9 years agoUsers of PLUGINS depend on config.status, rebuilding them if plugin configuration...
Martin Willi [Thu, 29 Apr 2010 09:28:27 +0000 (11:28 +0200)]
Users of PLUGINS depend on config.status, rebuilding them if plugin configuration is updated

9 years agoFixed RSA key generation with gcrypt
Martin Willi [Thu, 29 Apr 2010 07:51:37 +0000 (09:51 +0200)]
Fixed RSA key generation with gcrypt

9 years agoPEM encoder supports encoding from RSA components directly, allowing gcrypt plugin...
Martin Willi [Thu, 29 Apr 2010 07:36:45 +0000 (09:36 +0200)]
PEM encoder supports encoding from RSA components directly, allowing gcrypt plugin to encode in PEM

9 years agoadded AES-GMAC support to NEWS
Andreas Steffen [Thu, 29 Apr 2010 05:41:30 +0000 (07:41 +0200)]
added AES-GMAC support to NEWS

9 years agodo not destroy whack_attr if it hasn't been initialized
Andreas Steffen [Thu, 29 Apr 2010 05:28:51 +0000 (07:28 +0200)]
do not destroy whack_attr if it hasn't been initialized

9 years agoadded debug output argument
Andreas Steffen [Wed, 28 Apr 2010 10:27:45 +0000 (12:27 +0200)]
added debug output argument

9 years agoReintroduce to_referer(), redirect() does not work with get_referer()
Martin Willi [Wed, 28 Apr 2010 07:03:08 +0000 (09:03 +0200)]
Reintroduce to_referer(), redirect() does not work with get_referer()

9 years agoUse a 301 permanent redirect if no controller given
Martin Willi [Mon, 26 Apr 2010 07:41:10 +0000 (09:41 +0200)]
Use a 301 permanent redirect if no controller given

9 years agoadded ikev1/alg-esp-aes-gmac scenario
Andreas Steffen [Tue, 27 Apr 2010 11:48:37 +0000 (13:48 +0200)]
added ikev1/alg-esp-aes-gmac scenario

9 years agoadded AES_GMAC output string
Andreas Steffen [Tue, 27 Apr 2010 11:47:11 +0000 (13:47 +0200)]
added AES_GMAC output string

9 years agoadded ikev2/alg-esp-aes-gmac scenario
Andreas Steffen [Tue, 27 Apr 2010 11:13:10 +0000 (13:13 +0200)]
added ikev2/alg-esp-aes-gmac scenario

9 years agoadded ikev1/alg-modp-subgroup scenario
Andreas Steffen [Fri, 23 Apr 2010 13:23:54 +0000 (15:23 +0200)]
added ikev1/alg-modp-subgroup scenario

9 years agoadded ikev2/alg-modp-subgroup scenario
Andreas Steffen [Fri, 23 Apr 2010 13:03:16 +0000 (15:03 +0200)]
added ikev2/alg-modp-subgroup scenario