strongswan.git
13 years agoimplemented rereadcrls rereadcacerts
Andreas Steffen [Tue, 20 Jun 2006 06:08:33 +0000 (06:08 -0000)]
implemented rereadcrls rereadcacerts

13 years agoimplemented rereadcrls rereadcacerts
Andreas Steffen [Tue, 20 Jun 2006 06:07:37 +0000 (06:07 -0000)]
implemented rereadcrls rereadcacerts

13 years agoimplemented rereadcrls rereadcacerts
Andreas Steffen [Tue, 20 Jun 2006 06:05:01 +0000 (06:05 -0000)]
implemented rereadcrls rereadcacerts

13 years agoremoved local_credential_store
Andreas Steffen [Tue, 20 Jun 2006 05:57:52 +0000 (05:57 -0000)]
removed local_credential_store

13 years agofixed SPI when acting as initiator of rekeying
Martin Willi [Mon, 19 Jun 2006 09:27:14 +0000 (09:27 -0000)]
fixed SPI when acting as initiator of rekeying

13 years agofixed SPI when rekeying and deleting CHILD_SAs
Martin Willi [Mon, 19 Jun 2006 08:54:19 +0000 (08:54 -0000)]
fixed SPI when rekeying and deleting CHILD_SAs

13 years agochange key derivation order to fullfill RFC
Martin Willi [Mon, 19 Jun 2006 08:11:42 +0000 (08:11 -0000)]
change key derivation order to fullfill RFC

13 years ago(no commit message)
Martin Willi [Fri, 16 Jun 2006 14:10:49 +0000 (14:10 -0000)]

13 years agoadded crl support
Andreas Steffen [Fri, 16 Jun 2006 05:55:30 +0000 (05:55 -0000)]
added crl support

13 years agoadded listcrls
Andreas Steffen [Fri, 16 Jun 2006 05:55:02 +0000 (05:55 -0000)]
added listcrls

13 years agoadded chunk_equals_or_null()
Andreas Steffen [Fri, 16 Jun 2006 05:53:47 +0000 (05:53 -0000)]
added chunk_equals_or_null()

13 years agoadded crl support
Andreas Steffen [Fri, 16 Jun 2006 05:52:52 +0000 (05:52 -0000)]
added crl support

13 years agochanged tabs from 8 to 4 spaces
Andreas Steffen [Fri, 16 Jun 2006 05:52:26 +0000 (05:52 -0000)]
changed tabs from 8 to 4 spaces

13 years agoadded crl support
Andreas Steffen [Fri, 16 Jun 2006 05:51:36 +0000 (05:51 -0000)]
added crl support

13 years agocosmetics
Andreas Steffen [Fri, 16 Jun 2006 05:51:16 +0000 (05:51 -0000)]
cosmetics

13 years agocosmetics (space)
Andreas Steffen [Fri, 16 Jun 2006 05:50:28 +0000 (05:50 -0000)]
cosmetics (space)

13 years agofixed compilation error
Martin Willi [Thu, 15 Jun 2006 13:41:06 +0000 (13:41 -0000)]
fixed compilation error

13 years agoupdated for release
Martin Willi [Thu, 15 Jun 2006 13:23:06 +0000 (13:23 -0000)]
updated for release

13 years agofixed aes code, we support now aes128, aes192, aes256 in IKE
Martin Willi [Thu, 15 Jun 2006 13:14:09 +0000 (13:14 -0000)]
fixed aes code, we support now aes128, aes192, aes256 in IKE

13 years agoadded support for "ike" and "esp" keywords
Martin Willi [Thu, 15 Jun 2006 11:09:11 +0000 (11:09 -0000)]
added support for "ike" and "esp" keywords
fixed bugs in proposal code
algorithm selection for charon works now with ipsec.conf
a lot of other fixes

13 years agoimplemented clean spi allocation behavior when using multiple proposals
Martin Willi [Thu, 15 Jun 2006 11:06:22 +0000 (11:06 -0000)]
implemented clean spi allocation behavior when using multiple proposals

13 years agofixed logleve(l) keyword typo
Martin Willi [Thu, 15 Jun 2006 11:03:41 +0000 (11:03 -0000)]
fixed logleve(l) keyword typo

13 years agohandling of "rekey=no" parameter added
Martin Willi [Thu, 15 Jun 2006 11:02:15 +0000 (11:02 -0000)]
handling of "rekey=no" parameter added

13 years agochanged default algorithms to:
Martin Willi [Thu, 15 Jun 2006 11:01:17 +0000 (11:01 -0000)]
changed default algorithms to:
  ike: aes128-sha-modp2048
  esp: aes128-sha1, 3des-md5

13 years agoadded default CRL directory path
Andreas Steffen [Wed, 14 Jun 2006 12:44:12 +0000 (12:44 -0000)]
added default CRL directory path

13 years agoadded strictcrlpolicy command line argument
Andreas Steffen [Wed, 14 Jun 2006 12:43:51 +0000 (12:43 -0000)]
added strictcrlpolicy command line argument

13 years agoadded option parsing
Andreas Steffen [Wed, 14 Jun 2006 12:42:36 +0000 (12:42 -0000)]
added option parsing

13 years agoadded local CRLs
Andreas Steffen [Wed, 14 Jun 2006 12:41:37 +0000 (12:41 -0000)]
added local CRLs

13 years agoadded rekeying parameters
Andreas Steffen [Wed, 14 Jun 2006 12:41:17 +0000 (12:41 -0000)]
added rekeying parameters

13 years agocorrected some descriptions
Andreas Steffen [Tue, 13 Jun 2006 11:33:13 +0000 (11:33 -0000)]
corrected some descriptions

13 years agomoved RSA key size constraints to definitions.h
Andreas Steffen [Tue, 13 Jun 2006 11:32:12 +0000 (11:32 -0000)]
moved RSA key size constraints to definitions.h

13 years agofixed down keyword
Martin Willi [Tue, 13 Jun 2006 10:11:45 +0000 (10:11 -0000)]
fixed down keyword

13 years agodebug and logging improvements
Martin Willi [Tue, 13 Jun 2006 10:01:04 +0000 (10:01 -0000)]
debug and logging improvements

13 years ago(no commit message)
Martin Willi [Tue, 13 Jun 2006 10:00:19 +0000 (10:00 -0000)]

13 years agosupport for stroke listcerts|listcacerts|listcrls|listall
Andreas Steffen [Mon, 12 Jun 2006 08:47:28 +0000 (08:47 -0000)]
support for stroke listcerts|listcacerts|listcrls|listall

13 years agosupport for stroke listcerts|listcacerts|listall and left|rightca=
Andreas Steffen [Mon, 12 Jun 2006 08:43:46 +0000 (08:43 -0000)]
support for stroke listcerts|listcacerts|listall and left|rightca=

13 years agogperf creates optimum hash table for stroke keywords
Andreas Steffen [Mon, 12 Jun 2006 08:42:32 +0000 (08:42 -0000)]
gperf creates optimum hash table for stroke keywords

13 years agousing same reqid if a child sa rekeys an existing one
Martin Willi [Mon, 12 Jun 2006 08:36:41 +0000 (08:36 -0000)]
using same reqid if a child sa rekeys an existing one

13 years agoNULL string argument is treated as %any
Andreas Steffen [Mon, 12 Jun 2006 08:26:14 +0000 (08:26 -0000)]
NULL string argument is treated as %any

13 years agoadd_certificate() now returns pointer to added cert
Andreas Steffen [Mon, 12 Jun 2006 07:57:14 +0000 (07:57 -0000)]
add_certificate() now returns pointer to added cert

13 years agocosmetics
Andreas Steffen [Mon, 12 Jun 2006 07:55:37 +0000 (07:55 -0000)]
cosmetics

13 years agosingle tests now start up faster
Andreas Steffen [Mon, 12 Jun 2006 07:51:18 +0000 (07:51 -0000)]
single tests now start up faster

13 years agoworkaround for peers rekeying at the same time
Martin Willi [Mon, 12 Jun 2006 07:33:20 +0000 (07:33 -0000)]
workaround for peers rekeying at the same time
loading lifetime policies from ipsec.conf

13 years agoold child_sa gets deleted after rekeying
Martin Willi [Fri, 9 Jun 2006 15:12:43 +0000 (15:12 -0000)]
old child_sa gets deleted after rekeying
rekeying almost complete, but:
IKE_SA get in an invalid state when both initiate rekeying at the same time,

13 years agocorrected type
Andreas Steffen [Fri, 9 Jun 2006 11:06:37 +0000 (11:06 -0000)]
corrected type

13 years agoimproved kernel interface logging
Martin Willi [Fri, 9 Jun 2006 08:41:41 +0000 (08:41 -0000)]
improved kernel interface logging

13 years agofixed clone/destroy behavior when not using CAs
Martin Willi [Fri, 9 Jun 2006 07:40:40 +0000 (07:40 -0000)]
fixed clone/destroy behavior when not using CAs

13 years agospecifying keysize in bits, as it is required in IKEv2
Martin Willi [Fri, 9 Jun 2006 07:31:30 +0000 (07:31 -0000)]
specifying keysize in bits, as it is required in IKEv2
added generic kernel SA algorithm handling, which brings us:
        aes-128, aes-256, blowfish, des, 3des and null encryption for CHILD_SAs

13 years agoadded support for leftsendcert= and left|rightca= parameters
Andreas Steffen [Fri, 9 Jun 2006 05:50:41 +0000 (05:50 -0000)]
added support for leftsendcert= and left|rightca= parameters

13 years agodiscard cert if CA basic constraints flag is not set and warn if cert is not valide
Andreas Steffen [Fri, 9 Jun 2006 05:48:49 +0000 (05:48 -0000)]
discard cert if CA basic constraints flag is not set and warn if cert is not valide

13 years agoadded public methods is_ca() and is_valid()
Andreas Steffen [Fri, 9 Jun 2006 05:47:00 +0000 (05:47 -0000)]
added public methods is_ca() and is_valid()

13 years agochanged ASN.1 CONTROL log output to LEVEL2
Andreas Steffen [Fri, 9 Jun 2006 05:45:37 +0000 (05:45 -0000)]
changed ASN.1 CONTROL log output to LEVEL2

13 years agocosmetics
Andreas Steffen [Fri, 9 Jun 2006 05:44:34 +0000 (05:44 -0000)]
cosmetics

13 years agoremoved unused Makefile
Martin Willi [Fri, 9 Jun 2006 05:42:29 +0000 (05:42 -0000)]
removed unused Makefile

13 years agostroke.h requires libstrongswan/types.h
Andreas Steffen [Fri, 9 Jun 2006 05:41:31 +0000 (05:41 -0000)]
stroke.h requires libstrongswan/types.h

13 years agofixed compile warnings when using -Wall
Martin Willi [Thu, 8 Jun 2006 14:20:05 +0000 (14:20 -0000)]
fixed compile warnings when using -Wall
further CHILD_SA rekeying work done:
creation of a new CHILD_SA on a expire from a kernel works
delete of old CHILD_SA still missing
some issues when both initiate rekeing

13 years agoupdated INSTALL to conform with autotools
Martin Willi [Thu, 8 Jun 2006 06:34:52 +0000 (06:34 -0000)]
updated INSTALL to conform with autotools
added a short HACKING introduction

13 years agofurther work for rekeying:
Martin Willi [Wed, 7 Jun 2006 13:26:23 +0000 (13:26 -0000)]
further work for rekeying:
  get liftimes from policy
  added new state
  initiation of rekeying done
proposal redone:
  removed support for AH+ESP proposals

13 years agoproper leak detective hook for realloc
Martin Willi [Wed, 7 Jun 2006 13:22:38 +0000 (13:22 -0000)]
proper leak detective hook for realloc
excluded pthread_setspecific from leak detective

13 years agofixed a memleak
Martin Willi [Wed, 7 Jun 2006 05:54:09 +0000 (05:54 -0000)]
fixed a memleak

13 years agocosmetics
Andreas Steffen [Tue, 6 Jun 2006 06:24:04 +0000 (06:24 -0000)]
cosmetics

13 years agoipv6-host2host scenario added
Andreas Steffen [Tue, 6 Jun 2006 05:43:32 +0000 (05:43 -0000)]
ipv6-host2host scenario added

13 years agocreated IPv6 environment
Andreas Steffen [Tue, 6 Jun 2006 05:41:21 +0000 (05:41 -0000)]
created IPv6 environment

13 years agojob management:
Martin Willi [Wed, 31 May 2006 14:23:15 +0000 (14:23 -0000)]
job management:
  moved job code from thread_pool to job, jobs have an "execute" method now
  added two new jobs: delete_child_sa & rekey_child_sa
kernel interface:
  listens now for ACQUIRE & EXPIRE
  supports hard and soft lifetimes
  fires jobs for delete and rekey child sa
ike sa manager:
  can checkout IKE SAs by requid of owned CHILD SAs
we have now the infrastructure to do the rekeying... :-)

13 years ago- fixed some memleaks/freebugs
Martin Willi [Wed, 31 May 2006 14:13:26 +0000 (14:13 -0000)]
- fixed some memleaks/freebugs
- leak detective works almost usable now (?!)

13 years ago- added host2host test for ikev2
Martin Willi [Wed, 31 May 2006 08:15:23 +0000 (08:15 -0000)]
- added host2host test for ikev2

13 years ago- fixed host-host tunnel traffic selection, host-host works now
Martin Willi [Wed, 31 May 2006 06:52:27 +0000 (06:52 -0000)]
- fixed host-host tunnel traffic selection, host-host works now

13 years agobug fixed circumventing an assertion in delete_connection when ikev1 is not set
Andreas Steffen [Wed, 31 May 2006 05:51:05 +0000 (05:51 -0000)]
bug fixed circumventing an assertion in delete_connection when ikev1 is not set

13 years agominimized prefixed on stroke logger output
Andreas Steffen [Wed, 31 May 2006 05:50:04 +0000 (05:50 -0000)]
minimized prefixed on stroke logger output

13 years agocharon outputs strongSwan version
Andreas Steffen [Wed, 31 May 2006 05:48:32 +0000 (05:48 -0000)]
charon outputs strongSwan version

13 years agotests with subjectAltNames now
Andreas Steffen [Wed, 31 May 2006 05:47:30 +0000 (05:47 -0000)]
tests with subjectAltNames now

13 years ago(no commit message)
Martin Willi [Tue, 30 May 2006 14:56:12 +0000 (14:56 -0000)]

13 years ago- fixed event queue for events >36min
Martin Willi [Tue, 30 May 2006 13:22:46 +0000 (13:22 -0000)]
- fixed event queue for events >36min

13 years ago(no commit message)
Martin Willi [Tue, 30 May 2006 13:01:50 +0000 (13:01 -0000)]

13 years ago- included charons module tests to build & dist
Martin Willi [Tue, 30 May 2006 13:00:18 +0000 (13:00 -0000)]
- included charons module tests to build & dist

13 years agofull support of ikev1 and ikev2 connection flags
Andreas Steffen [Tue, 30 May 2006 11:10:42 +0000 (11:10 -0000)]
full support of ikev1 and ikev2 connection flags

13 years agocosmetics in log_status output
Andreas Steffen [Tue, 30 May 2006 11:07:14 +0000 (11:07 -0000)]
cosmetics in log_status output

13 years agouse of streq
Andreas Steffen [Tue, 30 May 2006 11:03:55 +0000 (11:03 -0000)]
use of streq

13 years ago- added testing files to dist
Martin Willi [Tue, 30 May 2006 08:51:48 +0000 (08:51 -0000)]
- added testing files to dist
  - required the use of the "ustar" format to support
    filenames longer than 99 chars

13 years agolookup of private key based on keyid of public key
Andreas Steffen [Tue, 30 May 2006 07:53:13 +0000 (07:53 -0000)]
lookup of private key based on keyid of public key

13 years agonew functions to add certificates and retrieve private and public keys
Andreas Steffen [Tue, 30 May 2006 07:52:25 +0000 (07:52 -0000)]
new functions to add certificates and retrieve private and public keys

13 years agochanged log level
Andreas Steffen [Tue, 30 May 2006 07:50:15 +0000 (07:50 -0000)]
changed log level

13 years agolist ca certificates
Andreas Steffen [Tue, 30 May 2006 07:48:29 +0000 (07:48 -0000)]
list ca certificates

13 years agocomputation of SHA-1 hash over publicKeyInfo object
Andreas Steffen [Tue, 30 May 2006 07:47:19 +0000 (07:47 -0000)]
computation of SHA-1 hash over publicKeyInfo object

13 years agomoved abbreviated thread_id in front of brackets
Andreas Steffen [Tue, 30 May 2006 07:45:06 +0000 (07:45 -0000)]
moved abbreviated thread_id in front of brackets

13 years agoadded has_key parameter to log_certificates()
Andreas Steffen [Tue, 30 May 2006 07:43:39 +0000 (07:43 -0000)]
added has_key parameter to log_certificates()

13 years agolog_certificates() now shows keyid and availability of matching private key
Andreas Steffen [Tue, 30 May 2006 07:42:52 +0000 (07:42 -0000)]
log_certificates() now shows keyid and availability of matching private key

13 years agoindented loaded file log entry
Andreas Steffen [Tue, 30 May 2006 07:41:22 +0000 (07:41 -0000)]
indented loaded file log entry

13 years agomoved TIMETOA_BUF definition to types.h
Andreas Steffen [Tue, 30 May 2006 07:40:44 +0000 (07:40 -0000)]
moved TIMETOA_BUF definition to types.h

13 years agomoved TIMETOA_BUF definition from asn1.h
Andreas Steffen [Tue, 30 May 2006 07:39:44 +0000 (07:39 -0000)]
moved TIMETOA_BUF definition from asn1.h

13 years agodefine default CA_CERTIFICATE_DIR
Andreas Steffen [Tue, 30 May 2006 07:38:41 +0000 (07:38 -0000)]
define default CA_CERTIFICATE_DIR

13 years agoload all ca certificates
Andreas Steffen [Tue, 30 May 2006 07:37:48 +0000 (07:37 -0000)]
load all ca certificates

13 years ago- fixed daemon destruction order to prevent
Martin Willi [Tue, 30 May 2006 06:14:23 +0000 (06:14 -0000)]
- fixed daemon destruction order to prevent
  crashes on termination

13 years ago- fixed memleak when deleting a connection
Martin Willi [Mon, 29 May 2006 11:29:23 +0000 (11:29 -0000)]
- fixed memleak when deleting a connection

13 years ago- updated todo list
Martin Willi [Mon, 29 May 2006 11:19:31 +0000 (11:19 -0000)]
- updated todo list

13 years ago- policies contain a connections name now
Martin Willi [Mon, 29 May 2006 11:09:45 +0000 (11:09 -0000)]
- policies contain a connections name now
  - used for initiate and delete
- connections won't get initiated twice anymore
- deleting of connections is now possible, which allows us to use
  ipsec update and ipsec reload

13 years ago- changed iterator->remove behavior
Martin Willi [Mon, 29 May 2006 11:04:09 +0000 (11:04 -0000)]
- changed iterator->remove behavior

13 years agoipsec up|down|route|delete require a connection name
Andreas Steffen [Mon, 29 May 2006 07:17:55 +0000 (07:17 -0000)]
ipsec up|down|route|delete require a connection name

13 years agostroke now uses constant size string buffer
Andreas Steffen [Mon, 29 May 2006 07:14:57 +0000 (07:14 -0000)]
stroke now uses constant size string buffer

13 years agochanged to standard connection log output
Andreas Steffen [Mon, 29 May 2006 07:11:50 +0000 (07:11 -0000)]
changed to standard connection log output