strongswan.git
11 years agoUse the numerical UID/GID to install the config files and create the ipsec.d directories.
Tobias Brunner [Mon, 20 Jul 2009 19:03:05 +0000 (21:03 +0200)]
Use the numerical UID/GID to install the config files and create the ipsec.d directories.

11 years agoTranslate the configured user and group to a numerical UID and GID.
Tobias Brunner [Mon, 20 Jul 2009 19:01:13 +0000 (21:01 +0200)]
Translate the configured user and group to a numerical UID and GID.

11 years agostreamlined integrity test output some more
Andreas Steffen [Sat, 18 Jul 2009 09:23:27 +0000 (11:23 +0200)]
streamlined integrity test output some more

11 years agoadvertise activated integrity tests
Andreas Steffen [Fri, 17 Jul 2009 22:37:35 +0000 (00:37 +0200)]
advertise activated integrity tests

11 years agoadded latest NEWS
Andreas Steffen [Fri, 17 Jul 2009 20:54:23 +0000 (22:54 +0200)]
added latest NEWS

11 years agoadded ikev1/net2net-pgp-v4 scenario
Andreas Steffen [Fri, 17 Jul 2009 20:36:12 +0000 (22:36 +0200)]
added ikev1/net2net-pgp-v4 scenario

11 years agoadapted scenario description for OpenPGP V3 keys
Andreas Steffen [Fri, 17 Jul 2009 20:33:22 +0000 (22:33 +0200)]
adapted scenario description for OpenPGP V3 keys

11 years agoenable crypt debugging in ikev1/esp-alg-camellia scenario
Andreas Steffen [Fri, 17 Jul 2009 19:27:54 +0000 (21:27 +0200)]
enable crypt debugging in ikev1/esp-alg-camellia scenario

11 years agoadded strongswan-2.8.11 and strongswan-4.2.17 VIDs
Andreas Steffen [Fri, 17 Jul 2009 19:19:32 +0000 (21:19 +0200)]
added strongswan-2.8.11 and strongswan-4.2.17 VIDs

11 years agoenable integrity test in all rw-cert scenarios
Andreas Steffen [Fri, 17 Jul 2009 18:52:14 +0000 (20:52 +0200)]
enable integrity test in all rw-cert scenarios

11 years agofix test vector error output
Andreas Steffen [Fri, 17 Jul 2009 18:36:21 +0000 (20:36 +0200)]
fix test vector error output

11 years agostop strongswan if integrity check of libstrongswan or daemon fails
Andreas Steffen [Fri, 17 Jul 2009 18:33:19 +0000 (20:33 +0200)]
stop strongswan if integrity check of libstrongswan or daemon fails

11 years agostreamlined debug output of integrity tests
Andreas Steffen [Fri, 17 Jul 2009 15:00:17 +0000 (17:00 +0200)]
streamlined debug output of integrity tests

11 years agoenforce strongSwan coding rules
Andreas Steffen [Fri, 17 Jul 2009 14:57:07 +0000 (16:57 +0200)]
enforce strongSwan coding rules

11 years agoshortened cypto test output
Andreas Steffen [Fri, 17 Jul 2009 14:36:01 +0000 (16:36 +0200)]
shortened cypto test output

11 years agoaccelerate lookup in non-concatenated pools
Andreas Steffen [Fri, 17 Jul 2009 11:58:29 +0000 (13:58 +0200)]
accelerate lookup in non-concatenated pools

11 years agoadded scenario ikev2/ip-split-pools-db
Andreas Steffen [Fri, 17 Jul 2009 11:38:57 +0000 (13:38 +0200)]
added scenario ikev2/ip-split-pools-db

11 years agoadded sql/ip-split-pools-db and sql/ip-split-pools-db-restart scenarios
Andreas Steffen [Fri, 17 Jul 2009 09:50:59 +0000 (11:50 +0200)]
added sql/ip-split-pools-db and sql/ip-split-pools-db-restart scenarios

11 years agocheck for an existing lease over all assigned pools first
Andreas Steffen [Fri, 17 Jul 2009 09:48:35 +0000 (11:48 +0200)]
check for an existing lease over all assigned pools first

11 years agofixed problem with static leases over multiple pools
Andreas Steffen [Thu, 16 Jul 2009 19:53:46 +0000 (21:53 +0200)]
fixed problem with static leases over multiple pools

11 years agoFixing distribution build (checksum.c is created on the user's system).
Tobias Brunner [Thu, 16 Jul 2009 14:50:55 +0000 (16:50 +0200)]
Fixing distribution build (checksum.c is created on the user's system).

11 years agofixed memleak in SQL config lookup
Martin Willi [Thu, 16 Jul 2009 13:59:56 +0000 (15:59 +0200)]
fixed memleak in SQL config lookup

11 years agoCheck for gperf version added to configure script.
Tobias Brunner [Thu, 16 Jul 2009 12:59:30 +0000 (14:59 +0200)]
Check for gperf version added to configure script.

11 years agoraise an alert() if the RADIUS server is not responding
Martin Willi [Wed, 15 Jul 2009 14:13:51 +0000 (16:13 +0200)]
raise an alert() if the RADIUS server is not responding

11 years agoadded an alert() bus hook to raise critical system errors and notifications
Martin Willi [Wed, 15 Jul 2009 14:12:02 +0000 (16:12 +0200)]
added an alert() bus hook to raise critical system errors and notifications

11 years agoTypo fixed.
Tobias Brunner [Thu, 16 Jul 2009 08:59:20 +0000 (10:59 +0200)]
Typo fixed.

11 years agoAdded an option to the configure script to disable building the scripts.
Tobias Brunner [Thu, 16 Jul 2009 08:52:14 +0000 (10:52 +0200)]
Added an option to the configure script to disable building the scripts.

11 years agoRevert "gperf under FreeBSD does not know the -m option."
Tobias Brunner [Thu, 16 Jul 2009 08:09:23 +0000 (10:09 +0200)]
Revert "gperf under FreeBSD does not know the -m option."

This reverts commit 0ead254919c66a1b6a9e39b175f0b92f2a076c12.

11 years agoRemoved an unnecessary include of a header that is not available on Mac OS X.
Tobias Brunner [Wed, 15 Jul 2009 20:39:40 +0000 (22:39 +0200)]
Removed an unnecessary include of a header that is not available on Mac OS X.

11 years agoconversion from ECDSA_WITH_SHAxxx OIDs to signature schemes
Andreas Steffen [Wed, 15 Jul 2009 16:12:40 +0000 (18:12 +0200)]
conversion from ECDSA_WITH_SHAxxx OIDs to signature schemes

11 years agomoved the CFLAGS mangling AC_LIB_PREFIX macro behind CFLAG test
Martin Willi [Wed, 15 Jul 2009 14:04:37 +0000 (16:04 +0200)]
moved the CFLAGS mangling AC_LIB_PREFIX macro behind CFLAG test

11 years agoupdated debian package
Martin Willi [Wed, 15 Jul 2009 12:09:49 +0000 (14:09 +0200)]
updated debian package

11 years agoupdated Standards-Version to 3.8.2
Martin Willi [Wed, 15 Jul 2009 12:01:47 +0000 (14:01 +0200)]
updated Standards-Version to 3.8.2

11 years agoadded ${misc:Depends} dependency, fixes debhelper-but-no-misc-depends lintian warning
Martin Willi [Wed, 15 Jul 2009 12:00:42 +0000 (14:00 +0200)]
added ${misc:Depends} dependency, fixes debhelper-but-no-misc-depends lintian warning

11 years agoadded copyright information, fixes copyright-without-copyright-notice lintian warning
Martin Willi [Wed, 15 Jul 2009 11:59:25 +0000 (13:59 +0200)]
added copyright information, fixes copyright-without-copyright-notice lintian warning

11 years agocast pointers to uintptr_t for alignement check
Martin Willi [Wed, 15 Jul 2009 08:07:15 +0000 (10:07 +0200)]
cast pointers to uintptr_t for alignement check

11 years agogperf under FreeBSD does not know the -m option.
Tobias Brunner [Tue, 14 Jul 2009 10:03:12 +0000 (12:03 +0200)]
gperf under FreeBSD does not know the -m option.

We could use AC_PATH_PROGS_FEATURE_CHECK (added in Autoconf 2.62) to check for this option.

11 years agoCorrected check for valid ASN1 types in rdn_enumerate.
Tobias Brunner [Tue, 14 Jul 2009 09:55:09 +0000 (11:55 +0200)]
Corrected check for valid ASN1 types in rdn_enumerate.

Because of the range of u_char the comparison was always TRUE before.

11 years agoAdded --with-lib-prefix option to the configure script.
Tobias Brunner [Tue, 14 Jul 2009 09:50:24 +0000 (11:50 +0200)]
Added --with-lib-prefix option to the configure script.

This option enables users to add additional search paths for include
files and libraries.

11 years agoadded SHA224_WITH_RSA and ECDSA_WITH_SHAxxx OIDs
Andreas Steffen [Tue, 14 Jul 2009 03:35:01 +0000 (05:35 +0200)]
added SHA224_WITH_RSA and ECDSA_WITH_SHAxxx OIDs

11 years agodouble free caused strange side effects
Andreas Steffen [Mon, 13 Jul 2009 18:28:36 +0000 (20:28 +0200)]
double free caused strange side effects

11 years agoreport installation failure of inbound and/or outbound IPsec SA, separately
Andreas Steffen [Mon, 13 Jul 2009 13:13:12 +0000 (15:13 +0200)]
report installation failure of inbound and/or outbound IPsec SA, separately

11 years agogreat, I got my comma back
Andreas Steffen [Sun, 12 Jul 2009 19:08:37 +0000 (21:08 +0200)]
great, I got my comma back

11 years agoecp_x_coordinate_only option and IKEv1 AEAD support
Andreas Steffen [Sat, 11 Jul 2009 18:04:38 +0000 (20:04 +0200)]
ecp_x_coordinate_only option and IKEv1 AEAD support

11 years agoaddes ikev1/esp-alg-aes-ccm and ikev1/esp-alg-aes-gcm scenarios
Andreas Steffen [Sat, 11 Jul 2009 16:44:50 +0000 (18:44 +0200)]
addes ikev1/esp-alg-aes-ccm and ikev1/esp-alg-aes-gcm scenarios

11 years agopluto supports AES_CCM and AES_GCM ESP algorithms
Andreas Steffen [Sat, 11 Jul 2009 16:43:09 +0000 (18:43 +0200)]
pluto supports AES_CCM and AES_GCM ESP algorithms

11 years agoput variable definitions up front
Andreas Steffen [Fri, 10 Jul 2009 20:58:47 +0000 (22:58 +0200)]
put variable definitions up front

11 years agocosmetics
Andreas Steffen [Fri, 10 Jul 2009 20:18:26 +0000 (22:18 +0200)]
cosmetics

11 years agoadded listener.h to charon_SOURCES
Andreas Steffen [Fri, 10 Jul 2009 19:43:21 +0000 (21:43 +0200)]
added listener.h to charon_SOURCES

11 years agouse the configured NM connection id as configuration/IKE_SA name
Martin Willi [Fri, 10 Jul 2009 09:01:44 +0000 (11:01 +0200)]
use the configured NM connection id as configuration/IKE_SA name

11 years agofixed state check if establishing the CHILD_SA fails
Martin Willi [Fri, 10 Jul 2009 07:40:02 +0000 (09:40 +0200)]
fixed state check if establishing the CHILD_SA fails

11 years agouse the new updown()/rekey() hooks to track the state of NetworkManager connections
Martin Willi [Fri, 10 Jul 2009 07:37:27 +0000 (09:37 +0200)]
use the new updown()/rekey() hooks to track the state of NetworkManager connections

11 years agoupdate libfreeswan/pfkeyv2.h
Andreas Steffen [Fri, 10 Jul 2009 05:15:08 +0000 (07:15 +0200)]
update libfreeswan/pfkeyv2.h

11 years agoadded AES_CTR, AES_CCM, and AES_GCM strings
Andreas Steffen [Fri, 10 Jul 2009 04:53:54 +0000 (06:53 +0200)]
added AES_CTR, AES_CCM, and AES_GCM strings

11 years agoimplemented ike_down() bus hook
Martin Willi [Thu, 9 Jul 2009 12:44:08 +0000 (14:44 +0200)]
implemented ike_down() bus hook

11 years agoimplemented ike_up() bus hook
Martin Willi [Thu, 9 Jul 2009 11:44:06 +0000 (13:44 +0200)]
implemented ike_up() bus hook

11 years agoimplemented child_down() bus hook
Martin Willi [Thu, 9 Jul 2009 11:35:33 +0000 (13:35 +0200)]
implemented child_down() bus hook

11 years agoimplemented child_up() bus hook
Martin Willi [Thu, 9 Jul 2009 11:11:46 +0000 (13:11 +0200)]
implemented child_up() bus hook

11 years agoimplemented ike_rekey()/child_rekey() bus hooks
Martin Willi [Wed, 8 Jul 2009 12:33:24 +0000 (14:33 +0200)]
implemented ike_rekey()/child_rekey() bus hooks

11 years agoadded new listener callbacks to track SAs
Martin Willi [Wed, 8 Jul 2009 12:08:31 +0000 (14:08 +0200)]
added new listener callbacks to track SAs

11 years agomoved listener_t interface definition to a separate file
Martin Willi [Wed, 8 Jul 2009 07:00:02 +0000 (09:00 +0200)]
moved listener_t interface definition to a separate file

11 years agoenforced strongSwan coding rules
Andreas Steffen [Thu, 9 Jul 2009 13:02:51 +0000 (15:02 +0200)]
enforced strongSwan coding rules

11 years agoadded a RADIUS id_prefix option to prefix the IMSI
Martin Willi [Tue, 7 Jul 2009 13:47:09 +0000 (15:47 +0200)]
added a RADIUS id_prefix option to prefix the IMSI

11 years agoupdated ikev2bis draft from 03 to 04
Martin Willi [Thu, 9 Jul 2009 09:17:43 +0000 (11:17 +0200)]
updated ikev2bis draft from 03 to 04

11 years agomemxor does not access unaligned words anymore, but still uses words if possible
Martin Willi [Wed, 8 Jul 2009 15:19:49 +0000 (17:19 +0200)]
memxor does not access unaligned words anymore, but still uses words if possible

11 years agofixed doxygen section pgp
Martin Willi [Wed, 8 Jul 2009 08:29:12 +0000 (10:29 +0200)]
fixed doxygen section pgp

11 years agofixed two doxygen warnings
Martin Willi [Wed, 8 Jul 2009 08:28:54 +0000 (10:28 +0200)]
fixed two doxygen warnings

11 years agoupdated HACKING info
Martin Willi [Tue, 7 Jul 2009 15:26:16 +0000 (17:26 +0200)]
updated HACKING info

11 years agoremove obsolete child_cfg_t.equal_traffic_selectors() method
Martin Willi [Tue, 7 Jul 2009 12:38:55 +0000 (14:38 +0200)]
remove obsolete child_cfg_t.equal_traffic_selectors() method

11 years agochild_cfg matching code prefers a config containing the first proposed TS
Martin Willi [Tue, 7 Jul 2009 12:38:19 +0000 (14:38 +0200)]
child_cfg matching code prefers a config containing the first proposed TS

11 years agoadded missing equals() method assignment for ID_ANY identities
Martin Willi [Tue, 7 Jul 2009 11:42:22 +0000 (13:42 +0200)]
added missing equals() method assignment for ID_ANY identities

11 years agouse architecture specific Elf header
Martin Willi [Mon, 6 Jul 2009 14:36:01 +0000 (16:36 +0200)]
use architecture specific Elf header

11 years agocentralized ID type specific method assignement in generic constructor
Martin Willi [Mon, 6 Jul 2009 11:11:03 +0000 (13:11 +0200)]
centralized ID type specific method assignement in generic constructor

11 years agoremoved obsolete init_rdn()/get_next_rdn() functions
Martin Willi [Mon, 6 Jul 2009 10:47:18 +0000 (12:47 +0200)]
removed obsolete init_rdn()/get_next_rdn() functions

11 years agoreimplemented dnota() using RDN enumerator
Martin Willi [Mon, 6 Jul 2009 10:42:09 +0000 (12:42 +0200)]
reimplemented dnota() using RDN enumerator

11 years agoadded a chunk_printable() function (replaces sanitize_chunk)
Martin Willi [Mon, 6 Jul 2009 10:37:26 +0000 (12:37 +0200)]
added a chunk_printable() function (replaces sanitize_chunk)

11 years agoreplaced {same,match}_dn() by compare_dn(), using the RDN enumerator
Martin Willi [Mon, 6 Jul 2009 09:46:26 +0000 (11:46 +0200)]
replaced {same,match}_dn() by compare_dn(), using the RDN enumerator

11 years agofixed memleak if RND parsing fails
Martin Willi [Mon, 6 Jul 2009 09:45:26 +0000 (11:45 +0200)]
fixed memleak if RND parsing fails

11 years agoadded unit test for identification_t.matches()
Martin Willi [Mon, 6 Jul 2009 09:44:46 +0000 (11:44 +0200)]
added unit test for identification_t.matches()

11 years agoadded unit test for identification_t.equals()
Martin Willi [Mon, 6 Jul 2009 09:16:41 +0000 (11:16 +0200)]
added unit test for identification_t.equals()

11 years agocontains_wildcard() for DNs uses RDN enumerator
Martin Willi [Fri, 3 Jul 2009 15:09:17 +0000 (17:09 +0200)]
contains_wildcard() for DNs uses RDN enumerator

11 years agoadded unit test for identification_t.contains_wildcard()
Martin Willi [Fri, 3 Jul 2009 15:07:04 +0000 (17:07 +0200)]
added unit test for identification_t.contains_wildcard()

11 years agosimplified identification_t.clone() using memcpy
Martin Willi [Fri, 3 Jul 2009 14:30:08 +0000 (16:30 +0200)]
simplified identification_t.clone() using memcpy

11 years agouse an enumerator to parse RDNs, based on asn1_unwrap() function
Martin Willi [Fri, 3 Jul 2009 14:12:17 +0000 (16:12 +0200)]
use an enumerator to parse RDNs, based on asn1_unwrap() function

11 years agomake filter enumerator methods static
Martin Willi [Fri, 3 Jul 2009 12:17:05 +0000 (14:17 +0200)]
make filter enumerator methods static

11 years agoasn1_unwrap() function to parse ASN.1 objects with length/type
Martin Willi [Fri, 3 Jul 2009 09:06:51 +0000 (11:06 +0200)]
asn1_unwrap() function to parse ASN.1 objects with length/type

11 years agomake ecp_x_coordinate_only = yes the default
Andreas Steffen [Mon, 6 Jul 2009 09:47:38 +0000 (11:47 +0200)]
make ecp_x_coordinate_only = yes the default

11 years agoecp_x_coordinate only option allows ECP interoperability with MS Windows
Andreas Steffen [Mon, 6 Jul 2009 06:47:18 +0000 (08:47 +0200)]
ecp_x_coordinate only option allows ECP interoperability with MS Windows

11 years agosupport of OpenPGP V4 fingerprints
Andreas Steffen [Sat, 4 Jul 2009 07:25:29 +0000 (09:25 +0200)]
support of OpenPGP V4 fingerprints

11 years agocorrected comment
Andreas Steffen [Fri, 3 Jul 2009 20:39:18 +0000 (22:39 +0200)]
corrected comment

11 years agolisten for CHILD_SA state changes only until it has been installed
Martin Willi [Fri, 3 Jul 2009 08:46:30 +0000 (10:46 +0200)]
listen for CHILD_SA state changes only until it has been installed

11 years agoupdated copyright statement
Andreas Steffen [Wed, 1 Jul 2009 13:27:58 +0000 (15:27 +0200)]
updated copyright statement

11 years agoadded additional sanity checks to asn1_length() parsing
Martin Willi [Fri, 3 Jul 2009 07:26:48 +0000 (09:26 +0200)]
added additional sanity checks to asn1_length() parsing

11 years agoadded -avoid-version to LDFLAGS, plugins are not versioned
Martin Willi [Fri, 3 Jul 2009 06:57:11 +0000 (08:57 +0200)]
added -avoid-version to LDFLAGS, plugins are not versioned

11 years agodefer MOBIKE update if we have no route to the peer
Martin Willi [Thu, 2 Jul 2009 08:56:13 +0000 (10:56 +0200)]
defer MOBIKE update if we have no route to the peer

11 years agodo not abort notifying listeners if a listener unregisters
Martin Willi [Thu, 2 Jul 2009 07:38:12 +0000 (09:38 +0200)]
do not abort notifying listeners if a listener unregisters

11 years agoadded mconsole exec patch based on 2.6.30
Martin Willi [Wed, 1 Jul 2009 11:53:46 +0000 (13:53 +0200)]
added mconsole exec patch based on 2.6.30

11 years agoadded mconsole exec patch based on 2.6.29
Martin Willi [Wed, 1 Jul 2009 11:52:54 +0000 (13:52 +0200)]
added mconsole exec patch based on 2.6.29

11 years agosignal tunnel breakage to NetworkManager
Martin Willi [Tue, 30 Jun 2009 15:47:42 +0000 (17:47 +0200)]
signal tunnel breakage to NetworkManager

11 years agorestarting dbus is insufficient, restart network-manager after installation
Martin Willi [Tue, 30 Jun 2009 15:03:53 +0000 (17:03 +0200)]
restarting dbus is insufficient, restart network-manager after installation