strongswan.git
10 years agoSupport TLS client authentication Extended Key Usage in x509 generation
Martin Willi [Thu, 14 Jan 2010 11:00:43 +0000 (12:00 +0100)]
Support TLS client authentication Extended Key Usage in x509 generation

10 years agoBlock the signals before the call to sigwait.
Tobias Brunner [Tue, 12 Jan 2010 10:52:03 +0000 (11:52 +0100)]
Block the signals before the call to sigwait.

10 years agoSupport for closing CHILD/IKE_SA if a CHILD_SA is inactive.
Martin Willi [Tue, 12 Jan 2010 09:16:34 +0000 (10:16 +0100)]
Support for closing CHILD/IKE_SA if a CHILD_SA is inactive.

10 years agoAdded strongswan.conf options to configure retransmission timeouts
Martin Willi [Mon, 11 Jan 2010 15:42:12 +0000 (16:42 +0100)]
Added strongswan.conf options to configure retransmission timeouts

10 years agoAdded a "double" getter to libstrongswan settings
Martin Willi [Mon, 11 Jan 2010 15:39:28 +0000 (16:39 +0100)]
Added a "double" getter to libstrongswan settings

10 years agoCast unaligned memcpy() args to char*, avoids over-optimization on ARM
Martin Willi [Mon, 11 Jan 2010 14:18:50 +0000 (15:18 +0100)]
Cast unaligned memcpy() args to char*, avoids over-optimization on ARM

See http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.faqs/ka3934.html

10 years agoadded ikev2/rw-eap-sim-only-radius scenario
Andreas Steffen [Mon, 11 Jan 2010 10:20:45 +0000 (11:20 +0100)]
added ikev2/rw-eap-sim-only-radius scenario

10 years agolog EAP-only authentication proposal
Andreas Steffen [Mon, 11 Jan 2010 10:17:40 +0000 (11:17 +0100)]
log EAP-only authentication proposal

10 years agosend strongSwan Vendor ID in ikev2/alg-sha256-96 scenario
Andreas Steffen [Sun, 10 Jan 2010 23:54:33 +0000 (00:54 +0100)]
send strongSwan Vendor ID in ikev2/alg-sha256-96 scenario

10 years agopluto and charon are using the same strongSwan Vendor ID
Andreas Steffen [Sun, 10 Jan 2010 23:43:46 +0000 (00:43 +0100)]
pluto and charon are using the same strongSwan Vendor ID

10 years agoAdded NEWS about mutual EAP-only authentication
Martin Willi [Thu, 7 Jan 2010 15:16:22 +0000 (16:16 +0100)]
Added NEWS about mutual EAP-only authentication

10 years agoEAP-MSCHAPv2 is indeed mutual, but is prone to MITM dictionary attacks
Martin Willi [Thu, 7 Jan 2010 14:56:11 +0000 (15:56 +0100)]
EAP-MSCHAPv2 is indeed mutual, but is prone to MITM dictionary attacks

10 years agoSupport EAP-only authentication for mutual and key deriving EAP methods
Martin Willi [Thu, 7 Jan 2010 14:51:30 +0000 (15:51 +0100)]
Support EAP-only authentication for mutual and key deriving EAP methods

10 years agoIndicate and dected support for EAP-only authentication
Martin Willi [Thu, 7 Jan 2010 13:30:28 +0000 (14:30 +0100)]
Indicate and dected support for EAP-only authentication

10 years agoAdded NEWS for the new Vendor ID requirement for private use allocations
Martin Willi [Thu, 7 Jan 2010 10:14:33 +0000 (11:14 +0100)]
Added NEWS for the new Vendor ID requirement for private use allocations

10 years agoMatch to private use algorithms only if we know we are talking to strongSwan
Martin Willi [Thu, 7 Jan 2010 10:07:53 +0000 (11:07 +0100)]
Match to private use algorithms only if we know we are talking to strongSwan

10 years agoInterpret private use BEET mode notify only if we know we are talking to strongSwan
Martin Willi [Thu, 7 Jan 2010 09:37:38 +0000 (09:37 +0000)]
Interpret private use BEET mode notify only if we know we are talking to strongSwan

10 years agoAdd an option to send a vendor ID, allows us to properly support private extensions
Martin Willi [Thu, 7 Jan 2010 09:26:58 +0000 (10:26 +0100)]
Add an option to send a vendor ID, allows us to properly support private extensions

10 years agoadded some recent new attributes registered with IANA
Andreas Steffen [Thu, 7 Jan 2010 06:49:16 +0000 (07:49 +0100)]
added some recent new attributes registered with IANA

10 years agoipsec pki --self|issue supports --pathlen option setting a path length constraint
Andreas Steffen [Thu, 31 Dec 2009 14:13:35 +0000 (15:13 +0100)]
ipsec pki --self|issue supports --pathlen option setting a path length constraint

10 years agomake error message about missing MD4 hasher more explicit
Andreas Steffen [Wed, 30 Dec 2009 22:32:03 +0000 (23:32 +0100)]
make error message about missing MD4 hasher more explicit

10 years agodifferentiate EAP method initialization errors
Andreas Steffen [Wed, 30 Dec 2009 20:34:59 +0000 (21:34 +0100)]
differentiate EAP method initialization errors

10 years agoremoved charon-specific load statement in pluto scenario
Andreas Steffen [Sat, 26 Dec 2009 16:13:53 +0000 (17:13 +0100)]
removed charon-specific load statement in pluto scenario

10 years agoPluto's fetcher thread is now created via libstrongswan.
Tobias Brunner [Sat, 26 Dec 2009 14:49:15 +0000 (15:49 +0100)]
Pluto's fetcher thread is now created via libstrongswan.

10 years agoadded RFC 3779 CA
Andreas Steffen [Fri, 25 Dec 2009 10:01:30 +0000 (11:01 +0100)]
added RFC 3779 CA

10 years agoadded three RFC 3779 scenarios
Andreas Steffen [Fri, 25 Dec 2009 09:58:06 +0000 (10:58 +0100)]
added three RFC 3779 scenarios

10 years agoAdded RFC 3779 support to NEWS
Andreas Steffen [Fri, 25 Dec 2009 08:10:44 +0000 (09:10 +0100)]
Added RFC 3779 support to NEWS

10 years agoenforce RFC 3779 address constraints on traffic selectors
Andreas Steffen [Fri, 25 Dec 2009 00:58:20 +0000 (01:58 +0100)]
enforce RFC 3779 address constraints on traffic selectors

10 years agoAdapted the load_tester kernel-interface to the changes introduced in 6ec949e02.
Tobias Brunner [Wed, 23 Dec 2009 16:15:28 +0000 (17:15 +0100)]
Adapted the load_tester kernel-interface to the changes introduced in 6ec949e02.

10 years agoAdded some IPv6 tweaks for Android.
Tobias Brunner [Wed, 23 Dec 2009 10:30:41 +0000 (11:30 +0100)]
Added some IPv6 tweaks for Android.

Android 1.6 does not yet support the Advanced Sockets API for IPv6 as defined in
RFC 3542. Also, in6addr_any is missing.

10 years agoSemicolon removed.
Tobias Brunner [Tue, 22 Dec 2009 12:59:32 +0000 (13:59 +0100)]
Semicolon removed.

10 years agoAccording to the man page (and the header files in Android) prctl takes a total of...
Tobias Brunner [Tue, 22 Dec 2009 12:36:46 +0000 (13:36 +0100)]
According to the man page (and the header files in Android) prctl takes a total of 5 arguments.

10 years agoAdded a workaround for the missing pthread_cancel on Android.
Tobias Brunner [Tue, 22 Dec 2009 09:51:11 +0000 (10:51 +0100)]
Added a workaround for the missing pthread_cancel on Android.

10 years agoUse pthread_cond_timedwait_monotonic on Android.
Tobias Brunner [Mon, 21 Dec 2009 16:03:33 +0000 (17:03 +0100)]
Use pthread_cond_timedwait_monotonic on Android.

10 years agoCache queue locking in credential manager corrected.
Tobias Brunner [Mon, 21 Dec 2009 13:09:09 +0000 (14:09 +0100)]
Cache queue locking in credential manager corrected.

10 years agoJoin worker threads when destroying the processor.
Tobias Brunner [Mon, 21 Dec 2009 12:42:48 +0000 (13:42 +0100)]
Join worker threads when destroying the processor.

10 years agoCallback job refactored and fixed.
Tobias Brunner [Thu, 17 Dec 2009 17:30:15 +0000 (18:30 +0100)]
Callback job refactored and fixed.

10 years agoWhitespace cleanup.
Tobias Brunner [Thu, 17 Dec 2009 15:00:14 +0000 (16:00 +0100)]
Whitespace cleanup.

10 years agoReadding changes that got lost during refactoring/rebasing.
Tobias Brunner [Thu, 17 Dec 2009 14:58:46 +0000 (15:58 +0100)]
Readding changes that got lost during refactoring/rebasing.

10 years agoUsing the thread wrapper in charon, libstrongswan and their plugins.
Tobias Brunner [Thu, 17 Dec 2009 14:58:12 +0000 (15:58 +0100)]
Using the thread wrapper in charon, libstrongswan and their plugins.

10 years agoAdding an object-oriented wrapper for thread-specific values.
Tobias Brunner [Thu, 17 Dec 2009 14:28:23 +0000 (15:28 +0100)]
Adding an object-oriented wrapper for thread-specific values.

10 years agoAdding an object-oriented wrapper for threads.
Tobias Brunner [Thu, 17 Dec 2009 14:25:37 +0000 (15:25 +0100)]
Adding an object-oriented wrapper for threads.

10 years agoCheck if libpthread is required or not.
Tobias Brunner [Thu, 10 Dec 2009 10:08:01 +0000 (11:08 +0100)]
Check if libpthread is required or not.

10 years agoCheck for pthread_condattr_init added to configure script.
Tobias Brunner [Tue, 8 Dec 2009 17:24:40 +0000 (18:24 +0100)]
Check for pthread_condattr_init added to configure script.

10 years agoGenerating the apidoc in an out-of-tree build fixed.
Tobias Brunner [Tue, 8 Dec 2009 16:06:04 +0000 (17:06 +0100)]
Generating the apidoc in an out-of-tree build fixed.

10 years agoMoved implementation of condvar_t to mutex.c because it requires access to private_mu...
Tobias Brunner [Tue, 8 Dec 2009 16:55:37 +0000 (17:55 +0100)]
Moved implementation of condvar_t to mutex.c because it requires access to private_mutex_t.

10 years agoSeparated the public interfaces of the threading primitives.
Tobias Brunner [Tue, 8 Dec 2009 15:53:01 +0000 (16:53 +0100)]
Separated the public interfaces of the threading primitives.

10 years agoImplemented a read-write lock using only mutex_t and condvar_t (in case the pthread_r...
Tobias Brunner [Tue, 8 Dec 2009 13:06:11 +0000 (14:06 +0100)]
Implemented a read-write lock using only mutex_t and condvar_t (in case the pthread_rwlock_* group of functions is not available).

10 years agoThreading primitives separated.
Tobias Brunner [Mon, 7 Dec 2009 16:26:39 +0000 (17:26 +0100)]
Threading primitives separated.

10 years agoMoved mutex.c to a separate folder in order to cleanly wrap other threading primitive...
Tobias Brunner [Mon, 7 Dec 2009 14:56:04 +0000 (15:56 +0100)]
Moved mutex.c to a separate folder in order to cleanly wrap other threading primitives (and utils/mutex.h is now threading.h).

10 years agoverify RFC3779 IP address blocks along X.509 certificate trust chain
Andreas Steffen [Wed, 23 Dec 2009 13:17:28 +0000 (14:17 +0100)]
verify RFC3779 IP address blocks along X.509 certificate trust chain

10 years agoFixed untoh32 function
Martin Willi [Wed, 23 Dec 2009 12:08:42 +0000 (13:08 +0100)]
Fixed untoh32 function

10 years agodo not recalculate netbits for true subnets
Andreas Steffen [Tue, 22 Dec 2009 16:07:08 +0000 (17:07 +0100)]
do not recalculate netbits for true subnets

10 years agoX509_IP_ADDR_BLOCKS flag signals the presence of an ipAddrBlock certificate extension
Andreas Steffen [Tue, 22 Dec 2009 12:18:27 +0000 (13:18 +0100)]
X509_IP_ADDR_BLOCKS flag signals the presence of an ipAddrBlock certificate extension

10 years agoadded create_ipAddrBlock_enumerator() method to x509_t
Andreas Steffen [Tue, 22 Dec 2009 10:58:30 +0000 (11:58 +0100)]
added create_ipAddrBlock_enumerator() method to x509_t

10 years agocosmetics
Andreas Steffen [Tue, 22 Dec 2009 08:53:53 +0000 (09:53 +0100)]
cosmetics

10 years agofixed IPv6 bug in calc_range()
Andreas Steffen [Mon, 21 Dec 2009 23:49:23 +0000 (00:49 +0100)]
fixed IPv6 bug in calc_range()

10 years agofixed initialization of netbits
Andreas Steffen [Mon, 21 Dec 2009 22:03:14 +0000 (23:03 +0100)]
fixed initialization of netbits

10 years agofixed distribution list
Andreas Steffen [Mon, 21 Dec 2009 21:28:08 +0000 (22:28 +0100)]
fixed distribution list

10 years agotraffic_selector supports RFC 3779 address range format
Andreas Steffen [Mon, 21 Dec 2009 20:28:45 +0000 (21:28 +0100)]
traffic_selector supports RFC 3779 address range format

10 years agoMigrated identification_t to INIT/METHOD macros
Martin Willi [Mon, 21 Dec 2009 14:23:34 +0000 (15:23 +0100)]
Migrated identification_t to INIT/METHOD macros

10 years agothis->type is set by traffic_selector_create()
Andreas Steffen [Sun, 20 Dec 2009 19:01:18 +0000 (20:01 +0100)]
this->type is set by traffic_selector_create()

10 years agoparse RFC 3779 addressFamily
Andreas Steffen [Sun, 20 Dec 2009 18:26:28 +0000 (19:26 +0100)]
parse RFC 3779 addressFamily

10 years agoplugin name is x509
Andreas Steffen [Sun, 20 Dec 2009 15:01:35 +0000 (16:01 +0100)]
plugin name is x509

10 years agodiscard certificate with unknown critical extensions
Andreas Steffen [Sun, 20 Dec 2009 14:53:39 +0000 (15:53 +0100)]
discard certificate with unknown critical extensions

10 years agouse traffic_selector_t object to represent ipAddrBlocks
Andreas Steffen [Sun, 20 Dec 2009 14:15:02 +0000 (15:15 +0100)]
use traffic_selector_t object to represent ipAddrBlocks

10 years agomoved traffic_selectors from charon to libstrongswan
Andreas Steffen [Sun, 20 Dec 2009 13:57:38 +0000 (14:57 +0100)]
moved traffic_selectors from charon to libstrongswan

10 years agofirewall-enabled ipv6/net2net-ip6-in-ip4-ikev2 scenario
Andreas Steffen [Thu, 17 Dec 2009 18:43:33 +0000 (19:43 +0100)]
firewall-enabled ipv6/net2net-ip6-in-ip4-ikev2 scenario

10 years agofirewall-enabled ipv6/net2net-ip4-in-ip6-ikev2 scenario
Andreas Steffen [Thu, 17 Dec 2009 17:50:45 +0000 (18:50 +0100)]
firewall-enabled ipv6/net2net-ip4-in-ip6-ikev2 scenario

10 years agoparse ipAddrBlocks
Andreas Steffen [Thu, 17 Dec 2009 16:32:26 +0000 (17:32 +0100)]
parse ipAddrBlocks

10 years agofixed updown plugin for mixed IPv4/IPv6 tunnels
Andreas Steffen [Thu, 17 Dec 2009 16:28:11 +0000 (17:28 +0100)]
fixed updown plugin for mixed IPv4/IPv6 tunnels

10 years agoMigrated curl_fetcher to INIT/METHOD macros
Martin Willi [Tue, 8 Dec 2009 15:21:08 +0000 (16:21 +0100)]
Migrated curl_fetcher to INIT/METHOD macros

10 years agoAdded a METHOD() macro to define methods with both public and private signatures
Martin Willi [Tue, 8 Dec 2009 15:12:16 +0000 (16:12 +0100)]
Added a METHOD() macro to define methods with both public and private signatures

10 years agoAdded a INIT() macro to initialize class instances
Martin Willi [Tue, 8 Dec 2009 15:11:37 +0000 (16:11 +0100)]
Added a INIT() macro to initialize class instances

10 years agoFixed BEET mode by installing SAs with negotiated address in traffic selector
Martin Willi [Thu, 17 Dec 2009 09:50:37 +0000 (10:50 +0100)]
Fixed BEET mode by installing SAs with negotiated address in traffic selector

10 years agoadded IKEv1 Camellia support to NEWS
Andreas Steffen [Wed, 16 Dec 2009 20:52:32 +0000 (21:52 +0100)]
added IKEv1 Camellia support to NEWS

10 years agoikev1/ip-pool-db-push scenario tests DNS and NBNS server support
Andreas Steffen [Wed, 16 Dec 2009 20:50:39 +0000 (21:50 +0100)]
ikev1/ip-pool-db-push scenario tests DNS and NBNS server support

10 years agoIKEv1 daemon supports DNS and NBNS server assignment from database
Andreas Steffen [Wed, 16 Dec 2009 20:49:51 +0000 (21:49 +0100)]
IKEv1 daemon supports DNS and NBNS server assignment from database

10 years agoikev1/ip-pool-db scenario tests DNS and NBNS server support
Andreas Steffen [Wed, 16 Dec 2009 20:22:13 +0000 (21:22 +0100)]
ikev1/ip-pool-db scenario tests DNS and NBNS server support

10 years agosql/ip-pool-db scenario tests DNS and NBNS server support
Andreas Steffen [Wed, 16 Dec 2009 18:02:23 +0000 (19:02 +0100)]
sql/ip-pool-db scenario tests DNS and NBNS server support

10 years agoikev2/ip-pool-db scenario tests DNS and NBNS server support
Andreas Steffen [Wed, 16 Dec 2009 17:45:29 +0000 (18:45 +0100)]
ikev2/ip-pool-db scenario tests DNS and NBNS server support

10 years agoadded ipsec pool DNS and NBNS support to NEWS
Andreas Steffen [Wed, 16 Dec 2009 17:20:07 +0000 (18:20 +0100)]
added ipsec pool DNS and NBNS support to NEWS

10 years agoipsec pool manages dns and nbns servers
Andreas Steffen [Wed, 16 Dec 2009 17:11:57 +0000 (18:11 +0100)]
ipsec pool manages dns and nbns servers

10 years agocosmetics
Andreas Steffen [Wed, 16 Dec 2009 12:33:09 +0000 (13:33 +0100)]
cosmetics

10 years agoprovide attributes from SQL database
Andreas Steffen [Wed, 16 Dec 2009 11:31:41 +0000 (12:31 +0100)]
provide attributes from SQL database

10 years agoadded openssl-ikev1/alg-camellia scenario
Andreas Steffen [Tue, 15 Dec 2009 18:55:58 +0000 (19:55 +0100)]
added openssl-ikev1/alg-camellia scenario

10 years agoremoved superfluous ikev1/esp-alg-camellia scenario
Andreas Steffen [Tue, 15 Dec 2009 18:16:28 +0000 (19:16 +0100)]
removed superfluous ikev1/esp-alg-camellia scenario

10 years agoadded gcrypt-ikev1/alg-camellia scenario
Andreas Steffen [Tue, 15 Dec 2009 18:15:44 +0000 (19:15 +0100)]
added gcrypt-ikev1/alg-camellia scenario

10 years agoadd IKEv1 support for the Camellia cipher
Andreas Steffen [Tue, 15 Dec 2009 18:13:06 +0000 (19:13 +0100)]
add IKEv1 support for the Camellia cipher

10 years agoAdded htoun16/32 and untoh16/32 to read/write unaligned network order integers
Martin Willi [Tue, 15 Dec 2009 12:39:01 +0000 (13:39 +0100)]
Added htoun16/32 and untoh16/32 to read/write unaligned network order integers

10 years agoInstall v6 routes via outgoing interface for now
Martin Willi [Mon, 14 Dec 2009 13:44:24 +0000 (14:44 +0100)]
Install v6 routes via outgoing interface for now

10 years agoactivate tcpdump in ikev1/esp-alg-des scenario
Andreas Steffen [Thu, 10 Dec 2009 21:37:43 +0000 (22:37 +0100)]
activate tcpdump in ikev1/esp-alg-des scenario

10 years agoshuffled output order to achieve consistence
Andreas Steffen [Wed, 9 Dec 2009 16:26:35 +0000 (17:26 +0100)]
shuffled output order to achieve consistence

10 years agoadded pfkey/alg-sha384 and pfkey/alg-sha512 scenarios
Andreas Steffen [Wed, 9 Dec 2009 16:25:12 +0000 (17:25 +0100)]
added pfkey/alg-sha384 and pfkey/alg-sha512 scenarios

10 years agoadapted openssl-ikev2/alg scenarios
Andreas Steffen [Wed, 9 Dec 2009 14:51:43 +0000 (15:51 +0100)]
adapted openssl-ikev2/alg scenarios

10 years agoadapted gcrypt-ikev2/alg-camellia scenario
Andreas Steffen [Wed, 9 Dec 2009 14:48:03 +0000 (15:48 +0100)]
adapted gcrypt-ikev2/alg-camellia scenario

10 years agoadapted gcrypt-ikev1 alg scenarios
Andreas Steffen [Wed, 9 Dec 2009 14:45:45 +0000 (15:45 +0100)]
adapted gcrypt-ikev1 alg scenarios

10 years agoadapted ikev1 alg and esp scenarios
Andreas Steffen [Wed, 9 Dec 2009 14:41:54 +0000 (15:41 +0100)]
adapted ikev1 alg and esp scenarios

10 years agoadapted pfkey alg and esp scenarios
Andreas Steffen [Wed, 9 Dec 2009 14:38:17 +0000 (15:38 +0100)]
adapted pfkey alg and esp scenarios

10 years agoremove again the ikev2/esp-alg-camellia scenario
Andreas Steffen [Wed, 9 Dec 2009 14:26:43 +0000 (15:26 +0100)]
remove again the ikev2/esp-alg-camellia scenario