Andreas Steffen [Fri, 4 May 2012 12:56:09 +0000 (14:56 +0200)]
upgrade p2pnat scenarios to 5.0.0
Andreas Steffen [Fri, 4 May 2012 10:15:30 +0000 (12:15 +0200)]
updated af-alg scenarios to 5.0.0
Andreas Steffen [Fri, 4 May 2012 10:12:39 +0000 (12:12 +0200)]
added openssl-ikev1 pluto interoperability tests
Andreas Steffen [Fri, 4 May 2012 10:11:57 +0000 (12:11 +0200)]
deleted unneeded openssl-ikev1 files
Andreas Steffen [Fri, 4 May 2012 10:06:45 +0000 (12:06 +0200)]
upgraded openssl-ikev1 scenarios to 5.0.0
Andreas Steffen [Fri, 4 May 2012 10:03:05 +0000 (12:03 +0200)]
upgraded openssl-ikev2 scenarios to 5.0.0
Andreas Steffen [Fri, 4 May 2012 09:57:31 +0000 (11:57 +0200)]
upgraded tnc scenarios to 5.0.0
Andreas Steffen [Thu, 3 May 2012 18:48:01 +0000 (20:48 +0200)]
charon is now an IKE daemon
Tobias Brunner [Thu, 3 May 2012 13:16:08 +0000 (15:16 +0200)]
It seems charon-nm has to be linked against libnm-util.
That's at least the case for NetworkManager 0.9.4 in Ubuntu 12.04.
Tobias Brunner [Tue, 24 Apr 2012 13:06:31 +0000 (15:06 +0200)]
Use proper getter for settings in sender and receiver.
Tobias Brunner [Tue, 24 Apr 2012 12:10:06 +0000 (14:10 +0200)]
Use name from initialization to access settings in libcharon.
Also fixes several whitespace errors.
Tobias Brunner [Tue, 24 Apr 2012 09:07:56 +0000 (11:07 +0200)]
Store the name of the binary using libcharon to enable specific settings.
Tobias Brunner [Thu, 19 Apr 2012 15:23:48 +0000 (17:23 +0200)]
Changed default path to charon for NM frontend.
Tobias Brunner [Thu, 19 Apr 2012 14:40:21 +0000 (16:40 +0200)]
Integrate nm plugin directly in charon-nm.
Tobias Brunner [Thu, 19 Apr 2012 14:35:44 +0000 (16:35 +0200)]
Added a small libcharon wrapper intended to directly host the nm plugin.
For this reason it reclaims the --enable-nm configure option.
Tobias Brunner [Thu, 19 Apr 2012 11:32:51 +0000 (13:32 +0200)]
Provide plugin list from charon, not internally in libcharon.
Andreas Steffen [Thu, 3 May 2012 09:54:56 +0000 (11:54 +0200)]
display (soft) same as (not loaded)
Andreas Steffen [Thu, 3 May 2012 09:49:30 +0000 (11:49 +0200)]
charon is now an IKE daemon
Martin Willi [Thu, 3 May 2012 09:08:09 +0000 (11:08 +0200)]
If we load new features from a plugin, restart loading from first plugin
Martin Willi [Thu, 3 May 2012 09:07:21 +0000 (11:07 +0200)]
stroke plugin sdepends on building CERT_ANY certificates
Martin Willi [Thu, 3 May 2012 07:39:35 +0000 (09:39 +0200)]
Building CERT_ANY through PEM requires either a CERT_X509 or a CERT_PGP builder
Tobias Brunner [Thu, 3 May 2012 07:37:35 +0000 (09:37 +0200)]
Updated Android.mk for 5.0 (no IKEv1 support yet).
Andreas Steffen [Wed, 2 May 2012 20:53:45 +0000 (22:53 +0200)]
updated tnc-pdp plugin for 5.0.0
Andreas Steffen [Wed, 2 May 2012 20:53:11 +0000 (22:53 +0200)]
updated testing.conf for 5.0.0
Andreas Steffen [Wed, 2 May 2012 19:13:14 +0000 (21:13 +0200)]
two new options for 5.0.0 UML testing
Tobias Brunner [Wed, 1 Feb 2012 15:02:33 +0000 (16:02 +0100)]
NEWS about route reinstallation added.
Tobias Brunner [Tue, 20 Dec 2011 14:01:06 +0000 (15:01 +0100)]
Route reinstallation in kernel_ipsec_t implementations is not needed anymore.
Tobias Brunner [Tue, 20 Dec 2011 13:59:21 +0000 (14:59 +0100)]
Reinstall routes in kernel-netlink plugin, if interfaces get reactivated or IPs reappear.
Tobias Brunner [Tue, 20 Dec 2011 13:30:10 +0000 (14:30 +0100)]
Keep track of installed source routes in kernel-netlink plugin.
Tobias Brunner [Wed, 1 Feb 2012 15:23:47 +0000 (16:23 +0100)]
NEWS about bus_t refactorings added.
Tobias Brunner [Mon, 23 Jan 2012 12:51:21 +0000 (13:51 +0100)]
Loggers specify what log messages they want to receive during registration.
This also allows us to generate the log message only once for all
loggers that need it (avoids calls to custom printf specifier callbacks).
To update the log levels loggers can simply be registered again.
Tobias Brunner [Mon, 23 Jan 2012 12:38:48 +0000 (13:38 +0100)]
Ensure that multi-line log messages are not torn apart.
Tobias Brunner [Sat, 21 Jan 2012 15:11:28 +0000 (16:11 +0100)]
Added recursive read_lock support to our own implementation of rwlock_t.
Tobias Brunner [Sat, 21 Jan 2012 13:47:13 +0000 (14:47 +0100)]
Use a separate interface for loggers.
The new interface does not allow loggers to unregister themselves from
the bus. This allows us to use a rwlock_t for them.
The latter also means that loggers can now be called concurrently by
multiple threads.
Tobias Brunner [Thu, 29 Dec 2011 18:13:08 +0000 (19:13 +0100)]
Use a separate list and mutex for loggers.
This avoids deadlocks caused by extensive listener_t implementations
which might want to acquire a lock which is currently held by another
thread wanting to log messages. Since the latter requires that thread
to acquire the same lock the initial thread currently holds this
previously resulted in a deadlock.
With this change logging messages does not require threads to acquire
the main lock in bus_t and thus avoids the deadlock.
Tobias Brunner [Thu, 22 Dec 2011 12:54:30 +0000 (13:54 +0100)]
Fixed return value of controller_t functions if callback returns FALSE.
Tobias Brunner [Thu, 22 Dec 2011 09:59:47 +0000 (10:59 +0100)]
Use wrapped semaphore in callback_job_t.
Tobias Brunner [Thu, 22 Dec 2011 09:47:44 +0000 (10:47 +0100)]
Removed remaining parts of controller_t.listen() implementation.
Tobias Brunner [Wed, 21 Dec 2011 17:27:10 +0000 (18:27 +0100)]
Remove obsolete bus_t.listen() method.
Tobias Brunner [Wed, 21 Dec 2011 17:23:56 +0000 (18:23 +0100)]
Implement wait_for_listener in controller_t with semaphores.
This eliminates even the slightest chance of a deadlock.
Tobias Brunner [Wed, 21 Dec 2011 17:22:23 +0000 (18:22 +0100)]
Added a wrapper class around POSIX semaphores.
Tobias Brunner [Wed, 21 Dec 2011 16:15:33 +0000 (17:15 +0100)]
Implement bus_t.listen() directly in controller_t (the only user).
This will hopefully allow us to later simplify bus_t.
Martin Willi [Thu, 1 Mar 2012 16:07:08 +0000 (17:07 +0100)]
Add plugin features support to stroke plugin
Martin Willi [Wed, 29 Feb 2012 15:09:11 +0000 (16:09 +0100)]
Certificate decoding soft-depends on public key decoding of specific types
Martin Willi [Wed, 29 Feb 2012 15:08:07 +0000 (16:08 +0100)]
PEM loading plugin features depend on the same feature, they are helpers only
Martin Willi [Wed, 29 Feb 2012 15:07:16 +0000 (16:07 +0100)]
Don't depend on a feature that has a dependency to the same feauture during unload
Martin Willi [Wed, 2 May 2012 09:12:31 +0000 (11:12 +0200)]
Merge branch 'ikev1'
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
Martin Willi [Wed, 2 May 2012 07:03:23 +0000 (09:03 +0200)]
Added a dedicated sender flush method, delay sender destruction until users gone
Tobias Brunner [Tue, 1 May 2012 11:32:43 +0000 (13:32 +0200)]
Documented strongswan.conf options for radattr plugin.
Andreas Steffen [Mon, 30 Apr 2012 11:40:48 +0000 (13:40 +0200)]
add AUTH_RULE_SUBJECT_CERT for raw public keys
Andreas Steffen [Mon, 30 Apr 2012 09:42:09 +0000 (11:42 +0200)]
added missing whitespace
Tobias Brunner [Mon, 30 Apr 2012 08:48:57 +0000 (10:48 +0200)]
Properly initialize optional subject in PEM builder.
Tobias Brunner [Mon, 30 Apr 2012 08:47:42 +0000 (10:47 +0200)]
Typo fixed.
Andreas Steffen [Mon, 30 Apr 2012 07:48:21 +0000 (09:48 +0200)]
version bump to 4.6.3
Andreas Steffen [Mon, 30 Apr 2012 07:47:34 +0000 (09:47 +0200)]
output validity of raw public key if available
Andreas Steffen [Mon, 30 Apr 2012 05:02:08 +0000 (07:02 +0200)]
ikev2/net2net-pubkey scenario does not need dnskey plugin
Andreas Steffen [Sun, 29 Apr 2012 22:33:18 +0000 (00:33 +0200)]
added ikev2/net2net-pubkey scenario
Andreas Steffen [Sun, 29 Apr 2012 22:32:58 +0000 (00:32 +0200)]
added ikev2/net2net-rsa scenario
Andreas Steffen [Sun, 29 Apr 2012 22:31:42 +0000 (00:31 +0200)]
added support for raw RSA public keys to stroke
Andreas Steffen [Sun, 29 Apr 2012 17:10:25 +0000 (19:10 +0200)]
added ikev2/rw-eap-md5-id-prompt scenario
Martin Willi [Thu, 26 Apr 2012 12:35:27 +0000 (14:35 +0200)]
Fixed Android null terminated password fixup in xauth-eap
Tobias Brunner [Thu, 26 Apr 2012 06:50:39 +0000 (08:50 +0200)]
Fixed null-pointer dereference in smp plugin.
Andreas Steffen [Wed, 25 Apr 2012 18:53:08 +0000 (20:53 +0200)]
CERT_TRUSTED_PUBKEY stores notBefore, notAfter and subject information
Tobias Brunner [Tue, 24 Apr 2012 07:25:38 +0000 (09:25 +0200)]
pluto: Fix for null-terminated XAuth secrets (as sent by Android 4).
Andreas Steffen [Sun, 22 Apr 2012 20:22:25 +0000 (22:22 +0200)]
activated cmac plugin in UML test suites
Andreas Steffen [Sun, 22 Apr 2012 18:24:59 +0000 (20:24 +0200)]
isolate a TNC client if an error occurs
Andreas Steffen [Sun, 22 Apr 2012 15:41:20 +0000 (17:41 +0200)]
version bump to 4.6.3rc2
Andreas Steffen [Sun, 22 Apr 2012 15:40:59 +0000 (17:40 +0200)]
exit if TBOOT dummy measurements are not defined
Tobias Brunner [Fri, 20 Apr 2012 07:21:03 +0000 (09:21 +0200)]
Option added to set identifier for syslog(3) logging.
This identifier is added to each log message by syslog.
Tobias Brunner [Tue, 17 Apr 2012 15:44:10 +0000 (17:44 +0200)]
Removed auth_cfg_t.replace_value() and replaced usages with add().
replace_value() was used to replace identities. Since for these the latest is
now returned by get(), adding the new identity with add() is sufficient.
Tobias Brunner [Tue, 17 Apr 2012 15:37:30 +0000 (17:37 +0200)]
Changed the order and semantics of rules we expect only once in auth_cfg_t.
These rules are now inserted at the front of the internal list, this
allows to retrieve the rule added last with get(). For other rules the
order in which they are added is maintained (this allows to properly
enumerate them).
Tobias Brunner [Tue, 17 Apr 2012 11:58:18 +0000 (13:58 +0200)]
Store password with remote ID to tie it stronger to a specific connection.
Tobias Brunner [Tue, 17 Apr 2012 09:18:37 +0000 (11:18 +0200)]
Added stroke user-creds command, to set username/password for a connection.
Tobias Brunner [Tue, 17 Apr 2012 09:14:38 +0000 (11:14 +0200)]
Added method to add additional shared secrets to stroke_cred_t.
Tobias Brunner [Tue, 17 Apr 2012 09:13:44 +0000 (11:13 +0200)]
Additional prompt keyword added to stroke.
Tobias Brunner [Tue, 17 Apr 2012 09:11:24 +0000 (11:11 +0200)]
Typo fixed.
Martin Willi [Tue, 17 Apr 2012 07:36:39 +0000 (09:36 +0200)]
Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a few secs
Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as
initiator, we can't know if the completing IKE_SA_INIT message is to our first
request or the one with the COOKIE. If the responder just enabled/disabled
COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE
behavior toggling improves the situation, but does not solve the problem during
the initial COOKIE activation.
Martin Willi [Mon, 16 Apr 2012 14:57:18 +0000 (16:57 +0200)]
Added a note about DH/keymat lifecycle for custom implementations
Martin Willi [Mon, 16 Apr 2012 14:55:14 +0000 (16:55 +0200)]
Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE
Martin Willi [Mon, 16 Apr 2012 14:47:17 +0000 (16:47 +0200)]
Fix iteration through half-open IKE_SA table
Tobias Brunner [Mon, 16 Apr 2012 09:55:07 +0000 (11:55 +0200)]
Use IP address as ID as responder if not configured or no IDr received.
Tobias Brunner [Mon, 16 Apr 2012 09:53:06 +0000 (11:53 +0200)]
Fall back on IP address as IDi if none is configured at all.
Tobias Brunner [Fri, 13 Apr 2012 13:47:25 +0000 (15:47 +0200)]
Use auth_cfg_t.replace_value where appropriate.
Tobias Brunner [Fri, 13 Apr 2012 13:46:23 +0000 (15:46 +0200)]
Added a simple method to replace the value of a rule in auth_cfg_t.
Tobias Brunner [Wed, 4 Apr 2012 09:46:59 +0000 (11:46 +0200)]
Fixed IDi in case neither left nor leftid is configured.
Andreas Steffen [Sun, 15 Apr 2012 21:39:27 +0000 (23:39 +0200)]
fixed parsing of port ranges in Scanner IMV
Tobias Brunner [Sat, 14 Apr 2012 06:40:27 +0000 (08:40 +0200)]
Typo fixed in NEWS.
Martin Willi [Wed, 11 Apr 2012 15:43:30 +0000 (17:43 +0200)]
Don't invoke child_updown hook twice as responder
Martin Willi [Tue, 3 Apr 2012 06:35:25 +0000 (08:35 +0200)]
Accept zero-length certificate request payloads
Tobias Brunner [Fri, 6 Apr 2012 08:53:47 +0000 (10:53 +0200)]
Properly initialize src in ike_sa_t.is_any_path_valid().
Andreas Steffen [Thu, 5 Apr 2012 14:52:37 +0000 (16:52 +0200)]
checksum need a libradius_init() symbol
Andreas Steffen [Thu, 5 Apr 2012 07:11:47 +0000 (09:11 +0200)]
version bump to 4.6.3rc1
Andreas Steffen [Thu, 5 Apr 2012 07:04:11 +0000 (09:04 +0200)]
remove leading zero in ASN.1 encoded serial numbers
Andreas Steffen [Wed, 4 Apr 2012 09:29:00 +0000 (11:29 +0200)]
ASN.1 two's complement encoding prevents overflow in CRL serial number
Tobias Brunner [Wed, 4 Apr 2012 08:51:46 +0000 (10:51 +0200)]
Make AES-CMAC actually usable for IKEv2.
Martin Willi [Wed, 4 Apr 2012 08:31:57 +0000 (10:31 +0200)]
Added another bunch of commonly used IKEv1 NATT vendor IDs
Andreas Steffen [Tue, 3 Apr 2012 12:19:37 +0000 (14:19 +0200)]
represent 0 as a single byte
Andreas Steffen [Tue, 3 Apr 2012 12:12:50 +0000 (14:12 +0200)]
moved chunk_skip_zero to chunk.h
Andreas Steffen [Tue, 3 Apr 2012 10:49:05 +0000 (12:49 +0200)]
added IKEv2 Generic Secure Password Authentication Method
Andreas Steffen [Tue, 3 Apr 2012 10:48:48 +0000 (12:48 +0200)]
added IKEv2 Generic Secure Password Authentication Method