strongswan.git
13 years agoprototype implemementation of an sqlite configuration backend
Martin Willi [Tue, 18 Sep 2007 07:12:21 +0000 (07:12 -0000)]
prototype implemementation of an sqlite configuration backend

13 years agoremoved unneded template logout.cs, fixes #10
Martin Willi [Tue, 18 Sep 2007 05:37:31 +0000 (05:37 -0000)]
removed unneded template logout.cs, fixes #10

13 years agoconnection name to IKE_SA initiating
Andreas Steffen [Sat, 15 Sep 2007 20:30:04 +0000 (20:30 -0000)]
connection name to IKE_SA initiating

13 years agoput IKE_SA and CHILD_SA names in single quotes
Andreas Steffen [Sat, 15 Sep 2007 16:06:58 +0000 (16:06 -0000)]
put IKE_SA and CHILD_SA names in single quotes

13 years agolog name of IKE_SA in state changes
Andreas Steffen [Sat, 15 Sep 2007 15:54:51 +0000 (15:54 -0000)]
log name of IKE_SA in state changes

13 years agolog name of established IKE_SA
Andreas Steffen [Sat, 15 Sep 2007 15:54:30 +0000 (15:54 -0000)]
log name of established IKE_SA

13 years agolog name of established CHILD_SA
Andreas Steffen [Sat, 15 Sep 2007 15:53:10 +0000 (15:53 -0000)]
log name of established CHILD_SA

13 years agoadapted format of IKE SPIs to strongSwan Manager's style
Andreas Steffen [Sat, 15 Sep 2007 15:35:02 +0000 (15:35 -0000)]
adapted format of IKE SPIs to strongSwan Manager's style

13 years agocorrected image title
Andreas Steffen [Sat, 15 Sep 2007 15:28:48 +0000 (15:28 -0000)]
corrected image title

13 years agoadded connection name to IKE_SA title
Martin Willi [Fri, 14 Sep 2007 14:18:09 +0000 (14:18 -0000)]
added connection name to IKE_SA title

13 years agoadded missing distribution/install files
Martin Willi [Fri, 14 Sep 2007 14:17:43 +0000 (14:17 -0000)]
added missing distribution/install files

13 years agoadded subnets of CHILD_SAs to xml interface
Martin Willi [Fri, 14 Sep 2007 14:07:30 +0000 (14:07 -0000)]
added subnets of CHILD_SAs to xml interface
a first design of Managers IKE_SA list page

13 years agopeer_cfg now knows about group memberships
Andreas Steffen [Thu, 13 Sep 2007 15:33:17 +0000 (15:33 -0000)]
peer_cfg now knows about group memberships

13 years agoadded missing 'break' in checkout_by_peer
Tobias Brunner [Thu, 13 Sep 2007 13:00:23 +0000 (13:00 -0000)]
added missing 'break' in checkout_by_peer

13 years agoadded DATA files to EXTRA_DIST
Martin Willi [Thu, 13 Sep 2007 08:32:14 +0000 (08:32 -0000)]
added DATA files to EXTRA_DIST

13 years agoadded compiler-soothing parentheses
Andreas Steffen [Thu, 13 Sep 2007 08:22:37 +0000 (08:22 -0000)]
added compiler-soothing parentheses

13 years agofixed 64bit issue with file descriptor
Martin Willi [Thu, 13 Sep 2007 08:19:15 +0000 (08:19 -0000)]
fixed 64bit issue with file descriptor

13 years agoadded debugging helper script for manager
Martin Willi [Thu, 13 Sep 2007 08:15:24 +0000 (08:15 -0000)]
added debugging helper script for manager

13 years agofixed scenario loading
Martin Willi [Thu, 13 Sep 2007 08:10:36 +0000 (08:10 -0000)]
fixed scenario loading

13 years agoadded missing enumerator.h to distribution
Martin Willi [Thu, 13 Sep 2007 08:06:17 +0000 (08:06 -0000)]
added missing enumerator.h to distribution

13 years agoreplaced a confusing template with an ugly one (ikesalist)
Martin Willi [Thu, 13 Sep 2007 07:59:51 +0000 (07:59 -0000)]
replaced a confusing template with an ugly one (ikesalist)

13 years agomanager can query and list IKE_SA status (no layout yet)
Martin Willi [Thu, 13 Sep 2007 07:45:04 +0000 (07:45 -0000)]
manager can query and list IKE_SA status (no layout yet)

13 years agoadded Daniel Wydler to copyright.c
Andreas Steffen [Thu, 13 Sep 2007 07:07:30 +0000 (07:07 -0000)]
added Daniel Wydler to copyright.c

13 years agoremoved unused LARGEST_HASH_OID_SIZE definition
Andreas Steffen [Thu, 13 Sep 2007 06:26:57 +0000 (06:26 -0000)]
removed unused LARGEST_HASH_OID_SIZE definition

13 years agoonly switch to port 4500 if we are on 500: fixed reauthentication in NAT
Martin Willi [Wed, 12 Sep 2007 11:11:10 +0000 (11:11 -0000)]
only switch to port 4500 if we are on 500: fixed reauthentication in NAT
scenarios

13 years agoreplaced 8 by BITS_PER_BYTE
Andreas Steffen [Wed, 12 Sep 2007 09:19:59 +0000 (09:19 -0000)]
replaced 8 by BITS_PER_BYTE

13 years agoerror message outputs hash size differences
Andreas Steffen [Wed, 12 Sep 2007 08:02:41 +0000 (08:02 -0000)]
error message outputs hash size differences

13 years agorenamed encoded_hash to digestInfo
Andreas Steffen [Wed, 12 Sep 2007 08:01:59 +0000 (08:01 -0000)]
renamed encoded_hash to digestInfo

13 years agoincluded pem.h and x509.h; fixed comparison bug
Andreas Steffen [Wed, 12 Sep 2007 07:56:00 +0000 (07:56 -0000)]
included pem.h and x509.h; fixed comparison bug

13 years agoremoved unused chunk variable
Andreas Steffen [Wed, 12 Sep 2007 07:54:56 +0000 (07:54 -0000)]
removed unused chunk variable

13 years agoincluded kernel_alg.h
Andreas Steffen [Wed, 12 Sep 2007 07:54:28 +0000 (07:54 -0000)]
included kernel_alg.h

13 years agomoving virtual IP when interface changes due mobike
Martin Willi [Wed, 12 Sep 2007 07:36:45 +0000 (07:36 -0000)]
moving virtual IP when interface changes due mobike

13 years agofixed NAT detection with mobike
Martin Willi [Wed, 12 Sep 2007 07:14:05 +0000 (07:14 -0000)]
fixed NAT detection with mobike

13 years agofixed shutdown order to prevent crash when kernel interface schedules events
Martin Willi [Wed, 12 Sep 2007 07:12:25 +0000 (07:12 -0000)]
fixed shutdown order to prevent crash when kernel interface schedules events

13 years agofixed warnings and memory leak
Martin Willi [Wed, 12 Sep 2007 07:11:41 +0000 (07:11 -0000)]
fixed warnings and memory leak

13 years agoadded error messages in signature verification
Andreas Steffen [Wed, 12 Sep 2007 07:06:52 +0000 (07:06 -0000)]
added error messages in signature verification

13 years agoincreased debug level for errors to DBG1
Andreas Steffen [Wed, 12 Sep 2007 06:56:59 +0000 (06:56 -0000)]
increased debug level for errors to DBG1

13 years agooverwrite shared_key with random bytes before freeing it
Andreas Steffen [Tue, 11 Sep 2007 21:06:46 +0000 (21:06 -0000)]
overwrite shared_key with random bytes before freeing it

13 years agocheck for surplus bytes in EM structure after the digestInfo
Andreas Steffen [Tue, 11 Sep 2007 20:45:59 +0000 (20:45 -0000)]
check for surplus bytes in EM structure after the digestInfo

13 years agocheck hash algorithms used in signatures
Andreas Steffen [Tue, 11 Sep 2007 20:10:38 +0000 (20:10 -0000)]
check hash algorithms used in signatures

13 years agoOID_UNKNOWN (-1) requires int type
Andreas Steffen [Tue, 11 Sep 2007 17:33:37 +0000 (17:33 -0000)]
OID_UNKNOWN (-1) requires int type

13 years agoremoved rsa_private_key clone() function
Andreas Steffen [Tue, 11 Sep 2007 16:26:08 +0000 (16:26 -0000)]
removed rsa_private_key clone() function

13 years agoadded md2, sha256, sha384, and sha512 ASN.1 algorithm IDs
Andreas Steffen [Tue, 11 Sep 2007 16:25:28 +0000 (16:25 -0000)]
added md2, sha256, sha384, and sha512 ASN.1 algorithm IDs

13 years agofirst revision of new manager webapp
Martin Willi [Tue, 11 Sep 2007 15:22:02 +0000 (15:22 -0000)]
first revision of new manager webapp

13 years agoreplaced get_rsa_private_key() by rsa_signature() in order restrict the distribution...
Andreas Steffen [Tue, 11 Sep 2007 10:18:25 +0000 (10:18 -0000)]
replaced get_rsa_private_key() by rsa_signature() in order restrict the distribution of private key material

13 years agompz_clear_randomized() overwrites private key material before releasing it
Andreas Steffen [Mon, 10 Sep 2007 19:34:46 +0000 (19:34 -0000)]
mpz_clear_randomized() overwrites private key material before releasing it

13 years agooverwrite storage used for shared secrets with pseudo-random bytes before releasing it
Andreas Steffen [Mon, 10 Sep 2007 19:12:01 +0000 (19:12 -0000)]
overwrite storage used for shared secrets with pseudo-random bytes before releasing it

13 years agoipsec barf is not supported by the strongSwan 4.1 branch
Andreas Steffen [Mon, 10 Sep 2007 13:32:15 +0000 (13:32 -0000)]
ipsec barf is not supported by the strongSwan 4.1 branch

13 years agothe new function chunk_free_randomized() overwrites the contents of a chunk with...
Andreas Steffen [Mon, 10 Sep 2007 12:16:24 +0000 (12:16 -0000)]
the new function chunk_free_randomized() overwrites the contents of a chunk with pseudo-random bytes before freeing it

13 years agoadded new Windows Vista VID, courtesy of Jacco de Leeuw
Andreas Steffen [Mon, 10 Sep 2007 12:11:46 +0000 (12:11 -0000)]
added new Windows Vista VID, courtesy of Jacco de Leeuw

13 years agoversion bump to 4.1.7
Andreas Steffen [Mon, 3 Sep 2007 19:04:38 +0000 (19:04 -0000)]
version bump to 4.1.7

13 years agoimplemented routeability checks for mobike (experimental)
Martin Willi [Mon, 3 Sep 2007 12:37:25 +0000 (12:37 -0000)]
implemented routeability checks for mobike (experimental)

13 years agocorrect debug 4.1.6
Andreas Steffen [Sun, 2 Sep 2007 15:59:59 +0000 (15:59 -0000)]
correct debug

13 years agoadded mobike option to man page
Andreas Steffen [Sun, 2 Sep 2007 11:44:32 +0000 (11:44 -0000)]
added mobike option to man page

13 years agoadded new features
Andreas Steffen [Sun, 2 Sep 2007 11:24:53 +0000 (11:24 -0000)]
added new features

13 years agore-introduced the XAUTH_VID compile option
Andreas Steffen [Sun, 2 Sep 2007 11:13:24 +0000 (11:13 -0000)]
re-introduced the XAUTH_VID compile option

13 years agoadded RADIUS, RADIUS-EAP and EAP-MD5 (CHAP) RFCs
Martin Willi [Thu, 30 Aug 2007 12:52:44 +0000 (12:52 -0000)]
added RADIUS, RADIUS-EAP and EAP-MD5 (CHAP) RFCs

13 years agoproper initialization of rsa private key
Martin Willi [Thu, 30 Aug 2007 12:47:38 +0000 (12:47 -0000)]
proper initialization of rsa private key

13 years agoadded bitnames for POLICY_BEET and POLICY_MOBIKE flags
Andreas Steffen [Wed, 29 Aug 2007 13:17:30 +0000 (13:17 -0000)]
added bitnames for POLICY_BEET and POLICY_MOBIKE flags

13 years agochange ipsec route table in UML scenarios
Andreas Steffen [Wed, 29 Aug 2007 13:03:34 +0000 (13:03 -0000)]
change ipsec route table in UML scenarios

13 years agoupdated index.txt.old
Andreas Steffen [Wed, 29 Aug 2007 12:50:26 +0000 (12:50 -0000)]
updated index.txt.old

13 years agoadded mobike=yes|no connection option
Martin Willi [Wed, 29 Aug 2007 12:11:25 +0000 (12:11 -0000)]
added mobike=yes|no connection option
  yes: include mobike support notifies as initiator
  no: only enable mobike as responder when initiator supports it
  default: yes

13 years ago_updown removed from distribution
Andreas Steffen [Wed, 29 Aug 2007 11:59:52 +0000 (11:59 -0000)]
_updown removed from distribution

13 years agoincluded the FIPS integrity test in LICENSE, CREDITS and NEWs
Andreas Steffen [Wed, 29 Aug 2007 11:04:55 +0000 (11:04 -0000)]
included the FIPS integrity test in LICENSE, CREDITS and NEWs

13 years agorenamed integrity check to integrity test
Andreas Steffen [Wed, 29 Aug 2007 10:36:08 +0000 (10:36 -0000)]
renamed integrity check to integrity test

13 years agocosmetics
Andreas Steffen [Wed, 29 Aug 2007 10:31:37 +0000 (10:31 -0000)]
cosmetics

13 years agofixed 64 bit issue (size_t is 32 bit)
Andreas Steffen [Wed, 29 Aug 2007 10:30:17 +0000 (10:30 -0000)]
fixed 64 bit issue (size_t is 32 bit)

13 years agofips_verify_hmac_signature() now returns a boolean status
Andreas Steffen [Wed, 29 Aug 2007 09:43:02 +0000 (09:43 -0000)]
fips_verify_hmac_signature() now returns a boolean status

13 years agoSHA-1 HMAC signature is now computed over concatenation of TEXT and RODATA segments
Andreas Steffen [Wed, 29 Aug 2007 09:13:08 +0000 (09:13 -0000)]
SHA-1 HMAC signature is now computed over concatenation of TEXT and RODATA segments

13 years agocompute SHA-1 HMAC over libstrongswan TEXT segment for the time being
Andreas Steffen [Wed, 29 Aug 2007 08:54:53 +0000 (08:54 -0000)]
compute SHA-1 HMAC over libstrongswan TEXT segment for the time being

13 years agosigners implemented with HMAC now support NULL output parameters
Martin Willi [Wed, 29 Aug 2007 07:52:49 +0000 (07:52 -0000)]
signers implemented with HMAC now support NULL output parameters
to feed signer with more than one block of data.

13 years agochange self_test to self-test
Andreas Steffen [Wed, 29 Aug 2007 07:03:47 +0000 (07:03 -0000)]
change self_test to self-test

13 years agobuild fips_signer and fips_signature with USE_INTEGRITY_TEST condition only
Andreas Steffen [Wed, 29 Aug 2007 07:02:13 +0000 (07:02 -0000)]
build fips_signer and fips_signature with USE_INTEGRITY_TEST condition only

13 years agochanged interface of fips_verify_hmac_signature
Andreas Steffen [Wed, 29 Aug 2007 05:43:45 +0000 (05:43 -0000)]
changed interface of fips_verify_hmac_signature

13 years agofree hmac_signature string after use
Andreas Steffen [Wed, 29 Aug 2007 05:43:05 +0000 (05:43 -0000)]
free hmac_signature string after use

13 years agobeautification
Andreas Steffen [Wed, 29 Aug 2007 05:42:22 +0000 (05:42 -0000)]
beautification

13 years agostarted implementation of libstrongswan code integrity check
Andreas Steffen [Wed, 29 Aug 2007 00:37:10 +0000 (00:37 -0000)]
started implementation of libstrongswan code integrity check

13 years agodefined ietfAttr_create_from_string()
Andreas Steffen [Wed, 29 Aug 2007 00:35:51 +0000 (00:35 -0000)]
defined ietfAttr_create_from_string()

13 years agofixed typo
Andreas Steffen [Tue, 28 Aug 2007 09:59:53 +0000 (09:59 -0000)]
fixed typo

13 years agosimple console support through pts devices
Martin Willi [Tue, 28 Aug 2007 07:53:46 +0000 (07:53 -0000)]
simple console support through pts devices

13 years agoset ignore properties
Andreas Steffen [Tue, 28 Aug 2007 07:02:51 +0000 (07:02 -0000)]
set ignore properties

13 years agoset ignore properties
Andreas Steffen [Tue, 28 Aug 2007 07:02:23 +0000 (07:02 -0000)]
set ignore properties

13 years agotesting/do-tests is made from do-tests.in by inserting actual routing table
Andreas Steffen [Tue, 28 Aug 2007 06:40:39 +0000 (06:40 -0000)]
testing/do-tests is made from do-tests.in by inserting actual routing table

13 years agotesting/do-tests is made from do-tests.in by inserting actual routing table
Andreas Steffen [Tue, 28 Aug 2007 06:38:04 +0000 (06:38 -0000)]
testing/do-tests is made from do-tests.in by inserting actual routing table

13 years agoadded --enable-integrity-test and --disable-self-test options
Andreas Steffen [Tue, 28 Aug 2007 06:36:31 +0000 (06:36 -0000)]
added --enable-integrity-test and --disable-self-test options

13 years agodefault routing table/prio: 220/220 (as 19530 was invalid)
Martin Willi [Mon, 27 Aug 2007 14:53:42 +0000 (14:53 -0000)]
default routing table/prio: 220/220 (as 19530 was invalid)
added configure option --with-routing-table-prio=

13 years agousing default routing table 19530 for ipsec routes
Martin Willi [Mon, 27 Aug 2007 11:30:21 +0000 (11:30 -0000)]
using default routing table 19530 for ipsec routes

13 years agoadded --with-routing-table= configure option
Martin Willi [Mon, 27 Aug 2007 11:15:35 +0000 (11:15 -0000)]
added --with-routing-table= configure option

13 years agorerouting CHILD_SA if its IKE_SA gets deleted
Martin Willi [Mon, 27 Aug 2007 09:10:12 +0000 (09:10 -0000)]
rerouting CHILD_SA if its IKE_SA gets deleted

13 years agoinitiated support of caIssuers accessLocation
Andreas Steffen [Fri, 17 Aug 2007 08:01:10 +0000 (08:01 -0000)]
initiated support of caIssuers accessLocation

13 years agorequired CA is that.ca not this.ca
Andreas Steffen [Fri, 17 Aug 2007 07:22:04 +0000 (07:22 -0000)]
required CA is that.ca not this.ca

13 years agomatching_request instead of matching_trust must go into the metric
Andreas Steffen [Fri, 17 Aug 2007 07:21:26 +0000 (07:21 -0000)]
matching_request instead of matching_trust must go into the metric

13 years agofixed maximum path length info in match_requested_ca()
Andreas Steffen [Fri, 17 Aug 2007 07:20:27 +0000 (07:20 -0000)]
fixed maximum path length info in match_requested_ca()

13 years agosort attributes alphabetically
Andreas Steffen [Wed, 15 Aug 2007 22:58:15 +0000 (22:58 -0000)]
sort attributes alphabetically

13 years agoadded caIssuers OID
Andreas Steffen [Wed, 15 Aug 2007 09:46:40 +0000 (09:46 -0000)]
added caIssuers OID

13 years agocorrected typo
Andreas Steffen [Wed, 15 Aug 2007 09:46:14 +0000 (09:46 -0000)]
corrected typo

13 years agouse symbolic shell variables in library paths
Andreas Steffen [Wed, 15 Aug 2007 08:40:16 +0000 (08:40 -0000)]
use symbolic shell variables in library paths

13 years agoremoved oid.txt and oid.pl in pluto subdir
Andreas Steffen [Wed, 15 Aug 2007 08:29:55 +0000 (08:29 -0000)]
removed oid.txt and oid.pl in pluto subdir

13 years agoaligned pluto/oid.txt to libstrongswan/asn1/oid.txt
Andreas Steffen [Tue, 14 Aug 2007 21:21:21 +0000 (21:21 -0000)]
aligned pluto/oid.txt to libstrongswan/asn1/oid.txt

13 years agoadded Microsof Encrypting File System Extended Key Usage OID
Andreas Steffen [Tue, 14 Aug 2007 21:13:53 +0000 (21:13 -0000)]
added Microsof Encrypting File System Extended Key Usage OID