strongswan.git
12 years agosignal fixed
Tobias Brunner [Mon, 31 Mar 2008 14:27:16 +0000 (14:27 -0000)]
signal fixed

12 years agodisabled build of outdated dbus interface
Andreas Steffen [Mon, 31 Mar 2008 12:59:39 +0000 (12:59 -0000)]
disabled build of outdated dbus interface

12 years agochanged order of server and peer reflexive endpoints (and also the priorities)
Tobias Brunner [Mon, 31 Mar 2008 10:56:49 +0000 (10:56 -0000)]
changed order of server and peer reflexive endpoints (and also the priorities)

12 years agoreceived certificates have least priority
Martin Willi [Mon, 31 Mar 2008 08:43:18 +0000 (08:43 -0000)]
received certificates have least priority
fixed manager unlocking

12 years agofixed refcounting in certificate trustchain validation
Martin Willi [Mon, 31 Mar 2008 07:16:12 +0000 (07:16 -0000)]
fixed refcounting in certificate trustchain validation

12 years agoadapted configure options in testing.conf and build-umlrootfs
Andreas Steffen [Sat, 29 Mar 2008 19:33:02 +0000 (19:33 -0000)]
adapted configure options in testing.conf and build-umlrootfs

12 years agochanged error message
Andreas Steffen [Sat, 29 Mar 2008 13:26:53 +0000 (13:26 -0000)]
changed error message

12 years agooutput uptime in status in local time
Andreas Steffen [Sat, 29 Mar 2008 08:55:09 +0000 (08:55 -0000)]
output uptime in status in local time

12 years agoshortened menu item
Andreas Steffen [Fri, 28 Mar 2008 22:46:09 +0000 (22:46 -0000)]
shortened menu item

12 years agodemoted ldap debug output to level 2
Andreas Steffen [Fri, 28 Mar 2008 22:44:45 +0000 (22:44 -0000)]
demoted ldap debug output to level 2

12 years agoremove xml directory
Andreas Steffen [Fri, 28 Mar 2008 19:49:59 +0000 (19:49 -0000)]
remove xml directory

12 years agoleak detective detects heap over- and underflow
Martin Willi [Fri, 28 Mar 2008 14:51:26 +0000 (14:51 -0000)]
leak detective detects heap over- and underflow

12 years agoupdated leak_detective whitelist: libxml and clearsilver functions
Martin Willi [Fri, 28 Mar 2008 13:16:36 +0000 (13:16 -0000)]
updated leak_detective whitelist: libxml and clearsilver functions

12 years agorenamed xml plugin to smp to avoid confusion
Martin Willi [Fri, 28 Mar 2008 12:44:01 +0000 (12:44 -0000)]
renamed xml plugin to smp to avoid confusion
added some dependency checks to configure
configure checks ClearSilver and fastcgi
cleanups in the build system here and there

12 years agofixed manager plugin loading
Martin Willi [Fri, 28 Mar 2008 12:41:05 +0000 (12:41 -0000)]
fixed manager plugin loading
manager uses strongswan.conf to read its configuration

12 years agofixed crash if crl fetching fails
Martin Willi [Fri, 28 Mar 2008 12:00:51 +0000 (12:00 -0000)]
fixed crash if crl fetching fails

12 years agofixed all pluto compiler warnings
Martin Willi [Fri, 28 Mar 2008 11:48:14 +0000 (11:48 -0000)]
fixed all pluto compiler warnings

12 years agofixed compiler warning in openace
Martin Willi [Fri, 28 Mar 2008 11:47:11 +0000 (11:47 -0000)]
fixed compiler warning in openace
fixed pem loading bug

12 years agofixed compiler warning in libfreeswan
Martin Willi [Fri, 28 Mar 2008 11:46:30 +0000 (11:46 -0000)]
fixed compiler warning in libfreeswan

12 years agofixed compiler warning in scepclient
Martin Willi [Fri, 28 Mar 2008 11:45:56 +0000 (11:45 -0000)]
fixed compiler warning in scepclient

12 years agoremoved unused yynuput to fix compiler warning
Martin Willi [Fri, 28 Mar 2008 11:45:01 +0000 (11:45 -0000)]
removed unused yynuput to fix compiler warning

12 years agofixed compiler warning
Martin Willi [Fri, 28 Mar 2008 10:21:04 +0000 (10:21 -0000)]
fixed compiler warning

12 years agoreentrant save cert_cache
Martin Willi [Fri, 28 Mar 2008 08:38:51 +0000 (08:38 -0000)]
reentrant save cert_cache

12 years agocaching of CRLs
Martin Willi [Fri, 28 Mar 2008 08:14:47 +0000 (08:14 -0000)]
caching of CRLs

12 years agoreplaced get_public() by create_public_enumerator() to try multiple public keys for...
Martin Willi [Thu, 27 Mar 2008 19:07:23 +0000 (19:07 -0000)]
replaced get_public() by create_public_enumerator() to try multiple public keys for signature verification

12 years agouse trusted self-signed root CA certificates as trust anchor only
Martin Willi [Thu, 27 Mar 2008 13:38:02 +0000 (13:38 -0000)]
use trusted self-signed root CA certificates as trust anchor only

12 years agochanged external interface to the mediation extension.
Tobias Brunner [Thu, 27 Mar 2008 12:31:35 +0000 (12:31 -0000)]
changed external interface to the mediation extension.

12 years agocorrected ME_ENDPOINT length check
Tobias Brunner [Thu, 27 Mar 2008 12:29:51 +0000 (12:29 -0000)]
corrected ME_ENDPOINT length check

12 years agoreusing generic shared_key_t implementation in med_db
Martin Willi [Thu, 27 Mar 2008 11:45:49 +0000 (11:45 -0000)]
reusing generic shared_key_t implementation in med_db

12 years agowhitelisted FCGX_Init
Martin Willi [Thu, 27 Mar 2008 11:42:35 +0000 (11:42 -0000)]
whitelisted FCGX_Init
reporting count of leaks suppressed by whitelist

12 years agofixed memory leak in dispatcher
Martin Willi [Thu, 27 Mar 2008 10:24:37 +0000 (10:24 -0000)]
fixed memory leak in dispatcher

12 years agochecking the size of ME_* notify payloads
Tobias Brunner [Thu, 27 Mar 2008 10:17:29 +0000 (10:17 -0000)]
checking the size of ME_* notify payloads

12 years agoreplaced the COOKIE notify payload in connectivity checks with a ME_CONNECTAUTH notif...
Tobias Brunner [Thu, 27 Mar 2008 09:54:09 +0000 (09:54 -0000)]
replaced the COOKIE notify payload in connectivity checks with a ME_CONNECTAUTH notify payload

12 years agoimplemented cert cache flushing, ipsec purgeocsp
Martin Willi [Thu, 27 Mar 2008 06:37:29 +0000 (06:37 -0000)]
implemented cert cache flushing, ipsec purgeocsp

12 years agofixed plugin/stroke Makefile
Andreas Steffen [Wed, 26 Mar 2008 20:24:55 +0000 (20:24 -0000)]
fixed plugin/stroke Makefile

12 years agomakeshift fix of --enable-integrity-test option
Andreas Steffen [Wed, 26 Mar 2008 20:16:42 +0000 (20:16 -0000)]
makeshift fix of --enable-integrity-test option

12 years agomediation extension adapted to the naming convention of the current version of the...
Tobias Brunner [Wed, 26 Mar 2008 18:40:19 +0000 (18:40 -0000)]
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed

12 years agoadded uptime statistics to statusall
Martin Willi [Wed, 26 Mar 2008 16:13:14 +0000 (16:13 -0000)]
added uptime statistics to statusall

12 years agocaching of ocsp responses (experimental), no crl caching yet
Martin Willi [Wed, 26 Mar 2008 15:21:50 +0000 (15:21 -0000)]
caching of ocsp responses (experimental), no crl caching yet

12 years agofixed compile error if --enable-p2p is set
Martin Willi [Wed, 26 Mar 2008 14:45:24 +0000 (14:45 -0000)]
fixed compile error if --enable-p2p is set

12 years agotreat sig_alg and algorithm comparison in a consistent way over all certificate types
Andreas Steffen [Wed, 26 Mar 2008 13:10:36 +0000 (13:10 -0000)]
treat sig_alg and algorithm comparison in a consistent way over all certificate types

12 years agofixed rightca= constraint checking
Martin Willi [Wed, 26 Mar 2008 12:23:46 +0000 (12:23 -0000)]
fixed rightca= constraint checking
implemented rightca= for intermediate CAs we do not have the certificate at config load

12 years agofixed auth_info_t.equals()
Martin Willi [Wed, 26 Mar 2008 10:58:19 +0000 (10:58 -0000)]
fixed auth_info_t.equals()

12 years agosplitted stroke plugin to several files:
Martin Willi [Wed, 26 Mar 2008 10:10:40 +0000 (10:10 -0000)]
splitted stroke plugin to several files:
  socket: reads messages from socket, dispatching
  config: process add/del conn, serves configs through backend_t
  control: controlling of the daemon (up/down/route/...(
  cred: credential loading, serves creds through credential_set_t
  ca: ca sections from ipsec.conf, serves cdp's through credential_set_t
  list: log status information to stroke console (status/statusall/list*)
  shared_key: shared key implementation for keys read from ipsec.secrets
  plugin: registers stroke plugin and starts socket w/ thread

12 years agoadded equals() method to peer_cfg, ike_cfg, proposals, auth_info
Martin Willi [Wed, 26 Mar 2008 10:06:45 +0000 (10:06 -0000)]
added equals() method to peer_cfg, ike_cfg, proposals, auth_info
  allows easier merging of ipsec.conf connections
replaced some iterators through enumerators
made proposals algorithm_t private using enumerator

12 years agofixed compiler warnings
Martin Willi [Wed, 26 Mar 2008 09:29:30 +0000 (09:29 -0000)]
fixed compiler warnings

12 years agocertificate factory can load certs from file
Andreas Steffen [Tue, 25 Mar 2008 22:28:27 +0000 (22:28 -0000)]
certificate factory can load certs from file

12 years agoadded component BUILD_FROM_FILE
Andreas Steffen [Tue, 25 Mar 2008 13:26:33 +0000 (13:26 -0000)]
added component BUILD_FROM_FILE

12 years agorenamed certificate field in x509_cert.c to encoding
Andreas Steffen [Tue, 25 Mar 2008 12:22:12 +0000 (12:22 -0000)]
renamed certificate field in x509_cert.c to encoding

12 years agoadded ac.c
Andreas Steffen [Tue, 25 Mar 2008 10:13:57 +0000 (10:13 -0000)]
added ac.c

12 years agodefined *_create_from_file() constructors in libstrongswan/credentials/certificates
Andreas Steffen [Tue, 25 Mar 2008 10:12:45 +0000 (10:12 -0000)]
defined *_create_from_file() constructors in libstrongswan/credentials/certificates

12 years agofixed refence counts before calling attribute certificate factory
Andreas Steffen [Tue, 25 Mar 2008 09:39:23 +0000 (09:39 -0000)]
fixed refence counts before calling attribute certificate factory

12 years agocorrected some doxygen entries
Andreas Steffen [Sat, 22 Mar 2008 08:15:18 +0000 (08:15 -0000)]
corrected some doxygen entries

12 years agooptimized self-signed certificate detection
Andreas Steffen [Fri, 21 Mar 2008 20:37:08 +0000 (20:37 -0000)]
optimized self-signed certificate detection

12 years agoshortened debug output
Andreas Steffen [Fri, 21 Mar 2008 20:36:19 +0000 (20:36 -0000)]
shortened debug output

12 years agodetect trusted self-signed before trust chain verification
Andreas Steffen [Fri, 21 Mar 2008 19:10:55 +0000 (19:10 -0000)]
detect trusted self-signed before trust chain verification

12 years agoself-signed certificates were not marked by x509_cert.c
Andreas Steffen [Fri, 21 Mar 2008 19:07:12 +0000 (19:07 -0000)]
self-signed certificates were not marked by x509_cert.c

12 years agoadded ietf group attribute support to attibute certificate factory
Andreas Steffen [Fri, 21 Mar 2008 16:59:21 +0000 (16:59 -0000)]
added ietf group attribute support to attibute certificate factory

12 years agofixed memory allocation problem in openac
Andreas Steffen [Fri, 21 Mar 2008 15:58:48 +0000 (15:58 -0000)]
fixed memory allocation problem in openac

12 years agoadded BUILD_SERIAL component and fixed several ac bugs
Andreas Steffen [Fri, 21 Mar 2008 12:44:15 +0000 (12:44 -0000)]
added BUILD_SERIAL component and fixed several ac bugs

12 years agoadded VALIDATION_UNKNOWN to cert_validation_names
Andreas Steffen [Fri, 21 Mar 2008 11:54:12 +0000 (11:54 -0000)]
added VALIDATION_UNKNOWN to cert_validation_names

12 years agoadded credential factory support for BULD_NOT_BEFORE_TIME and BUILD_NOT_AFTER_TIME
Andreas Steffen [Fri, 21 Mar 2008 11:32:33 +0000 (11:32 -0000)]
added credential factory support for BULD_NOT_BEFORE_TIME and BUILD_NOT_AFTER_TIME

12 years agoadded x509_ac_builder plugin
Andreas Steffen [Fri, 21 Mar 2008 10:52:11 +0000 (10:52 -0000)]
added x509_ac_builder plugin

12 years agoinitialize library in openac
Andreas Steffen [Fri, 21 Mar 2008 10:42:05 +0000 (10:42 -0000)]
initialize library in openac

12 years agosuppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from...
Andreas Steffen [Fri, 21 Mar 2008 09:34:40 +0000 (09:34 -0000)]
suppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from Astaro.

12 years agooptimized debug output of credential_manager.c
Andreas Steffen [Fri, 21 Mar 2008 09:28:25 +0000 (09:28 -0000)]
optimized debug output of credential_manager.c

12 years agoremoved build.h include
Andreas Steffen [Thu, 20 Mar 2008 15:25:02 +0000 (15:25 -0000)]
removed build.h include

12 years agorefactored openac and its attribute certificate factory
Andreas Steffen [Thu, 20 Mar 2008 15:23:52 +0000 (15:23 -0000)]
refactored openac and its attribute certificate factory

12 years agomodified debug text
Andreas Steffen [Thu, 20 Mar 2008 15:22:26 +0000 (15:22 -0000)]
modified debug text

12 years agocert_cache_t caches subject-issuer relations and subject certificates
Martin Willi [Thu, 20 Mar 2008 14:31:36 +0000 (14:31 -0000)]
cert_cache_t caches subject-issuer relations and subject certificates
ocsp/crl do not benefit yet due missing lookup function

12 years agofallback to random end entity certificate if trustchain building fails
Martin Willi [Thu, 20 Mar 2008 13:14:55 +0000 (13:14 -0000)]
fallback to random end entity certificate if trustchain building fails

12 years ago(no commit message)
Martin Willi [Thu, 20 Mar 2008 11:38:51 +0000 (11:38 -0000)]

12 years agosome C libraries need _GNU_SOURCE for rwlocks
Martin Willi [Thu, 20 Mar 2008 11:27:55 +0000 (11:27 -0000)]
some C libraries need _GNU_SOURCE for rwlocks

12 years agoadded support for certificate requests for not yet known CAs
Martin Willi [Thu, 20 Mar 2008 10:09:56 +0000 (10:09 -0000)]
added support for certificate requests for not yet known CAs

12 years agoadded $
Andreas Steffen [Thu, 20 Mar 2008 09:30:07 +0000 (09:30 -0000)]
added $

12 years agofixed verification of preinstalled certificates
Martin Willi [Thu, 20 Mar 2008 09:30:02 +0000 (09:30 -0000)]
fixed verification of preinstalled certificates

12 years agoincluded utils/linked_list.h
Andreas Steffen [Thu, 20 Mar 2008 09:28:58 +0000 (09:28 -0000)]
included utils/linked_list.h

12 years agomore trustchain verification improvements
Martin Willi [Thu, 20 Mar 2008 09:27:57 +0000 (09:27 -0000)]
more trustchain verification improvements
should fix crl-revoked and two-certs scenarios

12 years agocleaned up includes
Andreas Steffen [Thu, 20 Mar 2008 09:24:22 +0000 (09:24 -0000)]
cleaned up includes

12 years agoCA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flag
Martin Willi [Thu, 20 Mar 2008 07:21:44 +0000 (07:21 -0000)]
CA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flag

12 years agorefactored trustchain verification, this should fix #33
Martin Willi [Wed, 19 Mar 2008 17:54:54 +0000 (17:54 -0000)]
refactored trustchain verification, this should fix #33
moved auth_info/ocsp_response credset wrapper to separate files

12 years agoincreased debug level in trust chain verification for auditing purposes
Andreas Steffen [Wed, 19 Mar 2008 17:04:09 +0000 (17:04 -0000)]
increased debug level in trust chain verification for auditing purposes

12 years agoremoved unimplemented private/public key function declarations
Martin Willi [Wed, 19 Mar 2008 14:21:56 +0000 (14:21 -0000)]
removed unimplemented private/public key function declarations

12 years agoThe introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
Martin Willi [Wed, 19 Mar 2008 14:02:52 +0000 (14:02 -0000)]
The introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
as it requires to XOR the key into the hashers state.
A new SHA1 based keyed hash function, implemented as PRF, enables EAP-AKA
and the FIPS-PRF function to properly use the existing SHA1 implementation.

12 years agolog nextUpdate of crls and ocsp responses
Andreas Steffen [Wed, 19 Mar 2008 13:11:29 +0000 (13:11 -0000)]
log nextUpdate of crls and ocsp responses

12 years agofixed stupid bug in fetch_ocsp()
Andreas Steffen [Wed, 19 Mar 2008 12:36:15 +0000 (12:36 -0000)]
fixed stupid bug in fetch_ocsp()

12 years agoattempt to achieve consistent debugging output
Andreas Steffen [Wed, 19 Mar 2008 12:06:38 +0000 (12:06 -0000)]
attempt to achieve consistent debugging output

12 years agofixed shared key lookup in stroke
Martin Willi [Wed, 19 Mar 2008 10:24:51 +0000 (10:24 -0000)]
fixed shared key lookup in stroke

12 years agofixed peer_cfg lookup when omitting IDr
Martin Willi [Wed, 19 Mar 2008 10:08:59 +0000 (10:08 -0000)]
fixed peer_cfg lookup when omitting IDr

12 years agofixed CRL check return value on revoked certificates
Martin Willi [Wed, 19 Mar 2008 09:44:47 +0000 (09:44 -0000)]
fixed CRL check return value on revoked certificates
fixed possible refcounting bugs
generic return_null() implementation

12 years agofixed compiler warning
Martin Willi [Tue, 18 Mar 2008 14:06:11 +0000 (14:06 -0000)]
fixed compiler warning

12 years agoadded generic payload order rules for notifies
Martin Willi [Tue, 18 Mar 2008 12:45:23 +0000 (12:45 -0000)]
added generic payload order rules for notifies

12 years agofixed ike_cfg lookup in stroke
Martin Willi [Tue, 18 Mar 2008 12:40:41 +0000 (12:40 -0000)]
fixed ike_cfg lookup in stroke

12 years agoadded false positive signature check
Martin Willi [Tue, 18 Mar 2008 12:25:39 +0000 (12:25 -0000)]
added false positive signature check

12 years agoadded missing test case file ([3607])
Martin Willi [Tue, 18 Mar 2008 12:16:36 +0000 (12:16 -0000)]
added missing test case file ([3607])

12 years agocreating public key from RSA private key
Martin Willi [Tue, 18 Mar 2008 12:13:51 +0000 (12:13 -0000)]
creating public key from RSA private key
RSA key generation and signature test

12 years agomade is_newer() a certificate_t method
Andreas Steffen [Tue, 18 Mar 2008 10:36:08 +0000 (10:36 -0000)]
made is_newer() a certificate_t method

12 years agobetter normalized tables for SQL plugin (IDs)
Martin Willi [Tue, 18 Mar 2008 09:07:04 +0000 (09:07 -0000)]
better normalized tables for SQL plugin (IDs)

12 years agoenforcing x509_flags on certificate construction
Martin Willi [Mon, 17 Mar 2008 08:06:49 +0000 (08:06 -0000)]
enforcing x509_flags on certificate construction

12 years agofixed CRL revoked certs enumeration
Martin Willi [Mon, 17 Mar 2008 07:25:32 +0000 (07:25 -0000)]
fixed CRL revoked certs enumeration