strongswan.git
11 years agoFixed assignment of get_triplet() dummy implementation
Martin Willi [Tue, 13 Oct 2009 09:04:15 +0000 (11:04 +0200)]
Fixed assignment of get_triplet() dummy implementation

11 years agoscepclient now requires x509 plugin
Andreas Steffen [Mon, 12 Oct 2009 17:56:21 +0000 (19:56 +0200)]
scepclient now requires x509 plugin

11 years agosql/rw-eap-aka-rsa scenario requires eapaka-3gpp2 plugin
Andreas Steffen [Mon, 12 Oct 2009 17:50:44 +0000 (19:50 +0200)]
sql/rw-eap-aka-rsa scenario requires eapaka-3gpp2 plugin

11 years agoupdated evaltest of ikev1/no-priv-key scenario
Andreas Steffen [Mon, 12 Oct 2009 17:48:20 +0000 (19:48 +0200)]
updated evaltest of ikev1/no-priv-key scenario

11 years agoINTERNAL_IP6_NETMASK needed for ModeConfig
Andreas Steffen [Mon, 12 Oct 2009 17:44:55 +0000 (19:44 +0200)]
INTERNAL_IP6_NETMASK needed for ModeConfig

11 years agoMerged SIM/USIM manager/card/provider, avoids code duplication
Martin Willi [Mon, 12 Oct 2009 12:40:21 +0000 (14:40 +0200)]
Merged SIM/USIM manager/card/provider, avoids code duplication

11 years agoAdded ${shlibs:Depends} dependency to Debian package
Martin Willi [Mon, 12 Oct 2009 09:43:23 +0000 (11:43 +0200)]
Added ${shlibs:Depends} dependency to Debian package

11 years agoAdded .gitignore for NM Debian package build
Martin Willi [Mon, 12 Oct 2009 09:18:43 +0000 (11:18 +0200)]
Added .gitignore for NM Debian package build

11 years agoprepended all ISAKMP notification message types with ISAKMP_
Andreas Steffen [Mon, 12 Oct 2009 11:47:22 +0000 (13:47 +0200)]
prepended all ISAKMP notification message types with ISAKMP_

11 years agoPass NULL as other identity in EAP-AKA 3GPP2 to find a match with all plugins
Martin Willi [Mon, 12 Oct 2009 07:50:28 +0000 (09:50 +0200)]
Pass NULL as other identity in EAP-AKA 3GPP2 to find a match with all plugins

11 years agoStroke plugin interprets NULL identities as ID_ANY in shared key lookup
Martin Willi [Mon, 12 Oct 2009 07:49:11 +0000 (09:49 +0200)]
Stroke plugin interprets NULL identities as ID_ANY in shared key lookup

11 years agoadded some pluto changes to NEWS
Andreas Steffen [Mon, 12 Oct 2009 06:05:48 +0000 (08:05 +0200)]
added some pluto changes to NEWS

11 years agofixed output of offered CA
Andreas Steffen [Sun, 11 Oct 2009 19:24:39 +0000 (21:24 +0200)]
fixed output of offered CA

11 years agofixed broken smartcard support (bug #91)
Andreas Steffen [Sun, 11 Oct 2009 19:14:05 +0000 (21:14 +0200)]
fixed broken smartcard support (bug #91)

11 years agosome missing refactoring changes
Andreas Steffen [Sun, 11 Oct 2009 18:14:18 +0000 (20:14 +0200)]
some missing refactoring changes

11 years agomyids might not be defined yet
Andreas Steffen [Sun, 11 Oct 2009 16:05:27 +0000 (18:05 +0200)]
myids might not be defined yet

11 years agofixed refactoring bug
Andreas Steffen [Sun, 11 Oct 2009 14:34:04 +0000 (16:34 +0200)]
fixed refactoring bug

11 years agoadapted ikev2/rw-eap-aka scenarios to eapaka-3gpp2 plugin
Andreas Steffen [Sat, 10 Oct 2009 22:35:01 +0000 (00:35 +0200)]
adapted ikev2/rw-eap-aka scenarios to eapaka-3gpp2 plugin

11 years agocorrected ikev1/nat-two-rw evaltest.dat
Andreas Steffen [Sat, 10 Oct 2009 22:14:20 +0000 (00:14 +0200)]
corrected ikev1/nat-two-rw evaltest.dat

11 years agoremoved orphaned sha1.c
Andreas Steffen [Sat, 10 Oct 2009 20:05:59 +0000 (22:05 +0200)]
removed orphaned sha1.c

11 years agocorrected evaltest.dat
Andreas Steffen [Sat, 10 Oct 2009 19:41:36 +0000 (21:41 +0200)]
corrected evaltest.dat

11 years agoreplaced struct id by identification_t
Andreas Steffen [Sat, 10 Oct 2009 19:16:46 +0000 (21:16 +0200)]
replaced struct id by identification_t

11 years agoAdded NEWS about EAP-AKA split
Martin Willi [Fri, 9 Oct 2009 11:31:19 +0000 (13:31 +0200)]
Added NEWS about EAP-AKA split

11 years agoSIM card interface takes IMSI as parameter (same as in USIM)
Martin Willi [Fri, 9 Oct 2009 08:59:34 +0000 (10:59 +0200)]
SIM card interface takes IMSI as parameter (same as in USIM)

11 years agoFixed USIM parameter description
Martin Willi [Fri, 9 Oct 2009 07:14:53 +0000 (09:14 +0200)]
Fixed USIM parameter description

11 years agoDo not use monotonic time for AKA sequence numbers, it has an undefined starting...
Martin Willi [Fri, 9 Oct 2009 07:03:13 +0000 (09:03 +0200)]
Do not use monotonic time for AKA sequence numbers, it has an undefined starting point

11 years agoUse constants instead of sizeof(), sizeof() does not work for function arguments
Martin Willi [Thu, 8 Oct 2009 15:25:44 +0000 (17:25 +0200)]
Use constants instead of sizeof(), sizeof() does not work for function arguments

11 years agoCalculate missing CK/IK values in USIM
Martin Willi [Thu, 8 Oct 2009 15:25:10 +0000 (17:25 +0200)]
Calculate missing CK/IK values in USIM

11 years agoLink 3gpp2 EAP-AKA plugin to libgmp
Martin Willi [Thu, 8 Oct 2009 15:24:20 +0000 (17:24 +0200)]
Link 3gpp2 EAP-AKA plugin to libgmp

11 years agoSeparated 3gpp2 USIM card and provider functionality
Martin Willi [Thu, 8 Oct 2009 14:49:29 +0000 (16:49 +0200)]
Separated 3gpp2 USIM card and provider functionality

11 years agoPorted AKA functions to 3gpp2 plugin
Martin Willi [Thu, 8 Oct 2009 11:01:49 +0000 (13:01 +0200)]
Ported AKA functions to 3gpp2 plugin

11 years agoAdded a stub for the EAP-AKA backend implementing the 3GPP2 functions in software
Martin Willi [Thu, 8 Oct 2009 08:29:43 +0000 (10:29 +0200)]
Added a stub for the EAP-AKA backend implementing the 3GPP2 functions in software

11 years agoImplemented a manager for USIM cards/providers very similar to the SIM manager
Martin Willi [Thu, 8 Oct 2009 07:08:46 +0000 (09:08 +0200)]
Implemented a manager for USIM cards/providers very similar to the SIM manager

11 years agocorrected caption
Andreas Steffen [Thu, 8 Oct 2009 22:16:33 +0000 (00:16 +0200)]
corrected caption

11 years agocreated identification_create_from_sockaddr() function
Andreas Steffen [Thu, 8 Oct 2009 22:13:02 +0000 (00:13 +0200)]
created identification_create_from_sockaddr() function

11 years agoAdded medsrv.fcgi to gitignore
Martin Willi [Thu, 8 Oct 2009 11:10:02 +0000 (13:10 +0200)]
Added medsrv.fcgi to gitignore

11 years agomedsrv.fcgi is not part of the git tree
Andreas Steffen [Thu, 8 Oct 2009 11:05:27 +0000 (13:05 +0200)]
medsrv.fcgi is not part of the git tree

11 years agohex_str() isn't used externally any more
Andreas Steffen [Thu, 8 Oct 2009 11:04:07 +0000 (13:04 +0200)]
hex_str() isn't used externally any more

11 years agoparsing of generalNames is not needed any more
Andreas Steffen [Thu, 8 Oct 2009 10:42:29 +0000 (12:42 +0200)]
parsing of generalNames is not needed any more

11 years agouse of asn1_build_known_oid()
Andreas Steffen [Thu, 8 Oct 2009 10:35:36 +0000 (12:35 +0200)]
use of asn1_build_known_oid()

11 years agomigrated public key IDs to identification_t
Andreas Steffen [Thu, 8 Oct 2009 09:25:33 +0000 (11:25 +0200)]
migrated public key IDs to identification_t

11 years agoReenabled acq_expires SA timer using rekey timeout
Martin Willi [Wed, 7 Oct 2009 09:40:36 +0000 (11:40 +0200)]
Reenabled acq_expires SA timer using rekey timeout

While not using a SA expiration for allocating SPIs works fine,
the situation is much more problematic for kernel-created temporary
SAs from acquires. If the negotiation of such a CHILD_SA fails,
the created temporary SA can not be deleted.

11 years agoCatch CHILD_SA state changes during acquire
Martin Willi [Wed, 7 Oct 2009 08:14:18 +0000 (10:14 +0200)]
Catch CHILD_SA state changes during acquire

If an acquire fails due to a TS_UNACCEPTABLE or other CHILD_SA only errors,
we have to reset the pending state in the trap manager.

11 years agolist subjectAltNames
Andreas Steffen [Tue, 6 Oct 2009 21:50:26 +0000 (23:50 +0200)]
list subjectAltNames

11 years agosome ipsec listall finetuning
Andreas Steffen [Tue, 6 Oct 2009 21:19:46 +0000 (23:19 +0200)]
some ipsec listall finetuning

11 years agopluto and charon now have the same ipsec listall output format
Andreas Steffen [Tue, 6 Oct 2009 14:49:46 +0000 (16:49 +0200)]
pluto and charon now have the same ipsec listall output format

11 years agothe ikev1 scenarios need the x509 plugin
Andreas Steffen [Tue, 6 Oct 2009 12:38:34 +0000 (14:38 +0200)]
the ikev1 scenarios need the x509 plugin

11 years agostreamlined output from get_validity()
Andreas Steffen [Tue, 6 Oct 2009 12:22:27 +0000 (14:22 +0200)]
streamlined output from get_validity()

11 years agofixed serial number conversion from hex
Andreas Steffen [Mon, 5 Oct 2009 21:52:35 +0000 (23:52 +0200)]
fixed serial number conversion from hex

11 years agodelete group attributes after use
Andreas Steffen [Mon, 5 Oct 2009 21:17:36 +0000 (23:17 +0200)]
delete group attributes after use

11 years agostroke_list outputs group attributes
Andreas Steffen [Mon, 5 Oct 2009 21:13:51 +0000 (23:13 +0200)]
stroke_list outputs group attributes

11 years agoipsec pki --issue suports --flag authServer option
Andreas Steffen [Mon, 5 Oct 2009 20:44:01 +0000 (22:44 +0200)]
ipsec pki --issue suports --flag authServer option

11 years agoipsec pki --issue supports --flag ocspSigning option
Andreas Steffen [Mon, 5 Oct 2009 19:20:42 +0000 (21:20 +0200)]
ipsec pki --issue supports --flag ocspSigning option

11 years agoCleaned up EAP-AKA en/decoding, eliminated unaligned half-word reads
Martin Willi [Mon, 5 Oct 2009 12:06:32 +0000 (14:06 +0200)]
Cleaned up EAP-AKA en/decoding, eliminated unaligned half-word reads

11 years agoCleaned up EAP-SIM en/decoding, eliminated unaligned half-word reads
Martin Willi [Mon, 5 Oct 2009 11:32:41 +0000 (13:32 +0200)]
Cleaned up EAP-SIM en/decoding, eliminated unaligned half-word reads

11 years agoDistinguish invalid free()s between corrupted magic and invalid pointer
Martin Willi [Mon, 5 Oct 2009 08:49:10 +0000 (10:49 +0200)]
Distinguish invalid free()s between corrupted magic and invalid pointer

11 years agopluto now uses x509 plugin for attribute certificate handling
Andreas Steffen [Mon, 5 Oct 2009 05:24:28 +0000 (07:24 +0200)]
pluto now uses x509 plugin for attribute certificate handling

11 years agofixed output of authKeyID
Andreas Steffen [Fri, 2 Oct 2009 19:20:45 +0000 (21:20 +0200)]
fixed output of authKeyID

11 years agomark embedded parsing in debug mode
Andreas Steffen [Fri, 2 Oct 2009 18:54:15 +0000 (20:54 +0200)]
mark embedded parsing in debug mode

11 years agoadded some notBefore/notAfter debugging info
Andreas Steffen [Fri, 2 Oct 2009 18:14:09 +0000 (20:14 +0200)]
added some notBefore/notAfter debugging info

11 years agoverify correctness of X.509 versions
Andreas Steffen [Fri, 2 Oct 2009 15:49:51 +0000 (17:49 +0200)]
verify correctness of X.509 versions

11 years agoadded all missing RFC 5280 OIDs
Andreas Steffen [Fri, 2 Oct 2009 12:10:27 +0000 (14:10 +0200)]
added all missing RFC 5280 OIDs

11 years agocreated ikev1/mode-config-multiple scenario
Andreas Steffen [Thu, 1 Oct 2009 07:42:35 +0000 (09:42 +0200)]
created ikev1/mode-config-multiple scenario

11 years agofixes multiple IPsec SAs with IKEv1 Mode Config
Andreas Steffen [Thu, 1 Oct 2009 07:41:35 +0000 (09:41 +0200)]
fixes multiple IPsec SAs with IKEv1 Mode Config

11 years agogenerate known OIDs dynamically
Andreas Steffen [Wed, 30 Sep 2009 09:49:32 +0000 (11:49 +0200)]
generate known OIDs dynamically

11 years agopluto's crl handling now uses the x509 plugin
Andreas Steffen [Wed, 30 Sep 2009 07:29:15 +0000 (09:29 +0200)]
pluto's crl handling now uses the x509 plugin

11 years agoscepclient uses pkcs10 from libstrongswan
Andreas Steffen [Mon, 28 Sep 2009 03:52:20 +0000 (05:52 +0200)]
scepclient uses pkcs10 from libstrongswan

11 years agoabbreviated struct connection by connection_t
Andreas Steffen [Sun, 27 Sep 2009 21:49:37 +0000 (23:49 +0200)]
abbreviated struct connection by connection_t

11 years agopluto and scepclient now use the x509 plugin for certificates
Andreas Steffen [Sun, 27 Sep 2009 21:09:30 +0000 (23:09 +0200)]
pluto and scepclient now use the x509 plugin for certificates

11 years agowhitelist Curl_client_write
Andreas Steffen [Sun, 27 Sep 2009 21:07:21 +0000 (23:07 +0200)]
whitelist Curl_client_write

11 years agoadded get_subjectKeyIdentifier() to x509_t
Andreas Steffen [Sat, 26 Sep 2009 20:10:36 +0000 (22:10 +0200)]
added get_subjectKeyIdentifier() to x509_t

11 years agoDo not increase the invalid-KE/Cookie retry counter for additional keyingtry attempts
Martin Willi [Thu, 24 Sep 2009 12:15:20 +0000 (14:15 +0200)]
Do not increase the invalid-KE/Cookie retry counter for additional keyingtry attempts

11 years agoDo not create a replacement IKE_SA if we have CHILD_SAs to route only
Martin Willi [Thu, 24 Sep 2009 12:14:30 +0000 (14:14 +0200)]
Do not create a replacement IKE_SA if we have CHILD_SAs to route only

11 years agoUsing the correct type for ME_ENDPOINT payloads in connectivity checks.
Tobias Brunner [Thu, 24 Sep 2009 09:28:43 +0000 (11:28 +0200)]
Using the correct type for ME_ENDPOINT payloads in connectivity checks.

11 years agoRight-align short options in pki usage
Martin Willi [Thu, 24 Sep 2009 09:28:31 +0000 (11:28 +0200)]
Right-align short options in pki usage

11 years agocertificate subject DNs are in double quotes
Andreas Steffen [Wed, 23 Sep 2009 20:03:52 +0000 (22:03 +0200)]
certificate subject DNs are in double quotes

11 years agostreamlining of credential loading debug output
Andreas Steffen [Wed, 23 Sep 2009 19:55:48 +0000 (21:55 +0200)]
streamlining of credential loading debug output

11 years agoadded fix of PKCS#7 wrapped certificates to NEWS
Andreas Steffen [Wed, 23 Sep 2009 19:50:56 +0000 (21:50 +0200)]
added fix of PKCS#7 wrapped certificates to NEWS

11 years agoadded and fixed debug output of version information
Andreas Steffen [Wed, 23 Sep 2009 14:21:18 +0000 (16:21 +0200)]
added and fixed debug output of version information

11 years agofixed PKCS#7 wrapped certificate parsing
Andreas Steffen [Wed, 23 Sep 2009 13:51:40 +0000 (15:51 +0200)]
fixed PKCS#7 wrapped certificate parsing

11 years agoUse mysql_config to query MySQL LIBS and CFLAGS
Martin Willi [Wed, 23 Sep 2009 10:45:03 +0000 (12:45 +0200)]
Use mysql_config to query MySQL LIBS and CFLAGS

11 years agoFixed a crash in source address lookup
Martin Willi [Wed, 23 Sep 2009 09:18:30 +0000 (11:18 +0200)]
Fixed a crash in source address lookup

11 years agoDefine ME for all charon plugins
Martin Willi [Wed, 23 Sep 2009 09:13:27 +0000 (11:13 +0200)]
Define ME for all charon plugins

11 years agoCorrectly handle --enable-mediation option
Martin Willi [Wed, 23 Sep 2009 08:49:38 +0000 (10:49 +0200)]
Correctly handle --enable-mediation option

11 years agoenforce coding rules
Andreas Steffen [Tue, 22 Sep 2009 19:50:28 +0000 (21:50 +0200)]
enforce coding rules

11 years agoenforce coding rules
Andreas Steffen [Tue, 22 Sep 2009 18:54:10 +0000 (20:54 +0200)]
enforce coding rules

11 years agoset XFRM_STATE_AF_UNSPEC flag
Andreas Steffen [Tue, 22 Sep 2009 18:00:49 +0000 (20:00 +0200)]
set XFRM_STATE_AF_UNSPEC flag

11 years agoEmit a ALERT_SHUTDOWN_SIGNAL before shutting down the daemon
Martin Willi [Tue, 22 Sep 2009 14:59:25 +0000 (16:59 +0200)]
Emit a ALERT_SHUTDOWN_SIGNAL before shutting down the daemon

11 years agoadding additional flags to loaded X.509 certificates
Andreas Steffen [Tue, 22 Sep 2009 10:55:25 +0000 (12:55 +0200)]
adding additional flags to loaded X.509 certificates

11 years agoreadying NEWS for the strongswan-4.3.5dr2 release
Andreas Steffen [Tue, 22 Sep 2009 10:44:58 +0000 (12:44 +0200)]
readying NEWS for the strongswan-4.3.5dr2 release

11 years agoshortened file loading debug output
Andreas Steffen [Tue, 22 Sep 2009 10:33:13 +0000 (12:33 +0200)]
shortened file loading debug output

11 years agocomputed hash-and-url for new certificates
Andreas Steffen [Tue, 22 Sep 2009 10:05:37 +0000 (12:05 +0200)]
computed hash-and-url for new certificates

11 years agoFixed encoding of hash-and-url cert payload
Martin Willi [Tue, 22 Sep 2009 08:07:04 +0000 (10:07 +0200)]
Fixed encoding of hash-and-url cert payload

11 years agoDo not assign SIM version to a volatile buffer on stack
Martin Willi [Tue, 22 Sep 2009 07:11:35 +0000 (09:11 +0200)]
Do not assign SIM version to a volatile buffer on stack

11 years agoCA certificates are looked up using the subjectPublicKeyInfo keyid
Martin Willi [Mon, 21 Sep 2009 16:13:25 +0000 (18:13 +0200)]
CA certificates are looked up using the subjectPublicKeyInfo keyid

11 years agoCredential backends use has_fingerprint() methods to select keys/certificates
Martin Willi [Mon, 21 Sep 2009 15:03:00 +0000 (17:03 +0200)]
Credential backends use has_fingerprint() methods to select keys/certificates

11 years agoPublic/Private keys implement a has_fingerprint() method
Martin Willi [Mon, 21 Sep 2009 14:47:25 +0000 (16:47 +0200)]
Public/Private keys implement a has_fingerprint() method

11 years agoCorrectly serve certificates if CERT_ANY requested
Martin Willi [Mon, 21 Sep 2009 13:34:29 +0000 (15:34 +0200)]
Correctly serve certificates if CERT_ANY requested

11 years agoEnforce a local address of the same family as remote address
Martin Willi [Mon, 21 Sep 2009 13:19:39 +0000 (15:19 +0200)]
Enforce a local address of the same family as remote address

11 years agoReturn certificates of requested kind only
Martin Willi [Mon, 21 Sep 2009 12:43:57 +0000 (14:43 +0200)]
Return certificates of requested kind only