strongswan.git
8 years agopluto: Added missing PF_KEY debug messages.
Tobias Brunner [Mon, 18 Apr 2011 14:26:11 +0000 (16:26 +0200)]
pluto: Added missing PF_KEY debug messages.

libfreeswan does not use the version of the PF_KEY header file provided
in src/include/linux so this list is not exactly up to date.

8 years agoProperly copy interface name if unknown.
Tobias Brunner [Mon, 18 Apr 2011 14:10:36 +0000 (16:10 +0200)]
Properly copy interface name if unknown.

We use a static string if the interface name is unknown, so using memcpy
with IFNAMSIZ is incorrect as that would overrun the static string.

8 years agopluto: from_state is strictly lower than STATE_IKE_ROOF.
Tobias Brunner [Mon, 18 Apr 2011 13:46:00 +0000 (15:46 +0200)]
pluto: from_state is strictly lower than STATE_IKE_ROOF.

8 years agoFixed typo in unit-tester plugin.
Tobias Brunner [Mon, 18 Apr 2011 13:21:10 +0000 (15:21 +0200)]
Fixed typo in unit-tester plugin.

8 years agosupport unstructuredAddress in left|rightid
Andreas Steffen [Mon, 18 Apr 2011 21:40:31 +0000 (23:40 +0200)]
support unstructuredAddress in left|rightid

8 years agosend an empty EAP Ack client message if TLS was successful and handle it on the server
Andreas Steffen [Fri, 15 Apr 2011 13:02:08 +0000 (15:02 +0200)]
send an empty EAP Ack client message if TLS was successful and handle it on the server

8 years agoWindows 7 expects an uncompressed EAP Identity request
Andreas Steffen [Fri, 15 Apr 2011 13:00:37 +0000 (15:00 +0200)]
Windows 7 expects an uncompressed EAP Identity request

8 years agoAdd plugin reloading NEWS
Martin Willi [Fri, 15 Apr 2011 11:05:02 +0000 (13:05 +0200)]
Add plugin reloading NEWS

8 years agoSet broadcast flag in DHCP requests when sending broadcasts
Martin Willi [Thu, 14 Apr 2011 14:01:47 +0000 (16:01 +0200)]
Set broadcast flag in DHCP requests when sending broadcasts

8 years agoAdd reload support to attr plugin
Martin Willi [Fri, 15 Apr 2011 07:48:17 +0000 (09:48 +0200)]
Add reload support to attr plugin

8 years agoMigrated attr plugin to INIT/METHOD macros
Martin Willi [Fri, 15 Apr 2011 07:28:27 +0000 (09:28 +0200)]
Migrated attr plugin to INIT/METHOD macros

8 years agoAdded reload support to eap-radius plugin
Martin Willi [Tue, 12 Apr 2011 09:36:03 +0000 (11:36 +0200)]
Added reload support to eap-radius plugin

8 years agoReload strongswan.conf and plugins supporting reloading on SIGHUP
Martin Willi [Tue, 12 Apr 2011 09:20:25 +0000 (11:20 +0200)]
Reload strongswan.conf and plugins supporting reloading on SIGHUP

8 years agoAccept NULL files in load_files[_section] as we do in constructor
Martin Willi [Tue, 12 Apr 2011 09:15:54 +0000 (11:15 +0200)]
Accept NULL files in load_files[_section] as we do in constructor

8 years agoAdded a merge option to optionally reload files instead of merging them
Martin Willi [Tue, 12 Apr 2011 09:13:08 +0000 (11:13 +0200)]
Added a merge option to optionally reload files instead of merging them

8 years agoAdded plugin_loader method to reload plugin configurations
Martin Willi [Mon, 11 Apr 2011 17:40:30 +0000 (19:40 +0200)]
Added plugin_loader method to reload plugin configurations

8 years agoAdded a (not yet implemented) plugin_t method to reload plugin configuration
Martin Willi [Mon, 11 Apr 2011 17:12:45 +0000 (19:12 +0200)]
Added a (not yet implemented) plugin_t method to reload plugin configuration

8 years agoAdded a get_name() function to plugin_t, create_plugin_enumerator enumerates over...
Martin Willi [Mon, 11 Apr 2011 16:54:18 +0000 (18:54 +0200)]
Added a get_name() function to plugin_t, create_plugin_enumerator enumerates over plugin_t

8 years agoMigrated remaining plugin_t implementations to INIT/METHOD macros
Martin Willi [Mon, 11 Apr 2011 14:41:25 +0000 (16:41 +0200)]
Migrated remaining plugin_t implementations to INIT/METHOD macros

8 years agoMigrated plugin_loader to INIT/METHOD macros
Martin Willi [Mon, 11 Apr 2011 14:25:58 +0000 (16:25 +0200)]
Migrated plugin_loader to INIT/METHOD macros

8 years agoContinue without client authentication if no matching certificate found
Martin Willi [Thu, 14 Apr 2011 18:00:54 +0000 (20:00 +0200)]
Continue without client authentication if no matching certificate found

8 years agoIgnore TLS certificate requests as peer if peer authentication disabled
Martin Willi [Thu, 14 Apr 2011 17:54:02 +0000 (19:54 +0200)]
Ignore TLS certificate requests as peer if peer authentication disabled

8 years agoSend TLS Server Name Indication as peer if server identity is a FQDN
Martin Willi [Thu, 14 Apr 2011 17:42:32 +0000 (19:42 +0200)]
Send TLS Server Name Indication as peer if server identity is a FQDN

8 years agoFix tls_writer wrap functions
Martin Willi [Thu, 14 Apr 2011 17:41:57 +0000 (19:41 +0200)]
Fix tls_writer wrap functions

8 years agopluto: Fixed check for NAT-T keepalives.
Tobias Brunner [Thu, 14 Apr 2011 16:06:38 +0000 (18:06 +0200)]
pluto: Fixed check for NAT-T keepalives.

8 years agopluto: Properly initialize constants.
Tobias Brunner [Thu, 14 Apr 2011 15:59:53 +0000 (17:59 +0200)]
pluto: Properly initialize constants.

8 years agopluto: Avoid hiding outer parameter.
Tobias Brunner [Thu, 14 Apr 2011 15:48:07 +0000 (17:48 +0200)]
pluto: Avoid hiding outer parameter.

8 years agopluto: Use %zu to print values of type size_t.
Tobias Brunner [Thu, 14 Apr 2011 15:30:07 +0000 (17:30 +0200)]
pluto: Use %zu to print values of type size_t.

8 years agoUse %tx to print a value of type ptrdiff_t.
Tobias Brunner [Thu, 14 Apr 2011 15:28:08 +0000 (17:28 +0200)]
Use %tx to print a value of type ptrdiff_t.

8 years agoRemoved superfluous parameter to printf.
Tobias Brunner [Thu, 14 Apr 2011 15:25:25 +0000 (17:25 +0200)]
Removed superfluous parameter to printf.

8 years agoProper cleanup if IDs in ipsec.secrets cannot be parsed.
Tobias Brunner [Thu, 14 Apr 2011 13:38:43 +0000 (15:38 +0200)]
Proper cleanup if IDs in ipsec.secrets cannot be parsed.

8 years agoFixed potential memory leak in host_create_any.
Tobias Brunner [Thu, 14 Apr 2011 13:32:51 +0000 (15:32 +0200)]
Fixed potential memory leak in host_create_any.

8 years agopluto: Fixed potential memory leak in atoaddr.
Tobias Brunner [Thu, 14 Apr 2011 13:30:47 +0000 (15:30 +0200)]
pluto: Fixed potential memory leak in atoaddr.

8 years agoFixed potential memory leak when processing routes from the kernel.
Tobias Brunner [Thu, 14 Apr 2011 13:14:55 +0000 (15:14 +0200)]
Fixed potential memory leak when processing routes from the kernel.

8 years agoDo proper cleanup in error case in pki req.
Tobias Brunner [Thu, 14 Apr 2011 13:11:20 +0000 (15:11 +0200)]
Do proper cleanup in error case in pki req.

8 years agoDo proper cleanup in some error cases in pki signcrl.
Tobias Brunner [Thu, 14 Apr 2011 13:09:30 +0000 (15:09 +0200)]
Do proper cleanup in some error cases in pki signcrl.

8 years agopluto: Fixed potential memory leak when processing requested virtual IPs.
Tobias Brunner [Thu, 14 Apr 2011 13:01:18 +0000 (15:01 +0200)]
pluto: Fixed potential memory leak when processing requested virtual IPs.

8 years agopluto: Properly free buffer in error cases in read_packet.
Tobias Brunner [Thu, 14 Apr 2011 12:36:40 +0000 (14:36 +0200)]
pluto: Properly free buffer in error cases in read_packet.

8 years agoNeither rekey nor del can be NULL.
Tobias Brunner [Thu, 14 Apr 2011 11:19:09 +0000 (13:19 +0200)]
Neither rekey nor del can be NULL.

8 years agoIn scanf the maxmium length of %s does not include the null-terminator.
Tobias Brunner [Thu, 14 Apr 2011 09:26:25 +0000 (11:26 +0200)]
In scanf the maxmium length of %s does not include the null-terminator.

8 years agostarter_conn_t.id is an unsigned long.
Tobias Brunner [Thu, 14 Apr 2011 09:25:31 +0000 (11:25 +0200)]
starter_conn_t.id is an unsigned long.

8 years agoFix compiler warnings at creation of CRL cache filenames.
Tobias Brunner [Thu, 14 Apr 2011 08:44:19 +0000 (10:44 +0200)]
Fix compiler warnings at creation of CRL cache filenames.

This was not really a problem because ptr is the first member of a chunk_t
and it contains a null-terminated string at that point.  But it's clearer
this way.

8 years agoFixed output in ietf_attributes_t.get_string.
Tobias Brunner [Thu, 14 Apr 2011 08:24:46 +0000 (10:24 +0200)]
Fixed output in ietf_attributes_t.get_string.

8 years agoFix "set nexthop to him when instantiating rightallowyes template with leftnexthop...
Tobias Brunner [Thu, 14 Apr 2011 07:31:26 +0000 (09:31 +0200)]
Fix "set nexthop to him when instantiating rightallowyes template with leftnexthop == right"

This fixes commit 280f6b1ab2.

8 years agoadded TLS renegotiation_info extension
Andreas Steffen [Thu, 14 Apr 2011 14:54:34 +0000 (16:54 +0200)]
added TLS renegotiation_info extension

8 years agoShow full blown traffic selector in log_ts hook
Martin Willi [Thu, 14 Apr 2011 07:12:08 +0000 (09:12 +0200)]
Show full blown traffic selector in log_ts hook

8 years agoFixed check for member of stroke_msg_t in pop_string.
Tobias Brunner [Wed, 13 Apr 2011 16:18:03 +0000 (18:18 +0200)]
Fixed check for member of stroke_msg_t in pop_string.

Because of the cast to char** the length of the message was multiplied
by sizeof(char*), i.e. 4 or 8 bytes (depending on the architecture) instead
of by 1 (sizeof(char)).

8 years agopluto: Properly initialize a.continuation.
Tobias Brunner [Tue, 12 Apr 2011 15:39:11 +0000 (17:39 +0200)]
pluto: Properly initialize a.continuation.

8 years agopluto: Properly initialize ta.encrypter.
Tobias Brunner [Tue, 12 Apr 2011 15:22:50 +0000 (17:22 +0200)]
pluto: Properly initialize ta.encrypter.

8 years agopluto: Fixed off by one error when reading private keys.
Tobias Brunner [Tue, 12 Apr 2011 13:54:29 +0000 (15:54 +0200)]
pluto: Fixed off by one error when reading private keys.

8 years agoRemoved unused variables.
Tobias Brunner [Tue, 12 Apr 2011 12:28:18 +0000 (14:28 +0200)]
Removed unused variables.

8 years agoFix compiler warning after fetcher_t.fetch signature change
Martin Willi [Mon, 11 Apr 2011 16:56:08 +0000 (18:56 +0200)]
Fix compiler warning after fetcher_t.fetch signature change

8 years agoversion bump to 4.5.2dr5
Andreas Steffen [Mon, 11 Apr 2011 04:24:31 +0000 (06:24 +0200)]
version bump to 4.5.2dr5

8 years agoupdated NEWS
Andreas Steffen [Mon, 11 Apr 2011 04:23:52 +0000 (06:23 +0200)]
updated NEWS

8 years agoUse an IV size of zero for DES in ECB mode
Martin Willi [Fri, 8 Apr 2011 12:55:46 +0000 (14:55 +0200)]
Use an IV size of zero for DES in ECB mode

8 years agoFixed debug statement if algorithm benchmarking enabled
Martin Willi [Fri, 8 Apr 2011 12:55:10 +0000 (14:55 +0200)]
Fixed debug statement if algorithm benchmarking enabled

8 years agowith the 2.6.38 kernel alice is preferred for handling the IKE connections
Andreas Steffen [Fri, 8 Apr 2011 05:50:05 +0000 (07:50 +0200)]
with the 2.6.38 kernel alice is preferred for handling the IKE connections

8 years agofixed bit mask
Duncan Salerno [Thu, 7 Apr 2011 19:41:41 +0000 (21:41 +0200)]
fixed bit mask

8 years agoadded EAP-PEAP options to strongswan.conf
Andreas Steffen [Wed, 6 Apr 2011 18:08:56 +0000 (20:08 +0200)]
added EAP-PEAP options to strongswan.conf

8 years agodefine MSCHAPv2 as default phase2 algorithm for EAP-PEAP
Andreas Steffen [Wed, 6 Apr 2011 18:07:59 +0000 (20:07 +0200)]
define MSCHAPv2 as default phase2 algorithm for EAP-PEAP

8 years agoadded ikev2/rw-eap-peap-mschapv2 scenario
Andreas Steffen [Wed, 6 Apr 2011 17:44:58 +0000 (19:44 +0200)]
added ikev2/rw-eap-peap-mschapv2 scenario

8 years agoadded ikev2/rw-eap-peap-md5 scenario
Andreas Steffen [Wed, 6 Apr 2011 17:44:30 +0000 (19:44 +0200)]
added ikev2/rw-eap-peap-md5 scenario

8 years agoadded ikev2/rw-eap-peap-radius scenario
Andreas Steffen [Wed, 6 Apr 2011 17:42:52 +0000 (19:42 +0200)]
added ikev2/rw-eap-peap-radius scenario

8 years agoallow multi-pass authentication schemes as e.g. MSCHAPv2
Andreas Steffen [Wed, 6 Apr 2011 17:39:00 +0000 (19:39 +0200)]
allow multi-pass authentication schemes as e.g. MSCHAPv2

8 years agodisplay EAP identifiers in HEX format
Andreas Steffen [Wed, 6 Apr 2011 15:34:27 +0000 (17:34 +0200)]
display EAP identifiers in HEX format

8 years agono EAP identifier offset required in build() function
Andreas Steffen [Wed, 6 Apr 2011 15:33:01 +0000 (17:33 +0200)]
no EAP identifier offset required in build() function

8 years agoadded missing function pointers in eap_identity_create_server()
Andreas Steffen [Wed, 6 Apr 2011 13:47:49 +0000 (15:47 +0200)]
added missing function pointers in eap_identity_create_server()

8 years agoimplemented the PEAP tunneling protocol as an EAP plugin
Andreas Steffen [Wed, 6 Apr 2011 12:42:02 +0000 (14:42 +0200)]
implemented the PEAP tunneling protocol as an EAP plugin

8 years agoadded get|set_identifier() methods to eap_tnc_t
Andreas Steffen [Wed, 6 Apr 2011 05:50:42 +0000 (07:50 +0200)]
added get|set_identifier() methods to eap_tnc_t

8 years agoadded EAP identifier to debug output
Andreas Steffen [Tue, 5 Apr 2011 18:53:46 +0000 (20:53 +0200)]
added EAP identifier to debug output

8 years agoadded get|set_identifier() methods to eap_tls_t and eap_ttls_t
Andreas Steffen [Tue, 5 Apr 2011 16:35:22 +0000 (18:35 +0200)]
added get|set_identifier() methods to eap_tls_t and eap_ttls_t

8 years agoadded TLS_PURPOSE_EAP_PEAP
Andreas Steffen [Tue, 5 Apr 2011 16:16:28 +0000 (18:16 +0200)]
added TLS_PURPOSE_EAP_PEAP

8 years agoimplemented get|set_identifier() for tls_eap_t
Andreas Steffen [Tue, 5 Apr 2011 16:14:58 +0000 (18:14 +0200)]
implemented get|set_identifier() for tls_eap_t

8 years agoeap_packet_t definition moved to libstrongswan/eap/eap.h
Andreas Steffen [Tue, 5 Apr 2011 16:04:45 +0000 (18:04 +0200)]
eap_packet_t definition moved to libstrongswan/eap/eap.h

8 years agoadded EAP PEAP and MSTLV protocols
Andreas Steffen [Tue, 5 Apr 2011 15:59:49 +0000 (17:59 +0200)]
added EAP PEAP and MSTLV protocols

8 years agoimplemented get|set_identifier() for eap_sim_t
Andreas Steffen [Tue, 5 Apr 2011 15:01:28 +0000 (17:01 +0200)]
implemented get|set_identifier() for eap_sim_t

8 years agoMigrated eap_sim plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 14:12:38 +0000 (16:12 +0200)]
Migrated eap_sim plugin to INIT/METHOD macros

8 years agoimplemented get|set_identifier() for eap_radius_t
Andreas Steffen [Tue, 5 Apr 2011 13:57:00 +0000 (15:57 +0200)]
implemented get|set_identifier() for eap_radius_t

8 years agostore EAP identifier on peer side
Andreas Steffen [Tue, 5 Apr 2011 13:45:51 +0000 (15:45 +0200)]
store EAP identifier on peer side

8 years agoimplemented get|set_identifier() for eap_aka_t
Andreas Steffen [Tue, 5 Apr 2011 13:38:54 +0000 (15:38 +0200)]
implemented get|set_identifier() for eap_aka_t

8 years agoAdded support for DES_ECB to af-alg, required for eap-mschapv2
Martin Willi [Tue, 5 Apr 2011 13:11:17 +0000 (15:11 +0200)]
Added support for DES_ECB to af-alg, required for eap-mschapv2

8 years agoMigrated eap_aka plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 13:20:22 +0000 (15:20 +0200)]
Migrated eap_aka plugin to INIT/METHOD macros

8 years agoimplemented get|set_identifier() for eap_gtc_t
Andreas Steffen [Tue, 5 Apr 2011 12:47:19 +0000 (14:47 +0200)]
implemented get|set_identifier() for eap_gtc_t

8 years agoMigrated eap_gtc plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 12:44:26 +0000 (14:44 +0200)]
Migrated eap_gtc plugin to INIT/METHOD macros

8 years agoimplemented get|set_identifier() for eap_mschapv2_t
Andreas Steffen [Tue, 5 Apr 2011 12:44:09 +0000 (14:44 +0200)]
implemented get|set_identifier() for eap_mschapv2_t

8 years agoMigrated eap_mschapv2 plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 12:23:59 +0000 (14:23 +0200)]
Migrated eap_mschapv2 plugin to INIT/METHOD macros

8 years agoimplemented get|set_identifier() for eap_identity_t and eap_md5_t
Andreas Steffen [Tue, 5 Apr 2011 12:22:58 +0000 (14:22 +0200)]
implemented get|set_identifier() for eap_identity_t and eap_md5_t

8 years agolog the EAP identifier also for vendor specific EAP methods
Andreas Steffen [Tue, 5 Apr 2011 11:57:37 +0000 (13:57 +0200)]
log the EAP identifier also for vendor specific EAP methods

8 years agolog the initial value of the EAP identifier
Andreas Steffen [Tue, 5 Apr 2011 11:54:26 +0000 (13:54 +0200)]
log the initial value of the EAP identifier

8 years agoadded get_identifier() and set_identifier() methods
Andreas Steffen [Tue, 5 Apr 2011 11:31:32 +0000 (13:31 +0200)]
added get_identifier() and set_identifier() methods

8 years agoMigrated eap_sim_pcsc plugin to INIT/METHOD macros
Martin Willi [Mon, 4 Apr 2011 07:31:45 +0000 (09:31 +0200)]
Migrated eap_sim_pcsc plugin to INIT/METHOD macros

8 years agoSlightly reformatted SIM pcsc code
Martin Willi [Mon, 4 Apr 2011 07:21:54 +0000 (09:21 +0200)]
Slightly reformatted SIM pcsc code

8 years agoAdded SIM card backend based on pcsc-lite
Duncan Salerno [Mon, 4 Apr 2011 06:51:50 +0000 (08:51 +0200)]
Added SIM card backend based on pcsc-lite

8 years agoAdded alloc/stream options to fetcher test utility
Martin Willi [Fri, 1 Apr 2011 09:40:18 +0000 (11:40 +0200)]
Added alloc/stream options to fetcher test utility

8 years agoAdded support for FETCH_CALLBACK to soup fetcher
Martin Willi [Fri, 1 Apr 2011 09:30:35 +0000 (11:30 +0200)]
Added support for FETCH_CALLBACK to soup fetcher

8 years agoSupport FETCH_CALLBACK in curl fetcher
Martin Willi [Fri, 1 Apr 2011 09:01:42 +0000 (11:01 +0200)]
Support FETCH_CALLBACK in curl fetcher

8 years agoAdded a new FETCH_CALLBACK option to fetch data without allocation
Martin Willi [Fri, 1 Apr 2011 08:30:42 +0000 (10:30 +0200)]
Added a new FETCH_CALLBACK option to fetch data without allocation

8 years agoMigrated fetcher_manager to INIT/METHOD macros
Martin Willi [Fri, 1 Apr 2011 08:26:24 +0000 (10:26 +0200)]
Migrated fetcher_manager to INIT/METHOD macros

9 years agoversion bump to 4.5.2dr4
Andreas Steffen [Sat, 2 Apr 2011 05:46:16 +0000 (07:46 +0200)]
version bump to 4.5.2dr4

9 years agoupdated ikev2/rw-eap-tnc scenarios
Andreas Steffen [Fri, 1 Apr 2011 17:44:25 +0000 (19:44 +0200)]
updated ikev2/rw-eap-tnc scenarios