strongswan.git
6 years agounit-tests: test some zeroed ECDSA signatures that never should succeed
Martin Willi [Tue, 9 Apr 2013 14:00:19 +0000 (16:00 +0200)]
unit-tests: test some zeroed ECDSA signatures that never should succeed

6 years agounit-tests: perform signing/validation with keys ECDSA keys generated or loaded
Martin Willi [Tue, 9 Apr 2013 13:49:09 +0000 (15:49 +0200)]
unit-tests: perform signing/validation with keys ECDSA keys generated or loaded

6 years agounit-tests: add an ECDSA test case loading keys
Martin Willi [Tue, 9 Apr 2013 13:31:43 +0000 (15:31 +0200)]
unit-tests: add an ECDSA test case loading keys

6 years agounit-tests: perform a first ECDSA test case if ECDSA is supported
Martin Willi [Tue, 9 Apr 2013 13:06:28 +0000 (15:06 +0200)]
unit-tests: perform a first ECDSA test case if ECDSA is supported

6 years agounit-tests: add a helper function checking if a plugin feature is available
Martin Willi [Tue, 9 Apr 2013 13:05:24 +0000 (15:05 +0200)]
unit-tests: add a helper function checking if a plugin feature is available

6 years agounit-tests: add a test case checking if all test vectors have been passed
Martin Willi [Tue, 9 Apr 2013 12:35:38 +0000 (14:35 +0200)]
unit-tests: add a test case checking if all test vectors have been passed

6 years agocrypto-factory: count the number of test vector failures during registration
Martin Willi [Tue, 9 Apr 2013 12:30:13 +0000 (14:30 +0200)]
crypto-factory: count the number of test vector failures during registration

6 years agounit-tests: load all libstrongswan plugins in test-runner
Martin Willi [Tue, 9 Apr 2013 12:05:12 +0000 (14:05 +0200)]
unit-tests: load all libstrongswan plugins in test-runner

6 years agostroke: Add statusall-nb as alias for statusallnb
Tobias Brunner [Fri, 21 Jun 2013 08:43:46 +0000 (10:43 +0200)]
stroke: Add statusall-nb as alias for statusallnb

6 years agostroke: Add non-blocking versions of up and down
Tobias Brunner [Sun, 16 Jun 2013 14:30:21 +0000 (16:30 +0200)]
stroke: Add non-blocking versions of up and down

stroke up-nb and stroke down-nb do not block until the command has
finished.  Instead, they return right after initiating the respective
operation.

6 years agostarter: Make ipsec.conf path configurable via command line
Tobias Brunner [Thu, 13 Jun 2013 17:07:55 +0000 (19:07 +0200)]
starter: Make ipsec.conf path configurable via command line

6 years agopubkey: Improve comparison of raw public key certificate objects
Tobias Brunner [Wed, 5 Jun 2013 09:30:05 +0000 (11:30 +0200)]
pubkey: Improve comparison of raw public key certificate objects

6 years agoikev2: use protocol of selected proposal to delete a failed CHILD_SA
Martin Willi [Thu, 20 Jun 2013 10:05:13 +0000 (12:05 +0200)]
ikev2: use protocol of selected proposal to delete a failed CHILD_SA

Depending on the failure, the protocol might not yet be set on the CHILD_SA.

6 years agocharon-cmd: use a copy of pid in initiate callback
Martin Willi [Thu, 20 Jun 2013 09:02:28 +0000 (11:02 +0200)]
charon-cmd: use a copy of pid in initiate callback

When cancelling a connection that gets established, cmd_connection_t gets
freed before terminate() is called. This results in kill()ing invalid PID.

6 years agocharon-cmd: add IKEv1 aggressive mode profiles
Martin Willi [Thu, 20 Jun 2013 09:01:37 +0000 (11:01 +0200)]
charon-cmd: add IKEv1 aggressive mode profiles

6 years agoNEWS: Add first bunch of 5.1.0 highlights
Martin Willi [Thu, 20 Jun 2013 08:29:25 +0000 (10:29 +0200)]
NEWS: Add first bunch of 5.1.0 highlights

6 years agoMerge branch 'nat-transport'
Martin Willi [Wed, 19 Jun 2013 14:36:27 +0000 (16:36 +0200)]
Merge branch 'nat-transport'

Enable transport mode in NAT situations when using IKEv2. Additionally brings
an extended leftsubnet format, where each subnet can take a separate protocol
and port.

6 years agoman: update ipsec.conf.5, describing new proto/port definition within leftsubnet
Martin Willi [Wed, 5 Jun 2013 10:03:22 +0000 (12:03 +0200)]
man: update ipsec.conf.5, describing new proto/port definition within leftsubnet

6 years agostroke: support %dynamic in left/rightsubnet for dynamic selectors
Martin Willi [Wed, 5 Jun 2013 09:43:19 +0000 (11:43 +0200)]
stroke: support %dynamic in left/rightsubnet for dynamic selectors

This has the same meaning as omitting left/rightsubnet, i.e. replace it
by the IKE address. Supporting %dynamic allows configurations with multiple
dynamic selectors in a left/rightsubnet, each with potentially different
proto/port selectors.

6 years agokernel-netlink: install selectors on SA for transport/BEET mode without proto/port
Martin Willi [Wed, 5 Jun 2013 09:39:35 +0000 (11:39 +0200)]
kernel-netlink: install selectors on SA for transport/BEET mode without proto/port

If a transport/BEET SA has different selectors for different proto/ports,
installing just the proto/port of the first SA would break any additional
selector.

6 years agostroke: support a specific proto/port for each net defined in left/rightsubnet
Martin Willi [Wed, 5 Jun 2013 09:38:51 +0000 (11:38 +0200)]
stroke: support a specific proto/port for each net defined in left/rightsubnet

6 years agoikev2: properly fall back to tunnel mode if transport/BEET mode not configured
Martin Willi [Wed, 5 Jun 2013 08:48:57 +0000 (10:48 +0200)]
ikev2: properly fall back to tunnel mode if transport/BEET mode not configured

6 years agoikev2: support transport mode over NAT
Martin Willi [Wed, 5 Jun 2013 07:46:02 +0000 (09:46 +0200)]
ikev2: support transport mode over NAT

6 years agoMerge branch 'consistent-reqid'
Martin Willi [Wed, 19 Jun 2013 14:31:06 +0000 (16:31 +0200)]
Merge branch 'consistent-reqid'

Checks if a trap policy exists when installing a CHILD_SA as responder,
reuse that reqid and keeping the trap untouched. This makes auto=route on
both sides more reliable.

In addition, we no prevent to refcount an existing policy if the reqid differs;
this should not happen anymore. We now can properly reject new CHILD_SAs in
such conflicts, instead of silently breaking an existing policy.

6 years agoike: reuse the reqid of an installed trap having the same config
Martin Willi [Tue, 11 Jun 2013 14:11:14 +0000 (16:11 +0200)]
ike: reuse the reqid of an installed trap having the same config

When we have a trap installed, but a CHILD_SA gets established for the same
config from the peer, we should reuse the same reqid. Otherwise we would have
two identical policies using different reqids, what we can't handle in our
kernel backend.

6 years agotrap-manager: add a method to find reqid for installed traps by config
Martin Willi [Wed, 5 Jun 2013 12:20:44 +0000 (14:20 +0200)]
trap-manager: add a method to find reqid for installed traps by config

6 years agotrap-manager: don't check-in nonexisting IKE_SA if acquire fails
Martin Willi [Thu, 6 Jun 2013 08:54:06 +0000 (10:54 +0200)]
trap-manager: don't check-in nonexisting IKE_SA if acquire fails

6 years agotrap-manager: fix a memleak when installing a trap to %any
Martin Willi [Wed, 5 Jun 2013 12:36:44 +0000 (14:36 +0200)]
trap-manager: fix a memleak when installing a trap to %any

6 years agokernel-netlink: reject policy refcount if the reqid differs
Martin Willi [Mon, 3 Jun 2013 16:13:27 +0000 (18:13 +0200)]
kernel-netlink: reject policy refcount if the reqid differs

Previously we silently replaced an existing policy with a new one if the
reqid changed for the same selectors. This will break an old policy in the
favour of the new one (for example if two clients behind the same NAT use
transport mode).

With this change any new policy gets rejected if the reqid differs. This will
make sure we break no existing policy. For rekeying and acquires we still can
have overlapping policies (as we use the same reqid), but for unrelated
connections this is not true anymore (it wasn't actually before, we just
silently broke the existing policy).

6 years agostroke: add exportconn{cert,chain} commands in addition to exportx509
Martin Willi [Fri, 14 Jun 2013 09:22:14 +0000 (11:22 +0200)]
stroke: add exportconn{cert,chain} commands in addition to exportx509

The new commands either export a single end entity certificate or the
full trust chain for a specific connection name.

6 years agoRaise an alert if the responding peer narrowed traffic selectors
Martin Willi [Thu, 13 Jun 2013 13:03:17 +0000 (15:03 +0200)]
Raise an alert if the responding peer narrowed traffic selectors

6 years agobacktrace: use backtrace_symbols() only if we have backtrace() and dladdr() fails
Martin Willi [Wed, 19 Jun 2013 14:00:14 +0000 (16:00 +0200)]
backtrace: use backtrace_symbols() only if we have backtrace() and dladdr() fails

6 years agoutils: Remove volatile qualifier from refcount_t typedef
Tobias Brunner [Wed, 19 Jun 2013 07:20:35 +0000 (09:20 +0200)]
utils: Remove volatile qualifier from refcount_t typedef

It's not really required anymore (if it ever was) and may cause compiler
warnings when using the non atomic versions of ref_get/ref_put.

6 years agodhcp: search for transactions only for connections having a poolname "dhcp"
Martin Willi [Tue, 18 Jun 2013 07:50:29 +0000 (09:50 +0200)]
dhcp: search for transactions only for connections having a poolname "dhcp"

When a connection has a single pool that queries recursively the DHCP backend,
we shouldn't return any attributes directly from DHCP when queried for that
pool.

6 years agostarter: ignore return value of sete[gu]id(), now having warn_unused_result
Martin Willi [Tue, 18 Jun 2013 06:54:10 +0000 (08:54 +0200)]
starter: ignore return value of sete[gu]id(), now having warn_unused_result

6 years agosocket-default: Make sure sockets are open when checking with FD_ISSET
Tobias Brunner [Fri, 14 Jun 2013 15:25:16 +0000 (17:25 +0200)]
socket-default: Make sure sockets are open when checking with FD_ISSET

6 years agosocket-default: Properly initialize NAT-T port if opening regular socket failed
Tobias Brunner [Fri, 14 Jun 2013 14:41:33 +0000 (16:41 +0200)]
socket-default: Properly initialize NAT-T port if opening regular socket failed

6 years agoandroid: Forward initiator flag to libipsec when adding IPsec SA
Tobias Brunner [Thu, 13 Jun 2013 11:55:58 +0000 (13:55 +0200)]
android: Forward initiator flag to libipsec when adding IPsec SA

6 years agolibipsec: Add initiator flag to definition of ipsec_sa_mgr_t.add_sa()
Tobias Brunner [Thu, 13 Jun 2013 11:53:16 +0000 (13:53 +0200)]
libipsec: Add initiator flag to definition of ipsec_sa_mgr_t.add_sa()

6 years agoUse subset matching instead of is_contained_in() to select a child_cfg
Martin Willi [Thu, 13 Jun 2013 11:34:12 +0000 (13:34 +0200)]
Use subset matching instead of is_contained_in() to select a child_cfg

If one selector has a wider IP range than the other, but the other has a
wider port/protocol selector than the first one, none is completely contained
in the other. The check for a match using is_contained_in() therefore would
fail. Using get_subset() can handle such cases, fixing configuration selection.

6 years agoha: Fix CHILD_SA installation in ha_dispatcher after adding initiator flag
Tobias Brunner [Thu, 13 Jun 2013 11:17:55 +0000 (13:17 +0200)]
ha: Fix CHILD_SA installation in ha_dispatcher after adding initiator flag

6 years agokernel-interface: add an exchange initiator parameter to add_sa()
Martin Willi [Wed, 8 May 2013 08:31:06 +0000 (10:31 +0200)]
kernel-interface: add an exchange initiator parameter to add_sa()

This new flag gives the kernel-interface a hint how it should priorize the
use of newly installed SAs during rekeying.

Consider the following rekey procedure in IKEv2:

Initiator  ---    Responder

I1 -------CREATE-------> R1
I2 <------CREATE--------
   -------DELETE-------> R2
I3 <------DELETE--------

SAs are always handled as pairs, the following happens at the SA level:

  * Initiator starts the exchange at I1
  * Responder installs new SA pair at R1
  * Initiator installs new SA pair at I2
  * Responder removes old SA pair at R2
  * Initiator removes old SA pair at I3

This makes sure SAs get installed/removed overlapping during rekeying. However,
to avoid any packet loss, it is crucial that the new outbound SA gets
activated at the correct position:

  * as exchange initiator, in I2
  * as exchange responder, in R2

This should guarantee that we don't use the new outbound SA before the peer
could install its corresponding inbound SA.

The new parameter allows the kernel backend to install the new SA with
appropriate priorities, i.e. it should:

  * as exchange inititator, have the new outbound SA installed with higher
    priority than the old SA
  * as exchange responder, have the new outbound SA installed with lower
    priority than the old SA

While we could split up the SA installation at the responder, this approach
has another advantage: it allows the kernel backend to switch SAs based on
other criteria, for example when receiving traffic on the new inbound SA.

6 years agoMerge branch 'unique-sas'
Martin Willi [Tue, 11 Jun 2013 13:51:50 +0000 (15:51 +0200)]
Merge branch 'unique-sas'

Makes IKE_SA unique ID and CHILD_SA reqid counters atomic.

6 years agoikev1: keep vendor ID task alive during full Main/Aggressive Mode
Martin Willi [Thu, 6 Jun 2013 13:38:38 +0000 (15:38 +0200)]
ikev1: keep vendor ID task alive during full Main/Aggressive Mode

Fixes DPD with Cisco IOS sending the DPD vendor ID not in the first message.

6 years agoUse ref_get() to make sure IKE_SA unique IDs are unique
Martin Willi [Wed, 8 May 2013 13:19:52 +0000 (15:19 +0200)]
Use ref_get() to make sure IKE_SA unique IDs are unique

6 years agoMerge branch 'init-auth-fail'
Martin Willi [Tue, 11 Jun 2013 13:46:04 +0000 (15:46 +0200)]
Merge branch 'init-auth-fail'

Properly notifies the responder if authentication of an IKE_SA or installation
of a CHILD_SA fails as initiator, keeping SA state on peers consistent.

6 years agoUse ref_get() to make sure CHILD_SA reqids are unique
Martin Willi [Wed, 8 May 2013 13:18:50 +0000 (15:18 +0200)]
Use ref_get() to make sure CHILD_SA reqids are unique

6 years agoikev2: if installing a CHILD_SA as initiator fails, notify the responder
Martin Willi [Fri, 7 Jun 2013 09:35:43 +0000 (11:35 +0200)]
ikev2: if installing a CHILD_SA as initiator fails, notify the responder

6 years agoutils: ref_get() returns the new value of the reference counter
Martin Willi [Wed, 8 May 2013 13:07:09 +0000 (15:07 +0200)]
utils: ref_get() returns the new value of the reference counter

This allows us to use ref_get() for getting unique values.

6 years agoMerge branch 'scep-bind'
Martin Willi [Tue, 11 Jun 2013 13:42:23 +0000 (15:42 +0200)]
Merge branch 'scep-bind'

Extend fetcher interface by an option to specify a source IP, implement
it in the curl plugin and provide a --bind option in scepclient.

6 years agoikev2: raise LOCAL_AUTH_FAILED when receiving INFORMATIONAL with AUTH_FAILED
Martin Willi [Fri, 17 May 2013 08:36:40 +0000 (10:36 +0200)]
ikev2: raise LOCAL_AUTH_FAILED when receiving INFORMATIONAL with AUTH_FAILED

6 years agoscepclient: support a --bind option to fetch from a specific source IP
Martin Willi [Wed, 15 May 2013 14:59:34 +0000 (16:59 +0200)]
scepclient: support a --bind option to fetch from a specific source IP

6 years agoikev2: close an established IKE_SA when receiving AUTHENTICATION_FAILED
Martin Willi [Fri, 17 May 2013 08:30:13 +0000 (10:30 +0200)]
ikev2: close an established IKE_SA when receiving AUTHENTICATION_FAILED

RFC 5996 compatible implementations MAY send an INFORMATIONAL message
with an AUTHENTICATION_FAILED if the initiator failed to authenticate us.
Handle such a message like a DELETE for an IKE_SA.

6 years agocurl: add an option to fetch bound to a local source address
Martin Willi [Wed, 15 May 2013 14:34:12 +0000 (16:34 +0200)]
curl: add an option to fetch bound to a local source address

6 years agoikev2: if responder authentication fails, send AUTHENTICATION_FAILED
Martin Willi [Fri, 17 May 2013 08:22:00 +0000 (10:22 +0200)]
ikev2: if responder authentication fails, send AUTHENTICATION_FAILED

According to RFC 5996, we MAY send an INFORMATIONAL message having an
AUTHENTICATION_FAILED. We don't do any retransmits, though, but just close
the IKE_SA after one message has been sent, avoiding the danger that an
unauthenticated IKE_SA stays alive.

6 years agoAllow IPComp on NATed connections, both for IKEv1 and IKEv2
Martin Willi [Thu, 16 May 2013 11:32:48 +0000 (13:32 +0200)]
Allow IPComp on NATed connections, both for IKEv1 and IKEv2

While this was problematic in earlier releases, it seems that it works just
fine the way we handle compression now. So there is no need to disable it over
NATed connections or when using forceencaps.

6 years agofetcher: add missing "continue" when handling FETCH_CALLBACK
Martin Willi [Wed, 15 May 2013 14:27:15 +0000 (16:27 +0200)]
fetcher: add missing "continue" when handling FETCH_CALLBACK

6 years agoleak-detective: Resolve hooked functions during initialization
Tobias Brunner [Tue, 11 Jun 2013 13:38:56 +0000 (15:38 +0200)]
leak-detective: Resolve hooked functions during initialization

If uses of dlopen(), e.g. when loading plugins, produce errors an error
string could get allocated dynamically.  At this point realloc() might not
yet be resolved and when dlsym() is later called by leak detective to do
so the error string might get freed while leak detective is disabled and
real_free() will be called with a pointer into one of leak detective's
memory blocks instead of a pointer to the block itself, causing a SIGSEGV.

6 years agoProperly compare CHILD_SAs during rekey collision
Tobias Brunner [Fri, 31 May 2013 17:01:05 +0000 (19:01 +0200)]
Properly compare CHILD_SAs during rekey collision

The previous code did not properly check for the situation when the
DELETE for a redundant CHILD_SA created by a responder during a
CHILD_SA rekey collision arrives before the responder's answer to the
initiator's winning CREATE_CHILD_SA request.

6 years agoMerge branch 'plugin-loader'
Tobias Brunner [Tue, 11 Jun 2013 09:18:33 +0000 (11:18 +0200)]
Merge branch 'plugin-loader'

Improves how plugin loader resolves dependencies between plugins.  The
old loader had problems if plugins had dependencies on features provided
by plugins listed later in the plugin list.  For instance, it was not
possible to use the X.509 implementation provided by the x509 plugin
while using all the crypto primitives provided by the openssl plugin.
Because the x509 plugin has a dependency on SHA1, the old loader skipped
that plugin until it loaded a SHA1 implementation.  Because the loader
also loaded all features with resolved dependencies provided by a specific
plugin it would, while loading the openssl plugin's SHA1 implementation,
also load its X.509 implementation.  So to use the x509 plugin it was
necessary to load the sha1 plugin before it so that its dependencies
could be properly resolved.

With the new implementation the plugins don't have to be in a specific
order to resolve dependencies.  But the order still matters if two
plugins provide the same feature.

Also, support for the get_features() interface was added to all plugins.

6 years agoRemoved stray *_plugin_create() declarations from header files
Tobias Brunner [Mon, 10 Jun 2013 16:33:49 +0000 (18:33 +0200)]
Removed stray *_plugin_create() declarations from header files

6 years agoeap-radius: Do initialization in a plugin feature callback
Tobias Brunner [Mon, 10 Jun 2013 16:15:40 +0000 (18:15 +0200)]
eap-radius: Do initialization in a plugin feature callback

6 years agoRefactored plugin-loader with improved dependency resolution
Tobias Brunner [Sat, 8 Jun 2013 13:46:33 +0000 (15:46 +0200)]
Refactored plugin-loader with improved dependency resolution

With the new implementation the plugins don't have to be listed in any
special order, dependencies are properly resolved.  The order only
matters if two plugins provide the same feature.

6 years agoandroid-log: Use plugin features
Tobias Brunner [Sat, 8 Jun 2013 09:05:02 +0000 (11:05 +0200)]
android-log: Use plugin features

6 years agoandroid-dns: Use plugin features to register attribute handler
Tobias Brunner [Sat, 8 Jun 2013 09:03:42 +0000 (11:03 +0200)]
android-dns: Use plugin features to register attribute handler

6 years agomaemo: Use plugin features
Tobias Brunner [Sat, 8 Jun 2013 09:02:26 +0000 (11:02 +0200)]
maemo: Use plugin features

6 years agomedsrv: Use plugin features with dependency on database implementation
Tobias Brunner [Sat, 8 Jun 2013 09:00:48 +0000 (11:00 +0200)]
medsrv: Use plugin features with dependency on database implementation

6 years agomedcli: Use plugin features with dependency on database implementation
Tobias Brunner [Sat, 8 Jun 2013 08:56:44 +0000 (10:56 +0200)]
medcli: Use plugin features with dependency on database implementation

6 years agowhitelist: Use plugin features to register listener
Tobias Brunner [Sat, 8 Jun 2013 08:55:42 +0000 (10:55 +0200)]
whitelist: Use plugin features to register listener

6 years agoupdown: Use plugin features to register listener and attribute handler
Tobias Brunner [Sat, 8 Jun 2013 08:47:38 +0000 (10:47 +0200)]
updown: Use plugin features to register listener and attribute handler

6 years agounity: Use plugin features to register listener and attribute handler/provider
Tobias Brunner [Sat, 8 Jun 2013 08:44:56 +0000 (10:44 +0200)]
unity: Use plugin features to register listener and attribute handler/provider

6 years agounit-tester: Use plugin features
Tobias Brunner [Sat, 8 Jun 2013 08:41:39 +0000 (10:41 +0200)]
unit-tester: Use plugin features

6 years agouci: Use plugin features to register backend and credential set
Tobias Brunner [Sat, 8 Jun 2013 08:34:44 +0000 (10:34 +0200)]
uci: Use plugin features to register backend and credential set

6 years agosystime-fix: Use plugin features to register validator
Tobias Brunner [Sat, 8 Jun 2013 08:34:31 +0000 (10:34 +0200)]
systime-fix: Use plugin features to register validator

6 years agosmp: Use plugin features
Tobias Brunner [Sat, 8 Jun 2013 08:29:09 +0000 (10:29 +0200)]
smp: Use plugin features

6 years agoradattr: Use plugin features to register listener
Tobias Brunner [Sat, 8 Jun 2013 08:25:37 +0000 (10:25 +0200)]
radattr: Use plugin features to register listener

6 years agolookip: Use plugin features to register listener
Tobias Brunner [Sat, 8 Jun 2013 08:22:23 +0000 (10:22 +0200)]
lookip: Use plugin features to register listener

6 years agoled: Use plugin features to register listener
Tobias Brunner [Sat, 8 Jun 2013 08:18:00 +0000 (10:18 +0200)]
led: Use plugin features to register listener

6 years agotest-vectors: Use plugin features
Tobias Brunner [Fri, 7 Jun 2013 17:35:24 +0000 (19:35 +0200)]
test-vectors: Use plugin features

6 years agorevocation: Use plugin features with soft dependencies on fetcher and en-/decoding
Tobias Brunner [Fri, 7 Jun 2013 17:31:51 +0000 (19:31 +0200)]
revocation: Use plugin features with soft dependencies on fetcher and en-/decoding

6 years agopadlock: Use plugin features to properly register algorithms
Tobias Brunner [Fri, 7 Jun 2013 17:23:11 +0000 (19:23 +0200)]
padlock: Use plugin features to properly register algorithms

6 years agopkcs11: Use plugin_features_add() in get_features()
Tobias Brunner [Fri, 7 Jun 2013 17:22:26 +0000 (19:22 +0200)]
pkcs11: Use plugin_features_add() in get_features()

6 years agoplugin-feature: Added helper function to extend arrays of plugin features
Tobias Brunner [Fri, 7 Jun 2013 17:19:22 +0000 (19:19 +0200)]
plugin-feature: Added helper function to extend arrays of plugin features

6 years agoconstraints: Use plugin features with soft dependency on X.509 decoding
Tobias Brunner [Fri, 7 Jun 2013 17:01:40 +0000 (19:01 +0200)]
constraints: Use plugin features with soft dependency on X.509 decoding

6 years agoblowfish: Use plugin features to properly register crypter
Tobias Brunner [Fri, 7 Jun 2013 16:57:15 +0000 (18:57 +0200)]
blowfish: Use plugin features to properly register crypter

6 years agoresolve: Use plugin features to register attribute handler
Tobias Brunner [Fri, 7 Jun 2013 16:54:36 +0000 (18:54 +0200)]
resolve: Use plugin features to register attribute handler

6 years agoattr: Use plugin features to register attribute provider
Tobias Brunner [Fri, 7 Jun 2013 16:52:33 +0000 (18:52 +0200)]
attr: Use plugin features to register attribute provider

6 years agoipseckey: Allow en-/disabling at runtime using plugin reload feature
Tobias Brunner [Fri, 7 Jun 2013 16:38:16 +0000 (18:38 +0200)]
ipseckey: Allow en-/disabling at runtime using plugin reload feature

6 years agoipseckey: Use plugin features and depend on RESOLVER
Tobias Brunner [Fri, 7 Jun 2013 16:22:41 +0000 (18:22 +0200)]
ipseckey: Use plugin features and depend on RESOLVER

Also fixed a double-free of the resolver instance.

6 years agounbound: Use plugin features and provide RESOLVER
Tobias Brunner [Fri, 7 Jun 2013 16:16:08 +0000 (18:16 +0200)]
unbound: Use plugin features and provide RESOLVER

6 years agoplugin-feature: Add feature for DNSSEC-enabled resolvers
Tobias Brunner [Fri, 7 Jun 2013 16:11:46 +0000 (18:11 +0200)]
plugin-feature: Add feature for DNSSEC-enabled resolvers

6 years agoha: Use plugin features to register listeners and attribute provider
Tobias Brunner [Fri, 7 Jun 2013 15:58:12 +0000 (17:58 +0200)]
ha: Use plugin features to register listeners and attribute provider

6 years agofarp: Use plugin features to register listener
Tobias Brunner [Fri, 7 Jun 2013 15:50:12 +0000 (17:50 +0200)]
farp: Use plugin features to register listener

6 years agoerror-notify: Use plugin features to register listener
Tobias Brunner [Fri, 7 Jun 2013 15:46:43 +0000 (17:46 +0200)]
error-notify: Use plugin features to register listener

6 years agoduplicheck: Use plugin features to register listener
Tobias Brunner [Fri, 7 Jun 2013 15:43:41 +0000 (17:43 +0200)]
duplicheck: Use plugin features to register listener

6 years agocoupling: Use plugin features and soft depend on SHA1
Tobias Brunner [Fri, 7 Jun 2013 15:37:13 +0000 (17:37 +0200)]
coupling: Use plugin features and soft depend on SHA1

6 years agocertexpire: Use plugin features to register listener
Tobias Brunner [Fri, 7 Jun 2013 15:19:13 +0000 (17:19 +0200)]
certexpire: Use plugin features to register listener

6 years agoaddrblock: Use plugin features with soft dependency on X.509 decoding
Tobias Brunner [Fri, 7 Jun 2013 13:45:02 +0000 (15:45 +0200)]
addrblock: Use plugin features with soft dependency on X.509 decoding

6 years agodhcp: Use plugin features with dependency to RNG implementation
Tobias Brunner [Fri, 7 Jun 2013 13:35:47 +0000 (15:35 +0200)]
dhcp: Use plugin features with dependency to RNG implementation

6 years agosql: Use plugin features with dependency to database backend
Tobias Brunner [Fri, 7 Jun 2013 13:14:52 +0000 (15:14 +0200)]
sql: Use plugin features with dependency to database backend