strongswan.git
7 years agoInclude the whole src directory in apidoc and make source files browsable
Tobias Brunner [Sat, 2 Mar 2013 13:58:33 +0000 (14:58 +0100)]
Include the whole src directory in apidoc and make source files browsable

But still only scan header files as Doxygen can't figure out how they
are related to source files (at least not for class methods).

7 years agoPrevent Doxygen from processing __attribute__(...)
Tobias Brunner [Sat, 2 Mar 2013 12:33:25 +0000 (13:33 +0100)]
Prevent Doxygen from processing __attribute__(...)

Doxygen produces additional members/classes from these attributes.

7 years agoUpdated Doxyfile.in with a recent version of Doxygen
Tobias Brunner [Sat, 2 Mar 2013 12:08:52 +0000 (13:08 +0100)]
Updated Doxyfile.in with a recent version of Doxygen

7 years agoRemoved backend for old Android frontend patch
Tobias Brunner [Sat, 2 Mar 2013 14:57:00 +0000 (15:57 +0100)]
Removed backend for old Android frontend patch

Moved the remaining DNS handler to a new plugin.

7 years agoadded ERX_SUPPORTED IKEv2 Notify
Andreas Steffen [Sat, 2 Mar 2013 16:18:37 +0000 (17:18 +0100)]
added ERX_SUPPORTED IKEv2 Notify

7 years agoadded some new TCG IF-M message subtypes and attributes
Andreas Steffen [Sat, 2 Mar 2013 16:03:37 +0000 (17:03 +0100)]
added some new TCG IF-M message subtypes and attributes

7 years agoversion bump to 5.0.3dr3
Andreas Steffen [Sat, 2 Mar 2013 15:19:57 +0000 (16:19 +0100)]
version bump to 5.0.3dr3

7 years agoandroid: Mitigate race condition on reauthentication
Tobias Brunner [Fri, 1 Mar 2013 16:01:21 +0000 (17:01 +0100)]
android: Mitigate race condition on reauthentication

If the TUN device gets recreated while another thread in handle_plain()
has not yet called select(2) but already stored the file descriptor of the
old TUN device in its FD set, select() will fail with EBADF.

Fixes #301.

7 years agoopenssl: The EVP GCM interface requires at least OpenSSL 1.0.1
Tobias Brunner [Fri, 1 Mar 2013 15:56:37 +0000 (16:56 +0100)]
openssl: The EVP GCM interface requires at least OpenSSL 1.0.1

7 years agoMerge branch 'multi-eap'
Martin Willi [Fri, 1 Mar 2013 10:36:41 +0000 (11:36 +0100)]
Merge branch 'multi-eap'

Fixes the use of EAP methods in the non-first authentication round if the
initiator demands mutual EAP. Also mutual EAP can now be enforced when the
initiator sets rightauth=eap, not only with rightauth=any.

7 years agoMerge branch 'multi-cert'
Martin Willi [Fri, 1 Mar 2013 10:35:32 +0000 (11:35 +0100)]
Merge branch 'multi-cert'

Allows the configuration of multiple certificates in leftcert, and select
the correct certificate to use based on the received certificate requests.

7 years agoMerge branch 'systime'
Martin Willi [Fri, 1 Mar 2013 10:33:47 +0000 (11:33 +0100)]
Merge branch 'systime'

Add a systime-fix plugin allowing an embedded system to validate certificates
if the system time has not been synchronized after boot. Certificates of
established tunnels can be re-validated after the system time gets valid.

7 years agoMerge branch 'ikev1-rekeying'
Martin Willi [Fri, 1 Mar 2013 10:32:02 +0000 (11:32 +0100)]
Merge branch 'ikev1-rekeying'

Migrates Quick Modes to the new Main Mode if an IKEv1 reauthentication replaces
the old Main Mode having a uniqueids=replace policy.

7 years agoMerge branch 'vip-shunts'
Martin Willi [Fri, 1 Mar 2013 10:30:13 +0000 (11:30 +0100)]
Merge branch 'vip-shunts'

Installs bypass policies for the physical address if a virtual address is
assigned, and installs a proper source route to actually use the physical
address for bypassed destinations.

Conflicts:
src/libcharon/plugins/unity/unity_handler.c

7 years agoMerge branch 'opaque-ports'
Martin Willi [Fri, 1 Mar 2013 10:27:12 +0000 (11:27 +0100)]
Merge branch 'opaque-ports'

Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.

7 years agoWhen running with an unprivileged user, initialize supplementary groups
Martin Willi [Wed, 20 Feb 2013 09:38:45 +0000 (10:38 +0100)]
When running with an unprivileged user, initialize supplementary groups

7 years agoWithout MOBIKE, update remote host only if it is behind NAT
Martin Willi [Fri, 22 Feb 2013 13:55:03 +0000 (14:55 +0100)]
Without MOBIKE, update remote host only if it is behind NAT

7 years agoMerge branch 'ikev1-mm-retransmits'
Martin Willi [Fri, 1 Mar 2013 10:24:42 +0000 (11:24 +0100)]
Merge branch 'ikev1-mm-retransmits'

Fixes retransmit of the last Main Mode or IKE_AUTH message, and correctly
queues Main Mode messages when processing of the last message is still in
progress.

7 years agoMerge branch 'tfc-notify'
Martin Willi [Fri, 1 Mar 2013 10:16:58 +0000 (11:16 +0100)]
Merge branch 'tfc-notify'

Introduces kernel backend features, sends ESP_TFC_PADDING_NOT_SUPPORTED if
kernel does not support it.

7 years agoSend ESP_TFC_PADDING_NOT_SUPPORTED if the used kernel doesn't support it
Martin Willi [Thu, 21 Feb 2013 09:09:39 +0000 (10:09 +0100)]
Send ESP_TFC_PADDING_NOT_SUPPORTED if the used kernel doesn't support it

7 years agoIndicate support for processing ESPv3 TFC padding in Netlink IPsec backend
Martin Willi [Thu, 21 Feb 2013 08:45:46 +0000 (09:45 +0100)]
Indicate support for processing ESPv3 TFC padding in Netlink IPsec backend

7 years agoIntroduce "features" for the kernel backends returning kernel capabilities
Martin Willi [Thu, 21 Feb 2013 08:39:23 +0000 (09:39 +0100)]
Introduce "features" for the kernel backends returning kernel capabilities

7 years agotesting: Add a script to easily connect to a host via SSH
Tobias Brunner [Tue, 19 Feb 2013 13:17:26 +0000 (14:17 +0100)]
testing: Add a script to easily connect to a host via SSH

This doesn't require any entries in /etc/hosts and the correct SSH
config is used to allow password-less access.

7 years agoopenssl: Provide AES-GCM implementation
Tobias Brunner [Tue, 12 Feb 2013 15:46:56 +0000 (16:46 +0100)]
openssl: Provide AES-GCM implementation

7 years agoFix cleanup in crypto_tester if AEAD implementation fails
Tobias Brunner [Tue, 12 Feb 2013 15:42:45 +0000 (16:42 +0100)]
Fix cleanup in crypto_tester if AEAD implementation fails

7 years agoOrder of arguments in Doxygen comment fixed
Tobias Brunner [Tue, 12 Feb 2013 15:40:54 +0000 (16:40 +0100)]
Order of arguments in Doxygen comment fixed

7 years agoFix auth_cfg_t.clone() for single-valued auth rules
Tobias Brunner [Mon, 18 Feb 2013 16:23:04 +0000 (17:23 +0100)]
Fix auth_cfg_t.clone() for single-valued auth rules

By using the default list enumerator and adding the rules with the public
add() method, clones of auth_cfg_t objects would return the values for
single-valued auth rules in the wrong order (i.e. the oldest instead of the
newest value was returned).  Using the internal enumerator (which the comment
already suggested) fixes this, but the clone will not be a full clone as
it does not contain any old values for single-valued auth rules.  Since
these will never be used anyway, this should be fine.

7 years agoTrigger an updown event when destroying an IKE_SA based on INITIAL_CONTACT
Tobias Brunner [Mon, 18 Feb 2013 11:05:58 +0000 (12:05 +0100)]
Trigger an updown event when destroying an IKE_SA based on INITIAL_CONTACT

In other cases (i.e. when functions return DESTROY_ME) the event should
already be triggered, but not in this forced situation.

7 years agoApply a mutual EAP auth_cfg not before the EAP method completes
Martin Willi [Tue, 26 Feb 2013 12:07:11 +0000 (13:07 +0100)]
Apply a mutual EAP auth_cfg not before the EAP method completes

7 years agoBe a little more verbose why a peer_cfg is inacceptable
Martin Willi [Tue, 26 Feb 2013 11:26:31 +0000 (12:26 +0100)]
Be a little more verbose why a peer_cfg is inacceptable

7 years agoRefactor auth_cfg applying to a common function
Martin Willi [Tue, 26 Feb 2013 11:16:31 +0000 (12:16 +0100)]
Refactor auth_cfg applying to a common function

7 years agoUse SIGUSR2 for SIG_CANCEL on Android
Tobias Brunner [Tue, 26 Feb 2013 10:07:28 +0000 (11:07 +0100)]
Use SIGUSR2 for SIG_CANCEL on Android

SIGRTMIN is defined as 32 while sigset_t is defined as
unsigned long (i.e. holds 32 signals).  Hence, the signal
could never be blocked.  Sending the signal still canceled
threads, but sometimes in situations where they shouldn't
have been canceled (e.g. while holding a lock).

Fixes #298.

7 years agoAndroid.mk updated to latest Makefiles
Tobias Brunner [Tue, 26 Feb 2013 09:11:36 +0000 (10:11 +0100)]
Android.mk updated to latest Makefiles

Fixes #300.

7 years agoFor IKEv1 Main Mode, use message hash to detect early retransmissions
Martin Willi [Mon, 25 Feb 2013 11:08:36 +0000 (12:08 +0100)]
For IKEv1 Main Mode, use message hash to detect early retransmissions

As the message ID is zero in all Main Mode messages, it can't be used to detect
if we are already processing a given message.

7 years agoMove initial message dropping to task manager
Martin Willi [Mon, 25 Feb 2013 10:42:50 +0000 (11:42 +0100)]
Move initial message dropping to task manager

When the last request message of the initial tunnel setup is retransmitted,
we must retransmit the response instead of ignoring the request.

Fixes #295.

7 years agoUse INIT macro to initialize IKE_SA manager entries
Martin Willi [Mon, 25 Feb 2013 10:52:55 +0000 (11:52 +0100)]
Use INIT macro to initialize IKE_SA manager entries

7 years agoCheck kvm command existence in start-testing
Reto Buerki [Fri, 22 Feb 2013 14:16:37 +0000 (15:16 +0100)]
Check kvm command existence in start-testing

7 years agoDon't reject OPAQUE ports while verifying traffic selector substructure
Martin Willi [Thu, 21 Feb 2013 10:45:24 +0000 (11:45 +0100)]
Don't reject OPAQUE ports while verifying traffic selector substructure

7 years agoDocument ipsec.conf leftprotoport extensions in manpage
Martin Willi [Thu, 21 Feb 2013 10:32:10 +0000 (11:32 +0100)]
Document ipsec.conf leftprotoport extensions in manpage

7 years agoOptionally support port ranges in leftprotoport
Martin Willi [Thu, 21 Feb 2013 10:24:37 +0000 (11:24 +0100)]
Optionally support port ranges in leftprotoport

7 years agoSupport %opaque keyword in leftprotoport for "opaque" ports
Martin Willi [Thu, 21 Feb 2013 10:13:26 +0000 (11:13 +0100)]
Support %opaque keyword in leftprotoport for "opaque" ports

7 years agoPass complete port range over stroke interface for more flexibility
Martin Willi [Thu, 21 Feb 2013 10:11:29 +0000 (11:11 +0100)]
Pass complete port range over stroke interface for more flexibility

7 years agoUse a complete port range in traffic_selector_create_from_{subnet,cidr}
Martin Willi [Thu, 21 Feb 2013 10:04:35 +0000 (11:04 +0100)]
Use a complete port range in traffic_selector_create_from_{subnet,cidr}

7 years agoPrint OPAQUE traffic selectors as what they are, not as port range
Martin Willi [Thu, 21 Feb 2013 10:51:03 +0000 (11:51 +0100)]
Print OPAQUE traffic selectors as what they are, not as port range

7 years agoSupport "opaque" ports in traffic selector subset calculation
Martin Willi [Thu, 21 Feb 2013 09:51:19 +0000 (10:51 +0100)]
Support "opaque" ports in traffic selector subset calculation

7 years agoSlightly refactor traffic_selector_t.get_subset()
Martin Willi [Thu, 21 Feb 2013 09:39:36 +0000 (10:39 +0100)]
Slightly refactor traffic_selector_t.get_subset()

7 years agoMigrate remaining traffic selector methods to METHOD macro
Martin Willi [Thu, 21 Feb 2013 09:28:21 +0000 (10:28 +0100)]
Migrate remaining traffic selector methods to METHOD macro

7 years agoopenssl: Disable PKCS#7/CMS when building against OpenSSL < 0.9.8g
Tobias Brunner [Tue, 19 Feb 2013 13:12:57 +0000 (14:12 +0100)]
openssl: Disable PKCS#7/CMS when building against OpenSSL < 0.9.8g

Fixes #292.

7 years agoInstall a route for shunt policies
Martin Willi [Wed, 20 Feb 2013 15:17:31 +0000 (16:17 +0100)]
Install a route for shunt policies

If we install a virtual IP, its source route would render the shunt policy
useless, as locally generated traffic wouldn't match. Having a route for each
shunt policy with higher priority chooses the correct source address for
bypassed destinations.

7 years agoInclude local address for Unity Split-Exclude shunt policies
Martin Willi [Wed, 20 Feb 2013 15:15:39 +0000 (16:15 +0100)]
Include local address for Unity Split-Exclude shunt policies

If we use a virtual IP, having a shunt policy for just that wouldn't work, as
we want a shunt bypass using the local address.

7 years agoAfter IKEv1 reauthentication, reinstall VIP routes after migrating CHILD_SAs
Martin Willi [Wed, 20 Feb 2013 08:16:00 +0000 (09:16 +0100)]
After IKEv1 reauthentication, reinstall VIP routes after migrating CHILD_SAs

During IKEv1 reauthentication, the virtual IP gets removed, then reinstalled.
The CHILD_SAs get migrated, but any associated route gets removed from the
kernel. Reinstall routes after adding the virtual IP again.

7 years agoWhen detecting a duplicate IKEv1 SA, adopt children, as it might be a rekeying
Martin Willi [Wed, 20 Feb 2013 07:57:17 +0000 (08:57 +0100)]
When detecting a duplicate IKEv1 SA, adopt children, as it might be a rekeying

7 years agoversion bump to 5.0.3dr2 5.0.3dr2
Andreas Steffen [Tue, 19 Feb 2013 19:25:13 +0000 (20:25 +0100)]
version bump to 5.0.3dr2

7 years agotreat IF-M and IF-TNCCS remediation instructions/parameters in an equal way
Andreas Steffen [Tue, 19 Feb 2013 19:00:48 +0000 (20:00 +0100)]
treat IF-M and IF-TNCCS remediation instructions/parameters in an equal way

7 years agosystime-fix disables certificate lifetime validation if system time not synced
Martin Willi [Tue, 19 Feb 2013 14:38:28 +0000 (15:38 +0100)]
systime-fix disables certificate lifetime validation if system time not synced

The system time can be periodically checked. If it gets valid, certificates get
rechecked with the current lifetime. If certificates are invalid, associated
IKE_SAs can be closed or reauthenticated.

7 years agoAdd a stub for systime-fix, a plugin handling certificate lifetimes gracefully
Martin Willi [Tue, 19 Feb 2013 13:49:38 +0000 (14:49 +0100)]
Add a stub for systime-fix, a plugin handling certificate lifetimes gracefully

7 years agoAdd a cert_validator hook allowing plugins to provide custom lifetime checking
Martin Willi [Tue, 19 Feb 2013 10:26:21 +0000 (11:26 +0100)]
Add a cert_validator hook allowing plugins to provide custom lifetime checking

7 years agoMake cert_validator_t.validate optional to implement
Martin Willi [Tue, 19 Feb 2013 10:22:36 +0000 (11:22 +0100)]
Make cert_validator_t.validate optional to implement

7 years agoMerge branch 'dnssec'
Tobias Brunner [Tue, 19 Feb 2013 11:25:27 +0000 (12:25 +0100)]
Merge branch 'dnssec'

7 years agoNEWS about ipseckey and unbound plugins added
Tobias Brunner [Tue, 19 Feb 2013 11:23:27 +0000 (12:23 +0100)]
NEWS about ipseckey and unbound plugins added

7 years agoAdded ikev2/rw-dnssec scenario
Andreas Steffen [Sun, 17 Feb 2013 20:49:23 +0000 (21:49 +0100)]
Added ikev2/rw-dnssec scenario

7 years agoAdded ikev2/net2net-dnssec scenario
Andreas Steffen [Mon, 18 Feb 2013 17:06:19 +0000 (18:06 +0100)]
Added ikev2/net2net-dnssec scenario

7 years agoConfigure winnetou as a DNSSEC enabled nameserver for the strongswan.org, org, and...
Andreas Steffen [Thu, 14 Feb 2013 12:32:04 +0000 (13:32 +0100)]
Configure winnetou as a DNSSEC enabled nameserver for the strongswan.org, org, and root zones

7 years agoBuild unbound and ipseckey plugins on KVM image
Andreas Steffen [Wed, 13 Feb 2013 12:48:14 +0000 (13:48 +0100)]
Build unbound and ipseckey plugins on KVM image

7 years agoStreamlined log messages in ipseckey plugin
Andreas Steffen [Sun, 17 Feb 2013 18:31:56 +0000 (19:31 +0100)]
Streamlined log messages in ipseckey plugin

7 years agoEncode RSA public keys in RFC 3110 DNSKEY format
Andreas Steffen [Sun, 17 Feb 2013 16:37:45 +0000 (17:37 +0100)]
Encode RSA public keys in RFC 3110 DNSKEY format

7 years agoMoved configuration from resolver manager to unbound plugin
Andreas Steffen [Fri, 15 Feb 2013 14:12:29 +0000 (15:12 +0100)]
Moved configuration from resolver manager to unbound plugin

Also streamlined log messages in unbound plugin.

7 years agoipseckey: Report IPSECKEYs with invalid DNSSEC security state
Reto Guadagnini [Thu, 5 Jul 2012 10:17:49 +0000 (12:17 +0200)]
ipseckey: Report IPSECKEYs with invalid DNSSEC security state

7 years agoipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.conf
Reto Guadagnini [Fri, 8 Jun 2012 15:15:09 +0000 (17:15 +0200)]
ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.conf

7 years agoAdded ipseckey plugin, which provides support for public keys in IPSECKEY RRs
Reto Guadagnini [Fri, 8 Jun 2012 09:26:50 +0000 (11:26 +0200)]
Added ipseckey plugin, which provides support for public keys in IPSECKEY RRs

7 years agoImplemented the resolver test script "dnssec"
Reto Guadagnini [Tue, 10 Apr 2012 15:06:29 +0000 (17:06 +0200)]
Implemented the resolver test script "dnssec"

7 years agounbound: Implementation of query method of unbound_resolver_t
Reto Guadagnini [Tue, 10 Apr 2012 15:05:06 +0000 (17:05 +0200)]
unbound: Implementation of query method of unbound_resolver_t

7 years agounbound: Implemented resolver_response_t as unbound_response_t
Reto Guadagnini [Tue, 10 Apr 2012 14:59:43 +0000 (16:59 +0200)]
unbound: Implemented resolver_response_t as unbound_response_t

7 years agoImplemented rr_set_t interface
Reto Guadagnini [Tue, 3 Apr 2012 20:15:00 +0000 (22:15 +0200)]
Implemented rr_set_t interface

7 years agounbound: Implemented rr_t as unbound_rr_t
Reto Guadagnini [Tue, 27 Mar 2012 16:37:24 +0000 (18:37 +0200)]
unbound: Implemented rr_t as unbound_rr_t

7 years agoAdded unbound plugin implementing the resolver interface using libunbound
Reto Guadagnini [Tue, 27 Mar 2012 07:22:14 +0000 (09:22 +0200)]
Added unbound plugin implementing the resolver interface using libunbound

7 years agoAdded manager for DNS resolvers
Reto Guadagnini [Fri, 23 Mar 2012 10:36:49 +0000 (11:36 +0100)]
Added manager for DNS resolvers

7 years agoAdded interface for DNS resolvers
Reto Guadagnini [Tue, 20 Mar 2012 17:49:54 +0000 (18:49 +0100)]
Added interface for DNS resolvers

7 years agoadded missing return statement
Andreas Steffen [Tue, 19 Feb 2013 09:21:36 +0000 (10:21 +0100)]
added missing return statement

7 years agoFix encoding of issuerAndSubject while handling SCEP pending state
Martin Willi [Tue, 19 Feb 2013 08:53:47 +0000 (09:53 +0100)]
Fix encoding of issuerAndSubject while handling SCEP pending state

7 years agoreject PB-Experimental messages with NOSKIP flag set
Andreas Steffen [Tue, 19 Feb 2013 08:31:34 +0000 (09:31 +0100)]
reject PB-Experimental messages with NOSKIP flag set

7 years agoadded parameter descriptions
Andreas Steffen [Tue, 19 Feb 2013 06:44:57 +0000 (07:44 +0100)]
added parameter descriptions

7 years agoremoved superfluous debug output
Andreas Steffen [Fri, 15 Feb 2013 14:19:16 +0000 (15:19 +0100)]
removed superfluous debug output

7 years agoAdd a timeout to clean up PDP RADIUS connections
Martin Willi [Wed, 19 Dec 2012 17:07:33 +0000 (18:07 +0100)]
Add a timeout to clean up PDP RADIUS connections

7 years agoKeep the PDP connections lock while accessing its objects
Martin Willi [Wed, 19 Dec 2012 16:55:47 +0000 (17:55 +0100)]
Keep the PDP connections lock while accessing its objects

When we introduce connection timeouts, the state may disappear at any time.
This change prevents that, but is not very clear. We probably have to refactor
connection handling.

7 years agoAdd locking to TNC-PDP connections
Martin Willi [Wed, 19 Dec 2012 16:39:25 +0000 (17:39 +0100)]
Add locking to TNC-PDP connections

7 years agoAdd IF-M message subtype getter to IMC/IMV messages
Martin Willi [Mon, 21 Jan 2013 16:01:53 +0000 (17:01 +0100)]
Add IF-M message subtype getter to IMC/IMV messages

7 years agoUse a generic constructor to create PA-TNC error attributes
Martin Willi [Mon, 28 Jan 2013 15:29:42 +0000 (16:29 +0100)]
Use a generic constructor to create PA-TNC error attributes

7 years agoAdd a global return_success() method implementation
Martin Willi [Tue, 29 Jan 2013 11:20:10 +0000 (12:20 +0100)]
Add a global return_success() method implementation

7 years agoAdd a convenience method to check pen_type_t for vendor and type
Martin Willi [Thu, 31 Jan 2013 14:43:45 +0000 (15:43 +0100)]
Add a convenience method to check pen_type_t for vendor and type

7 years agoAdd a comparison function for pen_type_t
Martin Willi [Thu, 31 Jan 2013 14:29:43 +0000 (15:29 +0100)]
Add a comparison function for pen_type_t

7 years agoWhitespace and comment cleanups in pen.[ch]
Martin Willi [Thu, 31 Jan 2013 14:23:25 +0000 (15:23 +0100)]
Whitespace and comment cleanups in pen.[ch]

7 years agoresolve dependency on libtls
Andreas Steffen [Sat, 2 Feb 2013 21:21:36 +0000 (22:21 +0100)]
resolve dependency on libtls

7 years agoMerge branch 'ike-dscp'
Martin Willi [Thu, 14 Feb 2013 16:11:35 +0000 (17:11 +0100)]
Merge branch 'ike-dscp'

7 years agoCheck if recommendations is set before applying language preference
Martin Willi [Thu, 14 Feb 2013 16:03:10 +0000 (17:03 +0100)]
Check if recommendations is set before applying language preference

7 years agoPT-TLS dispatcher TNCCS constructor takes peer identities to pass to factory
Martin Willi [Thu, 14 Feb 2013 13:48:54 +0000 (14:48 +0100)]
PT-TLS dispatcher TNCCS constructor takes peer identities to pass to factory

7 years agoMerge branch 'pt-tls'
Martin Willi [Thu, 14 Feb 2013 16:06:07 +0000 (17:06 +0100)]
Merge branch 'pt-tls'

7 years agoRemove leading zeros in SCEP certificate serialNumbers
Martin Willi [Wed, 13 Feb 2013 11:06:09 +0000 (12:06 +0100)]
Remove leading zeros in SCEP certificate serialNumbers

7 years agoFix 'stroke loglevel any'
Tobias Brunner [Wed, 13 Feb 2013 11:11:37 +0000 (12:11 +0100)]
Fix 'stroke loglevel any'

Before b46a5cd4 this worked if debug_t was unsigned.  In that case -1,
as returned by enum_from_name(), would result in a large positive number.
So any unknown debug group (including 'any') had the same effect that
was only intended for 'any'.

7 years agoadded ikev1/net2net-fragmentation scenario 5.0.3dr1
Andreas Steffen [Tue, 12 Feb 2013 22:01:48 +0000 (23:01 +0100)]
added ikev1/net2net-fragmentation scenario