strongswan.git
9 years agoDo not query for CKA_ALWAYS_AUTHENTICATE if PKCS#11 Cryptoki version < 2.20
Martin Willi [Thu, 18 Nov 2010 07:56:12 +0000 (08:56 +0100)]
Do not query for CKA_ALWAYS_AUTHENTICATE if PKCS#11 Cryptoki version < 2.20

9 years agoUse static args for C_Initialize(), OpenSC does not get a copy of the pointers
Martin Willi [Thu, 18 Nov 2010 07:43:26 +0000 (08:43 +0100)]
Use static args for C_Initialize(), OpenSC does not get a copy of the pointers

9 years agoadded ITA and strongSwan OIDs
Andreas Steffen [Wed, 17 Nov 2010 21:46:28 +0000 (22:46 +0100)]
added ITA and strongSwan OIDs

9 years agocorrected TCGID OID
Andreas Steffen [Wed, 17 Nov 2010 21:13:55 +0000 (22:13 +0100)]
corrected TCGID OID

9 years agoAdded getter for arbitrary environment variables
Martin Willi [Wed, 17 Nov 2010 15:46:23 +0000 (16:46 +0100)]
Added getter for arbitrary environment variables

9 years agoadded IMC and IMV IDs as arguments to send_message()
Andreas Steffen [Tue, 16 Nov 2010 23:04:10 +0000 (00:04 +0100)]
added IMC and IMV IDs as arguments to send_message()

9 years agoget_attribute() and set_attribute() are not allowed to use TNC_CONNECTIONID_ANY
Andreas Steffen [Tue, 16 Nov 2010 21:43:48 +0000 (22:43 +0100)]
get_attribute() and set_attribute() are not allowed to use TNC_CONNECTIONID_ANY

9 years agoinitialize chunks and add debug output
Andreas Steffen [Tue, 16 Nov 2010 21:28:10 +0000 (22:28 +0100)]
initialize chunks and add debug output

9 years agoload IMCs and IMVs with RTLD_LAZY
Andreas Steffen [Tue, 16 Nov 2010 21:14:20 +0000 (22:14 +0100)]
load IMCs and IMVs with RTLD_LAZY

9 years agofixed memory leak
Andreas Steffen [Tue, 16 Nov 2010 20:37:38 +0000 (21:37 +0100)]
fixed memory leak

9 years agoimplement set_attribute() callback function
Andreas Steffen [Tue, 16 Nov 2010 20:07:02 +0000 (21:07 +0100)]
implement set_attribute() callback function

9 years agoimplement GetAttribute() callback function
Andreas Steffen [Tue, 16 Nov 2010 19:14:48 +0000 (20:14 +0100)]
implement GetAttribute() callback function

9 years agocall is_complete() if tls protocol returns with SUCCESS
Andreas Steffen [Tue, 16 Nov 2010 10:52:06 +0000 (11:52 +0100)]
call is_complete() if tls protocol returns with SUCCESS

9 years agoreformulated recommendation policies
Andreas Steffen [Tue, 16 Nov 2010 09:59:53 +0000 (10:59 +0100)]
reformulated recommendation policies

9 years agoDo not checkin a previously destroyed SA
Thomas Egerer [Mon, 15 Nov 2010 17:00:40 +0000 (18:00 +0100)]
Do not checkin a previously destroyed SA

9 years agoRemove obsolete pool_size argument in processor_create()
Martin Willi [Tue, 16 Nov 2010 08:38:39 +0000 (09:38 +0100)]
Remove obsolete pool_size argument in processor_create()

9 years agomutex.h is not needed any more
Andreas Steffen [Tue, 16 Nov 2010 08:15:17 +0000 (09:15 +0100)]
mutex.h is not needed any more

9 years agoimv_list consists of linked imv_t instances
Andreas Steffen [Tue, 16 Nov 2010 08:09:39 +0000 (09:09 +0100)]
imv_list consists of linked imv_t instances

9 years agoimplemented have_recommendation() based on a choice of 3 policies
Andreas Steffen [Mon, 15 Nov 2010 16:38:31 +0000 (17:38 +0100)]
implemented have_recommendation() based on a choice of 3 policies

9 years agolog configured recommendation policy
Andreas Steffen [Sun, 14 Nov 2010 10:29:27 +0000 (11:29 +0100)]
log configured recommendation policy

9 years agoconfigure recommendation policy via strongswan.conf
Andreas Steffen [Sun, 14 Nov 2010 10:23:47 +0000 (11:23 +0100)]
configure recommendation policy via strongswan.conf

9 years agore-establish null pointer if IMC/IMV manager plugin could not be installed
Andreas Steffen [Sun, 14 Nov 2010 08:50:01 +0000 (09:50 +0100)]
re-establish null pointer if IMC/IMV manager plugin could not be installed

9 years agomoved recommendation handling to the tnc_imv plugin
Andreas Steffen [Sat, 13 Nov 2010 09:01:46 +0000 (10:01 +0100)]
moved recommendation handling to the tnc_imv plugin

9 years agoExtend connected peers by peer family
Thomas Egerer [Fri, 12 Nov 2010 10:37:06 +0000 (11:37 +0100)]
Extend connected peers by peer family

This allows for simultanious IPv4 and IPv6 tunnel for same peers with
matching identities.

9 years agoAdded a PKCS#11 module option to enforce OS Locking functions
Martin Willi [Fri, 12 Nov 2010 13:45:09 +0000 (14:45 +0100)]
Added a PKCS#11 module option to enforce OS Locking functions

9 years agoPrint full source route on DBG2 that gets installed
Martin Willi [Thu, 11 Nov 2010 08:59:02 +0000 (09:59 +0100)]
Print full source route on DBG2 that gets installed

9 years agoremoved debug output in IMC bind functions
Andreas Steffen [Thu, 11 Nov 2010 06:51:56 +0000 (07:51 +0100)]
removed debug output in IMC bind functions

9 years agoadded get_preferred_language() to tnc_imc
Andreas Steffen [Thu, 11 Nov 2010 06:30:13 +0000 (07:30 +0100)]
added get_preferred_language() to tnc_imc

9 years agocreated dummy have_recommendation() function
Andreas Steffen [Wed, 10 Nov 2010 21:42:36 +0000 (22:42 +0100)]
created dummy have_recommendation() function

9 years agoimplemented mutex locking the batch in construction
Andreas Steffen [Wed, 10 Nov 2010 21:22:27 +0000 (22:22 +0100)]
implemented mutex locking the batch in construction

9 years agofixed received test message
Andreas Steffen [Wed, 10 Nov 2010 21:02:20 +0000 (22:02 +0100)]
fixed received test message

9 years agoimplemented mutex locking the recommendations list
Andreas Steffen [Wed, 10 Nov 2010 20:53:17 +0000 (21:53 +0100)]
implemented mutex locking the recommendations list

9 years agodisplay ID of registered IMCs/IMVs
Andreas Steffen [Wed, 10 Nov 2010 20:30:50 +0000 (21:30 +0100)]
display ID of registered IMCs/IMVs

9 years agoimplemented recommendation storage
Andreas Steffen [Wed, 10 Nov 2010 20:23:10 +0000 (21:23 +0100)]
implemented recommendation storage

9 years agocreated enum names for action recommendations and evaluation results
Andreas Steffen [Wed, 10 Nov 2010 20:22:27 +0000 (21:22 +0100)]
created enum names for action recommendations and evaluation results

9 years agoremoved debug output of tnc_imv_bind_functions
Andreas Steffen [Wed, 10 Nov 2010 20:20:53 +0000 (21:20 +0100)]
removed debug output of tnc_imv_bind_functions

9 years agoDo not use CKA_TRUSTED attribute for Cryptoki version < 2.20, handling all certs...
Martin Willi [Wed, 10 Nov 2010 17:34:59 +0000 (18:34 +0100)]
Do not use CKA_TRUSTED attribute for Cryptoki version < 2.20, handling all certs as trusted

9 years agoAdd flags for PKCS#11 libraries with reduced feature set
Martin Willi [Wed, 10 Nov 2010 17:16:17 +0000 (18:16 +0100)]
Add flags for PKCS#11 libraries with reduced feature set

9 years agoenforce_recommendation inserts TNC group membership rules for IKE_SA
Andreas Steffen [Wed, 10 Nov 2010 16:59:41 +0000 (17:59 +0100)]
enforce_recommendation inserts TNC group membership rules for IKE_SA

9 years agodefined PB-TNC types
Andreas Steffen [Wed, 10 Nov 2010 14:44:51 +0000 (15:44 +0100)]
defined PB-TNC types

9 years agoappend any previously collection messages to batch
Andreas Steffen [Wed, 10 Nov 2010 14:44:09 +0000 (15:44 +0100)]
append any previously collection messages to batch

9 years agoread IMC/IMV configurations from /etc/tnc_config
Andreas Steffen [Wed, 10 Nov 2010 09:57:01 +0000 (10:57 +0100)]
read IMC/IMV configurations from /etc/tnc_config

9 years agounload the IMCs and IMVs using dlclose()
Andreas Steffen [Tue, 9 Nov 2010 11:45:21 +0000 (12:45 +0100)]
unload the IMCs and IMVs using dlclose()

9 years agoimplemented separate protocol and connection rwlocks
Andreas Steffen [Tue, 9 Nov 2010 11:30:26 +0000 (12:30 +0100)]
implemented separate protocol and connection rwlocks

9 years agoassign provide_recommendation callback function
Andreas Steffen [Mon, 8 Nov 2010 22:56:20 +0000 (23:56 +0100)]
assign provide_recommendation callback function

9 years agoimplemented batch_ending() and solicit_recommendation() functions
Andreas Steffen [Mon, 8 Nov 2010 22:13:40 +0000 (23:13 +0100)]
implemented batch_ending() and solicit_recommendation() functions

9 years agoadded get_count() method to IMC/IMV managers
Andreas Steffen [Mon, 8 Nov 2010 21:33:01 +0000 (22:33 +0100)]
added get_count() method to IMC/IMV managers

9 years agoabort if one of the IMCs or IMVs fail to initialize
Andreas Steffen [Mon, 8 Nov 2010 21:21:53 +0000 (22:21 +0100)]
abort if one of the IMCs or IMVs fail to initialize

9 years agoremoved whitespace
Andreas Steffen [Mon, 8 Nov 2010 18:39:16 +0000 (19:39 +0100)]
removed whitespace

9 years agoimplemented provide_recommendation callback function
Andreas Steffen [Mon, 8 Nov 2010 18:25:25 +0000 (19:25 +0100)]
implemented provide_recommendation callback function

9 years agoadded imc/imv_manager remove method
Andreas Steffen [Mon, 8 Nov 2010 14:53:50 +0000 (15:53 +0100)]
added imc/imv_manager remove method

9 years agoremoved dependencies from libtnc
Andreas Steffen [Mon, 8 Nov 2010 10:41:14 +0000 (11:41 +0100)]
removed dependencies from libtnc

9 years agoinsert IMV/IMC before providing BindFunction
Andreas Steffen [Sun, 7 Nov 2010 23:29:44 +0000 (00:29 +0100)]
insert IMV/IMC before providing BindFunction

9 years agotnc_imc/tnc_imv cosmetics
Andreas Steffen [Sun, 7 Nov 2010 11:16:52 +0000 (12:16 +0100)]
tnc_imc/tnc_imv cosmetics

9 years agotnccs header cosmetics
Andreas Steffen [Sun, 7 Nov 2010 11:03:26 +0000 (12:03 +0100)]
tnccs header cosmetics

9 years agoimv/imc header cosmetics
Andreas Steffen [Sun, 7 Nov 2010 10:56:56 +0000 (11:56 +0100)]
imv/imc header cosmetics

9 years agoimplemented receive_message() function
Andreas Steffen [Sun, 7 Nov 2010 00:17:21 +0000 (01:17 +0100)]
implemented receive_message() function

9 years agosupport of reportMessageTypes() function
Andreas Steffen [Sat, 6 Nov 2010 22:01:59 +0000 (23:01 +0100)]
support of reportMessageTypes() function

9 years agomoved TNCCS callback functions into bind_function.c
Andreas Steffen [Sat, 6 Nov 2010 19:38:59 +0000 (20:38 +0100)]
moved TNCCS callback functions into bind_function.c

9 years agoimplemented send_message() callback function
Andreas Steffen [Sat, 6 Nov 2010 19:13:41 +0000 (20:13 +0100)]
implemented send_message() callback function

9 years agoimplement IMC and IMV manager classes
Andreas Steffen [Fri, 5 Nov 2010 23:54:10 +0000 (00:54 +0100)]
implement IMC and IMV manager classes

9 years agocheck if optional terminate() function exists
Andreas Steffen [Thu, 4 Nov 2010 22:59:31 +0000 (23:59 +0100)]
check if optional terminate() function exists

9 years agoadded connection management to TNCCS manager
Andreas Steffen [Thu, 4 Nov 2010 22:56:16 +0000 (23:56 +0100)]
added connection management to TNCCS manager

9 years agoselect TNCCS protocol via charon.plugins.eap-tnc.protocol
Andreas Steffen [Thu, 4 Nov 2010 21:08:47 +0000 (22:08 +0100)]
select TNCCS protocol via charon.plugins.eap-tnc.protocol

9 years agochanged ACL properties of header files
Andreas Steffen [Thu, 4 Nov 2010 18:42:08 +0000 (19:42 +0100)]
changed ACL properties of header files

9 years agocleaned up whitespace
Andreas Steffen [Thu, 4 Nov 2010 15:19:39 +0000 (16:19 +0100)]
cleaned up whitespace

9 years agoimplemented IMC/IMV handler
Andreas Steffen [Thu, 4 Nov 2010 13:56:34 +0000 (14:56 +0100)]
implemented IMC/IMV handler

9 years agofixed memory leak in EAP-TTLS piggy-back mode
Andreas Steffen [Tue, 9 Nov 2010 19:35:53 +0000 (20:35 +0100)]
fixed memory leak in EAP-TTLS piggy-back mode

9 years agoAdded a stroke rekey command to trigger IKE/CHILD_SA rekeying manually
Martin Willi [Wed, 3 Nov 2010 14:12:05 +0000 (15:12 +0100)]
Added a stroke rekey command to trigger IKE/CHILD_SA rekeying manually

9 years agotwo fixes in tnccs_11
Andreas Steffen [Tue, 2 Nov 2010 09:46:30 +0000 (10:46 +0100)]
two fixes in tnccs_11

9 years agoRemoved signing artifact.
Tobias Brunner [Tue, 2 Nov 2010 08:30:09 +0000 (09:30 +0100)]
Removed signing artifact.

9 years agoremoved strongswan-4.5.0.tar.bz2.bak
Andreas Steffen [Mon, 1 Nov 2010 19:40:38 +0000 (20:40 +0100)]
removed strongswan-4.5.0.tar.bz2.bak

9 years agomoved tnccs-20 plugin in front of tnc-imv and intc-imc
Andreas Steffen [Mon, 1 Nov 2010 17:54:43 +0000 (18:54 +0100)]
moved tnccs-20 plugin in front of tnc-imv and intc-imc

9 years agoversion bump to 4.5.1
Andreas Steffen [Fri, 29 Oct 2010 07:30:57 +0000 (09:30 +0200)]
version bump to 4.5.1

9 years agoversion bump to 4.5.0 4.5.0
Andreas Steffen [Thu, 28 Oct 2010 18:23:59 +0000 (20:23 +0200)]
version bump to 4.5.0

9 years agocompleted NEWS for the 4.5.0 release
Andreas Steffen [Thu, 28 Oct 2010 18:23:22 +0000 (20:23 +0200)]
completed NEWS for the 4.5.0 release

9 years agoStore proposal number in proposal_t to reuse it in the selected proposal
Martin Willi [Thu, 28 Oct 2010 12:40:54 +0000 (14:40 +0200)]
Store proposal number in proposal_t to reuse it in the selected proposal

According to RFC 5996 3.3.1, we MUST reuse the proposal number of
the selected proposal in the SA payload reply.

9 years agoMigrated proposal_t to INIT/METHOD macros
Martin Willi [Thu, 28 Oct 2010 12:33:03 +0000 (14:33 +0200)]
Migrated proposal_t to INIT/METHOD macros

9 years agoMigrated proposal_substructure to INIT/METHOD macros, removed unused methods
Martin Willi [Thu, 28 Oct 2010 12:21:44 +0000 (14:21 +0200)]
Migrated proposal_substructure to INIT/METHOD macros, removed unused methods

9 years agoMigrated sa_payload to INIT/METHOD macros, removed unused methods
Martin Willi [Thu, 28 Oct 2010 12:21:02 +0000 (14:21 +0200)]
Migrated sa_payload to INIT/METHOD macros, removed unused methods

9 years agoRenamed mem_cred_t clear function internally to clear_, fixes potential name conflict
Martin Willi [Thu, 21 Oct 2010 14:35:01 +0000 (16:35 +0200)]
Renamed mem_cred_t clear function internally to clear_, fixes potential name conflict

9 years agopluto: Fixed a regression introduced in f565d0c575.
Tobias Brunner [Fri, 22 Oct 2010 09:34:11 +0000 (11:34 +0200)]
pluto: Fixed a regression introduced in f565d0c575.

Since scx_add could return a previously created smartcard object, using
sc->last_cert to store the newly added certificate could lead to segfaults.

9 years agopluto: Locking fixed in cert_add.
Tobias Brunner [Fri, 22 Oct 2010 09:05:10 +0000 (11:05 +0200)]
pluto: Locking fixed in cert_add.

9 years agopayloads are not aligned to 4 byte boundaries
Andreas Steffen [Mon, 25 Oct 2010 17:31:07 +0000 (19:31 +0200)]
payloads are not aligned to 4 byte boundaries

9 years agoversion bump to 4.5.0rc3
Andreas Steffen [Mon, 25 Oct 2010 16:20:30 +0000 (18:20 +0200)]
version bump to 4.5.0rc3

9 years agofixed 64 bit printf() issue
Andreas Steffen [Sun, 24 Oct 2010 18:30:19 +0000 (20:30 +0200)]
fixed 64 bit printf() issue

9 years agoUpdated Android.mk to latest Makefile.am.
Tobias Brunner [Thu, 21 Oct 2010 13:02:32 +0000 (15:02 +0200)]
Updated Android.mk to latest Makefile.am.

9 years agoAdded missing include for RAND_seed and RAND_status.
Tobias Brunner [Thu, 21 Oct 2010 12:16:09 +0000 (14:16 +0200)]
Added missing include for RAND_seed and RAND_status.

9 years agoSet ownership of all HA ClusterIP control files
Martin Willi [Wed, 20 Oct 2010 10:30:22 +0000 (12:30 +0200)]
Set ownership of all HA ClusterIP control files

9 years agoSet ownership/permissions of HA control socket
Martin Willi [Wed, 20 Oct 2010 10:29:45 +0000 (12:29 +0200)]
Set ownership/permissions of HA control socket

9 years agoChanged some minor stuff in ipsec.conf(5) man page.
Tobias Brunner [Tue, 19 Oct 2010 15:17:15 +0000 (17:17 +0200)]
Changed some minor stuff in ipsec.conf(5) man page.

Also added some "links" to strongswan.conf(5).

9 years agoAdded accepted values to all options in ipsec.conf(5) man page.
Tobias Brunner [Tue, 19 Oct 2010 15:16:07 +0000 (17:16 +0200)]
Added accepted values to all options in ipsec.conf(5) man page.

9 years agoRemoved unsupported options from ipsec.conf(5) man page.
Tobias Brunner [Tue, 19 Oct 2010 15:06:57 +0000 (17:06 +0200)]
Removed unsupported options from ipsec.conf(5) man page.

9 years agoFixed SEE ALSO references in main man pages.
Tobias Brunner [Tue, 19 Oct 2010 08:52:01 +0000 (10:52 +0200)]
Fixed SEE ALSO references in main man pages.

9 years agoAdded notes about expiry and rekey to ipsec.conf(5) man page.
Tobias Brunner [Tue, 19 Oct 2010 08:44:43 +0000 (10:44 +0200)]
Added notes about expiry and rekey to ipsec.conf(5) man page.

9 years agoPrefer the 'server identifier' attribute address to send DHCP requests to
Martin Willi [Mon, 18 Oct 2010 10:31:48 +0000 (12:31 +0200)]
Prefer the 'server identifier' attribute address to send DHCP requests to

9 years agoversion bump to 4.5.0rc2
Andreas Steffen [Sat, 16 Oct 2010 18:47:38 +0000 (20:47 +0200)]
version bump to 4.5.0rc2

9 years agodefine state_story for STATE_UNDEFINED
Andreas Steffen [Sat, 16 Oct 2010 14:15:10 +0000 (16:15 +0200)]
define state_story for STATE_UNDEFINED

9 years agoAdded some NEWS about Maemo, MOBIKE and the kernel interfaces.
Tobias Brunner [Fri, 15 Oct 2010 16:17:09 +0000 (18:17 +0200)]
Added some NEWS about Maemo, MOBIKE and the kernel interfaces.

9 years agoSome Doxygen fixes.
Tobias Brunner [Fri, 15 Oct 2010 16:14:48 +0000 (18:14 +0200)]
Some Doxygen fixes.