strongswan.git
10 years agobacktrace->contains_function takes multiple names, speeding up whitelist check drasti...
Martin Willi [Mon, 17 Jan 2011 12:23:57 +0000 (13:23 +0100)]
backtrace->contains_function takes multiple names, speeding up whitelist check drastically

10 years agoAdd some common glib non-leaks to whitelist
Martin Willi [Mon, 17 Jan 2011 12:23:00 +0000 (13:23 +0100)]
Add some common glib non-leaks to whitelist

10 years agoAdd missing va_end to va_start in curl_fetcher
Martin Willi [Mon, 17 Jan 2011 12:21:35 +0000 (13:21 +0100)]
Add missing va_end to va_start in curl_fetcher

10 years agoDo not pass an enum type to va_arg
Martin Willi [Mon, 17 Jan 2011 12:21:12 +0000 (13:21 +0100)]
Do not pass an enum type to va_arg

10 years agoUse newer Linux capability native API, if available
Martin Willi [Sat, 15 Jan 2011 15:24:58 +0000 (16:24 +0100)]
Use newer Linux capability native API, if available

10 years agoDo not install config files with user/group, as it might not exist on build machine
Martin Willi [Sat, 15 Jan 2011 15:24:19 +0000 (16:24 +0100)]
Do not install config files with user/group, as it might not exist on build machine

10 years agoCompare ending address in ts->equals, fixes redundant traffic selector elimination
Martin Willi [Fri, 14 Jan 2011 12:22:19 +0000 (13:22 +0100)]
Compare ending address in ts->equals, fixes redundant traffic selector elimination

10 years agoRevert "Send INITIAL_CONTACT even if we have a unique policy"
Martin Willi [Thu, 13 Jan 2011 09:50:46 +0000 (10:50 +0100)]
Revert "Send INITIAL_CONTACT even if we have a unique policy"

It makes sense to omit INITIAL_CONTACT if don't have a unique policy,
as a client might want to connect from different devices to the same
account.

This reverts commit 719c33b41a1f9fe9b2585df3e7aa804a760c361c.

10 years agoFixed memory cleanup if no DHCP transaction found for an OFFER
Martin Willi [Wed, 12 Jan 2011 14:17:08 +0000 (15:17 +0100)]
Fixed memory cleanup if no DHCP transaction found for an OFFER

10 years agoForce port update as responder when initiator switches to 4500 in IKE_AUTH
Martin Willi [Wed, 12 Jan 2011 12:54:46 +0000 (13:54 +0100)]
Force port update as responder when initiator switches to 4500 in IKE_AUTH

10 years agoAvoid variable name overloading
Martin Willi [Wed, 12 Jan 2011 12:54:13 +0000 (13:54 +0100)]
Avoid variable name overloading

10 years agoterminate TNCCS 1.1 connection after sending recommendation
Andreas Steffen [Mon, 10 Jan 2011 06:22:02 +0000 (07:22 +0100)]
terminate TNCCS 1.1 connection after sending recommendation

10 years agofixed XML syntax for TNCCS-Recommendation messages
Andreas Steffen [Mon, 10 Jan 2011 06:21:03 +0000 (07:21 +0100)]
fixed XML syntax for TNCCS-Recommendation messages

10 years agoimplemented check_and_build_recommendation()
Andreas Steffen [Mon, 10 Jan 2011 05:46:17 +0000 (06:46 +0100)]
implemented check_and_build_recommendation()

10 years agocorrect numbering of batches
Andreas Steffen [Mon, 10 Jan 2011 04:08:48 +0000 (05:08 +0100)]
correct numbering of batches

10 years agoinitialize the reference count correctly
Andreas Steffen [Mon, 10 Jan 2011 04:08:07 +0000 (05:08 +0100)]
initialize the reference count correctly

10 years agohandle zero size Base64 conversions
Andreas Steffen [Mon, 10 Jan 2011 04:06:59 +0000 (05:06 +0100)]
handle zero size Base64 conversions

10 years agocommunicate DELETE state to IMCs and IMVs
Andreas Steffen [Sun, 9 Jan 2011 22:27:43 +0000 (23:27 +0100)]
communicate DELETE state to IMCs and IMVs

10 years agoSend INITIAL_CONTACT even if we have a unique policy
Martin Willi [Mon, 10 Jan 2011 10:54:10 +0000 (11:54 +0100)]
Send INITIAL_CONTACT even if we have a unique policy

10 years agoimplemented parsing of TNCCS 1.1 messages
Andreas Steffen [Sun, 9 Jan 2011 09:00:54 +0000 (10:00 +0100)]
implemented parsing of TNCCS 1.1 messages

10 years agosend notifyConnectionChange() to IMCs
Andreas Steffen [Sun, 9 Jan 2011 09:00:13 +0000 (10:00 +0100)]
send notifyConnectionChange() to IMCs

10 years agosuiteb directory hasn't been moved to Master yet
Andreas Steffen [Sat, 8 Jan 2011 01:17:14 +0000 (02:17 +0100)]
suiteb directory hasn't been moved to Master yet

10 years agogenerate TNCCS-Error messages
Andreas Steffen [Sat, 8 Jan 2011 01:16:14 +0000 (02:16 +0100)]
generate TNCCS-Error messages

10 years agocreated process() method for TNCCS messages
Andreas Steffen [Sat, 8 Jan 2011 01:15:10 +0000 (02:15 +0100)]
created process() method for TNCCS messages

10 years agoAdded NEWS for ipsec.conf certpolicy and key strength options
Martin Willi [Fri, 7 Jan 2011 14:45:53 +0000 (15:45 +0100)]
Added NEWS for ipsec.conf certpolicy and key strength options

10 years agoAdded support for trustchain key strength checking to rightauth option
Martin Willi [Fri, 7 Jan 2011 14:38:34 +0000 (15:38 +0100)]
Added support for trustchain key strength checking to rightauth option

10 years agoAdded a left/rightcertpolicy keyword to specify certificatePolicy requirements
Martin Willi [Fri, 7 Jan 2011 14:14:41 +0000 (15:14 +0100)]
Added a left/rightcertpolicy keyword to specify certificatePolicy requirements

10 years agoFix nonce comparison in rekey collisions, lowest nonce loses
Martin Willi [Fri, 7 Jan 2011 12:32:28 +0000 (13:32 +0100)]
Fix nonce comparison in rekey collisions, lowest nonce loses

10 years agocorrected naming of tnccs_reason_strings_msg_t object
Andreas Steffen [Fri, 7 Jan 2011 06:18:42 +0000 (07:18 +0100)]
corrected naming of tnccs_reason_strings_msg_t object

10 years agodo not forget to advance node
Andreas Steffen [Fri, 7 Jan 2011 06:17:52 +0000 (07:17 +0100)]
do not forget to advance node

10 years agolibcharon plugins depend on libtls and/or libsimaka
Andreas Steffen [Fri, 7 Jan 2011 05:28:08 +0000 (06:28 +0100)]
libcharon plugins depend on libtls and/or libsimaka

10 years agofixed cert_validator_t:validate interface
Andreas Steffen [Fri, 7 Jan 2011 04:41:01 +0000 (05:41 +0100)]
fixed cert_validator_t:validate interface

10 years agoimplemented TNCCS 1.1 without libtnc
Andreas Steffen [Fri, 7 Jan 2011 04:29:04 +0000 (05:29 +0100)]
implemented TNCCS 1.1 without libtnc

10 years agocompute memory requirement for PEM-encoding correctly
Andreas Steffen [Fri, 7 Jan 2011 04:28:17 +0000 (05:28 +0100)]
compute memory requirement for PEM-encoding correctly

10 years agoAdded delta CRL NEWS
Martin Willi [Wed, 5 Jan 2011 17:20:11 +0000 (18:20 +0100)]
Added delta CRL NEWS

10 years agoAdded constraints plugin NEWS
Martin Willi [Wed, 5 Jan 2011 17:15:44 +0000 (18:15 +0100)]
Added constraints plugin NEWS

10 years agoAdded conftest NEWS
Martin Willi [Wed, 5 Jan 2011 17:09:49 +0000 (18:09 +0100)]
Added conftest NEWS

10 years agoAdded NEWS about INITIAL_CONTACT support
Martin Willi [Wed, 5 Jan 2011 17:05:09 +0000 (18:05 +0100)]
Added NEWS about INITIAL_CONTACT support

10 years agoDestroy existing IKE_SAs with same identities when receiving INITIAL_CONTACT
Martin Willi [Wed, 5 Jan 2011 15:44:01 +0000 (16:44 +0100)]
Destroy existing IKE_SAs with same identities when receiving INITIAL_CONTACT

10 years agoSend INITIAL_CONTACT for the first IKE_SA if it has a unique policy
Martin Willi [Wed, 5 Jan 2011 14:58:38 +0000 (15:58 +0100)]
Send INITIAL_CONTACT for the first IKE_SA if it has a unique policy

10 years agoMigrated ike_sa_manager_t to INIT/METHOD macros, some cleanups
Martin Willi [Wed, 5 Jan 2011 14:15:34 +0000 (15:15 +0100)]
Migrated ike_sa_manager_t to INIT/METHOD macros, some cleanups

10 years agoAdded option to use a different key when rebuilding AUTH
Martin Willi [Thu, 23 Dec 2010 14:40:09 +0000 (15:40 +0100)]
Added option to use a different key when rebuilding AUTH

10 years agoDo not print empty DN identities as invalid
Martin Willi [Thu, 23 Dec 2010 14:22:32 +0000 (15:22 +0100)]
Do not print empty DN identities as invalid

10 years agoAdded support for empty subjects DNs to pki --issue
Martin Willi [Thu, 23 Dec 2010 14:21:52 +0000 (15:21 +0100)]
Added support for empty subjects DNs to pki --issue

10 years agoAdded support for OCSP responder URIs to conftest
Martin Willi [Thu, 23 Dec 2010 14:00:34 +0000 (15:00 +0100)]
Added support for OCSP responder URIs to conftest

10 years agoAdded support for delta CRL checking to revocation plugin
Martin Willi [Thu, 23 Dec 2010 13:51:00 +0000 (14:51 +0100)]
Added support for delta CRL checking to revocation plugin

10 years agoUse incremented serial of base CRL when signing delta CRL
Martin Willi [Thu, 23 Dec 2010 13:50:04 +0000 (14:50 +0100)]
Use incremented serial of base CRL when signing delta CRL

10 years agoShow base CRL of delta CRLs in listcrls
Martin Willi [Thu, 23 Dec 2010 13:40:37 +0000 (14:40 +0100)]
Show base CRL of delta CRLs in listcrls

10 years agoVerify trustchain for each candidate certificate only once
Martin Willi [Thu, 23 Dec 2010 13:36:20 +0000 (14:36 +0100)]
Verify trustchain for each candidate certificate only once

10 years agoProvide CRLs received in CERT payloads to trustchain verification
Martin Willi [Thu, 23 Dec 2010 11:18:15 +0000 (12:18 +0100)]
Provide CRLs received in CERT payloads to trustchain verification

10 years agoAdded an AUTH_HELPER for revocation certificates
Martin Willi [Thu, 23 Dec 2010 11:17:49 +0000 (12:17 +0100)]
Added an AUTH_HELPER for revocation certificates

10 years agoAdded support for CDPs to conftest
Martin Willi [Thu, 23 Dec 2010 10:54:17 +0000 (11:54 +0100)]
Added support for CDPs to conftest

10 years agoAdded CDP support to mem_cred
Martin Willi [Thu, 23 Dec 2010 10:54:01 +0000 (11:54 +0100)]
Added CDP support to mem_cred

10 years agoCheck for issuer only if we actually got a CRL
Martin Willi [Thu, 23 Dec 2010 10:44:36 +0000 (11:44 +0100)]
Check for issuer only if we actually got a CRL

10 years agoUpdated conftest README
Martin Willi [Wed, 22 Dec 2010 17:00:11 +0000 (18:00 +0100)]
Updated conftest README

10 years agoAdded support for custom file loggers, loglevel settings
Martin Willi [Wed, 22 Dec 2010 16:19:28 +0000 (17:19 +0100)]
Added support for custom file loggers, loglevel settings

10 years agoCheck inhibitAnyPolicy in constraints plugin
Martin Willi [Wed, 22 Dec 2010 15:08:20 +0000 (16:08 +0100)]
Check inhibitAnyPolicy in constraints plugin

10 years agoSlightly renamed different policyConstraints to distinguish them better
Martin Willi [Wed, 22 Dec 2010 14:58:00 +0000 (15:58 +0100)]
Slightly renamed different policyConstraints to distinguish them better

10 years agoAdded inhibitAnyPolicy constraint support to pki tool
Martin Willi [Wed, 22 Dec 2010 14:52:19 +0000 (15:52 +0100)]
Added inhibitAnyPolicy constraint support to pki tool

10 years agoAdded support for inhibitAnyPolicy constraint to x509 plugin
Martin Willi [Wed, 22 Dec 2010 14:52:02 +0000 (15:52 +0100)]
Added support for inhibitAnyPolicy constraint to x509 plugin

10 years agoUse a generic getter for all numerical X.509 constraints
Martin Willi [Wed, 22 Dec 2010 14:10:03 +0000 (15:10 +0100)]
Use a generic getter for all numerical X.509 constraints

10 years agoCheck inhibitPolicyMapping in constraints plugin
Martin Willi [Wed, 22 Dec 2010 13:53:46 +0000 (14:53 +0100)]
Check inhibitPolicyMapping in constraints plugin

10 years agoCheck requireExplicitPolicy in constraints plugin
Martin Willi [Wed, 22 Dec 2010 09:38:06 +0000 (10:38 +0100)]
Check requireExplicitPolicy in constraints plugin

10 years agoInclude subject cert to temporary auth info before completing trustchain
Martin Willi [Wed, 22 Dec 2010 10:49:16 +0000 (11:49 +0100)]
Include subject cert to temporary auth info before completing trustchain

10 years agoFail silently when trying to convert IPv6 address to v4 family host
Martin Willi [Wed, 22 Dec 2010 10:42:44 +0000 (11:42 +0100)]
Fail silently when trying to convert IPv6 address to v4 family host

10 years agoPass an additional anchor flag to validate() hook if we reach the root CA
Martin Willi [Wed, 22 Dec 2010 09:43:06 +0000 (10:43 +0100)]
Pass an additional anchor flag to validate() hook if we reach the root CA

10 years agoAlways pass auth info to validate(), use pathlen to check for user certificate
Martin Willi [Wed, 22 Dec 2010 09:34:58 +0000 (10:34 +0100)]
Always pass auth info to validate(), use pathlen to check for user certificate

10 years agoMerge test config into suite config, instead of having two distinct configs
Martin Willi [Mon, 20 Dec 2010 14:49:00 +0000 (15:49 +0100)]
Merge test config into suite config, instead of having two distinct configs

10 years agoAdded support for delta CRLs to pki tool
Martin Willi [Fri, 17 Dec 2010 16:00:32 +0000 (17:00 +0100)]
Added support for delta CRLs to pki tool

10 years agoAdded support for delta CRLs to x509 plugin
Martin Willi [Fri, 17 Dec 2010 15:53:00 +0000 (16:53 +0100)]
Added support for delta CRLs to x509 plugin

10 years agoMoved CRL distribution point building to an exportable function
Martin Willi [Fri, 17 Dec 2010 15:52:04 +0000 (16:52 +0100)]
Moved CRL distribution point building to an exportable function

10 years agoSimplified format of x509 CRL URI parsing/enumerator
Martin Willi [Fri, 17 Dec 2010 14:52:15 +0000 (15:52 +0100)]
Simplified format of x509 CRL URI parsing/enumerator

10 years agoFail on critical extensions in openssl CRLs
Martin Willi [Fri, 17 Dec 2010 10:40:01 +0000 (11:40 +0100)]
Fail on critical extensions in openssl CRLs

10 years agoRespect enforce_critical setting in x509 plugin CRLs
Martin Willi [Fri, 17 Dec 2010 10:38:04 +0000 (11:38 +0100)]
Respect enforce_critical setting in x509 plugin CRLs

10 years agoParse CRL extensions in a switch statement
Martin Willi [Fri, 17 Dec 2010 10:36:15 +0000 (11:36 +0100)]
Parse CRL extensions in a switch statement

10 years agoRespect policy mappings in certificatePolicy validation
Martin Willi [Thu, 16 Dec 2010 15:44:33 +0000 (16:44 +0100)]
Respect policy mappings in certificatePolicy validation

10 years agoAdded a cert_policy option to conftest configurations
Martin Willi [Thu, 16 Dec 2010 15:18:11 +0000 (16:18 +0100)]
Added a cert_policy option to conftest configurations

10 years agoValidate simple certificatePolicy inheritance
Martin Willi [Thu, 16 Dec 2010 10:24:52 +0000 (11:24 +0100)]
Validate simple certificatePolicy inheritance

10 years agoAdded a certificate policy OID auth_cfg constraint
Martin Willi [Thu, 16 Dec 2010 10:25:32 +0000 (11:25 +0100)]
Added a certificate policy OID auth_cfg constraint

10 years agoAdded policyConstraints support to pki tool
Martin Willi [Wed, 15 Dec 2010 16:46:04 +0000 (17:46 +0100)]
Added policyConstraints support to pki tool

10 years agoAdded support for policyConstraints to x509 plugin
Martin Willi [Wed, 15 Dec 2010 16:45:32 +0000 (17:45 +0100)]
Added support for policyConstraints to x509 plugin

10 years agoSlightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
Martin Willi [Wed, 15 Dec 2010 15:42:30 +0000 (16:42 +0100)]
Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too

10 years agoAdded policyMappings support to pki tool
Martin Willi [Wed, 15 Dec 2010 14:30:09 +0000 (14:30 +0000)]
Added policyMappings support to pki tool

10 years agoAdded policyMappings support to x509 plugin
Martin Willi [Wed, 15 Dec 2010 14:29:25 +0000 (14:29 +0000)]
Added policyMappings support to x509 plugin

10 years agoAdded policyMappings OID identifier
Martin Willi [Wed, 15 Dec 2010 14:28:31 +0000 (14:28 +0000)]
Added policyMappings OID identifier

10 years agoAdded certificatePolicy options to pki tool
Martin Willi [Wed, 15 Dec 2010 13:31:04 +0000 (14:31 +0100)]
Added certificatePolicy options to pki tool

10 years agoAdded certificatePolicy support to x509 plugin
Martin Willi [Wed, 15 Dec 2010 13:08:20 +0000 (14:08 +0100)]
Added certificatePolicy support to x509 plugin

10 years agoAdded a null-safe strdup variant
Martin Willi [Wed, 15 Dec 2010 11:15:12 +0000 (12:15 +0100)]
Added a null-safe strdup variant

10 years agoFail when parsing unsupported critical extensions in openssl_x509
Martin Willi [Tue, 14 Dec 2010 16:34:34 +0000 (17:34 +0100)]
Fail when parsing unsupported critical extensions in openssl_x509

10 years agoAdded CertificatePolicy OID identifier
Martin Willi [Tue, 14 Dec 2010 16:34:02 +0000 (17:34 +0100)]
Added CertificatePolicy OID identifier

10 years agoAdded command line tool for OID to DER conversion function
Martin Willi [Tue, 14 Dec 2010 13:49:17 +0000 (14:49 +0100)]
Added command line tool for OID to DER conversion function

10 years agoAdded conversion functions between string OIDs and its DER encoding
Martin Willi [Tue, 14 Dec 2010 13:47:44 +0000 (14:47 +0100)]
Added conversion functions between string OIDs and its DER encoding

10 years agoDo not parse certificates with invalid version in openssl plugin
Martin Willi [Mon, 13 Dec 2010 13:22:00 +0000 (14:22 +0100)]
Do not parse certificates with invalid version in openssl plugin

10 years agoImplemented NameConstraint matching in constraints plugin
Martin Willi [Thu, 9 Dec 2010 15:39:07 +0000 (16:39 +0100)]
Implemented NameConstraint matching in constraints plugin

10 years agopki --issue/self support permitted/excluded NameConstraints
Martin Willi [Thu, 9 Dec 2010 15:29:22 +0000 (16:29 +0100)]
pki --issue/self support permitted/excluded NameConstraints

10 years agopki --print prints NameConstraints
Martin Willi [Thu, 9 Dec 2010 12:34:17 +0000 (13:34 +0100)]
pki --print prints NameConstraints

10 years agoAdded support for generating NameConstraints in x509 plugin
Martin Willi [Thu, 9 Dec 2010 12:33:43 +0000 (13:33 +0100)]
Added support for generating NameConstraints in x509 plugin

10 years agoAdded support for parsing NameConstraints in x509 plugin
Martin Willi [Thu, 9 Dec 2010 12:33:07 +0000 (13:33 +0100)]
Added support for parsing NameConstraints in x509 plugin

10 years agoAdded name constraint enumerator to x509 interface
Martin Willi [Thu, 9 Dec 2010 10:50:50 +0000 (11:50 +0100)]
Added name constraint enumerator to x509 interface

10 years agoMigrated x509_cert_t to INIT/METHOD macros
Martin Willi [Thu, 9 Dec 2010 10:44:31 +0000 (11:44 +0100)]
Migrated x509_cert_t to INIT/METHOD macros