strongswan.git
10 years agomoved builder hooks to a separate file
Martin Willi [Thu, 13 Aug 2009 08:48:22 +0000 (10:48 +0200)]
moved builder hooks to a separate file

10 years agouse a pluto specific credential builder to build pluto cert_t's
Martin Willi [Wed, 12 Aug 2009 15:27:15 +0000 (17:27 +0200)]
use a pluto specific credential builder to build pluto cert_t's

10 years agoremoved obsolete pgp private key parsing, done by libstrongswan
Martin Willi [Wed, 12 Aug 2009 14:14:26 +0000 (16:14 +0200)]
removed obsolete pgp private key parsing, done by libstrongswan

10 years agouse libstrongswan for private key loading, whack callback to read passphrase
Martin Willi [Wed, 12 Aug 2009 14:13:18 +0000 (16:13 +0200)]
use libstrongswan for private key loading, whack callback to read passphrase

10 years agopass along X509 flags when loading PEM encoded data
Martin Willi [Wed, 12 Aug 2009 13:34:14 +0000 (15:34 +0200)]
pass along X509 flags when loading PEM encoded data

10 years agomake use of the pem helper plugin to load credentials
Martin Willi [Wed, 12 Aug 2009 12:40:16 +0000 (14:40 +0200)]
make use of the pem helper plugin to load credentials

10 years agoadded file loading support to pem plugin, using mmap()
Martin Willi [Wed, 12 Aug 2009 11:26:02 +0000 (13:26 +0200)]
added file loading support to pem plugin, using mmap()

10 years agomoved PEM parsing functionality to its own plugin
Martin Willi [Tue, 11 Aug 2009 14:24:01 +0000 (16:24 +0200)]
moved PEM parsing functionality to its own plugin

10 years agomake boolean expression less enigmatic
Andreas Steffen [Tue, 25 Aug 2009 19:09:54 +0000 (21:09 +0200)]
make boolean expression less enigmatic

10 years agoset stroke connection flags to a clear TRUE/FALSE
Martin Willi [Tue, 25 Aug 2009 17:57:36 +0000 (19:57 +0200)]
set stroke connection flags to a clear TRUE/FALSE

10 years agodisable lifetimes of allocated SPIs
Martin Willi [Tue, 25 Aug 2009 16:15:25 +0000 (18:15 +0200)]
disable lifetimes of allocated SPIs

The default lifetime of 30 seconds is too short, as a tunnel
setup may need several minutes if we have high packet loss. Instead
of increasing the value, we disable lifetimes completely, as we handle
the removal of such SAs from userland just fine.

10 years agoremove incomplete SAs with PROTO_ESP
Martin Willi [Tue, 25 Aug 2009 16:12:55 +0000 (18:12 +0200)]
remove incomplete SAs with PROTO_ESP

10 years agoadded URL for git repository served over git:// protocol
Martin Willi [Fri, 21 Aug 2009 08:52:39 +0000 (10:52 +0200)]
added URL for git repository served over git:// protocol

10 years agoversion bump to 4.3.5
Andreas Steffen [Tue, 18 Aug 2009 16:35:37 +0000 (18:35 +0200)]
version bump to 4.3.5

10 years agopruned OID tree
Andreas Steffen [Tue, 18 Aug 2009 16:24:26 +0000 (18:24 +0200)]
pruned OID tree

10 years agofixed wrong emailAddress OID introduced by revision c31687da
Andreas Steffen [Tue, 18 Aug 2009 15:52:00 +0000 (17:52 +0200)]
fixed wrong emailAddress OID introduced by revision c31687da

10 years agoFixing address resolution via getaddrinfo in libfreeswan. 4.3.4
Tobias Brunner [Tue, 18 Aug 2009 10:30:11 +0000 (12:30 +0200)]
Fixing address resolution via getaddrinfo in libfreeswan.

10 years agocheck integrity of pool code file
Andreas Steffen [Mon, 17 Aug 2009 13:46:56 +0000 (15:46 +0200)]
check integrity of pool code file

10 years agointegrity test of openac and scepclient code files
Andreas Steffen [Mon, 17 Aug 2009 12:25:18 +0000 (14:25 +0200)]
integrity test of openac and scepclient code files

10 years agoNEWS for 4.3.4
Andreas Steffen [Mon, 17 Aug 2009 11:47:28 +0000 (13:47 +0200)]
NEWS for 4.3.4

10 years agoreinitialize print arguments
Andreas Steffen [Mon, 17 Aug 2009 08:54:34 +0000 (10:54 +0200)]
reinitialize print arguments

10 years agocheck success of library_init()
Andreas Steffen [Fri, 14 Aug 2009 20:13:51 +0000 (22:13 +0200)]
check success of library_init()

10 years agoReplacing gethostbyname, gethostbyname2 and their _r variants with getaddrinfo to...
Tobias Brunner [Fri, 14 Aug 2009 13:47:04 +0000 (15:47 +0200)]
Replacing gethostbyname, gethostbyname2 and their _r variants with getaddrinfo to increase portability.

10 years agoOpenSolaris needs libsocket and libnsl for socket().
Tobias Brunner [Fri, 14 Aug 2009 12:42:03 +0000 (14:42 +0200)]
OpenSolaris needs libsocket and libnsl for socket().

10 years agoEnable CMSG headers and macros on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 12:32:18 +0000 (14:32 +0200)]
Enable CMSG headers and macros on OpenSolaris.

10 years agoAdded define to get sigwait with two parameters on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 12:31:18 +0000 (14:31 +0200)]
Added define to get sigwait with two parameters on OpenSolaris.

10 years agosockio.h is required on OpenSolaris for SIOCGIFADDR.
Tobias Brunner [Fri, 14 Aug 2009 12:02:27 +0000 (14:02 +0200)]
sockio.h is required on OpenSolaris for SIOCGIFADDR.

10 years agoReplaced the strange definitions of IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT on...
Tobias Brunner [Fri, 14 Aug 2009 11:57:07 +0000 (13:57 +0200)]
Replaced the strange definitions of IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT on OpenSolaris.

10 years agoDefined some missing fixed-width int types on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 11:54:53 +0000 (13:54 +0200)]
Defined some missing fixed-width int types on OpenSolaris.

10 years agoLOG_AUTHPRIV is not defined on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 11:37:07 +0000 (13:37 +0200)]
LOG_AUTHPRIV is not defined on OpenSolaris.

10 years agoOpenSolaris defines MUTEX_DEFAULT therefore we rename the members of the enums mutex...
Tobias Brunner [Fri, 14 Aug 2009 11:30:59 +0000 (13:30 +0200)]
OpenSolaris defines MUTEX_DEFAULT therefore we rename the members of the enums mutex/condvar/rwlock_type_t.

10 years agoWe need to include alloca.h on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 11:25:22 +0000 (13:25 +0200)]
We need to include alloca.h on OpenSolaris.

11 years agofixed 4.3 refactoring error
Andreas Steffen [Tue, 11 Aug 2009 06:51:16 +0000 (08:51 +0200)]
fixed 4.3 refactoring error

11 years agoadded -module -avoid-version LDFLAGS
Andreas Steffen [Mon, 10 Aug 2009 23:06:45 +0000 (01:06 +0200)]
added -module -avoid-version LDFLAGS

11 years agoprepare CAMELLIA_CCM ESP encryption
Andreas Steffen [Mon, 10 Aug 2009 14:30:42 +0000 (16:30 +0200)]
prepare CAMELLIA_CCM ESP encryption

11 years agoadd ikev1/esp-alg-aes-ctr scenario
Andreas Steffen [Sat, 8 Aug 2009 17:20:53 +0000 (19:20 +0200)]
add ikev1/esp-alg-aes-ctr scenario

11 years agoadded ikev2/esp-alg-aes-ctr scenario
Andreas Steffen [Sat, 8 Aug 2009 17:08:17 +0000 (19:08 +0200)]
added ikev2/esp-alg-aes-ctr scenario

11 years agoFreeBSD's libc does not support backtrace(), but libexecinfo optionally replicates...
Tobias Brunner [Fri, 7 Aug 2009 16:30:40 +0000 (18:30 +0200)]
FreeBSD's libc does not support backtrace(), but libexecinfo optionally replicates this function (and the other defined in execinfo.h).

11 years agoset protocol to ESP for policies installed as a trap
Martin Willi [Fri, 7 Aug 2009 14:05:32 +0000 (16:05 +0200)]
set protocol to ESP for policies installed as a trap

11 years agofixed printf fromat for length limited string
Martin Willi [Thu, 6 Aug 2009 15:56:45 +0000 (17:56 +0200)]
fixed printf fromat for length limited string

11 years ago%llu correctly prints u_int64_t
Andreas Steffen [Fri, 7 Aug 2009 07:50:36 +0000 (09:50 +0200)]
%llu correctly prints u_int64_t

11 years agoprinting u_int64_t caused segfault on 32-bit platforms
Andreas Steffen [Fri, 7 Aug 2009 06:47:07 +0000 (08:47 +0200)]
printing u_int64_t caused segfault on 32-bit platforms

11 years agodo not set usetime if query_policy() fails
Andreas Steffen [Fri, 7 Aug 2009 03:59:09 +0000 (05:59 +0200)]
do not set usetime if query_policy() fails

11 years agoUse LONG_MAX instead of a hard-coded value.
Tobias Brunner [Thu, 6 Aug 2009 16:22:01 +0000 (18:22 +0200)]
Use LONG_MAX instead of a hard-coded value.

11 years agoFreeBSD returns the current policy use time only after specifying a hard lifetime...
Tobias Brunner [Thu, 6 Aug 2009 16:14:44 +0000 (18:14 +0200)]
FreeBSD returns the current policy use time only after specifying a hard lifetime when installing the policy.

11 years agoadded openssl-ikev2/alg-camellia scenario
Andreas Steffen [Thu, 6 Aug 2009 14:48:24 +0000 (16:48 +0200)]
added openssl-ikev2/alg-camellia scenario

11 years agoFixed a race condition when querying stats of a child_sa in different order.
Tobias Brunner [Thu, 6 Aug 2009 14:46:02 +0000 (16:46 +0200)]
Fixed a race condition when querying stats of a child_sa in different order.

11 years agouse SS_RC_FIRST and SS_RC_LAST
Andreas Steffen [Thu, 6 Aug 2009 14:42:44 +0000 (16:42 +0200)]
use SS_RC_FIRST and SS_RC_LAST

11 years agoabort pluto or charon if initialization fails
Andreas Steffen [Thu, 6 Aug 2009 14:32:42 +0000 (16:32 +0200)]
abort pluto or charon if initialization fails

11 years agoDon't query the policy usetime if there was no traffic on the SA.
Tobias Brunner [Thu, 6 Aug 2009 13:14:54 +0000 (15:14 +0200)]
Don't query the policy usetime if there was no traffic on the SA.

This helps in cases where a policy is assigned to more than one SA. That
is, SAs now should have different usetimes even if they use the same policy.

11 years agoReverted the interface changes introduced in 3f720dc7.
Tobias Brunner [Thu, 6 Aug 2009 11:30:16 +0000 (13:30 +0200)]
Reverted the interface changes introduced in 3f720dc7.

11 years agoadded support for ipsec.secrets "include" directive
Martin Willi [Thu, 6 Aug 2009 09:29:55 +0000 (11:29 +0200)]
added support for ipsec.secrets "include" directive

11 years agoReversed the check for udp.h, fixes compilation on Linux.
Tobias Brunner [Thu, 6 Aug 2009 08:01:59 +0000 (10:01 +0200)]
Reversed the check for udp.h, fixes compilation on Linux.

11 years agoactivated CAMELLIA_CBC cipher in openssl plugin
Andreas Steffen [Wed, 5 Aug 2009 20:46:53 +0000 (22:46 +0200)]
activated CAMELLIA_CBC cipher in openssl plugin

11 years agosupport of SHA224-based certificate signatures
Andreas Steffen [Wed, 5 Aug 2009 20:01:13 +0000 (22:01 +0200)]
support of SHA224-based certificate signatures

11 years agoEnabling UDP encapsulation via setsockopt fails on Mac OS X (it is also not required...
Tobias Brunner [Wed, 5 Aug 2009 10:31:10 +0000 (12:31 +0200)]
Enabling UDP encapsulation via setsockopt fails on Mac OS X (it is also not required as this is done using sysctl).

11 years agooutput number of transmitted bytes in closing CHILD_SA statement
Andreas Steffen [Tue, 4 Aug 2009 21:08:42 +0000 (23:08 +0200)]
output number of transmitted bytes in closing CHILD_SA statement

11 years agoFreeBSD only reports a policy's usetime if a lifetime has been specified when the...
Tobias Brunner [Tue, 4 Aug 2009 09:03:39 +0000 (11:03 +0200)]
FreeBSD only reports a policy's usetime if a lifetime has been specified when the policy was added (we only specify a lifetime on the SA, not on the policy).

11 years agoFreeBSD and Mac OS X both set the sequence number of an SADB_X_SPDGET response to...
Tobias Brunner [Fri, 31 Jul 2009 16:10:39 +0000 (18:10 +0200)]
FreeBSD and Mac OS X both set the sequence number of an SADB_X_SPDGET response to zero, we accept that for now.

11 years agoMissing check for udp.h added.
Tobias Brunner [Fri, 31 Jul 2009 15:02:53 +0000 (17:02 +0200)]
Missing check for udp.h added.

11 years agoparse RDNs in multiple SEQUENCEs in all SETs of a DN
Martin Willi [Mon, 3 Aug 2009 13:24:48 +0000 (15:24 +0200)]
parse RDNs in multiple SEQUENCEs in all SETs of a DN

11 years agocompare IKE config when reusing an existing IKE_SA to initiate a CHILD_SA
Martin Willi [Mon, 3 Aug 2009 12:37:24 +0000 (14:37 +0200)]
compare IKE config when reusing an existing IKE_SA to initiate a CHILD_SA

11 years agofixed dereferencing bug caused by bool type redefinition
Andreas Steffen [Sun, 2 Aug 2009 14:58:32 +0000 (16:58 +0200)]
fixed dereferencing bug caused by bool type redefinition

11 years agoimplemented query_sa() for PFKEYv2
Andreas Steffen [Sun, 2 Aug 2009 09:46:33 +0000 (11:46 +0200)]
implemented query_sa() for PFKEYv2

11 years agocorrected interface definition
Andreas Steffen [Fri, 31 Jul 2009 06:57:55 +0000 (08:57 +0200)]
corrected interface definition

11 years agoupdate usetime only if usebytes increase
Andreas Steffen [Thu, 30 Jul 2009 21:19:42 +0000 (23:19 +0200)]
update usetime only if usebytes increase

11 years agodisplay transmitted bytes per SA
Andreas Steffen [Thu, 30 Jul 2009 19:33:19 +0000 (21:33 +0200)]
display transmitted bytes per SA

11 years agoHandling of unsupported policy directions (FWD) fixed.
Tobias Brunner [Thu, 30 Jul 2009 12:04:17 +0000 (14:04 +0200)]
Handling of unsupported policy directions (FWD) fixed.

11 years agoEnabling NAT-T on Mac OS X using the private SADB_X_EXT_NATT flag and sadb_sa_2 struct.
Tobias Brunner [Thu, 30 Jul 2009 11:52:08 +0000 (13:52 +0200)]
Enabling NAT-T on Mac OS X using the private SADB_X_EXT_NATT flag and sadb_sa_2 struct.

11 years agoConfigure the NAT-T port via sysctl on Mac OS X to enable handling of incoming UDP...
Tobias Brunner [Wed, 29 Jul 2009 09:34:47 +0000 (11:34 +0200)]
Configure the NAT-T port via sysctl on Mac OS X to enable handling of incoming UDP encapsulated ESP packets in the kernel.

11 years agoMake accept(2) and recvfrom(2) cancellation points on Mac OS X.
Tobias Brunner [Fri, 24 Jul 2009 08:58:27 +0000 (10:58 +0200)]
Make accept(2) and recvfrom(2) cancellation points on Mac OS X.

11 years agofixe KW_END_FIRST..KW_END_LAST keyword range
Andreas Steffen [Tue, 28 Jul 2009 13:44:24 +0000 (15:44 +0200)]
fixe KW_END_FIRST..KW_END_LAST keyword range

11 years agoimproved DPD error message
Andreas Steffen [Wed, 22 Jul 2009 20:30:21 +0000 (22:30 +0200)]
improved DPD error message

11 years agoadded file and segment lengths to checksum.c
Andreas Steffen [Tue, 21 Jul 2009 20:23:51 +0000 (22:23 +0200)]
added file and segment lengths to checksum.c

11 years agoversion bump to 4.3.4
Andreas Steffen [Tue, 21 Jul 2009 20:21:52 +0000 (22:21 +0200)]
version bump to 4.3.4

11 years agoversion bump of Linux UML kernel to 2.6.30.2 4.3.3
Andreas Steffen [Tue, 21 Jul 2009 13:51:04 +0000 (15:51 +0200)]
version bump of Linux UML kernel to 2.6.30.2

11 years agofilter objects for segment checksumming by dlpi_name, excludes rare false positives
Martin Willi [Tue, 21 Jul 2009 13:10:24 +0000 (15:10 +0200)]
filter objects for segment checksumming by dlpi_name, excludes rare false positives

11 years agoenumerate executable sections only to build checksum
Martin Willi [Tue, 21 Jul 2009 13:00:18 +0000 (15:00 +0200)]
enumerate executable sections only to build checksum

11 years agoannounce integrity testing only once
Martin Willi [Tue, 21 Jul 2009 12:58:14 +0000 (14:58 +0200)]
announce integrity testing only once

11 years agoFixed GID lookup in cases where the configured group is a prefix of another group.
Tobias Brunner [Mon, 20 Jul 2009 19:20:03 +0000 (21:20 +0200)]
Fixed GID lookup in cases where the configured group is a prefix of another group.

11 years agoFixed installation of config files in out-of-tree builds.
Tobias Brunner [Mon, 20 Jul 2009 19:13:45 +0000 (21:13 +0200)]
Fixed installation of config files in out-of-tree builds.

11 years agoUse the numerical UID/GID to install the config files and create the ipsec.d directories.
Tobias Brunner [Mon, 20 Jul 2009 19:03:05 +0000 (21:03 +0200)]
Use the numerical UID/GID to install the config files and create the ipsec.d directories.

11 years agoTranslate the configured user and group to a numerical UID and GID.
Tobias Brunner [Mon, 20 Jul 2009 19:01:13 +0000 (21:01 +0200)]
Translate the configured user and group to a numerical UID and GID.

11 years agostreamlined integrity test output some more
Andreas Steffen [Sat, 18 Jul 2009 09:23:27 +0000 (11:23 +0200)]
streamlined integrity test output some more

11 years agoadvertise activated integrity tests
Andreas Steffen [Fri, 17 Jul 2009 22:37:35 +0000 (00:37 +0200)]
advertise activated integrity tests

11 years agoadded latest NEWS
Andreas Steffen [Fri, 17 Jul 2009 20:54:23 +0000 (22:54 +0200)]
added latest NEWS

11 years agoadded ikev1/net2net-pgp-v4 scenario
Andreas Steffen [Fri, 17 Jul 2009 20:36:12 +0000 (22:36 +0200)]
added ikev1/net2net-pgp-v4 scenario

11 years agoadapted scenario description for OpenPGP V3 keys
Andreas Steffen [Fri, 17 Jul 2009 20:33:22 +0000 (22:33 +0200)]
adapted scenario description for OpenPGP V3 keys

11 years agoenable crypt debugging in ikev1/esp-alg-camellia scenario
Andreas Steffen [Fri, 17 Jul 2009 19:27:54 +0000 (21:27 +0200)]
enable crypt debugging in ikev1/esp-alg-camellia scenario

11 years agoadded strongswan-2.8.11 and strongswan-4.2.17 VIDs
Andreas Steffen [Fri, 17 Jul 2009 19:19:32 +0000 (21:19 +0200)]
added strongswan-2.8.11 and strongswan-4.2.17 VIDs

11 years agoenable integrity test in all rw-cert scenarios
Andreas Steffen [Fri, 17 Jul 2009 18:52:14 +0000 (20:52 +0200)]
enable integrity test in all rw-cert scenarios

11 years agofix test vector error output
Andreas Steffen [Fri, 17 Jul 2009 18:36:21 +0000 (20:36 +0200)]
fix test vector error output

11 years agostop strongswan if integrity check of libstrongswan or daemon fails
Andreas Steffen [Fri, 17 Jul 2009 18:33:19 +0000 (20:33 +0200)]
stop strongswan if integrity check of libstrongswan or daemon fails

11 years agostreamlined debug output of integrity tests
Andreas Steffen [Fri, 17 Jul 2009 15:00:17 +0000 (17:00 +0200)]
streamlined debug output of integrity tests

11 years agoenforce strongSwan coding rules
Andreas Steffen [Fri, 17 Jul 2009 14:57:07 +0000 (16:57 +0200)]
enforce strongSwan coding rules

11 years agoshortened cypto test output
Andreas Steffen [Fri, 17 Jul 2009 14:36:01 +0000 (16:36 +0200)]
shortened cypto test output

11 years agoaccelerate lookup in non-concatenated pools
Andreas Steffen [Fri, 17 Jul 2009 11:58:29 +0000 (13:58 +0200)]
accelerate lookup in non-concatenated pools

11 years agoadded scenario ikev2/ip-split-pools-db
Andreas Steffen [Fri, 17 Jul 2009 11:38:57 +0000 (13:38 +0200)]
added scenario ikev2/ip-split-pools-db

11 years agoadded sql/ip-split-pools-db and sql/ip-split-pools-db-restart scenarios
Andreas Steffen [Fri, 17 Jul 2009 09:50:59 +0000 (11:50 +0200)]
added sql/ip-split-pools-db and sql/ip-split-pools-db-restart scenarios

11 years agocheck for an existing lease over all assigned pools first
Andreas Steffen [Fri, 17 Jul 2009 09:48:35 +0000 (11:48 +0200)]
check for an existing lease over all assigned pools first