strongswan.git
10 years agoissue error message for expired certificates in OCSP trust chain checking
Andreas Steffen [Tue, 24 Nov 2009 11:37:38 +0000 (12:37 +0100)]
issue error message for expired certificates in OCSP trust chain checking

10 years agoupdated IKEv2 notification messages assigned by IANA
Andreas Steffen [Tue, 24 Nov 2009 08:21:00 +0000 (09:21 +0100)]
updated IKEv2 notification messages assigned by IANA

10 years agoupdated NEWS for 4.3.6dr2
Andreas Steffen [Tue, 24 Nov 2009 08:18:41 +0000 (09:18 +0100)]
updated NEWS for 4.3.6dr2

10 years agoDo not recreate existing create_child subtask when retrying with different DH group
Martin Willi [Mon, 23 Nov 2009 12:50:01 +0000 (13:50 +0100)]
Do not recreate existing create_child subtask when retrying with different DH group

10 years agoAvoid potentially unaligned half-word read
Martin Willi [Mon, 23 Nov 2009 12:49:19 +0000 (13:49 +0100)]
Avoid potentially unaligned half-word read

10 years agoCorrectly set host number to zero when computing traffic selector range
Eric Mertens [Tue, 17 Nov 2009 18:30:37 +0000 (10:30 -0800)]
Correctly set host number to zero when computing traffic selector range

10 years agoUse abort() instead of raising SIGKILL, gives us proper core dumps if enabled
Martin Willi [Fri, 20 Nov 2009 13:36:24 +0000 (14:36 +0100)]
Use abort() instead of raising SIGKILL, gives us proper core dumps if enabled

10 years agoUse status_t return value for get_quintuplet() dummy implementations
Martin Willi [Fri, 20 Nov 2009 10:02:06 +0000 (11:02 +0100)]
Use status_t return value for get_quintuplet() dummy implementations

10 years agoMove comment out of register_printf_function test
Martin Willi [Thu, 19 Nov 2009 13:37:34 +0000 (14:37 +0100)]
Move comment out of register_printf_function test

10 years agoMessage stringification supports more detailed EAP payload information
Martin Willi [Wed, 18 Nov 2009 09:37:46 +0000 (10:37 +0100)]
Message stringification supports more detailed EAP payload information

10 years agoCorrectly enumerate attributes to request as initiator with the actually requesting...
Martin Willi [Tue, 17 Nov 2009 16:51:30 +0000 (17:51 +0100)]
Correctly enumerate attributes to request as initiator with the actually requesting handler

10 years agoFixed memleak in attribute handling
Martin Willi [Tue, 17 Nov 2009 15:55:45 +0000 (15:55 +0000)]
Fixed memleak in attribute handling

10 years agoattr plugin supports any custom attribute type having a v4/v6 IP under the charon...
Martin Willi [Tue, 17 Nov 2009 15:53:57 +0000 (15:53 +0000)]
attr plugin supports any custom attribute type having a v4/v6 IP under the charon.plugins.attr namespace

10 years agoSupport enumeration of key/value pairs in a section of strongswan.conf
Martin Willi [Tue, 17 Nov 2009 15:52:36 +0000 (15:52 +0000)]
Support enumeration of key/value pairs in a section of strongswan.conf

10 years agoWhitelist register_printf_specifier in leak detective
Martin Willi [Tue, 17 Nov 2009 15:51:57 +0000 (15:51 +0000)]
Whitelist register_printf_specifier in leak detective

10 years agoGive plugins more control of which configuration attributes to request, and pass...
Martin Willi [Tue, 17 Nov 2009 13:51:50 +0000 (14:51 +0100)]
Give plugins more control of which configuration attributes to request, and pass received attributes back to the requesting handler

10 years agoEncrypt payloads with missing rule, fix insertion of non-encrypted payloads
Martin Willi [Thu, 12 Nov 2009 14:52:12 +0000 (14:52 +0000)]
Encrypt payloads with missing rule, fix insertion of non-encrypted payloads

10 years agoBuild libsimaka with libtool, as we require a PIC-enabled version
Martin Willi [Tue, 10 Nov 2009 13:24:19 +0000 (14:24 +0100)]
Build libsimaka with libtool, as we require a PIC-enabled version

10 years agoFix word alignement in memxor() on 64-bit architectures
Martin Willi [Tue, 10 Nov 2009 13:12:00 +0000 (14:12 +0100)]
Fix word alignement in memxor() on 64-bit architectures

10 years agoDo not complain about missing payload order rules for private use payloads
Martin Willi [Tue, 10 Nov 2009 10:11:03 +0000 (11:11 +0100)]
Do not complain about missing payload order rules for private use payloads

10 years agoProperly initialize attribute encoding/length values
Martin Willi [Tue, 10 Nov 2009 10:07:37 +0000 (11:07 +0100)]
Properly initialize attribute encoding/length values

10 years agoIdentation/whitespace cleanups
Martin Willi [Tue, 10 Nov 2009 10:07:13 +0000 (11:07 +0100)]
Identation/whitespace cleanups

10 years agoSimplified vendor ID payload interface
Martin Willi [Mon, 9 Nov 2009 11:38:48 +0000 (12:38 +0100)]
Simplified vendor ID payload interface

10 years agoInvoke message hook before generation, allowing plugins to mangle it
Martin Willi [Mon, 2 Nov 2009 09:44:11 +0000 (10:44 +0100)]
Invoke message hook before generation, allowing plugins to mangle it

10 years agoPrefer MODP2048/1536 over ECP Diffie-Hellman groups
Martin Willi [Thu, 12 Nov 2009 13:10:30 +0000 (13:10 +0000)]
Prefer MODP2048/1536 over ECP Diffie-Hellman groups

10 years agoUse register_printf_specifier instead of deprecated register_printf_function, if...
Martin Willi [Thu, 12 Nov 2009 12:16:46 +0000 (13:16 +0100)]
Use register_printf_specifier instead of deprecated register_printf_function, if available

10 years agoFixed compiler warning about missing return value
Martin Willi [Thu, 12 Nov 2009 10:17:02 +0000 (11:17 +0100)]
Fixed compiler warning about missing return value

10 years agoSupport variable RES length in AKA quintuplets
Martin Willi [Thu, 12 Nov 2009 09:27:50 +0000 (10:27 +0100)]
Support variable RES length in AKA quintuplets

10 years agoPorted pseudonym/reauth functionality to EAP-AKA
Martin Willi [Thu, 29 Oct 2009 16:38:45 +0000 (17:38 +0100)]
Ported pseudonym/reauth functionality to EAP-AKA

10 years agoPassing other as NULL should not always result in a match if me matches
Martin Willi [Thu, 29 Oct 2009 16:37:36 +0000 (17:37 +0100)]
Passing other as NULL should not always result in a match if me matches

10 years agoUse new identity constructor in EAP-SIM
Martin Willi [Thu, 29 Oct 2009 14:58:43 +0000 (15:58 +0100)]
Use new identity constructor in EAP-SIM

10 years agoAdded identification constructor using a chunk of data, guessing id type
Martin Willi [Thu, 29 Oct 2009 14:52:00 +0000 (15:52 +0100)]
Added identification constructor using a chunk of data, guessing id type

10 years agoMoved card/provider enumeration to SIM manager, providing wrapped functions for both...
Martin Willi [Thu, 29 Oct 2009 13:56:45 +0000 (14:56 +0100)]
Moved card/provider enumeration to SIM manager, providing wrapped functions for both SIM and AKA plugins

10 years agoAdded option to disable identity requests completely (old behavior)
Martin Willi [Thu, 29 Oct 2009 09:19:43 +0000 (10:19 +0100)]
Added option to disable identity requests completely (old behavior)

10 years agoFixed replacing existing reauthentication data
Martin Willi [Thu, 29 Oct 2009 08:49:55 +0000 (09:49 +0100)]
Fixed replacing existing reauthentication data

10 years agoInitiate full authentication if reauthentication identity is unknown
Martin Willi [Wed, 28 Oct 2009 15:04:45 +0000 (16:04 +0100)]
Initiate full authentication if reauthentication identity is unknown

10 years agoMoved reauth/pseudonym functionality from eap-sim-file to separate plugins, usable...
Martin Willi [Wed, 28 Oct 2009 14:34:05 +0000 (15:34 +0100)]
Moved reauth/pseudonym functionality from eap-sim-file to separate plugins, usable by any SIM/AKA backend

10 years agoeap-sim-file plugin supports volatile in-memory storage of fast reauthentication...
Martin Willi [Wed, 28 Oct 2009 13:18:33 +0000 (14:18 +0100)]
eap-sim-file plugin supports volatile in-memory storage of fast reauthentication data

10 years agoInitial support for fast reauthentication in EAP-SIM
Martin Willi [Wed, 28 Oct 2009 13:16:54 +0000 (14:16 +0100)]
Initial support for fast reauthentication in EAP-SIM

10 years agoEAP-SIM/AKA crypto helper supports key derivation for fast reauthentication
Martin Willi [Wed, 28 Oct 2009 13:15:24 +0000 (14:15 +0100)]
EAP-SIM/AKA crypto helper supports key derivation for fast reauthentication

10 years agoFallback to permanent identity request if pseudonym mapping failed
Martin Willi [Tue, 27 Oct 2009 10:12:36 +0000 (11:12 +0100)]
Fallback to permanent identity request if pseudonym mapping failed

10 years agoQuery triplet/quintuplet functions with permanent identity only,
Martin Willi [Tue, 27 Oct 2009 10:10:44 +0000 (11:10 +0100)]
Query triplet/quintuplet functions with permanent identity only,
extended sim_provider with a is_pseudonym() function.

10 years agoeap-sim-file plugin can store pseudonym information volatile in memory
Martin Willi [Mon, 26 Oct 2009 15:11:40 +0000 (16:11 +0100)]
eap-sim-file plugin can store pseudonym information volatile in memory

10 years agoSome coding style cleanups
Martin Willi [Mon, 26 Oct 2009 15:08:14 +0000 (16:08 +0100)]
Some coding style cleanups

10 years agoImpemented basic pseudonym support in EAP-SIM
Martin Willi [Mon, 26 Oct 2009 15:11:15 +0000 (16:11 +0100)]
Impemented basic pseudonym support in EAP-SIM

10 years agoA SIM/AKA message can be parsed twice, without and with decryption
Martin Willi [Fri, 23 Oct 2009 14:26:26 +0000 (16:26 +0200)]
A SIM/AKA message can be parsed twice, without and with decryption

10 years agoPass SIM/AKA crypto helper to constructor of message
Martin Willi [Fri, 23 Oct 2009 11:57:13 +0000 (13:57 +0200)]
Pass SIM/AKA crypto helper to constructor of message

10 years agoAdded a doxygen group for libsimaka, some cleanups
Martin Willi [Thu, 22 Oct 2009 12:41:13 +0000 (14:41 +0200)]
Added a doxygen group for libsimaka, some cleanups

10 years agoAdded missing hasher include
Martin Willi [Thu, 22 Oct 2009 12:46:32 +0000 (14:46 +0200)]
Added missing hasher include

10 years agoEAP servers check if the received EAP message was expected
Martin Willi [Thu, 22 Oct 2009 12:05:10 +0000 (14:05 +0200)]
EAP servers check if the received EAP message was expected

10 years agoUse existing triplet length definitions
Martin Willi [Thu, 22 Oct 2009 11:57:37 +0000 (13:57 +0200)]
Use existing triplet length definitions

10 years agoSplitted EAP-AKA in peer and server implementations, use libsimaka helper library
Martin Willi [Thu, 22 Oct 2009 11:04:50 +0000 (13:04 +0200)]
Splitted EAP-AKA in peer and server implementations, use libsimaka helper library

10 years agoProper handling of non-skippable attributes and client error codes in EAP-SIM
Martin Willi [Thu, 22 Oct 2009 11:03:55 +0000 (13:03 +0200)]
Proper handling of non-skippable attributes and client error codes in EAP-SIM

10 years agoCentralized SIM/AKA notifications and client errors
Martin Willi [Thu, 22 Oct 2009 11:02:32 +0000 (13:02 +0200)]
Centralized SIM/AKA notifications and client errors

10 years agoUse the EAP-SIM/AKA crypto helper in EAP-SIM
Martin Willi [Wed, 21 Oct 2009 12:21:00 +0000 (14:21 +0200)]
Use the EAP-SIM/AKA crypto helper in EAP-SIM

10 years agolibsimaka provides cryptographic functionality used in EAP-SIM and EAP-AKA
Martin Willi [Wed, 21 Oct 2009 11:37:37 +0000 (13:37 +0200)]
libsimaka provides cryptographic functionality used in EAP-SIM and EAP-AKA

10 years agoMigrated EAP-SIM to libsimaka, separated server/peer implementations
Martin Willi [Tue, 20 Oct 2009 11:44:21 +0000 (13:44 +0200)]
Migrated EAP-SIM to libsimaka, separated server/peer implementations

10 years agoAdded a libsimaka library with shared message handling code for EAP-SIM/AKA
Martin Willi [Mon, 19 Oct 2009 13:37:36 +0000 (15:37 +0200)]
Added a libsimaka library with shared message handling code for EAP-SIM/AKA

10 years agosim_provider_t API gained support for pseudonym/fast reauthentication
Martin Willi [Wed, 14 Oct 2009 12:42:43 +0000 (14:42 +0200)]
sim_provider_t API gained support for pseudonym/fast reauthentication

10 years agosim_card_t API gained support for pseudonym/fast reauthentication
Martin Willi [Wed, 14 Oct 2009 11:35:35 +0000 (13:35 +0200)]
sim_card_t API gained support for pseudonym/fast reauthentication

10 years agomixed fingerprint / userid
Andreas Steffen [Wed, 11 Nov 2009 10:17:59 +0000 (11:17 +0100)]
mixed fingerprint / userid

10 years agofixed 4.3.6 ocsp regression
Andreas Steffen [Wed, 11 Nov 2009 10:06:07 +0000 (11:06 +0100)]
fixed 4.3.6 ocsp regression

10 years agoadapted log message
Andreas Steffen [Tue, 10 Nov 2009 22:55:55 +0000 (23:55 +0100)]
adapted log message

10 years agomerged pluto's PGP certificate parsing with charon's
Andreas Steffen [Tue, 10 Nov 2009 22:54:51 +0000 (23:54 +0100)]
merged pluto's PGP certificate parsing with charon's

10 years agomerged pluto's PGP certificate parsing with charon's
Andreas Steffen [Tue, 10 Nov 2009 22:54:04 +0000 (23:54 +0100)]
merged pluto's PGP certificate parsing with charon's

10 years agoadded separating line
Andreas Steffen [Tue, 10 Nov 2009 20:50:34 +0000 (21:50 +0100)]
added separating line

10 years agoadded some debugging to pgp certificate parsing
Andreas Steffen [Tue, 10 Nov 2009 09:04:55 +0000 (10:04 +0100)]
added some debugging to pgp certificate parsing

10 years agoaccept PGP v3 or v4 fingerprint as alternative to PGP user_id
Andreas Steffen [Mon, 9 Nov 2009 22:15:17 +0000 (23:15 +0100)]
accept PGP v3 or v4 fingerprint as alternative to PGP user_id

10 years agoIf cross-compiling, test for the existence of pthread_condattr_setclock only
Martin Willi [Mon, 9 Nov 2009 10:43:15 +0000 (11:43 +0100)]
If cross-compiling, test for the existence of pthread_condattr_setclock only

10 years agoInstall bypass policies after creating XFRM netlink socket, loading xfrm_user module
Martin Willi [Mon, 9 Nov 2009 12:23:24 +0000 (13:23 +0100)]
Install bypass policies after creating XFRM netlink socket, loading xfrm_user module

10 years agoput PGP userid in single quotes
Andreas Steffen [Sun, 8 Nov 2009 22:58:41 +0000 (23:58 +0100)]
put PGP userid in single quotes

10 years agoadded ikev2/net2net-pgp-v3 scenario
Andreas Steffen [Sun, 8 Nov 2009 22:49:04 +0000 (23:49 +0100)]
added ikev2/net2net-pgp-v3 scenario

10 years agoremoved nocrsend=yes statement
Andreas Steffen [Sun, 8 Nov 2009 22:48:26 +0000 (23:48 +0100)]
removed nocrsend=yes statement

10 years agoadded ikev2/net2net-pgp-v4 scenario
Andreas Steffen [Sun, 8 Nov 2009 22:23:45 +0000 (23:23 +0100)]
added ikev2/net2net-pgp-v4 scenario

10 years agolist v3 or v4 fingerprint
Andreas Steffen [Sun, 8 Nov 2009 22:21:03 +0000 (23:21 +0100)]
list v3 or v4 fingerprint

10 years agostroke_list supports listing of PGP certificates
Andreas Steffen [Sun, 8 Nov 2009 20:01:12 +0000 (21:01 +0100)]
stroke_list supports listing of PGP certificates

10 years agodefine TIME_32_BITS_SIGNED_MAX in utils.h
Andreas Steffen [Sun, 8 Nov 2009 17:55:52 +0000 (18:55 +0100)]
define TIME_32_BITS_SIGNED_MAX in utils.h

10 years agopluto ignores proprietary Juniper SRX notification 40001
Andreas Steffen [Thu, 5 Nov 2009 07:38:00 +0000 (08:38 +0100)]
pluto ignores proprietary Juniper SRX notification 40001

10 years agomoved multi-level-ca-pathlen scenario
Andreas Steffen [Wed, 4 Nov 2009 22:43:43 +0000 (23:43 +0100)]
moved multi-level-ca-pathlen scenario

10 years agoimplemented path length constraint checkinf for IKEv2
Andreas Steffen [Wed, 4 Nov 2009 22:37:15 +0000 (23:37 +0100)]
implemented path length constraint checkinf for IKEv2

10 years agodisplay printable characters in dntoa()
Andreas Steffen [Wed, 4 Nov 2009 19:17:12 +0000 (20:17 +0100)]
display printable characters in dntoa()

10 years agocheck if acerts linked_list has been initialized before destroying it
Andreas Steffen [Wed, 4 Nov 2009 18:36:02 +0000 (19:36 +0100)]
check if acerts linked_list has been initialized before destroying it

10 years agorenamed multi-level-pathlen scenario to multi-level-ca-pathlen
Andreas Steffen [Wed, 4 Nov 2009 17:18:43 +0000 (18:18 +0100)]
renamed multi-level-pathlen scenario to multi-level-ca-pathlen

10 years agoadded ikev1/multi-level-pathlen scenario
Andreas Steffen [Wed, 4 Nov 2009 17:15:26 +0000 (18:15 +0100)]
added ikev1/multi-level-pathlen scenario

10 years agoadded a subsidiary Duck Research CA
Andreas Steffen [Wed, 4 Nov 2009 17:13:06 +0000 (18:13 +0100)]
added a subsidiary Duck Research CA

10 years agoimplemented path length constraint checking for IKEv1
Andreas Steffen [Wed, 4 Nov 2009 17:10:31 +0000 (18:10 +0100)]
implemented path length constraint checking for IKEv1

10 years agoput directory path into single quotes
Andreas Steffen [Wed, 4 Nov 2009 13:34:14 +0000 (14:34 +0100)]
put directory path into single quotes

10 years agoremoved redundant and buggy debug statement
Andreas Steffen [Wed, 4 Nov 2009 13:28:10 +0000 (14:28 +0100)]
removed redundant and buggy debug statement

10 years agooutput optional pathLenConstraint in ipsec listcacerts
Andreas Steffen [Wed, 4 Nov 2009 06:30:07 +0000 (07:30 +0100)]
output optional pathLenConstraint in ipsec listcacerts

10 years agorefreshened and fortified strongSwan Root CA certificate
Andreas Steffen [Tue, 3 Nov 2009 23:16:48 +0000 (00:16 +0100)]
refreshened and fortified strongSwan Root CA certificate

10 years agoimplemented parsing of pathLenConstraint
Andreas Steffen [Tue, 3 Nov 2009 23:03:10 +0000 (00:03 +0100)]
implemented parsing of pathLenConstraint

10 years agoversion bump to 4.3.6
Andreas Steffen [Mon, 2 Nov 2009 21:47:55 +0000 (22:47 +0100)]
version bump to 4.3.6

10 years agoUse XFRM instead of PF_KEY IKE bypass policies in netlink based kernel interface
Martin Willi [Fri, 30 Oct 2009 10:19:32 +0000 (11:19 +0100)]
Use XFRM instead of PF_KEY IKE bypass policies in netlink based kernel interface

10 years agofixed a memory leak in OCSP fetching 4.3.5
Andreas Steffen [Thu, 29 Oct 2009 09:00:19 +0000 (10:00 +0100)]
fixed a memory leak in OCSP fetching

10 years agoQuery secrets in EAP-MD5 with me/other identities, fixing lookup in NetworkManager
Martin Willi [Mon, 26 Oct 2009 07:47:40 +0000 (08:47 +0100)]
Query secrets in EAP-MD5 with me/other identities, fixing lookup in NetworkManager

10 years agoShow the number of times a lock was acquired in lock profiler
Martin Willi [Fri, 23 Oct 2009 06:12:17 +0000 (08:12 +0200)]
Show the number of times a lock was acquired in lock profiler

10 years agoHand out shared secret of load tester for all identities
Martin Willi [Thu, 22 Oct 2009 14:44:07 +0000 (16:44 +0200)]
Hand out shared secret of load tester for all identities

10 years agoFixed all doxygen warnings
Martin Willi [Thu, 22 Oct 2009 12:34:10 +0000 (14:34 +0200)]
Fixed all doxygen warnings

10 years agoStore return value of getc() in an int to correctly test it against EOF
Martin Willi [Thu, 22 Oct 2009 11:13:06 +0000 (13:13 +0200)]
Store return value of getc() in an int to correctly test it against EOF

10 years agoLoad-testers PSK is used for all purposes, including EAP authentication
Martin Willi [Tue, 20 Oct 2009 13:54:13 +0000 (15:54 +0200)]
Load-testers PSK is used for all purposes, including EAP authentication