strongswan.git
13 years agoadded support for AES-XCBC in kernel using e.g. esp=aes128-aesxcbc (>=linux-2.6.20)
Martin Willi [Mon, 23 Apr 2007 13:00:20 +0000 (13:00 -0000)]
added support for AES-XCBC in kernel using e.g. esp=aes128-aesxcbc (>=linux-2.6.20)

13 years agofixed CHILD_SA proposal selection when not using DH exchange
Martin Willi [Mon, 23 Apr 2007 12:59:10 +0000 (12:59 -0000)]
fixed CHILD_SA proposal selection when not using DH exchange

13 years agofixed keyingtries
Martin Willi [Mon, 23 Apr 2007 12:19:23 +0000 (12:19 -0000)]
fixed keyingtries

13 years agogenerated certs for ocsp-strict-ifuri scenario
Andreas Steffen [Fri, 20 Apr 2007 14:54:10 +0000 (14:54 -0000)]
generated certs for ocsp-strict-ifuri scenario

13 years agogenerated certs for ocsp-strict-ifuri scenario
Andreas Steffen [Fri, 20 Apr 2007 14:52:32 +0000 (14:52 -0000)]
generated certs for ocsp-strict-ifuri scenario

13 years agofixed test scenarios
Andreas Steffen [Fri, 20 Apr 2007 14:51:39 +0000 (14:51 -0000)]
fixed test scenarios

13 years agoocsp-strict-ifuri added
Andreas Steffen [Fri, 20 Apr 2007 14:50:42 +0000 (14:50 -0000)]
ocsp-strict-ifuri added

13 years agoocsp-no-signer-cert added
Andreas Steffen [Fri, 20 Apr 2007 14:49:50 +0000 (14:49 -0000)]
ocsp-no-signer-cert added

13 years agoinitialize isCA to FALSE
Andreas Steffen [Fri, 20 Apr 2007 14:36:55 +0000 (14:36 -0000)]
initialize isCA to FALSE

13 years agoisOcspSigner was not initialized
Andreas Steffen [Fri, 20 Apr 2007 12:38:35 +0000 (12:38 -0000)]
isOcspSigner was not initialized

13 years agowrong delimiters in ipsec.in
Andreas Steffen [Fri, 20 Apr 2007 12:23:03 +0000 (12:23 -0000)]
wrong delimiters in ipsec.in

13 years agoimplementation of strictcrlpolicy=ifuri
Andreas Steffen [Fri, 20 Apr 2007 11:12:08 +0000 (11:12 -0000)]
implementation of strictcrlpolicy=ifuri

13 years agoremoved linux26/xfrm.h
Andreas Steffen [Thu, 19 Apr 2007 15:02:55 +0000 (15:02 -0000)]
removed linux26/xfrm.h

13 years agounshare argument buffers
Andreas Steffen [Thu, 19 Apr 2007 14:26:11 +0000 (14:26 -0000)]
unshare argument buffers

13 years agoupdated man page: proposals using PFS
Martin Willi [Thu, 19 Apr 2007 14:22:53 +0000 (14:22 -0000)]
updated man page: proposals using PFS

13 years agokernel_netlink.c now includes src/include/linux/xfrm.h
Andreas Steffen [Thu, 19 Apr 2007 14:15:00 +0000 (14:15 -0000)]
kernel_netlink.c now includes src/include/linux/xfrm.h

13 years agoupdated TODO
Martin Willi [Thu, 19 Apr 2007 14:14:01 +0000 (14:14 -0000)]
updated TODO

13 years agoadded support for EAP methods not establishing an MSK
Martin Willi [Thu, 19 Apr 2007 12:37:48 +0000 (12:37 -0000)]
added support for EAP methods not establishing an MSK

13 years agoadded most problematic linux headers to distribution
Martin Willi [Thu, 19 Apr 2007 08:59:36 +0000 (08:59 -0000)]
added most problematic linux headers to distribution
  other/real linux header may be selected using --with-linux-headers=dir

13 years agoadded PDF support for CHILD_SAs
Martin Willi [Thu, 19 Apr 2007 08:02:19 +0000 (08:02 -0000)]
added PDF support for CHILD_SAs
support for INVALID_KE_PAYLOAD negotiation for rekeying

13 years agofixed memleak in IKE_SA manager
Martin Willi [Thu, 19 Apr 2007 07:04:35 +0000 (07:04 -0000)]
fixed memleak in IKE_SA manager

13 years agomoved initiate() code to the generic controller_t class
Martin Willi [Mon, 16 Apr 2007 12:52:49 +0000 (12:52 -0000)]
moved initiate() code to the generic controller_t class

13 years agocloning %any ID without zero-byte memleak
Martin Willi [Mon, 16 Apr 2007 08:37:52 +0000 (08:37 -0000)]
cloning %any ID without zero-byte memleak

13 years agoremoved version numbers in autogen
Martin Willi [Mon, 16 Apr 2007 08:34:22 +0000 (08:34 -0000)]
removed version numbers in autogen

13 years agoadded listaacerts, listacerts, listgroups, rereadaacerts, and rereadacerts keywords
Andreas Steffen [Sat, 14 Apr 2007 18:09:44 +0000 (18:09 -0000)]
added listaacerts, listacerts, listgroups, rereadaacerts, and rereadacerts keywords

13 years agofixed destroy() bug
Andreas Steffen [Sat, 14 Apr 2007 17:34:41 +0000 (17:34 -0000)]
fixed destroy() bug

13 years agoexported parse_generalNames()
Andreas Steffen [Sat, 14 Apr 2007 17:34:18 +0000 (17:34 -0000)]
exported parse_generalNames()

13 years agoadded listaacerts, listacerts, listgroups, rereadaacerts, and rereadacerts keywords
Andreas Steffen [Sat, 14 Apr 2007 17:33:29 +0000 (17:33 -0000)]
added listaacerts, listacerts, listgroups, rereadaacerts, and rereadacerts keywords

13 years agoadded listaacerts, listacerts, listgroups, rereadaacerts, and rereadacerts keywords
Andreas Steffen [Sat, 14 Apr 2007 17:33:02 +0000 (17:33 -0000)]
added listaacerts, listacerts, listgroups, rereadaacerts, and rereadacerts keywords

13 years agoadded trailing newline to list()
Andreas Steffen [Thu, 12 Apr 2007 20:16:14 +0000 (20:16 -0000)]
added trailing newline to list()

13 years agoset sleep back to 180 s
Andreas Steffen [Thu, 12 Apr 2007 19:41:24 +0000 (19:41 -0000)]
set sleep back to 180 s

13 years agostarted to parse attribute certificates
Andreas Steffen [Thu, 12 Apr 2007 19:39:11 +0000 (19:39 -0000)]
started to parse attribute certificates

13 years agocosmetics
Andreas Steffen [Thu, 12 Apr 2007 19:33:13 +0000 (19:33 -0000)]
cosmetics

13 years agomoved parse_time() from x509.c to asn1.c
Andreas Steffen [Thu, 12 Apr 2007 18:58:27 +0000 (18:58 -0000)]
moved parse_time() from x509.c to asn1.c

13 years agoreplace cert by this in parse_certificate()
Andreas Steffen [Thu, 12 Apr 2007 18:57:33 +0000 (18:57 -0000)]
replace cert by this in parse_certificate()

13 years agoparse_authorityKeyIdentifier() is made available externally
Andreas Steffen [Thu, 12 Apr 2007 18:56:46 +0000 (18:56 -0000)]
parse_authorityKeyIdentifier() is made available externally

13 years agoexternal functions are defined in asn1.h and x509.h now
Andreas Steffen [Thu, 12 Apr 2007 18:55:44 +0000 (18:55 -0000)]
external functions are defined in asn1.h and x509.h now

13 years agostarted support of X.509 attribute certificates
Andreas Steffen [Thu, 12 Apr 2007 17:49:33 +0000 (17:49 -0000)]
started support of X.509 attribute certificates

13 years agoadded AA and AATR cert paths
Andreas Steffen [Thu, 12 Apr 2007 16:43:21 +0000 (16:43 -0000)]
added AA and AATR cert paths

13 years agofixed output of list_auth_certificates()
Andreas Steffen [Thu, 12 Apr 2007 16:42:07 +0000 (16:42 -0000)]
fixed output of list_auth_certificates()

13 years agofixed output of list_certinfos()
Andreas Steffen [Thu, 12 Apr 2007 16:36:12 +0000 (16:36 -0000)]
fixed output of list_certinfos()

13 years agocorrected copyright statement
Andreas Steffen [Thu, 12 Apr 2007 16:21:02 +0000 (16:21 -0000)]
corrected copyright statement

13 years agoadded missing #include
Martin Willi [Thu, 12 Apr 2007 11:33:43 +0000 (11:33 -0000)]
added missing #include

13 years agoupdated uClibc note in HACKING
Martin Willi [Thu, 12 Apr 2007 11:33:28 +0000 (11:33 -0000)]
updated uClibc note in HACKING

13 years agoremoved %Q, %Y, %W, %U printf handlers
Martin Willi [Thu, 12 Apr 2007 09:44:26 +0000 (09:44 -0000)]
removed %Q, %Y, %W, %U printf handlers

13 years agonot using %m printf handler, as late errno interpration over bus may be problematic
Martin Willi [Thu, 12 Apr 2007 08:52:36 +0000 (08:52 -0000)]
not using %m printf handler, as late errno interpration over bus may be problematic

13 years agofixed DPD delay in peer_cfg
Martin Willi [Thu, 12 Apr 2007 06:20:42 +0000 (06:20 -0000)]
fixed DPD delay in peer_cfg

13 years agofixed payload debug message
Martin Willi [Thu, 12 Apr 2007 06:20:14 +0000 (06:20 -0000)]
fixed payload debug message

13 years agoremoved IKE_SA_ID (%J) printf hook, two more to go
Martin Willi [Wed, 11 Apr 2007 13:01:08 +0000 (13:01 -0000)]
removed IKE_SA_ID (%J) printf hook, two more to go

13 years agocleanup and fixes for status & statusall
Martin Willi [Wed, 11 Apr 2007 12:43:52 +0000 (12:43 -0000)]
cleanup and fixes for status & statusall

13 years agousing %V time delta for rekeying times
Martin Willi [Wed, 11 Apr 2007 12:33:02 +0000 (12:33 -0000)]
using %V time delta for rekeying times

13 years agoremoved IKE_SA (%K) and CHILD_SA (%P) printf handlers, 3 more to go
Martin Willi [Wed, 11 Apr 2007 12:14:51 +0000 (12:14 -0000)]
removed IKE_SA (%K) and CHILD_SA (%P) printf handlers, 3 more to go

13 years agoremoved %M printf handler, five more to go
Martin Willi [Wed, 11 Apr 2007 09:12:21 +0000 (09:12 -0000)]
removed %M printf handler, five more to go

13 years agofixed virtual ip configuration bug introduced with the previous commit
Martin Willi [Wed, 11 Apr 2007 08:34:21 +0000 (08:34 -0000)]
fixed virtual ip configuration bug introduced with the previous commit

13 years agoadapted evaltest to refactored ipsec status output
Andreas Steffen [Wed, 11 Apr 2007 08:18:38 +0000 (08:18 -0000)]
adapted evaltest to refactored ipsec status output

13 years agotwo %any IDs are equal
Martin Willi [Wed, 11 Apr 2007 07:43:23 +0000 (07:43 -0000)]
two %any IDs are equal

13 years agocleaned up apidoc
Martin Willi [Wed, 11 Apr 2007 07:20:39 +0000 (07:20 -0000)]
cleaned up apidoc
added some comments
removed configuration.[ch], as it does not make sense like it is

13 years agoadded script for sed'ing thhrough all source files
Martin Willi [Wed, 11 Apr 2007 07:19:17 +0000 (07:19 -0000)]
added script for sed'ing thhrough all source files

13 years agoaccepting stroke initiation by a name of a child_cfg
Martin Willi [Wed, 11 Apr 2007 05:58:38 +0000 (05:58 -0000)]
accepting stroke initiation by a name of a child_cfg

13 years agoreduced sleep from 180 to 170 seconds
Andreas Steffen [Tue, 10 Apr 2007 23:22:26 +0000 (23:22 -0000)]
reduced sleep from 180 to 170 seconds

13 years agofixed bug with roadwarrior and wildcard IDs
Andreas Steffen [Tue, 10 Apr 2007 22:39:09 +0000 (22:39 -0000)]
fixed bug with roadwarrior and wildcard IDs

13 years agoedited comment and debug output
Andreas Steffen [Tue, 10 Apr 2007 22:38:06 +0000 (22:38 -0000)]
edited comment and debug output

13 years agobest must be initialized to 2*MAX_WILDCARDS+1
Andreas Steffen [Tue, 10 Apr 2007 22:35:45 +0000 (22:35 -0000)]
best must be initialized to 2*MAX_WILDCARDS+1

13 years agochanged tab spacing from 8 to 4
Andreas Steffen [Tue, 10 Apr 2007 19:31:42 +0000 (19:31 -0000)]
changed tab spacing from 8 to 4

13 years agorequesting the same virtual IP on reauthentication
Martin Willi [Tue, 10 Apr 2007 15:02:57 +0000 (15:02 -0000)]
requesting the same virtual IP on reauthentication

13 years agoproper notification handling
Martin Willi [Tue, 10 Apr 2007 15:00:51 +0000 (15:00 -0000)]
proper notification handling

13 years agoversion bump to 4.1.2
Andreas Steffen [Tue, 10 Apr 2007 11:53:35 +0000 (11:53 -0000)]
version bump to 4.1.2

13 years agorestructured file layout
Martin Willi [Tue, 10 Apr 2007 06:01:03 +0000 (06:01 -0000)]
restructured file layout
new configuration structure:
  peer_cfg: configuration related to a peer (authenitcation, ...=
  ike_cfg: config to use for IKE setup (proposals)
  child_Cfg: config for CHILD_SA (proposals, traffic selectors)
  a peer_cfg has one ike_cfg and multiple child_cfg's
stroke now uses fixed count of threads

13 years agoadapt evaltest to changed debug output 4.1.1
Andreas Steffen [Fri, 6 Apr 2007 10:39:24 +0000 (10:39 -0000)]
adapt evaltest to changed debug output

13 years agocosmetics in debug output
Andreas Steffen [Fri, 6 Apr 2007 10:35:13 +0000 (10:35 -0000)]
cosmetics in debug output

13 years agocrl-ldap scenario added
Andreas Steffen [Fri, 6 Apr 2007 10:02:27 +0000 (10:02 -0000)]
crl-ldap scenario added

13 years agoldap-based crl fetching supported
Andreas Steffen [Fri, 6 Apr 2007 09:51:04 +0000 (09:51 -0000)]
ldap-based crl fetching supported

13 years agochanged LDAP_VER compile option to LIBLDAP
Andreas Steffen [Fri, 6 Apr 2007 09:49:05 +0000 (09:49 -0000)]
changed LDAP_VER compile option to LIBLDAP

13 years agosupport of ldap-based crl fetching
Andreas Steffen [Fri, 6 Apr 2007 09:44:06 +0000 (09:44 -0000)]
support of ldap-based crl fetching

13 years agoremoved list_crls() and list_ocsp() methods
Andreas Steffen [Fri, 6 Apr 2007 09:43:20 +0000 (09:43 -0000)]
removed list_crls() and list_ocsp() methods

13 years agoremoved list_crls() and list_ocsp() methods
Andreas Steffen [Fri, 6 Apr 2007 09:42:45 +0000 (09:42 -0000)]
removed list_crls() and list_ocsp() methods

13 years agoenabled crl fetching using crlcheckinterval != 0
Andreas Steffen [Thu, 5 Apr 2007 17:51:12 +0000 (17:51 -0000)]
enabled crl fetching using crlcheckinterval != 0

13 years agocachecrls=yes supported by IKEv2
Andreas Steffen [Thu, 5 Apr 2007 17:44:50 +0000 (17:44 -0000)]
cachecrls=yes supported by IKEv2

13 years agoenabled crl fetching using crlcheckinterval != 0
Andreas Steffen [Thu, 5 Apr 2007 17:40:33 +0000 (17:40 -0000)]
enabled crl fetching using crlcheckinterval != 0

13 years agoadded crl-to-cache
Andreas Steffen [Thu, 5 Apr 2007 17:18:25 +0000 (17:18 -0000)]
added crl-to-cache

13 years agoadded crl-from-cache
Andreas Steffen [Thu, 5 Apr 2007 17:18:15 +0000 (17:18 -0000)]
added crl-from-cache

13 years agoblock crl fetching
Andreas Steffen [Thu, 5 Apr 2007 17:10:59 +0000 (17:10 -0000)]
block crl fetching

13 years agoblock crl fetching
Andreas Steffen [Thu, 5 Apr 2007 17:09:54 +0000 (17:09 -0000)]
block crl fetching

13 years agosupport multiple ocsp servers
Andreas Steffen [Thu, 5 Apr 2007 17:08:51 +0000 (17:08 -0000)]
support multiple ocsp servers

13 years agosupport cachecrls=yes
Andreas Steffen [Thu, 5 Apr 2007 17:07:14 +0000 (17:07 -0000)]
support cachecrls=yes

13 years agosupport of crlcheckinterval=0 to disable IKEv2 CRL fetching
Andreas Steffen [Wed, 4 Apr 2007 07:49:05 +0000 (07:49 -0000)]
support of crlcheckinterval=0 to disable IKEv2 CRL fetching

13 years agoimproved log output for checkout_by_message()
Martin Willi [Wed, 4 Apr 2007 07:11:12 +0000 (07:11 -0000)]
improved log output for checkout_by_message()

13 years agoreinsert SHAREDTREE
Andreas Steffen [Wed, 4 Apr 2007 05:29:20 +0000 (05:29 -0000)]
reinsert SHAREDTREE

13 years ago--enable-ldap without value 3
Andreas Steffen [Wed, 4 Apr 2007 05:26:21 +0000 (05:26 -0000)]
--enable-ldap without value 3

13 years agorecognize strongSwan 2.8.4 VID
Andreas Steffen [Wed, 4 Apr 2007 05:25:06 +0000 (05:25 -0000)]
recognize strongSwan 2.8.4 VID

13 years agosupport of dynamical http-based CRL fetching
Andreas Steffen [Tue, 3 Apr 2007 22:05:04 +0000 (22:05 -0000)]
support of dynamical http-based CRL fetching

13 years agoiptables -L has now a link of its own
Andreas Steffen [Tue, 3 Apr 2007 22:03:25 +0000 (22:03 -0000)]
iptables -L has now a link of its own

13 years agofixed crl fetching bug
Andreas Steffen [Tue, 3 Apr 2007 22:02:17 +0000 (22:02 -0000)]
fixed crl fetching bug

13 years agoadded ip route list and iptables -L
Andreas Steffen [Tue, 3 Apr 2007 21:18:46 +0000 (21:18 -0000)]
added ip route list and iptables -L

13 years agoimplemented dynamic http-based CRL fetching
Andreas Steffen [Tue, 3 Apr 2007 21:11:23 +0000 (21:11 -0000)]
implemented dynamic http-based CRL fetching

13 years agosend VID_NATT_IETF_02_N for Windows 2003 server support
Andreas Steffen [Tue, 3 Apr 2007 21:10:08 +0000 (21:10 -0000)]
send VID_NATT_IETF_02_N for Windows 2003 server support

13 years agoimplemented dynamic http-based CRL fetching
Andreas Steffen [Tue, 3 Apr 2007 21:09:11 +0000 (21:09 -0000)]
implemented dynamic http-based CRL fetching

13 years agoimplemented http get method
Andreas Steffen [Tue, 3 Apr 2007 19:46:50 +0000 (19:46 -0000)]
implemented http get method

13 years agoIKEv1 changes
Andreas Steffen [Tue, 3 Apr 2007 12:41:37 +0000 (12:41 -0000)]
IKEv1 changes

13 years agoadded --enable-nat-transport and --disable-vendor-id configuration options
Andreas Steffen [Tue, 3 Apr 2007 07:58:34 +0000 (07:58 -0000)]
added --enable-nat-transport and --disable-vendor-id configuration options