strongswan.git
12 years agoand a fix for it
Martin Willi [Tue, 1 Apr 2008 14:26:31 +0000 (14:26 -0000)]
and a fix for it

12 years agosimple converter from binary data to a c array
Martin Willi [Tue, 1 Apr 2008 14:19:22 +0000 (14:19 -0000)]
simple converter from binary data to a c array

12 years agoremoved unneded publicKeyInfo ASN1 structure
Martin Willi [Tue, 1 Apr 2008 13:39:12 +0000 (13:39 -0000)]
removed unneded publicKeyInfo ASN1 structure

12 years agominimal stroke_list_ocsp() implementation
Andreas Steffen [Tue, 1 Apr 2008 12:11:09 +0000 (12:11 -0000)]
minimal stroke_list_ocsp() implementation

12 years agostopping connectivity checks on the responders side after receiving an IKE_SA_INIT...
Tobias Brunner [Tue, 1 Apr 2008 11:38:18 +0000 (11:38 -0000)]
stopping connectivity checks on the responders side after receiving an IKE_SA_INIT request with the proper ME_CONNECTID

12 years agosome simplifications to trusted_enumerator_t
Martin Willi [Tue, 1 Apr 2008 10:56:08 +0000 (10:56 -0000)]
some simplifications to trusted_enumerator_t

12 years agochecking pretrusted but bad certificates only once
Martin Willi [Tue, 1 Apr 2008 10:43:44 +0000 (10:43 -0000)]
checking pretrusted but bad certificates only once

12 years agostroke_list groups certificates by issuer
Andreas Steffen [Tue, 1 Apr 2008 10:26:27 +0000 (10:26 -0000)]
stroke_list groups certificates by issuer

12 years agoreplaced the example manager database by a sql script
Martin Willi [Tue, 1 Apr 2008 07:16:48 +0000 (07:16 -0000)]
replaced the example manager database by a sql script

12 years agochanged enumerator implementation to handle reentrant code
Martin Willi [Tue, 1 Apr 2008 06:51:55 +0000 (06:51 -0000)]
changed enumerator implementation to handle reentrant code

12 years agominor changes in debug output
Andreas Steffen [Mon, 31 Mar 2008 21:59:32 +0000 (21:59 -0000)]
minor changes in debug output

12 years agoput DN in double quotes
Andreas Steffen [Mon, 31 Mar 2008 21:08:56 +0000 (21:08 -0000)]
put DN in double quotes

12 years agooutput error message if maximum ca path length is reached
Andreas Steffen [Mon, 31 Mar 2008 20:42:57 +0000 (20:42 -0000)]
output error message if maximum ca path length is reached

12 years agoipsec list suppresses duplicates
Andreas Steffen [Mon, 31 Mar 2008 20:21:24 +0000 (20:21 -0000)]
ipsec list suppresses duplicates

12 years agotiming of connectivity checks adjusted
Tobias Brunner [Mon, 31 Mar 2008 15:04:38 +0000 (15:04 -0000)]
timing of connectivity checks adjusted

12 years agodefining ME globally, as we need it in plugins
Martin Willi [Mon, 31 Mar 2008 15:01:43 +0000 (15:01 -0000)]
defining ME globally, as we need it in plugins

12 years agoutc argument in %#T was missing
Andreas Steffen [Mon, 31 Mar 2008 14:36:00 +0000 (14:36 -0000)]
utc argument in %#T was missing

12 years agosignal fixed
Tobias Brunner [Mon, 31 Mar 2008 14:27:16 +0000 (14:27 -0000)]
signal fixed

12 years agodisabled build of outdated dbus interface
Andreas Steffen [Mon, 31 Mar 2008 12:59:39 +0000 (12:59 -0000)]
disabled build of outdated dbus interface

12 years agochanged order of server and peer reflexive endpoints (and also the priorities)
Tobias Brunner [Mon, 31 Mar 2008 10:56:49 +0000 (10:56 -0000)]
changed order of server and peer reflexive endpoints (and also the priorities)

12 years agoreceived certificates have least priority
Martin Willi [Mon, 31 Mar 2008 08:43:18 +0000 (08:43 -0000)]
received certificates have least priority
fixed manager unlocking

12 years agofixed refcounting in certificate trustchain validation
Martin Willi [Mon, 31 Mar 2008 07:16:12 +0000 (07:16 -0000)]
fixed refcounting in certificate trustchain validation

12 years agoadapted configure options in testing.conf and build-umlrootfs
Andreas Steffen [Sat, 29 Mar 2008 19:33:02 +0000 (19:33 -0000)]
adapted configure options in testing.conf and build-umlrootfs

12 years agochanged error message
Andreas Steffen [Sat, 29 Mar 2008 13:26:53 +0000 (13:26 -0000)]
changed error message

12 years agooutput uptime in status in local time
Andreas Steffen [Sat, 29 Mar 2008 08:55:09 +0000 (08:55 -0000)]
output uptime in status in local time

12 years agoshortened menu item
Andreas Steffen [Fri, 28 Mar 2008 22:46:09 +0000 (22:46 -0000)]
shortened menu item

12 years agodemoted ldap debug output to level 2
Andreas Steffen [Fri, 28 Mar 2008 22:44:45 +0000 (22:44 -0000)]
demoted ldap debug output to level 2

12 years agoremove xml directory
Andreas Steffen [Fri, 28 Mar 2008 19:49:59 +0000 (19:49 -0000)]
remove xml directory

12 years agoleak detective detects heap over- and underflow
Martin Willi [Fri, 28 Mar 2008 14:51:26 +0000 (14:51 -0000)]
leak detective detects heap over- and underflow

12 years agoupdated leak_detective whitelist: libxml and clearsilver functions
Martin Willi [Fri, 28 Mar 2008 13:16:36 +0000 (13:16 -0000)]
updated leak_detective whitelist: libxml and clearsilver functions

12 years agorenamed xml plugin to smp to avoid confusion
Martin Willi [Fri, 28 Mar 2008 12:44:01 +0000 (12:44 -0000)]
renamed xml plugin to smp to avoid confusion
added some dependency checks to configure
configure checks ClearSilver and fastcgi
cleanups in the build system here and there

12 years agofixed manager plugin loading
Martin Willi [Fri, 28 Mar 2008 12:41:05 +0000 (12:41 -0000)]
fixed manager plugin loading
manager uses strongswan.conf to read its configuration

12 years agofixed crash if crl fetching fails
Martin Willi [Fri, 28 Mar 2008 12:00:51 +0000 (12:00 -0000)]
fixed crash if crl fetching fails

12 years agofixed all pluto compiler warnings
Martin Willi [Fri, 28 Mar 2008 11:48:14 +0000 (11:48 -0000)]
fixed all pluto compiler warnings

12 years agofixed compiler warning in openace
Martin Willi [Fri, 28 Mar 2008 11:47:11 +0000 (11:47 -0000)]
fixed compiler warning in openace
fixed pem loading bug

12 years agofixed compiler warning in libfreeswan
Martin Willi [Fri, 28 Mar 2008 11:46:30 +0000 (11:46 -0000)]
fixed compiler warning in libfreeswan

12 years agofixed compiler warning in scepclient
Martin Willi [Fri, 28 Mar 2008 11:45:56 +0000 (11:45 -0000)]
fixed compiler warning in scepclient

12 years agoremoved unused yynuput to fix compiler warning
Martin Willi [Fri, 28 Mar 2008 11:45:01 +0000 (11:45 -0000)]
removed unused yynuput to fix compiler warning

12 years agofixed compiler warning
Martin Willi [Fri, 28 Mar 2008 10:21:04 +0000 (10:21 -0000)]
fixed compiler warning

12 years agoreentrant save cert_cache
Martin Willi [Fri, 28 Mar 2008 08:38:51 +0000 (08:38 -0000)]
reentrant save cert_cache

12 years agocaching of CRLs
Martin Willi [Fri, 28 Mar 2008 08:14:47 +0000 (08:14 -0000)]
caching of CRLs

12 years agoreplaced get_public() by create_public_enumerator() to try multiple public keys for...
Martin Willi [Thu, 27 Mar 2008 19:07:23 +0000 (19:07 -0000)]
replaced get_public() by create_public_enumerator() to try multiple public keys for signature verification

12 years agouse trusted self-signed root CA certificates as trust anchor only
Martin Willi [Thu, 27 Mar 2008 13:38:02 +0000 (13:38 -0000)]
use trusted self-signed root CA certificates as trust anchor only

12 years agochanged external interface to the mediation extension.
Tobias Brunner [Thu, 27 Mar 2008 12:31:35 +0000 (12:31 -0000)]
changed external interface to the mediation extension.

12 years agocorrected ME_ENDPOINT length check
Tobias Brunner [Thu, 27 Mar 2008 12:29:51 +0000 (12:29 -0000)]
corrected ME_ENDPOINT length check

12 years agoreusing generic shared_key_t implementation in med_db
Martin Willi [Thu, 27 Mar 2008 11:45:49 +0000 (11:45 -0000)]
reusing generic shared_key_t implementation in med_db

12 years agowhitelisted FCGX_Init
Martin Willi [Thu, 27 Mar 2008 11:42:35 +0000 (11:42 -0000)]
whitelisted FCGX_Init
reporting count of leaks suppressed by whitelist

12 years agofixed memory leak in dispatcher
Martin Willi [Thu, 27 Mar 2008 10:24:37 +0000 (10:24 -0000)]
fixed memory leak in dispatcher

12 years agochecking the size of ME_* notify payloads
Tobias Brunner [Thu, 27 Mar 2008 10:17:29 +0000 (10:17 -0000)]
checking the size of ME_* notify payloads

12 years agoreplaced the COOKIE notify payload in connectivity checks with a ME_CONNECTAUTH notif...
Tobias Brunner [Thu, 27 Mar 2008 09:54:09 +0000 (09:54 -0000)]
replaced the COOKIE notify payload in connectivity checks with a ME_CONNECTAUTH notify payload

12 years agoimplemented cert cache flushing, ipsec purgeocsp
Martin Willi [Thu, 27 Mar 2008 06:37:29 +0000 (06:37 -0000)]
implemented cert cache flushing, ipsec purgeocsp

12 years agofixed plugin/stroke Makefile
Andreas Steffen [Wed, 26 Mar 2008 20:24:55 +0000 (20:24 -0000)]
fixed plugin/stroke Makefile

12 years agomakeshift fix of --enable-integrity-test option
Andreas Steffen [Wed, 26 Mar 2008 20:16:42 +0000 (20:16 -0000)]
makeshift fix of --enable-integrity-test option

12 years agomediation extension adapted to the naming convention of the current version of the...
Tobias Brunner [Wed, 26 Mar 2008 18:40:19 +0000 (18:40 -0000)]
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed

12 years agoadded uptime statistics to statusall
Martin Willi [Wed, 26 Mar 2008 16:13:14 +0000 (16:13 -0000)]
added uptime statistics to statusall

12 years agocaching of ocsp responses (experimental), no crl caching yet
Martin Willi [Wed, 26 Mar 2008 15:21:50 +0000 (15:21 -0000)]
caching of ocsp responses (experimental), no crl caching yet

12 years agofixed compile error if --enable-p2p is set
Martin Willi [Wed, 26 Mar 2008 14:45:24 +0000 (14:45 -0000)]
fixed compile error if --enable-p2p is set

12 years agotreat sig_alg and algorithm comparison in a consistent way over all certificate types
Andreas Steffen [Wed, 26 Mar 2008 13:10:36 +0000 (13:10 -0000)]
treat sig_alg and algorithm comparison in a consistent way over all certificate types

12 years agofixed rightca= constraint checking
Martin Willi [Wed, 26 Mar 2008 12:23:46 +0000 (12:23 -0000)]
fixed rightca= constraint checking
implemented rightca= for intermediate CAs we do not have the certificate at config load

12 years agofixed auth_info_t.equals()
Martin Willi [Wed, 26 Mar 2008 10:58:19 +0000 (10:58 -0000)]
fixed auth_info_t.equals()

12 years agosplitted stroke plugin to several files:
Martin Willi [Wed, 26 Mar 2008 10:10:40 +0000 (10:10 -0000)]
splitted stroke plugin to several files:
  socket: reads messages from socket, dispatching
  config: process add/del conn, serves configs through backend_t
  control: controlling of the daemon (up/down/route/...(
  cred: credential loading, serves creds through credential_set_t
  ca: ca sections from ipsec.conf, serves cdp's through credential_set_t
  list: log status information to stroke console (status/statusall/list*)
  shared_key: shared key implementation for keys read from ipsec.secrets
  plugin: registers stroke plugin and starts socket w/ thread

12 years agoadded equals() method to peer_cfg, ike_cfg, proposals, auth_info
Martin Willi [Wed, 26 Mar 2008 10:06:45 +0000 (10:06 -0000)]
added equals() method to peer_cfg, ike_cfg, proposals, auth_info
  allows easier merging of ipsec.conf connections
replaced some iterators through enumerators
made proposals algorithm_t private using enumerator

12 years agofixed compiler warnings
Martin Willi [Wed, 26 Mar 2008 09:29:30 +0000 (09:29 -0000)]
fixed compiler warnings

12 years agocertificate factory can load certs from file
Andreas Steffen [Tue, 25 Mar 2008 22:28:27 +0000 (22:28 -0000)]
certificate factory can load certs from file

12 years agoadded component BUILD_FROM_FILE
Andreas Steffen [Tue, 25 Mar 2008 13:26:33 +0000 (13:26 -0000)]
added component BUILD_FROM_FILE

12 years agorenamed certificate field in x509_cert.c to encoding
Andreas Steffen [Tue, 25 Mar 2008 12:22:12 +0000 (12:22 -0000)]
renamed certificate field in x509_cert.c to encoding

12 years agoadded ac.c
Andreas Steffen [Tue, 25 Mar 2008 10:13:57 +0000 (10:13 -0000)]
added ac.c

12 years agodefined *_create_from_file() constructors in libstrongswan/credentials/certificates
Andreas Steffen [Tue, 25 Mar 2008 10:12:45 +0000 (10:12 -0000)]
defined *_create_from_file() constructors in libstrongswan/credentials/certificates

12 years agofixed refence counts before calling attribute certificate factory
Andreas Steffen [Tue, 25 Mar 2008 09:39:23 +0000 (09:39 -0000)]
fixed refence counts before calling attribute certificate factory

12 years agocorrected some doxygen entries
Andreas Steffen [Sat, 22 Mar 2008 08:15:18 +0000 (08:15 -0000)]
corrected some doxygen entries

12 years agooptimized self-signed certificate detection
Andreas Steffen [Fri, 21 Mar 2008 20:37:08 +0000 (20:37 -0000)]
optimized self-signed certificate detection

12 years agoshortened debug output
Andreas Steffen [Fri, 21 Mar 2008 20:36:19 +0000 (20:36 -0000)]
shortened debug output

12 years agodetect trusted self-signed before trust chain verification
Andreas Steffen [Fri, 21 Mar 2008 19:10:55 +0000 (19:10 -0000)]
detect trusted self-signed before trust chain verification

12 years agoself-signed certificates were not marked by x509_cert.c
Andreas Steffen [Fri, 21 Mar 2008 19:07:12 +0000 (19:07 -0000)]
self-signed certificates were not marked by x509_cert.c

12 years agoadded ietf group attribute support to attibute certificate factory
Andreas Steffen [Fri, 21 Mar 2008 16:59:21 +0000 (16:59 -0000)]
added ietf group attribute support to attibute certificate factory

12 years agofixed memory allocation problem in openac
Andreas Steffen [Fri, 21 Mar 2008 15:58:48 +0000 (15:58 -0000)]
fixed memory allocation problem in openac

12 years agoadded BUILD_SERIAL component and fixed several ac bugs
Andreas Steffen [Fri, 21 Mar 2008 12:44:15 +0000 (12:44 -0000)]
added BUILD_SERIAL component and fixed several ac bugs

12 years agoadded VALIDATION_UNKNOWN to cert_validation_names
Andreas Steffen [Fri, 21 Mar 2008 11:54:12 +0000 (11:54 -0000)]
added VALIDATION_UNKNOWN to cert_validation_names

12 years agoadded credential factory support for BULD_NOT_BEFORE_TIME and BUILD_NOT_AFTER_TIME
Andreas Steffen [Fri, 21 Mar 2008 11:32:33 +0000 (11:32 -0000)]
added credential factory support for BULD_NOT_BEFORE_TIME and BUILD_NOT_AFTER_TIME

12 years agoadded x509_ac_builder plugin
Andreas Steffen [Fri, 21 Mar 2008 10:52:11 +0000 (10:52 -0000)]
added x509_ac_builder plugin

12 years agoinitialize library in openac
Andreas Steffen [Fri, 21 Mar 2008 10:42:05 +0000 (10:42 -0000)]
initialize library in openac

12 years agosuppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from...
Andreas Steffen [Fri, 21 Mar 2008 09:34:40 +0000 (09:34 -0000)]
suppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from Astaro.

12 years agooptimized debug output of credential_manager.c
Andreas Steffen [Fri, 21 Mar 2008 09:28:25 +0000 (09:28 -0000)]
optimized debug output of credential_manager.c

12 years agoremoved build.h include
Andreas Steffen [Thu, 20 Mar 2008 15:25:02 +0000 (15:25 -0000)]
removed build.h include

12 years agorefactored openac and its attribute certificate factory
Andreas Steffen [Thu, 20 Mar 2008 15:23:52 +0000 (15:23 -0000)]
refactored openac and its attribute certificate factory

12 years agomodified debug text
Andreas Steffen [Thu, 20 Mar 2008 15:22:26 +0000 (15:22 -0000)]
modified debug text

12 years agocert_cache_t caches subject-issuer relations and subject certificates
Martin Willi [Thu, 20 Mar 2008 14:31:36 +0000 (14:31 -0000)]
cert_cache_t caches subject-issuer relations and subject certificates
ocsp/crl do not benefit yet due missing lookup function

12 years agofallback to random end entity certificate if trustchain building fails
Martin Willi [Thu, 20 Mar 2008 13:14:55 +0000 (13:14 -0000)]
fallback to random end entity certificate if trustchain building fails

12 years ago(no commit message)
Martin Willi [Thu, 20 Mar 2008 11:38:51 +0000 (11:38 -0000)]

12 years agosome C libraries need _GNU_SOURCE for rwlocks
Martin Willi [Thu, 20 Mar 2008 11:27:55 +0000 (11:27 -0000)]
some C libraries need _GNU_SOURCE for rwlocks

12 years agoadded support for certificate requests for not yet known CAs
Martin Willi [Thu, 20 Mar 2008 10:09:56 +0000 (10:09 -0000)]
added support for certificate requests for not yet known CAs

12 years agoadded $
Andreas Steffen [Thu, 20 Mar 2008 09:30:07 +0000 (09:30 -0000)]
added $

12 years agofixed verification of preinstalled certificates
Martin Willi [Thu, 20 Mar 2008 09:30:02 +0000 (09:30 -0000)]
fixed verification of preinstalled certificates

12 years agoincluded utils/linked_list.h
Andreas Steffen [Thu, 20 Mar 2008 09:28:58 +0000 (09:28 -0000)]
included utils/linked_list.h

12 years agomore trustchain verification improvements
Martin Willi [Thu, 20 Mar 2008 09:27:57 +0000 (09:27 -0000)]
more trustchain verification improvements
should fix crl-revoked and two-certs scenarios

12 years agocleaned up includes
Andreas Steffen [Thu, 20 Mar 2008 09:24:22 +0000 (09:24 -0000)]
cleaned up includes

12 years agoCA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flag
Martin Willi [Thu, 20 Mar 2008 07:21:44 +0000 (07:21 -0000)]
CA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flag

12 years agorefactored trustchain verification, this should fix #33
Martin Willi [Wed, 19 Mar 2008 17:54:54 +0000 (17:54 -0000)]
refactored trustchain verification, this should fix #33
moved auth_info/ocsp_response credset wrapper to separate files

12 years agoincreased debug level in trust chain verification for auditing purposes
Andreas Steffen [Wed, 19 Mar 2008 17:04:09 +0000 (17:04 -0000)]
increased debug level in trust chain verification for auditing purposes

12 years agoremoved unimplemented private/public key function declarations
Martin Willi [Wed, 19 Mar 2008 14:21:56 +0000 (14:21 -0000)]
removed unimplemented private/public key function declarations