strongswan.git
12 years agofixed all pluto compiler warnings
Martin Willi [Fri, 28 Mar 2008 11:48:14 +0000 (11:48 -0000)]
fixed all pluto compiler warnings

12 years agofixed compiler warning in openace
Martin Willi [Fri, 28 Mar 2008 11:47:11 +0000 (11:47 -0000)]
fixed compiler warning in openace
fixed pem loading bug

12 years agofixed compiler warning in libfreeswan
Martin Willi [Fri, 28 Mar 2008 11:46:30 +0000 (11:46 -0000)]
fixed compiler warning in libfreeswan

12 years agofixed compiler warning in scepclient
Martin Willi [Fri, 28 Mar 2008 11:45:56 +0000 (11:45 -0000)]
fixed compiler warning in scepclient

12 years agoremoved unused yynuput to fix compiler warning
Martin Willi [Fri, 28 Mar 2008 11:45:01 +0000 (11:45 -0000)]
removed unused yynuput to fix compiler warning

12 years agofixed compiler warning
Martin Willi [Fri, 28 Mar 2008 10:21:04 +0000 (10:21 -0000)]
fixed compiler warning

12 years agoreentrant save cert_cache
Martin Willi [Fri, 28 Mar 2008 08:38:51 +0000 (08:38 -0000)]
reentrant save cert_cache

12 years agocaching of CRLs
Martin Willi [Fri, 28 Mar 2008 08:14:47 +0000 (08:14 -0000)]
caching of CRLs

12 years agoreplaced get_public() by create_public_enumerator() to try multiple public keys for...
Martin Willi [Thu, 27 Mar 2008 19:07:23 +0000 (19:07 -0000)]
replaced get_public() by create_public_enumerator() to try multiple public keys for signature verification

12 years agouse trusted self-signed root CA certificates as trust anchor only
Martin Willi [Thu, 27 Mar 2008 13:38:02 +0000 (13:38 -0000)]
use trusted self-signed root CA certificates as trust anchor only

12 years agochanged external interface to the mediation extension.
Tobias Brunner [Thu, 27 Mar 2008 12:31:35 +0000 (12:31 -0000)]
changed external interface to the mediation extension.

12 years agocorrected ME_ENDPOINT length check
Tobias Brunner [Thu, 27 Mar 2008 12:29:51 +0000 (12:29 -0000)]
corrected ME_ENDPOINT length check

12 years agoreusing generic shared_key_t implementation in med_db
Martin Willi [Thu, 27 Mar 2008 11:45:49 +0000 (11:45 -0000)]
reusing generic shared_key_t implementation in med_db

12 years agowhitelisted FCGX_Init
Martin Willi [Thu, 27 Mar 2008 11:42:35 +0000 (11:42 -0000)]
whitelisted FCGX_Init
reporting count of leaks suppressed by whitelist

12 years agofixed memory leak in dispatcher
Martin Willi [Thu, 27 Mar 2008 10:24:37 +0000 (10:24 -0000)]
fixed memory leak in dispatcher

12 years agochecking the size of ME_* notify payloads
Tobias Brunner [Thu, 27 Mar 2008 10:17:29 +0000 (10:17 -0000)]
checking the size of ME_* notify payloads

12 years agoreplaced the COOKIE notify payload in connectivity checks with a ME_CONNECTAUTH notif...
Tobias Brunner [Thu, 27 Mar 2008 09:54:09 +0000 (09:54 -0000)]
replaced the COOKIE notify payload in connectivity checks with a ME_CONNECTAUTH notify payload

12 years agoimplemented cert cache flushing, ipsec purgeocsp
Martin Willi [Thu, 27 Mar 2008 06:37:29 +0000 (06:37 -0000)]
implemented cert cache flushing, ipsec purgeocsp

12 years agofixed plugin/stroke Makefile
Andreas Steffen [Wed, 26 Mar 2008 20:24:55 +0000 (20:24 -0000)]
fixed plugin/stroke Makefile

12 years agomakeshift fix of --enable-integrity-test option
Andreas Steffen [Wed, 26 Mar 2008 20:16:42 +0000 (20:16 -0000)]
makeshift fix of --enable-integrity-test option

12 years agomediation extension adapted to the naming convention of the current version of the...
Tobias Brunner [Wed, 26 Mar 2008 18:40:19 +0000 (18:40 -0000)]
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed

12 years agoadded uptime statistics to statusall
Martin Willi [Wed, 26 Mar 2008 16:13:14 +0000 (16:13 -0000)]
added uptime statistics to statusall

12 years agocaching of ocsp responses (experimental), no crl caching yet
Martin Willi [Wed, 26 Mar 2008 15:21:50 +0000 (15:21 -0000)]
caching of ocsp responses (experimental), no crl caching yet

12 years agofixed compile error if --enable-p2p is set
Martin Willi [Wed, 26 Mar 2008 14:45:24 +0000 (14:45 -0000)]
fixed compile error if --enable-p2p is set

12 years agotreat sig_alg and algorithm comparison in a consistent way over all certificate types
Andreas Steffen [Wed, 26 Mar 2008 13:10:36 +0000 (13:10 -0000)]
treat sig_alg and algorithm comparison in a consistent way over all certificate types

12 years agofixed rightca= constraint checking
Martin Willi [Wed, 26 Mar 2008 12:23:46 +0000 (12:23 -0000)]
fixed rightca= constraint checking
implemented rightca= for intermediate CAs we do not have the certificate at config load

12 years agofixed auth_info_t.equals()
Martin Willi [Wed, 26 Mar 2008 10:58:19 +0000 (10:58 -0000)]
fixed auth_info_t.equals()

12 years agosplitted stroke plugin to several files:
Martin Willi [Wed, 26 Mar 2008 10:10:40 +0000 (10:10 -0000)]
splitted stroke plugin to several files:
  socket: reads messages from socket, dispatching
  config: process add/del conn, serves configs through backend_t
  control: controlling of the daemon (up/down/route/...(
  cred: credential loading, serves creds through credential_set_t
  ca: ca sections from ipsec.conf, serves cdp's through credential_set_t
  list: log status information to stroke console (status/statusall/list*)
  shared_key: shared key implementation for keys read from ipsec.secrets
  plugin: registers stroke plugin and starts socket w/ thread

12 years agoadded equals() method to peer_cfg, ike_cfg, proposals, auth_info
Martin Willi [Wed, 26 Mar 2008 10:06:45 +0000 (10:06 -0000)]
added equals() method to peer_cfg, ike_cfg, proposals, auth_info
  allows easier merging of ipsec.conf connections
replaced some iterators through enumerators
made proposals algorithm_t private using enumerator

12 years agofixed compiler warnings
Martin Willi [Wed, 26 Mar 2008 09:29:30 +0000 (09:29 -0000)]
fixed compiler warnings

12 years agocertificate factory can load certs from file
Andreas Steffen [Tue, 25 Mar 2008 22:28:27 +0000 (22:28 -0000)]
certificate factory can load certs from file

12 years agoadded component BUILD_FROM_FILE
Andreas Steffen [Tue, 25 Mar 2008 13:26:33 +0000 (13:26 -0000)]
added component BUILD_FROM_FILE

12 years agorenamed certificate field in x509_cert.c to encoding
Andreas Steffen [Tue, 25 Mar 2008 12:22:12 +0000 (12:22 -0000)]
renamed certificate field in x509_cert.c to encoding

12 years agoadded ac.c
Andreas Steffen [Tue, 25 Mar 2008 10:13:57 +0000 (10:13 -0000)]
added ac.c

12 years agodefined *_create_from_file() constructors in libstrongswan/credentials/certificates
Andreas Steffen [Tue, 25 Mar 2008 10:12:45 +0000 (10:12 -0000)]
defined *_create_from_file() constructors in libstrongswan/credentials/certificates

12 years agofixed refence counts before calling attribute certificate factory
Andreas Steffen [Tue, 25 Mar 2008 09:39:23 +0000 (09:39 -0000)]
fixed refence counts before calling attribute certificate factory

12 years agocorrected some doxygen entries
Andreas Steffen [Sat, 22 Mar 2008 08:15:18 +0000 (08:15 -0000)]
corrected some doxygen entries

12 years agooptimized self-signed certificate detection
Andreas Steffen [Fri, 21 Mar 2008 20:37:08 +0000 (20:37 -0000)]
optimized self-signed certificate detection

12 years agoshortened debug output
Andreas Steffen [Fri, 21 Mar 2008 20:36:19 +0000 (20:36 -0000)]
shortened debug output

12 years agodetect trusted self-signed before trust chain verification
Andreas Steffen [Fri, 21 Mar 2008 19:10:55 +0000 (19:10 -0000)]
detect trusted self-signed before trust chain verification

12 years agoself-signed certificates were not marked by x509_cert.c
Andreas Steffen [Fri, 21 Mar 2008 19:07:12 +0000 (19:07 -0000)]
self-signed certificates were not marked by x509_cert.c

12 years agoadded ietf group attribute support to attibute certificate factory
Andreas Steffen [Fri, 21 Mar 2008 16:59:21 +0000 (16:59 -0000)]
added ietf group attribute support to attibute certificate factory

12 years agofixed memory allocation problem in openac
Andreas Steffen [Fri, 21 Mar 2008 15:58:48 +0000 (15:58 -0000)]
fixed memory allocation problem in openac

12 years agoadded BUILD_SERIAL component and fixed several ac bugs
Andreas Steffen [Fri, 21 Mar 2008 12:44:15 +0000 (12:44 -0000)]
added BUILD_SERIAL component and fixed several ac bugs

12 years agoadded VALIDATION_UNKNOWN to cert_validation_names
Andreas Steffen [Fri, 21 Mar 2008 11:54:12 +0000 (11:54 -0000)]
added VALIDATION_UNKNOWN to cert_validation_names

12 years agoadded credential factory support for BULD_NOT_BEFORE_TIME and BUILD_NOT_AFTER_TIME
Andreas Steffen [Fri, 21 Mar 2008 11:32:33 +0000 (11:32 -0000)]
added credential factory support for BULD_NOT_BEFORE_TIME and BUILD_NOT_AFTER_TIME

12 years agoadded x509_ac_builder plugin
Andreas Steffen [Fri, 21 Mar 2008 10:52:11 +0000 (10:52 -0000)]
added x509_ac_builder plugin

12 years agoinitialize library in openac
Andreas Steffen [Fri, 21 Mar 2008 10:42:05 +0000 (10:42 -0000)]
initialize library in openac

12 years agosuppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from...
Andreas Steffen [Fri, 21 Mar 2008 09:34:40 +0000 (09:34 -0000)]
suppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from Astaro.

12 years agooptimized debug output of credential_manager.c
Andreas Steffen [Fri, 21 Mar 2008 09:28:25 +0000 (09:28 -0000)]
optimized debug output of credential_manager.c

12 years agoremoved build.h include
Andreas Steffen [Thu, 20 Mar 2008 15:25:02 +0000 (15:25 -0000)]
removed build.h include

12 years agorefactored openac and its attribute certificate factory
Andreas Steffen [Thu, 20 Mar 2008 15:23:52 +0000 (15:23 -0000)]
refactored openac and its attribute certificate factory

12 years agomodified debug text
Andreas Steffen [Thu, 20 Mar 2008 15:22:26 +0000 (15:22 -0000)]
modified debug text

12 years agocert_cache_t caches subject-issuer relations and subject certificates
Martin Willi [Thu, 20 Mar 2008 14:31:36 +0000 (14:31 -0000)]
cert_cache_t caches subject-issuer relations and subject certificates
ocsp/crl do not benefit yet due missing lookup function

12 years agofallback to random end entity certificate if trustchain building fails
Martin Willi [Thu, 20 Mar 2008 13:14:55 +0000 (13:14 -0000)]
fallback to random end entity certificate if trustchain building fails

12 years ago(no commit message)
Martin Willi [Thu, 20 Mar 2008 11:38:51 +0000 (11:38 -0000)]

12 years agosome C libraries need _GNU_SOURCE for rwlocks
Martin Willi [Thu, 20 Mar 2008 11:27:55 +0000 (11:27 -0000)]
some C libraries need _GNU_SOURCE for rwlocks

12 years agoadded support for certificate requests for not yet known CAs
Martin Willi [Thu, 20 Mar 2008 10:09:56 +0000 (10:09 -0000)]
added support for certificate requests for not yet known CAs

12 years agoadded $
Andreas Steffen [Thu, 20 Mar 2008 09:30:07 +0000 (09:30 -0000)]
added $

12 years agofixed verification of preinstalled certificates
Martin Willi [Thu, 20 Mar 2008 09:30:02 +0000 (09:30 -0000)]
fixed verification of preinstalled certificates

12 years agoincluded utils/linked_list.h
Andreas Steffen [Thu, 20 Mar 2008 09:28:58 +0000 (09:28 -0000)]
included utils/linked_list.h

12 years agomore trustchain verification improvements
Martin Willi [Thu, 20 Mar 2008 09:27:57 +0000 (09:27 -0000)]
more trustchain verification improvements
should fix crl-revoked and two-certs scenarios

12 years agocleaned up includes
Andreas Steffen [Thu, 20 Mar 2008 09:24:22 +0000 (09:24 -0000)]
cleaned up includes

12 years agoCA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flag
Martin Willi [Thu, 20 Mar 2008 07:21:44 +0000 (07:21 -0000)]
CA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flag

12 years agorefactored trustchain verification, this should fix #33
Martin Willi [Wed, 19 Mar 2008 17:54:54 +0000 (17:54 -0000)]
refactored trustchain verification, this should fix #33
moved auth_info/ocsp_response credset wrapper to separate files

12 years agoincreased debug level in trust chain verification for auditing purposes
Andreas Steffen [Wed, 19 Mar 2008 17:04:09 +0000 (17:04 -0000)]
increased debug level in trust chain verification for auditing purposes

12 years agoremoved unimplemented private/public key function declarations
Martin Willi [Wed, 19 Mar 2008 14:21:56 +0000 (14:21 -0000)]
removed unimplemented private/public key function declarations

12 years agoThe introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
Martin Willi [Wed, 19 Mar 2008 14:02:52 +0000 (14:02 -0000)]
The introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
as it requires to XOR the key into the hashers state.
A new SHA1 based keyed hash function, implemented as PRF, enables EAP-AKA
and the FIPS-PRF function to properly use the existing SHA1 implementation.

12 years agolog nextUpdate of crls and ocsp responses
Andreas Steffen [Wed, 19 Mar 2008 13:11:29 +0000 (13:11 -0000)]
log nextUpdate of crls and ocsp responses

12 years agofixed stupid bug in fetch_ocsp()
Andreas Steffen [Wed, 19 Mar 2008 12:36:15 +0000 (12:36 -0000)]
fixed stupid bug in fetch_ocsp()

12 years agoattempt to achieve consistent debugging output
Andreas Steffen [Wed, 19 Mar 2008 12:06:38 +0000 (12:06 -0000)]
attempt to achieve consistent debugging output

12 years agofixed shared key lookup in stroke
Martin Willi [Wed, 19 Mar 2008 10:24:51 +0000 (10:24 -0000)]
fixed shared key lookup in stroke

12 years agofixed peer_cfg lookup when omitting IDr
Martin Willi [Wed, 19 Mar 2008 10:08:59 +0000 (10:08 -0000)]
fixed peer_cfg lookup when omitting IDr

12 years agofixed CRL check return value on revoked certificates
Martin Willi [Wed, 19 Mar 2008 09:44:47 +0000 (09:44 -0000)]
fixed CRL check return value on revoked certificates
fixed possible refcounting bugs
generic return_null() implementation

12 years agofixed compiler warning
Martin Willi [Tue, 18 Mar 2008 14:06:11 +0000 (14:06 -0000)]
fixed compiler warning

12 years agoadded generic payload order rules for notifies
Martin Willi [Tue, 18 Mar 2008 12:45:23 +0000 (12:45 -0000)]
added generic payload order rules for notifies

12 years agofixed ike_cfg lookup in stroke
Martin Willi [Tue, 18 Mar 2008 12:40:41 +0000 (12:40 -0000)]
fixed ike_cfg lookup in stroke

12 years agoadded false positive signature check
Martin Willi [Tue, 18 Mar 2008 12:25:39 +0000 (12:25 -0000)]
added false positive signature check

12 years agoadded missing test case file ([3607])
Martin Willi [Tue, 18 Mar 2008 12:16:36 +0000 (12:16 -0000)]
added missing test case file ([3607])

12 years agocreating public key from RSA private key
Martin Willi [Tue, 18 Mar 2008 12:13:51 +0000 (12:13 -0000)]
creating public key from RSA private key
RSA key generation and signature test

12 years agomade is_newer() a certificate_t method
Andreas Steffen [Tue, 18 Mar 2008 10:36:08 +0000 (10:36 -0000)]
made is_newer() a certificate_t method

12 years agobetter normalized tables for SQL plugin (IDs)
Martin Willi [Tue, 18 Mar 2008 09:07:04 +0000 (09:07 -0000)]
better normalized tables for SQL plugin (IDs)

12 years agoenforcing x509_flags on certificate construction
Martin Willi [Mon, 17 Mar 2008 08:06:49 +0000 (08:06 -0000)]
enforcing x509_flags on certificate construction

12 years agofixed CRL revoked certs enumeration
Martin Willi [Mon, 17 Mar 2008 07:25:32 +0000 (07:25 -0000)]
fixed CRL revoked certs enumeration

12 years agologging to SQL database
Martin Willi [Sat, 15 Mar 2008 14:17:09 +0000 (14:17 -0000)]
logging to SQL database

12 years agocorrectly unregister IKE_SA at the bus
Martin Willi [Sat, 15 Mar 2008 14:08:43 +0000 (14:08 -0000)]
correctly unregister IKE_SA at the bus

12 years agoremoved X509_PEER flag; flags are meant to read cert, not to store additional state...
Martin Willi [Fri, 14 Mar 2008 15:11:29 +0000 (15:11 -0000)]
removed X509_PEER flag; flags are meant to read cert, not to store additional state in cert
removed x509_t.set_flags for the reason above
implemented a simple, generic shared_key_t

12 years agocredential lookup in mysql/sqlite database
Martin Willi [Fri, 14 Mar 2008 15:06:42 +0000 (15:06 -0000)]
credential lookup in mysql/sqlite database

12 years agorefactored buggy trustchain building, fixed refcount bug
Martin Willi [Fri, 14 Mar 2008 15:04:16 +0000 (15:04 -0000)]
refactored buggy trustchain building, fixed refcount bug

12 years agoreduced mysql pool verbosity
Martin Willi [Fri, 14 Mar 2008 15:03:19 +0000 (15:03 -0000)]
reduced mysql pool verbosity

12 years agoSQL schema for MySQL and SQLite, test data
Martin Willi [Fri, 14 Mar 2008 07:39:01 +0000 (07:39 -0000)]
SQL schema for MySQL and SQLite, test data

12 years agotwo small fixes
Tobias Brunner [Thu, 13 Mar 2008 15:03:06 +0000 (15:03 -0000)]
two small fixes

12 years agofixed apidoc grouping
Martin Willi [Thu, 13 Mar 2008 14:53:57 +0000 (14:53 -0000)]
fixed apidoc grouping

12 years agoadded NetworkManager prototype DBUS policy, applet config
Martin Willi [Thu, 13 Mar 2008 14:41:27 +0000 (14:41 -0000)]
added NetworkManager prototype DBUS policy, applet config

12 years agoadded old and unmaintained prototype of NetworkManager applet and authenticator
Martin Willi [Thu, 13 Mar 2008 14:37:11 +0000 (14:37 -0000)]
added old and unmaintained prototype of NetworkManager applet and authenticator

12 years agoreverted accidentally commited testing config
Martin Willi [Thu, 13 Mar 2008 14:20:20 +0000 (14:20 -0000)]
reverted accidentally commited testing config

12 years agomerged the modularization branch (credentials) back to trunk
Martin Willi [Thu, 13 Mar 2008 14:14:44 +0000 (14:14 -0000)]
merged the modularization branch (credentials) back to trunk

12 years agoactivated svn:keywords on all UML scripts
Andreas Steffen [Sat, 1 Mar 2008 10:25:52 +0000 (10:25 -0000)]
activated svn:keywords on all UML scripts

12 years agosupport of gnome-terminal in UML testing
Andreas Steffen [Fri, 29 Feb 2008 20:17:28 +0000 (20:17 -0000)]
support of gnome-terminal in UML testing

12 years agotake down eth1 interface on alice via ssh
Andreas Steffen [Fri, 29 Feb 2008 17:00:07 +0000 (17:00 -0000)]
take down eth1 interface on alice via ssh