strongswan.git
10 years agowait for the finalization of the Functional Component measurements
Andreas Steffen [Fri, 13 Jul 2012 08:06:43 +0000 (10:06 +0200)]
wait for the finalization of the Functional Component measurements

10 years agorestrict PA-TNC message siz only if upper limit is defined
Andreas Steffen [Thu, 12 Jul 2012 20:18:24 +0000 (22:18 +0200)]
restrict PA-TNC message siz only if upper limit is defined

10 years agoa curly bracket got lost
Andreas Steffen [Thu, 12 Jul 2012 19:19:55 +0000 (21:19 +0200)]
a curly bracket got lost

10 years agodestroy oversized attributes
Andreas Steffen [Thu, 12 Jul 2012 19:17:28 +0000 (21:17 +0200)]
destroy oversized attributes

10 years agoprevent endless loop with oversize attributes
Andreas Steffen [Thu, 12 Jul 2012 19:14:21 +0000 (21:14 +0200)]
prevent endless loop with oversize attributes

10 years agorestrict PA-TNC messages to maximum size
Andreas Steffen [Thu, 12 Jul 2012 18:01:32 +0000 (20:01 +0200)]
restrict PA-TNC messages to maximum size

10 years agorefactored PA-TNC attribute error handling
Andreas Steffen [Thu, 12 Jul 2012 11:39:27 +0000 (13:39 +0200)]
refactored PA-TNC attribute error handling

10 years agofixed memory leak in the IETF standard error handling
Andreas Steffen [Thu, 12 Jul 2012 11:38:44 +0000 (13:38 +0200)]
fixed memory leak in the IETF standard error handling

10 years agostatic upper size limit for PA-TNC messages
Andreas Steffen [Thu, 12 Jul 2012 10:49:49 +0000 (12:49 +0200)]
static upper size limit for PA-TNC messages

10 years agoAvoid that any % characters (e.g. in %any) are evaluated when logging via stroke
Tobias Brunner [Thu, 12 Jul 2012 14:58:00 +0000 (16:58 +0200)]
Avoid that any % characters (e.g. in %any) are evaluated when logging via stroke

10 years agoAdded PLUGIN_NOOP to separate PLUGIN_PROVIDE from previous CALLBACK/REGISTER entries
Tobias Brunner [Thu, 12 Jul 2012 14:52:01 +0000 (16:52 +0200)]
Added PLUGIN_NOOP to separate PLUGIN_PROVIDE from previous CALLBACK/REGISTER entries

10 years agoAndroid.mk of libstrongswan adapted to config.h changes
Tobias Brunner [Thu, 12 Jul 2012 07:56:44 +0000 (09:56 +0200)]
Android.mk of libstrongswan adapted to config.h changes

10 years agoProperly cleanup thread-local values for the threads destroying thread_value_t objects
Tobias Brunner [Thu, 12 Jul 2012 07:34:56 +0000 (09:34 +0200)]
Properly cleanup thread-local values for the threads destroying thread_value_t objects

10 years agoSet a sane default if --with-dev-headers is given without path
Martin Willi [Thu, 12 Jul 2012 06:39:54 +0000 (08:39 +0200)]
Set a sane default if --with-dev-headers is given without path

10 years agofixed a memory leak in imc|imv_agent
Andreas Steffen [Wed, 11 Jul 2012 22:03:24 +0000 (00:03 +0200)]
fixed a memory leak in imc|imv_agent

10 years agoimc/imv->send_message() uses attr_list
Andreas Steffen [Wed, 11 Jul 2012 21:34:51 +0000 (23:34 +0200)]
imc/imv->send_message() uses attr_list

10 years agoremoved unused variables
Andreas Steffen [Wed, 11 Jul 2012 21:15:44 +0000 (23:15 +0200)]
removed unused variables

10 years agofixed libstrongswan/Makefile.am
Andreas Steffen [Wed, 11 Jul 2012 21:13:55 +0000 (23:13 +0200)]
fixed libstrongswan/Makefile.am

10 years agoUse "-include config.h" when building ruby dumm extension
Martin Willi [Wed, 11 Jul 2012 16:06:37 +0000 (18:06 +0200)]
Use "-include config.h" when building ruby dumm extension

10 years agoversion bump to 5.0.1dr1
Andreas Steffen [Wed, 11 Jul 2012 15:46:45 +0000 (17:46 +0200)]
version bump to 5.0.1dr1

10 years agofixed logging of unsupported TNCCS version
Andreas Steffen [Wed, 11 Jul 2012 11:13:12 +0000 (13:13 +0200)]
fixed logging of unsupported TNCCS version

10 years agoPB-TNC Client sends empty CLOSE batch only in DECIDED state
Andreas Steffen [Wed, 11 Jul 2012 11:06:36 +0000 (13:06 +0200)]
PB-TNC Client sends empty CLOSE batch only in DECIDED state

10 years agohave_recommendation() accepts NULL arguments
Andreas Steffen [Wed, 11 Jul 2012 11:02:19 +0000 (13:02 +0200)]
have_recommendation() accepts NULL arguments

10 years agosend empty SDATA batch if no recommendation is available yet, but in order to avoid...
Andreas Steffen [Wed, 11 Jul 2012 10:21:29 +0000 (12:21 +0200)]
send empty SDATA batch if no recommendation is available yet, but in order to avoid loops only if no empty CDATA batch was received

10 years agomoved batch size calculation into pb_tnc_batch_t
Andreas Steffen [Wed, 11 Jul 2012 08:00:48 +0000 (10:00 +0200)]
moved batch size calculation into pb_tnc_batch_t

10 years agomake maximum PB-TNC batch size configurable
Andreas Steffen [Wed, 11 Jul 2012 07:23:45 +0000 (09:23 +0200)]
make maximum PB-TNC batch size configurable

10 years agolimit the size of a PB-TNC batch to the maximum EAP-TNC packet size
Andreas Steffen [Tue, 10 Jul 2012 20:51:49 +0000 (22:51 +0200)]
limit the size of a PB-TNC batch to the maximum EAP-TNC packet size

10 years agoremove pluto logging
Andreas Steffen [Mon, 9 Jul 2012 22:23:14 +0000 (00:23 +0200)]
remove pluto logging

10 years agoeliminate message length field in EAP-TNC
Andreas Steffen [Mon, 9 Jul 2012 20:08:04 +0000 (22:08 +0200)]
eliminate message length field in EAP-TNC

10 years agoadded charon.plugins.eap-tnc.protocol option
Andreas Steffen [Mon, 9 Jul 2012 19:04:13 +0000 (21:04 +0200)]
added charon.plugins.eap-tnc.protocol option

10 years agodue to single fragment, total length does not have to be included
Andreas Steffen [Mon, 9 Jul 2012 18:58:51 +0000 (20:58 +0200)]
due to single fragment, total length does not have to be included

10 years agoEAP-TNC does not support fragmentation
Andreas Steffen [Mon, 9 Jul 2012 18:56:19 +0000 (20:56 +0200)]
EAP-TNC does not support fragmentation

10 years agoallow to transmit 64k TLS Handshake and Application messages via EAP-[T]TLS
Andreas Steffen [Mon, 9 Jul 2012 16:07:18 +0000 (18:07 +0200)]
allow to transmit 64k TLS Handshake and Application messages via EAP-[T]TLS

10 years agosome tls_eap optimizations
Andreas Steffen [Mon, 9 Jul 2012 13:04:00 +0000 (15:04 +0200)]
some tls_eap optimizations

10 years agoconfigure size of ITA Dummy PA-TNC attribute
Andreas Steffen [Mon, 9 Jul 2012 07:53:22 +0000 (09:53 +0200)]
configure size of ITA Dummy PA-TNC attribute

10 years agomax_message_count = 0 disables limit
Andreas Steffen [Mon, 9 Jul 2012 07:47:18 +0000 (09:47 +0200)]
max_message_count = 0 disables limit

10 years agodefined ITA Dummy PA-TNC attribute for test purposes
Andreas Steffen [Sun, 8 Jul 2012 05:38:35 +0000 (07:38 +0200)]
defined ITA Dummy PA-TNC attribute for test purposes

10 years agouse TSS_PCRS_STRUCT_DEFAULT
Andreas Steffen [Sun, 8 Jul 2012 05:37:04 +0000 (07:37 +0200)]
use TSS_PCRS_STRUCT_DEFAULT

10 years agolog invalid TLS packet length
Andreas Steffen [Sun, 8 Jul 2012 05:35:01 +0000 (07:35 +0200)]
log invalid TLS packet length

10 years agocheck boot_aggregate value
Andreas Steffen [Thu, 5 Jul 2012 17:15:28 +0000 (19:15 +0200)]
check boot_aggregate value

10 years agorefactored PTS functional component measurements
Andreas Steffen [Thu, 5 Jul 2012 11:34:34 +0000 (13:34 +0200)]
refactored PTS functional component measurements

10 years agoInstall dev headers only if --with-dev-headers= option is set
Martin Willi [Wed, 11 Jul 2012 09:16:31 +0000 (11:16 +0200)]
Install dev headers only if --with-dev-headers= option is set

10 years agoInstall libtls development headers
Martin Willi [Wed, 11 Jul 2012 08:51:01 +0000 (10:51 +0200)]
Install libtls development headers

10 years agoInstall libfast development headers
Martin Willi [Wed, 11 Jul 2012 08:41:47 +0000 (10:41 +0200)]
Install libfast development headers

10 years agoDefine CONFIG_H_INCLUDED in Android build
Martin Willi [Wed, 11 Jul 2012 08:00:27 +0000 (10:00 +0200)]
Define CONFIG_H_INCLUDED in Android build

10 years agoCheck if config.h passed correctly via gcc -include
Martin Willi [Wed, 4 Jul 2012 12:53:21 +0000 (14:53 +0200)]
Check if config.h passed correctly via gcc -include

10 years agoInstall libstrongswan development headers
Martin Willi [Tue, 3 Jul 2012 15:27:46 +0000 (17:27 +0200)]
Install libstrongswan development headers

10 years agoUse and install a config.h AC_CONFIG_HEADER that contains all AC_DEFINE results
Martin Willi [Tue, 3 Jul 2012 14:45:12 +0000 (16:45 +0200)]
Use and install a config.h AC_CONFIG_HEADER that contains all AC_DEFINE results

10 years agoAdded a description to all AC_DEFINE macros, as required by autoheader
Martin Willi [Tue, 3 Jul 2012 14:40:26 +0000 (16:40 +0200)]
Added a description to all AC_DEFINE macros, as required by autoheader

10 years agoAdd safe_strerror() to leak detective whitelist
Martin Willi [Wed, 11 Jul 2012 06:45:15 +0000 (08:45 +0200)]
Add safe_strerror() to leak detective whitelist

While the thread specific strerror buffer gets cleaned up for
worker threads during their termination, the main thread itself,
and so its strerror buffer, is still alive during leak reports.

10 years agoSend cert request based on peers configured authentication class
Martin Willi [Tue, 10 Jul 2012 15:15:28 +0000 (17:15 +0200)]
Send cert request based on peers configured authentication class

10 years agoAdd an option to disable libstrongswan certificate caching
Martin Willi [Mon, 9 Jul 2012 17:03:10 +0000 (19:03 +0200)]
Add an option to disable libstrongswan certificate caching

10 years agogetpwnam_r and getgrnam_r are not supported by the Android NDK
Tobias Brunner [Mon, 9 Jul 2012 15:49:18 +0000 (17:49 +0200)]
getpwnam_r and getgrnam_r are not supported by the Android NDK

10 years agoAndroid.mk of libstrongswan updated
Tobias Brunner [Mon, 9 Jul 2012 14:50:17 +0000 (16:50 +0200)]
Android.mk of libstrongswan updated

10 years agoDon't send CERTREQs when initiating aggressive mode PSK
Martin Willi [Mon, 9 Jul 2012 10:05:23 +0000 (12:05 +0200)]
Don't send CERTREQs when initiating aggressive mode PSK

10 years agoFixed help text for --disable-xauth-generic plugin
Tobias Brunner [Mon, 2 Jul 2012 10:49:29 +0000 (12:49 +0200)]
Fixed help text for --disable-xauth-generic plugin

10 years agoRefactored heavily #ifdefd capability code to its own libstrongswan class
Martin Willi [Tue, 3 Jul 2012 11:07:24 +0000 (13:07 +0200)]
Refactored heavily #ifdefd capability code to its own libstrongswan class

10 years agoUse spin locks to update IKE_SAs in controller_t
Tobias Brunner [Wed, 4 Jul 2012 07:11:13 +0000 (09:11 +0200)]
Use spin locks to update IKE_SAs in controller_t

This ensures the listeners don't miss any events after the SAs have been
checked out in the asynchronously executed jobs.  This is a matter of
memory visibility and not primary a matter of exclusive access.

10 years agoAdded wrapper for POSIX spin locks
Tobias Brunner [Wed, 4 Jul 2012 07:07:20 +0000 (09:07 +0200)]
Added wrapper for POSIX spin locks

10 years agoFixed job handling in controller_t
Tobias Brunner [Tue, 3 Jul 2012 09:30:00 +0000 (11:30 +0200)]
Fixed job handling in controller_t

Also IKE_SAs are now checked out in the jobs and not before.

10 years agoAdd charon-nm to .gitignore
Martin Willi [Tue, 3 Jul 2012 15:41:14 +0000 (17:41 +0200)]
Add charon-nm to .gitignore

10 years agoDefault to register_printf_specifier() if no printf hooking #defined
Martin Willi [Mon, 2 Jul 2012 16:00:33 +0000 (18:00 +0200)]
Default to register_printf_specifier() if no printf hooking #defined

This allows us to build (non-./configured) external tools against
libstrongswan without explicitly specifiying the most commonly used
printf hooking function.

10 years agoopenssl: Ensure the thread ID is never zero
Tobias Brunner [Sat, 30 Jun 2012 08:05:41 +0000 (10:05 +0200)]
openssl: Ensure the thread ID is never zero

This might otherwise cause problems because OpenSSL tries to lock
mutexes recursively if it assumes the lock is held by a different
thread e.g. during FIPS initialization.

10 years agoAccept non-"/0" subnet sizes for traffic selectors starting at 0.0.0.0
Martin Willi [Mon, 2 Jul 2012 15:25:26 +0000 (17:25 +0200)]
Accept non-"/0" subnet sizes for traffic selectors starting at 0.0.0.0

10 years agoUpdate our network-manager-strongswan/debian to what is actually used downstream
Martin Willi [Mon, 2 Jul 2012 08:18:59 +0000 (10:18 +0200)]
Update our network-manager-strongswan/debian to what is actually used downstream

10 years agoremove virtual IP for moon's inner interface 5.0.0
Andreas Steffen [Fri, 29 Jun 2012 21:20:32 +0000 (23:20 +0200)]
remove virtual IP for moon's inner interface

10 years agoAdded GPL header to AndroidConfigLocal.h
Tobias Brunner [Fri, 29 Jun 2012 14:08:17 +0000 (16:08 +0200)]
Added GPL header to AndroidConfigLocal.h

10 years agoAdded GPL header to scripts
Tobias Brunner [Fri, 29 Jun 2012 14:07:10 +0000 (16:07 +0200)]
Added GPL header to scripts

10 years agoAdded LICENSE file to the distribution
Tobias Brunner [Fri, 29 Jun 2012 13:23:46 +0000 (15:23 +0200)]
Added LICENSE file to the distribution

10 years agoAdded OpenSSL/GPL exception to LICENSE file
Tobias Brunner [Fri, 29 Jun 2012 13:20:23 +0000 (15:20 +0200)]
Added OpenSSL/GPL exception to LICENSE file

Also updated other parts of the license.

10 years agoRemoved superfluous remove_hasher() call in md5 plugin
Tobias Brunner [Fri, 29 Jun 2012 14:22:41 +0000 (16:22 +0200)]
Removed superfluous remove_hasher() call in md5 plugin

10 years agoPass "lo" as faked tundev to NM, as it now needs a valid interface since 0.9
Martin Willi [Fri, 29 Jun 2012 13:21:57 +0000 (15:21 +0200)]
Pass "lo" as faked tundev to NM, as it now needs a valid interface since 0.9

10 years agoAs a responder, don't start a TRANSACTION request if we expect one from the initiator
Martin Willi [Fri, 29 Jun 2012 11:40:05 +0000 (13:40 +0200)]
As a responder, don't start a TRANSACTION request if we expect one from the initiator

10 years agoan IKE daemon needs these plugins but a PDP doesn't
Andreas Steffen [Fri, 29 Jun 2012 04:24:02 +0000 (06:24 +0200)]
an IKE daemon needs these plugins but a PDP doesn't

10 years agoadded Ubuntu 12.04 LTS i686 measurements
Andreas Steffen [Thu, 28 Jun 2012 20:20:44 +0000 (22:20 +0200)]
added Ubuntu 12.04 LTS i686 measurements

10 years agoIMCs and IMVs might depend on X.509 certificates or trusted public keys
Andreas Steffen [Thu, 28 Jun 2012 15:55:02 +0000 (17:55 +0200)]
IMCs and IMVs might depend on X.509 certificates or trusted public keys

10 years agoadded ikev1/virtual-ip scenario
Andreas Steffen [Thu, 28 Jun 2012 12:52:07 +0000 (14:52 +0200)]
added ikev1/virtual-ip scenario

10 years agocorrected description of ikev1/ip-pool-db scenario
Andreas Steffen [Thu, 28 Jun 2012 12:44:10 +0000 (14:44 +0200)]
corrected description of ikev1/ip-pool-db scenario

10 years agocorrected description of ikev1/ip-pool scenario
Andreas Steffen [Thu, 28 Jun 2012 12:42:34 +0000 (14:42 +0200)]
corrected description of ikev1/ip-pool scenario

10 years agoadded ikev1/ip-pool scenario
Andreas Steffen [Thu, 28 Jun 2012 12:37:04 +0000 (14:37 +0200)]
added ikev1/ip-pool scenario

10 years agomerged xauth-id-rsa and xauth-rsa-config scenarios
Andreas Steffen [Thu, 28 Jun 2012 12:23:47 +0000 (14:23 +0200)]
merged xauth-id-rsa and xauth-rsa-config scenarios

10 years agoDefined a macro to replace strerror(3) with calls to thread-safe wrapper
Tobias Brunner [Thu, 28 Jun 2012 10:13:05 +0000 (12:13 +0200)]
Defined a macro to replace strerror(3) with calls to thread-safe wrapper

10 years agoThread-safe wrapper around strerror(3)/strerror_r(3) added
Tobias Brunner [Wed, 27 Jun 2012 16:42:25 +0000 (18:42 +0200)]
Thread-safe wrapper around strerror(3)/strerror_r(3) added

10 years agoShow some uname() info in "ipsec statusall"
Martin Willi [Thu, 28 Jun 2012 09:56:40 +0000 (11:56 +0200)]
Show some uname() info in "ipsec statusall"

10 years agoShow some uname() info during charon startup
Martin Willi [Thu, 28 Jun 2012 09:56:15 +0000 (11:56 +0200)]
Show some uname() info during charon startup

10 years agocharon automatically removes virtual interfaces
Andreas Steffen [Thu, 28 Jun 2012 07:30:24 +0000 (09:30 +0200)]
charon automatically removes virtual interfaces

10 years agolibcharon also requires kernel interfaces and a socket implementation
Tobias Brunner [Wed, 27 Jun 2012 10:14:16 +0000 (12:14 +0200)]
libcharon also requires kernel interfaces and a socket implementation

10 years agoDefer quick mode initiation if we expect a mode config request
Martin Willi [Tue, 26 Jun 2012 08:36:49 +0000 (10:36 +0200)]
Defer quick mode initiation if we expect a mode config request

10 years agoQueue a mode config task as responder if we need a virtual IP
Martin Willi [Tue, 26 Jun 2012 08:35:24 +0000 (10:35 +0200)]
Queue a mode config task as responder if we need a virtual IP

10 years agoAdd basic support for XAuth responder authentication
Martin Willi [Thu, 14 Jun 2012 14:13:10 +0000 (16:13 +0200)]
Add basic support for XAuth responder authentication

10 years agoMap XAuth responder authentication methods between IKEv1 and IKEv2
Martin Willi [Thu, 14 Jun 2012 14:08:28 +0000 (16:08 +0200)]
Map XAuth responder authentication methods between IKEv1 and IKEv2

10 years agoShow remote EAP/XAuth identity in "statusall" on a separate line
Martin Willi [Wed, 27 Jun 2012 09:40:53 +0000 (11:40 +0200)]
Show remote EAP/XAuth identity in "statusall" on a separate line

10 years agogcrypt: Register SHA1 first as HASH_PREFERRED depends on it
Tobias Brunner [Wed, 27 Jun 2012 09:30:55 +0000 (11:30 +0200)]
gcrypt: Register SHA1 first as HASH_PREFERRED depends on it

10 years agoUse static plugin features in libcharon to define essential dependencies
Tobias Brunner [Wed, 27 Jun 2012 09:27:36 +0000 (11:27 +0200)]
Use static plugin features in libcharon to define essential dependencies

10 years agoUse static plugin features in charon-nm
Tobias Brunner [Mon, 25 Jun 2012 16:58:53 +0000 (18:58 +0200)]
Use static plugin features in charon-nm

10 years agoIgnore a received %any virtual IP for installation
Martin Willi [Tue, 26 Jun 2012 16:00:40 +0000 (18:00 +0200)]
Ignore a received %any virtual IP for installation

10 years agoMask the configured mark value to ensure it is in range
Tobias Brunner [Tue, 26 Jun 2012 10:50:58 +0000 (12:50 +0200)]
Mask the configured mark value to ensure it is in range

10 years agoSome updates in ipsec.conf(5) for 5.0.0
Tobias Brunner [Tue, 26 Jun 2012 10:39:53 +0000 (12:39 +0200)]
Some updates in ipsec.conf(5) for 5.0.0

10 years agoAdded MAC wrappers to Android.mk
Tobias Brunner [Tue, 26 Jun 2012 05:58:04 +0000 (07:58 +0200)]
Added MAC wrappers to Android.mk

10 years agoAlso build charon's IKEv1 implementation on Android
Tobias Brunner [Fri, 22 Jun 2012 11:33:38 +0000 (13:33 +0200)]
Also build charon's IKEv1 implementation on Android