strongswan.git
12 years agomention ESP sequence number updates
Andreas Steffen [Thu, 26 Jun 2008 08:44:59 +0000 (08:44 -0000)]
mention ESP sequence number updates

12 years agofixed ifndef typo for MYSQL_DATA_TRUNCATED check
Martin Willi [Thu, 26 Jun 2008 07:31:52 +0000 (07:31 -0000)]
fixed ifndef typo for MYSQL_DATA_TRUNCATED check

12 years agofixed plugin loader destruction
Martin Willi [Wed, 25 Jun 2008 14:53:49 +0000 (14:53 -0000)]
fixed plugin loader destruction

12 years agoenabling support for hardware accelerators in OpenSSL
Tobias Brunner [Wed, 25 Jun 2008 12:39:32 +0000 (12:39 -0000)]
enabling support for hardware accelerators in OpenSSL

12 years agoflushing task_manager on shutdown while IKE_SA is usable
Martin Willi [Wed, 25 Jun 2008 11:40:50 +0000 (11:40 -0000)]
flushing task_manager on shutdown while IKE_SA is usable

12 years agoupdated NEWS for the imminent 4.2.4 release
Andreas Steffen [Wed, 25 Jun 2008 08:41:16 +0000 (08:41 -0000)]
updated NEWS for the imminent 4.2.4 release

12 years agomerging the ESP sequence numbers of an SA in update_sa (fixing #52)
Tobias Brunner [Tue, 24 Jun 2008 15:35:09 +0000 (15:35 -0000)]
merging the ESP sequence numbers of an SA in update_sa (fixing #52)

12 years agoreintroducing MYSQL_DATA_TRUNCATED if supported on that mysql version
Martin Willi [Tue, 24 Jun 2008 14:30:14 +0000 (14:30 -0000)]
reintroducing MYSQL_DATA_TRUNCATED if supported on that mysql version

12 years agoupdated location of auth_class_t
Martin Willi [Tue, 24 Jun 2008 13:36:10 +0000 (13:36 -0000)]
updated location of auth_class_t

12 years agoenumerating loaded plugins in "ipsec statusall"
Martin Willi [Tue, 24 Jun 2008 12:49:04 +0000 (12:49 -0000)]
enumerating loaded plugins in "ipsec statusall"

12 years agochanged ipsec.secrets keyword EC to ECDSA
Tobias Brunner [Tue, 24 Jun 2008 06:57:47 +0000 (06:57 -0000)]
changed ipsec.secrets keyword EC to ECDSA

12 years agocosmetics
Andreas Steffen [Mon, 23 Jun 2008 09:08:49 +0000 (09:08 -0000)]
cosmetics

12 years agofixed "double-close" of stroke fd resulting in "bad fd" errors if multiple threads...
Martin Willi [Mon, 23 Jun 2008 08:53:37 +0000 (08:53 -0000)]
fixed "double-close" of stroke fd resulting in "bad fd" errors if multiple threads are active

12 years agofixed medsrv mysql scheme
Martin Willi [Mon, 23 Jun 2008 08:30:57 +0000 (08:30 -0000)]
fixed medsrv mysql scheme

12 years agoresolving hosts before route
Martin Willi [Mon, 23 Jun 2008 08:30:35 +0000 (08:30 -0000)]
resolving hosts before route

12 years agoset version to 4.2.4
Andreas Steffen [Sun, 22 Jun 2008 18:08:37 +0000 (18:08 -0000)]
set version to 4.2.4

12 years agogenerate CRL for strongSwan EC Root CA
Andreas Steffen [Sun, 22 Jun 2008 17:56:42 +0000 (17:56 -0000)]
generate CRL for strongSwan EC Root CA

12 years agosupport of ECDSA signatures for all certificate types
Andreas Steffen [Sun, 22 Jun 2008 17:41:07 +0000 (17:41 -0000)]
support of ECDSA signatures for all certificate types

12 years agoadded openssl/ecdsa-certs scenario
Andreas Steffen [Sun, 22 Jun 2008 16:54:45 +0000 (16:54 -0000)]
added openssl/ecdsa-certs scenario

12 years agoadded strongSwan EC Root CA
Andreas Steffen [Sun, 22 Jun 2008 16:41:00 +0000 (16:41 -0000)]
added strongSwan EC Root CA

12 years agoremove ikev2/nat-pf scenario
Andreas Steffen [Sun, 22 Jun 2008 11:41:49 +0000 (11:41 -0000)]
remove ikev2/nat-pf scenario

12 years agocheck for selected IKE proposal
Andreas Steffen [Sun, 22 Jun 2008 11:26:37 +0000 (11:26 -0000)]
check for selected IKE proposal

12 years agodisplay selected IKE proposal in ipsec statusall
Andreas Steffen [Sun, 22 Jun 2008 11:24:33 +0000 (11:24 -0000)]
display selected IKE proposal in ipsec statusall

12 years agoremoved ikev2/nat-double-snat scenario
Andreas Steffen [Sat, 21 Jun 2008 13:45:54 +0000 (13:45 -0000)]
removed ikev2/nat-double-snat scenario

12 years agoused ipsec pool --leases --filter option in evaltest.dat
Andreas Steffen [Sat, 21 Jun 2008 13:31:54 +0000 (13:31 -0000)]
used ipsec pool --leases --filter option in evaltest.dat

12 years agoadapted evaltest.dat to modified RSA signature debug output
Andreas Steffen [Sat, 21 Jun 2008 13:30:24 +0000 (13:30 -0000)]
adapted evaltest.dat to modified RSA signature debug output

12 years agoadded strongswan.conf with plugin list
Andreas Steffen [Sat, 21 Jun 2008 13:24:49 +0000 (13:24 -0000)]
added strongswan.conf with plugin list

12 years agotest ipsec pool --del option
Andreas Steffen [Sat, 21 Jun 2008 13:19:58 +0000 (13:19 -0000)]
test ipsec pool --del option

12 years agoadapted evaltest.dat to modified RSA signature debug output
Andreas Steffen [Sat, 21 Jun 2008 13:19:13 +0000 (13:19 -0000)]
adapted evaltest.dat to modified RSA signature debug output

12 years agopublic key operations using the OpenSSL library require the pubkey plugin
Andreas Steffen [Sat, 21 Jun 2008 13:16:17 +0000 (13:16 -0000)]
public key operations using the OpenSSL library require the pubkey plugin

12 years agoadded missing medsrv script.js to dist
Martin Willi [Fri, 20 Jun 2008 08:47:06 +0000 (08:47 -0000)]
added missing medsrv script.js to dist

12 years agoincluding sys/queue.h to support TAILQ_LAST() macro
Martin Willi [Fri, 20 Jun 2008 08:17:03 +0000 (08:17 -0000)]
including sys/queue.h to support TAILQ_LAST() macro

12 years agoshipping own linux/types.h for introduced __be32 in linux/xfrm.h
Martin Willi [Fri, 20 Jun 2008 08:15:38 +0000 (08:15 -0000)]
shipping own linux/types.h for introduced __be32 in linux/xfrm.h

12 years agocompatibility fix for other shells than bash >= 3.1
Martin Willi [Fri, 20 Jun 2008 07:56:01 +0000 (07:56 -0000)]
compatibility fix for other shells than bash >= 3.1

12 years agoremoved unused MYSQL_DATA_TRUNCATED check for compatibility with older mysql versions
Martin Willi [Fri, 20 Jun 2008 07:37:55 +0000 (07:37 -0000)]
removed unused MYSQL_DATA_TRUNCATED check for compatibility with older mysql versions

12 years agosupport in smp for terminate-by-name
Martin Willi [Fri, 20 Jun 2008 07:14:35 +0000 (07:14 -0000)]
support in smp for terminate-by-name

12 years agofixed identation
Martin Willi [Thu, 19 Jun 2008 11:50:13 +0000 (11:50 -0000)]
fixed identation

12 years agomedcli initiates "active" connections on startup
Martin Willi [Thu, 19 Jun 2008 11:09:48 +0000 (11:09 -0000)]
medcli initiates "active" connections on startup

12 years agomedcli plugin writes connection status to database
Martin Willi [Thu, 19 Jun 2008 08:46:34 +0000 (08:46 -0000)]
medcli plugin writes connection status to database

12 years agofixed UCI default proposals
Martin Willi [Wed, 18 Jun 2008 13:32:23 +0000 (13:32 -0000)]
fixed UCI default proposals

12 years agosupport for more config options in UCI plugin
Martin Willi [Wed, 18 Jun 2008 08:50:32 +0000 (08:50 -0000)]
support for more config options in UCI plugin

12 years agofirst simple prototype of a UCI configuration plugin for OpenWRT
Martin Willi [Tue, 17 Jun 2008 14:17:51 +0000 (14:17 -0000)]
first simple prototype of a UCI configuration plugin for OpenWRT

12 years agodo not use self-installed route for IKE if routing table is 0
Martin Willi [Tue, 17 Jun 2008 08:04:12 +0000 (08:04 -0000)]
do not use self-installed route for IKE if routing table is 0

12 years agoscepclient requires libcrypto to build
Martin Willi [Mon, 16 Jun 2008 07:10:48 +0000 (07:10 -0000)]
scepclient requires libcrypto to build

12 years agofixed matches() check for RFC822/FQDN without wildcards
Martin Willi [Fri, 13 Jun 2008 15:10:01 +0000 (15:10 -0000)]
fixed matches() check for RFC822/FQDN without wildcards

12 years agoimplemented identification_t.match() case insensitive for RFC822/FQDN
Martin Willi [Thu, 12 Jun 2008 14:17:37 +0000 (14:17 -0000)]
implemented identification_t.match() case insensitive for RFC822/FQDN

12 years agoadded %P printf handler for poposal_t
Martin Willi [Thu, 12 Jun 2008 11:42:19 +0000 (11:42 -0000)]
added %P printf handler for poposal_t
added some proposal selection debugging code

12 years agoadded mediation server web frontend
Martin Willi [Wed, 11 Jun 2008 14:13:24 +0000 (14:13 -0000)]
added mediation server web frontend
updated charons medsrv plugin to updated database scheme

12 years agopassing controller arguments to filter, not controller itself
Martin Willi [Wed, 11 Jun 2008 14:11:01 +0000 (14:11 -0000)]
passing controller arguments to filter, not controller itself

12 years agoloading PEM encoded public keys
Martin Willi [Wed, 11 Jun 2008 14:10:02 +0000 (14:10 -0000)]
loading PEM encoded public keys

12 years agoreduced default debug hook verbosity
Martin Willi [Wed, 11 Jun 2008 14:09:46 +0000 (14:09 -0000)]
reduced default debug hook verbosity

12 years agofixed compile error of medsrv plugin
Martin Willi [Wed, 11 Jun 2008 07:45:25 +0000 (07:45 -0000)]
fixed compile error of medsrv plugin

12 years agofixed resolving numerical IPv6 addresses in host_create_from_dns()
Martin Willi [Wed, 11 Jun 2008 07:44:23 +0000 (07:44 -0000)]
fixed resolving numerical IPv6 addresses in host_create_from_dns()

12 years agofixed resolving numerical addresses in host_create_from_dns()
Martin Willi [Wed, 11 Jun 2008 07:31:24 +0000 (07:31 -0000)]
fixed resolving numerical addresses in host_create_from_dns()

12 years agomake config_auth_method_t backward compatible to existing sql templates
Andreas Steffen [Tue, 10 Jun 2008 20:31:53 +0000 (20:31 -0000)]
make config_auth_method_t backward compatible to existing sql templates

12 years agofixed compile error in smp plugin
Martin Willi [Tue, 10 Jun 2008 11:29:46 +0000 (11:29 -0000)]
fixed compile error in smp plugin

12 years agorefactoring
Tobias Brunner [Tue, 10 Jun 2008 09:19:18 +0000 (09:19 -0000)]
refactoring

12 years agoECDSA with OpenSSL
Tobias Brunner [Tue, 10 Jun 2008 09:08:27 +0000 (09:08 -0000)]
ECDSA with OpenSSL

12 years agoparsing of subjectPublicKeyInfo of x509 certificates extracted
Tobias Brunner [Tue, 10 Jun 2008 09:00:42 +0000 (09:00 -0000)]
parsing of subjectPublicKeyInfo of x509 certificates extracted

12 years agoadded strongswan.conf option "routing_table" and "routing_table_prio"
Martin Willi [Tue, 10 Jun 2008 07:51:21 +0000 (07:51 -0000)]
added strongswan.conf option "routing_table" and "routing_table_prio"

12 years agooids for elliptic curves
Tobias Brunner [Tue, 10 Jun 2008 07:37:32 +0000 (07:37 -0000)]
oids for elliptic curves

12 years agomaking the parsing of parameters of a subjectAlgorithmIdentifier optional
Tobias Brunner [Tue, 10 Jun 2008 07:36:44 +0000 (07:36 -0000)]
making the parsing of parameters of a subjectAlgorithmIdentifier optional

12 years agofixed "enabled" value key word
Martin Willi [Tue, 10 Jun 2008 07:14:34 +0000 (07:14 -0000)]
fixed "enabled" value key word
more debugging for settings parser

12 years agoadded strongswan.conf option to disable route installation
Martin Willi [Tue, 10 Jun 2008 06:58:39 +0000 (06:58 -0000)]
added strongswan.conf option to disable route installation

12 years agoDNS resolving of ike_cfg hosts dynamically on demand
Martin Willi [Fri, 6 Jun 2008 15:05:54 +0000 (15:05 -0000)]
DNS resolving of ike_cfg hosts dynamically on demand

12 years agoconfigure option for updown firewall scripts
Martin Willi [Fri, 6 Jun 2008 08:24:39 +0000 (08:24 -0000)]
configure option for updown firewall scripts

12 years agoextended leak detective white list for OpenSSL
Martin Willi [Fri, 6 Jun 2008 08:13:11 +0000 (08:13 -0000)]
extended leak detective white list for OpenSSL

12 years agolink against openssl crypto library only
Martin Willi [Fri, 6 Jun 2008 08:04:42 +0000 (08:04 -0000)]
link against openssl crypto library only

12 years agoconvert comma-separated RDNs into slash-separated OpenSSL --subject format
Andreas Steffen [Thu, 5 Jun 2008 19:28:08 +0000 (19:28 -0000)]
convert comma-separated RDNs into slash-separated OpenSSL --subject format

12 years agofixed --utc parsing position
Martin Willi [Thu, 5 Jun 2008 13:56:10 +0000 (13:56 -0000)]
fixed --utc parsing position
support for DN filtering usign id="CN=asdf, O=asdf",addr=1.1.1.1
changed order of --leases columns

12 years agoadded statistics functions and input validation checks to ipsec pool
Andreas Steffen [Thu, 5 Jun 2008 12:17:08 +0000 (12:17 -0000)]
added statistics functions and input validation checks to ipsec pool

12 years agofixed UTC identitation
Martin Willi [Thu, 5 Jun 2008 08:52:27 +0000 (08:52 -0000)]
fixed UTC identitation
implement filtering in --leases

12 years agofixed NULL string mysql parameter
Martin Willi [Thu, 5 Jun 2008 08:24:55 +0000 (08:24 -0000)]
fixed NULL string mysql parameter

12 years agomoved copying of tables.sql after the strongswan installation
Andreas Steffen [Thu, 5 Jun 2008 07:25:27 +0000 (07:25 -0000)]
moved copying of tables.sql after the strongswan installation

12 years agocosmetics in size field of ipsec pool --status command
Andreas Steffen [Wed, 4 Jun 2008 22:20:19 +0000 (22:20 -0000)]
cosmetics in size field of ipsec pool --status command

12 years agodo not roam IKE_SA in created or deleting state
Martin Willi [Wed, 4 Jun 2008 14:31:06 +0000 (14:31 -0000)]
do not roam IKE_SA in created or deleting state

12 years agoadded pool statistics (size, online, lease count, with usage ratio)
Martin Willi [Wed, 4 Jun 2008 14:01:44 +0000 (14:01 -0000)]
added pool statistics (size, online, lease count, with usage ratio)

12 years agosome input validation checks for --add and --resize
Martin Willi [Wed, 4 Jun 2008 13:18:55 +0000 (13:18 -0000)]
some input validation checks for --add and --resize
--purge keeps an entry for each address to allow their reallaction

12 years agotolerating chown failures on installation, required to build some packages
Martin Willi [Wed, 4 Jun 2008 12:09:24 +0000 (12:09 -0000)]
tolerating chown failures on installation, required to build some packages

12 years agoremoved unused variable
Martin Willi [Tue, 3 Jun 2008 12:14:02 +0000 (12:14 -0000)]
removed unused variable

12 years agoadded missing strongswan.conf
Andreas Steffen [Sat, 31 May 2008 08:56:13 +0000 (08:56 -0000)]
added missing strongswan.conf

12 years agodivided ipsec.sql into tables.sql and data.sql
Andreas Steffen [Sat, 31 May 2008 08:53:48 +0000 (08:53 -0000)]
divided ipsec.sql into tables.sql and data.sql

12 years agoadded missing TCPDUMPHOST alice
Andreas Steffen [Thu, 29 May 2008 08:58:49 +0000 (08:58 -0000)]
added missing TCPDUMPHOST alice

12 years agoadded two Elliptic Curve DH Group scenarios using the openssl library
Andreas Steffen [Thu, 29 May 2008 08:28:20 +0000 (08:28 -0000)]
added two Elliptic Curve DH Group scenarios using the openssl library

12 years agoCIRCLEQ patch submitted by Jay Pfeifer
Andreas Steffen [Thu, 29 May 2008 07:49:47 +0000 (07:49 -0000)]
CIRCLEQ patch submitted by Jay Pfeifer

12 years agoadded missing comma in enumeration
Andreas Steffen [Thu, 29 May 2008 06:55:03 +0000 (06:55 -0000)]
added missing comma in enumeration

12 years agoactivate --enable-openssl option in uml scenarios
Andreas Steffen [Wed, 28 May 2008 14:13:40 +0000 (14:13 -0000)]
activate --enable-openssl option in uml scenarios

12 years agoadded openssl/rw-cert uml scenario
Andreas Steffen [Wed, 28 May 2008 13:49:53 +0000 (13:49 -0000)]
added openssl/rw-cert uml scenario

12 years agohandle default key sizes in openssl_crypter
Andreas Steffen [Wed, 28 May 2008 12:20:38 +0000 (12:20 -0000)]
handle default key sizes in openssl_crypter

12 years agoadded ikev2/rw-eap-md5-rsa scenario
Andreas Steffen [Wed, 28 May 2008 10:38:12 +0000 (10:38 -0000)]
added ikev2/rw-eap-md5-rsa scenario

12 years agoreinsert hash_and_url = yes option in strongswan.conf
Andreas Steffen [Wed, 28 May 2008 08:35:28 +0000 (08:35 -0000)]
reinsert hash_and_url = yes option in strongswan.conf

12 years agodefine plugins to be loaded in strongswan.conf
Andreas Steffen [Wed, 28 May 2008 08:29:51 +0000 (08:29 -0000)]
define plugins to be loaded in strongswan.conf

12 years agoversion bump to 4.2.4
Andreas Steffen [Sun, 25 May 2008 10:35:39 +0000 (10:35 -0000)]
version bump to 4.2.4

12 years agodo not list empty certuribase strings 4.2.3
Andreas Steffen [Sat, 24 May 2008 05:47:37 +0000 (05:47 -0000)]
do not list empty certuribase strings

12 years agofixed copy-and-paste error
Andreas Steffen [Fri, 23 May 2008 19:23:04 +0000 (19:23 -0000)]
fixed copy-and-paste error

12 years agocheck if parsing of the RSA public key in an X.509 certificate was successful
Andreas Steffen [Fri, 23 May 2008 19:22:37 +0000 (19:22 -0000)]
check if parsing of the RSA public key in an X.509 certificate was successful

12 years agofix caption alignment if date is displayed in local time
Andreas Steffen [Fri, 23 May 2008 19:21:08 +0000 (19:21 -0000)]
fix caption alignment if date is displayed in local time

12 years agocheck if crypter is available in pem_to_bin()
Andreas Steffen [Fri, 23 May 2008 19:18:08 +0000 (19:18 -0000)]
check if crypter is available in pem_to_bin()

12 years agoprocess payload length more strictly
Martin Willi [Fri, 23 May 2008 18:23:17 +0000 (18:23 -0000)]
process payload length more strictly

12 years agosome bug fixes
Andreas Steffen [Fri, 23 May 2008 16:06:58 +0000 (16:06 -0000)]
some bug fixes