strongswan.git
6 years agostrongswan.conf is not needed on RADIUS server alice
Andreas Steffen [Sat, 15 Mar 2014 13:06:34 +0000 (14:06 +0100)]
strongswan.conf is not needed on RADIUS server alice

6 years agotnc-ifmap: Get a reference to the client cert as it is also used in an auth config
Tobias Brunner [Mon, 10 Mar 2014 13:31:42 +0000 (14:31 +0100)]
tnc-ifmap: Get a reference to the client cert as it is also used in an auth config

6 years agoVersion bump to 5.1.3dr1
Andreas Steffen [Fri, 7 Mar 2014 20:55:46 +0000 (21:55 +0100)]
Version bump to 5.1.3dr1

6 years agoDisable mandatory ECP support for attestion
Andreas Steffen [Fri, 7 Mar 2014 20:54:51 +0000 (21:54 +0100)]
Disable mandatory ECP support for attestion

6 years agoRefactored NTRU parameter set selection
Andreas Steffen [Fri, 7 Mar 2014 16:25:42 +0000 (17:25 +0100)]
Refactored NTRU parameter set selection

6 years agoRefactored ntru_param_sets
Andreas Steffen [Fri, 7 Mar 2014 14:43:42 +0000 (15:43 +0100)]
Refactored ntru_param_sets

6 years agothread: Properly clean up meta data of main thread
Tobias Brunner [Fri, 7 Mar 2014 17:27:22 +0000 (18:27 +0100)]
thread: Properly clean up meta data of main thread

6 years agosettings: Log all errors on level 1
Tobias Brunner [Tue, 4 Mar 2014 12:30:09 +0000 (13:30 +0100)]
settings: Log all errors on level 1

Closes #539.

6 years agosettings: Avoid conf file parsing beyond allocated buffer
Thomas Egerer [Thu, 27 Feb 2014 08:45:08 +0000 (09:45 +0100)]
settings: Avoid conf file parsing beyond allocated buffer

A valgrind analysis of libstrongswan revealed an invalid read of 1 in
the function starts_with(). A more thorough analysis proved this to be
true and showed that with a specially crafted config file (e.g. a single
'#'-character not followed by a newline), the parser might even
interpret the random memory contents following the allocated buffer as
part of the configuration file.
The way the parser is designed, it must be able to skip an inserted
'\0' and continue parsing. Since it is not able to skip two '\0'
characters, the 'fix' of allocating two more bytes than the size of the
parsed file and setting them to '\0' seems to be a safe bet.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
6 years agoconfigure: Fix autoreconf with older autotools
Tobias Brunner [Mon, 3 Mar 2014 16:14:26 +0000 (17:14 +0100)]
configure: Fix autoreconf with older autotools

Older autoconf versions (e.g. on CentOS 6.5) produce an empty else block
for the removed empty argument, which the shell then trips over when
executing ./configure.

Fixes #536.

6 years agoOptimize ntru_poly constructors some more 5.1.2
Andreas Steffen [Thu, 27 Feb 2014 22:06:51 +0000 (23:06 +0100)]
Optimize ntru_poly constructors some more

6 years agoVersion bump to 5.1.2
Andreas Steffen [Thu, 27 Feb 2014 21:46:52 +0000 (22:46 +0100)]
Version bump to 5.1.2

6 years agoOptimized initialisation of indices
Andreas Steffen [Thu, 27 Feb 2014 21:39:47 +0000 (22:39 +0100)]
Optimized initialisation of indices

6 years agoAdded get_array() method to ntru_poly_t class
Andreas Steffen [Thu, 27 Feb 2014 21:08:22 +0000 (22:08 +0100)]
Added get_array() method to ntru_poly_t class

6 years agoDefined ntru_poly_create_from_seed() and ntru_poly_create_from_data() constructors...
Andreas Steffen [Thu, 27 Feb 2014 19:36:17 +0000 (20:36 +0100)]
Defined ntru_poly_create_from_seed() and ntru_poly_create_from_data() constructors and built some unit tests for the latter)

6 years agoOptimized use of temporary arrays in polynomial multiplication
Andreas Steffen [Thu, 27 Feb 2014 14:22:48 +0000 (15:22 +0100)]
Optimized use of temporary arrays in polynomial multiplication

6 years agoImplement ring multiplication method
Andreas Steffen [Wed, 26 Feb 2014 22:36:09 +0000 (23:36 +0100)]
Implement ring multiplication method

6 years agoconf: Fix out-of-tree build from distribution
Tobias Brunner [Thu, 27 Feb 2014 10:40:32 +0000 (11:40 +0100)]
conf: Fix out-of-tree build from distribution

It worked from the repository, where strongswan.conf.5.main is generated
in the build dir, but not from the distribution where it is located in
the source dir, so explicitly create it in the source dir.

6 years agoutils: Add memrchr(3) replacement for platforms that don't support it
Tobias Brunner [Tue, 25 Feb 2014 11:45:38 +0000 (12:45 +0100)]
utils: Add memrchr(3) replacement for platforms that don't support it

For instance, on Mac OS X memrchr(3) is not provided by the C library.

6 years agoMerge branch 'dirname'
Tobias Brunner [Mon, 24 Feb 2014 11:04:24 +0000 (12:04 +0100)]
Merge branch 'dirname'

Fixes the incorrect usage of dirname(3) in settings_t and stroke_cred_t,
and adds thread-safe variants of dirname(3) and basename(3).

6 years agolibpts: Use path_base|dirname()
Tobias Brunner [Mon, 24 Feb 2014 10:26:46 +0000 (11:26 +0100)]
libpts: Use path_base|dirname()

6 years agoconftest: Use path_dirname()
Tobias Brunner [Mon, 24 Feb 2014 10:19:05 +0000 (11:19 +0100)]
conftest: Use path_dirname()

6 years agostroke: Use thread-safe dirname(3)
Tobias Brunner [Fri, 21 Feb 2014 17:49:16 +0000 (18:49 +0100)]
stroke: Use thread-safe dirname(3)

6 years agosettings: Use thread-safe dirname(3)
Tobias Brunner [Fri, 21 Feb 2014 17:48:55 +0000 (18:48 +0100)]
settings: Use thread-safe dirname(3)

6 years agoutils: Add thread-safe variants of dirname(3) and basename(3)
Tobias Brunner [Fri, 21 Feb 2014 17:44:15 +0000 (18:44 +0100)]
utils: Add thread-safe variants of dirname(3) and basename(3)

6 years agoutils: Move thread-safe strerror replacement to a separate file
Tobias Brunner [Fri, 21 Feb 2014 16:31:14 +0000 (17:31 +0100)]
utils: Move thread-safe strerror replacement to a separate file

For some utils _GNU_SOURCE might be needed but that conflicts with the
signature of strerror_r(3).

6 years agostroke: Use dirname(3) correctly
Tobias Brunner [Fri, 21 Feb 2014 13:59:33 +0000 (14:59 +0100)]
stroke: Use dirname(3) correctly

6 years agosettings: Use dirname(3) correctly
Tobias Brunner [Fri, 21 Feb 2014 13:58:01 +0000 (14:58 +0100)]
settings: Use dirname(3) correctly

dirname(3) may return a pointer to a statically allocated buffer.
So freeing the returned value can result to undefined behavior. This was
noticed on FreeBSD where it caused very strange crashes.

It is also not thread-safe, which will be addressed later.

6 years agoUse logical AND function
Andreas Steffen [Sun, 23 Feb 2014 15:44:14 +0000 (16:44 +0100)]
Use logical AND function

6 years agopki: Make cmds array static, ensuring that it is zero-initialized
Martin Willi [Thu, 20 Feb 2014 10:20:45 +0000 (11:20 +0100)]
pki: Make cmds array static, ensuring that it is zero-initialized

As pki --help relies on a zero-terminated array, make the actually non-public
cmds array static to ensure initialization.

6 years agoindex limit can be easily computed
Andreas Steffen [Wed, 19 Feb 2014 19:18:18 +0000 (20:18 +0100)]
index limit can be easily computed

6 years agouclibc only defines strndup(3) if _GNU_SOURCE is defined
Tobias Brunner [Wed, 19 Feb 2014 15:09:41 +0000 (16:09 +0100)]
uclibc only defines strndup(3) if _GNU_SOURCE is defined

References #516.

6 years agosshkey: uclibc only defines fmemopen(3) if _GNU_SOURCE is defined
Tobias Brunner [Wed, 19 Feb 2014 14:48:06 +0000 (15:48 +0100)]
sshkey: uclibc only defines fmemopen(3) if _GNU_SOURCE is defined

Fixes #516.

6 years agocoverage: Apparently not all shells can expand {src,scripts}
Tobias Brunner [Wed, 19 Feb 2014 11:41:56 +0000 (12:41 +0100)]
coverage: Apparently not all shells can expand {src,scripts}

One example is ash.

6 years agopki: Fix minor resource leak on failure to read the private key in --req 5.1.2rc2
Tobias Brunner [Tue, 18 Feb 2014 12:48:13 +0000 (13:48 +0100)]
pki: Fix minor resource leak on failure to read the private key in --req

6 years agostroke: Use proper modifiers to print size_t arguments
Tobias Brunner [Tue, 18 Feb 2014 12:25:26 +0000 (13:25 +0100)]
stroke: Use proper modifiers to print size_t arguments

6 years agoCreated ntru_poly class for sparse trinary polynomials
Andreas Steffen [Tue, 18 Feb 2014 15:17:18 +0000 (16:17 +0100)]
Created ntru_poly class for sparse trinary polynomials

6 years agoandroid: Don't limit number to packets during EAP-TTLS
Tobias Brunner [Mon, 2 Dec 2013 18:59:39 +0000 (19:59 +0100)]
android: Don't limit number to packets during EAP-TTLS

6 years agolookip: Properly return from disconnect callback job
Tobias Brunner [Tue, 18 Feb 2014 10:20:36 +0000 (11:20 +0100)]
lookip: Properly return from disconnect callback job

References #518.

6 years agoDoxygen: Sort group names alphabetically
Tobias Brunner [Tue, 18 Feb 2014 09:45:51 +0000 (10:45 +0100)]
Doxygen: Sort group names alphabetically

6 years agoFixed some typos
Tobias Brunner [Tue, 18 Feb 2014 09:35:02 +0000 (10:35 +0100)]
Fixed some typos

6 years agoplugin-loader: Escape <ns> in comment as Doxygen sees this as XML tag
Tobias Brunner [Tue, 18 Feb 2014 09:18:54 +0000 (10:18 +0100)]
plugin-loader: Escape <ns> in comment as Doxygen sees this as XML tag

6 years agounit-tests: Ignore tests not test_runner
Tobias Brunner [Tue, 18 Feb 2014 09:09:30 +0000 (10:09 +0100)]
unit-tests: Ignore tests not test_runner

6 years agoconf: Ignore generated strongswan.conf.5.main
Tobias Brunner [Tue, 18 Feb 2014 09:08:54 +0000 (10:08 +0100)]
conf: Ignore generated strongswan.conf.5.main

6 years agoAdded ikev2/lookip scenario
Andreas Steffen [Mon, 17 Feb 2014 11:04:21 +0000 (12:04 +0100)]
Added ikev2/lookip scenario

6 years agoVersion bump to 5.1.2rc2
Andreas Steffen [Mon, 17 Feb 2014 11:02:23 +0000 (12:02 +0100)]
Version bump to 5.1.2rc2

6 years agolookip: Disconnect asynchronously to avoid dead-locking watcher unregistration
Martin Willi [Mon, 17 Feb 2014 08:44:14 +0000 (09:44 +0100)]
lookip: Disconnect asynchronously to avoid dead-locking watcher unregistration

While it really would be desirable to allow stream destruction during on_read()
callbacks, this does not work anymore since e49b2998. Until we have a proper
solution for this issue, use asynchronous disconnects for the only user doing
so.

Fixes #518.

6 years agoFixed a minor vulnerability in which a malformed ASN.1 length field could cause a... 5.1.2rc1
Andreas Steffen [Fri, 14 Feb 2014 14:06:57 +0000 (15:06 +0100)]
Fixed a minor vulnerability in which a malformed ASN.1 length field could cause a crash of the charon daemon if the verbose debug level 3 (raw hex dump) for the asn subsystem is enabled.

6 years agoconf: Fix installation on FreeBSD
Tobias Brunner [Thu, 13 Feb 2014 12:50:12 +0000 (13:50 +0100)]
conf: Fix installation on FreeBSD

Apparently, the -t option for install is not portable.

6 years agopacman.sh creates /etc/pts/dists directory if it doesn't exist yet
Andreas Steffen [Thu, 13 Feb 2014 12:21:39 +0000 (13:21 +0100)]
pacman.sh creates /etc/pts/dists directory if it doesn't exist yet

6 years agoNEWS: Add strongswan.conf changes and IPComp fixes
Tobias Brunner [Thu, 13 Feb 2014 10:45:29 +0000 (11:45 +0100)]
NEWS: Add strongswan.conf changes and IPComp fixes

6 years agoconf: The use of $^ is not portable
Tobias Brunner [Thu, 13 Feb 2014 10:15:42 +0000 (11:15 +0100)]
conf: The use of $^ is not portable

Generating strongswan.conf.5.main in a subshell gets the file
properly written to the builddir in out-of-tree builds.

6 years agoprintf-hook-glibc: printf.h on FreeBSD 10 does not include stdargs.h
Tobias Brunner [Thu, 13 Feb 2014 09:45:26 +0000 (10:45 +0100)]
printf-hook-glibc: printf.h on FreeBSD 10 does not include stdargs.h

6 years agoarray: Fix compilation on FreeBSD
Tobias Brunner [Thu, 13 Feb 2014 09:41:22 +0000 (10:41 +0100)]
array: Fix compilation on FreeBSD

6 years agoMerge branch 'modular-load'
Tobias Brunner [Wed, 12 Feb 2014 14:24:47 +0000 (15:24 +0100)]
Merge branch 'modular-load'

Introduces a new configuration file layout. strongswan.conf is now only
very simple and mainly includes the config snippets from the strongswan.d
and strongswan.d/charon directories (the latter containing snippets for
individual plugins).

Config snippets with commented defaults are generated for all currently
defined settings and are installed if they don't exist yet and the
respective plugin/component is enabled.  Similarly, the strongswan.conf(5)
man page, which documents all these settings, is automatically generated
from the same source.
The config snippets are also installed in $prefix/share/strongswan so
existing files can be compared to the most current defaults.

As an alternative to the non-extensible charon.load option, the plugins
to load can now be determined via the respective charon.plugins.<name>.load
setting.  This functionality is enabled by the new default strongswan.conf
file (via the charon.load_modular option) and the load setting in the
generated config snippets of all enabled plugins.  The load setting
optionally takes a numeric priority value that allows reordering the
plugins (plugins with the same priority are ordered according to the
default plugin order).

Additionally, all settings that were formerly defined in library
specific "global" sections are now application specific.  For instance,
instead of configuring libstrongswan.plugins.random.random and affecting
charon, charon-cmd, pki, basically every application using libstrongswan,
the option can now be set individually for each application (e.g.
pki.plugins.random.random to affect only pki).  The old options are still
supported though, which actually allows to define defaults for all
applications in the libstrongswan section.

The libtls options are mapped to <app>.tls. The libimcv and libtnccs options
are mapped to <app>.imcv and <app>.tnc, respectively (while their plugin's
options are now under <app>.plugins together with all the others).

Fixes #475.

6 years agoconf: Install config files world-readable but warn about permissions for certain...
Tobias Brunner [Wed, 12 Feb 2014 14:16:57 +0000 (15:16 +0100)]
conf: Install config files world-readable but warn about permissions for certain options

6 years agoconf: Document variables and config files/dirs
Tobias Brunner [Mon, 10 Feb 2014 09:55:07 +0000 (10:55 +0100)]
conf: Document variables and config files/dirs

6 years agoAdd Python and pkg-config as requirements to HACKING
Tobias Brunner [Mon, 10 Feb 2014 09:21:33 +0000 (10:21 +0100)]
Add Python and pkg-config as requirements to HACKING

pkg-config is probably installed on most systems by default, but e.g. not
on Cygwin.

6 years agoconf: Only install config snippets for enabled components
Tobias Brunner [Fri, 7 Feb 2014 13:46:25 +0000 (14:46 +0100)]
conf: Only install config snippets for enabled components

6 years agoconf: Document options of other programs
Tobias Brunner [Fri, 7 Feb 2014 15:20:39 +0000 (16:20 +0100)]
conf: Document options of other programs

6 years agoconf: Document options of plugins in libpts
Tobias Brunner [Fri, 7 Feb 2014 13:44:19 +0000 (14:44 +0100)]
conf: Document options of plugins in libpts

6 years agolibpts: Move settings to <ns>.plugins with fallback to libimcv
Tobias Brunner [Fri, 7 Feb 2014 13:42:37 +0000 (14:42 +0100)]
libpts: Move settings to <ns>.plugins with fallback to libimcv

6 years agoconf: Document libimcv options
Tobias Brunner [Fri, 7 Feb 2014 13:20:53 +0000 (14:20 +0100)]
conf: Document libimcv options

6 years agolibimcv: Move settings to <ns>.imcv and <ns>.plugins with fallback
Tobias Brunner [Fri, 7 Feb 2014 13:19:06 +0000 (14:19 +0100)]
libimcv: Move settings to <ns>.imcv and <ns>.plugins with fallback

6 years agoconf: Document libtnccs options
Tobias Brunner [Fri, 7 Feb 2014 12:49:28 +0000 (13:49 +0100)]
conf: Document libtnccs options

6 years agolibtnccs: Move settings to <ns>.tnc and <ns>.plugins with fallback
Tobias Brunner [Fri, 7 Feb 2014 12:43:01 +0000 (13:43 +0100)]
libtnccs: Move settings to <ns>.tnc and <ns>.plugins with fallback

6 years agoattr: Silently skip over load option
Tobias Brunner [Fri, 7 Feb 2014 12:18:50 +0000 (13:18 +0100)]
attr: Silently skip over load option

6 years agoPrevent 'make distcheck' from complaining about config files we leave in /etc
Tobias Brunner [Thu, 6 Feb 2014 18:21:54 +0000 (19:21 +0100)]
Prevent 'make distcheck' from complaining about config files we leave in /etc

6 years agoconf: Create automatically generated config snippets in build dir
Tobias Brunner [Wed, 29 Jan 2014 13:03:16 +0000 (14:03 +0100)]
conf: Create automatically generated config snippets in build dir

6 years agoconf: Install config snippets in /usr/share/strongswan/templates/config too
Tobias Brunner [Thu, 6 Feb 2014 17:03:23 +0000 (18:03 +0100)]
conf: Install config snippets in /usr/share/strongswan/templates/config too

6 years agoconf: Only install config snippets if they don't exist yet
Tobias Brunner [Thu, 6 Feb 2014 16:53:57 +0000 (17:53 +0100)]
conf: Only install config snippets if they don't exist yet

6 years agoconf: Move load-tester options to plugin specific file
Tobias Brunner [Thu, 6 Feb 2014 15:00:20 +0000 (16:00 +0100)]
conf: Move load-tester options to plugin specific file

6 years agoconf: Options of all plugins documented
Tobias Brunner [Mon, 3 Feb 2014 17:43:10 +0000 (18:43 +0100)]
conf: Options of all plugins documented

Some options are still missing descriptions though.

6 years agoconf: Add logger example config
Tobias Brunner [Mon, 3 Feb 2014 10:36:49 +0000 (11:36 +0100)]
conf: Add logger example config

6 years agoconf: Converted charon options
Tobias Brunner [Wed, 29 Jan 2014 14:02:31 +0000 (15:02 +0100)]
conf: Converted charon options

6 years agoconf: Split strongswan.conf(5) man page and use generated snippet
Tobias Brunner [Wed, 29 Jan 2014 12:59:34 +0000 (13:59 +0100)]
conf: Split strongswan.conf(5) man page and use generated snippet

6 years agoconf: Generate groff snippet for configuration options
Tobias Brunner [Wed, 29 Jan 2014 12:24:16 +0000 (13:24 +0100)]
conf: Generate groff snippet for configuration options

6 years agoconf: Generate strongswan.conf(5) man page in different directory
Tobias Brunner [Wed, 29 Jan 2014 12:05:07 +0000 (13:05 +0100)]
conf: Generate strongswan.conf(5) man page in different directory

6 years agoconf: Generate and install config sippets for option descriptions
Tobias Brunner [Thu, 23 Jan 2014 15:44:12 +0000 (16:44 +0100)]
conf: Generate and install config sippets for option descriptions

The strongswan.d directory is also created relative to the configured
location of strongswan.conf.

6 years agoconf: Script to convert option descriptions to man page and config snippets added
Tobias Brunner [Wed, 29 Jan 2014 10:03:02 +0000 (11:03 +0100)]
conf: Script to convert option descriptions to man page and config snippets added

6 years agoconf: Create /etc/strongswan.d directory and include .conf files
Tobias Brunner [Thu, 23 Jan 2014 14:30:34 +0000 (15:30 +0100)]
conf: Create /etc/strongswan.d directory and include .conf files

6 years agoconf: Simplified strongswan.conf template
Tobias Brunner [Thu, 23 Jan 2014 14:26:08 +0000 (15:26 +0100)]
conf: Simplified strongswan.conf template

6 years agoconf: Install strongswan.conf template from a separate directory
Tobias Brunner [Thu, 23 Jan 2014 13:38:03 +0000 (14:38 +0100)]
conf: Install strongswan.conf template from a separate directory

6 years agosettings: Add support to enumerate sections and key/value pairs with fallbacks
Tobias Brunner [Mon, 10 Feb 2014 17:01:50 +0000 (18:01 +0100)]
settings: Add support to enumerate sections and key/value pairs with fallbacks

6 years agosettings: Implement subsections and key/value pairs with sorted arrays
Tobias Brunner [Mon, 10 Feb 2014 14:34:29 +0000 (15:34 +0100)]
settings: Implement subsections and key/value pairs with sorted arrays

Is a bit more memory efficient (also due to lazy instantiation) and
lookups for sections with lots of subsections/keys (e.g. charon.plugins) are
faster.

6 years agoarray: Add fallback for qsort_r using thread-local value
Tobias Brunner [Mon, 27 Jan 2014 12:41:21 +0000 (13:41 +0100)]
array: Add fallback for qsort_r using thread-local value

Cygwin for example does not support qsort_r.

6 years agoplugin-loader: Optionally use load option in each plugin section to load plugins
Tobias Brunner [Wed, 22 Jan 2014 14:29:45 +0000 (15:29 +0100)]
plugin-loader: Optionally use load option in each plugin section to load plugins

This now works because all plugins use the same config namespace.

If <ns>.load_modular is true, the list of plugins to load is determined
via the value of the <ns>.plugins.<name>.load options.

Using includes the following is possible:

charon {
  load_modular = yes
  plugins {
    include strongswan.d/charon/*.conf
  }
}

charon-cmd {
  load_modular = yes
  plugins {
    include strongswan.d/charon-cmd/*.conf
  }
}

Where each .conf file would contain something like:

<name> {
  load = yes
  <option> = <value>
}

To increase the priority of individual plugins load = <priority> can be
used (the default is 1).  For instance, to use openssl instead of the
built-in crypto plugins set in strongswan.d/charon/openssl.conf:

openssl {
  load = 10
}

If two plugins have the same priority their order in the default plugin
list is preserved.  Plugins not found in that list are ordered
alphabetically before other plugins with the same priority.

6 years agoarray: Add array_bsearch function
Tobias Brunner [Mon, 27 Jan 2014 14:02:19 +0000 (15:02 +0100)]
array: Add array_bsearch function

6 years agoarray: Add array_sort function
Tobias Brunner [Fri, 24 Jan 2014 10:58:33 +0000 (11:58 +0100)]
array: Add array_sort function

6 years agolibcharon: Remove unused charon->name
Tobias Brunner [Wed, 22 Jan 2014 14:19:44 +0000 (15:19 +0100)]
libcharon: Remove unused charon->name

6 years agocharon-tkm: Use lib->ns instead of charon->name
Tobias Brunner [Wed, 22 Jan 2014 14:19:24 +0000 (15:19 +0100)]
charon-tkm: Use lib->ns instead of charon->name

6 years agolibcharon: Use lib->ns instead of charon->name
Tobias Brunner [Wed, 22 Jan 2014 14:18:58 +0000 (15:18 +0100)]
libcharon: Use lib->ns instead of charon->name

6 years agolibhydra: Remove unused hydra->daemon
Tobias Brunner [Wed, 22 Jan 2014 13:39:41 +0000 (14:39 +0100)]
libhydra: Remove unused hydra->daemon

6 years agolibhydra: Use lib->ns instead of hydra->daemon
Tobias Brunner [Wed, 22 Jan 2014 13:35:41 +0000 (14:35 +0100)]
libhydra: Use lib->ns instead of hydra->daemon

6 years agolibtls: Move settings to <ns>.tls with fallback to libtls
Tobias Brunner [Tue, 28 Jan 2014 16:26:50 +0000 (17:26 +0100)]
libtls: Move settings to <ns>.tls with fallback to libtls

6 years agoattr-sql: Use namespace for attr-sql config, with fallback
Tobias Brunner [Tue, 28 Jan 2014 15:58:34 +0000 (16:58 +0100)]
attr-sql: Use namespace for attr-sql config, with fallback

6 years agolib: All settings use configured namespace
Tobias Brunner [Tue, 28 Jan 2014 15:38:06 +0000 (16:38 +0100)]
lib: All settings use configured namespace

6 years agolib: Add default config fallback for configured namespace
Tobias Brunner [Tue, 28 Jan 2014 15:36:50 +0000 (16:36 +0100)]
lib: Add default config fallback for configured namespace

All settings in the configured global namespace fall back to libstrongswan.

6 years agounit-tests: Test how settings_t handles some invalid data
Tobias Brunner [Tue, 28 Jan 2014 14:52:09 +0000 (15:52 +0100)]
unit-tests: Test how settings_t handles some invalid data

6 years agosettings: Add method that allows to define fallback sections for other sections
Tobias Brunner [Tue, 28 Jan 2014 14:20:27 +0000 (15:20 +0100)]
settings: Add method that allows to define fallback sections for other sections

The fallbacks are currently only used for single value lookups.
Enumerators are not affected by them.