strongswan.git
11 years agofixed keyids in sql/ip-pool-db-expired scenario
Andreas Steffen [Sat, 15 May 2010 11:07:22 +0000 (13:07 +0200)]
fixed keyids in sql/ip-pool-db-expired scenario

11 years agofixed keyids in sql/ip-pool-db scenario
Andreas Steffen [Sat, 15 May 2010 11:06:48 +0000 (13:06 +0200)]
fixed keyids in sql/ip-pool-db scenario

11 years agointroduced xauth_identity keyword
Andreas Steffen [Sat, 15 May 2010 08:18:29 +0000 (10:18 +0200)]
introduced xauth_identity keyword

11 years agoadapted evaltest of ikev1/ip-pool-db-push scenario to resolve plugin
Andreas Steffen [Fri, 14 May 2010 15:26:59 +0000 (17:26 +0200)]
adapted evaltest of ikev1/ip-pool-db-push scenario to resolve plugin

11 years agoadapted evaltest of ikev1/ip-pool-db scenario to resolve plugin
Andreas Steffen [Fri, 14 May 2010 15:20:28 +0000 (17:20 +0200)]
adapted evaltest of ikev1/ip-pool-db scenario to resolve plugin

11 years agorefactoring of Mode Config functionality allows transport and handling of any attribute
Andreas Steffen [Fri, 14 May 2010 15:07:03 +0000 (17:07 +0200)]
refactoring of Mode Config functionality allows transport and handling of any attribute

11 years agoadapted evaltest of ikev1/mode-config-push scenario to resolve plugin
Andreas Steffen [Fri, 14 May 2010 13:12:03 +0000 (15:12 +0200)]
adapted evaltest of ikev1/mode-config-push scenario to resolve plugin

11 years agoadapted evaltest to resolve plugin
Andreas Steffen [Fri, 14 May 2010 09:07:26 +0000 (11:07 +0200)]
adapted evaltest to resolve plugin

11 years agoimplemented support of resolve plugin
Andreas Steffen [Sat, 8 May 2010 14:09:02 +0000 (16:09 +0200)]
implemented support of resolve plugin

11 years agoinclude demux.h only once
Andreas Steffen [Thu, 6 May 2010 19:55:19 +0000 (21:55 +0200)]
include demux.h only once

11 years agoalready defined in attributes/attributes.h
Andreas Steffen [Thu, 6 May 2010 19:44:15 +0000 (21:44 +0200)]
already defined in attributes/attributes.h

11 years agoinclude state.h only once
Andreas Steffen [Thu, 6 May 2010 19:35:00 +0000 (21:35 +0200)]
include state.h only once

11 years agoremoved stray file
Andreas Steffen [Thu, 6 May 2010 08:35:25 +0000 (10:35 +0200)]
removed stray file

11 years agoSupport decoding of subjectPublicKeyInfo in openssl without pkcs1 plugin
Martin Willi [Wed, 5 May 2010 11:48:10 +0000 (13:48 +0200)]
Support decoding of subjectPublicKeyInfo in openssl without pkcs1 plugin

11 years agoDo not check pointer, but length of a chunk
Martin Willi [Wed, 5 May 2010 09:30:18 +0000 (11:30 +0200)]
Do not check pointer, but length of a chunk

11 years agoDouble-check that a blob passed to is_asn1() is not empty
Martin Willi [Wed, 5 May 2010 09:26:17 +0000 (11:26 +0200)]
Double-check that a blob passed to is_asn1() is not empty

11 years agoDo not print filename twice if plugin loading fails, dlerror() contains the filename
Martin Willi [Wed, 5 May 2010 09:15:10 +0000 (11:15 +0200)]
Do not print filename twice if plugin loading fails, dlerror() contains the filename

11 years agoImplemented base32 encoding of chunks.
Martin Willi [Wed, 5 May 2010 08:40:52 +0000 (10:40 +0200)]
Implemented base32 encoding of chunks.

11 years agomoved resolve plugin from libcharon to libhydra
Andreas Steffen [Tue, 4 May 2010 21:52:44 +0000 (23:52 +0200)]
moved resolve plugin from libcharon to libhydra

11 years agoDo a proper cleanup when printing usage info.
Tobias Brunner [Tue, 4 May 2010 15:33:35 +0000 (17:33 +0200)]
Do a proper cleanup when printing usage info.

11 years agoMoved syslog.h include.
Tobias Brunner [Tue, 4 May 2010 15:40:10 +0000 (17:40 +0200)]
Moved syslog.h include.

11 years agoCompiler warning fixed.
Tobias Brunner [Tue, 4 May 2010 15:00:43 +0000 (17:00 +0200)]
Compiler warning fixed.

11 years agofixed typo
Andreas Steffen [Tue, 4 May 2010 04:18:10 +0000 (06:18 +0200)]
fixed typo

11 years agoAdd 'flush_line' option to filelog section.
Adrian-Ken Rueegsegger [Sun, 2 May 2010 12:37:16 +0000 (14:37 +0200)]
Add 'flush_line' option to filelog section.

The new boolean 'flush_line' option in the filelog section of
strongswan.conf specifies if log messages should be flushed to the given
file for each new line.

11 years agoUse reqid from connection config if present.
Reto Buerki [Thu, 22 Apr 2010 15:03:30 +0000 (17:03 +0200)]
Use reqid from connection config if present.

11 years agoAdd reqid field and getter function to child_cfg_t.
Reto Buerki [Thu, 22 Apr 2010 15:03:29 +0000 (17:03 +0200)]
Add reqid field and getter function to child_cfg_t.

11 years agoInclude reqid in stroke add connection message.
Reto Buerki [Thu, 22 Apr 2010 15:03:28 +0000 (17:03 +0200)]
Include reqid in stroke add connection message.

11 years agoAdd reqid keyword to config connection section.
Reto Buerki [Thu, 22 Apr 2010 15:03:27 +0000 (17:03 +0200)]
Add reqid keyword to config connection section.

11 years agodelete release files
Andreas Steffen [Mon, 3 May 2010 07:31:22 +0000 (09:31 +0200)]
delete release files

11 years agoversion bump to 4.4.1
Andreas Steffen [Mon, 3 May 2010 07:09:43 +0000 (09:09 +0200)]
version bump to 4.4.1

11 years agoadded getprotobyname to whitelist 4.4.0
Andreas Steffen [Sun, 2 May 2010 19:13:10 +0000 (21:13 +0200)]
added getprotobyname to whitelist

11 years agoremove subnet from sourceip
Andreas Steffen [Sun, 2 May 2010 15:58:36 +0000 (17:58 +0200)]
remove subnet from sourceip

11 years agofinal fix for cloning and deleting sourceip strings
Andreas Steffen [Sun, 2 May 2010 13:55:46 +0000 (15:55 +0200)]
final fix for cloning and deleting sourceip strings

11 years agofixed end->sourceip memory leak in ipsec starter
Andreas Steffen [Sun, 2 May 2010 12:56:35 +0000 (14:56 +0200)]
fixed end->sourceip memory leak in ipsec starter

11 years agoupdated options in testing.conf
Andreas Steffen [Sun, 2 May 2010 09:47:24 +0000 (11:47 +0200)]
updated options in testing.conf

11 years agofixed flex parser memory leaks in ipsec starter
Andreas Steffen [Sun, 2 May 2010 09:40:46 +0000 (11:40 +0200)]
fixed flex parser memory leaks in ipsec starter

11 years agofree config before exiting since library_deinit() calls leak detective
Andreas Steffen [Sun, 2 May 2010 09:00:21 +0000 (11:00 +0200)]
free config before exiting since library_deinit() calls leak detective

11 years agoWe have to rename thread_create on Mac OS X because it conflicts with a syscall.
Tobias Brunner [Thu, 29 Apr 2010 12:44:31 +0000 (14:44 +0200)]
We have to rename thread_create on Mac OS X because it conflicts with a syscall.

11 years agoInitialize libstrongswan in stroke (fixes Vstr logging).
Tobias Brunner [Thu, 29 Apr 2010 12:51:44 +0000 (14:51 +0200)]
Initialize libstrongswan in stroke (fixes Vstr logging).

11 years agoInitialize libstrongswan in starter (fixes Vstr logging).
Tobias Brunner [Thu, 29 Apr 2010 12:33:29 +0000 (14:33 +0200)]
Initialize libstrongswan in starter (fixes Vstr logging).

11 years agoThe mutex of a thread has to be locked when destroying it.
Tobias Brunner [Thu, 29 Apr 2010 11:30:51 +0000 (13:30 +0200)]
The mutex of a thread has to be locked when destroying it.

11 years agoFixing out-of-tree build after adding dependency to config.status.
Tobias Brunner [Thu, 29 Apr 2010 11:29:53 +0000 (13:29 +0200)]
Fixing out-of-tree build after adding dependency to config.status.

11 years agoUsers of PLUGINS depend on config.status, rebuilding them if plugin configuration...
Martin Willi [Thu, 29 Apr 2010 09:28:27 +0000 (11:28 +0200)]
Users of PLUGINS depend on config.status, rebuilding them if plugin configuration is updated

11 years agoFixed RSA key generation with gcrypt
Martin Willi [Thu, 29 Apr 2010 07:51:37 +0000 (09:51 +0200)]
Fixed RSA key generation with gcrypt

11 years agoPEM encoder supports encoding from RSA components directly, allowing gcrypt plugin...
Martin Willi [Thu, 29 Apr 2010 07:36:45 +0000 (09:36 +0200)]
PEM encoder supports encoding from RSA components directly, allowing gcrypt plugin to encode in PEM

11 years agoadded AES-GMAC support to NEWS
Andreas Steffen [Thu, 29 Apr 2010 05:41:30 +0000 (07:41 +0200)]
added AES-GMAC support to NEWS

11 years agodo not destroy whack_attr if it hasn't been initialized
Andreas Steffen [Thu, 29 Apr 2010 05:28:51 +0000 (07:28 +0200)]
do not destroy whack_attr if it hasn't been initialized

11 years agoadded debug output argument
Andreas Steffen [Wed, 28 Apr 2010 10:27:45 +0000 (12:27 +0200)]
added debug output argument

11 years agoReintroduce to_referer(), redirect() does not work with get_referer()
Martin Willi [Wed, 28 Apr 2010 07:03:08 +0000 (09:03 +0200)]
Reintroduce to_referer(), redirect() does not work with get_referer()

11 years agoUse a 301 permanent redirect if no controller given
Martin Willi [Mon, 26 Apr 2010 07:41:10 +0000 (09:41 +0200)]
Use a 301 permanent redirect if no controller given

11 years agoadded ikev1/alg-esp-aes-gmac scenario
Andreas Steffen [Tue, 27 Apr 2010 11:48:37 +0000 (13:48 +0200)]
added ikev1/alg-esp-aes-gmac scenario

11 years agoadded AES_GMAC output string
Andreas Steffen [Tue, 27 Apr 2010 11:47:11 +0000 (13:47 +0200)]
added AES_GMAC output string

11 years agoadded ikev2/alg-esp-aes-gmac scenario
Andreas Steffen [Tue, 27 Apr 2010 11:13:10 +0000 (13:13 +0200)]
added ikev2/alg-esp-aes-gmac scenario

11 years agoadded ikev1/alg-modp-subgroup scenario
Andreas Steffen [Fri, 23 Apr 2010 13:23:54 +0000 (15:23 +0200)]
added ikev1/alg-modp-subgroup scenario

11 years agoadded ikev2/alg-modp-subgroup scenario
Andreas Steffen [Fri, 23 Apr 2010 13:03:16 +0000 (15:03 +0200)]
added ikev2/alg-modp-subgroup scenario

11 years agoinclude dhcp-client-identifier in the DHCP request
Andreas Steffen [Fri, 23 Apr 2010 10:57:43 +0000 (12:57 +0200)]
include dhcp-client-identifier in the DHCP request

11 years agoadded ikev2/dhcp-static-client-id scenario
Andreas Steffen [Fri, 23 Apr 2010 10:56:59 +0000 (12:56 +0200)]
added ikev2/dhcp-static-client-id scenario

11 years agofixed optional dnsmasq.conf in the ikev2/dhcp-static-mac scenario
Andreas Steffen [Fri, 23 Apr 2010 10:38:30 +0000 (12:38 +0200)]
fixed optional dnsmasq.conf in the ikev2/dhcp-static-mac scenario

11 years agoadded ikev2/dhcp-static-mac scenario
Andreas Steffen [Fri, 23 Apr 2010 10:33:11 +0000 (12:33 +0200)]
added ikev2/dhcp-static-mac scenario

11 years agoadded ikev2/dhcp-dynamic scenario
Andreas Steffen [Fri, 23 Apr 2010 09:52:37 +0000 (11:52 +0200)]
added ikev2/dhcp-dynamic scenario

11 years agomake DHCP debug messages consistent
Andreas Steffen [Fri, 23 Apr 2010 05:37:16 +0000 (07:37 +0200)]
make DHCP debug messages consistent

11 years agofixed typo
Andreas Steffen [Thu, 22 Apr 2010 22:02:13 +0000 (00:02 +0200)]
fixed typo

11 years agoIgnore DH exchange in CHILD_SA rekeying if the selected proposal contains no DH group
Martin Willi [Wed, 21 Apr 2010 06:40:55 +0000 (08:40 +0200)]
Ignore DH exchange in CHILD_SA rekeying if the selected proposal contains no DH group

11 years agofixed segfault in pluto with multiple ISAKMP SAs in delete payload
Heiko Hund [Tue, 20 Apr 2010 19:22:50 +0000 (21:22 +0200)]
fixed segfault in pluto with multiple ISAKMP SAs in delete payload

11 years agoAdded support for DH groups 22, 23 and 24, patch contributed by Joy Latten
Martin Willi [Mon, 19 Apr 2010 12:41:20 +0000 (14:41 +0200)]
Added support for DH groups 22, 23 and 24, patch contributed by Joy Latten

11 years agoAccept DHCP replies on bootps port, as we act as a relay agent if server address...
Martin Willi [Mon, 19 Apr 2010 09:16:36 +0000 (11:16 +0200)]
Accept DHCP replies on bootps port, as we act as a relay agent if server address configured

11 years agoIntegrating libhydra into the Android build system.
Tobias Brunner [Mon, 12 Apr 2010 14:47:47 +0000 (16:47 +0200)]
Integrating libhydra into the Android build system.

11 years agoUse openssl in Android by default.
Tobias Brunner [Mon, 12 Apr 2010 13:54:48 +0000 (15:54 +0200)]
Use openssl in Android by default.

11 years agoWhen logging to the database, the IDs of an IKE SA are initially NULL.
Tobias Brunner [Mon, 12 Apr 2010 11:51:10 +0000 (13:51 +0200)]
When logging to the database, the IDs of an IKE SA are initially NULL.

11 years agofixed silly bug
Andreas Steffen [Mon, 12 Apr 2010 09:25:46 +0000 (11:25 +0200)]
fixed silly bug

11 years agoupdated DER versions of research and sales CAs
Andreas Steffen [Sun, 11 Apr 2010 20:00:01 +0000 (22:00 +0200)]
updated DER versions of research and sales CAs

11 years agoimplemented inheritance of virtual IP assigned by Mode Config on the responder side
Andreas Steffen [Sun, 11 Apr 2010 17:19:20 +0000 (19:19 +0200)]
implemented inheritance of virtual IP assigned by Mode Config on the responder side

11 years agoadded ikev1/ip-two-pools-mixed scenario
Andreas Steffen [Sun, 11 Apr 2010 15:05:42 +0000 (17:05 +0200)]
added ikev1/ip-two-pools-mixed scenario

11 years agoadded support of RAM-based pools to NEWS
Andreas Steffen [Sun, 11 Apr 2010 14:29:39 +0000 (16:29 +0200)]
added support of RAM-based pools to NEWS

11 years agoIKEv1 uses Mode Config payload
Andreas Steffen [Sun, 11 Apr 2010 14:09:09 +0000 (16:09 +0200)]
IKEv1 uses Mode Config payload

11 years agoadded ikev1/ip-two-pools scenario
Andreas Steffen [Sun, 11 Apr 2010 14:05:54 +0000 (16:05 +0200)]
added ikev1/ip-two-pools scenario

11 years agoremove virtual interfaces after scenario
Andreas Steffen [Sun, 11 Apr 2010 14:05:04 +0000 (16:05 +0200)]
remove virtual interfaces after scenario

11 years agoadded ikev1/ip-pool scenario
Andreas Steffen [Sun, 11 Apr 2010 12:40:04 +0000 (14:40 +0200)]
added ikev1/ip-pool scenario

11 years agoshow in-memory pools in ipsec statusall
Andreas Steffen [Sun, 11 Apr 2010 09:46:47 +0000 (11:46 +0200)]
show in-memory pools in ipsec statusall

11 years agoadded missing curly brackets
Andreas Steffen [Sat, 10 Apr 2010 22:49:04 +0000 (00:49 +0200)]
added missing curly brackets

11 years agosupport in-memory pools in swapped connection definitions
Andreas Steffen [Sat, 10 Apr 2010 22:26:49 +0000 (00:26 +0200)]
support in-memory pools in swapped connection definitions

11 years agoFixed OpenSSL engine_id setting, i.e. do not use 'library.' prefix for settings in...
Tobias Brunner [Sat, 10 Apr 2010 10:10:04 +0000 (12:10 +0200)]
Fixed OpenSSL engine_id setting, i.e. do not use 'library.' prefix for settings in libstrongswan.

11 years agopluto now requires attr plugin for dns and nbns server loading from strongswan.conf
Andreas Steffen [Fri, 9 Apr 2010 19:03:32 +0000 (21:03 +0200)]
pluto now requires attr plugin for dns and nbns server loading from strongswan.conf

11 years agoStore DH generator in a chunk, hide non-public data in a private struct
Martin Willi [Thu, 8 Apr 2010 13:08:35 +0000 (15:08 +0200)]
Store DH generator in a chunk, hide non-public data in a private struct

11 years agorecovered private keys of no CDP certificates
Andreas Steffen [Wed, 7 Apr 2010 17:37:53 +0000 (19:37 +0200)]
recovered private keys of no CDP certificates

11 years agorecovered lost Duck CA certificates
Andreas Steffen [Wed, 7 Apr 2010 17:30:33 +0000 (19:30 +0200)]
recovered lost Duck CA certificates

11 years agoMigrated scepclient/openac logging hooks to new signature
Martin Willi [Wed, 7 Apr 2010 13:51:55 +0000 (15:51 +0200)]
Migrated scepclient/openac logging hooks to new signature

11 years agoRemove to_referer() method, as it fails if no referer was given
Martin Willi [Wed, 7 Apr 2010 13:36:22 +0000 (15:36 +0200)]
Remove to_referer() method, as it fails if no referer was given

11 years agoRenamed clone function to avoid name clash with uclibc
Martin Willi [Wed, 7 Apr 2010 12:54:22 +0000 (14:54 +0200)]
Renamed clone function to avoid name clash with uclibc

11 years agoNEWS about HA plugin
Martin Willi [Wed, 7 Apr 2010 12:16:52 +0000 (14:16 +0200)]
NEWS about HA plugin

11 years agoUpdated HA plugin to new APIs
Martin Willi [Mon, 22 Mar 2010 10:25:27 +0000 (10:25 +0000)]
Updated HA plugin to new APIs

11 years agoUpdated location of traffic selector header
Martin Willi [Fri, 19 Mar 2010 18:06:53 +0000 (19:06 +0100)]
Updated location of traffic selector header

11 years agoMoved ha plugin to libcharon
Martin Willi [Fri, 19 Mar 2010 18:03:46 +0000 (19:03 +0100)]
Moved ha plugin to libcharon

11 years agoMake resync/monitoring functionality optional
Martin Willi [Wed, 30 Sep 2009 14:23:58 +0000 (16:23 +0200)]
Make resync/monitoring functionality optional

11 years agoListen to ike_updown/rekey hook instead of ike_state_change
Martin Willi [Wed, 30 Sep 2009 09:48:15 +0000 (11:48 +0200)]
Listen to ike_updown/rekey hook instead of ike_state_change

11 years agoRequest a complete resync after daemon startup
Martin Willi [Wed, 30 Sep 2009 09:04:22 +0000 (11:04 +0200)]
Request a complete resync after daemon startup

11 years agoDo not automatically take over segments, as we need to resync first
Martin Willi [Wed, 30 Sep 2009 08:36:27 +0000 (10:36 +0200)]
Do not automatically take over segments, as we need to resync first

11 years agoDrop overlapping segments only if we have no active SAs on it
Martin Willi [Tue, 29 Sep 2009 14:40:58 +0000 (16:40 +0200)]
Drop overlapping segments only if we have no active SAs on it

11 years agoDo not install iptables rules, they should stay active after shutdown
Martin Willi [Tue, 29 Sep 2009 14:05:46 +0000 (16:05 +0200)]
Do not install iptables rules, they should stay active after shutdown

11 years agoTake over all segments if heartbeat becomes silent
Martin Willi [Tue, 29 Sep 2009 14:04:51 +0000 (16:04 +0200)]
Take over all segments if heartbeat becomes silent