strongswan.git
13 years agoremoved stale ocsp header
Martin Willi [Tue, 8 Apr 2008 06:27:04 +0000 (06:27 -0000)]
removed stale ocsp header

13 years agofast finishing connectivity checks on the initiators side
Tobias Brunner [Mon, 7 Apr 2008 15:45:37 +0000 (15:45 -0000)]
fast finishing connectivity checks on the initiators side

13 years agocorrected the logging for retransmissions of connectivity checks
Tobias Brunner [Mon, 7 Apr 2008 14:45:39 +0000 (14:45 -0000)]
corrected the logging for retransmissions of connectivity checks

13 years agochanged how retransmissions of connectivity checks are sent
Tobias Brunner [Mon, 7 Apr 2008 11:26:15 +0000 (11:26 -0000)]
changed how retransmissions of connectivity checks are sent

13 years agofixed doxygen groups to avoid recursion
Martin Willi [Mon, 7 Apr 2008 10:37:14 +0000 (10:37 -0000)]
fixed doxygen groups to avoid recursion

13 years agowildcard matching in shared secrets not implemented yet
Andreas Steffen [Mon, 7 Apr 2008 10:29:08 +0000 (10:29 -0000)]
wildcard matching in shared secrets not implemented yet

13 years agoadded sql/rw-psk-ipv4 scenario
Andreas Steffen [Mon, 7 Apr 2008 10:24:49 +0000 (10:24 -0000)]
added sql/rw-psk-ipv4 scenario

13 years agofixing another memory leak
Tobias Brunner [Mon, 7 Apr 2008 09:36:52 +0000 (09:36 -0000)]
fixing another memory leak

13 years agoset accelerated rekeying defaults in ipsec.sql for UML scenarios
Andreas Steffen [Mon, 7 Apr 2008 09:10:58 +0000 (09:10 -0000)]
set accelerated rekeying defaults in ipsec.sql for UML scenarios

13 years agoadded sql/rw-cert scenario
Andreas Steffen [Mon, 7 Apr 2008 08:57:46 +0000 (08:57 -0000)]
added sql/rw-cert scenario

13 years agouse cert->equals() to filter out equal certificates in seperate instances
Martin Willi [Mon, 7 Apr 2008 08:48:08 +0000 (08:48 -0000)]
use cert->equals() to filter out equal certificates in seperate instances

13 years agotry to cache the same instance of equal certificates
Martin Willi [Mon, 7 Apr 2008 08:44:43 +0000 (08:44 -0000)]
try to cache the same instance of equal certificates

13 years agocompare certificates against full encoding to allow equality check of untrusted certs
Martin Willi [Mon, 7 Apr 2008 08:28:35 +0000 (08:28 -0000)]
compare certificates against full encoding to allow equality check of untrusted certs

13 years agofixed bad cleanup which results in segfault if no issuer cert found, fixes #43
Martin Willi [Mon, 7 Apr 2008 08:06:02 +0000 (08:06 -0000)]
fixed bad cleanup which results in segfault if no issuer cert found, fixes #43

13 years agofixed path to ipsec.sql
Andreas Steffen [Mon, 7 Apr 2008 07:57:38 +0000 (07:57 -0000)]
fixed path to ipsec.sql

13 years agoipsec.sql remains in /etc/ipsec.d
Andreas Steffen [Mon, 7 Apr 2008 07:25:04 +0000 (07:25 -0000)]
ipsec.sql remains in /etc/ipsec.d

13 years agomoved strongswan.conf to /etc
Andreas Steffen [Mon, 7 Apr 2008 07:21:06 +0000 (07:21 -0000)]
moved strongswan.conf to /etc

13 years agocosmetics
Andreas Steffen [Mon, 7 Apr 2008 07:02:47 +0000 (07:02 -0000)]
cosmetics

13 years agoadded ./configure option --with-strongswan-conf=
Martin Willi [Mon, 7 Apr 2008 06:56:33 +0000 (06:56 -0000)]
added ./configure option --with-strongswan-conf=
defaults to /etc/strongswan.conf

13 years agofixed segfault when opening a SQLite database fails
Martin Willi [Mon, 7 Apr 2008 06:49:13 +0000 (06:49 -0000)]
fixed segfault when opening a SQLite database fails

13 years agodo-tests now lists strongswan.conf and ip xfrm policy|state
Andreas Steffen [Mon, 7 Apr 2008 06:14:21 +0000 (06:14 -0000)]
do-tests now lists strongswan.conf and ip xfrm policy|state

13 years agoadded helper scripts to create SQL scripts
Martin Willi [Mon, 7 Apr 2008 06:06:42 +0000 (06:06 -0000)]
added helper scripts to create SQL scripts

13 years agoadded sql/net2net-psk scenario
Andreas Steffen [Sun, 6 Apr 2008 18:11:19 +0000 (18:11 -0000)]
added sql/net2net-psk scenario

13 years agocorrected description
Andreas Steffen [Sun, 6 Apr 2008 18:10:57 +0000 (18:10 -0000)]
corrected description

13 years agolog shared secret with debug level 4
Andreas Steffen [Sun, 6 Apr 2008 17:51:29 +0000 (17:51 -0000)]
log shared secret with debug level 4

13 years agodisable mobike in sql/net2net-cert scenario
Andreas Steffen [Sun, 6 Apr 2008 12:53:57 +0000 (12:53 -0000)]
disable mobike in sql/net2net-cert scenario

13 years agodefault is hostaccess=no
Andreas Steffen [Sun, 6 Apr 2008 12:15:05 +0000 (12:15 -0000)]
default is hostaccess=no

13 years agoversion bump to 4.2.1
Andreas Steffen [Sun, 6 Apr 2008 12:12:13 +0000 (12:12 -0000)]
version bump to 4.2.1

13 years agoadded sql/net2net-cert scenario
Andreas Steffen [Sun, 6 Apr 2008 12:06:33 +0000 (12:06 -0000)]
added sql/net2net-cert scenario

13 years agosupport of SQL databases in UML scenarios
Andreas Steffen [Sun, 6 Apr 2008 12:05:42 +0000 (12:05 -0000)]
support of SQL databases in UML scenarios

13 years agodo not build leak_detective.o if not enabled
Martin Willi [Fri, 4 Apr 2008 11:38:16 +0000 (11:38 -0000)]
do not build leak_detective.o if not enabled

13 years agodefining hook functions ourself as definition in uClibc and glibc differ, fixes #36
Martin Willi [Fri, 4 Apr 2008 11:37:19 +0000 (11:37 -0000)]
defining hook functions ourself as definition in uClibc and glibc differ, fixes #36

13 years agoremoved unused gmp.h to build libstrongswan without libgmp
Martin Willi [Fri, 4 Apr 2008 11:13:14 +0000 (11:13 -0000)]
removed unused gmp.h to build libstrongswan without libgmp

13 years agoand another
Tobias Brunner [Thu, 3 Apr 2008 15:22:06 +0000 (15:22 -0000)]
and another

13 years agofixed two other memory leaks
Tobias Brunner [Thu, 3 Apr 2008 15:13:25 +0000 (15:13 -0000)]
fixed two other memory leaks

13 years agoredirecting all leak_report information to stderr
Martin Willi [Thu, 3 Apr 2008 11:25:08 +0000 (11:25 -0000)]
redirecting all leak_report information to stderr

13 years agosome code cleanups
Martin Willi [Thu, 3 Apr 2008 10:22:17 +0000 (10:22 -0000)]
some code cleanups

13 years agoreplaced mutex in leak detective with thread scheduling
Tobias Brunner [Thu, 3 Apr 2008 09:24:35 +0000 (09:24 -0000)]
replaced mutex in leak detective with thread scheduling

13 years agothread locking for sender and processor optimized
Tobias Brunner [Thu, 3 Apr 2008 09:19:12 +0000 (09:19 -0000)]
thread locking for sender and processor optimized

13 years agoconfigure option in strongswan.conf for thread count
Martin Willi [Thu, 3 Apr 2008 08:37:24 +0000 (08:37 -0000)]
configure option in strongswan.conf for thread count

13 years agoupdated test data to use correct encoding data
Martin Willi [Thu, 3 Apr 2008 06:45:17 +0000 (06:45 -0000)]
updated test data to use correct encoding data

13 years agodemoted more notify debug messages to level 2 4.2.0
Andreas Steffen [Wed, 2 Apr 2008 19:15:05 +0000 (19:15 -0000)]
demoted more notify debug messages to level 2

13 years agomake peer IP address and peer IP available to the xauth_module.verify_secret() method
Andreas Steffen [Wed, 2 Apr 2008 19:04:45 +0000 (19:04 -0000)]
make peer IP address and peer IP available to the xauth_module.verify_secret() method

13 years agorenamed AES_cbc_encrypt to SS_AES_cbc_encrypt due to name collision with OpenSSL...
Andreas Steffen [Wed, 2 Apr 2008 18:51:10 +0000 (18:51 -0000)]
renamed AES_cbc_encrypt to SS_AES_cbc_encrypt due to name collision with OpenSSL library

13 years agosupport of force_keepalive parameter
Andreas Steffen [Wed, 2 Apr 2008 18:35:23 +0000 (18:35 -0000)]
support of force_keepalive parameter

13 years agofixing some memory leaks
Tobias Brunner [Wed, 2 Apr 2008 18:21:03 +0000 (18:21 -0000)]
fixing some memory leaks

13 years agosecuring total_threads with the mutex while destroying the processor
Tobias Brunner [Wed, 2 Apr 2008 15:28:08 +0000 (15:28 -0000)]
securing total_threads with the mutex while destroying the processor

13 years agogenerate debug output if ocsp response does not contain status information for a...
Andreas Steffen [Wed, 2 Apr 2008 14:28:17 +0000 (14:28 -0000)]
generate debug output if ocsp response does not contain status information for a given certificate

13 years agoupdated TODO
Martin Willi [Wed, 2 Apr 2008 13:21:02 +0000 (13:21 -0000)]
updated TODO

13 years agoadded some NEWS for the 4.2 release
Martin Willi [Wed, 2 Apr 2008 13:20:46 +0000 (13:20 -0000)]
added some NEWS for the 4.2 release

13 years agoupdated RFCs/drafts
Martin Willi [Wed, 2 Apr 2008 13:20:14 +0000 (13:20 -0000)]
updated RFCs/drafts

13 years agofixed med_db test
Martin Willi [Wed, 2 Apr 2008 12:27:39 +0000 (12:27 -0000)]
fixed med_db test

13 years agoupdated mediation database to public key authentication
Martin Willi [Wed, 2 Apr 2008 12:25:14 +0000 (12:25 -0000)]
updated mediation database to public key authentication
added mysql table definition, test data
testcase

13 years agofixed compile warnings
Martin Willi [Wed, 2 Apr 2008 09:54:20 +0000 (09:54 -0000)]
fixed compile warnings

13 years agoadditional debug line makes certificate status checking more understandable
Andreas Steffen [Wed, 2 Apr 2008 06:25:59 +0000 (06:25 -0000)]
additional debug line makes certificate status checking more understandable

13 years agoworkaround for parsing IPv6 PSKs requires extract_last_token()
Andreas Steffen [Tue, 1 Apr 2008 20:40:29 +0000 (20:40 -0000)]
workaround for parsing IPv6 PSKs requires extract_last_token()

13 years agodemoted received notify debug message to level 2
Andreas Steffen [Tue, 1 Apr 2008 20:22:38 +0000 (20:22 -0000)]
demoted received notify debug message to level 2

13 years agoadapted ikev2 uml scenarios for the 4.2 version
Andreas Steffen [Tue, 1 Apr 2008 20:05:02 +0000 (20:05 -0000)]
adapted ikev2 uml scenarios for the 4.2 version

13 years agoadded missing files for commit [3721]
Martin Willi [Tue, 1 Apr 2008 15:03:02 +0000 (15:03 -0000)]
added missing files for commit [3721]

13 years agoloading of subjectPublicKeyInfo wrapped keys using KEY_ANY (openssl format)
Martin Willi [Tue, 1 Apr 2008 14:51:31 +0000 (14:51 -0000)]
loading of subjectPublicKeyInfo wrapped keys using KEY_ANY (openssl format)
testcase

13 years agoand a fix for it
Martin Willi [Tue, 1 Apr 2008 14:26:31 +0000 (14:26 -0000)]
and a fix for it

13 years agosimple converter from binary data to a c array
Martin Willi [Tue, 1 Apr 2008 14:19:22 +0000 (14:19 -0000)]
simple converter from binary data to a c array

13 years agoremoved unneded publicKeyInfo ASN1 structure
Martin Willi [Tue, 1 Apr 2008 13:39:12 +0000 (13:39 -0000)]
removed unneded publicKeyInfo ASN1 structure

13 years agominimal stroke_list_ocsp() implementation
Andreas Steffen [Tue, 1 Apr 2008 12:11:09 +0000 (12:11 -0000)]
minimal stroke_list_ocsp() implementation

13 years agostopping connectivity checks on the responders side after receiving an IKE_SA_INIT...
Tobias Brunner [Tue, 1 Apr 2008 11:38:18 +0000 (11:38 -0000)]
stopping connectivity checks on the responders side after receiving an IKE_SA_INIT request with the proper ME_CONNECTID

13 years agosome simplifications to trusted_enumerator_t
Martin Willi [Tue, 1 Apr 2008 10:56:08 +0000 (10:56 -0000)]
some simplifications to trusted_enumerator_t

13 years agochecking pretrusted but bad certificates only once
Martin Willi [Tue, 1 Apr 2008 10:43:44 +0000 (10:43 -0000)]
checking pretrusted but bad certificates only once

13 years agostroke_list groups certificates by issuer
Andreas Steffen [Tue, 1 Apr 2008 10:26:27 +0000 (10:26 -0000)]
stroke_list groups certificates by issuer

13 years agoreplaced the example manager database by a sql script
Martin Willi [Tue, 1 Apr 2008 07:16:48 +0000 (07:16 -0000)]
replaced the example manager database by a sql script

13 years agochanged enumerator implementation to handle reentrant code
Martin Willi [Tue, 1 Apr 2008 06:51:55 +0000 (06:51 -0000)]
changed enumerator implementation to handle reentrant code

13 years agominor changes in debug output
Andreas Steffen [Mon, 31 Mar 2008 21:59:32 +0000 (21:59 -0000)]
minor changes in debug output

13 years agoput DN in double quotes
Andreas Steffen [Mon, 31 Mar 2008 21:08:56 +0000 (21:08 -0000)]
put DN in double quotes

13 years agooutput error message if maximum ca path length is reached
Andreas Steffen [Mon, 31 Mar 2008 20:42:57 +0000 (20:42 -0000)]
output error message if maximum ca path length is reached

13 years agoipsec list suppresses duplicates
Andreas Steffen [Mon, 31 Mar 2008 20:21:24 +0000 (20:21 -0000)]
ipsec list suppresses duplicates

13 years agotiming of connectivity checks adjusted
Tobias Brunner [Mon, 31 Mar 2008 15:04:38 +0000 (15:04 -0000)]
timing of connectivity checks adjusted

13 years agodefining ME globally, as we need it in plugins
Martin Willi [Mon, 31 Mar 2008 15:01:43 +0000 (15:01 -0000)]
defining ME globally, as we need it in plugins

13 years agoutc argument in %#T was missing
Andreas Steffen [Mon, 31 Mar 2008 14:36:00 +0000 (14:36 -0000)]
utc argument in %#T was missing

13 years agosignal fixed
Tobias Brunner [Mon, 31 Mar 2008 14:27:16 +0000 (14:27 -0000)]
signal fixed

13 years agodisabled build of outdated dbus interface
Andreas Steffen [Mon, 31 Mar 2008 12:59:39 +0000 (12:59 -0000)]
disabled build of outdated dbus interface

13 years agochanged order of server and peer reflexive endpoints (and also the priorities)
Tobias Brunner [Mon, 31 Mar 2008 10:56:49 +0000 (10:56 -0000)]
changed order of server and peer reflexive endpoints (and also the priorities)

13 years agoreceived certificates have least priority
Martin Willi [Mon, 31 Mar 2008 08:43:18 +0000 (08:43 -0000)]
received certificates have least priority
fixed manager unlocking

13 years agofixed refcounting in certificate trustchain validation
Martin Willi [Mon, 31 Mar 2008 07:16:12 +0000 (07:16 -0000)]
fixed refcounting in certificate trustchain validation

13 years agoadapted configure options in testing.conf and build-umlrootfs
Andreas Steffen [Sat, 29 Mar 2008 19:33:02 +0000 (19:33 -0000)]
adapted configure options in testing.conf and build-umlrootfs

13 years agochanged error message
Andreas Steffen [Sat, 29 Mar 2008 13:26:53 +0000 (13:26 -0000)]
changed error message

13 years agooutput uptime in status in local time
Andreas Steffen [Sat, 29 Mar 2008 08:55:09 +0000 (08:55 -0000)]
output uptime in status in local time

13 years agoshortened menu item
Andreas Steffen [Fri, 28 Mar 2008 22:46:09 +0000 (22:46 -0000)]
shortened menu item

13 years agodemoted ldap debug output to level 2
Andreas Steffen [Fri, 28 Mar 2008 22:44:45 +0000 (22:44 -0000)]
demoted ldap debug output to level 2

13 years agoremove xml directory
Andreas Steffen [Fri, 28 Mar 2008 19:49:59 +0000 (19:49 -0000)]
remove xml directory

13 years agoleak detective detects heap over- and underflow
Martin Willi [Fri, 28 Mar 2008 14:51:26 +0000 (14:51 -0000)]
leak detective detects heap over- and underflow

13 years agoupdated leak_detective whitelist: libxml and clearsilver functions
Martin Willi [Fri, 28 Mar 2008 13:16:36 +0000 (13:16 -0000)]
updated leak_detective whitelist: libxml and clearsilver functions

13 years agorenamed xml plugin to smp to avoid confusion
Martin Willi [Fri, 28 Mar 2008 12:44:01 +0000 (12:44 -0000)]
renamed xml plugin to smp to avoid confusion
added some dependency checks to configure
configure checks ClearSilver and fastcgi
cleanups in the build system here and there

13 years agofixed manager plugin loading
Martin Willi [Fri, 28 Mar 2008 12:41:05 +0000 (12:41 -0000)]
fixed manager plugin loading
manager uses strongswan.conf to read its configuration

13 years agofixed crash if crl fetching fails
Martin Willi [Fri, 28 Mar 2008 12:00:51 +0000 (12:00 -0000)]
fixed crash if crl fetching fails

13 years agofixed all pluto compiler warnings
Martin Willi [Fri, 28 Mar 2008 11:48:14 +0000 (11:48 -0000)]
fixed all pluto compiler warnings

13 years agofixed compiler warning in openace
Martin Willi [Fri, 28 Mar 2008 11:47:11 +0000 (11:47 -0000)]
fixed compiler warning in openace
fixed pem loading bug

13 years agofixed compiler warning in libfreeswan
Martin Willi [Fri, 28 Mar 2008 11:46:30 +0000 (11:46 -0000)]
fixed compiler warning in libfreeswan

13 years agofixed compiler warning in scepclient
Martin Willi [Fri, 28 Mar 2008 11:45:56 +0000 (11:45 -0000)]
fixed compiler warning in scepclient

13 years agoremoved unused yynuput to fix compiler warning
Martin Willi [Fri, 28 Mar 2008 11:45:01 +0000 (11:45 -0000)]
removed unused yynuput to fix compiler warning

13 years agofixed compiler warning
Martin Willi [Fri, 28 Mar 2008 10:21:04 +0000 (10:21 -0000)]
fixed compiler warning

13 years agoreentrant save cert_cache
Martin Willi [Fri, 28 Mar 2008 08:38:51 +0000 (08:38 -0000)]
reentrant save cert_cache