strongswan.git
12 years agouse ip6tables in sql/rw-psk-ipv6 scenario
Andreas Steffen [Mon, 14 Apr 2008 06:10:10 +0000 (06:10 -0000)]
use ip6tables in sql/rw-psk-ipv6 scenario

12 years agofixed suppression of cert requests in eap-sim and eap-aka scenarios
Andreas Steffen [Mon, 14 Apr 2008 04:33:17 +0000 (04:33 -0000)]
fixed suppression of cert requests in eap-sim and eap-aka scenarios

12 years agohost_srcip was not properly initialized in starterwhack.c
Andreas Steffen [Sun, 13 Apr 2008 21:42:44 +0000 (21:42 -0000)]
host_srcip was not properly initialized in starterwhack.c

12 years agoadded sql/rw-psk-ipv6 scenario
Andreas Steffen [Sun, 13 Apr 2008 19:50:15 +0000 (19:50 -0000)]
added sql/rw-psk-ipv6 scenario

12 years agoadded sql/rw-psk-rsa-split scenario
Andreas Steffen [Sun, 13 Apr 2008 19:49:20 +0000 (19:49 -0000)]
added sql/rw-psk-rsa-split scenario

12 years agofixed disabling the sending of cert requests
Andreas Steffen [Sun, 13 Apr 2008 17:31:07 +0000 (17:31 -0000)]
fixed disabling the sending of cert requests

12 years agousing dpd actions to enforce connection state
Martin Willi [Fri, 11 Apr 2008 08:14:48 +0000 (08:14 -0000)]
using dpd actions to enforce connection state
dpd actions a per child-, not peer ike-sa

12 years agoenabling acquire for mediated connections
Tobias Brunner [Thu, 10 Apr 2008 12:51:04 +0000 (12:51 -0000)]
enabling acquire for mediated connections

12 years agoenabling reauthentication on mediation connections
Tobias Brunner [Thu, 10 Apr 2008 08:42:27 +0000 (08:42 -0000)]
enabling reauthentication on mediation connections

12 years agofixing a problem if the mediation server initiates the rekeying
Tobias Brunner [Thu, 10 Apr 2008 07:24:30 +0000 (07:24 -0000)]
fixing a problem if the mediation server initiates the rekeying

12 years agomediation connections should now properly rekey
Tobias Brunner [Wed, 9 Apr 2008 18:12:22 +0000 (18:12 -0000)]
mediation connections should now properly rekey

12 years agoimplemented a simple attribute provider for stroke
Martin Willi [Wed, 9 Apr 2008 12:56:20 +0000 (12:56 -0000)]
implemented a simple attribute provider for stroke

12 years agoimplementation of an CFG attribute framework, currently supporting virtual IPs
Martin Willi [Wed, 9 Apr 2008 12:54:47 +0000 (12:54 -0000)]
implementation of an CFG attribute framework, currently supporting virtual IPs
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool

12 years agosignature in connectivity checks is now built with the message id in network byte...
Tobias Brunner [Tue, 8 Apr 2008 13:45:30 +0000 (13:45 -0000)]
signature in connectivity checks is now built with the message id in network byte order

12 years agochanged force_encap to forceencaps
Martin Willi [Tue, 8 Apr 2008 12:53:36 +0000 (12:53 -0000)]
changed force_encap to forceencaps

12 years agoprinting the checklist, two bugfixes
Tobias Brunner [Tue, 8 Apr 2008 12:31:27 +0000 (12:31 -0000)]
printing the checklist, two bugfixes

12 years agoconnect manager: restart the sender if it is not running anymore
Tobias Brunner [Tue, 8 Apr 2008 09:21:27 +0000 (09:21 -0000)]
connect manager: restart the sender if it is not running anymore

12 years agobetter logging for chunks in connect manager
Tobias Brunner [Tue, 8 Apr 2008 08:41:23 +0000 (08:41 -0000)]
better logging for chunks in connect manager

12 years agorefactored callback data in connect manager
Tobias Brunner [Tue, 8 Apr 2008 08:33:15 +0000 (08:33 -0000)]
refactored callback data in connect manager

12 years agoremoved stale ocsp header
Martin Willi [Tue, 8 Apr 2008 06:27:04 +0000 (06:27 -0000)]
removed stale ocsp header

12 years agofast finishing connectivity checks on the initiators side
Tobias Brunner [Mon, 7 Apr 2008 15:45:37 +0000 (15:45 -0000)]
fast finishing connectivity checks on the initiators side

12 years agocorrected the logging for retransmissions of connectivity checks
Tobias Brunner [Mon, 7 Apr 2008 14:45:39 +0000 (14:45 -0000)]
corrected the logging for retransmissions of connectivity checks

12 years agochanged how retransmissions of connectivity checks are sent
Tobias Brunner [Mon, 7 Apr 2008 11:26:15 +0000 (11:26 -0000)]
changed how retransmissions of connectivity checks are sent

12 years agofixed doxygen groups to avoid recursion
Martin Willi [Mon, 7 Apr 2008 10:37:14 +0000 (10:37 -0000)]
fixed doxygen groups to avoid recursion

12 years agowildcard matching in shared secrets not implemented yet
Andreas Steffen [Mon, 7 Apr 2008 10:29:08 +0000 (10:29 -0000)]
wildcard matching in shared secrets not implemented yet

12 years agoadded sql/rw-psk-ipv4 scenario
Andreas Steffen [Mon, 7 Apr 2008 10:24:49 +0000 (10:24 -0000)]
added sql/rw-psk-ipv4 scenario

12 years agofixing another memory leak
Tobias Brunner [Mon, 7 Apr 2008 09:36:52 +0000 (09:36 -0000)]
fixing another memory leak

12 years agoset accelerated rekeying defaults in ipsec.sql for UML scenarios
Andreas Steffen [Mon, 7 Apr 2008 09:10:58 +0000 (09:10 -0000)]
set accelerated rekeying defaults in ipsec.sql for UML scenarios

12 years agoadded sql/rw-cert scenario
Andreas Steffen [Mon, 7 Apr 2008 08:57:46 +0000 (08:57 -0000)]
added sql/rw-cert scenario

12 years agouse cert->equals() to filter out equal certificates in seperate instances
Martin Willi [Mon, 7 Apr 2008 08:48:08 +0000 (08:48 -0000)]
use cert->equals() to filter out equal certificates in seperate instances

12 years agotry to cache the same instance of equal certificates
Martin Willi [Mon, 7 Apr 2008 08:44:43 +0000 (08:44 -0000)]
try to cache the same instance of equal certificates

12 years agocompare certificates against full encoding to allow equality check of untrusted certs
Martin Willi [Mon, 7 Apr 2008 08:28:35 +0000 (08:28 -0000)]
compare certificates against full encoding to allow equality check of untrusted certs

12 years agofixed bad cleanup which results in segfault if no issuer cert found, fixes #43
Martin Willi [Mon, 7 Apr 2008 08:06:02 +0000 (08:06 -0000)]
fixed bad cleanup which results in segfault if no issuer cert found, fixes #43

12 years agofixed path to ipsec.sql
Andreas Steffen [Mon, 7 Apr 2008 07:57:38 +0000 (07:57 -0000)]
fixed path to ipsec.sql

12 years agoipsec.sql remains in /etc/ipsec.d
Andreas Steffen [Mon, 7 Apr 2008 07:25:04 +0000 (07:25 -0000)]
ipsec.sql remains in /etc/ipsec.d

12 years agomoved strongswan.conf to /etc
Andreas Steffen [Mon, 7 Apr 2008 07:21:06 +0000 (07:21 -0000)]
moved strongswan.conf to /etc

12 years agocosmetics
Andreas Steffen [Mon, 7 Apr 2008 07:02:47 +0000 (07:02 -0000)]
cosmetics

12 years agoadded ./configure option --with-strongswan-conf=
Martin Willi [Mon, 7 Apr 2008 06:56:33 +0000 (06:56 -0000)]
added ./configure option --with-strongswan-conf=
defaults to /etc/strongswan.conf

12 years agofixed segfault when opening a SQLite database fails
Martin Willi [Mon, 7 Apr 2008 06:49:13 +0000 (06:49 -0000)]
fixed segfault when opening a SQLite database fails

12 years agodo-tests now lists strongswan.conf and ip xfrm policy|state
Andreas Steffen [Mon, 7 Apr 2008 06:14:21 +0000 (06:14 -0000)]
do-tests now lists strongswan.conf and ip xfrm policy|state

12 years agoadded helper scripts to create SQL scripts
Martin Willi [Mon, 7 Apr 2008 06:06:42 +0000 (06:06 -0000)]
added helper scripts to create SQL scripts

12 years agoadded sql/net2net-psk scenario
Andreas Steffen [Sun, 6 Apr 2008 18:11:19 +0000 (18:11 -0000)]
added sql/net2net-psk scenario

12 years agocorrected description
Andreas Steffen [Sun, 6 Apr 2008 18:10:57 +0000 (18:10 -0000)]
corrected description

12 years agolog shared secret with debug level 4
Andreas Steffen [Sun, 6 Apr 2008 17:51:29 +0000 (17:51 -0000)]
log shared secret with debug level 4

12 years agodisable mobike in sql/net2net-cert scenario
Andreas Steffen [Sun, 6 Apr 2008 12:53:57 +0000 (12:53 -0000)]
disable mobike in sql/net2net-cert scenario

12 years agodefault is hostaccess=no
Andreas Steffen [Sun, 6 Apr 2008 12:15:05 +0000 (12:15 -0000)]
default is hostaccess=no

12 years agoversion bump to 4.2.1
Andreas Steffen [Sun, 6 Apr 2008 12:12:13 +0000 (12:12 -0000)]
version bump to 4.2.1

12 years agoadded sql/net2net-cert scenario
Andreas Steffen [Sun, 6 Apr 2008 12:06:33 +0000 (12:06 -0000)]
added sql/net2net-cert scenario

12 years agosupport of SQL databases in UML scenarios
Andreas Steffen [Sun, 6 Apr 2008 12:05:42 +0000 (12:05 -0000)]
support of SQL databases in UML scenarios

12 years agodo not build leak_detective.o if not enabled
Martin Willi [Fri, 4 Apr 2008 11:38:16 +0000 (11:38 -0000)]
do not build leak_detective.o if not enabled

12 years agodefining hook functions ourself as definition in uClibc and glibc differ, fixes #36
Martin Willi [Fri, 4 Apr 2008 11:37:19 +0000 (11:37 -0000)]
defining hook functions ourself as definition in uClibc and glibc differ, fixes #36

12 years agoremoved unused gmp.h to build libstrongswan without libgmp
Martin Willi [Fri, 4 Apr 2008 11:13:14 +0000 (11:13 -0000)]
removed unused gmp.h to build libstrongswan without libgmp

12 years agoand another
Tobias Brunner [Thu, 3 Apr 2008 15:22:06 +0000 (15:22 -0000)]
and another

12 years agofixed two other memory leaks
Tobias Brunner [Thu, 3 Apr 2008 15:13:25 +0000 (15:13 -0000)]
fixed two other memory leaks

12 years agoredirecting all leak_report information to stderr
Martin Willi [Thu, 3 Apr 2008 11:25:08 +0000 (11:25 -0000)]
redirecting all leak_report information to stderr

12 years agosome code cleanups
Martin Willi [Thu, 3 Apr 2008 10:22:17 +0000 (10:22 -0000)]
some code cleanups

12 years agoreplaced mutex in leak detective with thread scheduling
Tobias Brunner [Thu, 3 Apr 2008 09:24:35 +0000 (09:24 -0000)]
replaced mutex in leak detective with thread scheduling

12 years agothread locking for sender and processor optimized
Tobias Brunner [Thu, 3 Apr 2008 09:19:12 +0000 (09:19 -0000)]
thread locking for sender and processor optimized

12 years agoconfigure option in strongswan.conf for thread count
Martin Willi [Thu, 3 Apr 2008 08:37:24 +0000 (08:37 -0000)]
configure option in strongswan.conf for thread count

12 years agoupdated test data to use correct encoding data
Martin Willi [Thu, 3 Apr 2008 06:45:17 +0000 (06:45 -0000)]
updated test data to use correct encoding data

12 years agodemoted more notify debug messages to level 2 4.2.0
Andreas Steffen [Wed, 2 Apr 2008 19:15:05 +0000 (19:15 -0000)]
demoted more notify debug messages to level 2

12 years agomake peer IP address and peer IP available to the xauth_module.verify_secret() method
Andreas Steffen [Wed, 2 Apr 2008 19:04:45 +0000 (19:04 -0000)]
make peer IP address and peer IP available to the xauth_module.verify_secret() method

12 years agorenamed AES_cbc_encrypt to SS_AES_cbc_encrypt due to name collision with OpenSSL...
Andreas Steffen [Wed, 2 Apr 2008 18:51:10 +0000 (18:51 -0000)]
renamed AES_cbc_encrypt to SS_AES_cbc_encrypt due to name collision with OpenSSL library

12 years agosupport of force_keepalive parameter
Andreas Steffen [Wed, 2 Apr 2008 18:35:23 +0000 (18:35 -0000)]
support of force_keepalive parameter

12 years agofixing some memory leaks
Tobias Brunner [Wed, 2 Apr 2008 18:21:03 +0000 (18:21 -0000)]
fixing some memory leaks

12 years agosecuring total_threads with the mutex while destroying the processor
Tobias Brunner [Wed, 2 Apr 2008 15:28:08 +0000 (15:28 -0000)]
securing total_threads with the mutex while destroying the processor

12 years agogenerate debug output if ocsp response does not contain status information for a...
Andreas Steffen [Wed, 2 Apr 2008 14:28:17 +0000 (14:28 -0000)]
generate debug output if ocsp response does not contain status information for a given certificate

12 years agoupdated TODO
Martin Willi [Wed, 2 Apr 2008 13:21:02 +0000 (13:21 -0000)]
updated TODO

12 years agoadded some NEWS for the 4.2 release
Martin Willi [Wed, 2 Apr 2008 13:20:46 +0000 (13:20 -0000)]
added some NEWS for the 4.2 release

12 years agoupdated RFCs/drafts
Martin Willi [Wed, 2 Apr 2008 13:20:14 +0000 (13:20 -0000)]
updated RFCs/drafts

12 years agofixed med_db test
Martin Willi [Wed, 2 Apr 2008 12:27:39 +0000 (12:27 -0000)]
fixed med_db test

12 years agoupdated mediation database to public key authentication
Martin Willi [Wed, 2 Apr 2008 12:25:14 +0000 (12:25 -0000)]
updated mediation database to public key authentication
added mysql table definition, test data
testcase

12 years agofixed compile warnings
Martin Willi [Wed, 2 Apr 2008 09:54:20 +0000 (09:54 -0000)]
fixed compile warnings

12 years agoadditional debug line makes certificate status checking more understandable
Andreas Steffen [Wed, 2 Apr 2008 06:25:59 +0000 (06:25 -0000)]
additional debug line makes certificate status checking more understandable

12 years agoworkaround for parsing IPv6 PSKs requires extract_last_token()
Andreas Steffen [Tue, 1 Apr 2008 20:40:29 +0000 (20:40 -0000)]
workaround for parsing IPv6 PSKs requires extract_last_token()

12 years agodemoted received notify debug message to level 2
Andreas Steffen [Tue, 1 Apr 2008 20:22:38 +0000 (20:22 -0000)]
demoted received notify debug message to level 2

12 years agoadapted ikev2 uml scenarios for the 4.2 version
Andreas Steffen [Tue, 1 Apr 2008 20:05:02 +0000 (20:05 -0000)]
adapted ikev2 uml scenarios for the 4.2 version

12 years agoadded missing files for commit [3721]
Martin Willi [Tue, 1 Apr 2008 15:03:02 +0000 (15:03 -0000)]
added missing files for commit [3721]

12 years agoloading of subjectPublicKeyInfo wrapped keys using KEY_ANY (openssl format)
Martin Willi [Tue, 1 Apr 2008 14:51:31 +0000 (14:51 -0000)]
loading of subjectPublicKeyInfo wrapped keys using KEY_ANY (openssl format)
testcase

12 years agoand a fix for it
Martin Willi [Tue, 1 Apr 2008 14:26:31 +0000 (14:26 -0000)]
and a fix for it

12 years agosimple converter from binary data to a c array
Martin Willi [Tue, 1 Apr 2008 14:19:22 +0000 (14:19 -0000)]
simple converter from binary data to a c array

12 years agoremoved unneded publicKeyInfo ASN1 structure
Martin Willi [Tue, 1 Apr 2008 13:39:12 +0000 (13:39 -0000)]
removed unneded publicKeyInfo ASN1 structure

12 years agominimal stroke_list_ocsp() implementation
Andreas Steffen [Tue, 1 Apr 2008 12:11:09 +0000 (12:11 -0000)]
minimal stroke_list_ocsp() implementation

12 years agostopping connectivity checks on the responders side after receiving an IKE_SA_INIT...
Tobias Brunner [Tue, 1 Apr 2008 11:38:18 +0000 (11:38 -0000)]
stopping connectivity checks on the responders side after receiving an IKE_SA_INIT request with the proper ME_CONNECTID

12 years agosome simplifications to trusted_enumerator_t
Martin Willi [Tue, 1 Apr 2008 10:56:08 +0000 (10:56 -0000)]
some simplifications to trusted_enumerator_t

12 years agochecking pretrusted but bad certificates only once
Martin Willi [Tue, 1 Apr 2008 10:43:44 +0000 (10:43 -0000)]
checking pretrusted but bad certificates only once

12 years agostroke_list groups certificates by issuer
Andreas Steffen [Tue, 1 Apr 2008 10:26:27 +0000 (10:26 -0000)]
stroke_list groups certificates by issuer

12 years agoreplaced the example manager database by a sql script
Martin Willi [Tue, 1 Apr 2008 07:16:48 +0000 (07:16 -0000)]
replaced the example manager database by a sql script

12 years agochanged enumerator implementation to handle reentrant code
Martin Willi [Tue, 1 Apr 2008 06:51:55 +0000 (06:51 -0000)]
changed enumerator implementation to handle reentrant code

12 years agominor changes in debug output
Andreas Steffen [Mon, 31 Mar 2008 21:59:32 +0000 (21:59 -0000)]
minor changes in debug output

12 years agoput DN in double quotes
Andreas Steffen [Mon, 31 Mar 2008 21:08:56 +0000 (21:08 -0000)]
put DN in double quotes

12 years agooutput error message if maximum ca path length is reached
Andreas Steffen [Mon, 31 Mar 2008 20:42:57 +0000 (20:42 -0000)]
output error message if maximum ca path length is reached

12 years agoipsec list suppresses duplicates
Andreas Steffen [Mon, 31 Mar 2008 20:21:24 +0000 (20:21 -0000)]
ipsec list suppresses duplicates

12 years agotiming of connectivity checks adjusted
Tobias Brunner [Mon, 31 Mar 2008 15:04:38 +0000 (15:04 -0000)]
timing of connectivity checks adjusted

12 years agodefining ME globally, as we need it in plugins
Martin Willi [Mon, 31 Mar 2008 15:01:43 +0000 (15:01 -0000)]
defining ME globally, as we need it in plugins

12 years agoutc argument in %#T was missing
Andreas Steffen [Mon, 31 Mar 2008 14:36:00 +0000 (14:36 -0000)]
utc argument in %#T was missing

12 years agosignal fixed
Tobias Brunner [Mon, 31 Mar 2008 14:27:16 +0000 (14:27 -0000)]
signal fixed

12 years agodisabled build of outdated dbus interface
Andreas Steffen [Mon, 31 Mar 2008 12:59:39 +0000 (12:59 -0000)]
disabled build of outdated dbus interface

12 years agochanged order of server and peer reflexive endpoints (and also the priorities)
Tobias Brunner [Mon, 31 Mar 2008 10:56:49 +0000 (10:56 -0000)]
changed order of server and peer reflexive endpoints (and also the priorities)

12 years agoreceived certificates have least priority
Martin Willi [Mon, 31 Mar 2008 08:43:18 +0000 (08:43 -0000)]
received certificates have least priority
fixed manager unlocking