This commit is contained in:
Martin Willi
parent
64f4d91898
commit
22ff6f578f
269
ChangeLog
269
ChangeLog
|
|
@ -1,143 +1,142 @@
|
|||
strongSwan-4.0.0 / R:967
|
||||
==========================
|
||||
|
||||
- removed IKEV2 ifdefs
|
||||
- applied patch from andreas
|
||||
- added charonstart option to config
|
||||
- new ikev2 tests for UML
|
||||
- applied patch from andreas
|
||||
- pem loading
|
||||
- secrets file parsing
|
||||
- ikev2 testcase
|
||||
- some other additions here and there
|
||||
- connection termination is handled cleanly by name now
|
||||
- fixed bad bug, certs load now cleanly again
|
||||
- fixed make install (subdir order)
|
||||
- fixed include path
|
||||
- added missing script
|
||||
- finished initial import of strongswan file tree
|
||||
- removed a lot of old and unused stuff
|
||||
- moved RFCs from ikev2 into doc dir
|
||||
- added missing files for starter
|
||||
- applied patch for charon (this time really)
|
||||
- import of strongswan-2.7.0
|
||||
- applied patch for charon
|
||||
- renamed get_block_size of hasher
|
||||
- reworked usage of IDs in various states
|
||||
- using ID_ANY for any, not NULL as before
|
||||
- initiator sends IDr payload in IKE_AUTH when ID unique
|
||||
- fixed charon checks
|
||||
- using status & statusall
|
||||
- patch for 2.7.0
|
||||
- add connection names to connections
|
||||
- stroke status / ipsec status shows them
|
||||
- added statusall for stroke
|
||||
- added status by connection name
|
||||
- some tests repaired, more to come
|
||||
- fixed spi conversion
|
||||
- improved "stroke status" output
|
||||
- setup PID file after daemon initilization, to correctly inform
|
||||
removed IKEV2 ifdefs
|
||||
applied patch from andreas
|
||||
added charonstart option to config
|
||||
new ikev2 tests for UML
|
||||
applied patch from andreas
|
||||
pem loading
|
||||
secrets file parsing
|
||||
ikev2 testcase
|
||||
some other additions here and there
|
||||
connection termination is handled cleanly by name now
|
||||
fixed bad bug, certs load now cleanly again
|
||||
fixed make install (subdir order)
|
||||
fixed include path
|
||||
added missing script
|
||||
finished initial import of strongswan file tree
|
||||
removed a lot of old and unused stuff
|
||||
moved RFCs from ikev2 into doc dir
|
||||
added missing files for starter
|
||||
applied patch for charon (this time really)
|
||||
import of strongswan-2.7.0
|
||||
applied patch for charon
|
||||
renamed get_block_size of hasher
|
||||
reworked usage of IDs in various states
|
||||
using ID_ANY for any, not NULL as before
|
||||
initiator sends IDr payload in IKE_AUTH when ID unique
|
||||
fixed charon checks
|
||||
using status & statusall
|
||||
patch for 2.7.0
|
||||
add connection names to connections
|
||||
stroke status / ipsec status shows them
|
||||
added statusall for stroke
|
||||
added status by connection name
|
||||
some tests repaired, more to come
|
||||
fixed spi conversion
|
||||
improved "stroke status" output
|
||||
setup PID file after daemon initilization, to correctly inform
|
||||
starter about daemon startup
|
||||
- added separate implementation for connection_store, credential_store, policy_store
|
||||
- added folder structure to config
|
||||
- credentials are fetched solely on IDs now
|
||||
- identification_t supports now almost all id types
|
||||
- x509 certificates work with identification_t now
|
||||
- fixes here, fixes there
|
||||
- fixed doxygen build
|
||||
- seperates now in lib and charon
|
||||
- library initialization done at a central point (library.c)
|
||||
- some leak_detective fixes
|
||||
- updated Todos
|
||||
- fixed log-to-syslog behavior
|
||||
- added patch against strongswan-2.6.4
|
||||
- x509 certificate loading with pluto asn1 code
|
||||
- x509 needs a lot more attention!
|
||||
- renamed some files
|
||||
- using asn1 pluto stuff now
|
||||
- removed, since we use pluto asn1 stuff
|
||||
- leak detective is usable, but does not show static function names
|
||||
- a script which gets address via ldd and resolves address via addr2line would be nice
|
||||
- fixed a leak in child_sa with new detective ;-)
|
||||
- some improvements to new asn1 stuff
|
||||
- to be continued
|
||||
- fixed bad bugs in kernel interface
|
||||
- added some logging info
|
||||
- works now much more stable
|
||||
- startet importing pluto ASN1 stuff
|
||||
- der PKCS#1 key loading works (as it did with der_decoder)
|
||||
- split up in libstrong, charon, stroke, testing done
|
||||
- new leak detective with malloc hook in library
|
||||
- useable, but needs improvements
|
||||
- logger_manager has now a single instance per library
|
||||
- allows use of loggers from any linking prog
|
||||
- a LOT of other things
|
||||
added separate implementation for connection_store, credential_store, policy_store
|
||||
added folder structure to config
|
||||
credentials are fetched solely on IDs now
|
||||
identification_t supports now almost all id types
|
||||
x509 certificates work with identification_t now
|
||||
fixes here, fixes there
|
||||
fixed doxygen build
|
||||
seperates now in lib and charon
|
||||
library initialization done at a central point (library.c)
|
||||
some leak_detective fixes
|
||||
updated Todos
|
||||
fixed log-to-syslog behavior
|
||||
added patch against strongswan-2.6.4
|
||||
x509 certificate loading with pluto asn1 code
|
||||
x509 needs a lot more attention!
|
||||
renamed some files
|
||||
using asn1 pluto stuff now
|
||||
removed, since we use pluto asn1 stuff
|
||||
leak detective is usable, but does not show static function names
|
||||
a script which gets address via ldd and resolves address via addr2line would be nice
|
||||
fixed a leak in child_sa with new detective ;-)
|
||||
some improvements to new asn1 stuff
|
||||
to be continued
|
||||
fixed bad bugs in kernel interface
|
||||
added some logging info
|
||||
works now much more stable
|
||||
startet importing pluto ASN1 stuff
|
||||
der PKCS#1 key loading works (as it did with der_decoder)
|
||||
split up in libstrong, charon, stroke, testing done
|
||||
new leak detective with malloc hook in library
|
||||
useable, but needs improvements
|
||||
logger_manager has now a single instance per library
|
||||
allows use of loggers from any linking prog
|
||||
a LOT of other things
|
||||
../svn-commit.tmp
|
||||
- added misssing stroke.h
|
||||
- improved strokeing
|
||||
- down connection
|
||||
- status
|
||||
- some other tweaks
|
||||
- rewrote a lot of RSA stuff
|
||||
- done major work for ASN1/decoder
|
||||
- allow loading of ASN1 der encoded private keys, public keys and certificates
|
||||
- extracting public key from certificates
|
||||
- passing certificates from stroke to charon
|
||||
added misssing stroke.h
|
||||
improved strokeing
|
||||
down connection
|
||||
status
|
||||
some other tweaks
|
||||
rewrote a lot of RSA stuff
|
||||
done major work for ASN1/decoder
|
||||
allow loading of ASN1 der encoded private keys, public keys and certificates
|
||||
extracting public key from certificates
|
||||
passing certificates from stroke to charon
|
||||
=> basic authentication with RSA certificates works!
|
||||
- starter work on asn1 with der de/encoder
|
||||
- RSA private and public key can load read key from ASN1 DER
|
||||
- some other fixes here and there
|
||||
- rewrite of logger_manager, uses now one instance per context
|
||||
- cleanups for logger here and there
|
||||
- removed critical flag check in payload verification (conformance to IKEv2)
|
||||
- so thats and theres everywere... ;-)
|
||||
- patch for strongswan-2.6.3
|
||||
- added charon support for strongswan build process
|
||||
- ipsec starter supports charon startup and control
|
||||
- removed old diploma thesis scripts
|
||||
- some cleanups
|
||||
- compatibility to strongswan, Makefile can be called by "make programs"
|
||||
starter work on asn1 with der de/encoder
|
||||
RSA private and public key can load read key from ASN1 DER
|
||||
some other fixes here and there
|
||||
rewrite of logger_manager, uses now one instance per context
|
||||
cleanups for logger here and there
|
||||
removed critical flag check in payload verification (conformance to IKEv2)
|
||||
so thats and theres everywere... ;-)
|
||||
patch for strongswan-2.6.3
|
||||
added charon support for strongswan build process
|
||||
ipsec starter supports charon startup and control
|
||||
removed old diploma thesis scripts
|
||||
some cleanups
|
||||
compatibility to strongswan, Makefile can be called by "make programs"
|
||||
and "make install" (ikev2 patch must be applied to strongswan)
|
||||
- first version of stroke control utility
|
||||
- moved output to doc/api, since doc is used for other docs now
|
||||
- some first documentation in english
|
||||
- removed old eclipse project files
|
||||
- works quite well now with ipsec.conf & ipsec starter
|
||||
- belongs to previous commit ;-)
|
||||
- reworked configuration framework completly
|
||||
- configuration is now split up in: connections, policies, credentials and daemon config
|
||||
- further alloc/free fixes needed!
|
||||
- first attempt for connection loading and starting via "stroke"
|
||||
- some improvements here and there
|
||||
- configuration_manager replaced by configuration_t interface
|
||||
- current configuration_manager is now static_configuration (testing)
|
||||
- first draft of starter_configuration, which should once interact with ipsec starter (via whack?)
|
||||
- some cleanups
|
||||
- socket_t uses RAW socket, which allows parallel service of pluto/charon
|
||||
- comments and cleanups
|
||||
- working policy installation and removal
|
||||
- fixed policy setup bug
|
||||
- proposal setup implementation begun
|
||||
- fixed socket code, so we know on which address we receive traffic
|
||||
- AH/ESP setup in kernel is working now!!! :-)))
|
||||
- installing of child sa works
|
||||
- need correct IP adresses to actually use IPsec
|
||||
- new RFCs of IKEv2, IKEv2 algs and IPSec arch added
|
||||
- update of IKEv2 clarification document
|
||||
- refactored ike proposal
|
||||
- uses now proposal_t, wich is also used by child proposals
|
||||
- ike key derivation refactored
|
||||
- crypter_t api has get_key_size now
|
||||
- some other improvements here and there
|
||||
- config uses uml hosts alice and bob
|
||||
- key derivation for child_sa works
|
||||
- some fixes here and there
|
||||
- fixed memleaks
|
||||
- works with new proposal code
|
||||
- still some(!) memleaks
|
||||
- fixed alot of bugs in child_proposal
|
||||
- near to working state ;-)
|
||||
- dead end implementation
|
||||
first version of stroke control utility
|
||||
moved output to doc/api, since doc is used for other docs now
|
||||
some first documentation in english
|
||||
removed old eclipse project files
|
||||
works quite well now with ipsec.conf & ipsec starter
|
||||
belongs to previous commit ;-)
|
||||
reworked configuration framework completly
|
||||
configuration is now split up in: connections, policies, credentials and daemon config
|
||||
further alloc/free fixes needed!
|
||||
first attempt for connection loading and starting via "stroke"
|
||||
some improvements here and there
|
||||
configuration_manager replaced by configuration_t interface
|
||||
current configuration_manager is now static_configuration (testing)
|
||||
first draft of starter_configuration, which should once interact with ipsec starter (via whack?)
|
||||
some cleanups
|
||||
socket_t uses RAW socket, which allows parallel service of pluto/charon
|
||||
comments and cleanups
|
||||
working policy installation and removal
|
||||
fixed policy setup bug
|
||||
proposal setup implementation begun
|
||||
fixed socket code, so we know on which address we receive traffic
|
||||
AH/ESP setup in kernel is working now!!! :-)))
|
||||
installing of child sa works
|
||||
need correct IP adresses to actually use IPsec
|
||||
new RFCs of IKEv2, IKEv2 algs and IPSec arch added
|
||||
update of IKEv2 clarification document
|
||||
refactored ike proposal
|
||||
uses now proposal_t, wich is also used by child proposals
|
||||
ike key derivation refactored
|
||||
crypter_t api has get_key_size now
|
||||
some other improvements here and there
|
||||
config uses uml hosts alice and bob
|
||||
key derivation for child_sa works
|
||||
some fixes here and there
|
||||
fixed memleaks
|
||||
works with new proposal code
|
||||
still some(!) memleaks
|
||||
fixed alot of bugs in child_proposal
|
||||
near to working state ;-)
|
||||
dead end implementation
|
||||
|
||||
- ... there is a lot more of it, but
|
||||
nothing of interest
|
||||
... there is a lot more of it, but nothing of interest
|
||||
|
|
|
|||
11
NEWS
11
NEWS
|
|
@ -1,9 +1,20 @@
|
|||
|
||||
- initial support for rekeying CHILD_SAs using IKEv2. Currently
|
||||
perfect forward secrecy is not supported. The rekeying parameters
|
||||
rekeymargin, rekeyfuzz and keylife from ipsec.conf are now supported
|
||||
when using IKEv2.
|
||||
|
||||
- new build environment featuring autotools. Features such
|
||||
as HTTP, LDAP and smartcard support may be enabled using
|
||||
the ./configure script. Changing install directories
|
||||
is possible, too. See ./configure --help for more details.
|
||||
|
||||
- better integration of charon with ipsec starter, which allows
|
||||
(almost) transparent operation with both daemons. charon
|
||||
handles ipsec commands up, down, status, statusall, listall,
|
||||
listcerts and allows proper load, reload and delete of connections
|
||||
via ipsec starter.
|
||||
|
||||
strongswan-4.0.0
|
||||
----------------
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue