4261fcedec
botan: Use strongSwan's RNG interface in Botan plugin
...
This allows using rng_t implementations provided by other plugins to
serve as RNG for Botan.
Closes strongswan/strongswan#192 .
2021-02-15 09:27:51 +01:00
737375a2d2
drbg: Implemented NIST SP-800-90A DRBG
2019-10-16 16:46:24 +02:00
d3329ee540
wolfssl: Fixes, code style changes and some refactorings
...
The main fixes are
* the generation of fingerprints for RSA, ECDSA, and EdDSA
* the encoding of ECDSA private keys
* calculating p and q for RSA private keys
* deriving the public key for raw Ed25519 private keys
Also, instead of numeric literals for buffer lengths ASN.1 related
constants are used.
2019-04-24 12:26:08 +02:00
d49ad922c1
conf: Use actually configured path for strongswan.conf
...
References #2984 .
2019-03-27 10:07:16 +01:00
a31f9b7691
libimcv: Removed TCG SWID IMC/IMV support
2018-06-12 21:47:39 +02:00
345cd4684c
save-keys: Add save-keys plugin
...
This plugin will export IKE_SA and CHILD_SA secret keys in the format used
by Wireshark.
It has to be loaded explicitly.
2018-02-15 23:03:29 +01:00
7f1d944bc9
The pacman tool got replaced by the sec-updater tool
2017-11-15 12:18:17 +01:00
8aad7ffb11
sec-updater: Import SWID tags of updated packages
...
sec-updater downloads the deb package files from security updates from
a given linux repository and uses the swid_generator command to
derive a SWID tag. The SWID tag is then imported into strongTNC
using the manage.py importswid command.
2017-09-09 20:23:19 +02:00
67402ec77b
curl: Enable following redirects
...
The maximum number of redirects can be limited. The functionality can also
be disabled.
Fixes #2366 .
2017-07-27 13:15:43 +02:00
032a5767ad
sw-collector: Collects endpoint software events
2017-07-08 23:19:51 +02:00
3a7c594c14
imv-swima: Created SWIMA IMV plugin
2017-07-08 23:19:51 +02:00
2821c0f740
imc-swima: Created SWIMA IMC plugin
2017-07-08 23:19:51 +02:00
1aba82bfd7
eap-aka-3gpp: Add plugin that implements 3GPP MILENAGE algorithm in software
...
This is similar to the eap-aka-3gpp2 plugin. K (optionally concatenated
with OPc) may be configured as binary EAP secret in ipsec.secrets or
swanctl.conf.
Based on a patch by Thomas Strangert.
Fixes #2326 .
2017-07-05 10:03:38 +02:00
967e13bfb5
conf: Remove snippet for aikpub2
2017-03-23 18:29:18 +01:00
2b233c8a64
The tpm plugin offers random number generation
...
The tpm plugin can be used to derive true random numbers from a
TPM 2.0 device. The get_random method must be explicitly enabled
in strongswan.conf with the plugin.tpm.use_rng = yes option.
2017-03-20 21:16:10 +01:00
d1317adb9a
addrblock: Support an optional non-strict mode accepting certs without addrblock
...
This allows a gateway to enforce the addrblock policy on certificates that
actually have the extension only. For (legacy) certificates not having the
extension, traffic selectors are validated/narrowed by other means, most
likely by the configuration.
2017-03-02 08:24:02 +01:00
0aabfe0780
bypass-lan: Allow ignoring or only considering subnets of specific interfaces
...
The config can also be reloaded by sending a SIGHUP to charon.
2017-02-08 10:38:28 +01:00
e3f63c6469
revocation: OCSP and/or CRL fetching can be disabled
2016-12-30 18:12:53 +01:00
97c74b565b
nm: Make global CA directory configurable
2016-10-04 10:27:35 +02:00
36bf2b1bc5
conf: aikpub2.opt added to Makefile.am
2016-08-25 13:22:51 +02:00
276acafa2d
p-cscf: Make sending requests configurable and disable it by default
2016-03-10 11:57:38 +01:00
486d7b2671
conf: Add documentation for new osx-attr option
2015-08-28 15:49:58 +02:00
6a3d035505
Added imc-hcd attributes to strongswan.conf
2015-08-18 21:25:39 +02:00
79b5a33c11
imv_policy_manager: Added capability to execute an allow or block shell command string
2015-04-26 10:55:24 +02:00
96e6130537
kernel-pfkey: Add option to set receive buffer size of event socket
...
If many requests are sent to the kernel the events generated by these
requests may fill the receive buffer before the daemon is able to read
these messages.
Fixes #783 .
2015-03-06 16:45:22 +01:00
c2aca9eed2
Implemented improved BLISS-B signature algorithm
2015-02-25 21:45:34 +01:00
ed14d3ebe4
forecast: Document strongswan.conf options
2015-02-20 16:34:55 +01:00
b2c1973ffb
ext-auth: Add an ext-auth plugin invoking an external authorization script
...
Original patch courtesy of Vyronas Tsingaras.
2014-10-06 18:30:46 +02:00
0efea2fd86
Don't fail to install if sysconfdir isn't writable
2014-09-26 10:52:37 +02:00
e2d9f27c19
systemd: Add a native systemd journal logger
2014-09-22 14:19:37 +02:00
38f27e172c
conf: Document swanctl options
2014-06-30 13:25:13 +02:00
4d066ef7fc
conf: Document aikgen options
2014-06-30 13:25:13 +02:00
3986c1e3fd
autoconf: Replace --disable-tools option with --disable-scepclient
...
Since using a separate option for pki this was the only tool that was still
enabled by that option.
2014-06-30 13:25:13 +02:00
566d1a90cd
Remove kernel-klips plugin
2014-06-19 14:20:33 +02:00
b70849ada2
configure: Separate pki from --disable-tools
...
While pki builds and runs just fine on Windows, this is not true for scepclient.
2014-06-04 15:53:08 +02:00
bfd8f8c5fe
Updated IMC/IMV entries in strongswan.conf man page
2014-05-31 20:37:57 +02:00
7dbf9e1574
vici: Document strongswan.conf options
2014-05-07 14:13:38 +02:00
bd1c9f1eac
conf: Fix out-of-tree build from distribution
...
It worked from the repository, where strongswan.conf.5.main is generated
in the build dir, but not from the distribution where it is located in
the source dir, so explicitly create it in the source dir.
2014-02-27 12:02:13 +01:00
5645ad2976
conf: Fix installation on FreeBSD
...
Apparently, the -t option for install is not portable.
2014-02-13 13:53:25 +01:00
03650d5a2d
conf: The use of $^ is not portable
...
Generating strongswan.conf.5.main in a subshell gets the file
properly written to the builddir in out-of-tree builds.
2014-02-13 11:47:02 +01:00
efce4559e8
conf: Install config files world-readable but warn about permissions for certain options
2014-02-12 15:16:57 +01:00
7573a7ed56
conf: Only install config snippets for enabled components
2014-02-12 14:34:34 +01:00
ff94fe157a
conf: Document options of other programs
2014-02-12 14:34:34 +01:00
5ac757872b
conf: Document options of plugins in libpts
2014-02-12 14:34:34 +01:00
bf3f4bf7a2
conf: Document libimcv options
2014-02-12 14:34:34 +01:00
4576f7f960
conf: Document libtnccs options
2014-02-12 14:34:34 +01:00
d56a23c515
conf: Create automatically generated config snippets in build dir
2014-02-12 14:34:34 +01:00
7f535b3938
conf: Install config snippets in /usr/share/strongswan/templates/config too
2014-02-12 14:34:34 +01:00
6a2de77f2e
conf: Only install config snippets if they don't exist yet
2014-02-12 14:34:34 +01:00
828815b0d8
conf: Options of all plugins documented
...
Some options are still missing descriptions though.
2014-02-12 14:34:34 +01:00
René Fischer