Tobias Brunner
f8a362bfbc
bypass-lan: Add plugin that installs bypass policies for locally attached subnets
2017-02-08 10:38:28 +01:00
Andreas Steffen
9ad147ac63
Version bump to 5.5.2dr4
2017-01-02 15:46:27 +01:00
Andreas Steffen
65797c9faf
Version bump to 5.5.2dr3 and Linux kernel 4.9
2016-12-17 18:10:13 +01:00
Tobias Brunner
016228c158
configure: Check for actual functions in libraries with AC_CHECK_LIB
...
Checking for `main` produces code like this in the test program:
int
main ()
{
return main ();
;
return 0;
}
This recursive call results in a warning message with some compilers (e.g.
Clang in newer Xcode versions: "all paths through this function will call
itself [-Winfinite-recursion]"), which lets the tests fail when compiling
with -Werror.
2016-12-02 16:56:13 +01:00
Andreas Steffen
011195f1a9
Version bump to 5.5.2dr2
2016-11-14 16:20:51 +01:00
Tobias Brunner
9d170c18bc
configure: Enable curve25519 plugin by default
2016-11-14 16:20:51 +01:00
Martin Willi
7f9bfacd5a
curve25519: Add a plugin providing Curve25519 DH using backend drivers
2016-11-14 16:20:51 +01:00
Andreas Steffen
4a97999466
Version bump to 5.5.2dr1
2016-10-30 17:34:05 +01:00
Andreas Steffen
e6a4bd83ff
Version bump to 5.5.1
2016-10-20 12:57:00 +02:00
Andreas Steffen
4d77fcbec9
Version bump to 5.5.1rc2
2016-10-18 18:14:57 +02:00
Tobias Brunner
ede17556ad
configure: Reorder mgf1 in list of crypto plugins
2016-10-18 11:44:30 +02:00
Andreas Steffen
a617223ed5
Version bump to 5.5.1rc1
2016-10-11 19:21:36 +02:00
Andreas Steffen
6b3e408ba5
Version bump to 5.5.1dr5
2016-09-22 17:36:37 +02:00
Andreas Steffen
e31ed9ab98
Version bump to 5.5.1dr4
2016-09-21 14:14:42 +02:00
Andreas Steffen
188b190a70
mgf1: Refactored MGF1 as an XOF
2016-09-21 06:40:52 +02:00
Tobias Brunner
d8f27ba679
maemo: Remove unused plugin
2016-09-15 18:33:52 +02:00
Andreas Steffen
8aaa6de322
Version bump to 5.5.1dr3
2016-09-15 11:45:17 +02:00
Andreas Steffen
d2577aa3c5
Version bump to 5.5.1dr2
2016-08-26 22:55:41 +02:00
Tobias Brunner
6e19a1f5f2
configure: Improve check for built-in __atomic_* functions
...
With AC_SEARCH_LIBS() we don't succeed if the searched function is a
built-in as the check uses the wrong signature so the built-in will not
be applied (the warning issued by GCC is "conflicting types for built-in
function '...'"). So even if not required, libatomic will be linked if
it is found, which could be problematic if compiling on a separate host
and the target host does not have libatomic installed.
Also, some tests showed that it's more likely that __atomic_and_fetch()
requires linking libatomic than __atomic_load_n() does.
References #1533 .
2016-08-26 09:59:01 +02:00
Tobias Brunner
603a1d3c8f
utils: Fix definition of BYTE_ORDER with MinGW
2016-08-24 10:40:57 +02:00
Andreas Steffen
5afaf0dba2
Version bump to 5.5.1dr1
2016-08-10 18:11:53 +02:00
Andreas Steffen
1342bd3386
unit-tests: Created newhope unit-tests
2016-08-10 14:22:00 +02:00
Andreas Steffen
393688aea0
Created newhope plugin implementing the New Hope key exchange algorithm
2016-08-10 14:22:00 +02:00
Andreas Steffen
d305f251a5
Created libnttfft
...
This makes Number Theoretic Transforms (NTT) based on the efficient
Fast-Fourier-Transform (FFT) available to multiple plugins.
2016-07-29 12:36:15 +02:00
Andreas Steffen
0274163674
libtpmtss: Use pkconfig to configure TSS 2.0 includes and libraries
2016-07-20 11:26:07 +02:00
Andreas Steffen
74de8c3727
Version bump to 5.5.0
2016-07-13 13:26:16 +02:00
Andreas Steffen
8fafbffdb7
Version bump to 5.5.0rc1
2016-06-30 16:28:28 +02:00
Tobias Brunner
aaa37f590d
configure: Enable respective TSS if aikgen/-pub2 are enabled
2016-06-28 11:30:20 +02:00
Andreas Steffen
6a24637dcb
Version bump to 5.5.0dr1
2016-06-26 20:11:30 +02:00
Andreas Steffen
30d4989aec
libimcv: migrate pts to tpm_tss
2016-06-22 15:33:44 +02:00
Andreas Steffen
c08753bdf4
Created libtpmtss library handling access to v1.2 and v2.0 TPMs
2016-06-22 15:33:43 +02:00
Andreas Steffen
87d356dc47
aikpub2: Convert TSS 2.0 AIK public key blob into PKCS#1 format
2016-06-22 15:33:43 +02:00
Tobias Brunner
a35ee9f402
Revert "configure: Cache result of pthread_condattr_setclock() check"
...
This reverts commit 8d79bfa831
as it does
not provide any advantage over setting ac_cv_func_pthread_condattr_setclock=no.
References #1502 .
2016-06-17 15:04:17 +02:00
Tobias Brunner
8d79bfa831
configure: Cache result of pthread_condattr_setclock() check
...
Even if not using caching when running the configure script (-C) this
allows pre-defining the result by setting the environment variable
ss_cv_func_pthread_condattr_setclock_monotonic=yes|no|unknown
before/while running the script.
As the check requires running a test program this might be helpful
when cross-compiling to disable using monotonic time if
pthread_condattr_setclock() is defined but not actually usable with
CLOCK_MONOTONIC.
References #1502 .
2016-06-17 11:36:48 +02:00
Tobias Brunner
e827e78483
configure: Fix typo in pthread_condattr_setclock() check
2016-06-17 11:36:46 +02:00
Martin Willi
518a5b2ece
configure: Check for and explicitly link against -latomic
...
Some C libraries, such as uClibc, require an explicit link for some atomic
functions. Check for any libatomic, and explcily link it.
2016-06-14 14:27:20 +02:00
Martin Willi
989db1bf2f
configure: Check for a potential -lpthread by using -ldl
...
Some pthread library variants depend on libdl, hence we must pass such a
library to successfully build against libpthread.
2016-05-18 14:46:20 +02:00
Andreas Steffen
1aeaccad11
Version bump to 5.4.1dr4
2016-05-13 12:49:52 +02:00
Tobias Brunner
5d5ecd8e72
vici: Replace dr with dev in version numbers for the Python egg
...
The versioning scheme used by Python (PEP 440) supports the rcN suffix
but development releases have to be named devN, not drN, which are
not supported and considered legacy versions.
2016-05-10 12:16:13 +02:00
Andreas Steffen
26aa9c638d
Version bump to 5.4.1dr3
2016-05-08 09:06:16 +02:00
Andreas Steffen
ab1cebda3a
Version bump to 5.4.1dr2
2016-05-06 22:29:32 +02:00
Tobias Brunner
e8c73c1cf0
configure: Replace two remaining usages of AC_HAVE_LIBRARY with AC_CHECK_LIB
2016-04-15 10:31:19 +02:00
Andreas Steffen
c407f163e6
Version bump to 5.4.1dr1
2016-04-11 10:24:12 +02:00
Andreas Steffen
7a117eeaec
Version bump to 5.4.0
2016-03-22 11:20:36 +01:00
Tobias Brunner
12ac5fac1a
p-cscf: Add plugin stub
2016-03-10 11:57:38 +01:00
Andreas Steffen
724f590711
Version bump to 5.4.0rc1
2016-03-05 18:18:12 +01:00
Andreas Steffen
fe1f915b07
Version bump to 5.4.0dr8
2016-03-04 20:55:55 +01:00
Thomas Egerer
8ea4cb3e5d
thread: Allow thread ID to be value returned by gettid()
...
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2016-03-04 09:12:11 +01:00
Tobias Brunner
28649f6d91
libhydra: Remove empty unused library
2016-03-03 17:36:11 +01:00
Tobias Brunner
dec9e1957f
libhydra: Move all kernel plugins to libcharon
2016-03-03 17:36:11 +01:00
Andreas Steffen
794cfbad71
Version bump to 5.4.0dr7
2016-02-28 15:56:06 +01:00
Andreas Steffen
fc0f8466db
Version bump to 5.4.0dr6
2016-02-16 18:17:44 +01:00
Andreas Steffen
927f733159
Version bump to 5.4.0dr5
2016-01-28 09:41:05 +01:00
Andreas Steffen
9492e12e61
Version bump to 5.4.0dr4
2016-01-10 01:39:08 +01:00
Andreas Steffen
1990eeebfe
Version bump to 5.4.0dr3
2016-01-03 06:28:49 +01:00
Chris Patterson
b15f987ddd
configure: Support systemd >= 209
...
libsystemd-journal and libsystemd-daemon are now just
part of libsystemd.
Keep original systemd checks as a fallback.
Updates charon-systemd/Makefile.am accordingly.
Tested on:
- debian wheezy (systemd v44)
- ubuntu 15.10 (systemd v255).
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Closes strongswan/strongswan#24 .
2015-12-21 11:53:31 +01:00
Andreas Steffen
6943db5679
Version bump to 5.4.0dr2
2015-12-18 15:25:50 +01:00
Andreas Steffen
2d9c68b8a8
configure: Enable vici plugin and swanctl by default
2015-12-17 17:49:48 +01:00
Tobias Brunner
020d8c8f26
configure: Fix typo when enabling CPAN modules as dependency
...
Fixes: a17b6d469c
("Built the CPAN file structure for the Vici::Session perl module")
2015-12-14 11:49:51 +01:00
Andreas Steffen
5e2b740a00
128 bit default security strength requires 3072 bit prime DH group
2015-12-14 10:39:40 +01:00
Martin Willi
2b39da2634
configure: Link against potential -ldl when checking for OpenSSL libcrypto
2015-12-04 08:02:03 +01:00
Andreas Steffen
fc235f90fe
Version bump to 5.4.0dr1
2015-12-01 15:06:23 +01:00
Andreas Steffen
a17b6d469c
Built the CPAN file structure for the Vici::Session perl module
2015-12-01 14:52:43 +01:00
Andreas Steffen
a101bce862
Implement vici Perl binding
2015-12-01 14:52:43 +01:00
Andreas Steffen
66021f7263
Version bump to 5.3.5
2015-11-26 09:56:10 +01:00
Andreas Steffen
8e9adf3d09
Version bump to 5.4.0dr1
2015-11-16 16:36:50 +01:00
Andreas Steffen
722714bdfe
Version bump to 5.3.4
2015-11-16 13:22:25 +01:00
Tobias Brunner
ef4279f2e5
utils: Provide a fallback for sigwaitinfo() if needed
...
Apparently, not available on Mac OS X 10.10 Yosemite. We don't provide
this on Windows.
2015-11-13 18:24:45 +01:00
Andreas Steffen
bec682e1da
Version bump to 5.3.4rc1
2015-11-13 12:18:28 +01:00
Andreas Steffen
0748517582
Version bump to 5.3.4dr3
2015-11-10 16:54:38 +01:00
Tobias Brunner
32ebb56c5b
configure: Load sha1 and random plugins in manager by default
...
If the openssl plugin is not enabled we need these to generate session
IDs and to authenticate the users.
The md4 plugin is not needed in the manager.
Fixes #1168 .
2015-11-09 11:03:47 +01:00
Andreas Steffen
f1f7134ecb
Version bump to 5.3.4dr2
2015-11-06 16:07:04 +01:00
Andreas Steffen
6590298dad
Version bump to 5.3.4dr1
2015-11-04 19:42:17 +01:00
Andreas Steffen
a488584b5f
Implemented SHA-3 hash algorithm including test vectors
2015-11-03 21:35:09 +01:00
Andreas Steffen
a215008c11
Version bump to 5.3.3
2015-09-06 15:05:36 +02:00
Andreas Steffen
01604016f7
Version bump to 5.3.3rc2
2015-09-01 13:16:43 +02:00
Andreas Steffen
5de8703ee0
Version bump to 5.3.3rc1
2015-08-25 15:10:13 +02:00
Andreas Steffen
46686372c6
Version bump to 5.3.3dr6
2015-08-19 07:18:30 +02:00
Andreas Steffen
b48ffcb1b3
Implemented HCD IMC and IMV
2015-08-18 21:25:38 +02:00
Tobias Brunner
6ef4668626
pki: Add --dn command to extract the subject DN of a certificate
2015-08-17 11:34:01 +02:00
Tobias Brunner
6d9cd1d66b
utils: Check for dirfd(3)
...
Not all POSIX compatible systems might provide it yet. If not, we close
the lowest FD to close and hope it gets reused by opendir().
2015-08-17 11:19:48 +02:00
Tobias Brunner
f25f4192c7
utils: Directly use syscall() to close open FDs in closefrom()
...
This avoids any allocations, since calling malloc() after fork() is
potentially unsafe.
Fixes #990 .
2015-08-17 11:19:44 +02:00
Andreas Steffen
cdd7d2b197
Version bump to 5.3.3dr5
2015-08-16 09:04:42 +02:00
Andreas Steffen
16c4dd8f26
Version bump to 5.3.3dr4
2015-08-10 07:48:14 +02:00
Tobias Brunner
3103c68210
configure: Explicitly disable unused parameter warnings in qsort_r test
...
When compiling with -Wextra (and without disabling these warnings
globally) the tests would otherwise fail due to the unused arguments in
the cmp() functions.
Fixes #1053 .
2015-08-04 19:08:30 +02:00
Andreas Steffen
e0d3a2a873
Version bump to 5.3.3dr3
2015-07-31 17:47:14 +02:00
Andreas Steffen
41458e3362
Version bump to 5.3.3dr2
2015-07-28 14:28:58 +02:00
Andreas Steffen
41aa7eb531
Version bump to 5.3.3dr1
2015-07-21 23:15:36 +02:00
Martin Willi
29e3544f1f
libipsec: Add a unit-test test runner
2015-07-12 13:54:08 +02:00
Martin Willi
42459b41f0
configure: Check if building against a x86/x64 architecture
...
This allows us to include compiler flags specific for them, such as MMX/SSE.
2015-06-29 17:32:14 +02:00
Martin Willi
370fb3feb0
chapoly: Provide a generic ChaCha20/Poly1305 AEAD supporting driver backends
2015-06-29 17:32:14 +02:00
Andreas Steffen
3ea5d437fb
Version bump to 5.3.2
2015-06-08 09:56:34 +02:00
Andreas Steffen
f284c17890
Version bump to 5.3.1
2015-06-01 09:50:48 +02:00
Andreas Steffen
d6b75c9563
List attribute request entries also during build
2015-05-24 09:17:29 +02:00
Tobias Brunner
f16f792e17
vici: Make installation of Ruby Gem and Python Egg optional
...
Installing them might not work well when building distro packages (e.g.
with DESTDIR installs). It might be easier to install them later with a
script in the distro package.
When building from source on the local system it could still be useful to
install the packages directly, which can be enabled with separate configure
options.
The main problem with DESTDIR installations of the Python Egg is that
easy_install creates or modifies a file called easy-install.pth in the
installation directory. So it's not actually possible to simply copy
the results in DESTDIR over to the actual system as that file would have
to be merged with any existing one.
Fixes #914 .
2015-05-21 17:22:01 +02:00
Andreas Steffen
17a2e00a31
Version bump to 5.3.1dr1
2015-04-24 11:35:42 +02:00
Martin Willi
78c04b5d4d
aesni: Provide a plugin stub for AES-NI instruction based crypto primitives
2015-04-15 11:35:26 +02:00
Martin Willi
036c7b63c0
configure: Check for __int128 type support
2015-04-14 12:03:40 +02:00
Andreas Steffen
ef5f96366e
Version bump to 5.3.0
2015-03-27 20:56:44 +01:00
Andreas Steffen
cf9befcba4
Version bump to 5.3.0rc1
2015-03-23 23:15:31 +01:00
Martin Willi
07302b2f7c
configure: Check optional py.test availability when building with python eggs
2015-03-18 13:59:15 +01:00
Martin Willi
2c8c52c4e2
vici: Include python package in distribution
2015-03-18 13:59:14 +01:00
Martin Willi
374b3db191
configure: Add --enable-python-eggs and --with-pythoneggdir options
...
Detect easy_install for Python egg installation to install any egg we provide
in strongSwan.
2015-03-18 13:59:13 +01:00
Andreas Steffen
afc1b67344
Version bump to 5.3.0dr2
2015-03-16 17:15:58 +01:00
Tobias Brunner
1735d80f38
files: Add simple plugin to load files from file:// URIs
2015-03-09 16:08:52 +01:00
Tobias Brunner
4e92441d0c
Remove obsolete _updown_espmark script
...
According to NEWS it was created to support kernels < 2.6.16.
2015-03-06 16:51:50 +01:00
Andreas Steffen
c6595222d6
Version bump to 5.3.0dr1
2015-02-26 09:12:54 +01:00
Tobias Brunner
89b60e9fd7
configure: Use pkg-config to detect libiptc used by connmark/forecast
...
This ensures the library is available. On Debian/Ubuntu it is a dynamic
library provided by the iptables-dev package.
2015-02-23 12:35:28 +01:00
Martin Willi
e5ad2e6614
forecast: Add the broadcast/multicast forwarding plugin called forecast
2015-02-20 16:34:55 +01:00
Martin Willi
8c2290dcf9
connmark: Add a plugin stub
2015-02-20 15:33:59 +01:00
Martin Willi
124490a8e0
unit-tester: Drop the old unit-tester libcharon plugin
...
While it has some tests that we don't directly cover with the new unit tests,
most of them require special infrastructure and therefore have not been used
for a long time.
2015-02-20 13:34:55 +01:00
Martin Willi
1f29cd2c5d
libcharon: Add a test runner
2015-02-20 13:34:55 +01:00
Martin Willi
82e4b83378
attr-sql: Move plugin to libcharon
2015-02-20 13:34:55 +01:00
Martin Willi
c6c7f97a1d
attr: Move plugin to libcharon
2015-02-20 13:34:54 +01:00
Martin Willi
6bfd1fbb71
resolve: Move plugin back to libcharon
...
Since pluto is gone, all existing users build upon libcharon.
2015-02-20 13:34:54 +01:00
Tobias Brunner
482810141c
configure: Load SQL backends after crypto plugins
...
If the MySQL client library is linked against OpenSSL the mysql plugin
will cause a segmentation fault when it is unloaded after the openssl
plugin has already been deinitialized. This is very similar to the issues
with curl (see 44b6a34d43
).
Fixes #814 .
2015-02-10 16:08:09 +01:00
Andreas Steffen
e9878d72db
Version bump to 5.2.2
2014-12-23 15:40:02 +01:00
Tobias Brunner
374b569ed0
pki: Add simple PKCS#12 display command
2014-12-12 13:11:29 +01:00
Tobias Brunner
a23d3073e3
pki: Load hmac plugin which is required to decrypt PKCS#12 containers
2014-12-12 13:11:29 +01:00
Andreas Steffen
dce6f69546
Version bump to 5.2.2rc1
2014-12-12 12:00:20 +01:00
Tobias Brunner
700df23886
bliss: Fix monolithic build
...
This requires moving test files so that the Makefile for the tests can be
included after building libstrongswan, which requires the plugin when
building monolithically. Due to this a static helper library is required
as directly referring to object files (or source files) is not possible.
It's also necessary to avoid any link-time dependency on libstrongswan in
bliss_huffman, to avoid circular dependencies (bliss_huffman -> libstrongswan
-> bliss -> bliss_huffman).
2014-12-12 12:00:20 +01:00
Andreas Steffen
32d19652f1
Version bump to 5.2.2dr1
2014-11-29 15:00:10 +01:00
Andreas Steffen
9d5b91d198
Created framework for BLISS post-quantum signature algorithm
2014-11-29 14:51:14 +01:00
Tobias Brunner
385d4486ba
libhydra: Add test runner
2014-10-30 12:32:44 +01:00
Andreas Steffen
4b1b91913a
Version bump to 5.2.1
2014-10-18 12:12:17 +02:00
Martin Willi
4e37bdbf57
kernel-pfroute: Check for RTM_IFANNOUNCE availability
...
This message is not available on OS X.
2014-10-14 16:33:10 +02:00
Martin Willi
f684be6583
vici: Use "gem"-assisted vici ruby gem building and installation
2014-10-10 11:42:17 +02:00
Martin Willi
409f1fc144
configure: Add global --enable-ruby-gems and --with-rubygemdir options
...
This provides the options to build and install ruby gems for components
providing them, such as vici.
2014-10-10 11:42:17 +02:00
Andreas Steffen
f83215bbdb
version bump to 5.2.1rc1
2014-10-06 23:14:13 +02:00
Martin Willi
b2c1973ffb
ext-auth: Add an ext-auth plugin invoking an external authorization script
...
Original patch courtesy of Vyronas Tsingaras.
2014-10-06 18:30:46 +02:00
Andreas Steffen
d6fb2cc6e3
Merged libpts into libimcv
2014-10-05 12:55:37 +02:00
Martin Willi
44b6a34d43
configure: Load fetcher plugins after crypto base plugins
...
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.
We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
2014-09-24 17:34:54 +02:00
Martin Willi
0097141858
init: Provide a service file for charon-systemd using swanctl
2014-09-22 14:19:38 +02:00
Martin Willi
b2f76c514d
systemd: Check if ./configure detected a systemd system unit directory
2014-09-22 14:19:38 +02:00
Martin Willi
db8ae75bf6
systemd: Discover and check systemd libraries with pkg-config during configure
2014-09-22 14:19:38 +02:00
Martin Willi
73ed38e74f
systemd: Provide a charon-systemd daemon targeting full systemd integration
2014-09-22 13:55:11 +02:00
Tobias Brunner
b04f40406d
configure: Add additional includes when checking for linux/fib_rules.h
...
This seems to be required on Cent OS 6.5.
2014-08-11 18:40:18 +02:00
Tobias Brunner
fafed376e7
imv-swid: Use pkg-config to check for libjson-c
...
The package/library is called libjson-c on recent distributions.
Some like Ubuntu 14.04 provide symlinks with the old name but these
will eventually disappear. Using pkg-config allows us to easily check
for it (with a fallback) and configure the proper compiler flags.
Fixes #663 .
2014-07-30 16:57:00 +02:00
Andreas Steffen
13ec4cf2ad
Version bump to 5.2.1dr1
2014-07-16 15:59:56 +02:00
Andreas Steffen
af494268fb
Version bump to 5.2.0
2014-07-08 15:24:31 +02:00
Tobias Brunner
38f27e172c
conf: Document swanctl options
2014-06-30 13:25:13 +02:00
Tobias Brunner
4d066ef7fc
conf: Document aikgen options
2014-06-30 13:25:13 +02:00
Tobias Brunner
3986c1e3fd
autoconf: Replace --disable-tools option with --disable-scepclient
...
Since using a separate option for pki this was the only tool that was still
enabled by that option.
2014-06-30 13:25:13 +02:00
Tobias Brunner
566d1a90cd
Remove kernel-klips plugin
2014-06-19 14:20:33 +02:00
Tobias Brunner
f245ac6cc0
starter: Add tests for ipsec.conf parser
2014-06-19 14:00:48 +02:00
Andreas Steffen
b16e177e06
Version bump to 5.2.0rc1
2014-06-15 11:40:15 +02:00
Martin Willi
bd19e27ae3
windows: Do not check if having clock_gettime()
...
Windows does not have it, but libwinpthread has. If this library is available
during build, it will be linked, which we prefer to avoid.
2014-06-06 15:34:12 +02:00
Andreas Steffen
9d228ddb04
Version bump to 5.2.0dr6
2014-06-06 11:18:17 +02:00
Martin Willi
f48c26bce3
pki: Support complex trustchain and revocation checking in --verify
2014-06-04 16:34:16 +02:00
Martin Willi
6f90fc8061
winhttp: Implement a http(s) fetcher based on Microsofts WinHTTP API
2014-06-04 16:34:15 +02:00
Martin Willi
00780f0238
kernel-iph: Add a stub for a Windows IP Helper based networking backend
2014-06-04 16:32:07 +02:00
Martin Willi
8d91eee3fc
kernel-wfp: Add a stub for a Windows Filtering Platform based IPsec backend
2014-06-04 16:32:05 +02:00
Martin Willi
fb0b539084
socket-win: Implement a Windows socket plugin using Winsock2
2014-06-04 16:31:09 +02:00
Martin Willi
3b7b806d27
windows: Compile with -mno-ms-bitfields if option not set explicitly
...
-mms-bitfields is the default in newer MinGWs, but it breaks
__attribute__((packed)).
2014-06-04 15:53:13 +02:00
Martin Willi
0ca8541564
configure: Fix attribute((packed)) test when using -Werror
2014-06-04 15:53:13 +02:00
Martin Willi
3ab6082a0f
configure: Mark conftest variable as unused to pass test with -Werror
...
When using -Werror, the warning for the unused variable would let the test fail,
even if in6addr_any is available.
2014-06-04 15:53:13 +02:00
Martin Willi
2d42dce4a4
configure: Don't use -rdynamic with the LLVM toolchain
2014-06-04 15:53:13 +02:00
Martin Willi
5cd28cd25a
pki: Provide a fallback if strptime() not supported
...
For simplicity, we support the default pki datetime format only, but optionally
accept four digit years for longer lifetimes.
2014-06-04 15:53:11 +02:00
Martin Willi
b70849ada2
configure: Separate pki from --disable-tools
...
While pki builds and runs just fine on Windows, this is not true for scepclient.
2014-06-04 15:53:08 +02:00
Martin Willi
4161ee6678
configure: Check if __attribute__((packed)) works as expected
...
This is really hard to detect if not, and is not unlikely. If -mms-bitfields
is given, the attribute does not work. Even worse, that switch is by default
on with GCC/MinGW 4.7+ for Windows targets.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52991
2014-06-04 15:53:08 +02:00
Martin Willi
ee2498e3d6
bus: Build syslog logger depending on syslog() availability
2014-06-04 15:53:05 +02:00
Martin Willi
8e1c0d15a9
mysql: Add Windows support
...
As the mysql_config script is not available for Windows, we use a hardcoded
library name and no additional CFLAGS. This builds fine against the binary
MySQL Connector/C distribution.
2014-06-04 15:53:04 +02:00
Martin Willi
df4341747c
charon-svc: Implement a Windows IKE service using libcharon
...
The resulting binary can be either run as Windows service or directly as
console application.
2014-06-04 15:53:04 +02:00
Martin Willi
b9dca7057c
filelog: Ignore flush_line option if setlinebuf() not supported
2014-06-04 15:53:04 +02:00
Martin Willi
c6503d451a
charon: Don't use syslog() if not supported
2014-06-04 15:53:03 +02:00
Martin Willi
396baeaea2
windows: Never link to libpthread
2014-06-04 15:53:03 +02:00
Martin Willi
b7a4d44bd0
openssl: Check and link against libeay32 instead of libcrypto on Windows
...
Most Windows OpenSSL builds come with the crypto library named libeay32.
2014-06-04 15:53:02 +02:00
Martin Willi
4163421f91
plugins: Don't link with -rdynamic on Windows
2014-06-04 15:53:02 +02:00
Martin Willi
a7e943a640
backtrace: Add DbgHelp based Windows support for creating/printing backtraces
2014-06-04 15:52:57 +02:00
Martin Willi
ce24e0d3e5
configure.ac: Define USE_WINDOWS for Automake when building for Windows
2014-06-03 12:24:34 +02:00
Andreas Steffen
bee82725eb
Check for libjson
2014-05-31 20:37:56 +02:00
Andreas Steffen
e2c9f6ce04
Version bump to 5.2.0dr5
2014-05-31 20:37:26 +02:00
Andreas Steffen
6becc59dc8
Version bump to 5.2.0dr4
2014-05-14 09:57:08 +02:00
Andreas Steffen
92b5626055
Version bump to 5.2.0dr3
2014-05-12 07:39:33 +02:00
Martin Willi
85d26e0c87
swanctl: Add a swanctl command overview manpage
2014-05-07 15:48:17 +02:00
Tobias Brunner
b18191ba0f
swanctl: Generate swanctl.conf(5) man page
2014-05-07 15:48:16 +02:00
Martin Willi
7c8a907895
swanctl: Use a ./configure-able swanctl base directory
2014-05-07 15:48:14 +02:00
Martin Willi
e381e69f9b
swanctl: Add a stub for a vici based configuration and control utility
2014-05-07 15:48:10 +02:00
Martin Willi
6770cfe34a
vici: Add a plugin stub for the "Versatile IKE Control Interface" plugin
2014-05-07 14:13:34 +02:00
Tobias Brunner
a0c2370ea5
utils: Enable __atomic* built-ins based on the GCC version
...
This solves a problem with GNAT when compiling charon-tkm as __atomic*
built-ins are only provided in GCC 4.7 and newer.
Currently GNAT 4.6 and GCC 4.7.2 is shipped with Debian wheezy (stable),
as used in the testing environment. So while the configure script correctly
detected the __atomic* built-ins, and defined HAVE_GCC_ATOMIC_OPERATIONS,
this define turned out to be incorrect when charon-tkm was later built
with GNAT.
2014-05-04 19:16:46 +02:00
Andreas Steffen
9be1c8d175
aikgen generates AIK private/public key pairs
...
aikgen outputs a binary AIK private key blob and the AIK public key.
Optionally the Identity Request encrypted with the public key of
the Privacy CA can be output.
2014-05-03 15:28:17 +02:00
Andreas Steffen
f2eb226653
Version bump to 5.2.0dr2
2014-04-27 19:15:11 +02:00
Tobias Brunner
0f603d425d
utils: Use GCC's __atomic built-ins if available
...
These are available since GCC 4.7 and will eventually replace the __sync
operations. They support the memory model defined by C++11. For instance,
by using __ATOMIC_RELAXED for some operations on the reference counters we
can avoid memory barriers, which are required by __sync operations (whose
memory model essentially is __ATOMIC_SEQ_CST).
2014-04-24 17:54:14 +02:00
Andreas Steffen
6d1b4b6baf
Version bump to 5.2.0dr1
2014-04-15 09:20:38 +02:00
Andreas Steffen
266fcdce2b
Version bump to 5.1.3
2014-04-14 15:18:38 +02:00
Martin Willi
c0efaaebe3
tls: Create a unit-test runner
2014-04-01 14:28:55 +02:00
Martin Willi
dbd4fc074a
openac: Remove obsolete openac utility
...
The same functionality is now provided by the pki --acert subcommand.
2014-03-31 11:39:25 +02:00
Martin Willi
5ac0e66879
acert: Implement a plugin finding, validating and evaluating attribute certs
...
This validator checks for any attribute certificate it can find for validated
end entity certificates and tries to extract group membership information
used for connection authorization rules.
2014-03-31 11:14:58 +02:00
Martin Willi
6e8c665a51
pki: Add acert and extend pki/print manpages
2014-03-31 11:14:58 +02:00
Andreas Steffen
045f25fc81
Version bump to 5.1.3rc1
2014-03-26 22:00:00 +01:00
Tobias Brunner
4ffe02a75d
configure: Add an option to select a specific printf hook implementation
2014-03-20 15:49:05 +01:00
Tobias Brunner
0e6f3a380a
configure: Add an option to enable all optional features/plugins
...
This has probably no real practical use, but it simplifies testing.
2014-03-20 15:29:27 +01:00
Tobias Brunner
1c26ce2dc3
configure: Reorder and group feature options
2014-03-20 15:29:27 +01:00
Andreas Steffen
9483f8ec59
Version bump to 5.1.3dr1
2014-03-07 21:56:34 +01:00
Tobias Brunner
af15c71bfb
configure: Fix autoreconf with older autotools
...
Older autoconf versions (e.g. on CentOS 6.5) produce an empty else block
for the removed empty argument, which the shell then trips over when
executing ./configure.
Fixes #536 .
2014-03-03 17:14:26 +01:00
Andreas Steffen
1d252e9dec
Version bump to 5.1.2
2014-02-27 22:46:52 +01:00
Tobias Brunner
2ed241aeb3
utils: Add memrchr(3) replacement for platforms that don't support it
...
For instance, on Mac OS X memrchr(3) is not provided by the C library.
2014-02-26 11:05:07 +01:00
Andreas Steffen
8f57961f4c
Version bump to 5.1.2rc2
2014-02-17 12:02:23 +01:00
Tobias Brunner
7573a7ed56
conf: Only install config snippets for enabled components
2014-02-12 14:34:34 +01:00
Tobias Brunner
c4bb26b849
conf: Split strongswan.conf(5) man page and use generated snippet
2014-02-12 14:34:33 +01:00