Andreas Steffen
794cfbad71
Version bump to 5.4.0dr7
2016-02-28 15:56:06 +01:00
Andreas Steffen
fc0f8466db
Version bump to 5.4.0dr6
2016-02-16 18:17:44 +01:00
Andreas Steffen
927f733159
Version bump to 5.4.0dr5
2016-01-28 09:41:05 +01:00
Andreas Steffen
9492e12e61
Version bump to 5.4.0dr4
2016-01-10 01:39:08 +01:00
Andreas Steffen
1990eeebfe
Version bump to 5.4.0dr3
2016-01-03 06:28:49 +01:00
Chris Patterson
b15f987ddd
configure: Support systemd >= 209
...
libsystemd-journal and libsystemd-daemon are now just
part of libsystemd.
Keep original systemd checks as a fallback.
Updates charon-systemd/Makefile.am accordingly.
Tested on:
- debian wheezy (systemd v44)
- ubuntu 15.10 (systemd v255).
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Closes strongswan/strongswan#24 .
2015-12-21 11:53:31 +01:00
Andreas Steffen
6943db5679
Version bump to 5.4.0dr2
2015-12-18 15:25:50 +01:00
Andreas Steffen
2d9c68b8a8
configure: Enable vici plugin and swanctl by default
2015-12-17 17:49:48 +01:00
Tobias Brunner
020d8c8f26
configure: Fix typo when enabling CPAN modules as dependency
...
Fixes: a17b6d469c
("Built the CPAN file structure for the Vici::Session perl module")
2015-12-14 11:49:51 +01:00
Andreas Steffen
5e2b740a00
128 bit default security strength requires 3072 bit prime DH group
2015-12-14 10:39:40 +01:00
Martin Willi
2b39da2634
configure: Link against potential -ldl when checking for OpenSSL libcrypto
2015-12-04 08:02:03 +01:00
Andreas Steffen
fc235f90fe
Version bump to 5.4.0dr1
2015-12-01 15:06:23 +01:00
Andreas Steffen
a17b6d469c
Built the CPAN file structure for the Vici::Session perl module
2015-12-01 14:52:43 +01:00
Andreas Steffen
a101bce862
Implement vici Perl binding
2015-12-01 14:52:43 +01:00
Andreas Steffen
66021f7263
Version bump to 5.3.5
2015-11-26 09:56:10 +01:00
Andreas Steffen
8e9adf3d09
Version bump to 5.4.0dr1
2015-11-16 16:36:50 +01:00
Andreas Steffen
722714bdfe
Version bump to 5.3.4
2015-11-16 13:22:25 +01:00
Tobias Brunner
ef4279f2e5
utils: Provide a fallback for sigwaitinfo() if needed
...
Apparently, not available on Mac OS X 10.10 Yosemite. We don't provide
this on Windows.
2015-11-13 18:24:45 +01:00
Andreas Steffen
bec682e1da
Version bump to 5.3.4rc1
2015-11-13 12:18:28 +01:00
Andreas Steffen
0748517582
Version bump to 5.3.4dr3
2015-11-10 16:54:38 +01:00
Tobias Brunner
32ebb56c5b
configure: Load sha1 and random plugins in manager by default
...
If the openssl plugin is not enabled we need these to generate session
IDs and to authenticate the users.
The md4 plugin is not needed in the manager.
Fixes #1168 .
2015-11-09 11:03:47 +01:00
Andreas Steffen
f1f7134ecb
Version bump to 5.3.4dr2
2015-11-06 16:07:04 +01:00
Andreas Steffen
6590298dad
Version bump to 5.3.4dr1
2015-11-04 19:42:17 +01:00
Andreas Steffen
a488584b5f
Implemented SHA-3 hash algorithm including test vectors
2015-11-03 21:35:09 +01:00
Andreas Steffen
a215008c11
Version bump to 5.3.3
2015-09-06 15:05:36 +02:00
Andreas Steffen
01604016f7
Version bump to 5.3.3rc2
2015-09-01 13:16:43 +02:00
Andreas Steffen
5de8703ee0
Version bump to 5.3.3rc1
2015-08-25 15:10:13 +02:00
Andreas Steffen
46686372c6
Version bump to 5.3.3dr6
2015-08-19 07:18:30 +02:00
Andreas Steffen
b48ffcb1b3
Implemented HCD IMC and IMV
2015-08-18 21:25:38 +02:00
Tobias Brunner
6ef4668626
pki: Add --dn command to extract the subject DN of a certificate
2015-08-17 11:34:01 +02:00
Tobias Brunner
6d9cd1d66b
utils: Check for dirfd(3)
...
Not all POSIX compatible systems might provide it yet. If not, we close
the lowest FD to close and hope it gets reused by opendir().
2015-08-17 11:19:48 +02:00
Tobias Brunner
f25f4192c7
utils: Directly use syscall() to close open FDs in closefrom()
...
This avoids any allocations, since calling malloc() after fork() is
potentially unsafe.
Fixes #990 .
2015-08-17 11:19:44 +02:00
Andreas Steffen
cdd7d2b197
Version bump to 5.3.3dr5
2015-08-16 09:04:42 +02:00
Andreas Steffen
16c4dd8f26
Version bump to 5.3.3dr4
2015-08-10 07:48:14 +02:00
Tobias Brunner
3103c68210
configure: Explicitly disable unused parameter warnings in qsort_r test
...
When compiling with -Wextra (and without disabling these warnings
globally) the tests would otherwise fail due to the unused arguments in
the cmp() functions.
Fixes #1053 .
2015-08-04 19:08:30 +02:00
Andreas Steffen
e0d3a2a873
Version bump to 5.3.3dr3
2015-07-31 17:47:14 +02:00
Andreas Steffen
41458e3362
Version bump to 5.3.3dr2
2015-07-28 14:28:58 +02:00
Andreas Steffen
41aa7eb531
Version bump to 5.3.3dr1
2015-07-21 23:15:36 +02:00
Martin Willi
29e3544f1f
libipsec: Add a unit-test test runner
2015-07-12 13:54:08 +02:00
Martin Willi
42459b41f0
configure: Check if building against a x86/x64 architecture
...
This allows us to include compiler flags specific for them, such as MMX/SSE.
2015-06-29 17:32:14 +02:00
Martin Willi
370fb3feb0
chapoly: Provide a generic ChaCha20/Poly1305 AEAD supporting driver backends
2015-06-29 17:32:14 +02:00
Andreas Steffen
3ea5d437fb
Version bump to 5.3.2
2015-06-08 09:56:34 +02:00
Andreas Steffen
f284c17890
Version bump to 5.3.1
2015-06-01 09:50:48 +02:00
Andreas Steffen
d6b75c9563
List attribute request entries also during build
2015-05-24 09:17:29 +02:00
Tobias Brunner
f16f792e17
vici: Make installation of Ruby Gem and Python Egg optional
...
Installing them might not work well when building distro packages (e.g.
with DESTDIR installs). It might be easier to install them later with a
script in the distro package.
When building from source on the local system it could still be useful to
install the packages directly, which can be enabled with separate configure
options.
The main problem with DESTDIR installations of the Python Egg is that
easy_install creates or modifies a file called easy-install.pth in the
installation directory. So it's not actually possible to simply copy
the results in DESTDIR over to the actual system as that file would have
to be merged with any existing one.
Fixes #914 .
2015-05-21 17:22:01 +02:00
Andreas Steffen
17a2e00a31
Version bump to 5.3.1dr1
2015-04-24 11:35:42 +02:00
Martin Willi
78c04b5d4d
aesni: Provide a plugin stub for AES-NI instruction based crypto primitives
2015-04-15 11:35:26 +02:00
Martin Willi
036c7b63c0
configure: Check for __int128 type support
2015-04-14 12:03:40 +02:00
Andreas Steffen
ef5f96366e
Version bump to 5.3.0
2015-03-27 20:56:44 +01:00
Andreas Steffen
cf9befcba4
Version bump to 5.3.0rc1
2015-03-23 23:15:31 +01:00
Martin Willi
07302b2f7c
configure: Check optional py.test availability when building with python eggs
2015-03-18 13:59:15 +01:00
Martin Willi
2c8c52c4e2
vici: Include python package in distribution
2015-03-18 13:59:14 +01:00
Martin Willi
374b3db191
configure: Add --enable-python-eggs and --with-pythoneggdir options
...
Detect easy_install for Python egg installation to install any egg we provide
in strongSwan.
2015-03-18 13:59:13 +01:00
Andreas Steffen
afc1b67344
Version bump to 5.3.0dr2
2015-03-16 17:15:58 +01:00
Tobias Brunner
1735d80f38
files: Add simple plugin to load files from file:// URIs
2015-03-09 16:08:52 +01:00
Tobias Brunner
4e92441d0c
Remove obsolete _updown_espmark script
...
According to NEWS it was created to support kernels < 2.6.16.
2015-03-06 16:51:50 +01:00
Andreas Steffen
c6595222d6
Version bump to 5.3.0dr1
2015-02-26 09:12:54 +01:00
Tobias Brunner
89b60e9fd7
configure: Use pkg-config to detect libiptc used by connmark/forecast
...
This ensures the library is available. On Debian/Ubuntu it is a dynamic
library provided by the iptables-dev package.
2015-02-23 12:35:28 +01:00
Martin Willi
e5ad2e6614
forecast: Add the broadcast/multicast forwarding plugin called forecast
2015-02-20 16:34:55 +01:00
Martin Willi
8c2290dcf9
connmark: Add a plugin stub
2015-02-20 15:33:59 +01:00
Martin Willi
124490a8e0
unit-tester: Drop the old unit-tester libcharon plugin
...
While it has some tests that we don't directly cover with the new unit tests,
most of them require special infrastructure and therefore have not been used
for a long time.
2015-02-20 13:34:55 +01:00
Martin Willi
1f29cd2c5d
libcharon: Add a test runner
2015-02-20 13:34:55 +01:00
Martin Willi
82e4b83378
attr-sql: Move plugin to libcharon
2015-02-20 13:34:55 +01:00
Martin Willi
c6c7f97a1d
attr: Move plugin to libcharon
2015-02-20 13:34:54 +01:00
Martin Willi
6bfd1fbb71
resolve: Move plugin back to libcharon
...
Since pluto is gone, all existing users build upon libcharon.
2015-02-20 13:34:54 +01:00
Tobias Brunner
482810141c
configure: Load SQL backends after crypto plugins
...
If the MySQL client library is linked against OpenSSL the mysql plugin
will cause a segmentation fault when it is unloaded after the openssl
plugin has already been deinitialized. This is very similar to the issues
with curl (see 44b6a34d43
).
Fixes #814 .
2015-02-10 16:08:09 +01:00
Andreas Steffen
e9878d72db
Version bump to 5.2.2
2014-12-23 15:40:02 +01:00
Tobias Brunner
374b569ed0
pki: Add simple PKCS#12 display command
2014-12-12 13:11:29 +01:00
Tobias Brunner
a23d3073e3
pki: Load hmac plugin which is required to decrypt PKCS#12 containers
2014-12-12 13:11:29 +01:00
Andreas Steffen
dce6f69546
Version bump to 5.2.2rc1
2014-12-12 12:00:20 +01:00
Tobias Brunner
700df23886
bliss: Fix monolithic build
...
This requires moving test files so that the Makefile for the tests can be
included after building libstrongswan, which requires the plugin when
building monolithically. Due to this a static helper library is required
as directly referring to object files (or source files) is not possible.
It's also necessary to avoid any link-time dependency on libstrongswan in
bliss_huffman, to avoid circular dependencies (bliss_huffman -> libstrongswan
-> bliss -> bliss_huffman).
2014-12-12 12:00:20 +01:00
Andreas Steffen
32d19652f1
Version bump to 5.2.2dr1
2014-11-29 15:00:10 +01:00
Andreas Steffen
9d5b91d198
Created framework for BLISS post-quantum signature algorithm
2014-11-29 14:51:14 +01:00
Tobias Brunner
385d4486ba
libhydra: Add test runner
2014-10-30 12:32:44 +01:00
Andreas Steffen
4b1b91913a
Version bump to 5.2.1
2014-10-18 12:12:17 +02:00
Martin Willi
4e37bdbf57
kernel-pfroute: Check for RTM_IFANNOUNCE availability
...
This message is not available on OS X.
2014-10-14 16:33:10 +02:00
Martin Willi
f684be6583
vici: Use "gem"-assisted vici ruby gem building and installation
2014-10-10 11:42:17 +02:00
Martin Willi
409f1fc144
configure: Add global --enable-ruby-gems and --with-rubygemdir options
...
This provides the options to build and install ruby gems for components
providing them, such as vici.
2014-10-10 11:42:17 +02:00
Andreas Steffen
f83215bbdb
version bump to 5.2.1rc1
2014-10-06 23:14:13 +02:00
Martin Willi
b2c1973ffb
ext-auth: Add an ext-auth plugin invoking an external authorization script
...
Original patch courtesy of Vyronas Tsingaras.
2014-10-06 18:30:46 +02:00
Andreas Steffen
d6fb2cc6e3
Merged libpts into libimcv
2014-10-05 12:55:37 +02:00
Martin Willi
44b6a34d43
configure: Load fetcher plugins after crypto base plugins
...
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.
We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
2014-09-24 17:34:54 +02:00
Martin Willi
0097141858
init: Provide a service file for charon-systemd using swanctl
2014-09-22 14:19:38 +02:00
Martin Willi
b2f76c514d
systemd: Check if ./configure detected a systemd system unit directory
2014-09-22 14:19:38 +02:00
Martin Willi
db8ae75bf6
systemd: Discover and check systemd libraries with pkg-config during configure
2014-09-22 14:19:38 +02:00
Martin Willi
73ed38e74f
systemd: Provide a charon-systemd daemon targeting full systemd integration
2014-09-22 13:55:11 +02:00
Tobias Brunner
b04f40406d
configure: Add additional includes when checking for linux/fib_rules.h
...
This seems to be required on Cent OS 6.5.
2014-08-11 18:40:18 +02:00
Tobias Brunner
fafed376e7
imv-swid: Use pkg-config to check for libjson-c
...
The package/library is called libjson-c on recent distributions.
Some like Ubuntu 14.04 provide symlinks with the old name but these
will eventually disappear. Using pkg-config allows us to easily check
for it (with a fallback) and configure the proper compiler flags.
Fixes #663 .
2014-07-30 16:57:00 +02:00
Andreas Steffen
13ec4cf2ad
Version bump to 5.2.1dr1
2014-07-16 15:59:56 +02:00
Andreas Steffen
af494268fb
Version bump to 5.2.0
2014-07-08 15:24:31 +02:00
Tobias Brunner
38f27e172c
conf: Document swanctl options
2014-06-30 13:25:13 +02:00
Tobias Brunner
4d066ef7fc
conf: Document aikgen options
2014-06-30 13:25:13 +02:00
Tobias Brunner
3986c1e3fd
autoconf: Replace --disable-tools option with --disable-scepclient
...
Since using a separate option for pki this was the only tool that was still
enabled by that option.
2014-06-30 13:25:13 +02:00
Tobias Brunner
566d1a90cd
Remove kernel-klips plugin
2014-06-19 14:20:33 +02:00
Tobias Brunner
f245ac6cc0
starter: Add tests for ipsec.conf parser
2014-06-19 14:00:48 +02:00
Andreas Steffen
b16e177e06
Version bump to 5.2.0rc1
2014-06-15 11:40:15 +02:00
Martin Willi
bd19e27ae3
windows: Do not check if having clock_gettime()
...
Windows does not have it, but libwinpthread has. If this library is available
during build, it will be linked, which we prefer to avoid.
2014-06-06 15:34:12 +02:00
Andreas Steffen
9d228ddb04
Version bump to 5.2.0dr6
2014-06-06 11:18:17 +02:00
Martin Willi
f48c26bce3
pki: Support complex trustchain and revocation checking in --verify
2014-06-04 16:34:16 +02:00
Martin Willi
6f90fc8061
winhttp: Implement a http(s) fetcher based on Microsofts WinHTTP API
2014-06-04 16:34:15 +02:00
Martin Willi
00780f0238
kernel-iph: Add a stub for a Windows IP Helper based networking backend
2014-06-04 16:32:07 +02:00
Martin Willi
8d91eee3fc
kernel-wfp: Add a stub for a Windows Filtering Platform based IPsec backend
2014-06-04 16:32:05 +02:00
Martin Willi
fb0b539084
socket-win: Implement a Windows socket plugin using Winsock2
2014-06-04 16:31:09 +02:00
Martin Willi
3b7b806d27
windows: Compile with -mno-ms-bitfields if option not set explicitly
...
-mms-bitfields is the default in newer MinGWs, but it breaks
__attribute__((packed)).
2014-06-04 15:53:13 +02:00
Martin Willi
0ca8541564
configure: Fix attribute((packed)) test when using -Werror
2014-06-04 15:53:13 +02:00
Martin Willi
3ab6082a0f
configure: Mark conftest variable as unused to pass test with -Werror
...
When using -Werror, the warning for the unused variable would let the test fail,
even if in6addr_any is available.
2014-06-04 15:53:13 +02:00
Martin Willi
2d42dce4a4
configure: Don't use -rdynamic with the LLVM toolchain
2014-06-04 15:53:13 +02:00
Martin Willi
5cd28cd25a
pki: Provide a fallback if strptime() not supported
...
For simplicity, we support the default pki datetime format only, but optionally
accept four digit years for longer lifetimes.
2014-06-04 15:53:11 +02:00
Martin Willi
b70849ada2
configure: Separate pki from --disable-tools
...
While pki builds and runs just fine on Windows, this is not true for scepclient.
2014-06-04 15:53:08 +02:00
Martin Willi
4161ee6678
configure: Check if __attribute__((packed)) works as expected
...
This is really hard to detect if not, and is not unlikely. If -mms-bitfields
is given, the attribute does not work. Even worse, that switch is by default
on with GCC/MinGW 4.7+ for Windows targets.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52991
2014-06-04 15:53:08 +02:00
Martin Willi
ee2498e3d6
bus: Build syslog logger depending on syslog() availability
2014-06-04 15:53:05 +02:00
Martin Willi
8e1c0d15a9
mysql: Add Windows support
...
As the mysql_config script is not available for Windows, we use a hardcoded
library name and no additional CFLAGS. This builds fine against the binary
MySQL Connector/C distribution.
2014-06-04 15:53:04 +02:00
Martin Willi
df4341747c
charon-svc: Implement a Windows IKE service using libcharon
...
The resulting binary can be either run as Windows service or directly as
console application.
2014-06-04 15:53:04 +02:00
Martin Willi
b9dca7057c
filelog: Ignore flush_line option if setlinebuf() not supported
2014-06-04 15:53:04 +02:00
Martin Willi
c6503d451a
charon: Don't use syslog() if not supported
2014-06-04 15:53:03 +02:00
Martin Willi
396baeaea2
windows: Never link to libpthread
2014-06-04 15:53:03 +02:00
Martin Willi
b7a4d44bd0
openssl: Check and link against libeay32 instead of libcrypto on Windows
...
Most Windows OpenSSL builds come with the crypto library named libeay32.
2014-06-04 15:53:02 +02:00
Martin Willi
4163421f91
plugins: Don't link with -rdynamic on Windows
2014-06-04 15:53:02 +02:00
Martin Willi
a7e943a640
backtrace: Add DbgHelp based Windows support for creating/printing backtraces
2014-06-04 15:52:57 +02:00
Martin Willi
ce24e0d3e5
configure.ac: Define USE_WINDOWS for Automake when building for Windows
2014-06-03 12:24:34 +02:00
Andreas Steffen
bee82725eb
Check for libjson
2014-05-31 20:37:56 +02:00
Andreas Steffen
e2c9f6ce04
Version bump to 5.2.0dr5
2014-05-31 20:37:26 +02:00
Andreas Steffen
6becc59dc8
Version bump to 5.2.0dr4
2014-05-14 09:57:08 +02:00
Andreas Steffen
92b5626055
Version bump to 5.2.0dr3
2014-05-12 07:39:33 +02:00
Martin Willi
85d26e0c87
swanctl: Add a swanctl command overview manpage
2014-05-07 15:48:17 +02:00
Tobias Brunner
b18191ba0f
swanctl: Generate swanctl.conf(5) man page
2014-05-07 15:48:16 +02:00
Martin Willi
7c8a907895
swanctl: Use a ./configure-able swanctl base directory
2014-05-07 15:48:14 +02:00
Martin Willi
e381e69f9b
swanctl: Add a stub for a vici based configuration and control utility
2014-05-07 15:48:10 +02:00
Martin Willi
6770cfe34a
vici: Add a plugin stub for the "Versatile IKE Control Interface" plugin
2014-05-07 14:13:34 +02:00
Tobias Brunner
a0c2370ea5
utils: Enable __atomic* built-ins based on the GCC version
...
This solves a problem with GNAT when compiling charon-tkm as __atomic*
built-ins are only provided in GCC 4.7 and newer.
Currently GNAT 4.6 and GCC 4.7.2 is shipped with Debian wheezy (stable),
as used in the testing environment. So while the configure script correctly
detected the __atomic* built-ins, and defined HAVE_GCC_ATOMIC_OPERATIONS,
this define turned out to be incorrect when charon-tkm was later built
with GNAT.
2014-05-04 19:16:46 +02:00
Andreas Steffen
9be1c8d175
aikgen generates AIK private/public key pairs
...
aikgen outputs a binary AIK private key blob and the AIK public key.
Optionally the Identity Request encrypted with the public key of
the Privacy CA can be output.
2014-05-03 15:28:17 +02:00
Andreas Steffen
f2eb226653
Version bump to 5.2.0dr2
2014-04-27 19:15:11 +02:00
Tobias Brunner
0f603d425d
utils: Use GCC's __atomic built-ins if available
...
These are available since GCC 4.7 and will eventually replace the __sync
operations. They support the memory model defined by C++11. For instance,
by using __ATOMIC_RELAXED for some operations on the reference counters we
can avoid memory barriers, which are required by __sync operations (whose
memory model essentially is __ATOMIC_SEQ_CST).
2014-04-24 17:54:14 +02:00
Andreas Steffen
6d1b4b6baf
Version bump to 5.2.0dr1
2014-04-15 09:20:38 +02:00
Andreas Steffen
266fcdce2b
Version bump to 5.1.3
2014-04-14 15:18:38 +02:00
Martin Willi
c0efaaebe3
tls: Create a unit-test runner
2014-04-01 14:28:55 +02:00
Martin Willi
dbd4fc074a
openac: Remove obsolete openac utility
...
The same functionality is now provided by the pki --acert subcommand.
2014-03-31 11:39:25 +02:00
Martin Willi
5ac0e66879
acert: Implement a plugin finding, validating and evaluating attribute certs
...
This validator checks for any attribute certificate it can find for validated
end entity certificates and tries to extract group membership information
used for connection authorization rules.
2014-03-31 11:14:58 +02:00
Martin Willi
6e8c665a51
pki: Add acert and extend pki/print manpages
2014-03-31 11:14:58 +02:00
Andreas Steffen
045f25fc81
Version bump to 5.1.3rc1
2014-03-26 22:00:00 +01:00
Tobias Brunner
4ffe02a75d
configure: Add an option to select a specific printf hook implementation
2014-03-20 15:49:05 +01:00
Tobias Brunner
0e6f3a380a
configure: Add an option to enable all optional features/plugins
...
This has probably no real practical use, but it simplifies testing.
2014-03-20 15:29:27 +01:00
Tobias Brunner
1c26ce2dc3
configure: Reorder and group feature options
2014-03-20 15:29:27 +01:00
Andreas Steffen
9483f8ec59
Version bump to 5.1.3dr1
2014-03-07 21:56:34 +01:00
Tobias Brunner
af15c71bfb
configure: Fix autoreconf with older autotools
...
Older autoconf versions (e.g. on CentOS 6.5) produce an empty else block
for the removed empty argument, which the shell then trips over when
executing ./configure.
Fixes #536 .
2014-03-03 17:14:26 +01:00
Andreas Steffen
1d252e9dec
Version bump to 5.1.2
2014-02-27 22:46:52 +01:00
Tobias Brunner
2ed241aeb3
utils: Add memrchr(3) replacement for platforms that don't support it
...
For instance, on Mac OS X memrchr(3) is not provided by the C library.
2014-02-26 11:05:07 +01:00
Andreas Steffen
8f57961f4c
Version bump to 5.1.2rc2
2014-02-17 12:02:23 +01:00
Tobias Brunner
7573a7ed56
conf: Only install config snippets for enabled components
2014-02-12 14:34:34 +01:00
Tobias Brunner
c4bb26b849
conf: Split strongswan.conf(5) man page and use generated snippet
2014-02-12 14:34:33 +01:00
Tobias Brunner
91cc523ca7
conf: Generate strongswan.conf(5) man page in different directory
2014-02-12 14:34:33 +01:00
Tobias Brunner
1b98f85821
conf: Generate and install config sippets for option descriptions
...
The strongswan.d directory is also created relative to the configured
location of strongswan.conf.
2014-02-12 14:34:33 +01:00
Tobias Brunner
c75acc4c44
conf: Install strongswan.conf template from a separate directory
2014-02-12 14:34:33 +01:00
Tobias Brunner
b3613c49a2
array: Add fallback for qsort_r using thread-local value
...
Cygwin for example does not support qsort_r.
2014-02-12 14:34:33 +01:00
Tobias Brunner
132b00ce02
array: Add array_sort function
2014-02-12 14:34:33 +01:00
Martin Willi
37374a292a
chunk: Provide a fallback chunk_map() if mmap is not available
2014-01-23 15:55:32 +01:00
Tobias Brunner
2d7852d29a
configure: Add -Wno-format-security to default CFLAGS
...
Either due to a change in Ubuntu 13.10 or GCC 4.8 -Wno-format has no
effect if -Wformat-security is enabled (which it is on Ubuntu) so we
also disable the latter by default.
2014-01-23 10:08:53 +01:00
Andreas Steffen
800b361e19
Version bump to 5.1.2rc1
2014-01-16 01:47:34 +01:00
Andreas Steffen
f74c8be19b
Version bump to 5.1.2dr3
2014-01-13 12:12:52 +01:00
Andreas Steffen
bced16ee11
Version bump to 5.1.2dr2
2013-12-06 10:10:24 +01:00
Reto Buerki
d33df7ed51
charon-tkm: Abort if gprbuild binary is not found
2013-12-04 10:42:03 +01:00
Andreas Steffen
146ad86be5
Prototype implementation of IKE key exchange via NTRU encryption
2013-11-27 20:21:40 +01:00
Tobias Brunner
228db0433d
configure: Remove obsolete --enable-unit-tests option
2013-11-27 18:35:44 +01:00
Andreas Steffen
194b69f0b8
Version bump to 5.1.2dr1
2013-11-19 10:27:07 +01:00
Tobias Brunner
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
Martin Willi
6531afb557
automake: Don't use parallel test harness being the default with automake 1.13
...
We have no need for the parallel test harness, and we prefer to have the output
of make check on the console
2013-11-06 10:30:59 +01:00
Andreas Steffen
c501c78c5f
Version bump to 5.1.1
2013-10-31 09:42:15 +01:00
Martin Willi
2077d996a9
utils: Provide a fmemopen(3) fallback using BSD funopen()
2013-10-24 13:17:05 +02:00
Tobias Brunner
8e8e97d10d
kernel-netlink: Check existence of linux/fib_rules.h, don't include it in distribution
...
This reverts commit b0761f1f0a
.
2013-10-18 09:52:54 +02:00
Ruslan N. Marchenko
b638c131de
dnscert: Add DNS CERT support for pubkey authentication
...
Add DNSSEC protected CERT RR delivered certificate authentication.
The new dnscert plugin is based on the ipseckey plugin and relies on the
existing PEM decoder as well as x509 and PGP parsers. As such the plugin
expects PEM encoded PKIX(x509) or PGP(GPG) certificate payloads.
The plugin is targeted to improve interoperability with Racoon, which
supports this type of authentication, ignoring in-stream certificates
and using only DNS provided certificates for FQDN IDs.
2013-10-11 15:45:42 +02:00
Tobias Brunner
ec6ad6b086
pool: Move the pool utility to its own directory in src
2013-10-11 15:16:05 +02:00
Martin Willi
cabe5c0ff4
printf-hook-builtin: Add a new "builtin" backend using its own printf() routines
...
Overloads printf C library functions by a self-contained implementation,
based on klibc. Does not yet feature all the required default formatters,
including those for floating point values.
2013-10-11 11:06:02 +02:00
Andreas Steffen
4524e128f8
Version bump to 5.1.1rc1
2013-10-11 09:53:42 +02:00
Andreas Steffen
f4dd49a5fd
Version bump to 5.1.1dr4
2013-09-17 10:57:46 +02:00
Tobias Brunner
21626bdf77
pki: Add support to encode public keys in SSH key format
2013-09-13 15:23:49 +02:00
Tobias Brunner
a3232fa802
pki: Load dnskey plugin to encode public keys in RFC 3110 format
2013-09-13 15:23:48 +02:00
Tobias Brunner
0dc8ba8779
pki: Install pki(1) as utility directly in $prefix/bin
...
ipsec pki is maintained as alias.
2013-09-13 15:07:36 +02:00
Tobias Brunner
b068c4ec9d
pki: Add pki --verify man page
2013-09-13 15:07:36 +02:00
Tobias Brunner
4adeaa5eb9
pki: Add pki --pub man page
2013-09-13 15:07:36 +02:00
Tobias Brunner
a319eff80d
pki: Add pki --print man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
e69fd30538
pki: Add pki --keyid man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
558771400e
pki: Add pki --pkcs7 man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
bb8e2e1759
pki: Add pki --req man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
96aa5a1ddd
pki: Add pki --signcrl man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
42e3a21e24
pki: Add pki --issue man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
3a643b8901
pki: Add pki --self man page
...
Can be opened with "man pki --self".
2013-09-13 15:07:35 +02:00
Tobias Brunner
a612f6e338
pki: Add pki --gen man page
...
Can be opened with "man pki --gen".
2013-09-13 15:07:29 +02:00
Tobias Brunner
34cff9349b
pki: Add ipsec-pki(8) man page
...
Can be opened either with "man ipsec pki" or "man ipsec-pki".
Since man(1) only supports one level of subpages, the forthcoming man
pages for each command will have to be opened with "man pki --<command>".
2013-09-13 14:32:51 +02:00
Tobias Brunner
8250fc10e8
Build generated man pages via configure script
2013-09-13 14:32:51 +02:00
Tobias Brunner
3cb4552da6
configure: libtls and libtnccs etc. all require libstrongswan
2013-09-12 01:44:49 +02:00
Tobias Brunner
bf32cdfbf6
tun_device: Add warning if TUN devices are not supported by platform
2013-09-12 01:44:49 +02:00
Tobias Brunner
70aefb9430
Store object files in the same directory as the source files
...
Future automake releases will apparently do that implicitly, but current
releases spit out nasty warning messages.
2013-09-05 14:24:26 +02:00
Andreas Steffen
de4637718e
Version bump to 5.1.1dr3
2013-09-04 16:15:52 +02:00
Tobias Brunner
5ee0747cfd
autoconf: Split PACKAGE_VERSION in four parts
...
The parts can be accessed with the variables:
PACKAGE_VERSION_MAJOR
PACKAGE_VERSION_MINOR
PACKAGE_VERSION_BUILD
PACKAGE_VERSION_REVIEW
The last part will be empty for regular releases.
2013-09-02 11:30:24 +02:00
Andreas Steffen
ee2d6f8618
Version bump to 5.1.1dr2
2013-08-28 23:00:47 +02:00
Andreas Steffen
aff4367907
Flush iptables rules on alice
2013-08-19 12:20:57 +02:00
Andreas Steffen
e626821677
Version bump to 5.1.1dr1
2013-08-19 10:03:23 +02:00
Andreas Steffen
b38d9d5a54
Implemented SWID prototype IMC/IMV pair
2013-08-15 23:34:23 +02:00
Andreas Steffen
12b3db5006
moved tnc_imv plugin to libtnccs thanks to recommendation callback function
2013-08-15 23:34:22 +02:00
Andreas Steffen
e8f65c5cde
Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon plugins to libtnccs
2013-08-15 23:34:22 +02:00
Andreas Steffen
180a2f2642
rapid PT-TLS AR/PDP prototype
2013-08-15 23:34:22 +02:00
Andreas Steffen
e8b8a6d958
version bump to 5.0.1
2013-07-29 17:16:41 +02:00
Andreas Steffen
3cd01df785
Version bump to 5.1.0rc1
2013-07-19 10:40:53 +02:00
Martin Willi
c577b5eb44
autoconf: rename configure.in to configure.ac
...
configure.ac has been the recommended name for autoconf input for several
years now. Newer autotools start to complain about the configure.in, so we
finally change it.
2013-07-18 14:59:19 +02:00