Commit Graph

404 Commits

Author SHA1 Message Date
Andreas Steffen 794cfbad71 Version bump to 5.4.0dr7 2016-02-28 15:56:06 +01:00
Andreas Steffen fc0f8466db Version bump to 5.4.0dr6 2016-02-16 18:17:44 +01:00
Andreas Steffen 927f733159 Version bump to 5.4.0dr5 2016-01-28 09:41:05 +01:00
Andreas Steffen 9492e12e61 Version bump to 5.4.0dr4 2016-01-10 01:39:08 +01:00
Andreas Steffen 1990eeebfe Version bump to 5.4.0dr3 2016-01-03 06:28:49 +01:00
Chris Patterson b15f987ddd configure: Support systemd >= 209
libsystemd-journal and libsystemd-daemon are now just
part of libsystemd.

Keep original systemd checks as a fallback.

Updates charon-systemd/Makefile.am accordingly.

Tested on:
- debian wheezy (systemd v44)
- ubuntu 15.10 (systemd v255).

Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>

Closes strongswan/strongswan#24.
2015-12-21 11:53:31 +01:00
Andreas Steffen 6943db5679 Version bump to 5.4.0dr2 2015-12-18 15:25:50 +01:00
Andreas Steffen 2d9c68b8a8 configure: Enable vici plugin and swanctl by default 2015-12-17 17:49:48 +01:00
Tobias Brunner 020d8c8f26 configure: Fix typo when enabling CPAN modules as dependency
Fixes: a17b6d469c ("Built the CPAN file structure for the Vici::Session perl module")
2015-12-14 11:49:51 +01:00
Andreas Steffen 5e2b740a00 128 bit default security strength requires 3072 bit prime DH group 2015-12-14 10:39:40 +01:00
Martin Willi 2b39da2634 configure: Link against potential -ldl when checking for OpenSSL libcrypto 2015-12-04 08:02:03 +01:00
Andreas Steffen fc235f90fe Version bump to 5.4.0dr1 2015-12-01 15:06:23 +01:00
Andreas Steffen a17b6d469c Built the CPAN file structure for the Vici::Session perl module 2015-12-01 14:52:43 +01:00
Andreas Steffen a101bce862 Implement vici Perl binding 2015-12-01 14:52:43 +01:00
Andreas Steffen 66021f7263 Version bump to 5.3.5 2015-11-26 09:56:10 +01:00
Andreas Steffen 8e9adf3d09 Version bump to 5.4.0dr1 2015-11-16 16:36:50 +01:00
Andreas Steffen 722714bdfe Version bump to 5.3.4 2015-11-16 13:22:25 +01:00
Tobias Brunner ef4279f2e5 utils: Provide a fallback for sigwaitinfo() if needed
Apparently, not available on Mac OS X 10.10 Yosemite. We don't provide
this on Windows.
2015-11-13 18:24:45 +01:00
Andreas Steffen bec682e1da Version bump to 5.3.4rc1 2015-11-13 12:18:28 +01:00
Andreas Steffen 0748517582 Version bump to 5.3.4dr3 2015-11-10 16:54:38 +01:00
Tobias Brunner 32ebb56c5b configure: Load sha1 and random plugins in manager by default
If the openssl plugin is not enabled we need these to generate session
IDs and to authenticate the users.

The md4 plugin is not needed in the manager.

Fixes #1168.
2015-11-09 11:03:47 +01:00
Andreas Steffen f1f7134ecb Version bump to 5.3.4dr2 2015-11-06 16:07:04 +01:00
Andreas Steffen 6590298dad Version bump to 5.3.4dr1 2015-11-04 19:42:17 +01:00
Andreas Steffen a488584b5f Implemented SHA-3 hash algorithm including test vectors 2015-11-03 21:35:09 +01:00
Andreas Steffen a215008c11 Version bump to 5.3.3 2015-09-06 15:05:36 +02:00
Andreas Steffen 01604016f7 Version bump to 5.3.3rc2 2015-09-01 13:16:43 +02:00
Andreas Steffen 5de8703ee0 Version bump to 5.3.3rc1 2015-08-25 15:10:13 +02:00
Andreas Steffen 46686372c6 Version bump to 5.3.3dr6 2015-08-19 07:18:30 +02:00
Andreas Steffen b48ffcb1b3 Implemented HCD IMC and IMV 2015-08-18 21:25:38 +02:00
Tobias Brunner 6ef4668626 pki: Add --dn command to extract the subject DN of a certificate 2015-08-17 11:34:01 +02:00
Tobias Brunner 6d9cd1d66b utils: Check for dirfd(3)
Not all POSIX compatible systems might provide it yet.  If not, we close
the lowest FD to close and hope it gets reused by opendir().
2015-08-17 11:19:48 +02:00
Tobias Brunner f25f4192c7 utils: Directly use syscall() to close open FDs in closefrom()
This avoids any allocations, since calling malloc() after fork() is
potentially unsafe.

Fixes #990.
2015-08-17 11:19:44 +02:00
Andreas Steffen cdd7d2b197 Version bump to 5.3.3dr5 2015-08-16 09:04:42 +02:00
Andreas Steffen 16c4dd8f26 Version bump to 5.3.3dr4 2015-08-10 07:48:14 +02:00
Tobias Brunner 3103c68210 configure: Explicitly disable unused parameter warnings in qsort_r test
When compiling with -Wextra (and without disabling these warnings
globally) the tests would otherwise fail due to the unused arguments in
the cmp() functions.

Fixes #1053.
2015-08-04 19:08:30 +02:00
Andreas Steffen e0d3a2a873 Version bump to 5.3.3dr3 2015-07-31 17:47:14 +02:00
Andreas Steffen 41458e3362 Version bump to 5.3.3dr2 2015-07-28 14:28:58 +02:00
Andreas Steffen 41aa7eb531 Version bump to 5.3.3dr1 2015-07-21 23:15:36 +02:00
Martin Willi 29e3544f1f libipsec: Add a unit-test test runner 2015-07-12 13:54:08 +02:00
Martin Willi 42459b41f0 configure: Check if building against a x86/x64 architecture
This allows us to include compiler flags specific for them, such as MMX/SSE.
2015-06-29 17:32:14 +02:00
Martin Willi 370fb3feb0 chapoly: Provide a generic ChaCha20/Poly1305 AEAD supporting driver backends 2015-06-29 17:32:14 +02:00
Andreas Steffen 3ea5d437fb Version bump to 5.3.2 2015-06-08 09:56:34 +02:00
Andreas Steffen f284c17890 Version bump to 5.3.1 2015-06-01 09:50:48 +02:00
Andreas Steffen d6b75c9563 List attribute request entries also during build 2015-05-24 09:17:29 +02:00
Tobias Brunner f16f792e17 vici: Make installation of Ruby Gem and Python Egg optional
Installing them might not work well when building distro packages (e.g.
with DESTDIR installs).  It might be easier to install them later with a
script in the distro package.

When building from source on the local system it could still be useful to
install the packages directly, which can be enabled with separate configure
options.

The main problem with DESTDIR installations of the Python Egg is that
easy_install creates or modifies a file called easy-install.pth in the
installation directory.  So it's not actually possible to simply copy
the results in DESTDIR over to the actual system as that file would have
to be merged with any existing one.

Fixes #914.
2015-05-21 17:22:01 +02:00
Andreas Steffen 17a2e00a31 Version bump to 5.3.1dr1 2015-04-24 11:35:42 +02:00
Martin Willi 78c04b5d4d aesni: Provide a plugin stub for AES-NI instruction based crypto primitives 2015-04-15 11:35:26 +02:00
Martin Willi 036c7b63c0 configure: Check for __int128 type support 2015-04-14 12:03:40 +02:00
Andreas Steffen ef5f96366e Version bump to 5.3.0 2015-03-27 20:56:44 +01:00
Andreas Steffen cf9befcba4 Version bump to 5.3.0rc1 2015-03-23 23:15:31 +01:00
Martin Willi 07302b2f7c configure: Check optional py.test availability when building with python eggs 2015-03-18 13:59:15 +01:00
Martin Willi 2c8c52c4e2 vici: Include python package in distribution 2015-03-18 13:59:14 +01:00
Martin Willi 374b3db191 configure: Add --enable-python-eggs and --with-pythoneggdir options
Detect easy_install for Python egg installation to install any egg we provide
in strongSwan.
2015-03-18 13:59:13 +01:00
Andreas Steffen afc1b67344 Version bump to 5.3.0dr2 2015-03-16 17:15:58 +01:00
Tobias Brunner 1735d80f38 files: Add simple plugin to load files from file:// URIs 2015-03-09 16:08:52 +01:00
Tobias Brunner 4e92441d0c Remove obsolete _updown_espmark script
According to NEWS it was created to support kernels < 2.6.16.
2015-03-06 16:51:50 +01:00
Andreas Steffen c6595222d6 Version bump to 5.3.0dr1 2015-02-26 09:12:54 +01:00
Tobias Brunner 89b60e9fd7 configure: Use pkg-config to detect libiptc used by connmark/forecast
This ensures the library is available.  On Debian/Ubuntu it is a dynamic
library provided by the iptables-dev package.
2015-02-23 12:35:28 +01:00
Martin Willi e5ad2e6614 forecast: Add the broadcast/multicast forwarding plugin called forecast 2015-02-20 16:34:55 +01:00
Martin Willi 8c2290dcf9 connmark: Add a plugin stub 2015-02-20 15:33:59 +01:00
Martin Willi 124490a8e0 unit-tester: Drop the old unit-tester libcharon plugin
While it has some tests that we don't directly cover with the new unit tests,
most of them require special infrastructure and therefore have not been used
for a long time.
2015-02-20 13:34:55 +01:00
Martin Willi 1f29cd2c5d libcharon: Add a test runner 2015-02-20 13:34:55 +01:00
Martin Willi 82e4b83378 attr-sql: Move plugin to libcharon 2015-02-20 13:34:55 +01:00
Martin Willi c6c7f97a1d attr: Move plugin to libcharon 2015-02-20 13:34:54 +01:00
Martin Willi 6bfd1fbb71 resolve: Move plugin back to libcharon
Since pluto is gone, all existing users build upon libcharon.
2015-02-20 13:34:54 +01:00
Tobias Brunner 482810141c configure: Load SQL backends after crypto plugins
If the MySQL client library is linked against OpenSSL the mysql plugin
will cause a segmentation fault when it is unloaded after the openssl
plugin has already been deinitialized.  This is very similar to the issues
with curl (see 44b6a34d43).

Fixes #814.
2015-02-10 16:08:09 +01:00
Andreas Steffen e9878d72db Version bump to 5.2.2 2014-12-23 15:40:02 +01:00
Tobias Brunner 374b569ed0 pki: Add simple PKCS#12 display command 2014-12-12 13:11:29 +01:00
Tobias Brunner a23d3073e3 pki: Load hmac plugin which is required to decrypt PKCS#12 containers 2014-12-12 13:11:29 +01:00
Andreas Steffen dce6f69546 Version bump to 5.2.2rc1 2014-12-12 12:00:20 +01:00
Tobias Brunner 700df23886 bliss: Fix monolithic build
This requires moving test files so that the Makefile for the tests can be
included after building libstrongswan, which requires the plugin when
building monolithically.  Due to this a static helper library is required
as directly referring to object files (or source files) is not possible.

It's also necessary to avoid any link-time dependency on libstrongswan in
bliss_huffman, to avoid circular dependencies (bliss_huffman -> libstrongswan
-> bliss -> bliss_huffman).
2014-12-12 12:00:20 +01:00
Andreas Steffen 32d19652f1 Version bump to 5.2.2dr1 2014-11-29 15:00:10 +01:00
Andreas Steffen 9d5b91d198 Created framework for BLISS post-quantum signature algorithm 2014-11-29 14:51:14 +01:00
Tobias Brunner 385d4486ba libhydra: Add test runner 2014-10-30 12:32:44 +01:00
Andreas Steffen 4b1b91913a Version bump to 5.2.1 2014-10-18 12:12:17 +02:00
Martin Willi 4e37bdbf57 kernel-pfroute: Check for RTM_IFANNOUNCE availability
This message is not available on OS X.
2014-10-14 16:33:10 +02:00
Martin Willi f684be6583 vici: Use "gem"-assisted vici ruby gem building and installation 2014-10-10 11:42:17 +02:00
Martin Willi 409f1fc144 configure: Add global --enable-ruby-gems and --with-rubygemdir options
This provides the options to build and install ruby gems for components
providing them, such as vici.
2014-10-10 11:42:17 +02:00
Andreas Steffen f83215bbdb version bump to 5.2.1rc1 2014-10-06 23:14:13 +02:00
Martin Willi b2c1973ffb ext-auth: Add an ext-auth plugin invoking an external authorization script
Original patch courtesy of Vyronas Tsingaras.
2014-10-06 18:30:46 +02:00
Andreas Steffen d6fb2cc6e3 Merged libpts into libimcv 2014-10-05 12:55:37 +02:00
Martin Willi 44b6a34d43 configure: Load fetcher plugins after crypto base plugins
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.

We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
2014-09-24 17:34:54 +02:00
Martin Willi 0097141858 init: Provide a service file for charon-systemd using swanctl 2014-09-22 14:19:38 +02:00
Martin Willi b2f76c514d systemd: Check if ./configure detected a systemd system unit directory 2014-09-22 14:19:38 +02:00
Martin Willi db8ae75bf6 systemd: Discover and check systemd libraries with pkg-config during configure 2014-09-22 14:19:38 +02:00
Martin Willi 73ed38e74f systemd: Provide a charon-systemd daemon targeting full systemd integration 2014-09-22 13:55:11 +02:00
Tobias Brunner b04f40406d configure: Add additional includes when checking for linux/fib_rules.h
This seems to be required on Cent OS 6.5.
2014-08-11 18:40:18 +02:00
Tobias Brunner fafed376e7 imv-swid: Use pkg-config to check for libjson-c
The package/library is called libjson-c on recent distributions.
Some like Ubuntu 14.04 provide symlinks with the old name but these
will eventually disappear.  Using pkg-config allows us to easily check
for it (with a fallback) and configure the proper compiler flags.

Fixes #663.
2014-07-30 16:57:00 +02:00
Andreas Steffen 13ec4cf2ad Version bump to 5.2.1dr1 2014-07-16 15:59:56 +02:00
Andreas Steffen af494268fb Version bump to 5.2.0 2014-07-08 15:24:31 +02:00
Tobias Brunner 38f27e172c conf: Document swanctl options 2014-06-30 13:25:13 +02:00
Tobias Brunner 4d066ef7fc conf: Document aikgen options 2014-06-30 13:25:13 +02:00
Tobias Brunner 3986c1e3fd autoconf: Replace --disable-tools option with --disable-scepclient
Since using a separate option for pki this was the only tool that was still
enabled by that option.
2014-06-30 13:25:13 +02:00
Tobias Brunner 566d1a90cd Remove kernel-klips plugin 2014-06-19 14:20:33 +02:00
Tobias Brunner f245ac6cc0 starter: Add tests for ipsec.conf parser 2014-06-19 14:00:48 +02:00
Andreas Steffen b16e177e06 Version bump to 5.2.0rc1 2014-06-15 11:40:15 +02:00
Martin Willi bd19e27ae3 windows: Do not check if having clock_gettime()
Windows does not have it, but libwinpthread has. If this library is available
during build, it will be linked, which we prefer to avoid.
2014-06-06 15:34:12 +02:00
Andreas Steffen 9d228ddb04 Version bump to 5.2.0dr6 2014-06-06 11:18:17 +02:00
Martin Willi f48c26bce3 pki: Support complex trustchain and revocation checking in --verify 2014-06-04 16:34:16 +02:00
Martin Willi 6f90fc8061 winhttp: Implement a http(s) fetcher based on Microsofts WinHTTP API 2014-06-04 16:34:15 +02:00
Martin Willi 00780f0238 kernel-iph: Add a stub for a Windows IP Helper based networking backend 2014-06-04 16:32:07 +02:00
Martin Willi 8d91eee3fc kernel-wfp: Add a stub for a Windows Filtering Platform based IPsec backend 2014-06-04 16:32:05 +02:00
Martin Willi fb0b539084 socket-win: Implement a Windows socket plugin using Winsock2 2014-06-04 16:31:09 +02:00
Martin Willi 3b7b806d27 windows: Compile with -mno-ms-bitfields if option not set explicitly
-mms-bitfields is the default in newer MinGWs, but it breaks
__attribute__((packed)).
2014-06-04 15:53:13 +02:00
Martin Willi 0ca8541564 configure: Fix attribute((packed)) test when using -Werror 2014-06-04 15:53:13 +02:00
Martin Willi 3ab6082a0f configure: Mark conftest variable as unused to pass test with -Werror
When using -Werror, the warning for the unused variable would let the test fail,
even if in6addr_any is available.
2014-06-04 15:53:13 +02:00
Martin Willi 2d42dce4a4 configure: Don't use -rdynamic with the LLVM toolchain 2014-06-04 15:53:13 +02:00
Martin Willi 5cd28cd25a pki: Provide a fallback if strptime() not supported
For simplicity, we support the default pki datetime format only, but optionally
accept four digit years for longer lifetimes.
2014-06-04 15:53:11 +02:00
Martin Willi b70849ada2 configure: Separate pki from --disable-tools
While pki builds and runs just fine on Windows, this is not true for scepclient.
2014-06-04 15:53:08 +02:00
Martin Willi 4161ee6678 configure: Check if __attribute__((packed)) works as expected
This is really hard to detect if not, and is not unlikely. If -mms-bitfields
is given, the attribute does not work. Even worse, that switch is by default
on with GCC/MinGW 4.7+ for Windows targets.

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52991
2014-06-04 15:53:08 +02:00
Martin Willi ee2498e3d6 bus: Build syslog logger depending on syslog() availability 2014-06-04 15:53:05 +02:00
Martin Willi 8e1c0d15a9 mysql: Add Windows support
As the mysql_config script is not available for Windows, we use a hardcoded
library name and no additional CFLAGS. This builds fine against the binary
MySQL Connector/C distribution.
2014-06-04 15:53:04 +02:00
Martin Willi df4341747c charon-svc: Implement a Windows IKE service using libcharon
The resulting binary can be either run as Windows service or directly as
console application.
2014-06-04 15:53:04 +02:00
Martin Willi b9dca7057c filelog: Ignore flush_line option if setlinebuf() not supported 2014-06-04 15:53:04 +02:00
Martin Willi c6503d451a charon: Don't use syslog() if not supported 2014-06-04 15:53:03 +02:00
Martin Willi 396baeaea2 windows: Never link to libpthread 2014-06-04 15:53:03 +02:00
Martin Willi b7a4d44bd0 openssl: Check and link against libeay32 instead of libcrypto on Windows
Most Windows OpenSSL builds come with the crypto library named libeay32.
2014-06-04 15:53:02 +02:00
Martin Willi 4163421f91 plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
Martin Willi a7e943a640 backtrace: Add DbgHelp based Windows support for creating/printing backtraces 2014-06-04 15:52:57 +02:00
Martin Willi ce24e0d3e5 configure.ac: Define USE_WINDOWS for Automake when building for Windows 2014-06-03 12:24:34 +02:00
Andreas Steffen bee82725eb Check for libjson 2014-05-31 20:37:56 +02:00
Andreas Steffen e2c9f6ce04 Version bump to 5.2.0dr5 2014-05-31 20:37:26 +02:00
Andreas Steffen 6becc59dc8 Version bump to 5.2.0dr4 2014-05-14 09:57:08 +02:00
Andreas Steffen 92b5626055 Version bump to 5.2.0dr3 2014-05-12 07:39:33 +02:00
Martin Willi 85d26e0c87 swanctl: Add a swanctl command overview manpage 2014-05-07 15:48:17 +02:00
Tobias Brunner b18191ba0f swanctl: Generate swanctl.conf(5) man page 2014-05-07 15:48:16 +02:00
Martin Willi 7c8a907895 swanctl: Use a ./configure-able swanctl base directory 2014-05-07 15:48:14 +02:00
Martin Willi e381e69f9b swanctl: Add a stub for a vici based configuration and control utility 2014-05-07 15:48:10 +02:00
Martin Willi 6770cfe34a vici: Add a plugin stub for the "Versatile IKE Control Interface" plugin 2014-05-07 14:13:34 +02:00
Tobias Brunner a0c2370ea5 utils: Enable __atomic* built-ins based on the GCC version
This solves a problem with GNAT when compiling charon-tkm as __atomic*
built-ins are only provided in GCC 4.7 and newer.

Currently GNAT 4.6 and GCC 4.7.2 is shipped with Debian wheezy (stable),
as used in the testing environment.  So while the configure script correctly
detected the __atomic* built-ins, and defined HAVE_GCC_ATOMIC_OPERATIONS,
this define turned out to be incorrect when charon-tkm was later built
with GNAT.
2014-05-04 19:16:46 +02:00
Andreas Steffen 9be1c8d175 aikgen generates AIK private/public key pairs
aikgen outputs a binary AIK private key blob and the AIK public key.
Optionally the Identity Request encrypted with the public key of
the Privacy CA can be output.
2014-05-03 15:28:17 +02:00
Andreas Steffen f2eb226653 Version bump to 5.2.0dr2 2014-04-27 19:15:11 +02:00
Tobias Brunner 0f603d425d utils: Use GCC's __atomic built-ins if available
These are available since GCC 4.7 and will eventually replace the __sync
operations.  They support the memory model defined by C++11. For instance,
by using __ATOMIC_RELAXED for some operations on the reference counters we
can avoid memory barriers, which are required by __sync operations (whose
memory model essentially is __ATOMIC_SEQ_CST).
2014-04-24 17:54:14 +02:00
Andreas Steffen 6d1b4b6baf Version bump to 5.2.0dr1 2014-04-15 09:20:38 +02:00
Andreas Steffen 266fcdce2b Version bump to 5.1.3 2014-04-14 15:18:38 +02:00
Martin Willi c0efaaebe3 tls: Create a unit-test runner 2014-04-01 14:28:55 +02:00
Martin Willi dbd4fc074a openac: Remove obsolete openac utility
The same functionality is now provided by the pki --acert subcommand.
2014-03-31 11:39:25 +02:00
Martin Willi 5ac0e66879 acert: Implement a plugin finding, validating and evaluating attribute certs
This validator checks for any attribute certificate it can find for validated
end entity certificates and tries to extract group membership information
used for connection authorization rules.
2014-03-31 11:14:58 +02:00
Martin Willi 6e8c665a51 pki: Add acert and extend pki/print manpages 2014-03-31 11:14:58 +02:00
Andreas Steffen 045f25fc81 Version bump to 5.1.3rc1 2014-03-26 22:00:00 +01:00
Tobias Brunner 4ffe02a75d configure: Add an option to select a specific printf hook implementation 2014-03-20 15:49:05 +01:00
Tobias Brunner 0e6f3a380a configure: Add an option to enable all optional features/plugins
This has probably no real practical use, but it simplifies testing.
2014-03-20 15:29:27 +01:00
Tobias Brunner 1c26ce2dc3 configure: Reorder and group feature options 2014-03-20 15:29:27 +01:00
Andreas Steffen 9483f8ec59 Version bump to 5.1.3dr1 2014-03-07 21:56:34 +01:00
Tobias Brunner af15c71bfb configure: Fix autoreconf with older autotools
Older autoconf versions (e.g. on CentOS 6.5) produce an empty else block
for the removed empty argument, which the shell then trips over when
executing ./configure.

Fixes #536.
2014-03-03 17:14:26 +01:00
Andreas Steffen 1d252e9dec Version bump to 5.1.2 2014-02-27 22:46:52 +01:00
Tobias Brunner 2ed241aeb3 utils: Add memrchr(3) replacement for platforms that don't support it
For instance, on Mac OS X memrchr(3) is not provided by the C library.
2014-02-26 11:05:07 +01:00
Andreas Steffen 8f57961f4c Version bump to 5.1.2rc2 2014-02-17 12:02:23 +01:00
Tobias Brunner 7573a7ed56 conf: Only install config snippets for enabled components 2014-02-12 14:34:34 +01:00
Tobias Brunner c4bb26b849 conf: Split strongswan.conf(5) man page and use generated snippet 2014-02-12 14:34:33 +01:00
Tobias Brunner 91cc523ca7 conf: Generate strongswan.conf(5) man page in different directory 2014-02-12 14:34:33 +01:00
Tobias Brunner 1b98f85821 conf: Generate and install config sippets for option descriptions
The strongswan.d directory is also created relative to the configured
location of strongswan.conf.
2014-02-12 14:34:33 +01:00
Tobias Brunner c75acc4c44 conf: Install strongswan.conf template from a separate directory 2014-02-12 14:34:33 +01:00
Tobias Brunner b3613c49a2 array: Add fallback for qsort_r using thread-local value
Cygwin for example does not support qsort_r.
2014-02-12 14:34:33 +01:00
Tobias Brunner 132b00ce02 array: Add array_sort function 2014-02-12 14:34:33 +01:00
Martin Willi 37374a292a chunk: Provide a fallback chunk_map() if mmap is not available 2014-01-23 15:55:32 +01:00
Tobias Brunner 2d7852d29a configure: Add -Wno-format-security to default CFLAGS
Either due to a change in Ubuntu 13.10 or GCC 4.8 -Wno-format has no
effect if -Wformat-security is enabled (which it is on Ubuntu) so we
also disable the latter by default.
2014-01-23 10:08:53 +01:00
Andreas Steffen 800b361e19 Version bump to 5.1.2rc1 2014-01-16 01:47:34 +01:00
Andreas Steffen f74c8be19b Version bump to 5.1.2dr3 2014-01-13 12:12:52 +01:00
Andreas Steffen bced16ee11 Version bump to 5.1.2dr2 2013-12-06 10:10:24 +01:00
Reto Buerki d33df7ed51 charon-tkm: Abort if gprbuild binary is not found 2013-12-04 10:42:03 +01:00
Andreas Steffen 146ad86be5 Prototype implementation of IKE key exchange via NTRU encryption 2013-11-27 20:21:40 +01:00
Tobias Brunner 228db0433d configure: Remove obsolete --enable-unit-tests option 2013-11-27 18:35:44 +01:00
Andreas Steffen 194b69f0b8 Version bump to 5.1.2dr1 2013-11-19 10:27:07 +01:00
Tobias Brunner 20c99edab9 android: Remove dependency on libvstr 2013-11-13 11:40:47 +01:00
Martin Willi 6531afb557 automake: Don't use parallel test harness being the default with automake 1.13
We have no need for the parallel test harness, and we prefer to have the output
of make check on the console
2013-11-06 10:30:59 +01:00
Andreas Steffen c501c78c5f Version bump to 5.1.1 2013-10-31 09:42:15 +01:00
Martin Willi 2077d996a9 utils: Provide a fmemopen(3) fallback using BSD funopen() 2013-10-24 13:17:05 +02:00
Tobias Brunner 8e8e97d10d kernel-netlink: Check existence of linux/fib_rules.h, don't include it in distribution
This reverts commit b0761f1f0a.
2013-10-18 09:52:54 +02:00
Ruslan N. Marchenko b638c131de dnscert: Add DNS CERT support for pubkey authentication
Add DNSSEC protected CERT RR delivered certificate authentication.
The new dnscert plugin is based on the ipseckey plugin and relies on the
existing PEM decoder as well as x509 and PGP parsers.  As such the plugin
expects PEM encoded PKIX(x509) or PGP(GPG) certificate payloads.

The plugin is targeted to improve interoperability with Racoon, which
supports this type of authentication, ignoring in-stream certificates
and using only DNS provided certificates for FQDN IDs.
2013-10-11 15:45:42 +02:00
Tobias Brunner ec6ad6b086 pool: Move the pool utility to its own directory in src 2013-10-11 15:16:05 +02:00
Martin Willi cabe5c0ff4 printf-hook-builtin: Add a new "builtin" backend using its own printf() routines
Overloads printf C library functions by a self-contained implementation,
based on klibc. Does not yet feature all the required default formatters,
including those for floating point values.
2013-10-11 11:06:02 +02:00
Andreas Steffen 4524e128f8 Version bump to 5.1.1rc1 2013-10-11 09:53:42 +02:00
Andreas Steffen f4dd49a5fd Version bump to 5.1.1dr4 2013-09-17 10:57:46 +02:00
Tobias Brunner 21626bdf77 pki: Add support to encode public keys in SSH key format 2013-09-13 15:23:49 +02:00
Tobias Brunner a3232fa802 pki: Load dnskey plugin to encode public keys in RFC 3110 format 2013-09-13 15:23:48 +02:00
Tobias Brunner 0dc8ba8779 pki: Install pki(1) as utility directly in $prefix/bin
ipsec pki is maintained as alias.
2013-09-13 15:07:36 +02:00
Tobias Brunner b068c4ec9d pki: Add pki --verify man page 2013-09-13 15:07:36 +02:00
Tobias Brunner 4adeaa5eb9 pki: Add pki --pub man page 2013-09-13 15:07:36 +02:00
Tobias Brunner a319eff80d pki: Add pki --print man page 2013-09-13 15:07:35 +02:00
Tobias Brunner e69fd30538 pki: Add pki --keyid man page 2013-09-13 15:07:35 +02:00
Tobias Brunner 558771400e pki: Add pki --pkcs7 man page 2013-09-13 15:07:35 +02:00
Tobias Brunner bb8e2e1759 pki: Add pki --req man page 2013-09-13 15:07:35 +02:00
Tobias Brunner 96aa5a1ddd pki: Add pki --signcrl man page 2013-09-13 15:07:35 +02:00
Tobias Brunner 42e3a21e24 pki: Add pki --issue man page 2013-09-13 15:07:35 +02:00
Tobias Brunner 3a643b8901 pki: Add pki --self man page
Can be opened with "man pki --self".
2013-09-13 15:07:35 +02:00
Tobias Brunner a612f6e338 pki: Add pki --gen man page
Can be opened with "man pki --gen".
2013-09-13 15:07:29 +02:00
Tobias Brunner 34cff9349b pki: Add ipsec-pki(8) man page
Can be opened either with "man ipsec pki" or "man ipsec-pki".

Since man(1) only supports one level of subpages, the forthcoming man
pages for each command will have to be opened with "man pki --<command>".
2013-09-13 14:32:51 +02:00
Tobias Brunner 8250fc10e8 Build generated man pages via configure script 2013-09-13 14:32:51 +02:00
Tobias Brunner 3cb4552da6 configure: libtls and libtnccs etc. all require libstrongswan 2013-09-12 01:44:49 +02:00
Tobias Brunner bf32cdfbf6 tun_device: Add warning if TUN devices are not supported by platform 2013-09-12 01:44:49 +02:00
Tobias Brunner 70aefb9430 Store object files in the same directory as the source files
Future automake releases will apparently do that implicitly, but current
releases spit out nasty warning messages.
2013-09-05 14:24:26 +02:00
Andreas Steffen de4637718e Version bump to 5.1.1dr3 2013-09-04 16:15:52 +02:00
Tobias Brunner 5ee0747cfd autoconf: Split PACKAGE_VERSION in four parts
The parts can be accessed with the variables:

	PACKAGE_VERSION_MAJOR
	PACKAGE_VERSION_MINOR
	PACKAGE_VERSION_BUILD
	PACKAGE_VERSION_REVIEW

The last part will be empty for regular releases.
2013-09-02 11:30:24 +02:00
Andreas Steffen ee2d6f8618 Version bump to 5.1.1dr2 2013-08-28 23:00:47 +02:00
Andreas Steffen aff4367907 Flush iptables rules on alice 2013-08-19 12:20:57 +02:00
Andreas Steffen e626821677 Version bump to 5.1.1dr1 2013-08-19 10:03:23 +02:00
Andreas Steffen b38d9d5a54 Implemented SWID prototype IMC/IMV pair 2013-08-15 23:34:23 +02:00
Andreas Steffen 12b3db5006 moved tnc_imv plugin to libtnccs thanks to recommendation callback function 2013-08-15 23:34:22 +02:00
Andreas Steffen e8f65c5cde Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon plugins to libtnccs 2013-08-15 23:34:22 +02:00
Andreas Steffen 180a2f2642 rapid PT-TLS AR/PDP prototype 2013-08-15 23:34:22 +02:00
Andreas Steffen e8b8a6d958 version bump to 5.0.1 2013-07-29 17:16:41 +02:00
Andreas Steffen 3cd01df785 Version bump to 5.1.0rc1 2013-07-19 10:40:53 +02:00
Martin Willi c577b5eb44 autoconf: rename configure.in to configure.ac
configure.ac has been the recommended name for autoconf input for several
years now. Newer autotools start to complain about the configure.in, so we
finally change it.
2013-07-18 14:59:19 +02:00