7d119253f6
added support of OCSP accessLocations
2007-02-25 08:14:50 +00:00
b3e4211fc3
full support of ca info records
2007-02-24 23:18:31 +00:00
83fbaa1ff0
full support of ca info records
2007-02-24 23:18:08 +00:00
182d20e94e
support of ca info records
2007-02-23 15:15:31 +00:00
a02ae4ccd5
using "left" as my host per default, swapping to "right" when needed
2007-02-15 12:13:18 +00:00
2c6584c0d2
respecting source address when sending packets
2007-02-15 11:35:10 +00:00
5943682737
prepared support of ca information records and ocsp functionality
2007-02-14 01:04:46 +00:00
cda642a152
removed eap aka module due nda
2007-02-13 15:19:30 +00:00
f27f6296e6
merged EAP framework from branch into trunk
...
includes a lot of other modifications
2007-02-12 15:56:47 +00:00
6fda18d99d
%T requires time_t ptr
2007-02-08 17:59:37 +00:00
7995489a6d
added support for NULL encryption in ESP
2007-02-08 13:54:42 +00:00
eb9a3fd6f0
be more liberal in accepting notifies with a protocol id
2007-02-08 13:53:41 +00:00
9425da1816
include NO_EXT_SEQUENCE_NUMBER in default proposal
2007-02-08 13:31:31 +00:00
61dd20f9e3
added address listing without getifaddrs for uclibc (only IPv4 yet)
2007-02-02 09:58:59 +00:00
1908670f99
added threads to support multiple simultaneous stroke requests
2007-02-02 07:30:19 +00:00
d3032a9a82
renamed all static clone() functions to avoid naming conflicts with uclibc
2007-02-01 15:24:10 +00:00
42dcd01ffe
sending proper signal to the bus when detecting a dead peer
2007-02-01 15:23:31 +00:00
883c1e3084
name the created CHILD_SA
2007-01-11 20:03:38 +00:00
31e5d441d8
show rekeying|reauthentication time
2007-01-10 08:18:52 +00:00
af53aa9ec0
show name of created CHILD_SA
2007-01-10 08:18:20 +00:00
a40926c7eb
combined use_in and use_fwd
2007-01-10 08:17:48 +00:00
10984fc905
corrected typo
2007-01-10 08:17:10 +00:00
a622c99240
fixed crash when CA for certrequest not found
2007-01-08 13:40:36 +00:00
6a4be80d37
removed unused debugging code
2007-01-08 08:03:40 +00:00
2dc9d7551b
fixed reauthentication when using %any hosts
2007-01-08 07:32:39 +00:00
21f42524e0
support for transport in create_child_sa
...
include TRANSPORT/TUNNEL information in statusall
2007-01-08 06:55:50 +00:00
42687ff5d1
fixed typo
2007-01-04 14:29:50 +00:00
f73d4c9eb0
fixed reuathentication when connections other host is %any
2007-01-03 09:26:44 +00:00
60d79e496b
fixed host conversion length check
2007-01-03 09:25:57 +00:00
7652be891c
added support for transport mode and (experimental!) BEET mode
...
support for the type=transport/tunnel parameter in charon
2006-12-21 14:35:17 +00:00
cd6b61f549
renamed to appear in doxygen build
2006-12-19 10:57:49 +00:00
2b4405a3e7
added a roadmap of the strongSwan project (TODO)
...
added some NEWS
2006-12-19 10:46:58 +00:00
6fe03b0af0
implemented reauthentication using the new reauth=yes|no parameter
2006-12-19 07:30:07 +00:00
4986554f1a
fixed more uClibc issues
...
should compile against a uClibc > 0.9.28 (untested)
2006-12-15 14:22:56 +00:00
38fb426e9b
fixed encoding rules string
...
updated todo
2006-12-14 13:16:19 +00:00
313d21c251
fixed some byte-order issues
2006-12-12 08:41:04 +00:00
5347a84f81
fixed HAVE_BACKTRACE checks
...
starter Makefile now uses proper $(COMPILE) to build pluto objects
2006-12-11 09:29:34 +00:00
e696757c47
made backtrace() calls optional to support uClibc
2006-12-06 13:59:13 +00:00
1183f8ac82
improved selection of ipsec status|statusall <name>
2006-11-02 18:30:50 +00:00
116b53b6bd
proper "ipsec up" signal handling when initiating to %any
2006-11-02 10:28:10 +00:00
3b62f53fa4
fixed output of proto/port selectors
2006-11-02 07:51:53 +00:00
5661bf8623
cosmetics
2006-11-01 23:02:07 +00:00
d053fe5888
fixed ipsec status|statusall <name>
2006-11-01 20:29:53 +00:00
730e2c0542
log IKE SPIs on a separate line
2006-11-01 20:29:04 +00:00
efa0ed68cf
redesigned formatting of ipsec status|statusall
2006-11-01 17:28:47 +00:00
1f9160614a
cosmetics
2006-11-01 17:28:01 +00:00
1ab9441c48
fixed 64 bit issue
2006-11-01 10:57:08 +00:00
923ee10eef
solved 64 bit issue in push/pop stroke interface
2006-10-31 23:17:21 +00:00
231f704548
fixed 64 bit issue
2006-10-31 21:37:25 +00:00
e691a5c493
some fixes for doxygen
2006-10-31 15:24:08 +00:00
db7ef62494
better split up of library files "types.h" & "definitions.h"
...
centralized all printf specifier character definitions
reuse of arginfo handlers
more cleanups
fixed more AMD64 issues
added DEBUG_LEVEL compile flag to exclude DBGn() statements
2006-10-31 12:27:59 +00:00
29137c0cef
preparations to include certreqs in policy decisions
2006-10-31 07:04:15 +00:00
914eea92d7
moved (myself) in log output
2006-10-31 06:31:21 +00:00
382b481795
moved typedefs to beginning of files to solve some include problems
...
splitted authenticator to have a separate implementation for each auth_method_t
using va_copy to clone va_lists, should fix proplems on AMD64
some other cleanups
2006-10-30 14:07:05 +00:00
5923be21b4
fixed SIGSEGV when setup of an additional CHILD_SA fails
2006-10-30 09:53:54 +00:00
7b898a0d8a
added IKEv2 clarifications RFC
2006-10-30 09:47:37 +00:00
bcba0f0367
changed debug level of certreq log output
2006-10-29 09:11:50 +00:00
0f30b4bd24
cosmetics in debug output
2006-10-29 09:10:44 +00:00
a702b731cb
support of certreq payload in IKE_AUTH messages
2006-10-28 20:02:26 +00:00
84740c9b27
added function certreq_payload_create_from_x509()
2006-10-28 15:38:15 +00:00
e44f4d7eef
send a certreq as initiator if other_ca is set
2006-10-28 15:37:23 +00:00
6ae7d265fb
added method get_ca_certificate()
2006-10-28 15:32:30 +00:00
5db5740075
added methods get_my_ca() and get_other_ca()
2006-10-28 15:31:42 +00:00
af6d6bb954
added methods get_my_ca() and get_other_ca()
2006-10-28 15:31:29 +00:00
76adc06e52
added some missing 'AUD' entries
2006-10-28 15:24:59 +00:00
d267cca18f
cosmetics
2006-10-28 13:13:40 +00:00
ebdddb74d4
some improvements in signaling code
2006-10-27 10:46:56 +00:00
ec92107923
include only source NATD payloads really needed
2006-10-27 10:46:35 +00:00
b83806d83d
improved signal handling and emitting
2006-10-26 09:46:56 +00:00
3364ef1d56
fixed typo in debug statement
2006-10-25 08:42:16 +00:00
66a09e1d6e
redesigned list output format
2006-10-25 08:41:27 +00:00
191a26a6a7
removed deprecated iterator methods (has_next & current)
...
added iterator hook to manipulate iterator the clean way
2006-10-24 14:20:45 +00:00
55bbff11ec
linked list cleanups
...
added list methods invoke(), destroy_offset(), destroy_function()
simplified list destruction when destroying its items
2006-10-24 08:46:17 +00:00
5c4cc9a4e3
added verbosity level to stroke
2006-10-24 08:44:47 +00:00
e706c7f10b
code cleanups in printf handlers
2006-10-20 05:57:25 +00:00
490d324d81
added eap authentication draft for ikev2
2006-10-18 11:49:37 +00:00
60356f3375
introduced new logging subsystem using bus:
...
passive listeners can register on the bus
active listeners wait for signals actively
multiplexing allows multiple listeners to receive debug signals
a lot more...
2006-10-18 11:46:13 +00:00
9aac18cba8
removed module tests, outdated. We need something more system-test like
2006-10-18 11:38:43 +00:00
c701e73dc1
fixed auxillary message data parsing for IPV6 socket
...
using SOL_* constants for socket level
2006-10-09 12:28:43 +00:00
a3a1b565da
fixed IPV6_PKTINFO setsockopt() to work with most kernel headers
...
replaced strerror(errno) with %m printf specifier
2006-10-09 12:14:56 +00:00
9e22095ef3
fixed DPD to survive IKE_SA rekeying
2006-09-28 06:57:46 +00:00
47f5027807
introduced printf() specifiers for:
...
host_t (%H)
identification_t (%D)
chunk pointers (%B)
memory pointer/length (%b)
added a signaling bus:
receives event and debug messages, sends them to its listeners
stream_logger, sys_logger, file_logger added, listen to bus
some other tweaks here and there
2006-09-27 14:14:44 +00:00
f91513e333
added often used RFCs and drafts
2006-09-27 14:10:32 +00:00
1ce2ad09c3
fixed retransmission policy for responder
2006-09-25 07:24:08 +00:00
397f344879
fixed dpd for responder
2006-09-25 06:38:58 +00:00
7bd23b7ed5
added hostaccess support
2006-09-25 06:11:36 +00:00
b826069dbb
moved auth_method to policy
2006-09-25 06:11:09 +00:00
d756cd1bd6
added hostaccess support
2006-09-25 06:10:28 +00:00
7968c6a5ff
added hostaccess support
2006-09-25 06:10:02 +00:00
a8960f997a
more consistent authentication logging
2006-09-25 05:59:38 +00:00
fff4ee8a85
added hostaccess support
2006-09-25 05:58:45 +00:00
841b7a1f1e
moved auth_method to policy
2006-09-25 05:52:50 +00:00
2e5935815d
moved auth_method to policy
2006-09-25 05:52:13 +00:00
54c6c4711f
added hostaccess support; moved auth_method to policy
2006-09-25 05:51:16 +00:00
380d91b9be
added hostaccess support
2006-09-25 05:49:36 +00:00
73760ca5ff
extended statusall output
...
added job/event-queue statistics
added allocation statistics when using LEAK_DETECTIVE
2006-09-21 07:03:21 +00:00
833a7cbc50
support of encrypted private key files
2006-09-20 05:48:27 +00:00
b5cac6684d
added copyright notice to sha2_hasher
...
included SHA2 in build process
2006-09-19 14:54:01 +00:00
462129d332
added support for 3DES encryption algorithm in IKE
2006-09-19 11:18:35 +00:00
43ead00a2f
fixed the ids parsing bug
2006-09-19 06:16:48 +00:00
f534e18a98
updated TODOs
2006-09-18 11:41:04 +00:00
e63c4d8b8b
fixed memleak
...
fixed proper handling of id parsing errors
proper return value when no PSK found
2006-09-18 11:39:53 +00:00
6e9bbf18b8
added HOST_ACCESS for firewall script as default
2006-09-18 11:38:37 +00:00
5fded5139e
more debugging output for PSK authentication
2006-09-18 11:38:11 +00:00
e2de376c74
added PSK support
2006-09-18 07:42:57 +00:00
a7371600b0
proper error handling for socket creation
2006-09-18 06:44:38 +00:00
b9024ee058
handle certificate parsing error more generous
2006-09-14 13:14:58 +00:00
567e2a7822
fixed memleak when receiving invalid certificate
2006-09-14 12:15:41 +00:00
d7934d0cfc
implemented updown script to handle firewalling
2006-09-12 13:50:14 +00:00
a095243f60
add priority management for kernel policy
...
let ROUTED policies installed, until manuall removed
introduced new naming scheme to allow proper shutdown of IKE/CHILD_SAs
ike_sa_manager cleanups
2006-09-08 13:10:52 +00:00
1239c6f40b
implemented handling of dpdaction and dpddelay ipsec.conf parameters
2006-09-08 06:12:02 +00:00
a655f5c09c
reuse reqid when a ROUTED child_sa gets INSTALLED
...
fixed a bug in retransmission code
added support for the "keyingtries" ipsec.conf parameter
added support for the "dpddelay" ipsec.conf parameter
done some work for "dpdaction" behavior
some other cleanups and fixes
2006-09-05 14:07:25 +00:00
da8ab11e91
fixed a at-least-one-year-old bug which caused crashed in the scheduler
2006-08-31 06:48:10 +00:00
c705698293
added raw socket filter for IPv6
2006-08-31 06:18:15 +00:00
053842f4e7
implemented NAT detection for IPv6
2006-08-31 06:17:41 +00:00
48d9883a3e
initial support for IPv6 (more testing needed)
...
socket works (without v6 filter)
traffic selector handle IPv4/v4 cleanly
improvements in traffic selector code
kernel interface accepts v6 traffic selectors and hosts
host_t class has full IPv6 support
2006-08-30 17:12:56 +00:00
4c23a8c9ec
moved interface enumeration code to socket, where it belongs
...
query interfaces every time we need it to respect changes in network config
added address listing on startup and "ipsec statusall"
2006-08-28 08:45:22 +00:00
fa8d578d94
fixed crash bug when doing "ipsec down" with an unknown connection
2006-08-25 09:19:42 +00:00
9be547c0ed
added name property in CHILD_SA, allows proper status output
2006-08-25 09:07:37 +00:00
7106403bd8
2006-08-25 07:42:48 +00:00
c3e7aeb102
fixed bug which prevented port float when nat is detected
2006-08-25 07:37:22 +00:00
a1310b6b92
updated Changelog and other docs
2006-08-23 11:48:33 +00:00
d03ab568a6
fixed rekeying behavior when proposing an inacceptable DH group (INVALID_KE_PAYLOAD)
2006-08-23 09:25:41 +00:00
3183006de2
implement proper handling of most simultaneous IKE_SA rekeying cases
2006-08-23 07:30:43 +00:00
f698448ea3
implemented proper refcounting using atomic operations
2006-07-28 09:45:18 +00:00
fe04e93a8b
implemented IKE_SA rekeying
...
uses ikelifetime, rekeymargin and rekeyfuzz config settings
no handling of simultaneus exchanges yet!
2006-07-27 12:18:40 +00:00
45f76a7ddd
added possibility to route CHILD_SAs, without to set them up
...
support for auto=route parameter
support for ipsec route and ipsec unroute
initiating of CHILD and/or IKE_SAs based on kernel acquires
2006-07-21 13:31:53 +00:00
c0593835f4
reuse an existing IKE_SA to set up additional CHILD_SAs
2006-07-20 14:57:49 +00:00
8dfbe71b34
introduced refcounting on policy and connections
...
aren't stored in the IKE_SA anymore, they are queried on the fly
are immutable now, allows it to share them
policy selection based on traffic selectors, leads to valid lookup results
rekeying queries the policy based on its traffic selectors
2006-07-20 10:09:32 +00:00
92ee45a0ee
cleanups in kernel interface code
...
added proper traffic selector to string conversion
some cleanups here & there
2006-07-18 12:53:54 +00:00
e6cfe0eecc
fixed UDP decapsulation by adding inbound bypass policy for send socket
2006-07-14 12:53:06 +00:00
ead36455a9
reenabled module tests for charon
2006-07-14 11:16:49 +00:00
b34be51cef
fixed bug which erroneously detected KE payload when rekeying
2006-07-14 08:18:48 +00:00
e3109c02ac
added IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2host tunnels when using NAT
2006-07-14 08:08:55 +00:00
325e497798
improved logging on verify errors for some payloads
...
enforcing IKE_SA shutdown, even when transactions are outstanding
proper reject of CREATE_CHILD_SA message with KE payload
2006-07-13 12:49:35 +00:00
4c04f30a51
fixed CREATE_CHILD_SA transaction dispatching
2006-07-13 08:51:24 +00:00
bcb95ced3d
added CHILD_SA states, which allows us to detect further simultaneous transactions
...
reimplemented the buggy message id handling
2006-07-13 08:26:54 +00:00
cb5c41cde9
updated some inline docs
2006-07-12 14:08:52 +00:00
0d379627de
fixed crypter/signer in/out to conform with standard
2006-07-12 14:08:13 +00:00
b68afb7bd8
fixed payload order
2006-07-12 14:07:30 +00:00
a846ffdb48
added message id logging
2006-07-12 14:06:25 +00:00
e7356568b2
added all currently known notify payload types
2006-07-12 14:05:57 +00:00
aeeb4f4f97
added policy cache to kernel interface
...
allows refcounting of multiple installed policies
finally brings us stable simultaneous rekeying
2006-07-12 11:42:36 +00:00
269f7f448b
leak detective blanks memory on free & alloc, allows further membug detection
2006-07-12 11:15:31 +00:00
c361cc8c51
identification_t.matches() supports multiple wildcard counts
2006-07-11 06:12:45 +00:00
abba7ecb9d
further work done for simultaneous rekeying/delete
...
still some cases which cause trouble
2006-07-10 14:24:04 +00:00
c5d2d7c023
fixed compiler warnings in parser when using -O2
2006-07-07 12:48:27 +00:00
c71d53ba4e
updated copyright information
2006-07-07 08:49:06 +00:00
698d774918
reimplemented CHILD_SA rekeying & delete
...
no simultanous transaction with CHILD_SAs yet!
2006-07-07 07:04:07 +00:00
d109b48968
added support for leftprotoport and rightprotoport
2006-07-05 13:13:07 +00:00
5f0eb96fc4
improved CHILD_SA output for "ipsec statusall"
2006-07-05 13:11:55 +00:00
3dd3c5f39e
redesigned IKE_SA using a transaction mechanism:
...
removed old state machine
reimplemented IKE_SA setup and delete
implemented dead peer detection
implemented keep-alives
a lot of fixes
no rekeying yet
2006-07-05 10:53:20 +00:00
57d02978cf
made thread ids unsigned again, to avoid negative thread ids on some systems
2006-07-04 13:30:49 +00:00
1135f79898
fixed memleak when initiating a connection already up
2006-07-04 13:29:16 +00:00
f141214e64
applied latest NATT patch with some fixes and cleanups
2006-07-04 13:25:00 +00:00
a642cbe3ae
log entries start with lowcercase character
2006-07-04 06:11:35 +00:00
427088f004
fixed natd_hash memory leak
2006-07-03 08:34:34 +00:00
971218c3ae
support of cert payloads
2006-07-03 06:27:45 +00:00
1d390631d7
lowercase log entries
2006-07-03 06:26:06 +00:00
6f74bfd6ac
added X.509 trust chain verification
2006-06-27 08:48:28 +00:00
2f89902d07
applied new changes from NATT team
...
DPD only done when no IPsec and IKE traffic processed
minor changes here and there
2006-06-23 14:02:30 +00:00
2891590b05
some message code cleanups
2006-06-23 14:00:15 +00:00
4b24dd2d7d
cleaner error handling on UDP encapsultion sockopt failure
2006-06-22 13:05:15 +00:00
6f51c9f184
added mysterious UDP encapsulation socket option to get encapsulation working
2006-06-22 12:57:49 +00:00
1396815afb
first merge of NATT code
2006-06-22 06:36:28 +00:00
6bf1352032
fixed testing build
2006-06-21 12:58:02 +00:00
986d23bd6e
reworked function ignore mechanism to not-report whitelist
...
rather than overriding functions
2006-06-20 10:05:56 +00:00
5c6b5bf599
fixed bug: usage of already freed mem
2006-06-20 09:53:25 +00:00
aed58dcc93
readded local_credential_store
...
added sendcert policy to connection
some other cleanups
2006-06-20 08:43:57 +00:00
21b433c641
implemented rereadcrls rereadcacerts
2006-06-20 06:05:01 +00:00
db959e6ea3
removed local_credential_store
2006-06-20 05:57:52 +00:00
b965b8456b
fixed SPI when acting as initiator of rekeying
2006-06-19 09:27:14 +00:00
c65a4fff3f
fixed SPI when rekeying and deleting CHILD_SAs
2006-06-19 08:54:19 +00:00
891dfaf983
change key derivation order to fullfill RFC
2006-06-19 08:11:42 +00:00
f7eb60dd5e
2006-06-16 14:10:49 +00:00
21e7a724d0
added crl support
2006-06-16 05:55:30 +00:00
d92cca4a72
added listcrls
2006-06-16 05:55:02 +00:00
c859ec9592
fixed compilation error
2006-06-15 13:41:06 +00:00
147fe5095d
fixed aes code, we support now aes128, aes192, aes256 in IKE
2006-06-15 13:14:09 +00:00
c095388f7f
added support for "ike" and "esp" keywords
...
fixed bugs in proposal code
algorithm selection for charon works now with ipsec.conf
a lot of other fixes
2006-06-15 11:09:11 +00:00
3efbf98312
implemented clean spi allocation behavior when using multiple proposals
2006-06-15 11:06:22 +00:00
b98e0927f4
added default CRL directory path
2006-06-14 12:44:12 +00:00
03442041a9
added option parsing
2006-06-14 12:42:36 +00:00
fa32cd3c47
debug and logging improvements
2006-06-13 10:01:04 +00:00
5347233204
support for stroke listcerts|listcacerts|listall and left|rightca=
2006-06-12 08:43:46 +00:00
50f98119dd
using same reqid if a child sa rekeys an existing one
2006-06-12 08:36:41 +00:00
bc35460db7
add_certificate() now returns pointer to added cert
2006-06-12 07:57:14 +00:00
c4a7413e72
cosmetics
2006-06-12 07:55:37 +00:00
a2a3fb3e25
workaround for peers rekeying at the same time
...
loading lifetime policies from ipsec.conf
2006-06-12 07:33:20 +00:00
695723d4e8
old child_sa gets deleted after rekeying
...
rekeying almost complete, but:
IKE_SA get in an invalid state when both initiate rekeying at the same time,
2006-06-09 15:12:43 +00:00
b543bef50c
improved kernel interface logging
2006-06-09 08:41:41 +00:00
0bb32cb5f3
fixed clone/destroy behavior when not using CAs
2006-06-09 07:40:40 +00:00
5c131a016b
specifying keysize in bits, as it is required in IKEv2
...
added generic kernel SA algorithm handling, which brings us:
aes-128, aes-256, blowfish, des, 3des and null encryption for CHILD_SAs
2006-06-09 07:31:30 +00:00
b7f9ca5837
added support for leftsendcert= and left|rightca= parameters
2006-06-09 05:50:41 +00:00
ac427e3677
discard cert if CA basic constraints flag is not set and warn if cert is not valide
2006-06-09 05:48:49 +00:00
5238c9afef
fixed compile warnings when using -Wall
...
further CHILD_SA rekeying work done:
creation of a new CHILD_SA on a expire from a kernel works
delete of old CHILD_SA still missing
some issues when both initiate rekeing
2006-06-08 14:20:05 +00:00
8d77eddec2
further work for rekeying:
...
get liftimes from policy
added new state
initiation of rekeying done
proposal redone:
removed support for AH+ESP proposals
2006-06-07 13:26:23 +00:00
6a030ba9ea
fixed a memleak
2006-06-07 05:54:09 +00:00
fc0afb6810
created IPv6 environment
2006-06-06 05:41:21 +00:00
32b6500fbf
job management:
...
moved job code from thread_pool to job, jobs have an "execute" method now
added two new jobs: delete_child_sa & rekey_child_sa
kernel interface:
listens now for ACQUIRE & EXPIRE
supports hard and soft lifetimes
fires jobs for delete and rekey child sa
ike sa manager:
can checkout IKE SAs by requid of owned CHILD SAs
we have now the infrastructure to do the rekeying... :-)
2006-05-31 14:23:15 +00:00
6f2aba1322
- fixed some memleaks/freebugs
...
- leak detective works almost usable now (?!)
2006-05-31 14:13:26 +00:00
bd72398729
- fixed host-host tunnel traffic selection, host-host works now
2006-05-31 06:52:27 +00:00
6848dac603
minimized prefixed on stroke logger output
2006-05-31 05:50:04 +00:00
90ed2e8278
charon outputs strongSwan version
2006-05-31 05:48:32 +00:00
2d6c3bce06
2006-05-30 14:56:12 +00:00
b93782903f
- fixed event queue for events >36min
2006-05-30 13:22:46 +00:00
8403b34bd9
2006-05-30 13:01:50 +00:00
0773bdcf3f
- included charons module tests to build & dist
2006-05-30 13:00:18 +00:00
6d5e617f7d
full support of ikev1 and ikev2 connection flags
2006-05-30 11:10:42 +00:00
9db4f61476
cosmetics in log_status output
2006-05-30 11:07:14 +00:00
c11c43d2c3
use of streq
2006-05-30 11:03:55 +00:00
510d54eb59
lookup of private key based on keyid of public key
2006-05-30 07:53:13 +00:00
fa896e9a21
new functions to add certificates and retrieve private and public keys
2006-05-30 07:52:25 +00:00
d793980f56
changed log level
2006-05-30 07:50:15 +00:00
e1c00b96a6
list ca certificates
2006-05-30 07:48:29 +00:00
abf2be2281
define default CA_CERTIFICATE_DIR
2006-05-30 07:38:41 +00:00
92d30836fd
load all ca certificates
2006-05-30 07:37:48 +00:00
db66c624bf
- fixed daemon destruction order to prevent
...
crashes on termination
2006-05-30 06:14:23 +00:00
139ce7871f
- fixed memleak when deleting a connection
2006-05-29 11:29:23 +00:00
60b9abf5c1
- updated todo list
2006-05-29 11:19:31 +00:00
9fe14f4b8a
- policies contain a connections name now
...
- used for initiate and delete
- connections won't get initiated twice anymore
- deleting of connections is now possible, which allows us to use
ipsec update and ipsec reload
2006-05-29 11:09:45 +00:00
ecadab2ba7
stroke now uses constant size string buffer
2006-05-29 07:14:57 +00:00
f8be15f53b
changed to standard connection log output
2006-05-29 07:11:50 +00:00
65996a534d
- some logging improvements and cosmetics
2006-05-24 11:59:58 +00:00
3a13a78084
- handle IKE_SA setup without a piggy-packed CHILD_SA
...
more IKEv2 conform
2006-05-24 09:05:21 +00:00
b82908b8b5
- initiate IKE_SA deletion befor manager destruction
2006-05-24 09:02:39 +00:00
49e6a32353
2006-05-24 06:47:33 +00:00
8b5be79d83
- show connection templates in status & statusall
...
- don't complain on termination of IKEv1 connections
2006-05-23 13:25:57 +00:00
7ba69503aa
- changed config load strategy:
...
starter loads both connections in charon & pluto,
charon ignores anything with keyexchange!=ikev2.
pluto needs the same behavior.
2006-05-23 10:07:02 +00:00
96b82ed821
load_end_certificate() now loads certificates
2006-05-23 08:16:15 +00:00
4a5bba25e2
- reimplemented proper IKE SA deletion using a seperate state,
...
should conform now to IKEv2
2006-05-23 08:01:49 +00:00
a4c75933cc
- added ingorelist for builded files
2006-05-19 12:20:26 +00:00
7881ac141e
- applied patch from the NAT-T team fixing several typos
2006-05-19 06:46:22 +00:00
86a7937b45
- applied patch from andreas, which allows certificate listing via stroke
2006-05-19 06:44:08 +00:00
b5e1560659
- applied andreas's patch
...
- logger output improvements
- testin gupdates
- and a lot more
2006-05-18 06:02:28 +00:00
f2c2d395ff
- introduced autotools
...
- first working version
- make dist should work
- things to do:
- UML testing!
- more cleanups
2006-05-16 14:24:03 +00:00
9cf5f29027
2006-05-10 13:16:27 +00:00
b8577029d1
2006-05-10 08:02:49 +00:00
95806de938
2006-05-10 07:58:29 +00:00
607d174dcb
2006-05-10 07:33:51 +00:00
37a2b616e2
- fixed stroke error output to starter
2006-05-10 07:11:52 +00:00
2192375bc8
- using random SPIs now, but without collision checks
2006-05-10 07:00:38 +00:00
f768bdc3f3
- applied some -W's from strongswan
...
- fixed that warnings
2006-05-09 07:34:25 +00:00
65cf07ac1d
- applied patch from andreas
...
- added charonstart option to config
- new ikev2 tests for UML
2006-05-06 07:09:45 +00:00
9820c0e208
- applied patch from andreas
...
- pem loading
- secrets file parsing
- ikev2 testcase
- some other additions here and there
2006-05-04 07:55:42 +00:00
8744148f55
- connection termination is handled cleanly by name now
2006-05-04 07:06:31 +00:00
d4a35f80c1
- fixed bad bug, certs load now cleanly again
2006-04-28 14:20:08 +00:00
1029d84d23
2006-04-28 10:51:19 +00:00
Andreas Steffen