bc403eb1e5
Fixed crash and locking issues while unrouting connections via stroke
2012-03-13 10:56:22 +01:00
9ec66bc1a5
Added an option to load CA certificates without CA basic constraint.
...
Enabling this option treats all certificates in ipsec.d/cacerts and
ipsec.conf ca sections as CA certificates even if they do not contain a
CA basic constraint.
2012-02-01 14:34:52 +01:00
f1ba06c1c6
Cache list of plugin names to further simplify its usage.
...
Also helpful for ipsec statusall to avoid having to enumerate plugins.
2012-01-19 12:37:42 +01:00
576298a3ef
Simplified logging of list of loaded plugins.
2012-01-19 11:56:03 +01:00
7c0c2349a9
Make number of concurrently handled stroke messages configurable.
2011-12-29 18:41:39 +01:00
8ff513a863
Limit the number of concurrently handled stroke messages.
...
This avoids clogging the thread pool with potentially blocking jobs.
2011-12-29 18:39:34 +01:00
b46a5cd4ef
Fixed check for log groups when debug_t is unsigned.
...
The range and signedness of enum types is up to the compiler.
2011-11-25 09:48:32 +01:00
b21cfa93f8
Cosmetics
2011-10-26 10:32:54 +02:00
2d2ffa58f6
Added a listplugins stroke command to show plugin features
2011-10-14 10:05:44 +02:00
fa7c8338ca
Plugin enumerator enumerates over loaded features, too
2011-10-14 10:05:44 +02:00
9cd7f384ba
Include library.h in plugin.h
2011-10-14 10:04:45 +02:00
f7ce74983d
Removed unneeded include.
...
This is not available on Android and redirects to <fcntl.h> on Ubuntu.
2011-10-11 16:30:20 +02:00
d3bd67239f
Added fallback to ipsec.secrets parser if glob(3) is not available.
2011-10-11 16:30:20 +02:00
673ce4da9b
Migrated stroke_cred_t to INIT/METHOD macros.
2011-10-03 19:04:19 +02:00
0d430d4f54
Migrated stroke_socket_t to INIT/METHOD macros.
2011-10-03 18:56:21 +02:00
8e3f14baab
bus->listen() and the controller wrappers accept a timeout to wait for callbacks
2011-08-26 10:44:25 +02:00
d33f6f7dba
fixed esn type
2011-07-20 23:11:19 +02:00
6101ee9b06
added log and status output for ESN
2011-07-16 11:09:38 +02:00
47daa0e6fe
Replaced more complex iterator usages.
2011-07-06 09:43:45 +02:00
4bbce1ef37
Replaced ike_sa_t.create_child_sa_iterator with enumerator.
...
This required two new methods on ike_sa_t. One returns the number of
CHILD_SAs and one allows to remove a CHILD_SA.
2011-07-06 09:43:45 +02:00
f87991704e
implemented PASS and DROP shunt policies
2011-06-28 19:42:54 +02:00
876961cf0e
Properly print time differences.
...
time_t is not necessarily of type int.
2011-06-07 17:52:34 +02:00
1b185ea490
Use proper printf specifiers to print u_int64_t and uintptr_t.
2011-06-07 17:30:57 +02:00
cb7a9862c6
Fix compilation with GCC 4.6.
2011-06-07 15:45:18 +02:00
f34ebc845b
Add a closeaction ipsec.conf keyword to configure close action
2011-06-07 12:07:21 +02:00
14bf2f689d
Use CRITICAL job priority class for long running dispatcher jobs
2011-05-16 15:24:15 +02:00
4cf6f101d8
Show total and half-open SA count in statusall
2011-05-16 15:24:15 +02:00
c726b1a6a5
Show how many threads are active in each class in statusall
2011-05-16 15:24:14 +02:00
a694b481ee
Added a statusallnb stroke command to show status non-blocking
2011-05-16 15:24:14 +02:00
69c3eca0e9
Added a non-blocking, skipping variant of IKE_SA enumerator
2011-05-16 15:24:13 +02:00
c73d4f53f5
Processor job scheduling respects job priority classes
2011-05-16 15:24:13 +02:00
dfe9bad981
Added a stroke memusage command to show memory usage
2011-05-16 15:22:21 +02:00
4778655726
Cast size_t len arguments to %.*s to int
2011-04-20 13:08:32 +02:00
dd0696ec8e
Use strncpy when reading smartcard keyids from ipsec.secrets.
2011-04-19 18:00:16 +02:00
c55818ebb0
Added a (not yet implemented) plugin_t method to reload plugin configuration
2011-04-15 10:07:13 +02:00
787b5884aa
Added a get_name() function to plugin_t, create_plugin_enumerator enumerates over plugin_t
2011-04-15 10:07:12 +02:00
b0fd7d1482
Proper cleanup if IDs in ipsec.secrets cannot be parsed.
2011-04-14 18:11:45 +02:00
e51cae33a9
Fix compiler warnings at creation of CRL cache filenames.
...
This was not really a problem because ptr is the first member of a chunk_t
and it contains a null-terminated string at that point. But it's clearer
this way.
2011-04-14 18:10:27 +02:00
aee071ed8b
Fixed check for member of stroke_msg_t in pop_string.
...
Because of the cast to char** the length of the message was multiplied
by sizeof(char*), i.e. 4 or 8 bytes (depending on the architecture) instead
of by 1 (sizeof(char)).
2011-04-13 18:18:03 +02:00
25ed5672a6
initiate or route all child configs if they have different names from their parent peer config
2011-03-04 07:02:31 +01:00
ea1c20d14b
initiate or route child configs which don't have a peer config of the same name
2011-03-01 22:24:19 +01:00
a2ebc1bd69
put DN in double quotes
2011-03-01 22:19:59 +01:00
d390b3b901
[hopefully] fixed pathlen problem on ARM platforms
2011-02-10 15:51:18 +01:00
f04d1c2dfe
replaced ipsec up %startall command by start_action job
2011-02-09 22:27:04 +01:00
44e513a320
Added support for trustchain key strength checking to rightauth option
2011-01-07 15:51:35 +01:00
6367de28ad
Added a left/rightcertpolicy keyword to specify certificatePolicy requirements
2011-01-07 15:51:35 +01:00
2e90006f96
Show base CRL of delta CRLs in listcrls
2011-01-05 16:46:06 +01:00
b3d359e58f
Use a generic getter for all numerical X.509 constraints
2011-01-05 16:46:05 +01:00
5dba5852fc
Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
2011-01-05 16:46:02 +01:00
27a66f9393
implemented wrap around of registered IKEv1 algorithm names
2010-12-26 17:11:02 +01:00
16b6606e5f
wrap list of IKEv2 algorithms after 120 characters per line
2010-12-24 17:29:51 +01:00
cb6be85cfe
Migrated stroke_list_t to INIT/METHOD macros
2010-12-24 14:29:09 +01:00
6c302616f1
Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality
2010-12-20 09:45:39 +01:00
37788b1d06
Added a TFC padding option to child_cfg
2010-12-20 09:45:39 +01:00
5932f41fcc
trace back crypto algorithms to the plugins that registered them
2010-12-18 16:31:12 +01:00
cf5866b9c0
Renamed purgex509/crl to purgecerts/crls to be consistent with list commands
2010-12-10 11:21:55 +01:00
6aa144ddb7
Added options to flush CRLs/X509 certs from the cert cache
2010-12-10 09:45:22 +01:00
4332cd7f95
added newline
2010-12-07 09:02:55 +01:00
faccd69068
re-introduced comment
2010-12-07 09:01:28 +01:00
a42aaed64f
Migrated stroke_control_t to INIT/METHOD macros
2010-12-07 08:58:57 +01:00
d31aec9fa7
Migrated stroke_plugin_t to INIT/METHOD macros
2010-12-07 08:01:56 +01:00
5b2d9f24f5
Refactored stroke_cred_t to use mem_cred_t.
2010-12-03 18:00:00 +01:00
413d8fe0e3
Avoid calling globfree twice on failure.
2010-12-03 17:38:36 +01:00
c616d84c3f
start and route connections defined in an SQL database via start_action field and ipsec up %startall command
2010-11-28 11:57:49 +01:00
a9ac8c51ea
Migrated stroke_config_t to INIT/METHOD macros
2010-11-27 01:12:58 +01:00
a5ffb559d2
Migrated stroke_cat_t to INIT/METHOD macros
2010-11-27 00:49:15 +01:00
851d60484e
Added a stroke rekey command to trigger IKE/CHILD_SA rekeying manually
2010-11-03 15:12:05 +01:00
9b9352c83b
fixed 64 bit printf() issue
2010-10-24 20:30:19 +02:00
80f86acccb
show validity of OCSP responses
2010-09-10 22:26:03 +02:00
bb381e26c6
Refer to scheduler and processor via lib and not hydra.
2010-09-02 19:04:18 +02:00
f6659688ab
Refer to kernel interface via hydra and not charon.
2010-09-02 19:01:25 +02:00
61e8e73206
Refer to scheduler via hydra and not charon.
2010-09-02 19:01:24 +02:00
c5f7146b17
Refer to processor via hydra and not charon.
2010-09-02 19:01:22 +02:00
bbdc85b66e
Respect key types in stroke key/certificate backend
2010-09-02 13:07:23 +02:00
33b1a2567f
Load a left/rightcert2 for EAP-TLS even if no left/rightauth2 is defined
2010-08-31 18:10:23 +02:00
64d7b0733f
Added support for the ipsec.conf aaa_identity keyword
2010-08-31 17:52:52 +02:00
835ec23aff
Use enum mappings to resolve debug group
2010-08-23 09:47:04 +02:00
9d49f79f55
List registered AEAD algorithms in listalgs
2010-08-19 19:02:34 +02:00
3d711a68fb
Added a stroke command to export cached x509 certificates to the console
2010-08-10 18:46:30 +02:00
a944d2092b
Use bits instead of bytes for a private/public key
2010-08-10 18:46:30 +02:00
744b83c7c9
Fixed loading of secrets with IDs.
...
Since the ID string is manually terminated by a null character, write
permission is required for the mmapped ipsec.secrets.
2010-08-04 16:03:46 +02:00
dca2d89209
Fixed loading of private keys without password.
...
The chunk storing the password was not correctly initialized, resulting
in a segmentation fault when no password was specified in ipsec.secrets.
2010-08-04 14:22:48 +02:00
0d08ebe7ac
Pass type of requested key in the callback credential set
2010-08-04 09:26:21 +02:00
15177f5785
Obseleted BUILD_PASSPHRASE(_CALLBACK) for private key loading, use credential sets
2010-08-04 09:26:21 +02:00
0556667dca
Use credential sets to load smartcard keys
2010-08-04 09:26:21 +02:00
62be923683
Implemented a callback based credential set, currently for shared keys only
2010-08-04 09:26:21 +02:00
9587ece534
mmap() ipsec.secrets instead malloc(), proper error checking
2010-08-04 09:26:21 +02:00
947298b302
Splitted up the load_secrets() function
2010-08-04 09:26:21 +02:00
57522106c4
%prompt support for smartcard PIN via "ipsec secrets"
2010-08-04 09:26:20 +02:00
0b8b664056
Pass the PKCS11 keyid as chunk, not as string
2010-08-04 09:26:20 +02:00
353d10d590
Reuse generic passphrase build part, not a dedicated PIN part
2010-08-04 09:26:20 +02:00
3479c27931
Support module names in %smartcard specifier, streamlined smartcard building
2010-08-04 09:26:20 +02:00
5d2e159b41
Fix segfault on 'ipsec stroke up ]' command
2010-07-29 14:03:11 +02:00
0406eeaacb
Support different encoding types in certificate.get_encoding()
2010-07-13 13:53:20 +02:00
da9724e6d0
Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding
2010-07-13 11:29:35 +02:00
2ccc02a4fd
Moved credential manager to libstrongswan
2010-07-13 10:26:07 +02:00
26c4d0102a
configuration of different marks for inbound and outbound direction
2010-07-09 09:06:07 +02:00
4f99093235
Show mallinfo() data in statusall, if available
2010-07-06 16:28:25 +02:00
4172574bfb
Use the group constraint in a more generic fashion, not only for attribute certificates
2010-07-05 09:41:04 +02:00
ee26c537d7
support of xfrm marks for IKEv2
2010-07-02 23:46:09 +02:00
d5ad6eb1e0
Flush certificate cache on CA delete
2010-06-07 13:51:18 +02:00
a3ffa9edfd
Log non-empty task queues in statusall
2010-06-07 11:59:37 +02:00
8029e5efd2
Added generic implementations for crl_is_newer/certificate_is_newer
2010-05-21 16:25:51 +02:00
277fcf9f86
Add reqid field and getter function to child_cfg_t.
2010-05-04 14:38:34 +02:00
c9235353f8
Use a read-write lock in stroke_attribute to increase concurrency.
2010-04-06 12:47:39 +02:00
8c9f5bad8b
Migrated stroke_attribute_t to METHOD/INIT macros.
2010-04-06 12:47:38 +02:00
ac5fb545c5
Extracted in-memory IP address pool from stroke plugin to libhydra.
2010-04-06 12:47:38 +02:00
89bf11d204
Respect line with in Makefile.am's, other cosmetics
2010-03-25 14:54:56 +01:00
58f86d0f0f
Changed all usages of lib->attributes to hydra->attributes.
2010-03-24 18:54:26 +01:00
bd3f8ea30b
Convert charon into libcharon.
2010-03-19 13:34:52 +01:00
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00
Martin Willi