Martin Willi
b5cac6684d
added copyright notice to sha2_hasher
...
included SHA2 in build process
2006-09-19 14:54:01 +00:00
Martin Willi
e698dc4559
implemented sha2_hasher which supports SHA-256, SHA-384 and SHA-512
2006-09-19 14:49:47 +00:00
Martin Willi
462129d332
added support for 3DES encryption algorithm in IKE
2006-09-19 11:18:35 +00:00
Andreas Steffen
b2ac140338
fixed the ids parsing bug
2006-09-19 06:17:06 +00:00
Andreas Steffen
43ead00a2f
fixed the ids parsing bug
2006-09-19 06:16:48 +00:00
Martin Willi
f534e18a98
updated TODOs
2006-09-18 11:41:04 +00:00
Martin Willi
e63c4d8b8b
fixed memleak
...
fixed proper handling of id parsing errors
proper return value when no PSK found
2006-09-18 11:39:53 +00:00
Martin Willi
6e9bbf18b8
added HOST_ACCESS for firewall script as default
2006-09-18 11:38:37 +00:00
Martin Willi
5fded5139e
more debugging output for PSK authentication
2006-09-18 11:38:11 +00:00
Martin Willi
a2cf2812c4
some cleanups here and there
2006-09-18 11:37:40 +00:00
Andreas Steffen
4f383c6950
added auth_method field
2006-09-18 07:46:16 +00:00
Andreas Steffen
5b321e1132
added auth_method field
2006-09-18 07:45:16 +00:00
Andreas Steffen
8b448b5c22
cosmetics
2006-09-18 07:44:41 +00:00
Andreas Steffen
b267ed00d1
verify_emsa_pkcs1_signature returns status_t
2006-09-18 07:44:16 +00:00
Andreas Steffen
2e7b7faf0c
cosmetics
2006-09-18 07:43:44 +00:00
Andreas Steffen
e2de376c74
added PSK support
2006-09-18 07:42:57 +00:00
Martin Willi
a7371600b0
proper error handling for socket creation
2006-09-18 06:44:38 +00:00
Martin Willi
b9024ee058
handle certificate parsing error more generous
2006-09-14 13:14:58 +00:00
Martin Willi
8a95c322c5
fixed certificate verification bug!
2006-09-14 12:22:08 +00:00
Martin Willi
567e2a7822
fixed memleak when receiving invalid certificate
2006-09-14 12:15:41 +00:00
Andreas Steffen
7a7390e995
version bump to 4.0.4
2006-09-14 06:45:16 +00:00
Martin Willi
d7934d0cfc
implemented updown script to handle firewalling
2006-09-12 13:50:14 +00:00
Martin Willi
a095243f60
add priority management for kernel policy
...
let ROUTED policies installed, until manuall removed
introduced new naming scheme to allow proper shutdown of IKE/CHILD_SAs
ike_sa_manager cleanups
2006-09-08 13:10:52 +00:00
Martin Willi
1239c6f40b
implemented handling of dpdaction and dpddelay ipsec.conf parameters
2006-09-08 06:12:02 +00:00
Martin Willi
a655f5c09c
reuse reqid when a ROUTED child_sa gets INSTALLED
...
fixed a bug in retransmission code
added support for the "keyingtries" ipsec.conf parameter
added support for the "dpddelay" ipsec.conf parameter
done some work for "dpdaction" behavior
some other cleanups and fixes
2006-09-05 14:07:25 +00:00
Martin Willi
da8ab11e91
fixed a at-least-one-year-old bug which caused crashed in the scheduler
2006-08-31 06:48:10 +00:00
Martin Willi
c705698293
added raw socket filter for IPv6
2006-08-31 06:18:15 +00:00
Martin Willi
053842f4e7
implemented NAT detection for IPv6
2006-08-31 06:17:41 +00:00
Martin Willi
1f7fd2ced8
removed unneeded constructor
2006-08-31 06:16:52 +00:00
Martin Willi
48d9883a3e
initial support for IPv6 (more testing needed)
...
socket works (without v6 filter)
traffic selector handle IPv4/v4 cleanly
improvements in traffic selector code
kernel interface accepts v6 traffic selectors and hosts
host_t class has full IPv6 support
2006-08-30 17:12:56 +00:00
Martin Willi
51d4876814
added stddef.h include for compilers which do not support the offsetof() directive
2006-08-28 09:02:51 +00:00
Martin Willi
4c23a8c9ec
moved interface enumeration code to socket, where it belongs
...
query interfaces every time we need it to respect changes in network config
added address listing on startup and "ipsec statusall"
2006-08-28 08:45:22 +00:00
Martin Willi
fa8d578d94
fixed crash bug when doing "ipsec down" with an unknown connection
2006-08-25 09:19:42 +00:00
Martin Willi
9be547c0ed
added name property in CHILD_SA, allows proper status output
2006-08-25 09:07:37 +00:00
Martin Willi
7106403bd8
2006-08-25 07:42:48 +00:00
Martin Willi
c3e7aeb102
fixed bug which prevented port float when nat is detected
2006-08-25 07:37:22 +00:00
Andreas Steffen
3dc16958dd
'sha' and 'sha1' are now treated as synonyms
2006-08-23 12:07:07 +00:00
Martin Willi
a1310b6b92
updated Changelog and other docs
2006-08-23 11:48:33 +00:00
Martin Willi
d03ab568a6
fixed rekeying behavior when proposing an inacceptable DH group (INVALID_KE_PAYLOAD)
2006-08-23 09:25:41 +00:00
Martin Willi
3183006de2
implement proper handling of most simultaneous IKE_SA rekeying cases
2006-08-23 07:30:43 +00:00
Martin Willi
f698448ea3
implemented proper refcounting using atomic operations
2006-07-28 09:45:18 +00:00
Martin Willi
fe04e93a8b
implemented IKE_SA rekeying
...
uses ikelifetime, rekeymargin and rekeyfuzz config settings
no handling of simultaneus exchanges yet!
2006-07-27 12:18:40 +00:00
Martin Willi
45f76a7ddd
added possibility to route CHILD_SAs, without to set them up
...
support for auto=route parameter
support for ipsec route and ipsec unroute
initiating of CHILD and/or IKE_SAs based on kernel acquires
2006-07-21 13:31:53 +00:00
Martin Willi
c0593835f4
reuse an existing IKE_SA to set up additional CHILD_SAs
2006-07-20 14:57:49 +00:00
Martin Willi
8dfbe71b34
introduced refcounting on policy and connections
...
aren't stored in the IKE_SA anymore, they are queried on the fly
are immutable now, allows it to share them
policy selection based on traffic selectors, leads to valid lookup results
rekeying queries the policy based on its traffic selectors
2006-07-20 10:09:32 +00:00
Martin Willi
92ee45a0ee
cleanups in kernel interface code
...
added proper traffic selector to string conversion
some cleanups here & there
2006-07-18 12:53:54 +00:00
Martin Willi
e6cfe0eecc
fixed UDP decapsulation by adding inbound bypass policy for send socket
2006-07-14 12:53:06 +00:00
Martin Willi
ead36455a9
reenabled module tests for charon
2006-07-14 11:16:49 +00:00
Martin Willi
b34be51cef
fixed bug which erroneously detected KE payload when rekeying
2006-07-14 08:18:48 +00:00
Martin Willi
e3109c02ac
added IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2host tunnels when using NAT
2006-07-14 08:08:55 +00:00
Martin Willi
325e497798
improved logging on verify errors for some payloads
...
enforcing IKE_SA shutdown, even when transactions are outstanding
proper reject of CREATE_CHILD_SA message with KE payload
2006-07-13 12:49:35 +00:00
Martin Willi
4c04f30a51
fixed CREATE_CHILD_SA transaction dispatching
2006-07-13 08:51:24 +00:00
Martin Willi
bcb95ced3d
added CHILD_SA states, which allows us to detect further simultaneous transactions
...
reimplemented the buggy message id handling
2006-07-13 08:26:54 +00:00
Martin Willi
cb5c41cde9
updated some inline docs
2006-07-12 14:08:52 +00:00
Martin Willi
0d379627de
fixed crypter/signer in/out to conform with standard
2006-07-12 14:08:13 +00:00
Martin Willi
b68afb7bd8
fixed payload order
2006-07-12 14:07:30 +00:00
Martin Willi
a846ffdb48
added message id logging
2006-07-12 14:06:25 +00:00
Martin Willi
e7356568b2
added all currently known notify payload types
2006-07-12 14:05:57 +00:00
Martin Willi
aeeb4f4f97
added policy cache to kernel interface
...
allows refcounting of multiple installed policies
finally brings us stable simultaneous rekeying
2006-07-12 11:42:36 +00:00
Martin Willi
269f7f448b
leak detective blanks memory on free & alloc, allows further membug detection
2006-07-12 11:15:31 +00:00
Martin Willi
4c19900ce8
code cleanups
2006-07-12 11:13:48 +00:00
Andreas Steffen
c361cc8c51
identification_t.matches() supports multiple wildcard counts
2006-07-11 06:12:45 +00:00
Andreas Steffen
40f29769fa
identification_t.matches() supports multiple wildcard counts
2006-07-11 06:11:59 +00:00
Martin Willi
abba7ecb9d
further work done for simultaneous rekeying/delete
...
still some cases which cause trouble
2006-07-10 14:24:04 +00:00
Martin Willi
c5d2d7c023
fixed compiler warnings in parser when using -O2
2006-07-07 12:48:27 +00:00
Martin Willi
af2faa1f1d
reenabled check_expiry
2006-07-07 12:25:25 +00:00
Martin Willi
c71d53ba4e
updated copyright information
2006-07-07 08:49:06 +00:00
Martin Willi
698d774918
reimplemented CHILD_SA rekeying & delete
...
no simultanous transaction with CHILD_SAs yet!
2006-07-07 07:04:07 +00:00
Andreas Steffen
54da7eb962
removed NAT_TRAVERSAL and VIRTUAL_IP compile options
2006-07-07 05:51:54 +00:00
Andreas Steffen
34ee2a46f4
removed NAT_TRAVERSAL compile option
2006-07-07 05:51:20 +00:00
Andreas Steffen
dc33fee770
removed NAT_TRAVERSAL and VIRTUAL_IP compile options
2006-07-07 05:50:02 +00:00
Martin Willi
d109b48968
added support for leftprotoport and rightprotoport
2006-07-05 13:13:07 +00:00
Martin Willi
5f0eb96fc4
improved CHILD_SA output for "ipsec statusall"
2006-07-05 13:11:55 +00:00
Martin Willi
b190424716
updated whitelist (getprotobynumber)
2006-07-05 13:10:47 +00:00
Martin Willi
3dd3c5f39e
redesigned IKE_SA using a transaction mechanism:
...
removed old state machine
reimplemented IKE_SA setup and delete
implemented dead peer detection
implemented keep-alives
a lot of fixes
no rekeying yet
2006-07-05 10:53:20 +00:00
Martin Willi
b12af2ead6
fixed compiler warnings
2006-07-05 10:09:42 +00:00
Martin Willi
57d02978cf
made thread ids unsigned again, to avoid negative thread ids on some systems
2006-07-04 13:30:49 +00:00
Martin Willi
1135f79898
fixed memleak when initiating a connection already up
2006-07-04 13:29:16 +00:00
Martin Willi
318dc7b6c4
updated leak detective whitelist
2006-07-04 13:26:20 +00:00
Martin Willi
f141214e64
applied latest NATT patch with some fixes and cleanups
2006-07-04 13:25:00 +00:00
Andreas Steffen
a642cbe3ae
log entries start with lowcercase character
2006-07-04 06:11:35 +00:00
Andreas Steffen
fe98a03ff1
restored lost IKEv2 packet suppression
2006-07-03 14:39:57 +00:00
Andreas Steffen
427088f004
fixed natd_hash memory leak
2006-07-03 08:34:34 +00:00
Andreas Steffen
971218c3ae
support of cert payloads
2006-07-03 06:27:45 +00:00
Andreas Steffen
1d390631d7
lowercase log entries
2006-07-03 06:26:06 +00:00
Andreas Steffen
830cc85298
distributed by ITA
2006-07-03 06:24:54 +00:00
Andreas Steffen
e5382ce736
added support of updown parameter
2006-07-03 06:22:43 +00:00
Andreas Steffen
5c149670df
generation of default key
2006-07-03 06:21:56 +00:00
Andreas Steffen
0e3cb317e2
cosmetics
2006-07-03 06:21:40 +00:00
Andreas Steffen
b17e4d2bfd
added support of updown parameter
2006-07-03 06:21:14 +00:00
Andreas Steffen
7fa242410a
version bump to 4.0.2
2006-06-28 11:09:14 +00:00
Andreas Steffen
6f74bfd6ac
added X.509 trust chain verification
2006-06-27 08:48:28 +00:00
Martin Willi
2f89902d07
applied new changes from NATT team
...
DPD only done when no IPsec and IKE traffic processed
minor changes here and there
2006-06-23 14:02:30 +00:00
Martin Willi
2891590b05
some message code cleanups
2006-06-23 14:00:15 +00:00
Martin Willi
eecb2da87d
fixed identification_t clone to apply function pointers
2006-06-23 13:20:17 +00:00
Martin Willi
4b24dd2d7d
cleaner error handling on UDP encapsultion sockopt failure
2006-06-22 13:05:15 +00:00
Martin Willi
6f51c9f184
added mysterious UDP encapsulation socket option to get encapsulation working
2006-06-22 12:57:49 +00:00
Andreas Steffen
8d204aa145
fixed BAD_PROPOSAL_SYNTAX vulnerability
2006-06-22 12:16:12 +00:00
Martin Willi
1396815afb
first merge of NATT code
2006-06-22 06:36:28 +00:00
Martin Willi
6bf1352032
fixed testing build
2006-06-21 12:58:02 +00:00
Martin Willi
b29bfa7c76
fixed whitelist detection
2006-06-20 11:03:47 +00:00
Martin Willi
986d23bd6e
reworked function ignore mechanism to not-report whitelist
...
rather than overriding functions
2006-06-20 10:05:56 +00:00
Martin Willi
13b8fa0e8d
fixed execv call args to work when using strictcrl and syslog
2006-06-20 10:04:35 +00:00
Martin Willi
5c6b5bf599
fixed bug: usage of already freed mem
2006-06-20 09:53:25 +00:00
Martin Willi
aed58dcc93
readded local_credential_store
...
added sendcert policy to connection
some other cleanups
2006-06-20 08:43:57 +00:00
Andreas Steffen
76dafed7a7
implemented rereadcrls rereadcacerts
2006-06-20 06:08:33 +00:00
Andreas Steffen
a8ed64c494
implemented rereadcrls rereadcacerts
2006-06-20 06:07:37 +00:00
Andreas Steffen
21b433c641
implemented rereadcrls rereadcacerts
2006-06-20 06:05:01 +00:00
Andreas Steffen
db959e6ea3
removed local_credential_store
2006-06-20 05:57:52 +00:00
Martin Willi
b965b8456b
fixed SPI when acting as initiator of rekeying
2006-06-19 09:27:14 +00:00
Martin Willi
c65a4fff3f
fixed SPI when rekeying and deleting CHILD_SAs
2006-06-19 08:54:19 +00:00
Martin Willi
891dfaf983
change key derivation order to fullfill RFC
2006-06-19 08:11:42 +00:00
Martin Willi
f7eb60dd5e
2006-06-16 14:10:49 +00:00
Andreas Steffen
21e7a724d0
added crl support
2006-06-16 05:55:30 +00:00
Andreas Steffen
d92cca4a72
added listcrls
2006-06-16 05:55:02 +00:00
Andreas Steffen
23e9fda8a5
added chunk_equals_or_null()
2006-06-16 05:53:47 +00:00
Andreas Steffen
307b4ded5e
added crl support
2006-06-16 05:52:52 +00:00
Andreas Steffen
277379620c
changed tabs from 8 to 4 spaces
2006-06-16 05:52:26 +00:00
Andreas Steffen
c345ff0b1e
added crl support
2006-06-16 05:51:36 +00:00
Andreas Steffen
63b86f5641
cosmetics
2006-06-16 05:51:16 +00:00
Andreas Steffen
d2c9d37d6f
cosmetics (space)
2006-06-16 05:50:28 +00:00
Martin Willi
c859ec9592
fixed compilation error
2006-06-15 13:41:06 +00:00
Martin Willi
147fe5095d
fixed aes code, we support now aes128, aes192, aes256 in IKE
2006-06-15 13:14:09 +00:00
Martin Willi
c095388f7f
added support for "ike" and "esp" keywords
...
fixed bugs in proposal code
algorithm selection for charon works now with ipsec.conf
a lot of other fixes
2006-06-15 11:09:11 +00:00
Martin Willi
3efbf98312
implemented clean spi allocation behavior when using multiple proposals
2006-06-15 11:06:22 +00:00
Martin Willi
525a5538db
fixed logleve(l) keyword typo
2006-06-15 11:03:41 +00:00
Martin Willi
56f1a8f2d6
handling of "rekey=no" parameter added
2006-06-15 11:02:15 +00:00
Martin Willi
ad038f770d
changed default algorithms to:
...
ike: aes128-sha-modp2048
esp: aes128-sha1, 3des-md5
2006-06-15 11:01:17 +00:00
Andreas Steffen
b98e0927f4
added default CRL directory path
2006-06-14 12:44:12 +00:00
Andreas Steffen
311b225740
added strictcrlpolicy command line argument
2006-06-14 12:43:51 +00:00
Andreas Steffen
03442041a9
added option parsing
2006-06-14 12:42:36 +00:00
Andreas Steffen
b3b4c0e44b
corrected some descriptions
2006-06-13 11:33:13 +00:00
Andreas Steffen
3c846c630a
moved RSA key size constraints to definitions.h
2006-06-13 11:32:12 +00:00
Martin Willi
b7e3329f17
fixed down keyword
2006-06-13 10:11:45 +00:00
Martin Willi
fa32cd3c47
debug and logging improvements
2006-06-13 10:01:04 +00:00
Andreas Steffen
64f4d91898
support for stroke listcerts|listcacerts|listcrls|listall
2006-06-12 08:47:28 +00:00
Andreas Steffen
5347233204
support for stroke listcerts|listcacerts|listall and left|rightca=
2006-06-12 08:43:46 +00:00
Andreas Steffen
299dbc604f
gperf creates optimum hash table for stroke keywords
2006-06-12 08:42:32 +00:00
Martin Willi
50f98119dd
using same reqid if a child sa rekeys an existing one
2006-06-12 08:36:41 +00:00
Andreas Steffen
fec9cb332f
NULL string argument is treated as %any
2006-06-12 08:26:14 +00:00
Andreas Steffen
bc35460db7
add_certificate() now returns pointer to added cert
2006-06-12 07:57:14 +00:00
Andreas Steffen
c4a7413e72
cosmetics
2006-06-12 07:55:37 +00:00
Martin Willi
a2a3fb3e25
workaround for peers rekeying at the same time
...
loading lifetime policies from ipsec.conf
2006-06-12 07:33:20 +00:00
Martin Willi
695723d4e8
old child_sa gets deleted after rekeying
...
rekeying almost complete, but:
IKE_SA get in an invalid state when both initiate rekeying at the same time,
2006-06-09 15:12:43 +00:00
Andreas Steffen
2a13996de0
corrected type
2006-06-09 11:06:37 +00:00
Martin Willi
b543bef50c
improved kernel interface logging
2006-06-09 08:41:41 +00:00
Martin Willi
0bb32cb5f3
fixed clone/destroy behavior when not using CAs
2006-06-09 07:40:40 +00:00
Martin Willi
5c131a016b
specifying keysize in bits, as it is required in IKEv2
...
added generic kernel SA algorithm handling, which brings us:
aes-128, aes-256, blowfish, des, 3des and null encryption for CHILD_SAs
2006-06-09 07:31:30 +00:00
Andreas Steffen
b7f9ca5837
added support for leftsendcert= and left|rightca= parameters
2006-06-09 05:50:41 +00:00
Andreas Steffen
ac427e3677
discard cert if CA basic constraints flag is not set and warn if cert is not valide
2006-06-09 05:48:49 +00:00
Andreas Steffen
a612f2dd00
added public methods is_ca() and is_valid()
2006-06-09 05:47:00 +00:00
Andreas Steffen
5407d563b7
changed ASN.1 CONTROL log output to LEVEL2
2006-06-09 05:45:37 +00:00
Andreas Steffen
996865b09e
cosmetics
2006-06-09 05:44:34 +00:00
Martin Willi
180f924ba5
removed unused Makefile
2006-06-09 05:42:29 +00:00
Andreas Steffen
d521714c9a
stroke.h requires libstrongswan/types.h
2006-06-09 05:41:31 +00:00
Martin Willi
5238c9afef
fixed compile warnings when using -Wall
...
further CHILD_SA rekeying work done:
creation of a new CHILD_SA on a expire from a kernel works
delete of old CHILD_SA still missing
some issues when both initiate rekeing
2006-06-08 14:20:05 +00:00
Martin Willi
8d77eddec2
further work for rekeying:
...
get liftimes from policy
added new state
initiation of rekeying done
proposal redone:
removed support for AH+ESP proposals
2006-06-07 13:26:23 +00:00
Martin Willi
a401efd091
proper leak detective hook for realloc
...
excluded pthread_setspecific from leak detective
2006-06-07 13:22:38 +00:00
Martin Willi
6a030ba9ea
fixed a memleak
2006-06-07 05:54:09 +00:00
Andreas Steffen
fc0afb6810
created IPv6 environment
2006-06-06 05:41:21 +00:00
Martin Willi
32b6500fbf
job management:
...
moved job code from thread_pool to job, jobs have an "execute" method now
added two new jobs: delete_child_sa & rekey_child_sa
kernel interface:
listens now for ACQUIRE & EXPIRE
supports hard and soft lifetimes
fires jobs for delete and rekey child sa
ike sa manager:
can checkout IKE SAs by requid of owned CHILD SAs
we have now the infrastructure to do the rekeying... :-)
2006-05-31 14:23:15 +00:00
Martin Willi
6f2aba1322
- fixed some memleaks/freebugs
...
- leak detective works almost usable now (?!)
2006-05-31 14:13:26 +00:00
Martin Willi
bd72398729
- fixed host-host tunnel traffic selection, host-host works now
2006-05-31 06:52:27 +00:00
Andreas Steffen
1df544d063
bug fixed circumventing an assertion in delete_connection when ikev1 is not set
2006-05-31 05:51:05 +00:00
Andreas Steffen
6848dac603
minimized prefixed on stroke logger output
2006-05-31 05:50:04 +00:00
Andreas Steffen
90ed2e8278
charon outputs strongSwan version
2006-05-31 05:48:32 +00:00
Martin Willi
2d6c3bce06
2006-05-30 14:56:12 +00:00
Martin Willi
b93782903f
- fixed event queue for events >36min
2006-05-30 13:22:46 +00:00
Martin Willi
8403b34bd9
2006-05-30 13:01:50 +00:00
Martin Willi
0773bdcf3f
- included charons module tests to build & dist
2006-05-30 13:00:18 +00:00
Andreas Steffen
6d5e617f7d
full support of ikev1 and ikev2 connection flags
2006-05-30 11:10:42 +00:00
Andreas Steffen
9db4f61476
cosmetics in log_status output
2006-05-30 11:07:14 +00:00
Andreas Steffen
c11c43d2c3
use of streq
2006-05-30 11:03:55 +00:00
Andreas Steffen
510d54eb59
lookup of private key based on keyid of public key
2006-05-30 07:53:13 +00:00
Andreas Steffen
fa896e9a21
new functions to add certificates and retrieve private and public keys
2006-05-30 07:52:25 +00:00
Andreas Steffen
d793980f56
changed log level
2006-05-30 07:50:15 +00:00
Andreas Steffen
e1c00b96a6
list ca certificates
2006-05-30 07:48:29 +00:00
Andreas Steffen
f5a4518a74
computation of SHA-1 hash over publicKeyInfo object
2006-05-30 07:47:19 +00:00
Andreas Steffen
3b58a143a0
moved abbreviated thread_id in front of brackets
2006-05-30 07:45:06 +00:00
Andreas Steffen
cdffecf3ba
added has_key parameter to log_certificates()
2006-05-30 07:43:39 +00:00
Andreas Steffen
c164f8c4a7
log_certificates() now shows keyid and availability of matching private key
2006-05-30 07:42:52 +00:00
Andreas Steffen
7c2e556644
indented loaded file log entry
2006-05-30 07:41:22 +00:00
Andreas Steffen
1a10669080
moved TIMETOA_BUF definition to types.h
2006-05-30 07:40:44 +00:00
Andreas Steffen
79332d28a5
moved TIMETOA_BUF definition from asn1.h
2006-05-30 07:39:44 +00:00
Andreas Steffen
abf2be2281
define default CA_CERTIFICATE_DIR
2006-05-30 07:38:41 +00:00
Andreas Steffen
92d30836fd
load all ca certificates
2006-05-30 07:37:48 +00:00
Martin Willi
db66c624bf
- fixed daemon destruction order to prevent
...
crashes on termination
2006-05-30 06:14:23 +00:00
Martin Willi
139ce7871f
- fixed memleak when deleting a connection
2006-05-29 11:29:23 +00:00
Martin Willi
60b9abf5c1
- updated todo list
2006-05-29 11:19:31 +00:00
Martin Willi
9fe14f4b8a
- policies contain a connections name now
...
- used for initiate and delete
- connections won't get initiated twice anymore
- deleting of connections is now possible, which allows us to use
ipsec update and ipsec reload
2006-05-29 11:09:45 +00:00
Martin Willi
4c59264d9b
- changed iterator->remove behavior
2006-05-29 11:04:09 +00:00
Andreas Steffen
b83200569e
ipsec up|down|route|delete require a connection name
2006-05-29 07:17:55 +00:00
Andreas Steffen
ecadab2ba7
stroke now uses constant size string buffer
2006-05-29 07:14:57 +00:00
Andreas Steffen
f8be15f53b
changed to standard connection log output
2006-05-29 07:11:50 +00:00
Andreas Steffen
353c7b57c8
reworked parsing and matching of subjectAltNames
2006-05-29 07:06:02 +00:00
Andreas Steffen
3c3595adfd
added memeq() macro
2006-05-29 07:03:34 +00:00
Andreas Steffen
c2e7442fc1
moved timetoa() from asn1.c to types.c
2006-05-29 07:02:12 +00:00
Andreas Steffen
a8a1fa1c03
corrected type
2006-05-29 06:58:55 +00:00
Martin Willi
65996a534d
- some logging improvements and cosmetics
2006-05-24 11:59:58 +00:00
Martin Willi
3a13a78084
- handle IKE_SA setup without a piggy-packed CHILD_SA
...
more IKEv2 conform
2006-05-24 09:05:21 +00:00
Martin Willi
b82908b8b5
- initiate IKE_SA deletion befor manager destruction
2006-05-24 09:02:39 +00:00
Andreas Steffen
a13448dd2d
improved code of chunk_equals
2006-05-24 07:55:30 +00:00
Andreas Steffen
77ad0fa043
added streq() macro and defined default BUF_LEN
2006-05-24 07:54:20 +00:00
Andreas Steffen
4df5f60bd3
typo
2006-05-24 07:52:40 +00:00
Martin Willi
49e6a32353
2006-05-24 06:47:33 +00:00
Martin Willi
298b06c28c
- build gets perl and gperf from configure now
...
- moved built sources to maintainer-clean
2006-05-24 06:36:46 +00:00
Martin Willi
8b5be79d83
- show connection templates in status & statusall
...
- don't complain on termination of IKEv1 connections
2006-05-23 13:25:57 +00:00
Martin Willi
3572b3b689
- updated ipsec.conf manual to reflect actual state of
...
keyexchange-parameter
2006-05-23 10:53:44 +00:00
Martin Willi
7ba69503aa
- changed config load strategy:
...
starter loads both connections in charon & pluto,
charon ignores anything with keyexchange!=ikev2.
pluto needs the same behavior.
2006-05-23 10:07:02 +00:00
Martin Willi
de1584de40
- changed build order to fix build error after distclean
2006-05-23 09:41:18 +00:00
Andreas Steffen
96b82ed821
load_end_certificate() now loads certificates
2006-05-23 08:16:15 +00:00
Andreas Steffen
9e0e0f922c
cosmetics
2006-05-23 08:15:08 +00:00
Andreas Steffen
418c859231
moved definition of generalNames_t to identification.h; initialized subjectKeyID, authKeyID and authKeySerialNumber
2006-05-23 08:14:24 +00:00
Andreas Steffen
1f0e3d1114
moved definition of generalNames_t to identification.h
2006-05-23 08:12:36 +00:00
Martin Willi
4a5bba25e2
- reimplemented proper IKE SA deletion using a seperate state,
...
should conform now to IKEv2
2006-05-23 08:01:49 +00:00
Martin Willi
4acc8989ce
- fixed build when using --enable-leak-detective
2006-05-23 08:00:29 +00:00
Martin Willi
a2744feb63
- added removed files to svn:ignore
...
- fixed bug in pluto/Makefile.am
2006-05-19 14:25:08 +00:00
Martin Willi
d6c32b83de
- removed perl-generated oid.c/h from svn,
...
added them to "dist" and "distclean"
2006-05-19 14:16:58 +00:00
Martin Willi
7ca49e4037
- removed lex, yacc and gperf output from svn,
...
added them to "dist" and "distclean"
2006-05-19 14:05:26 +00:00
Martin Willi
a4c75933cc
- added ingorelist for builded files
2006-05-19 12:20:26 +00:00
Martin Willi
b1e69188ce
- re-added doxygen apidoc, buildable with "make apidoc"
2006-05-19 12:10:06 +00:00
Martin Willi
bea98d4dd7
- added missing ipsec.conf.5 to distribution :-/
2006-05-19 11:16:48 +00:00
Martin Willi
1dec928446
- fixed another typo
2006-05-19 09:29:17 +00:00
Martin Willi
fea5e716c4
- added missing ipsec.conf ipsec.conf.5
...
- existing ipsec.conf won't get overwritten anymore
2006-05-19 08:59:19 +00:00
Martin Willi
2403d26472
- fixed typo in Makefile which corrupted the build
2006-05-19 08:12:02 +00:00
Martin Willi
7881ac141e
- applied patch from the NAT-T team fixing several typos
2006-05-19 06:46:22 +00:00
Martin Willi
86a7937b45
- applied patch from andreas, which allows certificate listing via stroke
2006-05-19 06:44:08 +00:00
Martin Willi
3e61d63a3a
- added ipsec.conf template and man page back
...
- removed old Makefiles
- added new strongswan KDevelop project & startup hack
2006-05-18 14:21:58 +00:00
Martin Willi
7626bef673
- fixed compliation error using --enable-smartcard
2006-05-18 06:22:37 +00:00
Martin Willi
b5e1560659
- applied andreas's patch
...
- logger output improvements
- testin gupdates
- and a lot more
2006-05-18 06:02:28 +00:00
Martin Willi
db26d00e73
- added random source ./configure options
...
- fixed default-pkcs11 option
2006-05-17 14:21:38 +00:00
Martin Willi
f2c2d395ff
- introduced autotools
...
- first working version
- make dist should work
- things to do:
- UML testing!
- more cleanups
2006-05-16 14:24:03 +00:00
Martin Willi
eedfdfbe6e
2006-05-10 13:21:01 +00:00
Martin Willi
32df5cc373
2006-05-10 13:20:47 +00:00
Martin Willi
9c316d8021
2006-05-10 13:19:45 +00:00
Martin Willi
9293ff427c
2006-05-10 13:18:28 +00:00
Martin Willi
9cf5f29027
2006-05-10 13:16:27 +00:00
Martin Willi
4e98759d32
2006-05-10 12:47:35 +00:00
Martin Willi
4d690f4bd4
2006-05-10 12:45:52 +00:00
Martin Willi
b78479bf31
2006-05-10 12:45:31 +00:00
Martin Willi
1cc981b9af
2006-05-10 12:44:32 +00:00
Martin Willi
2af2b9fec5
- fixed build
2006-05-10 12:41:52 +00:00
Martin Willi
35857a7dec
2006-05-10 12:17:33 +00:00
Martin Willi
0fecac98de
2006-05-10 08:03:50 +00:00
Martin Willi
b8577029d1
2006-05-10 08:02:49 +00:00
Martin Willi
95806de938
2006-05-10 07:58:29 +00:00
Martin Willi
607d174dcb
2006-05-10 07:33:51 +00:00
Martin Willi
bc4a07a0ad
- started to rebuild source layout
2006-05-10 07:32:34 +00:00
Martin Willi
37a2b616e2
- fixed stroke error output to starter
2006-05-10 07:11:52 +00:00
Martin Willi
2192375bc8
- using random SPIs now, but without collision checks
2006-05-10 07:00:38 +00:00
Martin Willi
f768bdc3f3
- applied some -W's from strongswan
...
- fixed that warnings
2006-05-09 07:34:25 +00:00
Martin Willi
24953b5e18
- removed IKEV2 ifdefs
2006-05-06 07:21:09 +00:00
Martin Willi
65cf07ac1d
- applied patch from andreas
...
- added charonstart option to config
- new ikev2 tests for UML
2006-05-06 07:09:45 +00:00
Martin Willi
9820c0e208
- applied patch from andreas
...
- pem loading
- secrets file parsing
- ikev2 testcase
- some other additions here and there
2006-05-04 07:55:42 +00:00
Martin Willi
8744148f55
- connection termination is handled cleanly by name now
2006-05-04 07:06:31 +00:00
Martin Willi
d4a35f80c1
- fixed bad bug, certs load now cleanly again
2006-04-28 14:20:08 +00:00
Martin Willi
a34d3c14a1
- fixed make install (subdir order)
2006-04-28 12:46:22 +00:00
Martin Willi
1029d84d23
2006-04-28 10:51:19 +00:00