b4d172aa8e
Add Altiga Private Enterprise Numbers that Cisco uses in VPN 3000
2013-03-12 20:31:10 +01:00
2b1e2434e4
esc() is only used if dladdr(3) is available
2013-03-08 16:45:09 +01:00
486f4b5838
added some otherNames OIDs
2013-03-06 11:50:32 +01:00
b668f1417d
Don't invoke addr2line if dladdr() did not yield a filename
2013-03-04 15:50:21 +01:00
fe03f51302
backtrace_t.log() takes a NULL file pointer to log to registered dbg() hook
2013-03-04 15:45:03 +01:00
8b24863b1f
Don't use color escapes when printing backtraces to a non-TTY file
2013-03-04 15:07:03 +01:00
4d17427205
Add a utility function to resolve TTY color escape codes dynamically
2013-03-04 15:04:56 +01:00
c88104aa25
make TNC Access Requestor ID available to IMVs
2013-03-03 17:18:09 +01:00
c9418d4fd3
added getpwuid_r and initgroups to whitelist
2013-03-03 09:04:49 +01:00
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
4c969f7906
openssl: The EVP GCM interface requires at least OpenSSL 1.0.1
2013-03-01 16:57:45 +01:00
e82deaf6ce
Merge branch 'multi-cert'
...
Allows the configuration of multiple certificates in leftcert, and select
the correct certificate to use based on the received certificate requests.
2013-03-01 11:35:32 +01:00
adf239abca
Merge branch 'systime'
...
Add a systime-fix plugin allowing an embedded system to validate certificates
if the system time has not been synchronized after boot. Certificates of
established tunnels can be re-validated after the system time gets valid.
2013-03-01 11:33:47 +01:00
a36b49f3cb
Merge branch 'opaque-ports'
...
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
2013-03-01 11:27:12 +01:00
53fcc70acc
When running with an unprivileged user, initialize supplementary groups
2013-03-01 11:27:01 +01:00
81f9cd39fd
openssl: Provide AES-GCM implementation
2013-02-28 18:17:42 +01:00
a89ebab62e
Fix cleanup in crypto_tester if AEAD implementation fails
2013-02-28 18:17:42 +01:00
5f7f4fa398
Order of arguments in Doxygen comment fixed
2013-02-28 18:17:42 +01:00
8656f35ae1
Fix auth_cfg_t.clone() for single-valued auth rules
...
By using the default list enumerator and adding the rules with the public
add() method, clones of auth_cfg_t objects would return the values for
single-valued auth rules in the wrong order (i.e. the oldest instead of the
newest value was returned). Using the internal enumerator (which the comment
already suggested) fixes this, but the clone will not be a full clone as
it does not contain any old values for single-valued auth rules. Since
these will never be used anyway, this should be fine.
2013-02-28 18:11:38 +01:00
bc07fef09c
Use SIGUSR2 for SIG_CANCEL on Android
...
SIGRTMIN is defined as 32 while sigset_t is defined as
unsigned long (i.e. holds 32 signals). Hence, the signal
could never be blocked. Sending the signal still canceled
threads, but sometimes in situations where they shouldn't
have been canceled (e.g. while holding a lock).
Fixes #298 .
2013-02-26 11:40:34 +01:00
0ac34e9e6a
Android.mk updated to latest Makefiles
...
Fixes #300 .
2013-02-26 10:11:36 +01:00
a1db77de7c
Use a complete port range in traffic_selector_create_from_{subnet,cidr}
2013-02-21 11:52:33 +01:00
c572b5c8c1
Print OPAQUE traffic selectors as what they are, not as port range
2013-02-21 11:52:33 +01:00
7b368af61a
Support "opaque" ports in traffic selector subset calculation
2013-02-21 10:51:19 +01:00
7dbe1feef1
Slightly refactor traffic_selector_t.get_subset()
2013-02-21 10:48:48 +01:00
de5d569b24
Migrate remaining traffic selector methods to METHOD macro
2013-02-21 10:28:21 +01:00
0d237763dc
openssl: Disable PKCS#7/CMS when building against OpenSSL < 0.9.8g
...
Fixes #292 .
2013-02-20 18:34:54 +01:00
de399f550d
Add a cert_validator hook allowing plugins to provide custom lifetime checking
2013-02-19 14:31:18 +01:00
790e00aaa9
Make cert_validator_t.validate optional to implement
2013-02-19 14:31:18 +01:00
a4ddc0bb26
Encode RSA public keys in RFC 3110 DNSKEY format
2013-02-19 12:25:00 +01:00
f2145c8d3a
Moved configuration from resolver manager to unbound plugin
...
Also streamlined log messages in unbound plugin.
2013-02-19 12:25:00 +01:00
cfd07978d0
unbound: Implementation of query method of unbound_resolver_t
2013-02-19 11:57:21 +01:00
5a4126b490
unbound: Implemented resolver_response_t as unbound_response_t
2013-02-19 11:57:21 +01:00
62ea67e700
Implemented rr_set_t interface
2013-02-19 11:57:21 +01:00
4a335a2164
unbound: Implemented rr_t as unbound_rr_t
2013-02-19 11:57:21 +01:00
9f963a7cfc
Added unbound plugin implementing the resolver interface using libunbound
2013-02-19 11:57:21 +01:00
b1505b345b
Added manager for DNS resolvers
2013-02-19 11:57:21 +01:00
ffdeeb6609
Added interface for DNS resolvers
2013-02-19 11:57:21 +01:00
4755ab505d
Add a global return_success() method implementation
2013-02-14 17:17:45 +01:00
de32b8aed6
Add a convenience method to check pen_type_t for vendor and type
2013-02-14 17:17:30 +01:00
d03b338487
Add a comparison function for pen_type_t
2013-02-14 17:17:22 +01:00
9db54bbcd4
Whitespace and comment cleanups in pen.[ch]
2013-02-14 17:17:07 +01:00
e212033ef2
Merge branch 'ike-dscp'
2013-02-14 17:11:35 +01:00
8b56943222
Merge branch 'pt-tls'
2013-02-14 17:06:07 +01:00
763e86c093
Use CURL_TIMEOUT and not CURL_CONNECTTIMEOUT for FETCHER_TIMEOUT in curl
...
This allows us to use this timeout beyond DNS resolution. For the initial
connect, we use a hardcoded timeout of 10s for now.
2013-02-08 11:08:06 +01:00
1116689944
Add a DSCP value with getter/setter on packet_t
2013-02-06 15:20:32 +01:00
82c884c015
Set sockaddr family on ifreq instead of casted familiy specific sockaddr
...
Fixes a strict-aliasing rule compiler warning with older gcc.
2013-02-06 15:20:32 +01:00
cf29fc075a
time is a time_t pointer
2013-02-04 13:05:29 +01:00
459c50ccb8
print PEN value 0xfffffe as Unassigned
2013-02-03 18:52:59 +01:00
a3a190b7bd
openssl: Properly honor OPENSSL_NO_* defines
2013-01-31 17:33:23 +01:00
Martin Willi