Martin Willi
b4d172aa8e
Add Altiga Private Enterprise Numbers that Cisco uses in VPN 3000
2013-03-12 20:31:10 +01:00
Tobias Brunner
2b1e2434e4
esc() is only used if dladdr(3) is available
2013-03-08 16:45:09 +01:00
Andreas Steffen
486f4b5838
added some otherNames OIDs
2013-03-06 11:50:32 +01:00
Martin Willi
b668f1417d
Don't invoke addr2line if dladdr() did not yield a filename
2013-03-04 15:50:21 +01:00
Martin Willi
fe03f51302
backtrace_t.log() takes a NULL file pointer to log to registered dbg() hook
2013-03-04 15:45:03 +01:00
Martin Willi
8b24863b1f
Don't use color escapes when printing backtraces to a non-TTY file
2013-03-04 15:07:03 +01:00
Martin Willi
4d17427205
Add a utility function to resolve TTY color escape codes dynamically
2013-03-04 15:04:56 +01:00
Andreas Steffen
c88104aa25
make TNC Access Requestor ID available to IMVs
2013-03-03 17:18:09 +01:00
Andreas Steffen
c9418d4fd3
added getpwuid_r and initgroups to whitelist
2013-03-03 09:04:49 +01:00
Tobias Brunner
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
Tobias Brunner
4c969f7906
openssl: The EVP GCM interface requires at least OpenSSL 1.0.1
2013-03-01 16:57:45 +01:00
Martin Willi
e82deaf6ce
Merge branch 'multi-cert'
...
Allows the configuration of multiple certificates in leftcert, and select
the correct certificate to use based on the received certificate requests.
2013-03-01 11:35:32 +01:00
Martin Willi
adf239abca
Merge branch 'systime'
...
Add a systime-fix plugin allowing an embedded system to validate certificates
if the system time has not been synchronized after boot. Certificates of
established tunnels can be re-validated after the system time gets valid.
2013-03-01 11:33:47 +01:00
Martin Willi
a36b49f3cb
Merge branch 'opaque-ports'
...
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
2013-03-01 11:27:12 +01:00
Martin Willi
53fcc70acc
When running with an unprivileged user, initialize supplementary groups
2013-03-01 11:27:01 +01:00
Tobias Brunner
81f9cd39fd
openssl: Provide AES-GCM implementation
2013-02-28 18:17:42 +01:00
Tobias Brunner
a89ebab62e
Fix cleanup in crypto_tester if AEAD implementation fails
2013-02-28 18:17:42 +01:00
Tobias Brunner
5f7f4fa398
Order of arguments in Doxygen comment fixed
2013-02-28 18:17:42 +01:00
Tobias Brunner
8656f35ae1
Fix auth_cfg_t.clone() for single-valued auth rules
...
By using the default list enumerator and adding the rules with the public
add() method, clones of auth_cfg_t objects would return the values for
single-valued auth rules in the wrong order (i.e. the oldest instead of the
newest value was returned). Using the internal enumerator (which the comment
already suggested) fixes this, but the clone will not be a full clone as
it does not contain any old values for single-valued auth rules. Since
these will never be used anyway, this should be fine.
2013-02-28 18:11:38 +01:00
Tobias Brunner
bc07fef09c
Use SIGUSR2 for SIG_CANCEL on Android
...
SIGRTMIN is defined as 32 while sigset_t is defined as
unsigned long (i.e. holds 32 signals). Hence, the signal
could never be blocked. Sending the signal still canceled
threads, but sometimes in situations where they shouldn't
have been canceled (e.g. while holding a lock).
Fixes #298 .
2013-02-26 11:40:34 +01:00
Tobias Brunner
0ac34e9e6a
Android.mk updated to latest Makefiles
...
Fixes #300 .
2013-02-26 10:11:36 +01:00
Martin Willi
a1db77de7c
Use a complete port range in traffic_selector_create_from_{subnet,cidr}
2013-02-21 11:52:33 +01:00
Martin Willi
c572b5c8c1
Print OPAQUE traffic selectors as what they are, not as port range
2013-02-21 11:52:33 +01:00
Martin Willi
7b368af61a
Support "opaque" ports in traffic selector subset calculation
2013-02-21 10:51:19 +01:00
Martin Willi
7dbe1feef1
Slightly refactor traffic_selector_t.get_subset()
2013-02-21 10:48:48 +01:00
Martin Willi
de5d569b24
Migrate remaining traffic selector methods to METHOD macro
2013-02-21 10:28:21 +01:00
Tobias Brunner
0d237763dc
openssl: Disable PKCS#7/CMS when building against OpenSSL < 0.9.8g
...
Fixes #292 .
2013-02-20 18:34:54 +01:00
Martin Willi
de399f550d
Add a cert_validator hook allowing plugins to provide custom lifetime checking
2013-02-19 14:31:18 +01:00
Martin Willi
790e00aaa9
Make cert_validator_t.validate optional to implement
2013-02-19 14:31:18 +01:00
Andreas Steffen
a4ddc0bb26
Encode RSA public keys in RFC 3110 DNSKEY format
2013-02-19 12:25:00 +01:00
Andreas Steffen
f2145c8d3a
Moved configuration from resolver manager to unbound plugin
...
Also streamlined log messages in unbound plugin.
2013-02-19 12:25:00 +01:00
Reto Guadagnini
cfd07978d0
unbound: Implementation of query method of unbound_resolver_t
2013-02-19 11:57:21 +01:00
Reto Guadagnini
5a4126b490
unbound: Implemented resolver_response_t as unbound_response_t
2013-02-19 11:57:21 +01:00
Reto Guadagnini
62ea67e700
Implemented rr_set_t interface
2013-02-19 11:57:21 +01:00
Reto Guadagnini
4a335a2164
unbound: Implemented rr_t as unbound_rr_t
2013-02-19 11:57:21 +01:00
Reto Guadagnini
9f963a7cfc
Added unbound plugin implementing the resolver interface using libunbound
2013-02-19 11:57:21 +01:00
Reto Guadagnini
b1505b345b
Added manager for DNS resolvers
2013-02-19 11:57:21 +01:00
Reto Guadagnini
ffdeeb6609
Added interface for DNS resolvers
2013-02-19 11:57:21 +01:00
Martin Willi
4755ab505d
Add a global return_success() method implementation
2013-02-14 17:17:45 +01:00
Martin Willi
de32b8aed6
Add a convenience method to check pen_type_t for vendor and type
2013-02-14 17:17:30 +01:00
Martin Willi
d03b338487
Add a comparison function for pen_type_t
2013-02-14 17:17:22 +01:00
Martin Willi
9db54bbcd4
Whitespace and comment cleanups in pen.[ch]
2013-02-14 17:17:07 +01:00
Martin Willi
e212033ef2
Merge branch 'ike-dscp'
2013-02-14 17:11:35 +01:00
Martin Willi
8b56943222
Merge branch 'pt-tls'
2013-02-14 17:06:07 +01:00
Martin Willi
763e86c093
Use CURL_TIMEOUT and not CURL_CONNECTTIMEOUT for FETCHER_TIMEOUT in curl
...
This allows us to use this timeout beyond DNS resolution. For the initial
connect, we use a hardcoded timeout of 10s for now.
2013-02-08 11:08:06 +01:00
Martin Willi
1116689944
Add a DSCP value with getter/setter on packet_t
2013-02-06 15:20:32 +01:00
Martin Willi
82c884c015
Set sockaddr family on ifreq instead of casted familiy specific sockaddr
...
Fixes a strict-aliasing rule compiler warning with older gcc.
2013-02-06 15:20:32 +01:00
Andreas Steffen
cf29fc075a
time is a time_t pointer
2013-02-04 13:05:29 +01:00
Andreas Steffen
459c50ccb8
print PEN value 0xfffffe as Unassigned
2013-02-03 18:52:59 +01:00
Tobias Brunner
a3a190b7bd
openssl: Properly honor OPENSSL_NO_* defines
2013-01-31 17:33:23 +01:00