Martin Willi
8f727d8007
Clean up IKE_SA state if IKE_SA_INIT request does not have message ID 0
2013-03-11 11:30:47 +01:00
Martin Willi
0235914d2f
Ignore fourth Qick Mode message sent by Windows servers.
...
Initial patch by Paul Stewart, fixes #289 .
2013-03-11 10:53:55 +01:00
Andreas Steffen
f361a85ebb
added ITA Echo PA-TNC Subtype and ITA Echo Attribute type
2013-03-11 09:30:20 +01:00
Andreas Steffen
e99cf029dc
version bump to 5.0.3dr4
2013-03-11 09:29:22 +01:00
Andreas Steffen
a498c7a9c3
moved ar_id from imv_agent to imv_state
2013-03-11 08:54:02 +01:00
Tobias Brunner
2b1e2434e4
esc() is only used if dladdr(3) is available
2013-03-08 16:45:09 +01:00
Tobias Brunner
292ee515db
Fix maximum size of a mem_pool_t
2013-03-07 18:21:02 +01:00
Tobias Brunner
d6da0a367a
New Android release after adding translations and Cert/EAP authentication
...
Also fixed a race condition during reauthentication and a freeze that
might happen while disconnecting.
2013-03-07 14:14:34 +01:00
Tobias Brunner
76de964617
android: Add support for combined certificate and EAP authentication
...
This uses RFC 4739 multiple authentication rounds to first
authenticate the client with a certificate followed by an
EAP authentication round with username and password.
2013-03-07 14:14:34 +01:00
Martin Willi
7d70a14779
Merge branch 'pt-tls'
2013-03-07 14:10:50 +01:00
Martin Willi
83e2c81924
If controller operations have a callback, don't succeed before hook gets called
2013-03-07 12:17:01 +01:00
Martin Willi
5807f9cfcd
Add a stroke command timeout option, and report status of completed command
2013-03-07 11:59:30 +01:00
Martin Willi
9d9042d6d9
As Quick Mode initiator, select a subset of the proposed and the returned TS
...
Cisco 5505 firewalls don't return the port if we send a specific one, letting
the is_contained_in() checks fail. Using get_subset() selection builds the
Quick Mode correctly with the common subset of selectors.
Based on an initial patch from Paul Stewart.
2013-03-07 10:00:06 +01:00
Martin Willi
1db6bf2f3f
If TLS peer authentication not required, the client does nonetheless, allow it to fail
2013-03-06 15:53:12 +01:00
Andreas Steffen
486f4b5838
added some otherNames OIDs
2013-03-06 11:50:32 +01:00
Martin Willi
ad9af9e2d8
Fix some apidoc in mem_pool.h
2013-03-06 10:26:52 +01:00
Tobias Brunner
d62f043f01
testing: Add screen package to base image
...
Makes working in a single SSH session easier.
2013-03-05 17:40:13 +01:00
Tobias Brunner
eeb029360a
testing: Enable ssh connection to second IP by name (e.g. moon1)
2013-03-05 17:40:13 +01:00
Tobias Brunner
45ee7c9429
testing: ssh script accepts IP addresses instead of host names
2013-03-05 17:40:13 +01:00
Tobias Brunner
5057455674
testing: ssh script forwards arguments to ssh command
...
This allows to execute commands on a virtual host.
2013-03-05 17:40:12 +01:00
Andreas Steffen
d7eec03815
removed unneeded DS files
2013-03-05 09:08:25 +01:00
Andreas Steffen
1a9dee5d22
instead of cloning use extract_buf() method
2013-03-04 23:21:21 +01:00
Martin Willi
b668f1417d
Don't invoke addr2line if dladdr() did not yield a filename
2013-03-04 15:50:21 +01:00
Martin Willi
1f69412b4d
When receiving critical signals, additionally log backtraces to syslog/files
2013-03-04 15:46:34 +01:00
Martin Willi
fe03f51302
backtrace_t.log() takes a NULL file pointer to log to registered dbg() hook
2013-03-04 15:45:03 +01:00
Martin Willi
8b24863b1f
Don't use color escapes when printing backtraces to a non-TTY file
2013-03-04 15:07:03 +01:00
Martin Willi
4d17427205
Add a utility function to resolve TTY color escape codes dynamically
2013-03-04 15:04:56 +01:00
Andreas Steffen
c88104aa25
make TNC Access Requestor ID available to IMVs
2013-03-03 17:18:09 +01:00
Andreas Steffen
1fc609fed3
updated NEWS
2013-03-03 17:17:08 +01:00
Andreas Steffen
7b11a1dcdc
upgraded KVM test suite to Linux 3.8 kernel
2013-03-03 11:59:07 +01:00
Andreas Steffen
f7580a5a67
added openssl-ikev2/alg-aes-gcm scenario
2013-03-03 11:43:52 +01:00
Andreas Steffen
81419b9748
use DNs in tnc/tnccs-20-tls scenario
2013-03-03 10:47:17 +01:00
Andreas Steffen
c9418d4fd3
added getpwuid_r and initgroups to whitelist
2013-03-03 09:04:49 +01:00
Andreas Steffen
eeb69761ae
third parameter was not copied
2013-03-02 22:03:07 +01:00
Tobias Brunner
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
Tobias Brunner
b42f2cacac
Include the whole src directory in apidoc and make source files browsable
...
But still only scan header files as Doxygen can't figure out how they
are related to source files (at least not for class methods).
2013-03-02 18:31:53 +01:00
Tobias Brunner
cd612784e4
Prevent Doxygen from processing __attribute__(...)
...
Doxygen produces additional members/classes from these attributes.
2013-03-02 18:31:52 +01:00
Tobias Brunner
b6a387f7b0
Updated Doxyfile.in with a recent version of Doxygen
2013-03-02 18:28:18 +01:00
Tobias Brunner
9804fccea3
Removed backend for old Android frontend patch
...
Moved the remaining DNS handler to a new plugin.
2013-03-02 18:27:23 +01:00
Andreas Steffen
b038c62e4a
added ERX_SUPPORTED IKEv2 Notify
2013-03-02 17:18:37 +01:00
Andreas Steffen
de218eb09c
added some new TCG IF-M message subtypes and attributes
2013-03-02 17:03:37 +01:00
Andreas Steffen
9e9e12bbf8
version bump to 5.0.3dr3
2013-03-02 16:19:57 +01:00
Tobias Brunner
e88b529a30
android: Mitigate race condition on reauthentication
...
If the TUN device gets recreated while another thread in handle_plain()
has not yet called select(2) but already stored the file descriptor of the
old TUN device in its FD set, select() will fail with EBADF.
Fixes #301 .
2013-03-01 17:06:01 +01:00
Tobias Brunner
4c969f7906
openssl: The EVP GCM interface requires at least OpenSSL 1.0.1
2013-03-01 16:57:45 +01:00
Martin Willi
4dd8d5430d
Merge branch 'multi-eap'
...
Fixes the use of EAP methods in the non-first authentication round if the
initiator demands mutual EAP. Also mutual EAP can now be enforced when the
initiator sets rightauth=eap, not only with rightauth=any.
2013-03-01 11:36:41 +01:00
Martin Willi
e82deaf6ce
Merge branch 'multi-cert'
...
Allows the configuration of multiple certificates in leftcert, and select
the correct certificate to use based on the received certificate requests.
2013-03-01 11:35:32 +01:00
Martin Willi
adf239abca
Merge branch 'systime'
...
Add a systime-fix plugin allowing an embedded system to validate certificates
if the system time has not been synchronized after boot. Certificates of
established tunnels can be re-validated after the system time gets valid.
2013-03-01 11:33:47 +01:00
Martin Willi
b611d8ba48
Merge branch 'ikev1-rekeying'
...
Migrates Quick Modes to the new Main Mode if an IKEv1 reauthentication replaces
the old Main Mode having a uniqueids=replace policy.
2013-03-01 11:32:02 +01:00
Martin Willi
ec1b4e6638
Merge branch 'vip-shunts'
...
Installs bypass policies for the physical address if a virtual address is
assigned, and installs a proper source route to actually use the physical
address for bypassed destinations.
Conflicts:
src/libcharon/plugins/unity/unity_handler.c
2013-03-01 11:30:13 +01:00
Martin Willi
a36b49f3cb
Merge branch 'opaque-ports'
...
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
2013-03-01 11:27:12 +01:00