8f727d8007
Clean up IKE_SA state if IKE_SA_INIT request does not have message ID 0
2013-03-11 11:30:47 +01:00
0235914d2f
Ignore fourth Qick Mode message sent by Windows servers.
...
Initial patch by Paul Stewart, fixes #289 .
2013-03-11 10:53:55 +01:00
f361a85ebb
added ITA Echo PA-TNC Subtype and ITA Echo Attribute type
2013-03-11 09:30:20 +01:00
e99cf029dc
version bump to 5.0.3dr4
2013-03-11 09:29:22 +01:00
a498c7a9c3
moved ar_id from imv_agent to imv_state
2013-03-11 08:54:02 +01:00
2b1e2434e4
esc() is only used if dladdr(3) is available
2013-03-08 16:45:09 +01:00
292ee515db
Fix maximum size of a mem_pool_t
2013-03-07 18:21:02 +01:00
d6da0a367a
New Android release after adding translations and Cert/EAP authentication
...
Also fixed a race condition during reauthentication and a freeze that
might happen while disconnecting.
2013-03-07 14:14:34 +01:00
76de964617
android: Add support for combined certificate and EAP authentication
...
This uses RFC 4739 multiple authentication rounds to first
authenticate the client with a certificate followed by an
EAP authentication round with username and password.
2013-03-07 14:14:34 +01:00
7d70a14779
Merge branch 'pt-tls'
2013-03-07 14:10:50 +01:00
83e2c81924
If controller operations have a callback, don't succeed before hook gets called
2013-03-07 12:17:01 +01:00
5807f9cfcd
Add a stroke command timeout option, and report status of completed command
2013-03-07 11:59:30 +01:00
9d9042d6d9
As Quick Mode initiator, select a subset of the proposed and the returned TS
...
Cisco 5505 firewalls don't return the port if we send a specific one, letting
the is_contained_in() checks fail. Using get_subset() selection builds the
Quick Mode correctly with the common subset of selectors.
Based on an initial patch from Paul Stewart.
2013-03-07 10:00:06 +01:00
1db6bf2f3f
If TLS peer authentication not required, the client does nonetheless, allow it to fail
2013-03-06 15:53:12 +01:00
486f4b5838
added some otherNames OIDs
2013-03-06 11:50:32 +01:00
ad9af9e2d8
Fix some apidoc in mem_pool.h
2013-03-06 10:26:52 +01:00
d62f043f01
testing: Add screen package to base image
...
Makes working in a single SSH session easier.
2013-03-05 17:40:13 +01:00
eeb029360a
testing: Enable ssh connection to second IP by name (e.g. moon1)
2013-03-05 17:40:13 +01:00
45ee7c9429
testing: ssh script accepts IP addresses instead of host names
2013-03-05 17:40:13 +01:00
5057455674
testing: ssh script forwards arguments to ssh command
...
This allows to execute commands on a virtual host.
2013-03-05 17:40:12 +01:00
d7eec03815
removed unneeded DS files
2013-03-05 09:08:25 +01:00
1a9dee5d22
instead of cloning use extract_buf() method
2013-03-04 23:21:21 +01:00
b668f1417d
Don't invoke addr2line if dladdr() did not yield a filename
2013-03-04 15:50:21 +01:00
1f69412b4d
When receiving critical signals, additionally log backtraces to syslog/files
2013-03-04 15:46:34 +01:00
fe03f51302
backtrace_t.log() takes a NULL file pointer to log to registered dbg() hook
2013-03-04 15:45:03 +01:00
8b24863b1f
Don't use color escapes when printing backtraces to a non-TTY file
2013-03-04 15:07:03 +01:00
4d17427205
Add a utility function to resolve TTY color escape codes dynamically
2013-03-04 15:04:56 +01:00
c88104aa25
make TNC Access Requestor ID available to IMVs
2013-03-03 17:18:09 +01:00
1fc609fed3
updated NEWS
2013-03-03 17:17:08 +01:00
7b11a1dcdc
upgraded KVM test suite to Linux 3.8 kernel
2013-03-03 11:59:07 +01:00
f7580a5a67
added openssl-ikev2/alg-aes-gcm scenario
2013-03-03 11:43:52 +01:00
81419b9748
use DNs in tnc/tnccs-20-tls scenario
2013-03-03 10:47:17 +01:00
c9418d4fd3
added getpwuid_r and initgroups to whitelist
2013-03-03 09:04:49 +01:00
eeb69761ae
third parameter was not copied
2013-03-02 22:03:07 +01:00
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
b42f2cacac
Include the whole src directory in apidoc and make source files browsable
...
But still only scan header files as Doxygen can't figure out how they
are related to source files (at least not for class methods).
2013-03-02 18:31:53 +01:00
cd612784e4
Prevent Doxygen from processing __attribute__(...)
...
Doxygen produces additional members/classes from these attributes.
2013-03-02 18:31:52 +01:00
b6a387f7b0
Updated Doxyfile.in with a recent version of Doxygen
2013-03-02 18:28:18 +01:00
9804fccea3
Removed backend for old Android frontend patch
...
Moved the remaining DNS handler to a new plugin.
2013-03-02 18:27:23 +01:00
b038c62e4a
added ERX_SUPPORTED IKEv2 Notify
2013-03-02 17:18:37 +01:00
de218eb09c
added some new TCG IF-M message subtypes and attributes
2013-03-02 17:03:37 +01:00
9e9e12bbf8
version bump to 5.0.3dr3
2013-03-02 16:19:57 +01:00
e88b529a30
android: Mitigate race condition on reauthentication
...
If the TUN device gets recreated while another thread in handle_plain()
has not yet called select(2) but already stored the file descriptor of the
old TUN device in its FD set, select() will fail with EBADF.
Fixes #301 .
2013-03-01 17:06:01 +01:00
4c969f7906
openssl: The EVP GCM interface requires at least OpenSSL 1.0.1
2013-03-01 16:57:45 +01:00
4dd8d5430d
Merge branch 'multi-eap'
...
Fixes the use of EAP methods in the non-first authentication round if the
initiator demands mutual EAP. Also mutual EAP can now be enforced when the
initiator sets rightauth=eap, not only with rightauth=any.
2013-03-01 11:36:41 +01:00
e82deaf6ce
Merge branch 'multi-cert'
...
Allows the configuration of multiple certificates in leftcert, and select
the correct certificate to use based on the received certificate requests.
2013-03-01 11:35:32 +01:00
adf239abca
Merge branch 'systime'
...
Add a systime-fix plugin allowing an embedded system to validate certificates
if the system time has not been synchronized after boot. Certificates of
established tunnels can be re-validated after the system time gets valid.
2013-03-01 11:33:47 +01:00
b611d8ba48
Merge branch 'ikev1-rekeying'
...
Migrates Quick Modes to the new Main Mode if an IKEv1 reauthentication replaces
the old Main Mode having a uniqueids=replace policy.
2013-03-01 11:32:02 +01:00
ec1b4e6638
Merge branch 'vip-shunts'
...
Installs bypass policies for the physical address if a virtual address is
assigned, and installs a proper source route to actually use the physical
address for bypassed destinations.
Conflicts:
src/libcharon/plugins/unity/unity_handler.c
2013-03-01 11:30:13 +01:00
a36b49f3cb
Merge branch 'opaque-ports'
...
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
2013-03-01 11:27:12 +01:00
Martin Willi