Martin Willi
0be946dce3
Use the GEN silent rule when generating files with sed
2013-05-06 15:04:56 +02:00
Martin Willi
f932677f0c
Use the GEN silent rule when generating oid database with perl
2013-05-06 15:04:56 +02:00
Martin Willi
9f1dfd88c8
Use the GEN silent rule when generating gperf files
2013-05-06 15:04:56 +02:00
Martin Willi
84c00e71b7
Provide the --enable-silent-rules ./configure option with automake 1.11 and 1.12
2013-05-06 15:04:56 +02:00
Martin Willi
5f55fd6e61
Introduce an optional logger_t.vlog() method with format string and arguments
...
To have more flexibility in the logging backend, receiving the original format
string and do printf() substitution in the logger may be preferable. An
additional but optional logger method does not touch the behavior of existing
loggers.
2013-05-06 15:00:15 +02:00
Martin Willi
e93f386dbb
Raise an ALERT_PROPOSAL_MISMATCH_CHILD also when receiving NO_PROPOSAL_CHOSEN
2013-05-06 14:56:50 +02:00
Martin Willi
00080d2b8b
Raise an ALERT_PROPOSAL_MISMATCH_IKE also when receiving NO_PROPOSAL_CHOSEN
2013-05-06 14:56:50 +02:00
Martin Willi
aea7ce3c64
eap-radius: add an option to disable accounting for tunnels without virtual IP
2013-05-06 14:56:01 +02:00
Martin Willi
69620a48e8
eap-radius: use IKE_SA unique id instead of peer identity to manage virtual IPs
...
Fixes some corner cases if multiple tunnels use the same peer identity.
2013-05-06 14:56:01 +02:00
Martin Willi
a3854d8371
Don't unset IKE_SA on bus before we released virtual IPs and attributes
2013-05-06 14:56:01 +02:00
Tobias Brunner
55321dcfb6
New Android release after adding AES-GCM, IPv6-in-IPv4 and using kernel-netlink
...
libipsec now supports AES-GCM, IPv6 tunnels over IPv4 are supported,
native x86 libraries are built (requires a new Vstr build script).
Also, the existing kernel-netlink plugin now provides the kernel-net
implementation, which should be more stable in case multiple interfaces
are up and have IP addresses installed on them.
2013-05-03 16:02:39 +02:00
Tobias Brunner
79f42ded50
libipsec: Fix memory leak in event relay
2013-05-03 16:02:39 +02:00
Tobias Brunner
740aedfec1
android: Use stronger ESP proposal including AES-GCM
2013-05-03 16:02:39 +02:00
Tobias Brunner
051fc25d92
libipsec: Add support for AES-GCM
2013-05-03 15:13:57 +02:00
Tobias Brunner
24a8d1253f
libipsec: Wrap traditional algorithms in AEAD wrapper
2013-05-03 15:13:57 +02:00
Tobias Brunner
61fb3267b2
android: Remove unused methods on NetworkManager/network_manager_t
2013-05-03 15:11:20 +02:00
Tobias Brunner
70dfac4459
android: Ignore interface 'lo'
...
Android adds a default route via 'lo' if no connectivity is available
causing charon to send packets via lo and triggering DPD.
2013-05-03 15:11:20 +02:00
Tobias Brunner
18dab76bfa
android: Repurpose android-net to simply handle connectivity events
...
Using the events by NetworkManager/ConnectivityManager to trigger roam events
instead of the events generated by the kernel-netlink plugin the noise level
is much lower.
2013-05-03 15:11:20 +02:00
Tobias Brunner
37873f9994
kernel-netlink: Add an option to disable roam events
2013-05-03 15:11:19 +02:00
Tobias Brunner
3b7f25906e
android: Replace android-net plugin with kernel-netlink
...
Virtual IPs are not handled by the kernel-netlink plugin and tun devices are
ignored.
2013-05-03 15:11:19 +02:00
Tobias Brunner
67332b4e22
android: Set strongswan.conf options before initializing other libraries
2013-05-03 15:11:19 +02:00
Tobias Brunner
0b9ce21b5e
kernel-netlink: Define defaults for routing table and prio
2013-05-03 15:11:19 +02:00
Tobias Brunner
2d7b55bf9b
openssl: Define a default for FIPS_MODE
2013-05-03 15:11:19 +02:00
Martin Willi
9312fbc73d
In memwipe_check(), don't put magic on stack when calling do_magic()
...
Otherwise the magic might be on the stack while checking it.
2013-05-03 14:17:37 +02:00
Martin Willi
1657b4ef26
Dump stack if memwipe() check fails
2013-05-03 11:41:51 +02:00
Andreas Steffen
0f499f41dc
Use attest database in tnc/tnccs-20-os scenario
2013-04-21 16:31:23 +02:00
Andreas Steffen
9fab0a58d3
fixed a 64bit time_t issue
2013-04-21 16:07:13 +02:00
Andreas Steffen
70a7917e72
destroy SQL query
2013-04-21 16:00:23 +02:00
Andreas Steffen
6c998b8b9e
Keep last AR ID
2013-04-21 08:19:30 +02:00
Andreas Steffen
bec5bf02ac
Added use of openssl-fips library to NEWS
2013-04-19 18:49:43 +02:00
Andreas Steffen
1b912ad384
check for successful activation of FIPS mode
2013-04-19 18:46:52 +02:00
Andreas Steffen
b97dd59ba8
install FIPS-aware OpenSSL Debian packages
2013-04-19 18:36:38 +02:00
Andreas Steffen
545df30c18
Added openssl-ikev2/rw-cpa scenario
2013-04-19 18:34:35 +02:00
Andreas Steffen
70312e6596
build openssl-fips in KVM root-image
2013-04-19 18:34:35 +02:00
Andreas Steffen
2d902d7e7c
fixed typo
2013-04-19 18:33:41 +02:00
Martin Willi
e6ba688a35
During libstrongswan initialization, check if memwipe() works as expected
2013-04-18 13:05:37 +02:00
Andreas Steffen
6b99da026c
added libstrongswan.plugins.openssl.fips_mode to man page
2013-04-16 13:44:06 +02:00
Andreas Steffen
f4de6496a2
support of OpenSSL FIPS-140-2 library
2013-04-16 12:37:04 +02:00
Andreas Steffen
ef934caba8
build soup plugin in KVM test environment
2013-04-15 20:23:41 +02:00
Andreas Steffen
8d384fb7df
disable reauth, too
2013-04-15 20:21:27 +02:00
Tobias Brunner
73da6c88a4
Fix checksum calculation with DESTDIR installations
2013-04-15 16:48:46 +02:00
Andreas Steffen
2e12fc4b0a
version bump to 5.0.4
2013-04-14 19:58:17 +02:00
Andreas Steffen
654c88bca8
Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers
2013-04-14 19:57:49 +02:00
Martin Willi
cf1696cab9
Allow SHA1_Init()/SHA1_Update() to fail if OpenSSL version >= 1.0
2013-04-10 18:10:30 +02:00
Martin Willi
b52771fbb2
Check RSA_public_decrypt() length before constructing and comparing a chunk
...
If decryption fails, it returns -1. chunk_equals() should catch that error,
but be more explicit in error checking.
2013-04-10 18:10:30 +02:00
Martin Willi
97d975b7bb
RSA_check_key() may return -1 if it fails
2013-04-10 18:10:30 +02:00
Martin Willi
96a09ce226
RAND_bytes/RAND_pseudo_bytes returns -1 if it is not supported by RAND method
2013-04-10 18:10:30 +02:00
Martin Willi
0faaab20cd
Check return value of ECDSA_Verify() correctly
2013-04-10 18:10:30 +02:00
Martin Willi
b2b99e61c8
eap-radius: Add an option to exclude ports from Called/Calling-Station-Id
2013-04-10 13:48:03 +02:00
Andreas Steffen
022df06e1a
version bump to 5.0.4dr1
2013-04-09 15:20:49 +02:00