ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
10,975 Commits 7 Branches 233 Tags 88 MiB
Commit Graph

10975 Commits

Author SHA1 Message Date
Tobias Brunner 3b7f25906e android: Replace android-net plugin with kernel-netlink 
Virtual IPs are not handled by the kernel-netlink plugin and tun devices are
ignored.
 2013-05-03 15:11:19 +02:00
Tobias Brunner 67332b4e22 android: Set strongswan.conf options before initializing other libraries 2013-05-03 15:11:19 +02:00
Tobias Brunner 0b9ce21b5e kernel-netlink: Define defaults for routing table and prio 2013-05-03 15:11:19 +02:00
Tobias Brunner 2d7b55bf9b openssl: Define a default for FIPS_MODE 2013-05-03 15:11:19 +02:00
Martin Willi 9312fbc73d In memwipe_check(), don't put magic on stack when calling do_magic() 
Otherwise the magic might be on the stack while checking it.
 2013-05-03 14:17:37 +02:00
Martin Willi 1657b4ef26 Dump stack if memwipe() check fails 2013-05-03 11:41:51 +02:00
Andreas Steffen 0f499f41dc Use attest database in tnc/tnccs-20-os scenario 2013-04-21 16:31:23 +02:00
Andreas Steffen 9fab0a58d3 fixed a 64bit time_t issue 2013-04-21 16:07:13 +02:00
Andreas Steffen 70a7917e72 destroy SQL query 2013-04-21 16:00:23 +02:00
Andreas Steffen 6c998b8b9e Keep last AR ID 2013-04-21 08:19:30 +02:00
Andreas Steffen bec5bf02ac Added use of openssl-fips library to NEWS 2013-04-19 18:49:43 +02:00
Andreas Steffen 1b912ad384 check for successful activation of FIPS mode 2013-04-19 18:46:52 +02:00
Andreas Steffen b97dd59ba8 install FIPS-aware OpenSSL Debian packages 2013-04-19 18:36:38 +02:00
Andreas Steffen 545df30c18 Added openssl-ikev2/rw-cpa scenario 2013-04-19 18:34:35 +02:00
Andreas Steffen 70312e6596 build openssl-fips in KVM root-image 2013-04-19 18:34:35 +02:00
Andreas Steffen 2d902d7e7c fixed typo 2013-04-19 18:33:41 +02:00
Martin Willi e6ba688a35 During libstrongswan initialization, check if memwipe() works as expected 2013-04-18 13:05:37 +02:00
Andreas Steffen 6b99da026c added libstrongswan.plugins.openssl.fips_mode to man page 2013-04-16 13:44:06 +02:00
Andreas Steffen f4de6496a2 support of OpenSSL FIPS-140-2 library 2013-04-16 12:37:04 +02:00
Andreas Steffen ef934caba8 build soup plugin in KVM test environment 2013-04-15 20:23:41 +02:00
Andreas Steffen 8d384fb7df disable reauth, too 2013-04-15 20:21:27 +02:00
Tobias Brunner 73da6c88a4 Fix checksum calculation with DESTDIR installations 2013-04-15 16:48:46 +02:00
Andreas Steffen 2e12fc4b0a version bump to 5.0.4 2013-04-14 19:58:17 +02:00
Andreas Steffen 654c88bca8 Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers 2013-04-14 19:57:49 +02:00
Martin Willi cf1696cab9 Allow SHA1_Init()/SHA1_Update() to fail if OpenSSL version >= 1.0 2013-04-10 18:10:30 +02:00
Martin Willi b52771fbb2 Check RSA_public_decrypt() length before constructing and comparing a chunk 
If decryption fails, it returns -1. chunk_equals() should catch that error,
but be more explicit in error checking.
 2013-04-10 18:10:30 +02:00
Martin Willi 97d975b7bb RSA_check_key() may return -1 if it fails 2013-04-10 18:10:30 +02:00
Martin Willi 96a09ce226 RAND_bytes/RAND_pseudo_bytes returns -1 if it is not supported by RAND method 2013-04-10 18:10:30 +02:00
Martin Willi 0faaab20cd Check return value of ECDSA_Verify() correctly 2013-04-10 18:10:30 +02:00
Martin Willi b2b99e61c8 eap-radius: Add an option to exclude ports from Called/Calling-Station-Id 2013-04-10 13:48:03 +02:00
Andreas Steffen 022df06e1a version bump to 5.0.4dr1 2013-04-09 15:20:49 +02:00
Andreas Steffen 676e862487 fixed another printf statement 2013-04-09 15:16:49 +02:00
Andreas Steffen 1a185ae14b fixed printf statements 2013-04-08 22:21:14 +02:00
Andreas Steffen 12fa1784d0 emit a single assig_vips bus message for all VIPs 2013-04-06 14:16:30 +02:00
Andreas Steffen ba2880d569 ifmap plugin subscribes to assing_vip bus signal 2013-04-06 11:09:41 +02:00
Tobias Brunner 5cb4f5519b Added missing sasl Doxygen group 2013-04-05 16:03:39 +02:00
Tobias Brunner 14edee56bf unity: Check IKE_SA in only after enumerating virtual IPs 2013-04-05 16:03:10 +02:00
Andreas Steffen 8dade2d146 fixed configure options 2013-04-04 21:09:07 +02:00
Andreas Steffen 2a4915e87a cleaned up XML code in tnccs-11 plugin 2013-04-04 17:12:07 +02:00
Martin Willi 9c84bbcbc0 duplicheck: track multiple IKE_SAs in checking state to avoid any races 
When two consequent duplicates have been detected, track state of each checking
IKE_SA separately, avoiding potential race conditions between the active SA
and the different SAs in checking state.
 2013-04-04 15:51:48 +02:00
Andreas Steffen 93f53a78b5 fixed memory leak 2013-04-03 21:38:04 +02:00
Andreas Steffen 3ea6fcb593 properly handle orphaned renewSession jobs 2013-04-03 21:38:04 +02:00
Andreas Steffen 91503c2112 support chunked HTTP responses 2013-04-03 21:38:04 +02:00
Andreas Steffen 1044710b04 implemented periodic IF-MAP RenewSession request 2013-04-03 21:38:04 +02:00
Martin Willi bee8b5e385 Refactor check_for_rekeyed_child() in quick_mode task 2013-04-03 17:08:00 +02:00
Martin Willi ac48d9e458 Reuse reqid of an existing Quick Mode, even if it has been rekeyed 
If two peers rekey Quick Modes at the same time, the original Quick Mode is
in REKEYING state and hence the requid is not reused. This is required though,
as two identical policies won't work if they have different requids.
 2013-04-03 15:56:26 +02:00
Martin Willi 7f4f1e8249 List all stroke counters when "all" is given, and report if connection not known 2013-04-03 14:58:08 +02:00
Martin Willi bee6515a28 Defer CHILD_SA rekeying if allocating an SPI fails 2013-04-03 12:25:27 +02:00
Martin Willi 3f4300ed1e Accept a certificate/key pair to use client authentication in tls_test 2013-04-02 16:09:17 +02:00
Andreas Steffen e019fa60b7 version bump to 5.0.3 2013-04-02 08:55:40 +02:00