Tobias Brunner
3b7f25906e
android: Replace android-net plugin with kernel-netlink
...
Virtual IPs are not handled by the kernel-netlink plugin and tun devices are
ignored.
2013-05-03 15:11:19 +02:00
Tobias Brunner
67332b4e22
android: Set strongswan.conf options before initializing other libraries
2013-05-03 15:11:19 +02:00
Tobias Brunner
0b9ce21b5e
kernel-netlink: Define defaults for routing table and prio
2013-05-03 15:11:19 +02:00
Tobias Brunner
2d7b55bf9b
openssl: Define a default for FIPS_MODE
2013-05-03 15:11:19 +02:00
Martin Willi
9312fbc73d
In memwipe_check(), don't put magic on stack when calling do_magic()
...
Otherwise the magic might be on the stack while checking it.
2013-05-03 14:17:37 +02:00
Martin Willi
1657b4ef26
Dump stack if memwipe() check fails
2013-05-03 11:41:51 +02:00
Andreas Steffen
0f499f41dc
Use attest database in tnc/tnccs-20-os scenario
2013-04-21 16:31:23 +02:00
Andreas Steffen
9fab0a58d3
fixed a 64bit time_t issue
2013-04-21 16:07:13 +02:00
Andreas Steffen
70a7917e72
destroy SQL query
2013-04-21 16:00:23 +02:00
Andreas Steffen
6c998b8b9e
Keep last AR ID
2013-04-21 08:19:30 +02:00
Andreas Steffen
bec5bf02ac
Added use of openssl-fips library to NEWS
2013-04-19 18:49:43 +02:00
Andreas Steffen
1b912ad384
check for successful activation of FIPS mode
2013-04-19 18:46:52 +02:00
Andreas Steffen
b97dd59ba8
install FIPS-aware OpenSSL Debian packages
2013-04-19 18:36:38 +02:00
Andreas Steffen
545df30c18
Added openssl-ikev2/rw-cpa scenario
2013-04-19 18:34:35 +02:00
Andreas Steffen
70312e6596
build openssl-fips in KVM root-image
2013-04-19 18:34:35 +02:00
Andreas Steffen
2d902d7e7c
fixed typo
2013-04-19 18:33:41 +02:00
Martin Willi
e6ba688a35
During libstrongswan initialization, check if memwipe() works as expected
2013-04-18 13:05:37 +02:00
Andreas Steffen
6b99da026c
added libstrongswan.plugins.openssl.fips_mode to man page
2013-04-16 13:44:06 +02:00
Andreas Steffen
f4de6496a2
support of OpenSSL FIPS-140-2 library
2013-04-16 12:37:04 +02:00
Andreas Steffen
ef934caba8
build soup plugin in KVM test environment
2013-04-15 20:23:41 +02:00
Andreas Steffen
8d384fb7df
disable reauth, too
2013-04-15 20:21:27 +02:00
Tobias Brunner
73da6c88a4
Fix checksum calculation with DESTDIR installations
2013-04-15 16:48:46 +02:00
Andreas Steffen
2e12fc4b0a
version bump to 5.0.4
2013-04-14 19:58:17 +02:00
Andreas Steffen
654c88bca8
Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers
2013-04-14 19:57:49 +02:00
Martin Willi
cf1696cab9
Allow SHA1_Init()/SHA1_Update() to fail if OpenSSL version >= 1.0
2013-04-10 18:10:30 +02:00
Martin Willi
b52771fbb2
Check RSA_public_decrypt() length before constructing and comparing a chunk
...
If decryption fails, it returns -1. chunk_equals() should catch that error,
but be more explicit in error checking.
2013-04-10 18:10:30 +02:00
Martin Willi
97d975b7bb
RSA_check_key() may return -1 if it fails
2013-04-10 18:10:30 +02:00
Martin Willi
96a09ce226
RAND_bytes/RAND_pseudo_bytes returns -1 if it is not supported by RAND method
2013-04-10 18:10:30 +02:00
Martin Willi
0faaab20cd
Check return value of ECDSA_Verify() correctly
2013-04-10 18:10:30 +02:00
Martin Willi
b2b99e61c8
eap-radius: Add an option to exclude ports from Called/Calling-Station-Id
2013-04-10 13:48:03 +02:00
Andreas Steffen
022df06e1a
version bump to 5.0.4dr1
2013-04-09 15:20:49 +02:00
Andreas Steffen
676e862487
fixed another printf statement
2013-04-09 15:16:49 +02:00
Andreas Steffen
1a185ae14b
fixed printf statements
2013-04-08 22:21:14 +02:00
Andreas Steffen
12fa1784d0
emit a single assig_vips bus message for all VIPs
2013-04-06 14:16:30 +02:00
Andreas Steffen
ba2880d569
ifmap plugin subscribes to assing_vip bus signal
2013-04-06 11:09:41 +02:00
Tobias Brunner
5cb4f5519b
Added missing sasl Doxygen group
2013-04-05 16:03:39 +02:00
Tobias Brunner
14edee56bf
unity: Check IKE_SA in only after enumerating virtual IPs
2013-04-05 16:03:10 +02:00
Andreas Steffen
8dade2d146
fixed configure options
2013-04-04 21:09:07 +02:00
Andreas Steffen
2a4915e87a
cleaned up XML code in tnccs-11 plugin
2013-04-04 17:12:07 +02:00
Martin Willi
9c84bbcbc0
duplicheck: track multiple IKE_SAs in checking state to avoid any races
...
When two consequent duplicates have been detected, track state of each checking
IKE_SA separately, avoiding potential race conditions between the active SA
and the different SAs in checking state.
2013-04-04 15:51:48 +02:00
Andreas Steffen
93f53a78b5
fixed memory leak
2013-04-03 21:38:04 +02:00
Andreas Steffen
3ea6fcb593
properly handle orphaned renewSession jobs
2013-04-03 21:38:04 +02:00
Andreas Steffen
91503c2112
support chunked HTTP responses
2013-04-03 21:38:04 +02:00
Andreas Steffen
1044710b04
implemented periodic IF-MAP RenewSession request
2013-04-03 21:38:04 +02:00
Martin Willi
bee8b5e385
Refactor check_for_rekeyed_child() in quick_mode task
2013-04-03 17:08:00 +02:00
Martin Willi
ac48d9e458
Reuse reqid of an existing Quick Mode, even if it has been rekeyed
...
If two peers rekey Quick Modes at the same time, the original Quick Mode is
in REKEYING state and hence the requid is not reused. This is required though,
as two identical policies won't work if they have different requids.
2013-04-03 15:56:26 +02:00
Martin Willi
7f4f1e8249
List all stroke counters when "all" is given, and report if connection not known
2013-04-03 14:58:08 +02:00
Martin Willi
bee6515a28
Defer CHILD_SA rekeying if allocating an SPI fails
2013-04-03 12:25:27 +02:00
Martin Willi
3f4300ed1e
Accept a certificate/key pair to use client authentication in tls_test
2013-04-02 16:09:17 +02:00
Andreas Steffen
e019fa60b7
version bump to 5.0.3
2013-04-02 08:55:40 +02:00