12d68762f7
issue warning if sqlite finalize is missing
2012-10-26 13:22:02 +02:00
2380f3a830
Added documentation for NTLM secrets
2012-10-25 09:51:47 +02:00
828cefc313
Fix RSA encryption padding terminator in gmp plugin, broken with 5025135f
2012-10-24 20:26:10 +02:00
e34573dd48
Added missing noskip_flag setter/getter to some pa_tnc_attr_t constructors
2012-10-24 17:58:36 +02:00
2fc0232a39
Add a scepclient option to specify a CA identifier to fetch certs for
2012-10-24 16:28:58 +02:00
f48e727232
Remove all ESP proposals with non-matching DH group during Quick Mode
...
According to RFC 2409, section 5.5, if PFS is used all proposals MUST
include the selected DH group, so we remove proposals without the
proposed group and remove other DH groups from the remaining proposals.
2012-10-24 16:09:42 +02:00
4eba7269b8
proposal_t.strip_dh() takes a DH group to keep, using MODP_NONE will remove all
2012-10-24 16:09:42 +02:00
e74f184cb4
Remove MODP groups from default ESP proposal
...
This now actually makes pfs=no the default and it equals the default
listed in ipsec.conf.5. efc69e9f
2012-10-24 16:09:42 +02:00
bca34c3717
Moved utils.[ch] to utils folder
2012-10-24 16:07:53 +02:00
f9625952ad
Moved settings_t to utils folder
2012-10-24 16:00:51 +02:00
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
d5c143e5be
Moved enum_name_t to utils folder
2012-10-24 16:00:50 +02:00
125b37af6d
Moved chunk_t to utils folder
2012-10-24 16:00:50 +02:00
05e448c5cc
Moved printf hooks to utils folder
2012-10-24 16:00:50 +02:00
08944b68ac
Moved integrity_checker_t to utils folder
2012-10-24 16:00:50 +02:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
fdee6b5f5a
Moved packet_t and tun_device_t to networking folder
2012-10-24 15:06:18 +02:00
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
c4894cc172
Send certificate requests in load-tester
2012-10-24 13:25:45 +02:00
0f3c5f8502
Add load-tester traffic selector configuration options
2012-10-24 13:25:13 +02:00
1efd6c6f2a
Make use of new CIDR string ts constructor where appropriate
2012-10-24 13:25:08 +02:00
fd6c0c8fb4
Add a traffic selector constructor creating a TS directly from a CIDR string
2012-10-24 13:25:02 +02:00
8fc7bbc6ba
Add NEWS about explicitly loaded pkcs11 certificates from ipsec.conf
2012-10-24 13:16:39 +02:00
712e81306f
PKCS#11 library search using keyid uses a fallback to look for certificates
2012-10-24 13:07:54 +02:00
aa51d5dd25
Increase the limit of acceptable IKEv1 CERTREQ payloads to 20
2012-10-24 13:07:53 +02:00
4ce55ffb0b
Use explicit, larger buffer sizes for smartcard keyids and modules
2012-10-24 13:07:53 +02:00
cd844e1c97
Remove obsolete pluto smartcard syntax in ipsec.secrets.5
2012-10-24 13:07:53 +02:00
f6d8fb3687
Updated ipsec.conf.5 regarding (CA) certificates loaded from smartcards
2012-10-24 13:07:53 +02:00
434902b302
Add a strongswan.conf option to disable loading of all certificates from a pkcs11 module
2012-10-24 13:07:53 +02:00
794d713dca
Support loading cacert certificates in ipsec.conf ca sections from smartcard
2012-10-24 13:07:53 +02:00
2abe404927
Refactored stroke smartcard token parsing, support module and slot in leftcert option
2012-10-24 13:07:53 +02:00
36e47a409b
Explicit pkcs11 certificate loading can enforce a module and a slot
2012-10-24 13:07:53 +02:00
5d4c27d077
Be less verbose if loading PKCS#11 certificate fails
2012-10-24 13:07:53 +02:00
05e266ea9d
Add leftcert ipsec.conf.5 documentation about smartcard certificates
2012-10-24 13:07:53 +02:00
9687cb5100
Load ipsec.conf %smartcard leftcerts with pkcs11 builder
2012-10-24 13:07:52 +02:00
fbd3863571
Add a builder to load specific pkcs11 certificates by keyid
2012-10-24 13:07:52 +02:00
ffe42fa405
If no pkcs11 public key for a private key found, search for a certificate
2012-10-24 13:07:52 +02:00
44fdc62f82
Move pkcs11 public key lookup function declaration to header file
2012-10-24 13:07:52 +02:00
6910e5c753
Add NEWS about proposals with PRFs different from integrity protection algorithms
2012-10-24 11:52:59 +02:00
5b2e669ba2
Add ipsec.conf.5 documentation for explicit PRFs in IKE proposals
2012-10-24 11:49:37 +02:00
7ee16e4b85
Only add an implicit PRF based on the MAC alg if no PRF given in proposal
2012-10-24 11:49:37 +02:00
60e59b7e7f
Add proposal keywords to explicitly specify PRF algorithms
2012-10-24 11:49:36 +02:00
343e998927
Added NEWS about lookip plugin
2012-10-24 11:47:18 +02:00
a7f5eb1035
Add an interactive mode in lookip tool, demonstrate lasting connections
2012-10-24 11:43:34 +02:00
9d422bb1b0
Send a lookip NOT_FOUND reply if a lookup yields no results
2012-10-24 11:43:34 +02:00
f6fb2b98e9
lookup function of lookip listener returns the number of matches
2012-10-24 11:43:34 +02:00
31576ceddf
Handle multiple lookip connections using a single FDSET
2012-10-24 11:43:34 +02:00
28683ef137
Renamed list to store listening lookip clients
2012-10-24 11:43:34 +02:00
bae50c7393
Handle client subscriptions in lookip plugin
2012-10-24 11:43:34 +02:00
7650dd9a4f
Add a lookip server side UNIX socket processing LOOKUP and DUMP requests
2012-10-24 11:43:34 +02:00
Andreas Steffen