Andreas Steffen
12d68762f7
issue warning if sqlite finalize is missing
2012-10-26 13:22:02 +02:00
Tobias Brunner
2380f3a830
Added documentation for NTLM secrets
2012-10-25 09:51:47 +02:00
Martin Willi
828cefc313
Fix RSA encryption padding terminator in gmp plugin, broken with 5025135f
2012-10-24 20:26:10 +02:00
Tobias Brunner
e34573dd48
Added missing noskip_flag setter/getter to some pa_tnc_attr_t constructors
2012-10-24 17:58:36 +02:00
Martin Willi
2fc0232a39
Add a scepclient option to specify a CA identifier to fetch certs for
2012-10-24 16:28:58 +02:00
Tobias Brunner
f48e727232
Remove all ESP proposals with non-matching DH group during Quick Mode
...
According to RFC 2409, section 5.5, if PFS is used all proposals MUST
include the selected DH group, so we remove proposals without the
proposed group and remove other DH groups from the remaining proposals.
2012-10-24 16:09:42 +02:00
Tobias Brunner
4eba7269b8
proposal_t.strip_dh() takes a DH group to keep, using MODP_NONE will remove all
2012-10-24 16:09:42 +02:00
Tobias Brunner
e74f184cb4
Remove MODP groups from default ESP proposal
...
This now actually makes pfs=no the default and it equals the default
listed in ipsec.conf.5. efc69e9f
preserved the default of pfs=yes.
2012-10-24 16:09:42 +02:00
Tobias Brunner
bca34c3717
Moved utils.[ch] to utils folder
2012-10-24 16:07:53 +02:00
Tobias Brunner
f9625952ad
Moved settings_t to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
d5c143e5be
Moved enum_name_t to utils folder
2012-10-24 16:00:50 +02:00
Tobias Brunner
125b37af6d
Moved chunk_t to utils folder
2012-10-24 16:00:50 +02:00
Tobias Brunner
05e448c5cc
Moved printf hooks to utils folder
2012-10-24 16:00:50 +02:00
Tobias Brunner
08944b68ac
Moved integrity_checker_t to utils folder
2012-10-24 16:00:50 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
fdee6b5f5a
Moved packet_t and tun_device_t to networking folder
2012-10-24 15:06:18 +02:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Martin Willi
c4894cc172
Send certificate requests in load-tester
2012-10-24 13:25:45 +02:00
Martin Willi
0f3c5f8502
Add load-tester traffic selector configuration options
2012-10-24 13:25:13 +02:00
Martin Willi
1efd6c6f2a
Make use of new CIDR string ts constructor where appropriate
2012-10-24 13:25:08 +02:00
Martin Willi
fd6c0c8fb4
Add a traffic selector constructor creating a TS directly from a CIDR string
2012-10-24 13:25:02 +02:00
Martin Willi
8fc7bbc6ba
Add NEWS about explicitly loaded pkcs11 certificates from ipsec.conf
2012-10-24 13:16:39 +02:00
Martin Willi
712e81306f
PKCS#11 library search using keyid uses a fallback to look for certificates
2012-10-24 13:07:54 +02:00
Martin Willi
aa51d5dd25
Increase the limit of acceptable IKEv1 CERTREQ payloads to 20
2012-10-24 13:07:53 +02:00
Martin Willi
4ce55ffb0b
Use explicit, larger buffer sizes for smartcard keyids and modules
2012-10-24 13:07:53 +02:00
Martin Willi
cd844e1c97
Remove obsolete pluto smartcard syntax in ipsec.secrets.5
2012-10-24 13:07:53 +02:00
Martin Willi
f6d8fb3687
Updated ipsec.conf.5 regarding (CA) certificates loaded from smartcards
2012-10-24 13:07:53 +02:00
Martin Willi
434902b302
Add a strongswan.conf option to disable loading of all certificates from a pkcs11 module
2012-10-24 13:07:53 +02:00
Martin Willi
794d713dca
Support loading cacert certificates in ipsec.conf ca sections from smartcard
2012-10-24 13:07:53 +02:00
Martin Willi
2abe404927
Refactored stroke smartcard token parsing, support module and slot in leftcert option
2012-10-24 13:07:53 +02:00
Martin Willi
36e47a409b
Explicit pkcs11 certificate loading can enforce a module and a slot
2012-10-24 13:07:53 +02:00
Martin Willi
5d4c27d077
Be less verbose if loading PKCS#11 certificate fails
2012-10-24 13:07:53 +02:00
Martin Willi
05e266ea9d
Add leftcert ipsec.conf.5 documentation about smartcard certificates
2012-10-24 13:07:53 +02:00
Martin Willi
9687cb5100
Load ipsec.conf %smartcard leftcerts with pkcs11 builder
2012-10-24 13:07:52 +02:00
Martin Willi
fbd3863571
Add a builder to load specific pkcs11 certificates by keyid
2012-10-24 13:07:52 +02:00
Martin Willi
ffe42fa405
If no pkcs11 public key for a private key found, search for a certificate
2012-10-24 13:07:52 +02:00
Martin Willi
44fdc62f82
Move pkcs11 public key lookup function declaration to header file
2012-10-24 13:07:52 +02:00
Martin Willi
6910e5c753
Add NEWS about proposals with PRFs different from integrity protection algorithms
2012-10-24 11:52:59 +02:00
Martin Willi
5b2e669ba2
Add ipsec.conf.5 documentation for explicit PRFs in IKE proposals
2012-10-24 11:49:37 +02:00
Martin Willi
7ee16e4b85
Only add an implicit PRF based on the MAC alg if no PRF given in proposal
2012-10-24 11:49:37 +02:00
Martin Willi
60e59b7e7f
Add proposal keywords to explicitly specify PRF algorithms
2012-10-24 11:49:36 +02:00
Martin Willi
343e998927
Added NEWS about lookip plugin
2012-10-24 11:47:18 +02:00
Martin Willi
a7f5eb1035
Add an interactive mode in lookip tool, demonstrate lasting connections
2012-10-24 11:43:34 +02:00
Martin Willi
9d422bb1b0
Send a lookip NOT_FOUND reply if a lookup yields no results
2012-10-24 11:43:34 +02:00
Martin Willi
f6fb2b98e9
lookup function of lookip listener returns the number of matches
2012-10-24 11:43:34 +02:00
Martin Willi
31576ceddf
Handle multiple lookip connections using a single FDSET
2012-10-24 11:43:34 +02:00
Martin Willi
28683ef137
Renamed list to store listening lookip clients
2012-10-24 11:43:34 +02:00
Martin Willi
bae50c7393
Handle client subscriptions in lookip plugin
2012-10-24 11:43:34 +02:00
Martin Willi
7650dd9a4f
Add a lookip server side UNIX socket processing LOOKUP and DUMP requests
2012-10-24 11:43:34 +02:00