Commit Graph

6227 Commits

Author SHA1 Message Date
Andreas Steffen 1b7e081bfa NEWS for the 4.5.1dr2 release 2010-12-12 10:46:43 +01:00
Andreas Steffen c2e625514d some more cosmetics 2010-12-12 10:19:54 +01:00
Andreas Steffen 41216e6518 final cosmetics in PB-TNC debug output 2010-12-12 10:17:43 +01:00
Andreas Steffen 54eb669dd5 implemented PB-TNC message parsing checks 2010-12-12 00:42:31 +01:00
Andreas Steffen 3a4695dc5e some code optimizations 2010-12-11 00:52:53 +01:00
Andreas Steffen 781730b86a support handshake retry requests 2010-12-10 23:41:12 +01:00
Andreas Steffen 4ca368d223 the PB-TNC protocol is working 2010-12-10 23:21:13 +01:00
Andreas Steffen 512d2e045f refactored message handling 2010-12-10 17:09:21 +01:00
Andreas Steffen af1e3ff567 do not accept results and recommendation messages from clients 2010-12-10 17:04:11 +01:00
Andreas Steffen 7289f4424a defined some additional Private Enterprise Numbers 2010-12-10 14:58:33 +01:00
Andreas Steffen 5988fc0dfd define pb_tnc_state_machine_t object 2010-12-10 14:56:40 +01:00
Andreas Steffen 755f2419a5 debug cosmetics 2010-12-10 11:55:02 +01:00
Martin Willi cf5866b9c0 Renamed purgex509/crl to purgecerts/crls to be consistent with list commands 2010-12-10 11:21:55 +01:00
Andreas Steffen 7e7efa647e implemented handling of received PB-TNC messages 2010-12-10 11:16:57 +01:00
Martin Willi 6aa144ddb7 Added options to flush CRLs/X509 certs from the cert cache 2010-12-10 09:45:22 +01:00
Andreas Steffen 68fada37b1 refactored PB-TNC state machine in receive direction 2010-12-09 23:38:38 +01:00
Andreas Steffen 7382a639fb refactored PB-TNC state machine in send direction 2010-12-09 23:18:55 +01:00
Andreas Steffen 4333c48a1b pb_tnc_batch_t class implements parsing and building of PB-TNC batches 2010-12-09 21:33:12 +01:00
Andreas Steffen 2f942ba67d fixed memory corruption 2010-12-08 12:15:53 +01:00
Martin Willi 86993d6b90 Never register IKE_SA during checkout_new, as rekeying keeps it checked out 2010-12-07 16:30:38 +01:00
Tobias Brunner e6f42b0721 Include the destination net in the policy priority calculation.
The resulting priorities are as follows:

    IPv6               IPv4
    routed   normal    routed   normal
max 4096(+3) 2048(+3)  4096(+3) 2048(+3)
min 3072     1024      3840     1792

Where min is for a policy between two single hosts and max is
for /0 on both ends (lower priorities are preferred by the kernel).
(+3) applies for cases where no protocol and no ports are defined.
2010-12-07 12:14:50 +01:00
Andreas Steffen 4332cd7f95 added newline 2010-12-07 09:02:55 +01:00
Andreas Steffen faccd69068 re-introduced comment 2010-12-07 09:01:28 +01:00
Andreas Steffen a42aaed64f Migrated stroke_control_t to INIT/METHOD macros 2010-12-07 08:58:57 +01:00
Andreas Steffen d31aec9fa7 Migrated stroke_plugin_t to INIT/METHOD macros 2010-12-07 08:01:56 +01:00
Thomas Egerer 76ce213c43 Guarantee entry->other is set when calling put_connected_peers
Given the original intent of entry->host, the check for DoS attacks, it
can happen that this value remains NULL when an entry is created. This
is particularly awkward if put_connected_peers is called to check if a
connection to a given peer already exists, since it takes the address
family into consideration (git commit b74219d0) which is gleaned from
entry->host.
This patch guarantees that entry->other is a clone of host before
put_connected_peers is called.
2010-12-06 10:56:57 +01:00
Andreas Steffen 2965eb3cc7 added sql/multi-level-ca scenario 2010-12-05 21:53:43 +01:00
Andreas Steffen 93cbe45c09 stupid typo 2010-12-05 15:48:22 +01:00
Andreas Steffen fba18c5105 cosmetics 2010-12-05 15:23:18 +01:00
Andreas Steffen 02f08ef910 cosmetics 2010-12-05 15:16:15 +01:00
Andreas Steffen a6bf8e9118 added parsing checks 2010-12-05 15:01:01 +01:00
Andreas Steffen 58d73d38bc output TLS-independent error messages 2010-12-05 14:55:18 +01:00
Andreas Steffen 13a7f5f3e3 added certificate_authorities and certificate_distribution_points tables 2010-12-05 11:30:06 +01:00
Andreas Steffen 2da636fd9b support of reqid field in SQL database 2010-12-05 11:21:40 +01:00
Andreas Steffen e150442bed fixed pb_reason_string_message_t class 2010-12-05 11:20:18 +01:00
Andreas Steffen 7e02e49112 Migrated fips_prf plugin to INIT/METHOD macros 2010-12-04 20:56:21 +01:00
Andreas Steffen c7b778450e Migrated md4_plugin_t to INIT/METHOD macros 2010-12-04 20:45:49 +01:00
Andreas Steffen e5e79bd403 Migrated md5_plugin_t to INIT/METHOD macros 2010-12-04 20:43:41 +01:00
Andreas Steffen 1e84aa74aa Migrated ldap plugin to INIT/METHOD macros 2010-12-04 20:15:59 +01:00
Andreas Steffen 4df49844d9 Migrated pubkey_plugin_t to INIT/METHOD macros 2010-12-04 15:43:04 +01:00
Andreas Steffen dd621140d3 Migrated pkcs1_plugin_t to INIT/METHOD macros 2010-12-04 11:43:06 +01:00
Andreas Steffen c742935dac Migrated curl_plugin_t to INIT/METHOD macros 2010-12-04 11:40:40 +01:00
Andreas Steffen 1bb67ff852 Migrated random plugin to INIT/METHOD macros 2010-12-04 11:37:03 +01:00
Andreas Steffen 79bbe64e17 Migrated sha1_plugin_t to INIT/METHOD macros 2010-12-04 11:26:02 +01:00
Andreas Steffen 72c436c170 Migrated sha2_plugin_t to INIT/METHOD macros 2010-12-04 10:48:42 +01:00
Andreas Steffen 4d7e8032ec Migrated mysql plugin to INIT/METHOD macros 2010-12-04 10:38:35 +01:00
Andreas Steffen c6fde416c4 use private destroy() function 2010-12-04 10:28:30 +01:00
Andreas Steffen cca86ba94d Migrated sqlite plugin to INIT/METHOD macros 2010-12-04 10:20:33 +01:00
Andreas Steffen 621f9324d9 Migrated test_vectors_plugin_t to INIT/METHOD macros 2010-12-04 10:10:37 +01:00
Andreas Steffen 36e4aa7b9e Migrated x509_plugin_t to INIT/METHOD macros 2010-12-04 10:07:56 +01:00