Andreas Steffen
344e1b6060
Version bump to 5.6.2dr3
2017-12-13 08:54:54 +01:00
Andreas Steffen
0fb293fc91
tpm_extendpcr: Extend digests into a TPM PCR
2017-12-13 07:10:28 +01:00
Andreas Steffen
5d3eb57cfd
Version bump to 5.6.2dr2
2017-12-10 21:42:02 +01:00
Andreas Steffen
ee402a22a3
asn1: Added tlsfeature OID
2017-12-10 19:56:14 +01:00
Andreas Steffen
3e7a19bfa9
pki: Extend pki --print with --keyid parameter
2017-12-10 19:31:10 +01:00
Andreas Steffen
acfd590ab6
imc-os: Derive device ID from private key bound to smartcard or TPM
2017-12-10 11:51:50 +01:00
Eyal Birger
2389168388
ipsec-types: Don't mask the mark value if it is one of the 'unique' values
...
Support for mark=%unique/%unique-dir is implemented by using designated
magic mark values.
Use of masks is orthogonal to the 'unique' feature, as it is useful to be
able to designate portions of the packet mark for other purposes, while
still using different marks for different connections.
When these magic values are masked, their magic meaning is lost.
Perform masking only on explicit mark values.
Closes strongswan/strongswan#87 .
2017-12-07 09:36:53 +01:00
Lubomir Rintel
ee22e8080f
nm: Allow disabling libnm-glib
...
The distros are eventually going to drop it, allow omitting it.
Closes strongswan/strongswan#86 .
2017-12-06 11:13:03 +01:00
Andreas Steffen
4f60b72a81
Version bump to 5.6.2dr1
2017-12-05 22:23:43 +01:00
Andreas Steffen
71cf3d709a
pt-tls-client: Load certificates via handle from smartcard or TPM
2017-12-05 21:31:31 +01:00
Andreas Steffen
e850d000b8
libtpmtss: Load X.509 certificates from TPM 2.0 NV RAM
2017-12-05 21:31:31 +01:00
Andreas Steffen
fb1cf320a2
libtpmtss: Extend TPM 2.0 capability info
2017-12-05 21:31:31 +01:00
Tobias Brunner
0729be1bfe
Merge branch 'android-proposals'
...
Makes IKE and ESP proposals configurable.
2017-11-28 16:23:41 +01:00
Tobias Brunner
4a79434b11
android: Remove modp1024 from the ESP proposals
2017-11-28 16:19:08 +01:00
Tobias Brunner
8517a0edb4
testing: Explicitly deliver all test results as text/plain
2017-11-28 16:17:50 +01:00
Andreas Steffen
203a86ecb8
Version bump to 5.6.1
2017-11-17 22:42:28 +01:00
Andreas Steffen
f60b08ba0d
testing: Added swanctl/rw-cert-pss scenario
2017-11-17 22:42:07 +01:00
Tobias Brunner
5a6f687bdf
android: New release after adding configurable proposals
2017-11-17 18:11:43 +01:00
Tobias Brunner
b03713add4
android: Validate proposal strings when importing profiles
2017-11-17 18:11:43 +01:00
Tobias Brunner
9f962f6c19
android: Validate proposal strings in the GUI
2017-11-17 18:11:43 +01:00
Tobias Brunner
836a943804
android: Add utility JNI function to validate proposal strings
2017-11-17 18:11:39 +01:00
Tobias Brunner
2307bffe56
proposal: Move proposal_t from libcharon to libstrongswan
...
This allows us to use it without having to initialize libcharon, which
was required for the logging (we probably could have included debug.h
instead of daemon.h to workaround that but this seems more correct).
2017-11-17 18:09:54 +01:00
Tobias Brunner
92c1b52487
android: Load JNI libraries in Application class
...
This way they are also loaded when we don't use CharonVpnService.
2017-11-17 18:05:35 +01:00
Tobias Brunner
2d1f65feb3
android: Make IKE/ESP proposals configurable in the GUI
2017-11-17 18:05:35 +01:00
Tobias Brunner
6403ad5457
android: Import IKE/ESP proposals
...
We currently don't validate them here, only when used later will they
get parsed (which includes some checks).
2017-11-17 14:31:06 +01:00
Tobias Brunner
a7c43544dd
android: Use optional custom proposals for IKE and ESP
...
If the proposal is invalid we fall back to the defaults.
2017-11-17 14:31:06 +01:00
Tobias Brunner
24c22a3fa8
android: Add properties for IKE and ESP proposals
2017-11-17 14:31:06 +01:00
Tobias Brunner
8b6c23342c
android: Free settings string passed via JNI
2017-11-17 14:31:06 +01:00
Tobias Brunner
caee751d13
NEWS: Added some news for 5.6.1
2017-11-17 10:00:29 +01:00
Tobias Brunner
f7a73fe0f7
hashers: Change names of SHA2 hash algorithms
...
Keep the lower case names as they are as we use them internally (parsing
and e.g. in OpenSSL as identifier).
2017-11-17 09:32:47 +01:00
Tobias Brunner
36ae037b81
ikev2: Add hash algorithm used for RSASSA-PSS signature to log message
2017-11-17 09:30:53 +01:00
Tobias Brunner
dfd5f090fb
hasher: Add uppercase short names for hash algorithms
2017-11-17 09:30:53 +01:00
Tobias Brunner
ce4aebe00a
testing: Configure logging via syslog in strongswan.conf
...
Globally configure logging in strongswan.conf.testing and replace all
charondebug statements with strongswan.conf settings.
2017-11-15 17:24:04 +01:00
Tobias Brunner
d24d26c4bc
testing: Disable logging via journal in charon-systemd
...
This avoids duplicate log messages as we already log via syslog to get
daemon.log.
2017-11-15 17:12:09 +01:00
Tobias Brunner
be214cb17e
testing: Globally define logging via syslog for charon-systemd
...
We could make the same change for charon (actually setting it for charon
in strongswan.conf.testing would work for charon-systemd too), however,
there are dozens of test cases that currently set charondebug in
ipsec.conf.
2017-11-15 17:09:55 +01:00
Tobias Brunner
7a659c0f99
x509: Initialize signature params when parsing attribute certificates
2017-11-15 14:41:56 +01:00
Tobias Brunner
26d18f4efb
sw-collector: Unmap history file on failure to instantiate extractor
2017-11-15 14:40:10 +01:00
Tobias Brunner
42353849cb
charon: Explicitly check return value of fileno()
...
This is mainly for Coverity because fchown() can't take a negative
value, which the -1 check implies is possible.
2017-11-15 14:37:43 +01:00
Tobias Brunner
be79839ea7
pkcs8: Add explicit comment for RSASSA-PSS fall-through
2017-11-15 14:33:05 +01:00
Tobias Brunner
7f1d944bc9
The pacman tool got replaced by the sec-updater tool
2017-11-15 12:18:17 +01:00
Tobias Brunner
851e51d1cf
sec-updater: Fix typo in documentation
2017-11-15 12:10:33 +01:00
Tobias Brunner
527b3f0ca5
Fixed some typos, courtesy of codespell
2017-11-15 10:21:13 +01:00
Tobias Brunner
c87b16d256
swanctl: Add check for conflicting short options
2017-11-13 10:09:41 +01:00
Tobias Brunner
f0c7cbd1d7
swanctl: Properly register --counters commmand
...
Use C instead of c, which is already used for --load-conns.
2017-11-13 09:45:14 +01:00
Andreas Steffen
859cb93d28
testing: Do not remove all swanctl subdirectories
2017-11-11 19:23:01 +01:00
Andreas Steffen
b20bf062e8
Version bump to 5.6.1rc1
2017-11-11 18:25:17 +01:00
Andreas Steffen
74f8ad7fd9
Merge branch 'swanctl-testing'
2017-11-11 16:42:38 +01:00
Andreas Steffen
7df35af7cc
libimcv: Updated imv database
2017-11-11 16:41:16 +01:00
Andreas Steffen
13a3f20f2e
testing: Converterd tnc to systemd
2017-11-11 16:41:16 +01:00
Andreas Steffen
323f0b05d7
testing: Converted sql to systemd
2017-11-11 16:41:15 +01:00