34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
4f8bd6d404
pool: Typo in Makefile fixed
2014-02-12 14:34:09 +01:00
6e288ed19c
pool: Install SQL schemas from src/pool
...
This allows us to install the schemas if either the attr-sql or sql
plugin is enabled, since both use the same schema (at least in parts).
2014-02-12 14:21:26 +01:00
b2cd0870a3
sql: Set default values for some fields in addresses table
2014-02-12 14:08:34 +01:00
de7f5305d9
libimcv: Install SQL files in /usr/share/strongswan/templates/database
2014-02-12 14:08:34 +01:00
9ca9d99bc4
sql: Install SQL schemas in /usr/share/strongswan/templates/database
2014-02-12 14:08:34 +01:00
68539c38e2
sql: Remove unused cred.sql snippet
2014-02-12 14:08:34 +01:00
ebc665be4d
asn1: Support dates before 1970-01-01 (i.e. when time_t gets negative)
...
On x86 we allow "overflows" around 1969/1970 but not for other dates.
Fixes #509 .
2014-02-12 13:54:05 +01:00
addc34d5f0
asn1: Add additional validation for parsed ASN.1 date/time values
2014-02-12 13:53:57 +01:00
9e1ce63915
ikev1: Fix config switching due to failed authentication during Aggressive mode
...
The encoded ID payload gets destroyed by the authenticator, which caused
a segmentation fault after the switch.
Fixes #501 .
2014-02-12 13:53:03 +01:00
822b22c96f
kernel-pfroute: Don't cache route entries if installation fails
2014-02-12 13:52:25 +01:00
f0f78b74d4
kernel-netlink: Don't cache route entries if installation fails
...
Fixes #500 .
2014-02-12 13:52:01 +01:00
5e75f50b70
identification: Fix printing of empty RDNs on FreeBSD
...
On FreeBSD (null) is printed for NULL even if the precision is 0.
2014-02-12 13:45:42 +01:00
f8c9c03de0
tests: Fix test for printing NULL on FreeBSD
2014-02-12 13:45:42 +01:00
d9c7fcd0ee
unit-tests: added asn1_parser tests
2014-02-10 21:29:34 +01:00
e62c6b0a24
unit-tests: added some more ASN.1 length tests
2014-02-10 21:29:34 +01:00
b351acfed6
leak_detective: Assign return value of realloc to buf
...
If realloc return a pointer value different from the value to be
reallocated, a double free can occur in this context.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2014-02-10 17:23:54 +01:00
7707357227
rdrand: Provide get_features() regardless of RDRAND availability
...
As having no get_features() raises a deprecated warning, we return no features
instead.
2014-02-10 11:22:16 +01:00
144f1d7041
rdrand: Move RDRAND detection log to level 2
...
When having RDRAND support, these log messages might be confusing when using
pki or other tools.
2014-02-10 11:07:50 +01:00
ac2dc3b726
updown: Return an empty DNS server enumerator if no IKE_SA available
...
The one existing caller does not handle a NULL return and always expects
an enumerator; and returning FALSE does not make sense anyway.
2014-02-06 16:38:39 +01:00
e2de972c55
charon-cmd: Request an IPv6 virtual IP if an IPv6 remote subnet given
2014-02-06 15:58:13 +01:00
fe7269c089
charon-cmd: Document new proposal options in manpage
2014-02-06 15:58:13 +01:00
c9e85424a8
charon-cmd: Add --esp/--ah-proposal options to specify CHILD_SA proposals
2014-02-06 15:58:07 +01:00
2796cf59bc
charon-cmd: Add an --ike-proposal option to specify non-default IKE proposals
2014-02-06 15:57:36 +01:00
1df1430146
charon-cmd: Block SIGUSR1 on worker threads
...
To properly shut down charon-cmd with leak reports, only the main thread
should catch SIGUSR1 to shut down the application. Work threads should ignore
SIGUSR1 to avoid any hard application termination.
2014-02-06 15:57:36 +01:00
0edd13b6c8
Document ipsec attest --session command
2014-02-05 12:06:46 +01:00
24f59868c4
Allow output of session time in UTC
2014-02-05 12:06:22 +01:00
d6804e3041
Added missing semicolon in SQL statements
2014-02-05 10:15:56 +01:00
523c2874fb
Added Android 4.3.1 to products database table
2014-02-04 19:49:34 +01:00
2a43f7fd9e
Added new Android versions to PTS database
2014-02-04 06:59:01 +01:00
1f4883008e
unit-tests: Add some test cases for HTTP GET/POST fetches
2014-01-31 12:18:32 +01:00
1691b19900
unit-tests: Fix test_runner_run() apidoc
2014-01-29 13:38:10 +01:00
3114cecdbe
pki: Declare correct section in pki --issue man page
2014-01-24 16:17:46 +01:00
d048a319df
ike: Restart inactivity counter after doing a CHILD_SA rekey
...
When doing a rekey for a CHILD_SA, the use counters get reset. An inactivity
job is queued for a time unrelated to the rekey time, so it might happen
that the inactivity job gets executed just after rekeying. If this happens,
inactivity is detected even if we had traffic on the rekeyed CHILD_SA just
before rekeying.
This change implies that inactivity checks can't handle inactivity timeouts
for rekeyed CHILD_SAs, and therefore requires that inactivity timeout is shorter
than the rekey time to have any effect.
2014-01-23 16:19:22 +01:00
763e035335
child-sa: Add a getter for CHILD_SA install time
2014-01-23 16:19:22 +01:00
2312504d1e
xauth-pam: Open/close a PAM session for each connected client
...
Signed-off-by: Andrea Bonomi <a.bonomi@endian.com>
2014-01-23 16:07:04 +01:00
7dc8bf495b
xauth-pam: Sanitize XAuth attributes before passing them to PAM
2014-01-23 16:07:04 +01:00
c7c2e24a56
ikev2: Add Cisco FRAGMENTATION vendor ID
...
Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
2014-01-23 16:04:04 +01:00
2c6d204bec
ikev2: Add Cisco Copyright vendor ID
...
Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
2014-01-23 16:04:01 +01:00
f84d1cb2f9
ikev2: Add Cisco Delete Reason vendor ID
...
Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.
2014-01-23 16:03:55 +01:00
a8d8e631f9
ikev2: Use a more dynamic vendor ID database, as we use with IKEv1
2014-01-23 16:02:18 +01:00
853498155e
libpts: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:33 +01:00
7ae878c357
tnccs: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:33 +01:00
88fa7f62be
pem: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:33 +01:00
ecdef634aa
stroke: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:32 +01:00
b8d0103e31
radattr: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:32 +01:00
39badc53cd
libfast: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:32 +01:00
69be6a9e05
integrity-checker: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:32 +01:00
b9ee059ca9
chunk: Externalize error reporting in chunk_write()
...
This avoids passing that arbitrary label just for error messages, and gives
greater flexibility in handling errors.
2014-01-23 15:55:32 +01:00
37374a292a
chunk: Provide a fallback chunk_map() if mmap is not available
2014-01-23 15:55:32 +01:00
Tobias Brunner