Andreas Steffen
|
36b3c0a8dd
|
regenerated loop intermediate CA certificates
|
2010-07-03 18:18:30 +02:00 |
Andreas Steffen
|
342fc85e9e
|
added ikev2/nat-two-rw-mark scenario
|
2010-07-03 13:25:09 +02:00 |
Andreas Steffen
|
ee26c537d7
|
support of xfrm marks for IKEv2
|
2010-07-02 23:46:09 +02:00 |
Martin Willi
|
02571374c4
|
Recreate IKE_SA_INIT related tasks only if they have completed
|
2010-06-30 13:48:47 +02:00 |
Thomas Egerer
|
31d0efd7e9
|
Use enumerator for queued_tasks migration to avoid infinite loop
|
2010-06-30 13:24:43 +02:00 |
Tobias Brunner
|
c177076b50
|
Enabling some EAP plugins on Android.
|
2010-06-30 10:02:15 +02:00 |
Tobias Brunner
|
5430d6ab3c
|
The x509 plugin is not needed anymore on Android, using OpenSSL.
|
2010-06-30 10:01:16 +02:00 |
Thomas Egerer
|
6d61e334f7
|
Correct check of traffic selectors before destruction
|
2010-06-29 09:22:50 +02:00 |
Thomas Egerer
|
7f1eb89517
|
Migrate queued_tasks tasks, to avoid dangling pointers
|
2010-06-29 09:20:05 +02:00 |
Tobias Brunner
|
0f21ebc81d
|
The signature of keystore_get changed again.
With Android 2.2 (Froyo) the interface of keystore_get was changed once
again. The change was made to allow the keys to contain \0 characters.
|
2010-06-28 17:18:53 +02:00 |
Tobias Brunner
|
6f52d3b077
|
Compiler warning fixed.
|
2010-06-28 08:50:30 +02:00 |
Andreas Steffen
|
b3f65304ba
|
check for installed aead algorithms in kernel
|
2010-06-27 22:26:00 +02:00 |
Andreas Steffen
|
f031e41bea
|
upgraded xfrm.h to linux-2.6.34
|
2010-06-27 11:23:35 +02:00 |
Martin Willi
|
6a4a47511f
|
Show contents of the CP payload in message_t stringification
|
2010-06-24 15:46:28 +02:00 |
Martin Willi
|
1e723d739c
|
Support the subnet attribute in the attr plugin
|
2010-06-24 15:46:28 +02:00 |
Tobias Brunner
|
c0914c457b
|
Increased the loglevel for the arguments received via Android control socket.
|
2010-06-24 14:46:25 +02:00 |
Tobias Brunner
|
e9e2a4fecf
|
Terminate charon from the Android plugin if the tunnel goes down after it was initiated successfully.
|
2010-06-24 14:30:06 +02:00 |
Tobias Brunner
|
7913a74c36
|
Initiate the tunnel in the Android plugin asynchronously.
Also track its initiation using the registered listener.
|
2010-06-24 14:30:05 +02:00 |
Tobias Brunner
|
8b775e99ea
|
Implement the listener_t interface in the Android plugin to track the status of an SA.
|
2010-06-24 14:30:05 +02:00 |
Tobias Brunner
|
94ec9adc10
|
Helper function added to notify the Android frontend about status changes.
|
2010-06-24 14:30:05 +02:00 |
Tobias Brunner
|
024dd37fa0
|
Initiate consumes a child_sa reference, so get an additional one.
|
2010-06-24 14:30:05 +02:00 |
Tobias Brunner
|
5eb9eeb130
|
Use the same error code constants as in the Java frontend.
|
2010-06-24 14:30:05 +02:00 |
Tobias Brunner
|
359063caf7
|
Flush and destroy the send queue before unloading the socket plugins.
|
2010-06-24 14:30:05 +02:00 |
Martin Willi
|
07c5aacce8
|
Select subjectAltName address family using address length in openssl plugin
|
2010-06-24 12:01:18 +02:00 |
Martin Willi
|
7a74295e42
|
Select subjectAltName address family using address length in x509 plugin
|
2010-06-24 12:01:18 +02:00 |
Tobias Brunner
|
9eb7f46b3d
|
Do not install routes in the PF_KEY kernel interface if interface lookup failed.
|
2010-06-23 11:43:31 +02:00 |
Tobias Brunner
|
a427e98da1
|
The signature of keystore_get was changed with Android 2.x.
|
2010-06-22 16:19:55 +02:00 |
Tobias Brunner
|
f283520faf
|
Avoid a segmentation fault if opening the Android control socket failed.
|
2010-06-22 16:18:22 +02:00 |
Tobias Brunner
|
61c950d9aa
|
OpenSSL in Android 2.1+ lacks Elliptic Curve and ENGINE support.
Unfortunately, opensslconf.h was not changed accordingly.
|
2010-06-22 16:15:10 +02:00 |
Tobias Brunner
|
c03ed4835c
|
Allow to enable the kernel-pfkey plugin via Android.mk.
|
2010-06-22 16:14:14 +02:00 |
Tobias Brunner
|
b7900d3258
|
Fixing the PF_KEY kernel interface on Android.
In Android's in.h IPPROTO_COMP is not #defined but just an enum member.
|
2010-06-22 16:12:07 +02:00 |
Tobias Brunner
|
1e3d66f8d3
|
Fixing compilation of the OpenSSL plugin if ENGINE support is disabled.
That is, enable compilation if OpenSSL was configured with
OPENSSL_NO_ENGINE.
|
2010-06-22 11:55:34 +02:00 |
Tobias Brunner
|
5a367e99c3
|
Fixing compilation of the OpenSSL plugin if Elliptic Curve support is disabled.
That is, enable compilation if OpenSSL was configured with
OPENSSL_NO_EC.
|
2010-06-22 11:55:33 +02:00 |
Martin Willi
|
5d31217232
|
Ignore IKEv2 packets in pluto with any minor version
|
2010-06-22 11:14:07 +02:00 |
Martin Willi
|
169eae5229
|
Accept IKE packets with any minor version in RAW socket
|
2010-06-22 11:14:07 +02:00 |
Tobias Brunner
|
9b6db5cd2e
|
Fixed plugin checks in Android.mk files.
|
2010-06-22 10:40:34 +02:00 |
Heiko Hund
|
341372d525
|
Don't fail with an error if an attribute that is to be deleted does not exist
|
2010-06-18 05:01:06 +02:00 |
Tobias Brunner
|
4f9b82bc1d
|
Fixed compiler warning.
|
2010-06-15 19:58:59 +02:00 |
Tobias Brunner
|
499af811c0
|
Use vpn.dns* to store DNS servers (Android manages net.dns* using these).
|
2010-06-15 19:58:58 +02:00 |
Tobias Brunner
|
be00d219cc
|
Adding an interface that interacts with the Android Settings frontend.
|
2010-06-15 19:58:58 +02:00 |
Tobias Brunner
|
c373f14947
|
Adding an Android specific credential set.
|
2010-06-15 19:58:58 +02:00 |
Tobias Brunner
|
51a00fb275
|
Adding an Android specific logger.
|
2010-06-15 19:58:58 +02:00 |
Tobias Brunner
|
946be4d357
|
Adding support for the native Linux capabilities interface.
Note that this interface is deprecated and mainly added to support
Android. Use libcap, if possible.
|
2010-06-15 19:58:30 +02:00 |
Tobias Brunner
|
b77e493bea
|
Explicitly refer to LIBCAP in Makefiles.
|
2010-06-15 19:57:31 +02:00 |
Tobias Brunner
|
404960e522
|
Run as vpn user on Android.
|
2010-06-15 19:57:31 +02:00 |
Tobias Brunner
|
b02a03a5dd
|
Truncate the PID file so that even if we fail to unlink it, the daemon can be restarted properly.
|
2010-06-15 19:57:14 +02:00 |
Tobias Brunner
|
4e9d313ff8
|
Explicitly include stdint.h for UINT64_MAX.
This is required on FreeBSD 8.
|
2010-06-15 15:31:46 +02:00 |
Tobias Brunner
|
ed76b21652
|
Check for SADB_X_NAT_T_NEW_MAPPING in PF_KEY kernel interface.
FreeBSD 8 does not support SADB_X_NAT_T_NEW_MAPPING whereas Linux and
the previous FreeBSD NAT-T patch both do.
|
2010-06-15 15:31:10 +02:00 |
Tobias Brunner
|
668e84d904
|
Set the ports of all hosts installed via the PF_KEY kernel interface to zero.
|
2010-06-15 10:11:57 +02:00 |
Andreas Steffen
|
5d4c258de7
|
refer to correct PLUTO_XAUTH_ID variable
|
2010-06-09 15:21:26 +02:00 |