Andreas Steffen
3d4818bf18
Make REST POST request timeout configurable
2014-05-31 21:25:47 +02:00
Andreas Steffen
2382d45b1c
Test SWID REST API ins tnc/tnccs-20-pdp scenarios
2014-05-31 21:25:46 +02:00
Andreas Steffen
59db666094
Detect RADIUS packet retransmissions
2014-05-31 20:37:57 +02:00
Andreas Steffen
bfd8f8c5fe
Updated IMC/IMV entries in strongswan.conf man page
2014-05-31 20:37:57 +02:00
Andreas Steffen
2997077bae
Migration from Debian 7.4 to 7.5
2014-05-31 20:37:57 +02:00
Andreas Steffen
9635a92187
Fixed swid_generator interface
2014-05-31 20:37:57 +02:00
Andreas Steffen
a5ce2f0b23
Detect oversize SWID tags
2014-05-31 20:37:57 +02:00
Andreas Steffen
ed27e0e7c7
max_attr_size is an uint32_t value
2014-05-31 20:37:57 +02:00
Andreas Steffen
13a87236c2
Update of Ubuntu 14.04 kernel
2014-05-31 20:37:57 +02:00
Andreas Steffen
543447cb6b
Wait for the arrival of the TCPG_PTS_DH_NONCE_PARAMS_RESP
2014-05-31 20:37:57 +02:00
Andreas Steffen
3a726816a2
Increased maximum PT-TLS message size to 2MB
2014-05-31 20:37:56 +02:00
Andreas Steffen
096c726b5b
log SWID tags and tag IDs on debug level 3
2014-05-31 20:37:56 +02:00
Andreas Steffen
4dda2984e3
Automatic determination of maximum PB-TNC batch and PA-TNC message size
2014-05-31 20:37:56 +02:00
Andreas Steffen
75498e6b33
Completed the command line options of the pt-tls-client
2014-05-31 20:37:56 +02:00
Andreas Steffen
34cd3e102e
Split TCG SWID Request attribute into chunks if needed
2014-05-31 20:37:56 +02:00
Andreas Steffen
bee82725eb
Check for libjson
2014-05-31 20:37:56 +02:00
Andreas Steffen
32cb700cd0
Added Debian 7.5 product and all Debian armv6l products
2014-05-31 20:37:56 +02:00
Andreas Steffen
7b05b0bc28
Fixed typo in tables.sql
2014-05-31 20:37:56 +02:00
Andreas Steffen
a123f470f0
Additional index to improve performance
2014-05-31 20:37:56 +02:00
Andreas Steffen
b7679e90e3
Support targeted retrieval of SWID tags
2014-05-31 20:37:56 +02:00
Tobias Brunner
e14507cb71
curl: Don't set CURLOPT_FAILONERROR
...
With the strongTNC REST API some errors will actually be accompanied by
a response we want to receive completely.
2014-05-31 20:37:55 +02:00
Andreas Steffen
344c9f91f3
Implemented SWID REST API
2014-05-31 20:37:55 +02:00
Andreas Steffen
8c26db8c62
Set entity_name to strongSwan Project
2014-05-31 20:37:55 +02:00
Andreas Steffen
6b6b857cb6
Updated strongSwan SWID Tag from ISO 2009 to 2014 format
2014-05-31 20:37:55 +02:00
Andreas Steffen
e2c9f6ce04
Version bump to 5.2.0dr5
2014-05-31 20:37:26 +02:00
Tobias Brunner
b2b54bd71d
Make sure getpass() is available
...
It's not on Android for example.
2014-05-29 12:28:53 +02:00
Tobias Brunner
95d13fcc3f
starter: Fix build on Android
...
While the (default) ipsec script does not work on Android starter still
passes the script's name to charon if leftfirewall is configured.
2014-05-28 18:20:42 +02:00
Andreas Steffen
58c639e584
Some more files to measure
2014-05-21 14:00:31 +02:00
Andreas Steffen
ba6c27f063
Added all SWID tables and example regids
2014-05-21 14:00:31 +02:00
Tobias Brunner
e34905ce7b
scripts: Ignore settings-test script
2014-05-20 18:56:43 +02:00
Martin Willi
b9dd46d8a9
peer-cfg: Add missing UNIQUE_NEVER to unique_policy_names
2014-05-19 18:05:51 +02:00
Tobias Brunner
b9dfeb5de4
unit-tests: Sync threads with main thread in test_cleanup_cancel()
...
Without synchronization threads could get canceled before they could
disable their cancelability.
2014-05-19 16:06:52 +02:00
Tobias Brunner
403ad5dd85
pfkey: Always include stdint.h
...
On some systems (e.g. on Debian/kFreeBSD) that header is required when
including ipsec.h, on Linux we require it too when including pfkeyv2.h,
so to simplify things we just always include it.
2014-05-19 14:53:24 +02:00
Tobias Brunner
89b0845e7f
Merge branch 'fetcher-response-code'
...
Extends the fetcher API to retrieve the response status code for a request.
2014-05-19 14:32:53 +02:00
Tobias Brunner
271c2dd24e
soup: Add support to retrieve the response code
2014-05-19 14:29:48 +02:00
Tobias Brunner
350c1dead9
unit-tests: Allow some HTTP write operations to fail
...
Because CURLOPT_FAILONERROR is enabled in the curl plugin an error code
will often (not always) cause the client to close the TCP connection
before the server has written the complete response.
2014-05-19 14:28:45 +02:00
Tobias Brunner
703a0b4c3e
curl: Add support to return the response code
2014-05-19 14:28:40 +02:00
Tobias Brunner
deb8975bd2
unit-tests: Add a test case for HTTP response codes
2014-05-19 14:24:12 +02:00
Tobias Brunner
9a18593752
fetcher: Add option to retrieve response code from a fetcher
2014-05-19 14:20:50 +02:00
Tobias Brunner
032dcb8989
unit-tests: Defer failures by worker threads
...
In some cases the main thread is not ready to immediately call siglongjmp(),
e.g. if it currently holds a mutex that is later required during
shutdown.
Therefore, we delay handling errors in worker threads until the main
thread performs the next check itself (or the test function ends).
The same issue remains with SIGALRM.
2014-05-19 14:06:55 +02:00
Tobias Brunner
435fecd751
unit-tests: Make sure plugins in the builddir are loaded
...
When running the tests in GDB the working directory apparently is
different. With the relative path used previously the plugins would not
be found and those installed on the system would get used.
2014-05-19 14:06:43 +02:00
Tobias Brunner
7c888e0d23
unit-tests: Don't assert failures for unreadable settings files as root
...
The file can still be read by root even if nobody has read privileges.
2014-05-16 17:50:29 +02:00
Martin Willi
2145f0c212
Merge branch 'aead-proposal'
...
Encode default AEAD encryption algorithms to a proposal separate from non-AEAD
algorithms. RFC 4306 and 5282 where less explicit, but RFC 5996 requires
separate proposals for AEAD and non-AEAD algorithms. As responder we still
accept both encoding variants.
Fixes #573 .
2014-05-16 16:54:04 +02:00
Martin Willi
2f893f278d
proposal: Don't return a default IKE proposal without encryption/AEAD algs
2014-05-16 16:51:19 +02:00
Martin Willi
8d74ec9e80
ike: Add an additional but separate AEAD proposal to CHILD config
...
This currently has no effect: We don't include AEAD algorithms in the default
ESP proposal, as we don't know if it is supported by the backend. But as we
hopefully get an algorithm query mechanism on kernel interfaces some day, we
add the appropriate functionality nonetheless.
2014-05-16 16:51:19 +02:00
Martin Willi
879e3d12ca
ike: Add an additional but separate AEAD proposal to IKE config, if supported
2014-05-16 16:51:19 +02:00
Martin Willi
356846db5d
child-cfg: Allow passing NULL as proposal to add_proposal()
...
Making the API consistent to the one of ike_cfg.
2014-05-16 16:01:21 +02:00
Martin Willi
3312c447ef
ike-cfg: Allow passing NULL to add_proposal()
...
This simplifies adding default proposals with constructors potentially
returning NULL.
2014-05-16 16:01:21 +02:00
Martin Willi
8642f8bdb7
proposal: Use an additional "default" constructor specific to AEAD algorithms
...
This allows a caller to create a separated proposal for supported AEAD
algorithms, as required by RFC 5996.
2014-05-16 16:01:21 +02:00
Martin Willi
0fc4dd429d
proposal: Don't include AEAD algorithms in the default proposal
...
According to RFC 5996 3.3 we should use a separate proposal for AEAD algorithms.
This was not clear in RFC 5282, hence we previously included both AEAD and
non-AEAD algorithms in a single proposal.
2014-05-16 16:01:21 +02:00