ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
12,944 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

12944 Commits

Author SHA1 Message Date
Andreas Steffen 3d4818bf18 Make REST POST request timeout configurable 2014-05-31 21:25:47 +02:00
Andreas Steffen 2382d45b1c Test SWID REST API ins tnc/tnccs-20-pdp scenarios 2014-05-31 21:25:46 +02:00
Andreas Steffen 59db666094 Detect RADIUS packet retransmissions 2014-05-31 20:37:57 +02:00
Andreas Steffen bfd8f8c5fe Updated IMC/IMV entries in strongswan.conf man page 2014-05-31 20:37:57 +02:00
Andreas Steffen 2997077bae Migration from Debian 7.4 to 7.5 2014-05-31 20:37:57 +02:00
Andreas Steffen 9635a92187 Fixed swid_generator interface 2014-05-31 20:37:57 +02:00
Andreas Steffen a5ce2f0b23 Detect oversize SWID tags 2014-05-31 20:37:57 +02:00
Andreas Steffen ed27e0e7c7 max_attr_size is an uint32_t value 2014-05-31 20:37:57 +02:00
Andreas Steffen 13a87236c2 Update of Ubuntu 14.04 kernel 2014-05-31 20:37:57 +02:00
Andreas Steffen 543447cb6b Wait for the arrival of the TCPG_PTS_DH_NONCE_PARAMS_RESP 2014-05-31 20:37:57 +02:00
Andreas Steffen 3a726816a2 Increased maximum PT-TLS message size to 2MB 2014-05-31 20:37:56 +02:00
Andreas Steffen 096c726b5b log SWID tags and tag IDs on debug level 3 2014-05-31 20:37:56 +02:00
Andreas Steffen 4dda2984e3 Automatic determination of maximum PB-TNC batch and PA-TNC message size 2014-05-31 20:37:56 +02:00
Andreas Steffen 75498e6b33 Completed the command line options of the pt-tls-client 2014-05-31 20:37:56 +02:00
Andreas Steffen 34cd3e102e Split TCG SWID Request attribute into chunks if needed 2014-05-31 20:37:56 +02:00
Andreas Steffen bee82725eb Check for libjson 2014-05-31 20:37:56 +02:00
Andreas Steffen 32cb700cd0 Added Debian 7.5 product and all Debian armv6l products 2014-05-31 20:37:56 +02:00
Andreas Steffen 7b05b0bc28 Fixed typo in tables.sql 2014-05-31 20:37:56 +02:00
Andreas Steffen a123f470f0 Additional index to improve performance 2014-05-31 20:37:56 +02:00
Andreas Steffen b7679e90e3 Support targeted retrieval of SWID tags 2014-05-31 20:37:56 +02:00
Tobias Brunner e14507cb71 curl: Don't set CURLOPT_FAILONERROR 
With the strongTNC REST API some errors will actually be accompanied by
a response we want to receive completely.
 2014-05-31 20:37:55 +02:00
Andreas Steffen 344c9f91f3 Implemented SWID REST API 2014-05-31 20:37:55 +02:00
Andreas Steffen 8c26db8c62 Set entity_name to strongSwan Project 2014-05-31 20:37:55 +02:00
Andreas Steffen 6b6b857cb6 Updated strongSwan SWID Tag from ISO 2009 to 2014 format 2014-05-31 20:37:55 +02:00
Andreas Steffen e2c9f6ce04 Version bump to 5.2.0dr5 2014-05-31 20:37:26 +02:00
Tobias Brunner b2b54bd71d Make sure getpass() is available 
It's not on Android for example.
 2014-05-29 12:28:53 +02:00
Tobias Brunner 95d13fcc3f starter: Fix build on Android 
While the (default) ipsec script does not work on Android starter still
passes the script's name to charon if leftfirewall is configured.
 2014-05-28 18:20:42 +02:00
Andreas Steffen 58c639e584 Some more files to measure 2014-05-21 14:00:31 +02:00
Andreas Steffen ba6c27f063 Added all SWID tables and example regids 2014-05-21 14:00:31 +02:00
Tobias Brunner e34905ce7b scripts: Ignore settings-test script 2014-05-20 18:56:43 +02:00
Martin Willi b9dd46d8a9 peer-cfg: Add missing UNIQUE_NEVER to unique_policy_names 2014-05-19 18:05:51 +02:00
Tobias Brunner b9dfeb5de4 unit-tests: Sync threads with main thread in test_cleanup_cancel() 
Without synchronization threads could get canceled before they could
disable their cancelability.
 2014-05-19 16:06:52 +02:00
Tobias Brunner 403ad5dd85 pfkey: Always include stdint.h 
On some systems (e.g. on Debian/kFreeBSD) that header is required when
including ipsec.h, on Linux we require it too when including pfkeyv2.h,
so to simplify things we just always include it.
 2014-05-19 14:53:24 +02:00
Tobias Brunner 89b0845e7f Merge branch 'fetcher-response-code' 
Extends the fetcher API to retrieve the response status code for a request.
 2014-05-19 14:32:53 +02:00
Tobias Brunner 271c2dd24e soup: Add support to retrieve the response code 2014-05-19 14:29:48 +02:00
Tobias Brunner 350c1dead9 unit-tests: Allow some HTTP write operations to fail 
Because CURLOPT_FAILONERROR is enabled in the curl plugin an error code
will often (not always) cause the client to close the TCP connection
before the server has written the complete response.
 2014-05-19 14:28:45 +02:00
Tobias Brunner 703a0b4c3e curl: Add support to return the response code 2014-05-19 14:28:40 +02:00
Tobias Brunner deb8975bd2 unit-tests: Add a test case for HTTP response codes 2014-05-19 14:24:12 +02:00
Tobias Brunner 9a18593752 fetcher: Add option to retrieve response code from a fetcher 2014-05-19 14:20:50 +02:00
Tobias Brunner 032dcb8989 unit-tests: Defer failures by worker threads 
In some cases the main thread is not ready to immediately call siglongjmp(),
e.g. if it currently holds a mutex that is later required during
shutdown.

Therefore, we delay handling errors in worker threads until the main
thread performs the next check itself (or the test function ends).

The same issue remains with SIGALRM.
 2014-05-19 14:06:55 +02:00
Tobias Brunner 435fecd751 unit-tests: Make sure plugins in the builddir are loaded 
When running the tests in GDB the working directory apparently is
different.  With the relative path used previously the plugins would not
be found and those installed on the system would get used.
 2014-05-19 14:06:43 +02:00
Tobias Brunner 7c888e0d23 unit-tests: Don't assert failures for unreadable settings files as root 
The file can still be read by root even if nobody has read privileges.
 2014-05-16 17:50:29 +02:00
Martin Willi 2145f0c212 Merge branch 'aead-proposal' 
Encode default AEAD encryption algorithms to a proposal separate from non-AEAD
algorithms. RFC 4306 and 5282 where less explicit, but RFC 5996 requires
separate proposals for AEAD and non-AEAD algorithms. As responder we still
accept both encoding variants.

Fixes #573.
 2014-05-16 16:54:04 +02:00
Martin Willi 2f893f278d proposal: Don't return a default IKE proposal without encryption/AEAD algs 2014-05-16 16:51:19 +02:00
Martin Willi 8d74ec9e80 ike: Add an additional but separate AEAD proposal to CHILD config 
This currently has no effect: We don't include AEAD algorithms in the default
ESP proposal, as we don't know if it is supported by the backend. But as we
hopefully get an algorithm query mechanism on kernel interfaces some day, we
add the appropriate functionality nonetheless.
 2014-05-16 16:51:19 +02:00
Martin Willi 879e3d12ca ike: Add an additional but separate AEAD proposal to IKE config, if supported 2014-05-16 16:51:19 +02:00
Martin Willi 356846db5d child-cfg: Allow passing NULL as proposal to add_proposal() 
Making the API consistent to the one of ike_cfg.
 2014-05-16 16:01:21 +02:00
Martin Willi 3312c447ef ike-cfg: Allow passing NULL to add_proposal() 
This simplifies adding default proposals with constructors potentially
returning NULL.
 2014-05-16 16:01:21 +02:00
Martin Willi 8642f8bdb7 proposal: Use an additional "default" constructor specific to AEAD algorithms 
This allows a caller to create a separated proposal for supported AEAD
algorithms, as required by RFC 5996.
 2014-05-16 16:01:21 +02:00
Martin Willi 0fc4dd429d proposal: Don't include AEAD algorithms in the default proposal 
According to RFC 5996 3.3 we should use a separate proposal for AEAD algorithms.
This was not clear in RFC 5282, hence we previously included both AEAD and
non-AEAD algorithms in a single proposal.
 2014-05-16 16:01:21 +02:00