Tobias Brunner
cf6110f152
android: Use a local broadcast to notify about profile changes
...
This allows other components to modify the profiles and notify about
changes.
2017-01-20 11:01:32 +01:00
Tobias Brunner
c4ab9af74e
android: Add a UUID property to the VPN profiles
...
All new or edited profiles get a random UUID. We currently don't
enforce one, though. Later we might change that and use the UUID as
primary key.
2017-01-20 11:01:32 +01:00
Tobias Brunner
a4c7778086
Merge branch 'ipsec-commands'
...
Fixes an issue with the ipsec script when used with sudo.
I'd usually rebase this but the commit ID was already referenced
elsewhere.
2017-01-19 18:40:00 +01:00
Tobias Brunner
2ec6372f5a
ipsec: Only allow specific commands to be executed via ipsec script
...
The previous fallback allowed running any executable as root if executing
ipsec via sudo was allowed, by using e.g. `sudo ipsec ../../../bin/sh`.
2017-01-18 16:15:48 +01:00
Tobias Brunner
1c27cf3bc8
bliss: Increase timeout for sampler unit test
...
Fixes #2204 .
2017-01-16 11:28:10 +01:00
Tobias Brunner
410bdaf654
android: Include ref10 subdirectory for curve25519 plugin
...
Fixes #2201 .
2017-01-16 11:19:35 +01:00
Andreas Steffen
9ad147ac63
Version bump to 5.5.2dr4
2017-01-02 15:46:27 +01:00
Andreas Steffen
bda3a573f4
Merge branch 'disable_ocsp'
2017-01-02 14:35:39 +01:00
Andreas Steffen
91a4a4aa83
testing: Added swanctl/ocsp-disabled scenario
2017-01-02 14:34:39 +01:00
Andreas Steffen
db0953d41f
testing: Added swanctl/ocsp-signer-cert scenario
2017-01-02 14:34:18 +01:00
Andreas Steffen
e3f63c6469
revocation: OCSP and/or CRL fetching can be disabled
2016-12-30 18:12:53 +01:00
Andreas Steffen
08253bbba3
testing: Convert swanctl scenarios to curve-25519
2016-12-30 16:22:12 +01:00
Andreas Steffen
65797c9faf
Version bump to 5.5.2dr3 and Linux kernel 4.9
2016-12-17 18:10:13 +01:00
Andreas Steffen
470e61ae77
testing: strongTNC does not come with django.db any more
2016-12-17 18:09:20 +01:00
Andreas Steffen
3c1e5ad6ce
testing: Added ikev2/net2net-ed25519 scenario
2016-12-17 18:07:29 +01:00
Andreas Steffen
bd2f2b11fc
stroke: Load general PKCS#8 private keys
2016-12-17 18:06:11 +01:00
Andreas Steffen
9da89eeb4f
Merge branch 'Ed25519'
2016-12-16 12:24:54 +01:00
Andreas Steffen
4f19112b1f
Moved Ed25519 tests to libstrongswan
2016-12-14 11:57:36 +01:00
Weilu Jia
351179d4dc
vici: Check for closed connection in Python bindings
...
The Python VICI library does not check if the socket is closed.
If the daemon closes the connection, _recvall() spins forever.
Closes strongswan/strongswan#56 .
2016-12-14 11:35:31 +01:00
Andreas Steffen
e9c2b6658b
unit-tests: Completed coverage of hasher, crypter and libnttfft
2016-12-14 11:15:48 +01:00
Andreas Steffen
94ae1ac18e
Added swanctl/net2net-ed2559 scenario and needed Ed25519 certificates
2016-12-14 11:15:48 +01:00
Andreas Steffen
f2eb367adc
Implemented EdDSA for IKEv2 using a pro forma Identity hash function
2016-12-14 11:15:48 +01:00
Andreas Steffen
d47ad3d67e
Added Ed25519 ref10 implementation from libsodium
2016-12-14 11:15:47 +01:00
Andreas Steffen
35bc60cc68
Added support of EdDSA signatures
2016-12-14 11:15:47 +01:00
Tobias Brunner
564a199674
kernel-netlink: Add support for AES-CMAC-96 (RFC 4494)
...
The kernel apparently supports this since 3.10.
2016-12-12 11:43:06 +01:00
Tobias Brunner
8c859e86d6
android: New release after re-adding support for ECC Brainpool curves
2016-12-10 12:28:09 +01:00
Tobias Brunner
f20b3f7b2c
openssl: BoringSSL doesn't provide curve data for ECC Brainpool curves
2016-12-10 12:27:47 +01:00
Tobias Brunner
aae9a9e678
android: New release after fixing libtpmtss issue
2016-12-09 11:18:17 +01:00
Tobias Brunner
9920824e70
android: Make sure libtpmtss is loaded on older systems
...
On newer Android systems this seems to happen automatically (or does at
least not cause crashes if the library is not loaded).
2016-12-09 11:16:42 +01:00
Tobias Brunner
708f9c7f65
android: New release after adding notification
2016-12-08 17:37:21 +01:00
Tobias Brunner
7e1c840753
Merge branch 'android-updates'
...
Adds a permanent notification while connected (or connecting), which
allows running as a foreground service, which in turn should prevent
Android from terminating the service when low on memory.
Also adds support for ChaCha20/Poly1305 AEAD and Curve25519 DH.
2016-12-08 17:33:11 +01:00
Tobias Brunner
3e85b5a492
android: Ensure that the certificates are loaded when accessing them via JNI
2016-12-08 17:14:49 +01:00
Tobias Brunner
85059424a7
android: Add a public notification
2016-12-08 17:14:49 +01:00
Tobias Brunner
d5070425a0
android: Display a permanent notification while connected
...
This forces the service to run in the foreground, meaning the system
won't kill it when low on memory.
2016-12-08 17:14:49 +01:00
Tobias Brunner
e03c936982
android: Log any installed DNS servers
2016-12-08 17:14:49 +01:00
Tobias Brunner
d6d12bab14
android: Unregister listener in case of error alerts
...
This avoids triggering additional errors via e.g. ike_updown() that
might cause the error message displayed in the GUI to change if the
status fragment is recreated.
References #2134 .
2016-12-08 17:13:16 +01:00
Tobias Brunner
ef2ad9db1c
android: Report an error for invalid integer values
...
Previously we'd just ignore the invalid values without notifying the
user.
2016-12-08 16:43:51 +01:00
Tobias Brunner
cefbf2bf9b
android: Propose curve25519 in the ESP proposals
2016-12-08 16:43:51 +01:00
Tobias Brunner
fec47b6146
android: Enable curve25519 plugin in the app
2016-12-08 16:43:51 +01:00
Tobias Brunner
b077a2a71a
android: Optionally build the curve25519 plugin
2016-12-08 16:43:51 +01:00
Tobias Brunner
5f0913fc1e
android: Propose ChaCha20/Poly1305 in the ESP AEAD proposals
2016-12-08 16:43:50 +01:00
Tobias Brunner
8c0b38e9df
android: Enable chapoly plugin in the app
2016-12-08 16:43:50 +01:00
Tobias Brunner
4d47adb639
android: Optionally build the chapoly plugin
2016-12-08 16:43:50 +01:00
Tobias Brunner
03472aea1f
android: Update Gradle plugin and wrapper
2016-12-08 16:43:50 +01:00
Thomas Egerer
8c50bb6c36
ikev1: Minor code optimization in task manager
...
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2016-12-07 10:37:46 +01:00
Tobias Brunner
8fe2cefd9d
travis: The xcode7.3 image is now the default
2016-12-02 16:56:13 +01:00
Tobias Brunner
c7c9a50adb
travis: Output config.log on failure
2016-12-02 16:56:13 +01:00
Tobias Brunner
016228c158
configure: Check for actual functions in libraries with AC_CHECK_LIB
...
Checking for `main` produces code like this in the test program:
int
main ()
{
return main ();
;
return 0;
}
This recursive call results in a warning message with some compilers (e.g.
Clang in newer Xcode versions: "all paths through this function will call
itself [-Winfinite-recursion]"), which lets the tests fail when compiling
with -Werror.
2016-12-02 16:56:13 +01:00
Tobias Brunner
5078f87a52
plugin-loader: Strip '!' from critical plugin names when setting paths
2016-11-18 12:21:49 +01:00
Thomas Egerer
1042b9194f
child-sa: Use single return statement in update_usebytes()
...
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2016-11-18 11:58:14 +01:00