ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
15,698 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

15698 Commits

Author SHA1 Message Date
Tobias Brunner cf6110f152 android: Use a local broadcast to notify about profile changes 
This allows other components to modify the profiles and notify about
changes.
 2017-01-20 11:01:32 +01:00
Tobias Brunner c4ab9af74e android: Add a UUID property to the VPN profiles 
All new or edited profiles get a random UUID.  We currently don't
enforce one, though.  Later we might change that and use the UUID as
primary key.
 2017-01-20 11:01:32 +01:00
Tobias Brunner a4c7778086 Merge branch 'ipsec-commands' 
Fixes an issue with the ipsec script when used with sudo.

I'd usually rebase this but the commit ID was already referenced
elsewhere.
 2017-01-19 18:40:00 +01:00
Tobias Brunner 2ec6372f5a ipsec: Only allow specific commands to be executed via ipsec script 
The previous fallback allowed running any executable as root if executing
ipsec via sudo was allowed, by using e.g. `sudo ipsec ../../../bin/sh`.
 2017-01-18 16:15:48 +01:00
Tobias Brunner 1c27cf3bc8 bliss: Increase timeout for sampler unit test 
Fixes #2204.
 2017-01-16 11:28:10 +01:00
Tobias Brunner 410bdaf654 android: Include ref10 subdirectory for curve25519 plugin 
Fixes #2201.
 2017-01-16 11:19:35 +01:00
Andreas Steffen 9ad147ac63 Version bump to 5.5.2dr4 2017-01-02 15:46:27 +01:00
Andreas Steffen bda3a573f4 Merge branch 'disable_ocsp' 2017-01-02 14:35:39 +01:00
Andreas Steffen 91a4a4aa83 testing: Added swanctl/ocsp-disabled scenario 2017-01-02 14:34:39 +01:00
Andreas Steffen db0953d41f testing: Added swanctl/ocsp-signer-cert scenario 2017-01-02 14:34:18 +01:00
Andreas Steffen e3f63c6469 revocation: OCSP and/or CRL fetching can be disabled 2016-12-30 18:12:53 +01:00
Andreas Steffen 08253bbba3 testing: Convert swanctl scenarios to curve-25519 2016-12-30 16:22:12 +01:00
Andreas Steffen 65797c9faf Version bump to 5.5.2dr3 and Linux kernel 4.9 2016-12-17 18:10:13 +01:00
Andreas Steffen 470e61ae77 testing: strongTNC does not come with django.db any more 2016-12-17 18:09:20 +01:00
Andreas Steffen 3c1e5ad6ce testing: Added ikev2/net2net-ed25519 scenario 2016-12-17 18:07:29 +01:00
Andreas Steffen bd2f2b11fc stroke: Load general PKCS#8 private keys 2016-12-17 18:06:11 +01:00
Andreas Steffen 9da89eeb4f Merge branch 'Ed25519' 2016-12-16 12:24:54 +01:00
Andreas Steffen 4f19112b1f Moved Ed25519 tests to libstrongswan 2016-12-14 11:57:36 +01:00
Weilu Jia 351179d4dc vici: Check for closed connection in Python bindings 
The Python VICI library does not check if the socket is closed.
If the daemon closes the connection, _recvall() spins forever.

Closes strongswan/strongswan#56.
 2016-12-14 11:35:31 +01:00
Andreas Steffen e9c2b6658b unit-tests: Completed coverage of hasher, crypter and libnttfft 2016-12-14 11:15:48 +01:00
Andreas Steffen 94ae1ac18e Added swanctl/net2net-ed2559 scenario and needed Ed25519 certificates 2016-12-14 11:15:48 +01:00
Andreas Steffen f2eb367adc Implemented EdDSA for IKEv2 using a pro forma Identity hash function 2016-12-14 11:15:48 +01:00
Andreas Steffen d47ad3d67e Added Ed25519 ref10 implementation from libsodium 2016-12-14 11:15:47 +01:00
Andreas Steffen 35bc60cc68 Added support of EdDSA signatures 2016-12-14 11:15:47 +01:00
Tobias Brunner 564a199674 kernel-netlink: Add support for AES-CMAC-96 (RFC 4494) 
The kernel apparently supports this since 3.10.
 2016-12-12 11:43:06 +01:00
Tobias Brunner 8c859e86d6 android: New release after re-adding support for ECC Brainpool curves 2016-12-10 12:28:09 +01:00
Tobias Brunner f20b3f7b2c openssl: BoringSSL doesn't provide curve data for ECC Brainpool curves 2016-12-10 12:27:47 +01:00
Tobias Brunner aae9a9e678 android: New release after fixing libtpmtss issue 2016-12-09 11:18:17 +01:00
Tobias Brunner 9920824e70 android: Make sure libtpmtss is loaded on older systems 
On newer Android systems this seems to happen automatically (or does at
least not cause crashes if the library is not loaded).
 2016-12-09 11:16:42 +01:00
Tobias Brunner 708f9c7f65 android: New release after adding notification 2016-12-08 17:37:21 +01:00
Tobias Brunner 7e1c840753 Merge branch 'android-updates' 
Adds a permanent notification while connected (or connecting), which
allows running as a foreground service, which in turn should prevent
Android from terminating the service when low on memory.

Also adds support for ChaCha20/Poly1305 AEAD and Curve25519 DH.
 2016-12-08 17:33:11 +01:00
Tobias Brunner 3e85b5a492 android: Ensure that the certificates are loaded when accessing them via JNI 2016-12-08 17:14:49 +01:00
Tobias Brunner 85059424a7 android: Add a public notification 2016-12-08 17:14:49 +01:00
Tobias Brunner d5070425a0 android: Display a permanent notification while connected 
This forces the service to run in the foreground, meaning the system
won't kill it when low on memory.
 2016-12-08 17:14:49 +01:00
Tobias Brunner e03c936982 android: Log any installed DNS servers 2016-12-08 17:14:49 +01:00
Tobias Brunner d6d12bab14 android: Unregister listener in case of error alerts 
This avoids triggering additional errors via e.g. ike_updown() that
might cause the error message displayed in the GUI to change if the
status fragment is recreated.

References #2134.
 2016-12-08 17:13:16 +01:00
Tobias Brunner ef2ad9db1c android: Report an error for invalid integer values 
Previously we'd just ignore the invalid values without notifying the
user.
 2016-12-08 16:43:51 +01:00
Tobias Brunner cefbf2bf9b android: Propose curve25519 in the ESP proposals 2016-12-08 16:43:51 +01:00
Tobias Brunner fec47b6146 android: Enable curve25519 plugin in the app 2016-12-08 16:43:51 +01:00
Tobias Brunner b077a2a71a android: Optionally build the curve25519 plugin 2016-12-08 16:43:51 +01:00
Tobias Brunner 5f0913fc1e android: Propose ChaCha20/Poly1305 in the ESP AEAD proposals 2016-12-08 16:43:50 +01:00
Tobias Brunner 8c0b38e9df android: Enable chapoly plugin in the app 2016-12-08 16:43:50 +01:00
Tobias Brunner 4d47adb639 android: Optionally build the chapoly plugin 2016-12-08 16:43:50 +01:00
Tobias Brunner 03472aea1f android: Update Gradle plugin and wrapper 2016-12-08 16:43:50 +01:00
Thomas Egerer 8c50bb6c36 ikev1: Minor code optimization in task manager 
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
 2016-12-07 10:37:46 +01:00
Tobias Brunner 8fe2cefd9d travis: The xcode7.3 image is now the default 2016-12-02 16:56:13 +01:00
Tobias Brunner c7c9a50adb travis: Output config.log on failure 2016-12-02 16:56:13 +01:00
Tobias Brunner 016228c158 configure: Check for actual functions in libraries with AC_CHECK_LIB 
Checking for `main` produces code like this in the test program:

  int
  main ()
  {
  return main ();
    ;
    return 0;
  }

This recursive call results in a warning message with some compilers (e.g.
Clang in newer Xcode versions: "all paths through this function will call
itself [-Winfinite-recursion]"), which lets the tests fail when compiling
with -Werror.
 2016-12-02 16:56:13 +01:00
Tobias Brunner 5078f87a52 plugin-loader: Strip '!' from critical plugin names when setting paths 2016-11-18 12:21:49 +01:00
Thomas Egerer 1042b9194f child-sa: Use single return statement in update_usebytes() 
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
 2016-11-18 11:58:14 +01:00