Martin Willi
0406ed7a16
Fixed a crash in source address lookup
2009-09-23 11:18:30 +02:00
Martin Willi
a7f79ee9c1
Define ME for all charon plugins
2009-09-23 11:13:27 +02:00
Martin Willi
e20b792108
Correctly handle --enable-mediation option
2009-09-23 10:50:00 +02:00
Andreas Steffen
677322b1bf
enforce coding rules
2009-09-22 21:50:28 +02:00
Andreas Steffen
b62ce860c1
enforce coding rules
2009-09-22 20:55:10 +02:00
Andreas Steffen
b88bbe8aa1
set XFRM_STATE_AF_UNSPEC flag
2009-09-22 20:55:10 +02:00
Martin Willi
b262680175
Emit a ALERT_SHUTDOWN_SIGNAL before shutting down the daemon
2009-09-22 17:00:00 +02:00
Andreas Steffen
a28334720c
adding additional flags to loaded X.509 certificates
2009-09-22 12:55:25 +02:00
Andreas Steffen
b80fa9ca38
readying NEWS for the strongswan-4.3.5dr2 release
2009-09-22 12:44:58 +02:00
Andreas Steffen
4b15ee8cd9
shortened file loading debug output
2009-09-22 12:33:13 +02:00
Andreas Steffen
1271983ab9
computed hash-and-url for new certificates
2009-09-22 12:05:37 +02:00
Martin Willi
f1092e20f4
Fixed encoding of hash-and-url cert payload
2009-09-22 10:07:04 +02:00
Martin Willi
cb64b21217
Do not assign SIM version to a volatile buffer on stack
2009-09-22 09:11:35 +02:00
Martin Willi
91cb348cc2
CA certificates are looked up using the subjectPublicKeyInfo keyid
2009-09-21 18:13:25 +02:00
Martin Willi
c84b139a87
Credential backends use has_fingerprint() methods to select keys/certificates
2009-09-21 17:03:00 +02:00
Martin Willi
640ed4d5a5
Public/Private keys implement a has_fingerprint() method
2009-09-21 16:47:25 +02:00
Martin Willi
fde7f5abf8
Correctly serve certificates if CERT_ANY requested
2009-09-21 15:34:29 +02:00
Martin Willi
c6a8990bc5
Enforce a local address of the same family as remote address
2009-09-21 15:30:40 +02:00
Martin Willi
c331bce51d
Return certificates of requested kind only
2009-09-21 14:43:57 +02:00
Andreas Steffen
8153be823b
plugin has been renamed to resolve
2009-09-20 22:03:23 +02:00
Andreas Steffen
399ce164ad
delete resolv_conf_* files
2009-09-20 21:59:36 +02:00
Andreas Steffen
af784261f5
all arguments must be read
2009-09-20 21:56:22 +02:00
Andreas Steffen
4819ec6a71
resolv_conf plugin renamed to resolve
2009-09-20 19:06:58 +02:00
Andreas Steffen
03f096df7e
adapt evaltest.dat to changed debug output
2009-09-20 17:23:24 +02:00
Andreas Steffen
d7f2ffcf11
renewed certs in dynamic-initiator/dynamic-responder scenarios
2009-09-19 08:18:42 +02:00
Andreas Steffen
6aa8d2c8bb
use new certificates
2009-09-19 00:26:55 +02:00
Andreas Steffen
05a6a77d85
eliminated double library_deinit()
2009-09-19 00:00:56 +02:00
Andreas Steffen
309b8b3956
keyids of renewed keys
2009-09-18 21:44:57 +02:00
Andreas Steffen
afcd0b9787
updated to renewed certs in SQL database
2009-09-18 21:22:37 +02:00
Andreas Steffen
bdfe17c79b
renewal of end entity certificates
2009-09-18 21:17:03 +02:00
Andreas Steffen
ddbb34093f
fixed --enable-eap-md5 and --enable-eap-gtc options
2009-09-18 18:23:26 +02:00
Andreas Steffen
d78a0262d1
backwards compatibility with SQL format
2009-09-18 15:48:24 +02:00
Martin Willi
c7a64d6f41
Use helper functions to handle (non-)skippable attributes
2009-09-18 15:08:43 +02:00
Martin Willi
e466139c91
Clients can handle AKA-Identity requests by sending the full identity
2009-09-18 14:51:35 +02:00
Martin Willi
85af7a89c6
nm uses the distributions trusted root CAs if none is explicitly specified
2009-09-18 14:34:27 +02:00
Andreas Steffen
d245f5cf33
some reformulations
2009-09-17 22:21:14 +02:00
Martin Willi
7aa495d9d0
get_private() in listcacerts requires a valid auth cfg
2009-09-17 12:47:03 +02:00
Martin Willi
4a03e85b37
Fixed nexthop lookup, used by source route installation
2009-09-16 13:55:32 +02:00
Martin Willi
36b7ba5ee3
Use continue to advance to next iteration
2009-09-16 13:32:47 +02:00
Martin Willi
075448fbc8
Complain about missing %defaultroute support only if one is actually used
2009-09-16 13:27:49 +02:00
Martin Willi
b538b606da
Use the default debug hook if possible
2009-09-16 13:16:00 +02:00
Martin Willi
5289249449
Default logger implementation can be modified by dbg_default_set_level/stream
2009-09-16 13:06:16 +02:00
Martin Willi
a474081f1f
Removed obsolete per-command debug level option
2009-09-16 12:52:56 +02:00
Martin Willi
4e1cade52f
Fixed loading of DER encoded certificate files
2009-09-16 11:24:35 +02:00
Andreas Steffen
934942dddb
corrected usage
2009-09-15 22:43:22 +02:00
Andreas Steffen
c657492705
pki --req generates a PKCS#10 certificate request
2009-09-15 22:33:32 +02:00
Andreas Steffen
edf30136b0
implemented ASN.1 encoding of PKCS#10 attributes
2009-09-15 21:55:44 +02:00
Andreas Steffen
8101695b32
fixed typo
2009-09-15 16:48:13 +02:00
Martin Willi
88fdf88a1f
Disable rtnetlink defaultroute lookup if pluto is disabled
...
As we do not support Pluto on BSD/Mac, exclude the Linux specific
rtnetlink routing lookup; Charon doesn't require it anyway.
2009-09-15 13:16:39 +02:00
Heiko Hund
aa5d446939
Get starter default route via rtnetlink
...
This patch changes the way routes are fetched from the kernel by starter.
The way it's currently done (via /proc) is limited to routes in the
"main" routing table. Routes from the "default" table are never seen by
starter. Starter may miss the default route even if it's set. Thus, default
routes are now read from the "main" and the "default" table.
The way this code behaves if more than one default route is found is slightly
different to before. Instead of bailing out it just chooses the one with the best
metric. I thought this was be a reasonable change.
2009-09-15 12:55:25 +02:00