Andreas Steffen
2ee11fd42d
display (soft) same as (not loaded)
2012-05-03 11:54:56 +02:00
Martin Willi
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
Tobias Brunner
7d85bebc49
pluto: Fix for null-terminated XAuth secrets (as sent by Android 4).
2012-04-24 09:25:38 +02:00
Andreas Steffen
4626e49ad9
remove leading zero in ASN.1 encoded serial numbers
2012-04-05 09:04:11 +02:00
Tobias Brunner
008e2df477
pluto: Use time_monotonic() instead of a custom implementation.
2012-03-27 09:10:33 +02:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Martin Willi
747f837cce
Added a flag to register local credential sets exclusively, disabling all others
2012-03-20 17:31:28 +01:00
Andreas Steffen
e4f554404e
handle case where subject = NULL but keyid is set
2012-02-20 12:12:31 +01:00
Tobias Brunner
0f7d381cfe
pluto: Print expiry time more properly.
2012-02-14 09:38:00 +01:00
Tobias Brunner
7efde9011e
pluto: Drop support for legacy PSK format.
...
Any line in ipsec.secrets starting with " or ' was treated as PSK
without ID selectors by pluto. This prevented it from supporting DNs
like "C=CH, O=Linux strongSwan, OU=Sales, CN=alice@strongswan.org" as
ID selectors.
PSKs defined in this legacy format can easily be updated by changing
"thisIsASecret"
into
: PSK "thisIsASecret"
2012-02-08 13:36:32 +01:00
Tobias Brunner
f1ba06c1c6
Cache list of plugin names to further simplify its usage.
...
Also helpful for ipsec statusall to avoid having to enumerate plugins.
2012-01-19 12:37:42 +01:00
Tobias Brunner
576298a3ef
Simplified logging of list of loaded plugins.
2012-01-19 11:56:03 +01:00
Tobias Brunner
2e0b478a01
Android 4 requires LOCAL_MODULE_TAGS to be set for all modules.
...
Because all packages are now marked as optional executables that are to
be installed on the final system have to be added to PRODUCT_PACKAGES in
build/target/product/core.mk. Dependencies (such as libraries) are
installed automatically.
2012-01-12 19:18:35 +01:00
Tobias Brunner
190cd8a475
pluto: Use srand() to initialize the C library PRNG.
...
Otherwise rekey and DPD times would always be the same after a restart.
2012-01-04 13:19:29 +01:00
Tobias Brunner
70a4737690
pluto: Fixed expiration date test.
2011-12-23 15:32:06 +01:00
Tobias Brunner
a5951a2861
Make sure the certificate cache is flushed when plugins are unloaded.
...
This avoids segmentation faults when plugins implementing cert_t are
already unloaded when the cache is flushed during destruction.
2011-12-15 12:20:09 +01:00
Tobias Brunner
4f775afda9
Added missing Android.mk files to distribution.
2011-11-22 18:31:12 +01:00
Tobias Brunner
54ce738920
pluto: Compile warning fixed.
2011-10-27 15:42:44 +02:00
Tobias Brunner
3b8ed73708
pluto: plugin_list.* added to Android.mk.
2011-10-27 15:42:10 +02:00
Andreas Steffen
473c477978
added listplugins support to pluto and whack
2011-10-26 10:31:48 +02:00
Tobias Brunner
21cb6cffb1
pluto: Log to logcat on Android.
2011-10-18 15:03:19 +02:00
Tobias Brunner
a8256f0bda
pluto: CAP_NET_RAW seems to be required on Android even to open regular sockets.
2011-10-18 11:52:43 +02:00
Tobias Brunner
bdbbab35b1
pluto: Switch to user 'vpn' on Android.
2011-10-18 11:36:52 +02:00
Tobias Brunner
b9307badfe
pluto: Removed last usage of KERNEL26_SUPPORT (and some KLIPS stuff).
...
Because linux is not defined on Android this caused trouble.
2011-10-18 10:30:26 +02:00
Tobias Brunner
89294d8731
pluto: Missing flushline call added when reading ipsec.secrets.
2011-10-14 18:38:18 +02:00
Tobias Brunner
e45fb76b60
pluto: Fixed usage of prctl.
2011-10-14 17:36:20 +02:00
Tobias Brunner
926ed7d647
pluto: Fixed include for control socket.
2011-10-14 17:36:20 +02:00
Tobias Brunner
345e5330b5
pluto: Added fallback to ipsec.secrets parser if glob(3) is not available.
2011-10-14 17:36:20 +02:00
Tobias Brunner
5108d9507d
pluto: Include fixed.
2011-10-14 17:36:20 +02:00
Tobias Brunner
d52c37790e
pluto: Option added to disable adns.
...
This basically disables opportunistic encryption.
2011-10-14 17:36:20 +02:00
Tobias Brunner
2b9c3642e4
pluto: lwdnsq is not supported.
2011-10-14 17:36:20 +02:00
Martin Willi
fa7c8338ca
Plugin enumerator enumerates over loaded features, too
2011-10-14 10:05:44 +02:00
Tobias Brunner
c27c9529b7
Enable XAUTH plugin on Android.
2011-10-13 18:39:01 +02:00
Tobias Brunner
9227a3b3fa
Use separate plugin lists for pluto and charon on Android.
2011-10-13 18:34:43 +02:00
Tobias Brunner
4490804f13
Build pluto on Android.
...
Does not fully compile.
2011-10-13 18:29:36 +02:00
Tobias Brunner
21ee300d5c
pluto: Handle SIGINT to terminate properly when run with --nofork in a console.
2011-09-28 13:57:59 +02:00
Tobias Brunner
192f714076
pluto: Check for processes with the PID stored in pluto.pid.
2011-09-28 13:57:59 +02:00
Tobias Brunner
19e12db79c
pluto: Some whitespace cleanup.
2011-08-15 15:53:26 +02:00
Tobias Brunner
fbedc6a45b
Remove policies in kernel interfaces based on their priority.
...
This allows to unroute a connection while the same connection is
currently established. In this case both CHILD_SAs share the same
reqid but the installed policies have different priorities.
2011-07-27 13:41:35 +02:00
Tobias Brunner
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
Tobias Brunner
328f22e1d3
Add the reqid to kernel_ipsec_t.del_policy.
2011-07-06 09:43:45 +02:00
Tobias Brunner
c74ece334d
pluto: Made helper functions in event_queue static.
2011-05-24 19:23:45 +02:00
Thomas Egerer
59965aaf96
pluto: Securely wipe quick mode keys from memory.
...
Keying material is derived in two separate steps for local and remote
endpoint. This allows us to securely wipe local/remote secrets
separately, too -- a precondition to wipe quick mode keys from memory in
a secure fashion.
2011-05-10 15:39:00 +02:00
Thomas Egerer
9e6bb93ab9
pluto: Securely wipe sensitive data from memory.
2011-05-10 15:19:46 +02:00
Andreas Steffen
8af1e3606b
fixed loop error in parsing of OCSP basic responses
2011-04-26 12:32:19 +02:00
Martin Willi
4778655726
Cast size_t len arguments to %.*s to int
2011-04-20 13:08:32 +02:00
Martin Willi
4876d4f3b3
Added an esn parameter to the kernel interface add_sa functions
2011-04-20 12:26:57 +02:00
Tobias Brunner
6e0c82141f
pluto: Replaced some strcpy usages with strncpy.
2011-04-19 17:35:57 +02:00
Tobias Brunner
2653c08513
pluto: Make sure connection name is null-terminated during DPD restart.
2011-04-19 13:48:51 +02:00
Tobias Brunner
75cf0cc012
pluto: Clarified parsing of long durations.
2011-04-19 13:48:50 +02:00