ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
12,308 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

12308 Commits

Author SHA1 Message Date
Tobias Brunner 4f8bd6d404 pool: Typo in Makefile fixed 2014-02-12 14:34:09 +01:00
Tobias Brunner b84b5410a4 Merge branch 'sql-install' 
SQL schemas and example data (IMV) are now part of the distribution and
installed in $prefix/share/strongswan.  This way no extra copy is needed
for the test suite and distributions can easily pack those files together
with the plugins.
 2014-02-12 14:27:21 +01:00
Tobias Brunner 6e288ed19c pool: Install SQL schemas from src/pool 
This allows us to install the schemas if either the attr-sql or sql
plugin is enabled, since both use the same schema (at least in parts).
 2014-02-12 14:21:26 +01:00
Tobias Brunner b2cd0870a3 sql: Set default values for some fields in addresses table 2014-02-12 14:08:34 +01:00
Tobias Brunner 9942e43dc6 testing: Use installed PTS SQL schema and data instead of local copy 2014-02-12 14:08:34 +01:00
Tobias Brunner 96e8715e32 testing: Use installed SQL schema instead of local copy 2014-02-12 14:08:34 +01:00
Tobias Brunner de7f5305d9 libimcv: Install SQL files in /usr/share/strongswan/templates/database 2014-02-12 14:08:34 +01:00
Tobias Brunner 9ca9d99bc4 sql: Install SQL schemas in /usr/share/strongswan/templates/database 2014-02-12 14:08:34 +01:00
Tobias Brunner 68539c38e2 sql: Remove unused cred.sql snippet 2014-02-12 14:08:34 +01:00
Tobias Brunner ebc665be4d asn1: Support dates before 1970-01-01 (i.e. when time_t gets negative) 
On x86 we allow "overflows" around 1969/1970 but not for other dates.

Fixes #509.
 2014-02-12 13:54:05 +01:00
Tobias Brunner addc34d5f0 asn1: Add additional validation for parsed ASN.1 date/time values 2014-02-12 13:53:57 +01:00
Tobias Brunner 9e1ce63915 ikev1: Fix config switching due to failed authentication during Aggressive mode 
The encoded ID payload gets destroyed by the authenticator, which caused
a segmentation fault after the switch.

Fixes #501.
 2014-02-12 13:53:03 +01:00
Tobias Brunner 822b22c96f kernel-pfroute: Don't cache route entries if installation fails 2014-02-12 13:52:25 +01:00
Tobias Brunner f0f78b74d4 kernel-netlink: Don't cache route entries if installation fails 
Fixes #500.
 2014-02-12 13:52:01 +01:00
Tobias Brunner 5e75f50b70 identification: Fix printing of empty RDNs on FreeBSD 
On FreeBSD (null) is printed for NULL even if the precision is 0.
 2014-02-12 13:45:42 +01:00
Tobias Brunner f8c9c03de0 tests: Fix test for printing NULL on FreeBSD 2014-02-12 13:45:42 +01:00
Andreas Steffen f0ffb9f9af Fixed description of ikev1/rw-ntru-psk scenario 2014-02-12 13:21:46 +01:00
Andreas Steffen ccb7630ca1 Updated test kvm tests to Linux 3.13 kernel 2014-02-12 13:16:34 +01:00
Andreas Steffen 83caf0827c Added ikev1/net2net-ntru-cert and ikev1/rw-ntru-psk scenarios 2014-02-12 13:16:34 +01:00
Tobias Brunner 44e6dbf04d testing: Add ssh script to distribution 2014-02-12 10:53:17 +01:00
Andreas Steffen d9c7fcd0ee unit-tests: added asn1_parser tests 2014-02-10 21:29:34 +01:00
Andreas Steffen e62c6b0a24 unit-tests: added some more ASN.1 length tests 2014-02-10 21:29:34 +01:00
Thomas Egerer b351acfed6 leak_detective: Assign return value of realloc to buf 
If realloc return a pointer value different from the value to be
reallocated, a double free can occur in this context.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
 2014-02-10 17:23:54 +01:00
Martin Willi 7707357227 rdrand: Provide get_features() regardless of RDRAND availability 
As having no get_features() raises a deprecated warning, we return no features
instead.
 2014-02-10 11:22:16 +01:00
Martin Willi 144f1d7041 rdrand: Move RDRAND detection log to level 2 
When having RDRAND support, these log messages might be confusing when using
pki or other tools.
 2014-02-10 11:07:50 +01:00
Martin Willi ac2dc3b726 updown: Return an empty DNS server enumerator if no IKE_SA available 
The one existing caller does not handle a NULL return and always expects
an enumerator; and returning FALSE does not make sense anyway.
 2014-02-06 16:38:39 +01:00
Martin Willi fe40c47547 Merge branch 'cmd-proposals' 
Introduce --ike/esp/ah-proposal options to offer custom proposals, and requests
an IPv6 virtual IP if an IPv6 --remote-ts is given.

Fixes #508.
 2014-02-06 15:58:41 +01:00
Martin Willi e2de972c55 charon-cmd: Request an IPv6 virtual IP if an IPv6 remote subnet given 2014-02-06 15:58:13 +01:00
Martin Willi fe7269c089 charon-cmd: Document new proposal options in manpage 2014-02-06 15:58:13 +01:00
Martin Willi c9e85424a8 charon-cmd: Add --esp/--ah-proposal options to specify CHILD_SA proposals 2014-02-06 15:58:07 +01:00
Martin Willi 2796cf59bc charon-cmd: Add an --ike-proposal option to specify non-default IKE proposals 2014-02-06 15:57:36 +01:00
Martin Willi 1df1430146 charon-cmd: Block SIGUSR1 on worker threads 
To properly shut down charon-cmd with leak reports, only the main thread
should catch SIGUSR1 to shut down the application. Work threads should ignore
SIGUSR1 to avoid any hard application termination.
 2014-02-06 15:57:36 +01:00
Andreas Steffen 0edd13b6c8 Document ipsec attest --session command 2014-02-05 12:06:46 +01:00
Andreas Steffen 24f59868c4 Allow output of session time in UTC 2014-02-05 12:06:22 +01:00
Andreas Steffen d6804e3041 Added missing semicolon in SQL statements 2014-02-05 10:15:56 +01:00
Andreas Steffen 523c2874fb Added Android 4.3.1 to products database table 2014-02-04 19:49:34 +01:00
Andreas Steffen 2a43f7fd9e Added new Android versions to PTS database 2014-02-04 06:59:01 +01:00
Martin Willi 0c5dfb741f testing: Fetch the FreeRADIUS tarball from the "old" directory 
Fixes #483.
 2014-01-31 17:51:45 +01:00
Martin Willi 1f4883008e unit-tests: Add some test cases for HTTP GET/POST fetches 2014-01-31 12:18:32 +01:00
Martin Willi 1691b19900 unit-tests: Fix test_runner_run() apidoc 2014-01-29 13:38:10 +01:00
Tobias Brunner 3114cecdbe pki: Declare correct section in pki --issue man page 2014-01-24 16:17:46 +01:00
Martin Willi 0cec570a4b NEWS: Add unit testing improvements 2014-01-24 13:19:55 +01:00
Martin Willi d048a319df ike: Restart inactivity counter after doing a CHILD_SA rekey 
When doing a rekey for a CHILD_SA, the use counters get reset. An inactivity
job is queued for a time unrelated to the rekey time, so it might happen
that the inactivity job gets executed just after rekeying. If this happens,
inactivity is detected even if we had traffic on the rekeyed CHILD_SA just
before rekeying.

This change implies that inactivity checks can't handle inactivity timeouts
for rekeyed CHILD_SAs, and therefore requires that inactivity timeout is shorter
than the rekey time to have any effect.
 2014-01-23 16:19:22 +01:00
Martin Willi 763e035335 child-sa: Add a getter for CHILD_SA install time 2014-01-23 16:19:22 +01:00
Martin Willi 76d073c5ab Merge branch 'pam-session' 
Add support for PAM session management in xauth-pam.
 2014-01-23 16:14:46 +01:00
Martin Willi 572582f5de NEWS: Introduce PAM session management 2014-01-23 16:11:54 +01:00
Martin Willi c5dc94dc8a man: Document xauth-pam session option 2014-01-23 16:07:04 +01:00
Andrea Bonomi 2312504d1e xauth-pam: Open/close a PAM session for each connected client 
Signed-off-by: Andrea Bonomi <a.bonomi@endian.com>
 2014-01-23 16:07:04 +01:00
Martin Willi 7dc8bf495b xauth-pam: Sanitize XAuth attributes before passing them to PAM 2014-01-23 16:07:04 +01:00
Martin Willi 5770e28e96 Merge branch 'vendor-ids' 
Refactors IKEv2 vendor ID handling, and introduces some IDs seen when talking
to Cisco devices.
 2014-01-23 16:04:48 +01:00