Commit Graph

11758 Commits

Author SHA1 Message Date
Tobias Brunner 5ee0747cfd autoconf: Split PACKAGE_VERSION in four parts
The parts can be accessed with the variables:

	PACKAGE_VERSION_MAJOR
	PACKAGE_VERSION_MINOR
	PACKAGE_VERSION_BUILD
	PACKAGE_VERSION_REVIEW

The last part will be empty for regular releases.
2013-09-02 11:30:24 +02:00
Tobias Brunner 10a69c32c2 conftest: Fix hook constructor resolution via dlsym()
AM_CPPFLAGS only takes preprocessor flags like -I or -D, so it did not
forward -rdynamic to the linker (--export-dynamic), which meant that the
symbols defined in the executable itself were not resolvable via dlsym().

Fixes #394.
2013-08-30 19:45:51 +02:00
Andreas Steffen 4e2a176229 SWID IMC implements recursive tag collection in /usr/share 2013-08-30 16:25:55 +02:00
Tobias Brunner 2a7a9471dd aes-test: Rename crypt() as it conflicts with a library function on Mac OS X
unistd.h on Linux defines this only if _XOPEN_SOURCE is defined.
2013-08-30 08:51:09 +02:00
Mathias Krause 45b80880f8 kernel-pfroute: Fix mixed up memset() call in get_route()
The retry code introduced in dc8b083 got the memset() arguments wrong.
Fix this to ensure the buffer gets zeroed, for real.

It probably doesn't matter as we do reset the message length on retry, so
the stale data shouldn't be seen by anyone.

Found-by: git grep 'memset\s*\([^,]*,\s*[^,]*,\s*0\s*\)'
2013-08-29 18:56:39 +02:00
Martin Willi b656f63efe testing: support a .gitignored testing.conf.local for site-local configurations 2013-08-29 15:55:23 +02:00
Martin Willi a0cd955f42 charon-xpc: add a note how to build the source tarball 2013-08-29 12:28:54 +02:00
Martin Willi 74ee1120d7 charon-xpc: include and prefer AES-GCM algorithms in ESP proposal 2013-08-29 11:37:07 +02:00
Andreas Steffen ee2d6f8618 Version bump to 5.1.1dr2 2013-08-28 23:00:47 +02:00
Andreas Steffen 1e82e27ac5 Added TCG-SWID error handling 2013-08-28 22:53:57 +02:00
Andreas Steffen db4a072ca9 Added scripts/aes-test to .gitignore 2013-08-28 22:52:30 +02:00
Andreas Steffen 7bda0f0c8b Added tzset memory leak to whitelist 2013-08-28 22:51:17 +02:00
Andreas Steffen 0d9e375193 Selectively enable PT-TLS and/or RADIUS sockets in tnc-pdp plugin 2013-08-26 20:36:07 +02:00
Tobias Brunner 9455f8b386 aes-test: Support test vectors at the end of a file 2013-08-24 16:22:51 +02:00
Tobias Brunner 8972c72237 aes-test: Add script to test AES implementations according to AESAVS/GCMVS 2013-08-24 16:22:51 +02:00
Tobias Brunner f0c54e8c15 chunk: Print chunks without separator if + modifier is used 2013-08-24 16:22:51 +02:00
Tobias Brunner 32a145fdbd utils: Add case-insensitive version of strpfx() 2013-08-24 16:22:51 +02:00
Martin Willi 49032d15be stroke: stop enumerating IKE_SAs in statusall if output stream gets closed
If the output stream is not interested in more information, it can close the
the stream. Checking for stream errors avoids useless enumeration of IKE_SAs,
saving resources. This allows to use "ipsec statusall | head" to monitor the
daemon, or stop enumerating IKE_SAs after a specific entry has been found.
2013-08-23 14:27:17 +02:00
Andreas Steffen 03d673620d Cleaned configuration files in PT-TLS client scenario 2013-08-22 17:24:20 +02:00
Tobias Brunner d7ae0b254d kernel: Restore enumeration of all addresses when searching for address in TS
Since f52cf07532 addresses on ignored, down or loopback interfaces were
not considered as valid addresses anymore when searching for an address
contained in the local traffic selector.  This meant that route
installation failed, for instance, if charon.install_virtual_ip_on was
set to 'lo', or, on gateways, if internal interfaces were ignored with
the charon.interfaces_* options.
2013-08-21 17:01:03 +02:00
Tobias Brunner 85ca2f7441 conftest: Disable reset_seq hook on systems other than Linux
Fixes #386.
2013-08-21 11:27:28 +02:00
Tobias Brunner e001cc2b07 kernel-netlink: Fix calculation of ESN bitmap length
While bmp_len stores the number of u_int32_t the allocated bitmap
actually consists of those integers.
2013-08-21 08:28:12 +02:00
Andreas Steffen 2b32884d39 Added stand-alone pt-tls-client to NEWS 2013-08-19 12:28:12 +02:00
Andreas Steffen aff4367907 Flush iptables rules on alice 2013-08-19 12:20:57 +02:00
Andreas Steffen f859645b12 Fixes in tnc scenarios 2013-08-19 11:44:51 +02:00
Andreas Steffen 10c7ca2399 Added tnc/tnccs-20-pt-tls scenario 2013-08-19 11:36:23 +02:00
Andreas Steffen e626821677 Version bump to 5.1.1dr1 2013-08-19 10:03:23 +02:00
Andreas Steffen 1e92d5f114 Process PB-TNC batches received via PT-TLS asynchronously 2013-08-19 09:52:12 +02:00
Andreas Steffen 9dc3b2053d Optimize TLS socket buffer for TLS_MAX_FRAGMENT_LEN 2013-08-19 09:50:57 +02:00
Andreas Steffen 70a80ef5d4 Output handler of a given workitem 2013-08-16 14:14:13 +02:00
Andreas Steffen 4d2bac37c4 Implemented SWID Tag Inventory attribute 2013-08-16 14:13:35 +02:00
Andreas Steffen f405c15a59 deleted moved files 2013-08-15 23:34:23 +02:00
Andreas Steffen b38d9d5a54 Implemented SWID prototype IMC/IMV pair 2013-08-15 23:34:23 +02:00
Andreas Steffen 0bd29a438e Updated the SWID attributes 2013-08-15 23:34:23 +02:00
Andreas Steffen e689de6b8c Optimized PT-TLS data transfer 2013-08-15 23:34:23 +02:00
Andreas Steffen 6aff4b5ce8 Show host address of peer connecting to PT-TLS socket 2013-08-15 23:34:23 +02:00
Andreas Steffen 0a09b02dcf Set client identity with TLS certificate authentication 2013-08-15 23:34:23 +02:00
Andreas Steffen 9cc606d22a Fixed memory leak in SASL PLAIN 2013-08-15 23:34:23 +02:00
Andreas Steffen 663ea1407d added --optionsfrom capability 2013-08-15 23:34:23 +02:00
Andreas Steffen 7c027f7983 Use client identities from successful authentications, only 2013-08-15 23:34:23 +02:00
Andreas Steffen d6719c974c Add pt-tls-client to .gitignore 2013-08-15 23:34:23 +02:00
Andreas Steffen 97b1d39de5 Extract client identity and authentication type from SASL authentication 2013-08-15 23:34:22 +02:00
Andreas Steffen 6d6100c2bc Added some debug statements 2013-08-15 23:34:22 +02:00
Andreas Steffen f420d5f380 enabled SASL PLAIN authentication 2013-08-15 23:34:22 +02:00
Andreas Steffen 8327c44b74 PT-TLS connection is properly terminated 2013-08-15 23:34:22 +02:00
Andreas Steffen 12b3db5006 moved tnc_imv plugin to libtnccs thanks to recommendation callback function 2013-08-15 23:34:22 +02:00
Andreas Steffen 9d8c28e2f5 Documented plugin move from libcharon to libtnccs in strongswan.conf 2013-08-15 23:34:22 +02:00
Andreas Steffen e8f65c5cde Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon plugins to libtnccs 2013-08-15 23:34:22 +02:00
Andreas Steffen 180a2f2642 rapid PT-TLS AR/PDP prototype 2013-08-15 23:34:22 +02:00
Andreas Steffen f5b5d262e8 Add PT-TLS interface to strongSwan PDP 2013-08-15 23:34:22 +02:00