6150efa885
Added charon to .gitignore
2010-03-19 17:17:54 +01:00
d92b337fe9
Do not indent the source file lists in Android.mk files so we can easily compare them to the lists in the Makefile.am files.
2010-03-19 13:34:53 +01:00
0f5a043989
Use wildcards to gather plugin source files.
2010-03-19 13:34:53 +01:00
52c7257366
Adding support for the build of libcharon (and charon) on Android.
2010-03-19 13:34:53 +01:00
78060ba063
Do not link libcharon to libstrongswan.
...
Linking to libstrongswan breaks the integrity-tests because libtool
relinks libcharon to libstrongswan on install, thus changing the
checksum.
2010-03-19 13:34:53 +01:00
ef87a61efd
Explicitly link charon to libstrongswan.
...
Also fixed the reference to the pthread library.
2010-03-19 13:34:53 +01:00
454faa47de
Don't indirectly link dependent libraries.
...
The default behaviour for ld allows users to 'indirectly' link to required
objects/libraries through intermediate objects/libraries. While this is
convenient, it can also be dangerous because it makes your program's
dependencies tied to the dependencies of other objects.
Beginning with Fedora 13 this will be changed and you need to explicitly
link all dependent libraries.
More details can be found here:
http://fedoraproject.org/wiki/UnderstandingDSOLinkChange
This patch fixes all such cases in strongSwan.
2010-03-19 13:34:53 +01:00
02222dfa65
Make integrity tests compatible with libcharon.
...
This does currently not work because libtool relinks libcharon on
install, thus changing the checksum.
2010-03-19 13:34:53 +01:00
349fa52852
Replacing the original charon with a small wrapper around libcharon.
2010-03-19 13:34:52 +01:00
bd3f8ea30b
Convert charon into libcharon.
2010-03-19 13:34:52 +01:00
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00
7c11d10eb8
Removed strayed code fragment
2010-03-19 10:25:12 +01:00
437690f897
ipsec pool --batch command
...
Introduce the --batch command which reads several ipsec pool commands
and their arguments from a file or STDIN. Useful if you need to run
serveral commands atomically from a configuration daemon or likewise.
Signed-off-by: Heiko Hund <hhund@astaro.com>
2010-03-19 10:23:40 +01:00
a90ed06f8a
ipsec pool error return status
...
Fix the error return status of the ipsec pool command. Also make --del for
attributes succeed if no --server option was given.
Signed-off-by: Heiko Hund <hhund@astaro.com>
2010-03-19 10:23:35 +01:00
ef9f69a2b9
ipsec pool --replace command
...
Introduce the pool --replace command as an alternative to --add. Also change
the current behavior of allowing duplicate pool names so that, --add with
an existing name fails and --replace removes the existing pool before
adding the new one.
Signed-off-by: Heiko Hund <hhund@astaro.com>
2010-03-19 10:23:29 +01:00
49a452e3a2
--addresses option for ipsec pool --add command
...
Introduce the --addresses option for --add that can be used to add a pool
containing non-contiguous addresses. Additionally it allows to preclaim
certain addresses for certain roadwarrior IDs. See the second chunk of
the patch for a more detailed description.
Signed-off-by: Heiko Hund <hhund@astaro.com>
2010-03-19 10:23:26 +01:00
f0da32c58d
Introduced ipsec.conf NTLM keyword for NT hashes
2010-03-17 18:51:00 +01:00
a7fb418edd
EAP-MSCHAPv2 can use stored NT hashes in addition to plaintext passwords
2010-03-17 18:50:53 +01:00
d266e8953e
lookup exclusion for several arbitrary routing tables
2010-03-17 10:08:02 +01:00
7b1fc2f7cf
Fixing a compiler warning when building with -Wextra.
2010-03-16 12:42:58 +01:00
a3316c2b9f
setting the two most significant bits assures an RSA modulus of maximum bit size
2010-03-15 15:13:26 +01:00
c0df187cb4
we don't accept a serial number with leading zeroes
2010-03-14 19:41:40 +01:00
d5f1b9b3c1
Reordered the name and sname construction.
2010-03-12 17:34:32 +01:00
01b87c2bc1
Fixed a bug in pluto's x509 handling.
...
This bug would have lead to a segmentation fault, if no public key could
have been extracted from a certificate.
2010-03-12 17:28:20 +01:00
4cedab5ad7
deleted old strongSwan VIDs
2010-03-12 03:29:18 +01:00
0ef84e5e4d
enable build of socket-default plugin
2010-03-11 21:53:18 +01:00
44f1024705
mixed IKEv1/IKEv2 scenarios require socket-raw
2010-03-11 21:32:36 +01:00
520f6b846a
Added a very minimalistic SMTP client to send mails via a local Exim
2010-03-11 10:51:16 +01:00
0fa7d1abb3
Do not disable the default-socket if it was enabled explicitly
2010-03-11 08:52:48 +01:00
81e9e75940
Set a xy_given variable for a --enable/disable-xy option
...
This additional variable allows a check if an option was
explicitly given or implicitly set using the default.
2010-03-11 08:50:12 +01:00
a3920abb76
Add a getter for the HTTP referer
2010-03-10 15:09:12 +01:00
d12ad4748a
fix 64bit issue with time_t from database
2010-03-10 10:46:49 +01:00
a5166b16a1
Adding socket-default to the plugin list in all test cases.
2010-03-09 17:43:21 +01:00
908d571796
Provide the Diffie Hellman parameters from a central location, so that we do not have to replicate them in every plugin that implements the DH interface.
...
The main reason for this change is that Android's libcrypto does not
include the get_rfcX_prime_Y functions by default. Therefore we would
have had to replicate the primes a third time.
2010-03-09 17:15:16 +01:00
38031382dc
Adding the OpenSSL plugin to the Android build.
2010-03-08 17:21:46 +01:00
16c8442a3e
Fixing integrity tests after renaming the plugin constructors.
2010-03-08 15:34:38 +01:00
d543d9cadf
Adding a helper function that translates single characters in a string.
2010-03-08 15:34:38 +01:00
d14203b009
Replaced the deprecated RSA_generate_key with RSA_generate_key_ex.
2010-03-08 15:34:38 +01:00
40f130dab3
Implemented the PRF_KEYED_SHA1 algorithm in the openssl plugin
2010-03-08 13:16:12 +01:00
33e4ee59ed
Removed accidentally commited files from tree, ignore tarballs and patches
2010-03-08 09:36:46 +01:00
31bd75ec64
removed unwanted commits
2010-03-07 21:11:57 +01:00
ceeb9bac8b
critical keyUsage extension must be parsed
2010-03-07 20:51:34 +01:00
469d448333
recognize strongSwan VID
2010-03-07 17:52:04 +01:00
1ec8f22de2
set Certificate Sign and CRL Sign flags in keyUsage extension if CA is true
2010-03-07 17:27:53 +01:00
3bcfb271a3
Make Android.mk depend on configure.in, so it gets rebuilt if the version number got changed.
2010-03-05 14:59:29 +01:00
d6731a0f26
parser.l includes y.tab.h, so it must be built first
2010-03-05 14:59:22 +01:00
73f5940b1c
Ignore the generated y.output.
2010-03-05 14:47:08 +01:00
551b02029e
Do not hardcode the path to the strongSwan sources.
2010-03-05 14:47:08 +01:00
de64e2166d
Ignore the generated Android.mk
2010-03-05 14:47:08 +01:00
807c12ce66
Generate the main Android.mk, so the version number is not hardcoded.
...
We include the generated file in the distribution, so users won't
have run configure if they are building for Android.
2010-03-05 14:46:59 +01:00
Martin Willi