de280c2e03
private-key: Add optional parameters argument to sign() method
2017-11-08 16:48:10 +01:00
1fe71a50f1
android: Add log message if failed to retrieve user certificate encoding
2017-11-02 12:19:36 +01:00
d3e1beaad5
android: New release after adding delta CRL support and some bug fixes
2017-09-18 11:04:46 +02:00
66b7a08884
android: Ignore IllegalArgumentException for multicast addresses
...
Some Android versions seem to reject routes that use multicast addresses.
Fixes #2420 .
2017-09-18 11:00:58 +02:00
311d931aef
android: New release after adding OCSP, CRL cache and some other stuff
2017-09-04 11:27:40 +02:00
1926efadde
android: Add disconnect button to dialog if already connected to profile
2017-09-04 10:41:30 +02:00
037b353d2c
android: Load x509 plugin to generate OCSP requests and parse responses
...
BoringSSL does not support OpenSSL's OCSP API.
2017-09-04 10:41:29 +02:00
829cc56a53
android: Add support to POST data via SimpleFetcher
...
That's required for OCSP verification.
2017-09-04 10:41:29 +02:00
6e39240a3e
android: Add option to clear cached CRLs
2017-09-04 10:41:29 +02:00
0bebbae9e3
android: Cache CRLs in app directory
...
Fixes #2405 .
2017-09-04 10:41:25 +02:00
3fe9a436ee
android: Pass absolute path to the app's data directory via JNI
2017-09-04 10:41:25 +02:00
98ab757284
android: Hide app selection in profile editor on Android < 5
2017-09-04 10:41:25 +02:00
0b4f7d646b
android: Only apply app filter on Android 5 and newer
2017-09-04 10:41:24 +02:00
ac3189f792
android: Catch OutOfMemoryError when importing profiles
...
Not sure if this is actually caused because e.g. the file is too large
or due to some encoding issue.
2017-09-04 10:41:24 +02:00
1a9261a923
android: Catch NullPointerException when parsing invalid certificates
2017-09-04 10:41:24 +02:00
e59b78254a
android: Catch NullPointerException when calling VpnService.prepare()
...
According to the Play Console this occurs occasionally.
2017-09-04 10:41:24 +02:00
ca280574ba
Fixed some typos, courtesy of codespell
2017-08-07 17:22:01 +02:00
909d7dca17
android: New release after fixing issues with older Android versions and DB upgrade
2017-07-04 11:55:04 +02:00
ccb6e9f1b0
android: Fix database update from older versions
2017-07-04 11:55:04 +02:00
a63b0f9982
android: Fix version string on older Android releases
...
SECURITY_PATCH is apparently only available since Android 6.
2017-07-04 11:54:57 +02:00
480d56da5f
android: New release after fixing crash with existing profiles
2017-07-03 13:44:49 +02:00
ebf369c483
android: Fix null pointer dereference with existing profiles
2017-07-03 13:43:53 +02:00
64c2d3ca3e
android: Only show disconnect button if actually connected
2017-07-03 12:11:30 +02:00
1b1060821e
android: New release after adding lots of new stuff
2017-07-03 10:47:43 +02:00
6333a756ee
android: Close activity when dialog is canceled if it was not visible before
...
onPause/onResume() won't work because onPause() is called right before
onNewIntent().
2017-07-03 10:39:26 +02:00
1265b353d4
android: Allow disconnecting via MainActivity but display a confirmation dialog
2017-07-03 10:39:26 +02:00
d0ed8ee89e
android: Add disconnect button to notification
2017-07-03 10:39:23 +02:00
8ae7f8b7a2
android: Make sending certificate requests configurable in the GUI
2017-07-03 10:37:09 +02:00
11eb7e0898
android: Import the flag to suppress certificate requests
2017-07-03 10:37:09 +02:00
3f0592d0fd
android: Add flag to suppress sending certificate requests
2017-07-03 10:37:09 +02:00
0204374e21
android: Add property for simple flags
2017-07-03 10:37:09 +02:00
aa4b6eda59
android: Import NAT-T keepalive interval
2017-07-03 10:33:29 +02:00
a2aa0ca0e4
android: Make NAT-T keepalive interval configurable in the GUI
2017-07-03 10:33:29 +02:00
db599d6b28
android: Use configured NAT-T keepalive interval
2017-07-03 10:33:29 +02:00
a28302317f
android: Add property for NAT-T keepalive interval
2017-07-03 10:33:29 +02:00
0b075420df
android: Use arrays as primary config option for subnets in profile files
2017-07-03 10:27:55 +02:00
646260f464
android: Change format of address ranges and print sets
2017-07-03 10:27:55 +02:00
291ef58c69
android: Make app handling and selection of apps configurable in profile editor
2017-07-03 10:27:54 +02:00
3cc6a03fa0
android: Add simple activity for the selection of apps
2017-07-03 10:27:54 +02:00
eb59c6a38a
android: Add list fragment for the selection of apps
2017-07-03 10:27:54 +02:00
208e15c0ba
android: Add filterable adapter for list of installed/selected apps
2017-07-03 10:27:54 +02:00
238c3061b7
android: Add list item layout for installed/selected apps
2017-07-03 10:27:54 +02:00
5561633fcd
android: Add class that wraps ApplicationInfo for selected apps
2017-07-03 10:27:54 +02:00
cea8213f1b
android: Handle checked state in activated background
2017-07-03 10:27:54 +02:00
34496b787d
android: Add text color for checkable list entries
2017-07-03 10:27:53 +02:00
0974addf93
android: Add a linear layout that is checkable
2017-07-03 10:27:53 +02:00
800f881ad0
android: Add convenience methods to get/set selected apps to/from a sorted set
2017-07-03 10:27:53 +02:00
d134ae21c2
android: Import selected/excluded apps from profile file
2017-07-03 10:27:53 +02:00
f2e7156d91
android: Apply selected apps according to config
...
Either only the selected apps are able to access the VPN or they are
excluded from access to the VPN.
2017-07-03 10:27:53 +02:00
43b33f075a
android: Add property for selected apps to VPN profiles
...
A second property will control if only the selected apps have access to
the VPN or if the selected apps are excluded from the VPN, or if the
functionality is disabled.
2017-07-03 10:27:53 +02:00
05c5e894a9
android: Make custom subnets configurable in the GUI
2017-07-03 10:27:53 +02:00
4a04bd3da5
android: Import custom subnets from profile file
2017-07-03 10:27:53 +02:00
4471a93481
android: Use configured included subnets instead of negotiated TS
2017-07-03 10:27:52 +02:00
abf02a2176
android: Add ability to add a range set to another
2017-07-03 10:27:52 +02:00
a9875259e8
android: Add property for included subnets to VPN profiles
2017-07-03 10:27:52 +02:00
1a63e8e44e
android: Make excluded subnets configurable in the GUI
2017-07-03 10:27:52 +02:00
70f7eb76d9
android: Import excluded subnets from profile file
2017-07-03 10:27:52 +02:00
72b7c289ad
android: Exclude configured subnets from the VPN
2017-07-03 10:27:52 +02:00
1e26483167
android: Implement Iterable interface and addAll() for range set
2017-07-03 10:27:52 +02:00
54714331e4
android: Add ability to remove a range set from another
2017-07-03 10:27:51 +02:00
78b20efb29
android: Parse two addresses separated by - as range
2017-07-03 10:27:51 +02:00
13ead876ad
android: Add property for excluded subnets to VPN profiles
2017-07-03 10:27:51 +02:00
d852a02717
android: Add class to manage a set of IP address ranges/subnets
2017-07-03 10:27:51 +02:00
bcba14504a
android: Add class to handle IP ranges and subnets
2017-07-03 10:27:51 +02:00
c5ba381757
android: Log some information about the Android version and the device
2017-07-03 10:27:51 +02:00
e5ec18009f
android: Escape backslashes in settings values
...
For usernames that use domain specifiers.
2017-07-03 10:27:51 +02:00
59693d6c56
android: Use a specific action to disconnect from the VPN
2017-07-03 10:27:50 +02:00
bef8bc3aac
android: Try to load existing user cert when importing VPN profile
2017-07-03 10:27:50 +02:00
36e8f43617
android: Enable revocation plugin
2017-07-03 10:27:50 +02:00
7b4177578b
android: Add a simple HTTP(S) fetcher for CRLs
2017-07-03 10:27:50 +02:00
74d44e15dc
android: Make log view more efficient
...
This bunches several log messages together before posting Runnables.
Fixes #2148 .
2017-07-03 10:27:45 +02:00
9c4607b454
android: Don't update state fragment if not attached to an Activity
...
When the bound state service finally connects we might not actually be
attached to an Activity.
2017-06-30 09:32:27 +02:00
b14507dd90
android: Make sure every listener at the VPN state service is only registered once
...
We register when the service connects but also in onStart() (as we
unregister in onStop() to avoid updates when not shown). So this could
theoretically cause the listener to get registered twice if the service
is connected before onStart() is called (it seems it usually isn't).
2017-06-30 09:32:27 +02:00
6766c85231
android: Add menu item to import VPN profile via Storage Access Framework
...
This is useful in case the proper MIME type was not set for a downloaded
profile.
2017-06-30 09:32:27 +02:00
edad60ea77
android: Add translation for Traditional Chinese
...
Courtesy of Chris Chiang.
2017-06-30 09:32:27 +02:00
61098dd6a3
android: Move Simplified Chinese translation to values-zg-rCN folder
2017-06-30 09:32:26 +02:00
451498b470
android: Update Gradle plugin and wrapper
2017-06-30 09:32:26 +02:00
aa66e2b704
nm: Version bump to 1.4.2
2017-05-30 14:36:17 +02:00
b2473e94a2
Fixed some typos, courtesy of codespell
2017-05-26 14:44:06 +02:00
2e4d110d1e
linked-list: Change return value of find_first() and signature of its callback
...
This avoids the unportable five pointer hack.
2017-05-26 13:56:44 +02:00
8a2e4d4a8b
linked-list: Change interface of callback for invoke_function()
...
This avoids the unportable five pointer hack.
2017-05-26 13:56:44 +02:00
95a63bf281
Migrate all enumerators to venumerate() interface change
2017-05-26 13:56:44 +02:00
a4b3f1454b
nm: Explicitly prevent the smartcard PIN from being stored
...
The secret storage flag wasn't being saved when using smartcard
authentication, resulting in the PIN being stored.
Fixes #2166 .
2017-05-08 15:29:37 +02:00
8e1b986c10
nm: IKE/ESP proposal customization support
...
Closes strongswan/strongswan#70 .
2017-05-08 14:35:27 +02:00
72fcce92d7
android: New release after fixing potential ANR issue
2017-02-20 16:34:43 +01:00
94375d46dc
android: Send network change events from a separate thread via JNI
...
Doing this from the main UI thread (which delivers the broadcast) might
cause an ANR if there is a delay (e.g. while acquiring a mutex in the
native parts). There might also have been a race condition during
termination previously because Unregister() was not synchronized so there
might have been dangling events that got delivered while or after the mutex
in the native parts was destroyed.
2017-02-17 13:07:30 +01:00
2222af2932
android: New release after adding translation for Simplified Chinese
2017-02-07 16:01:25 +01:00
ad882e1a43
android: Add translation for Simplified Chinese
...
Courtesy of Yick Xie.
2017-02-07 15:59:07 +01:00
9665686bd8
daemon: Use separate method to set default loggers
...
This way it is not necessary to pass the same values to reload the
loggers.
2017-01-25 14:58:09 +01:00
7b73cf4aa9
android: New release after adding profile import functionality
2017-01-20 11:53:43 +01:00
66bf2b788c
android: Handle profile file names with dots in them
2017-01-20 11:44:17 +01:00
9c79af8c38
android: Handle errors when fetching profile in more detail
2017-01-20 11:44:16 +01:00
3107634e30
android: Add activity to import VPN profiles from JSON-encoded files
...
The file format is documented on the wiki.
URLs to .sswan files may be intercepted and downloaded files with a media
type of application/vnd.strongswan.profile may also be opened (the file
extension doesn't matter in that case). Whether downloaded files for which
the media type is not correct but the extension is .sswan can be opened
depends on the app that issues the Intent. For instance, from the default
Downloads app it won't work due to the content:// URLs that do not contain
the file name but when opening the downloaded file from within Chrome's
Downloads view it works as these Intents use file:// URLs, which contain
the complete file name (the latter requires a new permission).
2017-01-20 11:44:07 +01:00
cf6110f152
android: Use a local broadcast to notify about profile changes
...
This allows other components to modify the profiles and notify about
changes.
2017-01-20 11:01:32 +01:00
c4ab9af74e
android: Add a UUID property to the VPN profiles
...
All new or edited profiles get a random UUID. We currently don't
enforce one, though. Later we might change that and use the UUID as
primary key.
2017-01-20 11:01:32 +01:00
8c859e86d6
android: New release after re-adding support for ECC Brainpool curves
2016-12-10 12:28:09 +01:00
aae9a9e678
android: New release after fixing libtpmtss issue
2016-12-09 11:18:17 +01:00
9920824e70
android: Make sure libtpmtss is loaded on older systems
...
On newer Android systems this seems to happen automatically (or does at
least not cause crashes if the library is not loaded).
2016-12-09 11:16:42 +01:00
708f9c7f65
android: New release after adding notification
2016-12-08 17:37:21 +01:00
3e85b5a492
android: Ensure that the certificates are loaded when accessing them via JNI
2016-12-08 17:14:49 +01:00
85059424a7
android: Add a public notification
2016-12-08 17:14:49 +01:00
d5070425a0
android: Display a permanent notification while connected
...
This forces the service to run in the foreground, meaning the system
won't kill it when low on memory.
2016-12-08 17:14:49 +01:00
e03c936982
android: Log any installed DNS servers
2016-12-08 17:14:49 +01:00
d6d12bab14
android: Unregister listener in case of error alerts
...
This avoids triggering additional errors via e.g. ike_updown() that
might cause the error message displayed in the GUI to change if the
status fragment is recreated.
References #2134 .
2016-12-08 17:13:16 +01:00
ef2ad9db1c
android: Report an error for invalid integer values
...
Previously we'd just ignore the invalid values without notifying the
user.
2016-12-08 16:43:51 +01:00
cefbf2bf9b
android: Propose curve25519 in the ESP proposals
2016-12-08 16:43:51 +01:00
fec47b6146
android: Enable curve25519 plugin in the app
2016-12-08 16:43:51 +01:00
5f0913fc1e
android: Propose ChaCha20/Poly1305 in the ESP AEAD proposals
2016-12-08 16:43:50 +01:00
8c0b38e9df
android: Enable chapoly plugin in the app
2016-12-08 16:43:50 +01:00
03472aea1f
android: Update Gradle plugin and wrapper
2016-12-08 16:43:50 +01:00
542b464e25
nm: Version bump to 1.4.1
2016-10-14 09:52:11 +02:00
8b35d5f162
android: Identifiers for SHA2-base RSA signature schemes got renamed
...
Fixes: 40f2589abf
2016-10-11 15:29:14 +02:00
5b93de43c6
nm: Fix comment in service file in /etc/NetworkManager/VPN
2016-10-04 09:57:14 +02:00
254099a090
nm: Remove generated service file in `make clean`
2016-10-04 09:57:13 +02:00
96aebc1756
nm: Don't add generated AppStream metadata to tarball
2016-10-04 09:57:13 +02:00
5f564b94a0
maemo: Remove obsolete status/settings applet
2016-09-15 18:33:52 +02:00
d9cb28c015
nm: Updated NEWS
2016-09-05 16:24:50 +02:00
be1061c920
nm: Update auth-dialog
...
This updates the auth dialog so that passwords are properly retrieved
(e.g. for the nm-applet). It also adds support for external UI mode and
properly handles secret flags.
2016-09-05 15:41:16 +02:00
2b63883dba
nm: Add minimum length constraint for PSK passwords in connection editor
...
We already have this restriction in the auth-dialog.
2016-09-05 15:41:15 +02:00
a238f534e8
nm: Bump minor version to 1.4.0
...
This is probably a good idea to do to signal there's significant changes in
dependencies to the distro package maintainers with libnm port and associated
changes.
2016-09-05 15:41:15 +02:00
7714c631d8
nm: Bump to GTK+ 3.0
...
It's been released years ago; we depend on newer stuff than that now.
2016-09-05 15:39:44 +02:00
47bd094e53
nm: Replace libgnomeui with libnma for password dialog
...
libgnomeui is long deprecated.
There's one functional difference: the choice to save the passwords is gone.
The password flags and saved password should be set in the preferences dialog,
but this commit does not fix that.
2016-09-05 15:39:44 +02:00
456044189c
nm: Grey out the unneeded authentication options
...
Hiding and showing the items is not ideal, since it leaves the spacing
in place and the layout gets really messy.
2016-09-05 15:39:44 +02:00
53fe8b1245
nm: Add a widget for setting a password
...
It was only possible to set the password from the authentication dialog,
which is not ideal; as it requires a connection attempt.
This adds an input entry along with a primary icon from libnma/libnm-gtk
which allows selecting the backend and flags for the password (system, session
agent, always ask or empty).
2016-09-05 15:39:44 +02:00
ae8082daa8
nm: Port to libnm
2016-09-05 15:39:43 +02:00
0fa9863363
nm: Check for libnm
...
libnm replaces libnm-glib. This will make sense with port to libnm and is done
to reduce line noise in that commit.
2016-09-05 15:39:43 +02:00
05cac18485
nm: Build two plugin binaries from the single source
...
They're both the same now. We'll port the new one to libnm in follow-up commits.
NetworkManager 1.2 (which is currently versioned as 1.1.0) is going to bring
some new ABI while still supporting the old one. There's new VPN service and
UI plugin APIs in libnm.
There's one difficulty though -- the connection editor 1.2 will be linked
against libnm and a new libnma library it will provide (as opposed to
libnm-glib and libnm-gtk), thus will be incapable of loading of property
plugins that are linked with the old libraries (due to glib type system
limitations).
However, we must not break support for other connection editors (GNOME control
center, older versions of nm-connection-editor, etc.) therefore we need
to build two versions of the property plugin. NetworkManager 1.2's libnm will
provide a shim that makes it easy.
2016-09-05 15:39:43 +02:00
8504d31a86
nm: Version bumb to 1.3.2
2016-09-05 15:30:54 +02:00
ab01ae3cae
nm: Remove incorrect top-level GtkWindow
...
Fixes #1013 .
2016-09-05 15:30:54 +02:00
a88831a018
nm: Replace libgnomekeyring with libsecret
...
The former is deprecated and the newer API is nicer anyway.
2016-09-05 15:30:54 +02:00
b86b6b8282
nm: Drop useless calls to AC_SUBST
...
PKG_CHECK_MODULES does the substitutions.
2016-09-05 15:30:54 +02:00
7f45e70ba1
nm: Drop some unneeded dependencies
2016-09-05 15:30:54 +02:00
1cddc4da77
nm: Install the .name file into /usr/lib/NetworkManager/VPN
...
It's the preferred location for system-provided plugins.
A compatible file in /etc is still kept. Also, the compatibility /etc
file needs to use a full path due to a bug in GNOME Shell.
The full path to a arch-dependent file in a supposedly arch-independent
file is a sin and a multilib violation in some distributions. However.
some pre-release versions of NetworkManager-1.2 as shipped by
distributions require a full path. Let's keep a configure-time option
for that.
2016-09-05 15:30:54 +02:00
49b3d818ea
nm: Automatically determine NM plugin directory
2016-09-05 15:28:54 +02:00
97939530e0
nm: Automatically determine path to the auth dialog
2016-09-05 15:28:54 +02:00
916cd5d7ca
nm: Move the D-Bus policy to charon-nm
...
It's needed for useful use of charon-nm, unlike the GUI.
2016-09-05 15:28:53 +02:00
6a0382e1f2
nm: Add AppStream metadata
...
This will ensure the strongSwan NetworkManager plugin will be easily
installable from the app stores such as GNOME Software.
Closes strongswan/strongswan#41 .
2016-09-05 15:26:04 +02:00
6b726b6fb2
android: Fix build after adding libtpmtss
2016-06-28 11:28:15 +02:00
6294f28bd3
android: Catch exception if numbers are too large for Integer
2016-06-13 16:12:17 +02:00
9827380e6f
android: Update Gradle plugin
2016-06-13 10:19:13 +02:00
25b69260fe
android: Fix signature of get_nexthop()
2016-06-13 10:18:45 +02:00
2df0d092f0
android: New release after fixing a crash during certificate imports
2016-05-06 12:52:26 +02:00
1130dbc408
android: Avoid IllegalStateException when importing certificates
...
When certificates are imported via Storage Access Framework we did handle
the selection directly in onActivityResult(). However, at that point the
activity might apparently not yet be resumed. So committing
FragmentTransactions could result in IllegalStateExceptions due to the
potential state loss. To avoid that we cache the returned URI and wait
until onPostResume() to make sure the activity's state is fully restored
before showing the confirmation dialog.
2016-05-06 12:51:49 +02:00
c962ae2e62
android: New release after reducing number of DH groups in proposal
2016-05-04 12:07:36 +02:00
2b9bfb6682
android: Use separate label strings for text fields in login dialog
...
In the profile editor the password is now marked as optional in the
label, which looks a bit strange in the login dialog.
2016-05-03 10:43:27 +02:00
3e21168d96
android: New release after GUI changes/additions
2016-05-02 18:50:44 +02:00
e69781b1a2
android: Show selected user identity in profile list
...
This also readds the colons that were removed from the labels.
2016-05-02 18:39:19 +02:00
67fa05aa59
android: Allow selection of user identity in GUI
2016-05-02 18:39:18 +02:00
cdcf754f64
android: Add adapter for user ID selection
2016-05-02 18:39:18 +02:00
eb507a5a0d
android: Add helper function to TrustedCertificateEntry to get subjectAltNames
...
Duplicates (e.g. with different types) are filtered. If necessary we
could later perhaps add a prefix.
2016-05-02 18:39:18 +02:00
Tobias Brunner