Tobias Brunner
71baf5a8f0
Adding support for AES GMAC (RFC4543).
2010-02-12 10:57:39 +01:00
Martin Willi
2aa553d773
Do not build own authentication data before we've verified others, we need the other identity in EAP
2010-02-09 16:11:07 +01:00
Tobias Brunner
3cc0cc4332
Increased the buffer for netlink responses.
...
If an error occurs while manipulating policies in the kernel, the
original netlink request gets attached to the response.
Prior to Linux 2.6.32 the size in the netlink header of the response was
wrong.
2010-02-05 20:10:54 +01:00
Andreas Steffen
b917f49684
initialize variables to avoid compiler warning
2010-02-05 12:34:37 +01:00
Martin Willi
313a53d4fc
Use destination address of ppp interfaces as nexthop in starters default route lookup
2010-02-05 09:28:31 +01:00
Andreas Steffen
6c9c0baee9
init_fetch() changed to fetch_initialize()
2010-02-05 06:17:02 +01:00
Martin Willi
7481f964ae
Use child_updown hook in updown plugin, fixes doubled invocation of down script
2010-02-03 11:07:53 +01:00
Andreas Steffen
889ff9389b
renamed init_fetch() to fetch_initialize()
2010-02-02 19:44:34 +01:00
Tobias Brunner
41faec0791
Some whitespace and code cleanups concerning the mediation extension.
2010-02-02 15:53:22 +01:00
Tobias Brunner
dc5969242f
Join pluto's fetching thread instead of detaching it in order to avoid that the leak-detective reports a memleak.
2010-02-02 15:23:39 +01:00
Andreas Steffen
b7fd2ea76c
corrected captions
2010-02-01 12:44:44 +01:00
Andreas Steffen
bf1e0df7c5
warn if loaded local certificate is invalid
2010-02-01 12:29:32 +01:00
Martin Willi
8015c91cb9
Added a ipsec.conf "inactivity" option to configure inactivity timeout for CHILD_SAs
2010-01-27 16:05:11 +01:00
Martin Willi
71da001753
Made inactivity_timeout a per CHILD_SA config option
2010-01-27 15:47:08 +01:00
Martin Willi
db05341916
Refactored EAP payload, avoid unaligned word access
2010-01-21 14:43:07 +01:00
Martin Willi
23d2bf84a3
Added a METHOD2() macro that implements a method for two different interfaces
2010-01-21 14:42:08 +01:00
Martin Willi
47498044c3
Support RADIUS messages up to 4096 bytes, RADIUS EAP-Message fragmentation
2010-01-19 16:47:21 +01:00
Martin Willi
7eab4a1be6
Support TLS client authentication Extended Key Usage in x509 generation
2010-01-14 12:00:43 +01:00
Tobias Brunner
776f59f7be
Block the signals before the call to sigwait.
2010-01-12 11:52:03 +01:00
Martin Willi
aa9eeb5deb
Support for closing CHILD/IKE_SA if a CHILD_SA is inactive.
2010-01-12 10:23:42 +01:00
Martin Willi
bc6ff2fc99
Added strongswan.conf options to configure retransmission timeouts
2010-01-11 16:42:12 +01:00
Martin Willi
527f7f9b1c
Added a "double" getter to libstrongswan settings
2010-01-11 16:39:28 +01:00
Martin Willi
dbee988e28
Cast unaligned memcpy() args to char*, avoids over-optimization on ARM
...
See http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.faqs/ka3934.html
2010-01-11 15:35:41 +01:00
Andreas Steffen
b979032088
log EAP-only authentication proposal
2010-01-11 11:17:40 +01:00
Andreas Steffen
dd37fa8620
pluto and charon are using the same strongSwan Vendor ID
2010-01-11 00:43:46 +01:00
Martin Willi
34948b9971
EAP-MSCHAPv2 is indeed mutual, but is prone to MITM dictionary attacks
2010-01-07 15:56:11 +01:00
Martin Willi
f34702ff3f
Support EAP-only authentication for mutual and key deriving EAP methods
2010-01-07 15:51:30 +01:00
Martin Willi
12fca6cc9f
Indicate and dected support for EAP-only authentication
2010-01-07 14:30:28 +01:00
Martin Willi
023fd8f135
Match to private use algorithms only if we know we are talking to strongSwan
2010-01-07 11:07:53 +01:00
Martin Willi
b3349c5694
Interpret private use BEET mode notify only if we know we are talking to strongSwan
2010-01-07 09:37:38 +00:00
Martin Willi
a5a0bcaa04
Add an option to send a vendor ID, allows us to properly support private extensions
2010-01-07 09:37:27 +00:00
Andreas Steffen
580063971b
added some recent new attributes registered with IANA
2010-01-07 07:49:16 +01:00
Andreas Steffen
3e33ae1004
ipsec pki --self|issue supports --pathlen option setting a path length constraint
2009-12-31 15:13:35 +01:00
Andreas Steffen
7eaec999ca
make error message about missing MD4 hasher more explicit
2009-12-30 23:32:03 +01:00
Andreas Steffen
83c282ebb4
differentiate EAP method initialization errors
2009-12-30 21:34:59 +01:00
Tobias Brunner
e9a1852aac
Pluto's fetcher thread is now created via libstrongswan.
2009-12-26 15:50:34 +01:00
Andreas Steffen
d002c62347
enforce RFC 3779 address constraints on traffic selectors
2009-12-25 11:20:58 +01:00
Tobias Brunner
ff4d4aa99a
Adapted the load_tester kernel-interface to the changes introduced in 6ec949e02
.
2009-12-23 17:15:28 +01:00
Tobias Brunner
cb186f9922
Added some IPv6 tweaks for Android.
...
Android 1.6 does not yet support the Advanced Sockets API for IPv6 as defined in
RFC 3542. Also, in6addr_any is missing.
2009-12-23 17:03:42 +01:00
Tobias Brunner
a37cf4580a
Semicolon removed.
2009-12-23 17:03:42 +01:00
Tobias Brunner
3f490ff978
According to the man page (and the header files in Android) prctl takes a total of 5 arguments.
2009-12-23 17:03:42 +01:00
Tobias Brunner
85202e8795
Added a workaround for the missing pthread_cancel on Android.
2009-12-23 17:03:42 +01:00
Tobias Brunner
b2944d71ca
Use pthread_cond_timedwait_monotonic on Android.
2009-12-23 17:03:41 +01:00
Tobias Brunner
01e606546c
Cache queue locking in credential manager corrected.
2009-12-23 17:03:41 +01:00
Tobias Brunner
47e98cda5f
Join worker threads when destroying the processor.
2009-12-23 17:03:41 +01:00
Tobias Brunner
b97cc0ab3f
Callback job refactored and fixed.
2009-12-23 17:03:41 +01:00
Tobias Brunner
89ec5bef08
Whitespace cleanup.
2009-12-23 17:03:41 +01:00
Tobias Brunner
4ec2c94b5d
Readding changes that got lost during refactoring/rebasing.
2009-12-23 17:03:41 +01:00
Tobias Brunner
4a5a5dd290
Using the thread wrapper in charon, libstrongswan and their plugins.
2009-12-23 17:03:41 +01:00
Tobias Brunner
c48eea9203
Adding an object-oriented wrapper for thread-specific values.
2009-12-23 17:02:26 +01:00