71baf5a8f0
Adding support for AES GMAC (RFC4543).
2010-02-12 10:57:39 +01:00
2aa553d773
Do not build own authentication data before we've verified others, we need the other identity in EAP
2010-02-09 16:11:07 +01:00
3cc0cc4332
Increased the buffer for netlink responses.
...
If an error occurs while manipulating policies in the kernel, the
original netlink request gets attached to the response.
Prior to Linux 2.6.32 the size in the netlink header of the response was
wrong.
2010-02-05 20:10:54 +01:00
b917f49684
initialize variables to avoid compiler warning
2010-02-05 12:34:37 +01:00
313a53d4fc
Use destination address of ppp interfaces as nexthop in starters default route lookup
2010-02-05 09:28:31 +01:00
6c9c0baee9
init_fetch() changed to fetch_initialize()
2010-02-05 06:17:02 +01:00
7481f964ae
Use child_updown hook in updown plugin, fixes doubled invocation of down script
2010-02-03 11:07:53 +01:00
889ff9389b
renamed init_fetch() to fetch_initialize()
2010-02-02 19:44:34 +01:00
41faec0791
Some whitespace and code cleanups concerning the mediation extension.
2010-02-02 15:53:22 +01:00
dc5969242f
Join pluto's fetching thread instead of detaching it in order to avoid that the leak-detective reports a memleak.
2010-02-02 15:23:39 +01:00
b7fd2ea76c
corrected captions
2010-02-01 12:44:44 +01:00
bf1e0df7c5
warn if loaded local certificate is invalid
2010-02-01 12:29:32 +01:00
8015c91cb9
Added a ipsec.conf "inactivity" option to configure inactivity timeout for CHILD_SAs
2010-01-27 16:05:11 +01:00
71da001753
Made inactivity_timeout a per CHILD_SA config option
2010-01-27 15:47:08 +01:00
db05341916
Refactored EAP payload, avoid unaligned word access
2010-01-21 14:43:07 +01:00
23d2bf84a3
Added a METHOD2() macro that implements a method for two different interfaces
2010-01-21 14:42:08 +01:00
47498044c3
Support RADIUS messages up to 4096 bytes, RADIUS EAP-Message fragmentation
2010-01-19 16:47:21 +01:00
7eab4a1be6
Support TLS client authentication Extended Key Usage in x509 generation
2010-01-14 12:00:43 +01:00
776f59f7be
Block the signals before the call to sigwait.
2010-01-12 11:52:03 +01:00
aa9eeb5deb
Support for closing CHILD/IKE_SA if a CHILD_SA is inactive.
2010-01-12 10:23:42 +01:00
bc6ff2fc99
Added strongswan.conf options to configure retransmission timeouts
2010-01-11 16:42:12 +01:00
527f7f9b1c
Added a "double" getter to libstrongswan settings
2010-01-11 16:39:28 +01:00
dbee988e28
Cast unaligned memcpy() args to char*, avoids over-optimization on ARM
...
See http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.faqs/ka3934.html
2010-01-11 15:35:41 +01:00
b979032088
log EAP-only authentication proposal
2010-01-11 11:17:40 +01:00
dd37fa8620
pluto and charon are using the same strongSwan Vendor ID
2010-01-11 00:43:46 +01:00
34948b9971
EAP-MSCHAPv2 is indeed mutual, but is prone to MITM dictionary attacks
2010-01-07 15:56:11 +01:00
f34702ff3f
Support EAP-only authentication for mutual and key deriving EAP methods
2010-01-07 15:51:30 +01:00
12fca6cc9f
Indicate and dected support for EAP-only authentication
2010-01-07 14:30:28 +01:00
023fd8f135
Match to private use algorithms only if we know we are talking to strongSwan
2010-01-07 11:07:53 +01:00
b3349c5694
Interpret private use BEET mode notify only if we know we are talking to strongSwan
2010-01-07 09:37:38 +00:00
a5a0bcaa04
Add an option to send a vendor ID, allows us to properly support private extensions
2010-01-07 09:37:27 +00:00
580063971b
added some recent new attributes registered with IANA
2010-01-07 07:49:16 +01:00
3e33ae1004
ipsec pki --self|issue supports --pathlen option setting a path length constraint
2009-12-31 15:13:35 +01:00
7eaec999ca
make error message about missing MD4 hasher more explicit
2009-12-30 23:32:03 +01:00
83c282ebb4
differentiate EAP method initialization errors
2009-12-30 21:34:59 +01:00
e9a1852aac
Pluto's fetcher thread is now created via libstrongswan.
2009-12-26 15:50:34 +01:00
d002c62347
enforce RFC 3779 address constraints on traffic selectors
2009-12-25 11:20:58 +01:00
ff4d4aa99a
Adapted the load_tester kernel-interface to the changes introduced in 6ec949e02.
2009-12-23 17:15:28 +01:00
cb186f9922
Added some IPv6 tweaks for Android.
...
Android 1.6 does not yet support the Advanced Sockets API for IPv6 as defined in
RFC 3542. Also, in6addr_any is missing.
2009-12-23 17:03:42 +01:00
a37cf4580a
Semicolon removed.
2009-12-23 17:03:42 +01:00
3f490ff978
According to the man page (and the header files in Android) prctl takes a total of 5 arguments.
2009-12-23 17:03:42 +01:00
85202e8795
Added a workaround for the missing pthread_cancel on Android.
2009-12-23 17:03:42 +01:00
b2944d71ca
Use pthread_cond_timedwait_monotonic on Android.
2009-12-23 17:03:41 +01:00
01e606546c
Cache queue locking in credential manager corrected.
2009-12-23 17:03:41 +01:00
47e98cda5f
Join worker threads when destroying the processor.
2009-12-23 17:03:41 +01:00
b97cc0ab3f
Callback job refactored and fixed.
2009-12-23 17:03:41 +01:00
89ec5bef08
Whitespace cleanup.
2009-12-23 17:03:41 +01:00
4ec2c94b5d
Readding changes that got lost during refactoring/rebasing.
2009-12-23 17:03:41 +01:00
4a5a5dd290
Using the thread wrapper in charon, libstrongswan and their plugins.
2009-12-23 17:03:41 +01:00
c48eea9203
Adding an object-oriented wrapper for thread-specific values.
2009-12-23 17:02:26 +01:00
Tobias Brunner