ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,390 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

13571 Commits

Author SHA1 Message Date
Tobias Brunner 96b61792df ike: Don't reestablish IKE_SAs for which a deletion is queued 
If an IKE_SA is terminated while a task is active, the delete task is
simply queued (unless the deletion is forced).  If the active task times
out before any optional timeout associated with the termination hits, the
IKE_SA previously was reestablished without considering the termination
request.

Fixes #3335.
 2020-02-21 10:38:13 +01:00
Tobias Brunner cfed3a87ee charon-nm: Use better default directory for D-Bus policy file 
Also makes it configurable via configure script.  Depending on `$datadir` is
not ideal as package maintainers might set that to a custom value.  Depending
on `$datarootdir` might have been better, the default if pkg-config fails is
now based on that.

References #3339.
 2020-02-21 09:46:13 +01:00
Tobias Brunner 7eab520bbf nm: Ignore generated POT file 2020-02-14 14:53:26 +01:00
Tobias Brunner ca3ff27101 nm: Only check PSK length if one is actually stored 2020-02-14 14:51:43 +01:00
Tobias Brunner d57d5f510d nm: Make local identity configurable 
For PSK authentication we now use the local identity and not the username
field.
 2020-02-14 14:45:32 +01:00
Tobias Brunner ff8f6b15aa charon-nm: Add support for custom local IKE identities 2020-02-14 14:35:44 +01:00
Tobias Brunner 5575aaf5c8 charon-nm: Keep listener registered even on failures 
NM doesn't seem to terminate the daemon on failures, so we might not get
further events for later retries.
 2020-02-14 13:55:42 +01:00
Tobias Brunner 3d2f5ae003 charon-nm: Support reauthentication and redirection 2020-02-14 13:55:42 +01:00
Tobias Brunner 661e1044c0 nm: Make EAP-TLS configurable 
A new combo field allows selecting where the certificate/key is stored.
 2020-02-14 13:50:32 +01:00
Tobias Brunner bc3eda99ba charon-nm: Add support for EAP-TLS 
The code is structured similar to that in the Android client, but two-round
authentication (cert+EAP) is not supported as that might require multiple
secrets ("password" is currently the only secret field used for every
method) and other details are currently missing too (like configurable
client identities).
 2020-02-14 13:44:39 +01:00
Tobias Brunner e85a43b7b6 nm: Make server port configurable in GUI 2020-02-14 13:36:16 +01:00
Tobias Brunner 60777574c1 charon-nm: Add support for custom server ports 2020-02-14 13:36:16 +01:00
Tobias Brunner 7c6bb33151 nm: Update German translation 2020-02-14 11:19:49 +01:00
Tobias Brunner a7bda9a95e nm: Make remote identity editable in GUI 2020-02-14 11:19:49 +01:00
Tobias Brunner 19e64e101d charon-nm: Add support for a specific remote identity 2020-02-14 11:19:49 +01:00
Tobias Brunner f9956ca633 nm: Add hint regarding password storage policy 
Requires targeting GTK 3.2.
 2020-02-14 11:19:49 +01:00
Tobias Brunner 23de1602f9 nm: Replace the term "gateway" with "server" 2020-02-14 11:19:49 +01:00
Tobias Brunner d46f804b09 nm: Update Glade file for GTK 3.0 
That's the version we check for in the configure script.
 2020-02-14 11:19:49 +01:00
Tobias Brunner cb25022197 unit-tests: Increase timeout for test vectors suite 
These occasionally fail due to the current timeout on IBM Power on Travis.
 2020-02-13 16:42:13 +01:00
Tobias Brunner 19b2f870e2 enumerator: Fall back to lstat() if stat() fails when enumerating dirs/files 
This happens e.g. if the path is for an invalid symlink.
 2020-02-13 11:54:19 +01:00
Josh Soref d30498edf1 ikev2: Fix spelling of routability 
References strongswan/strongswan#164.
 2020-02-11 18:23:34 +01:00
Josh Soref b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner baf29263d5 pem: Support parsing PEM-encoded Ed448 keys 2020-02-10 13:37:31 +01:00
Tobias Brunner 878afdf90b pki: Add support for Ed448 keys/certificates 2020-02-10 13:37:31 +01:00
Tobias Brunner 85a35fc99d openssl: Support certificates with Ed25519/448 keys 2020-02-10 13:37:31 +01:00
Tobias Brunner 3361f81f1c pkcs1: Support parsing Ed448 public keys 2020-02-10 13:37:31 +01:00
Tobias Brunner 18bee9306a nm: Replace deprecated g_type_class_add_private() 
Fixes #2765, #3197.
 2020-02-05 10:54:37 +01:00
Tobias Brunner 0f141fb095 soup: Use soup_session_new() to avoid deprecation warning 
There are a ton of libsoup/GLib-related "leaks" that we can't whitelist
and with leak detective active there is a delay that interestingly doesn't
happen with soup_session_sync_new(), so tests failed with a timeout (actually
they hung due to the lock in the fetcher manager).
On Travis, the curl plugin is used for the tests, so that's not an issue
there (and without LD the tests complete quickly and successfully).
 2020-02-05 10:49:35 +01:00
Tobias Brunner f78dfb7e28 vici: Options are optional in get_pools() of Python bindings 
Fixes #3319.
 2020-02-03 10:52:31 +01:00
Tobias Brunner ef4113a49d libtpmtss: Fix problematic usage of chunk_from_chars() in TSS2 implementations 
See 8ea13bbc5c for details.

References #3249.
 2020-01-30 18:18:33 +01:00
Tobias Brunner 776433505b x509: Replace problematic calls of chunk_from_chars() for keyUsage extension 
As noted in 8ea13bbc5c newer compilers might optimize out the
assignment leading to invalid values in the keyUsage extension (as the
length was still set, the extension was encoded, just not with the
intended values).

Fixes #3249.
 2020-01-30 18:18:28 +01:00
Tobias Brunner d16e810778 pki: Remove unnecessary and problematic chunk_from_chars() usage in --signcrl 
If the serial is not yet set, the same default value is set just below.

See 8ea13bbc5c for details on chunk_from_chars().

References #3249.
 2020-01-30 18:18:14 +01:00
Tobias Brunner d5cf2d1f85 tls-crypto: Fix usage of chunk_from_chars() 
See 8ea13bbc5c for details.

References #3249.
 2020-01-30 18:18:06 +01:00
Tobias Brunner 2cb4af6696 wolfssl: Use pkg-config to check for wolfSSL 
The other checks trigger an automatic install of the old and incompatible
Ubuntu package on LGTM.
 2020-01-30 17:12:05 +01:00
Tobias Brunner 1147973661 pkcs11: Avoid naming conflict with method parameter 2020-01-28 15:32:43 +01:00
Tobias Brunner 18a3e6d80f systime-fix: Replace asctime() with thread-safe asctime_r() 
According to the man page, the buffer should have room for at least
26 characters.
 2020-01-28 15:32:43 +01:00
Tobias Brunner 584e8197fe load-tester: Avoid naming conflict with local certificate variables 2020-01-28 15:32:43 +01:00
Tobias Brunner a7126dd47e sw-collector: Avoid naming conflicts with local count variables 2020-01-28 15:32:43 +01:00
Tobias Brunner f168f5782b eap-aka-3gpp2: Fix a bunch of typos 2020-01-28 15:32:43 +01:00
Tobias Brunner 378fe7a4bf eap-aka-3gpp2: Avoid naming conflict with parameters of crypto functions 2020-01-28 15:32:43 +01:00
Tobias Brunner 719cfc7846 eap-aka-3gpp2: Avoid naming conflict with local AMF variable 2020-01-28 15:32:43 +01:00
Tobias Brunner b7019a5c9e pool: Avoid conflict with start/end variables used in many commands 2020-01-28 15:32:43 +01:00
Tobias Brunner 26f20cc258 aesni: Namespace include guard for AES-CMAC 
Was the same as in the cmac plugin.
 2020-01-28 15:32:43 +01:00
Tobias Brunner e438915e62 tls-prf: Remove unused/undeclared argument in TLS 1.0/1.1 PRF constructor 2020-01-28 15:32:43 +01:00
Tobias Brunner ea1f4cd7a9 pki: Avoid naming conflict with global variables for passed arguments 2020-01-28 15:32:43 +01:00
Tobias Brunner d493dc18d6 scepclient: Avoid name conflict with global PKCS#7 chunk 
Use the same name as further down below in the file.

Fixes: 04ff78aa33 ("scepclient: Store received RA certificates, using CA cert name as base.")
 2020-01-28 15:32:43 +01:00
Tobias Brunner 42928551ab starter: Avoid hiding global variable when checking PID file 2020-01-28 15:29:40 +01:00
Tobias Brunner cab86465bb copyright: Make strings static const 
They are not used anywhere else.
 2020-01-28 15:29:40 +01:00
Tobias Brunner 90df054f14 plugin-constructors: Remove unused import for `sys` 2020-01-28 15:29:40 +01:00
Tobias Brunner c584a6b2dc vici: Remove unused import in Python bindings 2020-01-28 15:29:40 +01:00