Tobias Brunner
96b61792df
ike: Don't reestablish IKE_SAs for which a deletion is queued
...
If an IKE_SA is terminated while a task is active, the delete task is
simply queued (unless the deletion is forced). If the active task times
out before any optional timeout associated with the termination hits, the
IKE_SA previously was reestablished without considering the termination
request.
Fixes #3335 .
2020-02-21 10:38:13 +01:00
Tobias Brunner
cfed3a87ee
charon-nm: Use better default directory for D-Bus policy file
...
Also makes it configurable via configure script. Depending on `$datadir` is
not ideal as package maintainers might set that to a custom value. Depending
on `$datarootdir` might have been better, the default if pkg-config fails is
now based on that.
References #3339 .
2020-02-21 09:46:13 +01:00
Tobias Brunner
7eab520bbf
nm: Ignore generated POT file
2020-02-14 14:53:26 +01:00
Tobias Brunner
ca3ff27101
nm: Only check PSK length if one is actually stored
2020-02-14 14:51:43 +01:00
Tobias Brunner
d57d5f510d
nm: Make local identity configurable
...
For PSK authentication we now use the local identity and not the username
field.
2020-02-14 14:45:32 +01:00
Tobias Brunner
ff8f6b15aa
charon-nm: Add support for custom local IKE identities
2020-02-14 14:35:44 +01:00
Tobias Brunner
5575aaf5c8
charon-nm: Keep listener registered even on failures
...
NM doesn't seem to terminate the daemon on failures, so we might not get
further events for later retries.
2020-02-14 13:55:42 +01:00
Tobias Brunner
3d2f5ae003
charon-nm: Support reauthentication and redirection
2020-02-14 13:55:42 +01:00
Tobias Brunner
661e1044c0
nm: Make EAP-TLS configurable
...
A new combo field allows selecting where the certificate/key is stored.
2020-02-14 13:50:32 +01:00
Tobias Brunner
bc3eda99ba
charon-nm: Add support for EAP-TLS
...
The code is structured similar to that in the Android client, but two-round
authentication (cert+EAP) is not supported as that might require multiple
secrets ("password" is currently the only secret field used for every
method) and other details are currently missing too (like configurable
client identities).
2020-02-14 13:44:39 +01:00
Tobias Brunner
e85a43b7b6
nm: Make server port configurable in GUI
2020-02-14 13:36:16 +01:00
Tobias Brunner
60777574c1
charon-nm: Add support for custom server ports
2020-02-14 13:36:16 +01:00
Tobias Brunner
7c6bb33151
nm: Update German translation
2020-02-14 11:19:49 +01:00
Tobias Brunner
a7bda9a95e
nm: Make remote identity editable in GUI
2020-02-14 11:19:49 +01:00
Tobias Brunner
19e64e101d
charon-nm: Add support for a specific remote identity
2020-02-14 11:19:49 +01:00
Tobias Brunner
f9956ca633
nm: Add hint regarding password storage policy
...
Requires targeting GTK 3.2.
2020-02-14 11:19:49 +01:00
Tobias Brunner
23de1602f9
nm: Replace the term "gateway" with "server"
2020-02-14 11:19:49 +01:00
Tobias Brunner
d46f804b09
nm: Update Glade file for GTK 3.0
...
That's the version we check for in the configure script.
2020-02-14 11:19:49 +01:00
Tobias Brunner
cb25022197
unit-tests: Increase timeout for test vectors suite
...
These occasionally fail due to the current timeout on IBM Power on Travis.
2020-02-13 16:42:13 +01:00
Tobias Brunner
19b2f870e2
enumerator: Fall back to lstat() if stat() fails when enumerating dirs/files
...
This happens e.g. if the path is for an invalid symlink.
2020-02-13 11:54:19 +01:00
Josh Soref
d30498edf1
ikev2: Fix spelling of routability
...
References strongswan/strongswan#164 .
2020-02-11 18:23:34 +01:00
Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Tobias Brunner
baf29263d5
pem: Support parsing PEM-encoded Ed448 keys
2020-02-10 13:37:31 +01:00
Tobias Brunner
878afdf90b
pki: Add support for Ed448 keys/certificates
2020-02-10 13:37:31 +01:00
Tobias Brunner
85a35fc99d
openssl: Support certificates with Ed25519/448 keys
2020-02-10 13:37:31 +01:00
Tobias Brunner
3361f81f1c
pkcs1: Support parsing Ed448 public keys
2020-02-10 13:37:31 +01:00
Tobias Brunner
18bee9306a
nm: Replace deprecated g_type_class_add_private()
...
Fixes #2765 , #3197 .
2020-02-05 10:54:37 +01:00
Tobias Brunner
0f141fb095
soup: Use soup_session_new() to avoid deprecation warning
...
There are a ton of libsoup/GLib-related "leaks" that we can't whitelist
and with leak detective active there is a delay that interestingly doesn't
happen with soup_session_sync_new(), so tests failed with a timeout (actually
they hung due to the lock in the fetcher manager).
On Travis, the curl plugin is used for the tests, so that's not an issue
there (and without LD the tests complete quickly and successfully).
2020-02-05 10:49:35 +01:00
Tobias Brunner
f78dfb7e28
vici: Options are optional in get_pools() of Python bindings
...
Fixes #3319 .
2020-02-03 10:52:31 +01:00
Tobias Brunner
ef4113a49d
libtpmtss: Fix problematic usage of chunk_from_chars() in TSS2 implementations
...
See 8ea13bbc5c
for details.
References #3249 .
2020-01-30 18:18:33 +01:00
Tobias Brunner
776433505b
x509: Replace problematic calls of chunk_from_chars() for keyUsage extension
...
As noted in 8ea13bbc5c
newer compilers might optimize out the
assignment leading to invalid values in the keyUsage extension (as the
length was still set, the extension was encoded, just not with the
intended values).
Fixes #3249 .
2020-01-30 18:18:28 +01:00
Tobias Brunner
d16e810778
pki: Remove unnecessary and problematic chunk_from_chars() usage in --signcrl
...
If the serial is not yet set, the same default value is set just below.
See 8ea13bbc5c
for details on chunk_from_chars().
References #3249 .
2020-01-30 18:18:14 +01:00
Tobias Brunner
d5cf2d1f85
tls-crypto: Fix usage of chunk_from_chars()
...
See 8ea13bbc5c
for details.
References #3249 .
2020-01-30 18:18:06 +01:00
Tobias Brunner
2cb4af6696
wolfssl: Use pkg-config to check for wolfSSL
...
The other checks trigger an automatic install of the old and incompatible
Ubuntu package on LGTM.
2020-01-30 17:12:05 +01:00
Tobias Brunner
1147973661
pkcs11: Avoid naming conflict with method parameter
2020-01-28 15:32:43 +01:00
Tobias Brunner
18a3e6d80f
systime-fix: Replace asctime() with thread-safe asctime_r()
...
According to the man page, the buffer should have room for at least
26 characters.
2020-01-28 15:32:43 +01:00
Tobias Brunner
584e8197fe
load-tester: Avoid naming conflict with local certificate variables
2020-01-28 15:32:43 +01:00
Tobias Brunner
a7126dd47e
sw-collector: Avoid naming conflicts with local count variables
2020-01-28 15:32:43 +01:00
Tobias Brunner
f168f5782b
eap-aka-3gpp2: Fix a bunch of typos
2020-01-28 15:32:43 +01:00
Tobias Brunner
378fe7a4bf
eap-aka-3gpp2: Avoid naming conflict with parameters of crypto functions
2020-01-28 15:32:43 +01:00
Tobias Brunner
719cfc7846
eap-aka-3gpp2: Avoid naming conflict with local AMF variable
2020-01-28 15:32:43 +01:00
Tobias Brunner
b7019a5c9e
pool: Avoid conflict with start/end variables used in many commands
2020-01-28 15:32:43 +01:00
Tobias Brunner
26f20cc258
aesni: Namespace include guard for AES-CMAC
...
Was the same as in the cmac plugin.
2020-01-28 15:32:43 +01:00
Tobias Brunner
e438915e62
tls-prf: Remove unused/undeclared argument in TLS 1.0/1.1 PRF constructor
2020-01-28 15:32:43 +01:00
Tobias Brunner
ea1f4cd7a9
pki: Avoid naming conflict with global variables for passed arguments
2020-01-28 15:32:43 +01:00
Tobias Brunner
d493dc18d6
scepclient: Avoid name conflict with global PKCS#7 chunk
...
Use the same name as further down below in the file.
Fixes: 04ff78aa33
("scepclient: Store received RA certificates, using CA cert name as base.")
2020-01-28 15:32:43 +01:00
Tobias Brunner
42928551ab
starter: Avoid hiding global variable when checking PID file
2020-01-28 15:29:40 +01:00
Tobias Brunner
cab86465bb
copyright: Make strings static const
...
They are not used anywhere else.
2020-01-28 15:29:40 +01:00
Tobias Brunner
90df054f14
plugin-constructors: Remove unused import for `sys`
2020-01-28 15:29:40 +01:00
Tobias Brunner
c584a6b2dc
vici: Remove unused import in Python bindings
2020-01-28 15:29:40 +01:00