Martin Willi
8d91eee3fc
kernel-wfp: Add a stub for a Windows Filtering Platform based IPsec backend
2014-06-04 16:32:05 +02:00
Martin Willi
fb0b539084
socket-win: Implement a Windows socket plugin using Winsock2
2014-06-04 16:31:09 +02:00
Martin Willi
3b7b806d27
windows: Compile with -mno-ms-bitfields if option not set explicitly
...
-mms-bitfields is the default in newer MinGWs, but it breaks
__attribute__((packed)).
2014-06-04 15:53:13 +02:00
Martin Willi
0ca8541564
configure: Fix attribute((packed)) test when using -Werror
2014-06-04 15:53:13 +02:00
Martin Willi
3ab6082a0f
configure: Mark conftest variable as unused to pass test with -Werror
...
When using -Werror, the warning for the unused variable would let the test fail,
even if in6addr_any is available.
2014-06-04 15:53:13 +02:00
Martin Willi
2d42dce4a4
configure: Don't use -rdynamic with the LLVM toolchain
2014-06-04 15:53:13 +02:00
Martin Willi
5cd28cd25a
pki: Provide a fallback if strptime() not supported
...
For simplicity, we support the default pki datetime format only, but optionally
accept four digit years for longer lifetimes.
2014-06-04 15:53:11 +02:00
Martin Willi
b70849ada2
configure: Separate pki from --disable-tools
...
While pki builds and runs just fine on Windows, this is not true for scepclient.
2014-06-04 15:53:08 +02:00
Martin Willi
4161ee6678
configure: Check if __attribute__((packed)) works as expected
...
This is really hard to detect if not, and is not unlikely. If -mms-bitfields
is given, the attribute does not work. Even worse, that switch is by default
on with GCC/MinGW 4.7+ for Windows targets.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52991
2014-06-04 15:53:08 +02:00
Martin Willi
ee2498e3d6
bus: Build syslog logger depending on syslog() availability
2014-06-04 15:53:05 +02:00
Martin Willi
8e1c0d15a9
mysql: Add Windows support
...
As the mysql_config script is not available for Windows, we use a hardcoded
library name and no additional CFLAGS. This builds fine against the binary
MySQL Connector/C distribution.
2014-06-04 15:53:04 +02:00
Martin Willi
df4341747c
charon-svc: Implement a Windows IKE service using libcharon
...
The resulting binary can be either run as Windows service or directly as
console application.
2014-06-04 15:53:04 +02:00
Martin Willi
b9dca7057c
filelog: Ignore flush_line option if setlinebuf() not supported
2014-06-04 15:53:04 +02:00
Martin Willi
c6503d451a
charon: Don't use syslog() if not supported
2014-06-04 15:53:03 +02:00
Martin Willi
396baeaea2
windows: Never link to libpthread
2014-06-04 15:53:03 +02:00
Martin Willi
b7a4d44bd0
openssl: Check and link against libeay32 instead of libcrypto on Windows
...
Most Windows OpenSSL builds come with the crypto library named libeay32.
2014-06-04 15:53:02 +02:00
Martin Willi
4163421f91
plugins: Don't link with -rdynamic on Windows
2014-06-04 15:53:02 +02:00
Martin Willi
a7e943a640
backtrace: Add DbgHelp based Windows support for creating/printing backtraces
2014-06-04 15:52:57 +02:00
Martin Willi
ce24e0d3e5
configure.ac: Define USE_WINDOWS for Automake when building for Windows
2014-06-03 12:24:34 +02:00
Andreas Steffen
bee82725eb
Check for libjson
2014-05-31 20:37:56 +02:00
Andreas Steffen
e2c9f6ce04
Version bump to 5.2.0dr5
2014-05-31 20:37:26 +02:00
Andreas Steffen
6becc59dc8
Version bump to 5.2.0dr4
2014-05-14 09:57:08 +02:00
Andreas Steffen
92b5626055
Version bump to 5.2.0dr3
2014-05-12 07:39:33 +02:00
Martin Willi
85d26e0c87
swanctl: Add a swanctl command overview manpage
2014-05-07 15:48:17 +02:00
Tobias Brunner
b18191ba0f
swanctl: Generate swanctl.conf(5) man page
2014-05-07 15:48:16 +02:00
Martin Willi
7c8a907895
swanctl: Use a ./configure-able swanctl base directory
2014-05-07 15:48:14 +02:00
Martin Willi
e381e69f9b
swanctl: Add a stub for a vici based configuration and control utility
2014-05-07 15:48:10 +02:00
Martin Willi
6770cfe34a
vici: Add a plugin stub for the "Versatile IKE Control Interface" plugin
2014-05-07 14:13:34 +02:00
Tobias Brunner
a0c2370ea5
utils: Enable __atomic* built-ins based on the GCC version
...
This solves a problem with GNAT when compiling charon-tkm as __atomic*
built-ins are only provided in GCC 4.7 and newer.
Currently GNAT 4.6 and GCC 4.7.2 is shipped with Debian wheezy (stable),
as used in the testing environment. So while the configure script correctly
detected the __atomic* built-ins, and defined HAVE_GCC_ATOMIC_OPERATIONS,
this define turned out to be incorrect when charon-tkm was later built
with GNAT.
2014-05-04 19:16:46 +02:00
Andreas Steffen
9be1c8d175
aikgen generates AIK private/public key pairs
...
aikgen outputs a binary AIK private key blob and the AIK public key.
Optionally the Identity Request encrypted with the public key of
the Privacy CA can be output.
2014-05-03 15:28:17 +02:00
Andreas Steffen
f2eb226653
Version bump to 5.2.0dr2
2014-04-27 19:15:11 +02:00
Tobias Brunner
0f603d425d
utils: Use GCC's __atomic built-ins if available
...
These are available since GCC 4.7 and will eventually replace the __sync
operations. They support the memory model defined by C++11. For instance,
by using __ATOMIC_RELAXED for some operations on the reference counters we
can avoid memory barriers, which are required by __sync operations (whose
memory model essentially is __ATOMIC_SEQ_CST).
2014-04-24 17:54:14 +02:00
Andreas Steffen
6d1b4b6baf
Version bump to 5.2.0dr1
2014-04-15 09:20:38 +02:00
Andreas Steffen
266fcdce2b
Version bump to 5.1.3
2014-04-14 15:18:38 +02:00
Martin Willi
c0efaaebe3
tls: Create a unit-test runner
2014-04-01 14:28:55 +02:00
Martin Willi
dbd4fc074a
openac: Remove obsolete openac utility
...
The same functionality is now provided by the pki --acert subcommand.
2014-03-31 11:39:25 +02:00
Martin Willi
5ac0e66879
acert: Implement a plugin finding, validating and evaluating attribute certs
...
This validator checks for any attribute certificate it can find for validated
end entity certificates and tries to extract group membership information
used for connection authorization rules.
2014-03-31 11:14:58 +02:00
Martin Willi
6e8c665a51
pki: Add acert and extend pki/print manpages
2014-03-31 11:14:58 +02:00
Andreas Steffen
045f25fc81
Version bump to 5.1.3rc1
2014-03-26 22:00:00 +01:00
Tobias Brunner
4ffe02a75d
configure: Add an option to select a specific printf hook implementation
2014-03-20 15:49:05 +01:00
Tobias Brunner
0e6f3a380a
configure: Add an option to enable all optional features/plugins
...
This has probably no real practical use, but it simplifies testing.
2014-03-20 15:29:27 +01:00
Tobias Brunner
1c26ce2dc3
configure: Reorder and group feature options
2014-03-20 15:29:27 +01:00
Andreas Steffen
9483f8ec59
Version bump to 5.1.3dr1
2014-03-07 21:56:34 +01:00
Tobias Brunner
af15c71bfb
configure: Fix autoreconf with older autotools
...
Older autoconf versions (e.g. on CentOS 6.5) produce an empty else block
for the removed empty argument, which the shell then trips over when
executing ./configure.
Fixes #536 .
2014-03-03 17:14:26 +01:00
Andreas Steffen
1d252e9dec
Version bump to 5.1.2
2014-02-27 22:46:52 +01:00
Tobias Brunner
2ed241aeb3
utils: Add memrchr(3) replacement for platforms that don't support it
...
For instance, on Mac OS X memrchr(3) is not provided by the C library.
2014-02-26 11:05:07 +01:00
Andreas Steffen
8f57961f4c
Version bump to 5.1.2rc2
2014-02-17 12:02:23 +01:00
Tobias Brunner
7573a7ed56
conf: Only install config snippets for enabled components
2014-02-12 14:34:34 +01:00
Tobias Brunner
c4bb26b849
conf: Split strongswan.conf(5) man page and use generated snippet
2014-02-12 14:34:33 +01:00
Tobias Brunner
91cc523ca7
conf: Generate strongswan.conf(5) man page in different directory
2014-02-12 14:34:33 +01:00
Tobias Brunner
1b98f85821
conf: Generate and install config sippets for option descriptions
...
The strongswan.d directory is also created relative to the configured
location of strongswan.conf.
2014-02-12 14:34:33 +01:00
Tobias Brunner
c75acc4c44
conf: Install strongswan.conf template from a separate directory
2014-02-12 14:34:33 +01:00
Tobias Brunner
b3613c49a2
array: Add fallback for qsort_r using thread-local value
...
Cygwin for example does not support qsort_r.
2014-02-12 14:34:33 +01:00
Tobias Brunner
132b00ce02
array: Add array_sort function
2014-02-12 14:34:33 +01:00
Martin Willi
37374a292a
chunk: Provide a fallback chunk_map() if mmap is not available
2014-01-23 15:55:32 +01:00
Tobias Brunner
2d7852d29a
configure: Add -Wno-format-security to default CFLAGS
...
Either due to a change in Ubuntu 13.10 or GCC 4.8 -Wno-format has no
effect if -Wformat-security is enabled (which it is on Ubuntu) so we
also disable the latter by default.
2014-01-23 10:08:53 +01:00
Andreas Steffen
800b361e19
Version bump to 5.1.2rc1
2014-01-16 01:47:34 +01:00
Andreas Steffen
f74c8be19b
Version bump to 5.1.2dr3
2014-01-13 12:12:52 +01:00
Andreas Steffen
bced16ee11
Version bump to 5.1.2dr2
2013-12-06 10:10:24 +01:00
Reto Buerki
d33df7ed51
charon-tkm: Abort if gprbuild binary is not found
2013-12-04 10:42:03 +01:00
Andreas Steffen
146ad86be5
Prototype implementation of IKE key exchange via NTRU encryption
2013-11-27 20:21:40 +01:00
Tobias Brunner
228db0433d
configure: Remove obsolete --enable-unit-tests option
2013-11-27 18:35:44 +01:00
Andreas Steffen
194b69f0b8
Version bump to 5.1.2dr1
2013-11-19 10:27:07 +01:00
Tobias Brunner
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
Martin Willi
6531afb557
automake: Don't use parallel test harness being the default with automake 1.13
...
We have no need for the parallel test harness, and we prefer to have the output
of make check on the console
2013-11-06 10:30:59 +01:00
Andreas Steffen
c501c78c5f
Version bump to 5.1.1
2013-10-31 09:42:15 +01:00
Martin Willi
2077d996a9
utils: Provide a fmemopen(3) fallback using BSD funopen()
2013-10-24 13:17:05 +02:00
Tobias Brunner
8e8e97d10d
kernel-netlink: Check existence of linux/fib_rules.h, don't include it in distribution
...
This reverts commit b0761f1f0a
.
2013-10-18 09:52:54 +02:00
Ruslan N. Marchenko
b638c131de
dnscert: Add DNS CERT support for pubkey authentication
...
Add DNSSEC protected CERT RR delivered certificate authentication.
The new dnscert plugin is based on the ipseckey plugin and relies on the
existing PEM decoder as well as x509 and PGP parsers. As such the plugin
expects PEM encoded PKIX(x509) or PGP(GPG) certificate payloads.
The plugin is targeted to improve interoperability with Racoon, which
supports this type of authentication, ignoring in-stream certificates
and using only DNS provided certificates for FQDN IDs.
2013-10-11 15:45:42 +02:00
Tobias Brunner
ec6ad6b086
pool: Move the pool utility to its own directory in src
2013-10-11 15:16:05 +02:00
Martin Willi
cabe5c0ff4
printf-hook-builtin: Add a new "builtin" backend using its own printf() routines
...
Overloads printf C library functions by a self-contained implementation,
based on klibc. Does not yet feature all the required default formatters,
including those for floating point values.
2013-10-11 11:06:02 +02:00
Andreas Steffen
4524e128f8
Version bump to 5.1.1rc1
2013-10-11 09:53:42 +02:00
Andreas Steffen
f4dd49a5fd
Version bump to 5.1.1dr4
2013-09-17 10:57:46 +02:00
Tobias Brunner
21626bdf77
pki: Add support to encode public keys in SSH key format
2013-09-13 15:23:49 +02:00
Tobias Brunner
a3232fa802
pki: Load dnskey plugin to encode public keys in RFC 3110 format
2013-09-13 15:23:48 +02:00
Tobias Brunner
0dc8ba8779
pki: Install pki(1) as utility directly in $prefix/bin
...
ipsec pki is maintained as alias.
2013-09-13 15:07:36 +02:00
Tobias Brunner
b068c4ec9d
pki: Add pki --verify man page
2013-09-13 15:07:36 +02:00
Tobias Brunner
4adeaa5eb9
pki: Add pki --pub man page
2013-09-13 15:07:36 +02:00
Tobias Brunner
a319eff80d
pki: Add pki --print man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
e69fd30538
pki: Add pki --keyid man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
558771400e
pki: Add pki --pkcs7 man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
bb8e2e1759
pki: Add pki --req man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
96aa5a1ddd
pki: Add pki --signcrl man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
42e3a21e24
pki: Add pki --issue man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
3a643b8901
pki: Add pki --self man page
...
Can be opened with "man pki --self".
2013-09-13 15:07:35 +02:00
Tobias Brunner
a612f6e338
pki: Add pki --gen man page
...
Can be opened with "man pki --gen".
2013-09-13 15:07:29 +02:00
Tobias Brunner
34cff9349b
pki: Add ipsec-pki(8) man page
...
Can be opened either with "man ipsec pki" or "man ipsec-pki".
Since man(1) only supports one level of subpages, the forthcoming man
pages for each command will have to be opened with "man pki --<command>".
2013-09-13 14:32:51 +02:00
Tobias Brunner
8250fc10e8
Build generated man pages via configure script
2013-09-13 14:32:51 +02:00
Tobias Brunner
3cb4552da6
configure: libtls and libtnccs etc. all require libstrongswan
2013-09-12 01:44:49 +02:00
Tobias Brunner
bf32cdfbf6
tun_device: Add warning if TUN devices are not supported by platform
2013-09-12 01:44:49 +02:00
Tobias Brunner
70aefb9430
Store object files in the same directory as the source files
...
Future automake releases will apparently do that implicitly, but current
releases spit out nasty warning messages.
2013-09-05 14:24:26 +02:00
Andreas Steffen
de4637718e
Version bump to 5.1.1dr3
2013-09-04 16:15:52 +02:00
Tobias Brunner
5ee0747cfd
autoconf: Split PACKAGE_VERSION in four parts
...
The parts can be accessed with the variables:
PACKAGE_VERSION_MAJOR
PACKAGE_VERSION_MINOR
PACKAGE_VERSION_BUILD
PACKAGE_VERSION_REVIEW
The last part will be empty for regular releases.
2013-09-02 11:30:24 +02:00
Andreas Steffen
ee2d6f8618
Version bump to 5.1.1dr2
2013-08-28 23:00:47 +02:00
Andreas Steffen
aff4367907
Flush iptables rules on alice
2013-08-19 12:20:57 +02:00
Andreas Steffen
e626821677
Version bump to 5.1.1dr1
2013-08-19 10:03:23 +02:00
Andreas Steffen
b38d9d5a54
Implemented SWID prototype IMC/IMV pair
2013-08-15 23:34:23 +02:00
Andreas Steffen
12b3db5006
moved tnc_imv plugin to libtnccs thanks to recommendation callback function
2013-08-15 23:34:22 +02:00
Andreas Steffen
e8f65c5cde
Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon plugins to libtnccs
2013-08-15 23:34:22 +02:00
Andreas Steffen
180a2f2642
rapid PT-TLS AR/PDP prototype
2013-08-15 23:34:22 +02:00
Andreas Steffen
e8b8a6d958
version bump to 5.0.1
2013-07-29 17:16:41 +02:00
Andreas Steffen
3cd01df785
Version bump to 5.1.0rc1
2013-07-19 10:40:53 +02:00
Martin Willi
c577b5eb44
autoconf: rename configure.in to configure.ac
...
configure.ac has been the recommended name for autoconf input for several
years now. Newer autotools start to complain about the configure.in, so we
finally change it.
2013-07-18 14:59:19 +02:00