Tobias Brunner
85ca2f7441
conftest: Disable reset_seq hook on systems other than Linux
...
Fixes #386 .
2013-08-21 11:27:28 +02:00
Tobias Brunner
e001cc2b07
kernel-netlink: Fix calculation of ESN bitmap length
...
While bmp_len stores the number of u_int32_t the allocated bitmap
actually consists of those integers.
2013-08-21 08:28:12 +02:00
Andreas Steffen
2b32884d39
Added stand-alone pt-tls-client to NEWS
2013-08-19 12:28:12 +02:00
Andreas Steffen
aff4367907
Flush iptables rules on alice
2013-08-19 12:20:57 +02:00
Andreas Steffen
f859645b12
Fixes in tnc scenarios
2013-08-19 11:44:51 +02:00
Andreas Steffen
10c7ca2399
Added tnc/tnccs-20-pt-tls scenario
2013-08-19 11:36:23 +02:00
Andreas Steffen
e626821677
Version bump to 5.1.1dr1
2013-08-19 10:03:23 +02:00
Andreas Steffen
1e92d5f114
Process PB-TNC batches received via PT-TLS asynchronously
2013-08-19 09:52:12 +02:00
Andreas Steffen
9dc3b2053d
Optimize TLS socket buffer for TLS_MAX_FRAGMENT_LEN
2013-08-19 09:50:57 +02:00
Andreas Steffen
70a80ef5d4
Output handler of a given workitem
2013-08-16 14:14:13 +02:00
Andreas Steffen
4d2bac37c4
Implemented SWID Tag Inventory attribute
2013-08-16 14:13:35 +02:00
Andreas Steffen
f405c15a59
deleted moved files
2013-08-15 23:34:23 +02:00
Andreas Steffen
b38d9d5a54
Implemented SWID prototype IMC/IMV pair
2013-08-15 23:34:23 +02:00
Andreas Steffen
0bd29a438e
Updated the SWID attributes
2013-08-15 23:34:23 +02:00
Andreas Steffen
e689de6b8c
Optimized PT-TLS data transfer
2013-08-15 23:34:23 +02:00
Andreas Steffen
6aff4b5ce8
Show host address of peer connecting to PT-TLS socket
2013-08-15 23:34:23 +02:00
Andreas Steffen
0a09b02dcf
Set client identity with TLS certificate authentication
2013-08-15 23:34:23 +02:00
Andreas Steffen
9cc606d22a
Fixed memory leak in SASL PLAIN
2013-08-15 23:34:23 +02:00
Andreas Steffen
663ea1407d
added --optionsfrom capability
2013-08-15 23:34:23 +02:00
Andreas Steffen
7c027f7983
Use client identities from successful authentications, only
2013-08-15 23:34:23 +02:00
Andreas Steffen
d6719c974c
Add pt-tls-client to .gitignore
2013-08-15 23:34:23 +02:00
Andreas Steffen
97b1d39de5
Extract client identity and authentication type from SASL authentication
2013-08-15 23:34:22 +02:00
Andreas Steffen
6d6100c2bc
Added some debug statements
2013-08-15 23:34:22 +02:00
Andreas Steffen
f420d5f380
enabled SASL PLAIN authentication
2013-08-15 23:34:22 +02:00
Andreas Steffen
8327c44b74
PT-TLS connection is properly terminated
2013-08-15 23:34:22 +02:00
Andreas Steffen
12b3db5006
moved tnc_imv plugin to libtnccs thanks to recommendation callback function
2013-08-15 23:34:22 +02:00
Andreas Steffen
9d8c28e2f5
Documented plugin move from libcharon to libtnccs in strongswan.conf
2013-08-15 23:34:22 +02:00
Andreas Steffen
e8f65c5cde
Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon plugins to libtnccs
2013-08-15 23:34:22 +02:00
Andreas Steffen
180a2f2642
rapid PT-TLS AR/PDP prototype
2013-08-15 23:34:22 +02:00
Andreas Steffen
f5b5d262e8
Add PT-TLS interface to strongSwan PDP
2013-08-15 23:34:22 +02:00
Tobias Brunner
f853e7bcc0
ikev1: Fix calculation of the number of fragments
...
The old code resulted in too few fragments in some cases.
2013-08-15 15:15:34 +02:00
Tobias Brunner
c81a6ff907
ikev1: When sending fragments, use ports to decide if a non-ESP marker is added
...
This is same same logic used by sender and might apply in some cases (e.g.
when initiating to port 4500).
2013-08-15 15:12:00 +02:00
Tobias Brunner
e42ab08a73
ikev2: Fix segfault when reestablishing CHILD_SAs due to closeaction=restart|hold
...
This regression was introduced with c949a4d5
.
2013-08-13 10:08:08 +02:00
Tobias Brunner
3f29ff82c3
libipsec: Don't limit traditional algorithms to AES and SHA1/2
...
Closes #377 .
2013-08-12 12:21:57 +02:00
Tobias Brunner
11f468533f
kernel-netlink,pfroute: Properly update address flag within ROAM_DELAY
...
77d4a02
and 55da01f
only updated the address flag when a job was created,
which obviously had the same limitation as the old code.
Fixes #374 .
2013-08-12 12:08:23 +02:00
Tobias Brunner
55da01f348
kernel-pfroute: Implement roam event handling like in the kernel-netlink plugin
...
There was no proper locking and the issue regarding the address
flag also existed.
2013-08-12 12:03:48 +02:00
Tobias Brunner
77d4a0281a
kernel-netlink: Ensure address changes are not missed in roam events
...
If multiple roam events are triggered within ROAM_DELAY, only one job is
created. The old code set the address flag to the value of the last
triggering call. So if a route change followed an address change within
ROAM_DELAY the address change was missed by the upper layers, e.g. causing
it not to update the list of addresses via MOBIKE.
The new code now keeps the state of the address flag until the job is
actually executed, which still has some issues. For instance, if an
address disappears and reappears within ROAM_RELAY, the flag would not
have to be set to TRUE. So address updates might occasionally get
triggered where none would actually be required.
Fixes #374 .
2013-08-12 12:02:55 +02:00
Martin Willi
a24515c515
backtrace: rename clone() method clashing with system call
...
Fixes #376 .
2013-08-09 09:13:39 +02:00
Martin Willi
881e9a7e2e
updown: remove description of unsupported PLUTO_ variables
...
These have been set by pluto, but are not by charons updown plugin.
2013-08-08 14:48:32 +02:00
Martin Willi
3b6d8855e8
scripts: link against librt only if required
...
With glibc, this seems to be the case for 2.17 and older versions only.
2013-08-08 09:12:52 +02:00
Martin Willi
62e1c80803
scripts: link malloc_speed against librt
2013-08-08 09:09:00 +02:00
Tobias Brunner
e99cfe5f20
strongswan.conf: Add note about reserved threads
2013-08-07 09:06:01 +02:00
Tobias Brunner
58e32e4871
tnc-pdp: Initialize struct msghdr properly when reading RADIUS messages
...
Before this e.g. msg_controllen was not initialized properly which could
cause invalid reads.
2013-07-31 22:16:58 +02:00
Tobias Brunner
3a938a6f85
NEWS: Add info about CVE-2013-5018
2013-07-31 22:16:58 +02:00
Tobias Brunner
d12fc14616
whitelist: Fix compilation on FreeBSD
2013-07-31 22:16:58 +02:00
Tobias Brunner
ed0efaef4c
host: Properly initialize struct sockaddr_in[6] when parsing strings
...
Otherwise struct members like sin6_flowinfo or sin6_scope_id might be
set to bogus values.
2013-07-31 22:16:58 +02:00
Tobias Brunner
b3393c88c1
asn1: Fix handling of invalid ASN.1 length in is_asn1()
...
Fixes CVE-2013-5018.
2013-07-31 22:16:58 +02:00
Andreas Steffen
cc5bedbb98
Callback job is not needed any more
2013-07-31 22:13:49 +02:00
Martin Willi
8fa7c5c191
charon-xpc: load missing ctr/ccm/gcm plugins
2013-07-31 16:28:11 +02:00
Martin Willi
aafb6fa6c2
charon-xpc: use kernel-libipsec instead of kernel-pfkey
2013-07-31 11:41:37 +02:00