On some systems (e.g. on Debian/kFreeBSD) that header is required when
including ipsec.h, on Linux we require it too when including pfkeyv2.h,
so to simplify things we just always include it.
Because CURLOPT_FAILONERROR is enabled in the curl plugin an error code
will often (not always) cause the client to close the TCP connection
before the server has written the complete response.
In some cases the main thread is not ready to immediately call siglongjmp(),
e.g. if it currently holds a mutex that is later required during
shutdown.
Therefore, we delay handling errors in worker threads until the main
thread performs the next check itself (or the test function ends).
The same issue remains with SIGALRM.
When running the tests in GDB the working directory apparently is
different. With the relative path used previously the plugins would not
be found and those installed on the system would get used.
Encode default AEAD encryption algorithms to a proposal separate from non-AEAD
algorithms. RFC 4306 and 5282 where less explicit, but RFC 5996 requires
separate proposals for AEAD and non-AEAD algorithms. As responder we still
accept both encoding variants.
Fixes#573.
This currently has no effect: We don't include AEAD algorithms in the default
ESP proposal, as we don't know if it is supported by the backend. But as we
hopefully get an algorithm query mechanism on kernel interfaces some day, we
add the appropriate functionality nonetheless.
According to RFC 5996 3.3 we should use a separate proposal for AEAD algorithms.
This was not clear in RFC 5282, hence we previously included both AEAD and
non-AEAD algorithms in a single proposal.
Fixes some warnings raised when compiling with clang. Some are cosmetically,
others are worth to fix.
This prepares the Travis build for -Werror, which will force us to fix all
warnings raised by all compilers.
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.
Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.
This also fixes several clang warnings where enums are unsigned.
These definitions are directly derived from the RFC, so it should be safe
to cast them. clang complains about the different types, so cast them
explicitly.
The AES code historically has different build options for various size/speed
trade-offs. We never made use of them, so just drop the obsolete code. The code
now has four hard-coded fixed tables, both inverse and original.
Adds a flex/bison based parser for settings_t. It provides several
improvements over the previous parser e.g. quoted strings (with escape
sequences), unlimited includes, more relaxed newline handling, better
syntax error reporting, and a distinction between empty and unset
values (key = vs. key = "").
Found due to %option nodefault. A match for } was actually missing
and # was not properly matched if it was part of an include statement
on the last line of a file that did not end with a newline.