Andreas Steffen
1e5522ffd7
convert comma-separated RDNs into slash-separated OpenSSL --subject format
2008-06-05 19:28:08 +00:00
Martin Willi
6649a3ca80
fixed --utc parsing position
...
support for DN filtering usign id="CN=asdf, O=asdf",addr=1.1.1.1
changed order of --leases columns
2008-06-05 13:56:10 +00:00
Martin Willi
4fa74562ae
fixed UTC identitation
...
implement filtering in --leases
2008-06-05 08:52:27 +00:00
Martin Willi
0f7aecf402
fixed NULL string mysql parameter
2008-06-05 08:24:55 +00:00
Andreas Steffen
89c87995e2
cosmetics in size field of ipsec pool --status command
2008-06-04 22:20:19 +00:00
Martin Willi
011b1cca94
do not roam IKE_SA in created or deleting state
2008-06-04 14:31:06 +00:00
Martin Willi
2ba1f9e761
added pool statistics (size, online, lease count, with usage ratio)
2008-06-04 14:01:44 +00:00
Martin Willi
f3e11fc478
some input validation checks for --add and --resize
...
--purge keeps an entry for each address to allow their reallaction
2008-06-04 13:18:55 +00:00
Martin Willi
f13e23754f
tolerating chown failures on installation, required to build some packages
2008-06-04 12:09:24 +00:00
Martin Willi
9fa66e8bbf
removed unused variable
2008-06-03 12:14:02 +00:00
Andreas Steffen
0655fe4fd8
CIRCLEQ patch submitted by Jay Pfeifer
2008-05-29 07:49:47 +00:00
Andreas Steffen
0caf2b936e
added missing comma in enumeration
2008-05-29 06:55:03 +00:00
Andreas Steffen
7fe3ae88e4
handle default key sizes in openssl_crypter
2008-05-28 12:20:38 +00:00
Andreas Steffen
8f7074cf2e
version bump to 4.2.4
2008-05-25 10:35:39 +00:00
Andreas Steffen
f9b1bcad24
do not list empty certuribase strings
2008-05-24 05:47:37 +00:00
Andreas Steffen
ed26207d08
fixed copy-and-paste error
2008-05-23 19:23:04 +00:00
Andreas Steffen
49b2395e3b
check if parsing of the RSA public key in an X.509 certificate was successful
2008-05-23 19:22:37 +00:00
Andreas Steffen
7dfb8a1bde
fix caption alignment if date is displayed in local time
2008-05-23 19:21:08 +00:00
Andreas Steffen
731ac6bf52
check if crypter is available in pem_to_bin()
2008-05-23 19:18:08 +00:00
Martin Willi
7624dbf068
process payload length more strictly
2008-05-23 18:23:17 +00:00
Martin Willi
5e17e35c8d
fixed some compiler warnings
2008-05-23 15:49:43 +00:00
Andreas Steffen
c7d81ad12c
added --utc option to ipsec pool
2008-05-23 15:46:25 +00:00
Martin Willi
de3d65a132
filtering out non matching path probing pairs explicitly
2008-05-23 15:43:42 +00:00
Andreas Steffen
0672aa7b0e
added display of holderIssuer, holderSerial, and authorityKeyIdentifier
2008-05-23 14:24:24 +00:00
Andreas Steffen
eaa1399812
fixed the strongswan.conf path
2008-05-22 21:59:30 +00:00
Andreas Steffen
7199d22e77
implement basic listing of attribute certificates
2008-05-22 21:58:22 +00:00
Andreas Steffen
be1585c587
log received DH groups and PRFs if no common proposal is found
2008-05-22 14:18:44 +00:00
Tobias Brunner
17188f20dd
Id and typo
2008-05-22 12:13:10 +00:00
Tobias Brunner
346e9c5712
added the ECP groups from RFC 5114
2008-05-22 11:55:05 +00:00
Tobias Brunner
fc1a31d54b
added ECDH with OpenSSL (see RFC 4753)
2008-05-22 11:39:17 +00:00
Tobias Brunner
31430acc1b
correctly initialize the mediation and connection manager
2008-05-22 11:33:35 +00:00
Andreas Steffen
58ac5e2ff4
fixed segmentation fault caused by malformed attribute certificates
2008-05-21 22:53:45 +00:00
Martin Willi
e1d2435dbf
fixed parsing of UNKNOWN_PAYLOADs
2008-05-21 21:53:38 +00:00
Andreas Steffen
0005cee527
fixed typo
2008-05-21 21:52:59 +00:00
Andreas Steffen
4d9c95ffcd
version bump to 4.2.3
2008-05-21 18:40:11 +00:00
Martin Willi
85a119bc0b
replying to COOKIE2 mobike notify properly
...
including COOKIE2 ourself after path probing
2008-05-21 17:56:21 +00:00
Martin Willi
ce62751b60
writing guest pid to file (simplifies debugging)
2008-05-21 16:02:16 +00:00
Martin Willi
cb9edc54eb
using fixed size keys in key derivation for AES-XCBC PRF
2008-05-21 14:58:03 +00:00
Martin Willi
4f23ec78d1
added more verbosity if signature hash OID is unknown
2008-05-21 13:01:58 +00:00
Andreas Steffen
8bbb212f3a
list proposed ESP ENCRYPTION and INTEGRITY algorithms if no proposal is chosen
2008-05-20 21:54:33 +00:00
Andreas Steffen
49aeafc502
removed debug statement
2008-05-20 16:23:58 +00:00
Andreas Steffen
7f02156ebf
fixed whitespace eating in plugin loader
2008-05-20 15:03:15 +00:00
Andreas Steffen
367cc86f4a
added missing break in case statement
2008-05-19 20:10:26 +00:00
Martin Willi
da1bc5e860
fixed loading of smp plugin
2008-05-19 14:20:07 +00:00
Tobias Brunner
081a14cd33
added an error message when strongswan.conf cannot be read
2008-05-19 13:20:33 +00:00
Tobias Brunner
6f2ba57a4e
added a fixup for addresses from shared libraries in segmentation fault handler
2008-05-19 12:49:35 +00:00
Tobias Brunner
550690d23b
fixed the cleanup code when the credential factory fails to create a builder
2008-05-19 12:43:01 +00:00
Tobias Brunner
68ac3b44d1
fixed a bug introduced in [3973]
2008-05-19 08:48:44 +00:00
Andreas Steffen
a327ee9589
suppress listing of integrity algorithm if it is undefined
2008-05-17 21:52:58 +00:00
Andreas Steffen
15c508c708
ccm and gcm icv_sizes are accepted both in bits and octets
2008-05-17 21:51:47 +00:00
Martin Willi
0b0fba9e0d
fixed warning if plugin list has trailing whitespaces
2008-05-16 13:48:58 +00:00
Tobias Brunner
3f730ec1cd
Added support for AES-CCM and AES-GCM (authenticated encryption algorithms) in charon.
2008-05-16 13:27:21 +00:00
Tobias Brunner
5a9f62a754
updated xfrm.h to the version from the 2.6.25.4 kernel sources
2008-05-16 13:24:18 +00:00
Martin Willi
99968bf0a0
fixed plugin names of EAP modules
2008-05-16 12:14:48 +00:00
Martin Willi
987a42c05e
moved manager to its own subdirectory in ipsecdir
2008-05-16 09:13:23 +00:00
Martin Willi
1ba62b5562
loading default modules depending on configure options
2008-05-16 08:52:32 +00:00
Andreas Steffen
d8ff9eee6b
added missing semicolon
2008-05-15 19:40:38 +00:00
Martin Willi
a3d92a3745
plugin load configuration in strongswan.conf
...
some components accept a "component.load" option with a space separated list of plugins to load
libcharon- plugins are now handled the same way as libstrongswan- plugins
2008-05-15 14:01:26 +00:00
Tobias Brunner
84770ded1e
RSA with OpenSSL
2008-05-15 12:41:06 +00:00
Tobias Brunner
144274ab20
corrected deinitialisation of public key factory
2008-05-15 12:39:35 +00:00
Tobias Brunner
c1571b34fd
generic public key factory moved
2008-05-15 12:33:00 +00:00
Martin Willi
89658f6d6c
static leases use 0, not NULL timeout
...
fixed static leases
2008-05-15 09:26:47 +00:00
Martin Willi
bb94e1ed60
properly removing bootup poll interface eth0
2008-05-15 08:41:00 +00:00
Martin Willi
fa44a2981c
implemented classical UML network scenario in dumm (ipsec testing)
2008-05-14 13:11:13 +00:00
Martin Willi
c48022a282
poll UML guests after startup using eth9=mcast, as networking is loaded after console
2008-05-14 11:48:00 +00:00
Tobias Brunner
1d56d328fd
typo
2008-05-14 11:10:37 +00:00
Martin Willi
782db7edd1
prototype of mediation client database plugin
2008-05-14 07:26:19 +00:00
Martin Willi
0fd4caea66
handle ID_KEY_ID as a ID_PUBKEY_SHA1 for authentication
2008-05-14 06:49:31 +00:00
Martin Willi
c0d1ebde71
fixed printing of %#H hosts
2008-05-14 06:34:54 +00:00
Martin Willi
f3884f6da6
reverted [3945], proper fix for zero value ASN1 integer
2008-05-13 14:15:12 +00:00
Martin Willi
7af8995cde
fixed unsave calculation of mpz_export length
2008-05-13 13:52:45 +00:00
Martin Willi
02ffd89642
decreased plugin load verbosity
2008-05-13 09:14:36 +00:00
Martin Willi
4d4fc2eaa1
fixed "pool --purge" on mysql
2008-05-13 07:39:24 +00:00
Martin Willi
808ca43f92
fixed compiler warning (missing include)
2008-05-13 07:37:08 +00:00
Martin Willi
5373f2a642
fixed lookup for expired leases
...
initializing database if in inconsistent state
2008-05-13 07:24:53 +00:00
Andreas Steffen
0fc1fc0ec8
forgot about alphabetical order
2008-05-12 12:46:30 +00:00
Andreas Steffen
2637c30c69
added description of plutostderrlog parameter to ipsec.conf.5 man page
2008-05-12 11:36:59 +00:00
Andreas Steffen
a50818ed46
plutostderrlog parameter now declares a stderr redirection file
2008-05-12 10:05:49 +00:00
Andreas Steffen
f85d02a419
fixed typos
2008-05-11 20:36:14 +00:00
Andreas Steffen
95c297b580
added missing ipcomp DB type definition
2008-05-11 16:41:51 +00:00
Andreas Steffen
9a6d9f10e2
support of plutostderrlog keyword
2008-05-11 07:59:00 +00:00
Martin Willi
6cf1215e3c
ported IP pool to mysql
2008-05-09 15:01:22 +00:00
Martin Willi
7051ef4091
usable prototype of "ipsec pool" tool
2008-05-09 12:55:41 +00:00
Martin Willi
5dc317192a
support for left bounded padding in %H and %D
2008-05-09 12:25:39 +00:00
Martin Willi
e69f33f6e2
whitelisted gmtime_r
2008-05-09 12:24:11 +00:00
Martin Willi
f3bcd7f041
correctly reassigning valid leases
2008-05-09 12:22:20 +00:00
Martin Willi
9f9903a3b3
supporting width modifier in identification_t printf hook (e.g. %30D)
...
cleanups in host_t %H printf hook
2008-05-09 11:34:58 +00:00
Martin Willi
ff2d02ed4c
fixed interface disconnection
2008-05-09 10:38:18 +00:00
Tobias Brunner
d4aad55434
IPComp for IKEv2
2008-05-08 16:19:11 +00:00
Martin Willi
0f074a4344
implemented append mode for xcbc, testcase
2008-05-08 14:51:37 +00:00
Martin Willi
affd7a90ba
moved RAW public key support to a separate plugin (pubkey)
2008-05-08 13:16:42 +00:00
Martin Willi
0395eb7c08
fixed compiler warning
2008-05-08 13:12:43 +00:00
Martin Willi
240e727fde
renamed PRF_AES128_CBC to PRF_AES128_XCBC
2008-05-08 12:43:27 +00:00
Martin Willi
5b7ec6d4e0
renamed med_db plugin to medsrv, as we will introduce an additional medcli client plugin
2008-05-08 12:11:30 +00:00
Martin Willi
25b12c696b
replaced --with-gid/uid by --with-group/user
...
using named users, groups
fixed capability dropping in pluto
2008-05-08 10:58:04 +00:00
Martin Willi
f8277a8370
added configure check and support for sqlite3 libraries without sqlite3_prepare_v2
2008-05-07 14:41:13 +00:00
Martin Willi
4ce78f9356
fixed 3DES encryption
2008-05-07 11:54:30 +00:00
Martin Willi
5302703407
prototype of sql pool administration utility
2008-05-07 09:37:08 +00:00
Martin Willi
5d892343fa
using capset version 1 if a newer is available
2008-05-07 08:46:37 +00:00
Martin Willi
86ab5636c2
support for @#hex ID_KEY_ID identification_t
2008-05-06 13:45:14 +00:00
Martin Willi
bc1f02a860
providing medation configuration through med_db plugin
2008-05-06 13:44:14 +00:00
Martin Willi
c963c4bc15
fixed parsing of openssl format public keys
2008-05-06 12:56:36 +00:00
Martin Willi
ff6836716c
returning reference pointer on get_ref()
2008-05-06 10:55:42 +00:00
Martin Willi
cc0cb93553
printf "width" support for hosts (e.g. %15H)
2008-05-05 08:31:43 +00:00
Martin Willi
6c90949f18
resetting old scheduling policy correctly in free() hook
2008-05-05 07:40:21 +00:00
Martin Willi
27d04e055d
implemented XCBC algorithms (signer, prf) for IKE on top of a crypter
...
supporting ike=...-aesxcbc-... in ipsec.conf
added AUTH_AES_XCBC_96 and PRF_AES128_CBC to default IKE proposal
AES XCBC testcase
2008-04-30 14:26:24 +00:00
Martin Willi
f5475fa440
crypter_t api supports in-place encryption using NULL as output parameter
2008-04-30 14:02:25 +00:00
Tobias Brunner
d691080cfc
simplified the OpenSSL crypter a bit
2008-04-30 09:24:22 +00:00
Tobias Brunner
87aa386df1
simplified the OpenSSL hasher a bit
2008-04-30 09:23:13 +00:00
Tobias Brunner
bc75840fb1
OpenSSL hasher does not need an internal buffer anymore
2008-04-30 08:54:36 +00:00
Tobias Brunner
ae7e837c30
adding diffie hellman with OpenSSL
2008-04-29 15:42:34 +00:00
Tobias Brunner
4eda3aa223
use SHA-1 as preferred hasher in the OpenSSL plugin
2008-04-29 09:13:14 +00:00
Andreas Steffen
5c7c23cc03
set Id keyword
2008-04-28 18:44:21 +00:00
Martin Willi
a47486b5e4
prototype of dumm GUI
2008-04-28 16:43:30 +00:00
Andreas Steffen
e8a680d94a
cosmetics
2008-04-28 16:02:53 +00:00
Andreas Steffen
460025e253
introduced ASN1_EXIT command in ASN.1 object syntax definition
2008-04-28 16:00:52 +00:00
Tobias Brunner
63cdbca211
added wrapper for OpenSSL hashers
2008-04-28 15:56:44 +00:00
Tobias Brunner
a733b30276
algo lookup corrected
2008-04-28 15:26:38 +00:00
Tobias Brunner
3b34019f58
made algo struct static
2008-04-28 14:52:58 +00:00
Tobias Brunner
b61aa33599
typos
2008-04-28 14:32:18 +00:00
Tobias Brunner
17353034f3
added a wrapper plugin for OpenSSL crypters (AES, 3DES, Blowfish etc.)
2008-04-28 14:25:19 +00:00
Tobias Brunner
1da06b295f
made some stuff static
2008-04-28 14:19:25 +00:00
Martin Willi
ca37f81657
fixed javascript include using <script> tag
2008-04-28 08:52:17 +00:00
Andreas Steffen
77b9c3a214
end->srcip string must be removed if it contains %config
2008-04-27 11:28:58 +00:00
Andreas Steffen
2988273b3a
fixed starter_cmp_end()
2008-04-27 11:04:13 +00:00
Andreas Steffen
937eb2db00
fixed memory corruption problem in starter
2008-04-27 10:49:31 +00:00
Andreas Steffen
c3628ebc35
optimized parser->success()
2008-04-26 11:08:36 +00:00
Andreas Steffen
df231f5488
ported ASN.1 changes to pkcs7
2008-04-26 10:20:51 +00:00
Andreas Steffen
f27e13e80f
doxygen fix for fips.h
2008-04-26 09:40:22 +00:00
Andreas Steffen
d3d7e46b8c
refactoring of the ASN.1 parser
2008-04-26 09:24:14 +00:00
Martin Willi
3444390241
supporting multiple comma seperated subnets in left/rightsubnet definition
...
e.g. leftsubnet=10.2.0.0/16,10.4.0.0/16
2008-04-25 12:41:37 +00:00
Andreas Steffen
33eb3d4ab6
extract_token() now handles whitespace
2008-04-25 07:04:59 +00:00
Andreas Steffen
36fecdb8a3
chunk_to_hex() adaptations
2008-04-25 06:39:41 +00:00
Martin Willi
5e6bbf4f77
added _GNU_SOURCE and limits.h to build against glibc-2.8
2008-04-24 13:49:20 +00:00
Martin Willi
c624081a7f
added missing base64 chunk test
2008-04-24 13:28:18 +00:00
Martin Willi
9213ad27c2
replaced freeswan ttodata by own chunk_{to|from}_{hex|base64} functions
2008-04-24 13:26:22 +00:00
Martin Willi
71983b5cc9
some c-libs require _GNU_SOURCE for pthread_rwlock
2008-04-23 09:45:02 +00:00
Martin Willi
8570c648f1
fixed AES-128 test
2008-04-22 09:00:27 +00:00
Martin Willi
36d62fac65
experimental Padlock plugin supportin SHA1 and AES-128 for VIA C7 Esther
2008-04-22 08:44:56 +00:00
Martin Willi
65456bfe33
added AES-128 unit test
2008-04-22 08:33:55 +00:00
Martin Willi
4d18175997
removed status result from crypter interface to be consistent with other crypto interfaces
2008-04-22 07:14:24 +00:00
Martin Willi
b638a1009f
proper library initialization for dumm
2008-04-21 13:21:21 +00:00
Andreas Steffen
7c0c0aac01
version bump to 4.2.2
2008-04-19 10:07:32 +00:00
Andreas Steffen
1d5d6f9667
Hash and URL cosmetics
2008-04-18 21:27:08 +00:00
Andreas Steffen
e92b5bc0ed
fixed cbc(camellia) netlink configuration error
2008-04-18 20:01:49 +00:00
Andreas Steffen
228025c2c4
fixed aes-xcbc netlink configuration error
2008-04-18 18:37:57 +00:00
Andreas Steffen
1da277f045
support of AES_XCBC and CAMELLIA ESP cipher by pluto
2008-04-18 17:01:45 +00:00
Andreas Steffen
855c9a9089
fixed AES default key length
2008-04-18 17:00:30 +00:00
Martin Willi
66bb16b033
shipping a default strongswan.conf
2008-04-18 12:52:47 +00:00
Andreas Steffen
bb2a529870
updated pfkeyv2.h
2008-04-18 12:27:50 +00:00
Martin Willi
fa3fe3c1cf
sql pool prototype
2008-04-18 11:51:58 +00:00
Tobias Brunner
ebb036feec
functions invoked on all linked list items now support up to five additional arguments
2008-04-18 11:48:53 +00:00
Andreas Steffen
be2e5b48cd
updated list of ESP and AH algorithms
2008-04-18 11:25:37 +00:00
Tobias Brunner
6439267a8c
support for hash and URL encoded certificate payloads in charon
2008-04-18 11:24:45 +00:00
Tobias Brunner
eed87e1d76
typo
2008-04-18 10:58:36 +00:00
Martin Willi
4075225466
fixed peer config equality check
2008-04-18 10:30:52 +00:00
Tobias Brunner
ab7ed97c93
type corrected
2008-04-18 10:11:41 +00:00
Andreas Steffen
8eeb796a51
changed logging of crl writing to old style
2008-04-17 20:23:31 +00:00
Andreas Steffen
5434d5f7e9
corrected variable name
2008-04-17 18:56:55 +00:00
Martin Willi
c4ec8c9d18
fixed compiler warning
2008-04-17 15:08:48 +00:00
Martin Willi
b360e3933d
respecting ipsec.conf cachecrls= option
2008-04-17 15:01:57 +00:00
Martin Willi
58126dd295
added missing bits for credential caching
2008-04-17 15:00:51 +00:00
Martin Willi
d33fa48bc7
caching of CRLs to /etc/ipsec.d/crls
2008-04-17 14:08:38 +00:00
Martin Willi
72c882d8c0
cosmetics to chunk_write()
2008-04-17 14:06:37 +00:00
Martin Willi
2270b396b3
added missing credential_set method to stroke_ca
2008-04-17 13:00:05 +00:00
Martin Willi
233b853dfa
extended credential_set_t interface by a cache_cert() method
...
allows persistent or in-memory caching of fetched certificates
2008-04-17 11:22:37 +00:00
Martin Willi
46a5604a04
splitted IKE_SA manager destroy to allow plugin interaction
2008-04-17 10:46:25 +00:00
Martin Willi
e5617e40d1
adding rightsourceip=%poolname properly to peer config
2008-04-17 08:55:32 +00:00
Martin Willi
4904d26120
slightly optimized IKE_SA checkin
2008-04-16 08:43:32 +00:00
Martin Willi
054c9e6031
parallelized trust chain verification
...
temporary imported certificates are thread-local only
read-write locking on credential manager
credential sets must be thread-save now
2008-04-16 08:38:15 +00:00
Martin Willi
2c463cdfb1
optimized half-open IKE_SA lookup (no checkout)
2008-04-16 08:34:52 +00:00
Martin Willi
140ed97c0c
disable DPD if dpddelay is set but dpdaction=none
2008-04-16 05:50:56 +00:00
Martin Willi
02e4180e48
updated sql plugin to respect config changes
2008-04-15 15:13:53 +00:00
Martin Willi
1822ca740b
disabled SQL logging by default, as tests scenarios do not have a logging table
2008-04-15 15:13:08 +00:00
Martin Willi
f722fa31db
added error logging to sqlite plugin
2008-04-15 15:12:01 +00:00
Martin Willi
0dab0f1d5d
fixed build of smp plugin
2008-04-15 11:51:46 +00:00
Andreas Steffen
f45411c045
set long-forgotten DPD defaults
2008-04-15 11:27:45 +00:00
Martin Willi
82d8368bd7
build plugins after daemon/libstrongswan
2008-04-15 07:57:01 +00:00
Martin Willi
6a365f0740
added API for random number generators, served through credential factory
...
ported randomizer_t to a rng_t on top of /dev/(u)random (plugin random)
2008-04-15 05:56:35 +00:00
Martin Willi
0644ebd3de
implemented IKE_SA uniqueness using ipsec.conf uniqueids paramater
...
additionally supports a "keep" value to keep the old IKE_SA
2008-04-14 13:23:24 +00:00
Martin Willi
a593db5d35
ike_sa_manager enumerable, not iterable
2008-04-14 11:37:46 +00:00
Martin Willi
b010310517
updated rightsourceip parameter in man page
2008-04-14 08:27:05 +00:00
Martin Willi
348af092ac
added close_action as a seperate config option to dpd_action
2008-04-14 08:17:18 +00:00
Martin Willi
cadb5d16e5
fixed jumping IKE_SA unique ids
2008-04-14 07:55:23 +00:00
Martin Willi
45819d7d49
fixed rightsourceip=%config scenarios
2008-04-14 07:18:16 +00:00
Andreas Steffen
ff41ca0dc4
host_srcip was not properly initialized in starterwhack.c
2008-04-13 21:42:44 +00:00
Andreas Steffen
b1bdfa4890
fixed disabling the sending of cert requests
2008-04-13 17:31:07 +00:00
Martin Willi
96926b006d
using dpd actions to enforce connection state
...
dpd actions a per child-, not peer ike-sa
2008-04-11 08:14:48 +00:00
Tobias Brunner
4a6474c2c3
enabling acquire for mediated connections
2008-04-10 12:51:04 +00:00
Tobias Brunner
78abba428f
enabling reauthentication on mediation connections
2008-04-10 08:42:27 +00:00
Tobias Brunner
4a03518112
fixing a problem if the mediation server initiates the rekeying
2008-04-10 07:24:30 +00:00
Tobias Brunner
22452f70fc
mediation connections should now properly rekey
2008-04-09 18:12:22 +00:00
Martin Willi
ad81e51afc
implemented a simple attribute provider for stroke
2008-04-09 12:56:20 +00:00
Martin Willi
cdcfe777f4
implementation of an CFG attribute framework, currently supporting virtual IPs
...
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool
2008-04-09 12:54:47 +00:00
Tobias Brunner
4a96521965
signature in connectivity checks is now built with the message id in network byte order
2008-04-08 13:45:30 +00:00
Martin Willi
5df92bba51
changed force_encap to forceencaps
2008-04-08 12:53:36 +00:00
Tobias Brunner
1d295d1ffa
printing the checklist, two bugfixes
2008-04-08 12:31:27 +00:00
Tobias Brunner
6f186d7e2e
connect manager: restart the sender if it is not running anymore
2008-04-08 09:21:27 +00:00
Tobias Brunner
03e5336340
better logging for chunks in connect manager
2008-04-08 08:41:23 +00:00
Tobias Brunner
028a345c63
refactored callback data in connect manager
2008-04-08 08:33:15 +00:00
Martin Willi
f6e7c0f785
removed stale ocsp header
2008-04-08 06:27:04 +00:00
Tobias Brunner
6970925422
fast finishing connectivity checks on the initiators side
2008-04-07 15:45:37 +00:00
Tobias Brunner
dd563e60df
corrected the logging for retransmissions of connectivity checks
2008-04-07 14:45:39 +00:00
Tobias Brunner
b03c1d415c
changed how retransmissions of connectivity checks are sent
2008-04-07 11:26:15 +00:00
Martin Willi
852abcd3a3
fixed doxygen groups to avoid recursion
2008-04-07 10:37:14 +00:00
Tobias Brunner
70a568b015
fixing another memory leak
2008-04-07 09:36:52 +00:00
Martin Willi
1749642b15
use cert->equals() to filter out equal certificates in seperate instances
2008-04-07 08:48:08 +00:00
Martin Willi
da5e7bdb4c
try to cache the same instance of equal certificates
2008-04-07 08:44:43 +00:00
Martin Willi
b5dbcc6270
compare certificates against full encoding to allow equality check of untrusted certs
2008-04-07 08:28:35 +00:00
Martin Willi
9caadea8c8
fixed bad cleanup which results in segfault if no issuer cert found, fixes #43
2008-04-07 08:06:02 +00:00
Andreas Steffen
480297b883
cosmetics
2008-04-07 07:02:47 +00:00
Martin Willi
ff867d062e
added ./configure option --with-strongswan-conf=
...
defaults to /etc/strongswan.conf
2008-04-07 06:56:33 +00:00
Martin Willi
4071ad1e5b
fixed segfault when opening a SQLite database fails
2008-04-07 06:49:13 +00:00
Andreas Steffen
f8ab4a8f76
log shared secret with debug level 4
2008-04-06 17:51:29 +00:00
Andreas Steffen
1b247314fd
default is hostaccess=no
2008-04-06 12:15:05 +00:00
Andreas Steffen
bc722433be
version bump to 4.2.1
2008-04-06 12:12:13 +00:00
Martin Willi
a9184df36b
do not build leak_detective.o if not enabled
2008-04-04 11:38:16 +00:00
Martin Willi
2429fb4958
defining hook functions ourself as definition in uClibc and glibc differ, fixes #36
2008-04-04 11:37:19 +00:00
Martin Willi
67d147e888
removed unused gmp.h to build libstrongswan without libgmp
2008-04-04 11:13:14 +00:00
Tobias Brunner
4c7e6112c5
and another
2008-04-03 15:22:06 +00:00
Tobias Brunner
471f923071
fixed two other memory leaks
2008-04-03 15:13:25 +00:00
Martin Willi
cce97b647a
redirecting all leak_report information to stderr
2008-04-03 11:25:08 +00:00
Martin Willi
6c45e62242
some code cleanups
2008-04-03 10:22:17 +00:00
Tobias Brunner
84b18d5fc7
replaced mutex in leak detective with thread scheduling
2008-04-03 09:24:35 +00:00
Tobias Brunner
8e91a36314
thread locking for sender and processor optimized
2008-04-03 09:19:12 +00:00
Martin Willi
6af29ccf33
configure option in strongswan.conf for thread count
2008-04-03 08:37:24 +00:00
Martin Willi
6e4e27f8de
updated test data to use correct encoding data
2008-04-03 06:45:17 +00:00
Andreas Steffen
196b28a470
demoted more notify debug messages to level 2
2008-04-02 19:15:05 +00:00
Andreas Steffen
f342cc08c0
make peer IP address and peer IP available to the xauth_module.verify_secret() method
2008-04-02 19:04:45 +00:00
Andreas Steffen
97da3d2de0
renamed AES_cbc_encrypt to SS_AES_cbc_encrypt due to name collision with OpenSSL library
2008-04-02 18:51:10 +00:00
Andreas Steffen
7a9d3ae471
support of force_keepalive parameter
2008-04-02 18:35:23 +00:00
Tobias Brunner
c3f803c4c6
fixing some memory leaks
2008-04-02 18:21:03 +00:00
Tobias Brunner
f049b29491
securing total_threads with the mutex while destroying the processor
2008-04-02 15:28:08 +00:00
Andreas Steffen
1ee637d8b1
generate debug output if ocsp response does not contain status information for a given certificate
2008-04-02 14:28:17 +00:00
Martin Willi
513f20156a
fixed med_db test
2008-04-02 12:27:39 +00:00
Martin Willi
489e3da0ea
updated mediation database to public key authentication
...
added mysql table definition, test data
testcase
2008-04-02 12:25:14 +00:00
Martin Willi
e29ebcb1af
fixed compile warnings
2008-04-02 09:54:20 +00:00
Andreas Steffen
281d04502e
additional debug line makes certificate status checking more understandable
2008-04-02 06:25:59 +00:00
Andreas Steffen
9372f44c67
workaround for parsing IPv6 PSKs requires extract_last_token()
2008-04-01 20:40:29 +00:00
Andreas Steffen
080555e76a
demoted received notify debug message to level 2
2008-04-01 20:22:38 +00:00
Martin Willi
372b7ac7e2
added missing files for commit [3721]
2008-04-01 15:03:02 +00:00
Martin Willi
9d1c384b4b
loading of subjectPublicKeyInfo wrapped keys using KEY_ANY (openssl format)
...
testcase
2008-04-01 14:51:31 +00:00
Martin Willi
0ea70ca66e
removed unneded publicKeyInfo ASN1 structure
2008-04-01 13:39:12 +00:00
Andreas Steffen
392f4e17c2
minimal stroke_list_ocsp() implementation
2008-04-01 12:11:09 +00:00
Tobias Brunner
9c2a905d63
stopping connectivity checks on the responders side after receiving an IKE_SA_INIT request with the proper ME_CONNECTID
2008-04-01 11:38:18 +00:00
Martin Willi
45d66f5af6
some simplifications to trusted_enumerator_t
2008-04-01 10:56:08 +00:00
Martin Willi
1bb85edffe
checking pretrusted but bad certificates only once
2008-04-01 10:43:44 +00:00
Andreas Steffen
946d1ecd59
stroke_list groups certificates by issuer
2008-04-01 10:26:27 +00:00
Martin Willi
dd2efc2c03
replaced the example manager database by a sql script
2008-04-01 07:16:48 +00:00
Martin Willi
e411f94d44
changed enumerator implementation to handle reentrant code
2008-04-01 06:51:55 +00:00