Martin Willi
0b0fba9e0d
fixed warning if plugin list has trailing whitespaces
2008-05-16 13:48:58 +00:00
Tobias Brunner
3f730ec1cd
Added support for AES-CCM and AES-GCM (authenticated encryption algorithms) in charon.
2008-05-16 13:27:21 +00:00
Tobias Brunner
5a9f62a754
updated xfrm.h to the version from the 2.6.25.4 kernel sources
2008-05-16 13:24:18 +00:00
Martin Willi
99968bf0a0
fixed plugin names of EAP modules
2008-05-16 12:14:48 +00:00
Martin Willi
987a42c05e
moved manager to its own subdirectory in ipsecdir
2008-05-16 09:13:23 +00:00
Martin Willi
1ba62b5562
loading default modules depending on configure options
2008-05-16 08:52:32 +00:00
Andreas Steffen
d8ff9eee6b
added missing semicolon
2008-05-15 19:40:38 +00:00
Martin Willi
a3d92a3745
plugin load configuration in strongswan.conf
...
some components accept a "component.load" option with a space separated list of plugins to load
libcharon- plugins are now handled the same way as libstrongswan- plugins
2008-05-15 14:01:26 +00:00
Tobias Brunner
84770ded1e
RSA with OpenSSL
2008-05-15 12:41:06 +00:00
Tobias Brunner
144274ab20
corrected deinitialisation of public key factory
2008-05-15 12:39:35 +00:00
Tobias Brunner
c1571b34fd
generic public key factory moved
2008-05-15 12:33:00 +00:00
Martin Willi
89658f6d6c
static leases use 0, not NULL timeout
...
fixed static leases
2008-05-15 09:26:47 +00:00
Martin Willi
bb94e1ed60
properly removing bootup poll interface eth0
2008-05-15 08:41:00 +00:00
Martin Willi
fa44a2981c
implemented classical UML network scenario in dumm (ipsec testing)
2008-05-14 13:11:13 +00:00
Martin Willi
c48022a282
poll UML guests after startup using eth9=mcast, as networking is loaded after console
2008-05-14 11:48:00 +00:00
Tobias Brunner
1d56d328fd
typo
2008-05-14 11:10:37 +00:00
Martin Willi
782db7edd1
prototype of mediation client database plugin
2008-05-14 07:26:19 +00:00
Martin Willi
0fd4caea66
handle ID_KEY_ID as a ID_PUBKEY_SHA1 for authentication
2008-05-14 06:49:31 +00:00
Martin Willi
c0d1ebde71
fixed printing of %#H hosts
2008-05-14 06:34:54 +00:00
Martin Willi
f3884f6da6
reverted [3945], proper fix for zero value ASN1 integer
2008-05-13 14:15:12 +00:00
Martin Willi
7af8995cde
fixed unsave calculation of mpz_export length
2008-05-13 13:52:45 +00:00
Martin Willi
02ffd89642
decreased plugin load verbosity
2008-05-13 09:14:36 +00:00
Martin Willi
4d4fc2eaa1
fixed "pool --purge" on mysql
2008-05-13 07:39:24 +00:00
Martin Willi
808ca43f92
fixed compiler warning (missing include)
2008-05-13 07:37:08 +00:00
Martin Willi
5373f2a642
fixed lookup for expired leases
...
initializing database if in inconsistent state
2008-05-13 07:24:53 +00:00
Andreas Steffen
0fc1fc0ec8
forgot about alphabetical order
2008-05-12 12:46:30 +00:00
Andreas Steffen
2637c30c69
added description of plutostderrlog parameter to ipsec.conf.5 man page
2008-05-12 11:36:59 +00:00
Andreas Steffen
a50818ed46
plutostderrlog parameter now declares a stderr redirection file
2008-05-12 10:05:49 +00:00
Andreas Steffen
f85d02a419
fixed typos
2008-05-11 20:36:14 +00:00
Andreas Steffen
95c297b580
added missing ipcomp DB type definition
2008-05-11 16:41:51 +00:00
Andreas Steffen
9a6d9f10e2
support of plutostderrlog keyword
2008-05-11 07:59:00 +00:00
Martin Willi
6cf1215e3c
ported IP pool to mysql
2008-05-09 15:01:22 +00:00
Martin Willi
7051ef4091
usable prototype of "ipsec pool" tool
2008-05-09 12:55:41 +00:00
Martin Willi
5dc317192a
support for left bounded padding in %H and %D
2008-05-09 12:25:39 +00:00
Martin Willi
e69f33f6e2
whitelisted gmtime_r
2008-05-09 12:24:11 +00:00
Martin Willi
f3bcd7f041
correctly reassigning valid leases
2008-05-09 12:22:20 +00:00
Martin Willi
9f9903a3b3
supporting width modifier in identification_t printf hook (e.g. %30D)
...
cleanups in host_t %H printf hook
2008-05-09 11:34:58 +00:00
Martin Willi
ff2d02ed4c
fixed interface disconnection
2008-05-09 10:38:18 +00:00
Tobias Brunner
d4aad55434
IPComp for IKEv2
2008-05-08 16:19:11 +00:00
Martin Willi
0f074a4344
implemented append mode for xcbc, testcase
2008-05-08 14:51:37 +00:00
Martin Willi
affd7a90ba
moved RAW public key support to a separate plugin (pubkey)
2008-05-08 13:16:42 +00:00
Martin Willi
0395eb7c08
fixed compiler warning
2008-05-08 13:12:43 +00:00
Martin Willi
240e727fde
renamed PRF_AES128_CBC to PRF_AES128_XCBC
2008-05-08 12:43:27 +00:00
Martin Willi
5b7ec6d4e0
renamed med_db plugin to medsrv, as we will introduce an additional medcli client plugin
2008-05-08 12:11:30 +00:00
Martin Willi
25b12c696b
replaced --with-gid/uid by --with-group/user
...
using named users, groups
fixed capability dropping in pluto
2008-05-08 10:58:04 +00:00
Martin Willi
f8277a8370
added configure check and support for sqlite3 libraries without sqlite3_prepare_v2
2008-05-07 14:41:13 +00:00
Martin Willi
4ce78f9356
fixed 3DES encryption
2008-05-07 11:54:30 +00:00
Martin Willi
5302703407
prototype of sql pool administration utility
2008-05-07 09:37:08 +00:00
Martin Willi
5d892343fa
using capset version 1 if a newer is available
2008-05-07 08:46:37 +00:00
Martin Willi
86ab5636c2
support for @#hex ID_KEY_ID identification_t
2008-05-06 13:45:14 +00:00
Martin Willi
bc1f02a860
providing medation configuration through med_db plugin
2008-05-06 13:44:14 +00:00
Martin Willi
c963c4bc15
fixed parsing of openssl format public keys
2008-05-06 12:56:36 +00:00
Martin Willi
ff6836716c
returning reference pointer on get_ref()
2008-05-06 10:55:42 +00:00
Martin Willi
cc0cb93553
printf "width" support for hosts (e.g. %15H)
2008-05-05 08:31:43 +00:00
Martin Willi
6c90949f18
resetting old scheduling policy correctly in free() hook
2008-05-05 07:40:21 +00:00
Martin Willi
27d04e055d
implemented XCBC algorithms (signer, prf) for IKE on top of a crypter
...
supporting ike=...-aesxcbc-... in ipsec.conf
added AUTH_AES_XCBC_96 and PRF_AES128_CBC to default IKE proposal
AES XCBC testcase
2008-04-30 14:26:24 +00:00
Martin Willi
f5475fa440
crypter_t api supports in-place encryption using NULL as output parameter
2008-04-30 14:02:25 +00:00
Tobias Brunner
d691080cfc
simplified the OpenSSL crypter a bit
2008-04-30 09:24:22 +00:00
Tobias Brunner
87aa386df1
simplified the OpenSSL hasher a bit
2008-04-30 09:23:13 +00:00
Tobias Brunner
bc75840fb1
OpenSSL hasher does not need an internal buffer anymore
2008-04-30 08:54:36 +00:00
Tobias Brunner
ae7e837c30
adding diffie hellman with OpenSSL
2008-04-29 15:42:34 +00:00
Tobias Brunner
4eda3aa223
use SHA-1 as preferred hasher in the OpenSSL plugin
2008-04-29 09:13:14 +00:00
Andreas Steffen
5c7c23cc03
set Id keyword
2008-04-28 18:44:21 +00:00
Martin Willi
a47486b5e4
prototype of dumm GUI
2008-04-28 16:43:30 +00:00
Andreas Steffen
e8a680d94a
cosmetics
2008-04-28 16:02:53 +00:00
Andreas Steffen
460025e253
introduced ASN1_EXIT command in ASN.1 object syntax definition
2008-04-28 16:00:52 +00:00
Tobias Brunner
63cdbca211
added wrapper for OpenSSL hashers
2008-04-28 15:56:44 +00:00
Tobias Brunner
a733b30276
algo lookup corrected
2008-04-28 15:26:38 +00:00
Tobias Brunner
3b34019f58
made algo struct static
2008-04-28 14:52:58 +00:00
Tobias Brunner
b61aa33599
typos
2008-04-28 14:32:18 +00:00
Tobias Brunner
17353034f3
added a wrapper plugin for OpenSSL crypters (AES, 3DES, Blowfish etc.)
2008-04-28 14:25:19 +00:00
Tobias Brunner
1da06b295f
made some stuff static
2008-04-28 14:19:25 +00:00
Martin Willi
ca37f81657
fixed javascript include using <script> tag
2008-04-28 08:52:17 +00:00
Andreas Steffen
77b9c3a214
end->srcip string must be removed if it contains %config
2008-04-27 11:28:58 +00:00
Andreas Steffen
2988273b3a
fixed starter_cmp_end()
2008-04-27 11:04:13 +00:00
Andreas Steffen
937eb2db00
fixed memory corruption problem in starter
2008-04-27 10:49:31 +00:00
Andreas Steffen
c3628ebc35
optimized parser->success()
2008-04-26 11:08:36 +00:00
Andreas Steffen
df231f5488
ported ASN.1 changes to pkcs7
2008-04-26 10:20:51 +00:00
Andreas Steffen
f27e13e80f
doxygen fix for fips.h
2008-04-26 09:40:22 +00:00
Andreas Steffen
d3d7e46b8c
refactoring of the ASN.1 parser
2008-04-26 09:24:14 +00:00
Martin Willi
3444390241
supporting multiple comma seperated subnets in left/rightsubnet definition
...
e.g. leftsubnet=10.2.0.0/16,10.4.0.0/16
2008-04-25 12:41:37 +00:00
Andreas Steffen
33eb3d4ab6
extract_token() now handles whitespace
2008-04-25 07:04:59 +00:00
Andreas Steffen
36fecdb8a3
chunk_to_hex() adaptations
2008-04-25 06:39:41 +00:00
Martin Willi
5e6bbf4f77
added _GNU_SOURCE and limits.h to build against glibc-2.8
2008-04-24 13:49:20 +00:00
Martin Willi
c624081a7f
added missing base64 chunk test
2008-04-24 13:28:18 +00:00
Martin Willi
9213ad27c2
replaced freeswan ttodata by own chunk_{to|from}_{hex|base64} functions
2008-04-24 13:26:22 +00:00
Martin Willi
71983b5cc9
some c-libs require _GNU_SOURCE for pthread_rwlock
2008-04-23 09:45:02 +00:00
Martin Willi
8570c648f1
fixed AES-128 test
2008-04-22 09:00:27 +00:00
Martin Willi
36d62fac65
experimental Padlock plugin supportin SHA1 and AES-128 for VIA C7 Esther
2008-04-22 08:44:56 +00:00
Martin Willi
65456bfe33
added AES-128 unit test
2008-04-22 08:33:55 +00:00
Martin Willi
4d18175997
removed status result from crypter interface to be consistent with other crypto interfaces
2008-04-22 07:14:24 +00:00
Martin Willi
b638a1009f
proper library initialization for dumm
2008-04-21 13:21:21 +00:00
Andreas Steffen
7c0c0aac01
version bump to 4.2.2
2008-04-19 10:07:32 +00:00
Andreas Steffen
1d5d6f9667
Hash and URL cosmetics
2008-04-18 21:27:08 +00:00
Andreas Steffen
e92b5bc0ed
fixed cbc(camellia) netlink configuration error
2008-04-18 20:01:49 +00:00
Andreas Steffen
228025c2c4
fixed aes-xcbc netlink configuration error
2008-04-18 18:37:57 +00:00
Andreas Steffen
1da277f045
support of AES_XCBC and CAMELLIA ESP cipher by pluto
2008-04-18 17:01:45 +00:00
Andreas Steffen
855c9a9089
fixed AES default key length
2008-04-18 17:00:30 +00:00
Martin Willi
66bb16b033
shipping a default strongswan.conf
2008-04-18 12:52:47 +00:00
Andreas Steffen
bb2a529870
updated pfkeyv2.h
2008-04-18 12:27:50 +00:00
Martin Willi
fa3fe3c1cf
sql pool prototype
2008-04-18 11:51:58 +00:00
Tobias Brunner
ebb036feec
functions invoked on all linked list items now support up to five additional arguments
2008-04-18 11:48:53 +00:00
Andreas Steffen
be2e5b48cd
updated list of ESP and AH algorithms
2008-04-18 11:25:37 +00:00
Tobias Brunner
6439267a8c
support for hash and URL encoded certificate payloads in charon
2008-04-18 11:24:45 +00:00
Tobias Brunner
eed87e1d76
typo
2008-04-18 10:58:36 +00:00
Martin Willi
4075225466
fixed peer config equality check
2008-04-18 10:30:52 +00:00
Tobias Brunner
ab7ed97c93
type corrected
2008-04-18 10:11:41 +00:00
Andreas Steffen
8eeb796a51
changed logging of crl writing to old style
2008-04-17 20:23:31 +00:00
Andreas Steffen
5434d5f7e9
corrected variable name
2008-04-17 18:56:55 +00:00
Martin Willi
c4ec8c9d18
fixed compiler warning
2008-04-17 15:08:48 +00:00
Martin Willi
b360e3933d
respecting ipsec.conf cachecrls= option
2008-04-17 15:01:57 +00:00
Martin Willi
58126dd295
added missing bits for credential caching
2008-04-17 15:00:51 +00:00
Martin Willi
d33fa48bc7
caching of CRLs to /etc/ipsec.d/crls
2008-04-17 14:08:38 +00:00
Martin Willi
72c882d8c0
cosmetics to chunk_write()
2008-04-17 14:06:37 +00:00
Martin Willi
2270b396b3
added missing credential_set method to stroke_ca
2008-04-17 13:00:05 +00:00
Martin Willi
233b853dfa
extended credential_set_t interface by a cache_cert() method
...
allows persistent or in-memory caching of fetched certificates
2008-04-17 11:22:37 +00:00
Martin Willi
46a5604a04
splitted IKE_SA manager destroy to allow plugin interaction
2008-04-17 10:46:25 +00:00
Martin Willi
e5617e40d1
adding rightsourceip=%poolname properly to peer config
2008-04-17 08:55:32 +00:00
Martin Willi
4904d26120
slightly optimized IKE_SA checkin
2008-04-16 08:43:32 +00:00
Martin Willi
054c9e6031
parallelized trust chain verification
...
temporary imported certificates are thread-local only
read-write locking on credential manager
credential sets must be thread-save now
2008-04-16 08:38:15 +00:00
Martin Willi
2c463cdfb1
optimized half-open IKE_SA lookup (no checkout)
2008-04-16 08:34:52 +00:00
Martin Willi
140ed97c0c
disable DPD if dpddelay is set but dpdaction=none
2008-04-16 05:50:56 +00:00
Martin Willi
02e4180e48
updated sql plugin to respect config changes
2008-04-15 15:13:53 +00:00
Martin Willi
1822ca740b
disabled SQL logging by default, as tests scenarios do not have a logging table
2008-04-15 15:13:08 +00:00
Martin Willi
f722fa31db
added error logging to sqlite plugin
2008-04-15 15:12:01 +00:00
Martin Willi
0dab0f1d5d
fixed build of smp plugin
2008-04-15 11:51:46 +00:00
Andreas Steffen
f45411c045
set long-forgotten DPD defaults
2008-04-15 11:27:45 +00:00
Martin Willi
82d8368bd7
build plugins after daemon/libstrongswan
2008-04-15 07:57:01 +00:00
Martin Willi
6a365f0740
added API for random number generators, served through credential factory
...
ported randomizer_t to a rng_t on top of /dev/(u)random (plugin random)
2008-04-15 05:56:35 +00:00
Martin Willi
0644ebd3de
implemented IKE_SA uniqueness using ipsec.conf uniqueids paramater
...
additionally supports a "keep" value to keep the old IKE_SA
2008-04-14 13:23:24 +00:00
Martin Willi
a593db5d35
ike_sa_manager enumerable, not iterable
2008-04-14 11:37:46 +00:00
Martin Willi
b010310517
updated rightsourceip parameter in man page
2008-04-14 08:27:05 +00:00
Martin Willi
348af092ac
added close_action as a seperate config option to dpd_action
2008-04-14 08:17:18 +00:00
Martin Willi
cadb5d16e5
fixed jumping IKE_SA unique ids
2008-04-14 07:55:23 +00:00
Martin Willi
45819d7d49
fixed rightsourceip=%config scenarios
2008-04-14 07:18:16 +00:00
Andreas Steffen
ff41ca0dc4
host_srcip was not properly initialized in starterwhack.c
2008-04-13 21:42:44 +00:00
Andreas Steffen
b1bdfa4890
fixed disabling the sending of cert requests
2008-04-13 17:31:07 +00:00
Martin Willi
96926b006d
using dpd actions to enforce connection state
...
dpd actions a per child-, not peer ike-sa
2008-04-11 08:14:48 +00:00
Tobias Brunner
4a6474c2c3
enabling acquire for mediated connections
2008-04-10 12:51:04 +00:00
Tobias Brunner
78abba428f
enabling reauthentication on mediation connections
2008-04-10 08:42:27 +00:00
Tobias Brunner
4a03518112
fixing a problem if the mediation server initiates the rekeying
2008-04-10 07:24:30 +00:00
Tobias Brunner
22452f70fc
mediation connections should now properly rekey
2008-04-09 18:12:22 +00:00
Martin Willi
ad81e51afc
implemented a simple attribute provider for stroke
2008-04-09 12:56:20 +00:00
Martin Willi
cdcfe777f4
implementation of an CFG attribute framework, currently supporting virtual IPs
...
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool
2008-04-09 12:54:47 +00:00
Tobias Brunner
4a96521965
signature in connectivity checks is now built with the message id in network byte order
2008-04-08 13:45:30 +00:00
Martin Willi
5df92bba51
changed force_encap to forceencaps
2008-04-08 12:53:36 +00:00
Tobias Brunner
1d295d1ffa
printing the checklist, two bugfixes
2008-04-08 12:31:27 +00:00
Tobias Brunner
6f186d7e2e
connect manager: restart the sender if it is not running anymore
2008-04-08 09:21:27 +00:00
Tobias Brunner
03e5336340
better logging for chunks in connect manager
2008-04-08 08:41:23 +00:00
Tobias Brunner
028a345c63
refactored callback data in connect manager
2008-04-08 08:33:15 +00:00
Martin Willi
f6e7c0f785
removed stale ocsp header
2008-04-08 06:27:04 +00:00
Tobias Brunner
6970925422
fast finishing connectivity checks on the initiators side
2008-04-07 15:45:37 +00:00
Tobias Brunner
dd563e60df
corrected the logging for retransmissions of connectivity checks
2008-04-07 14:45:39 +00:00
Tobias Brunner
b03c1d415c
changed how retransmissions of connectivity checks are sent
2008-04-07 11:26:15 +00:00
Martin Willi
852abcd3a3
fixed doxygen groups to avoid recursion
2008-04-07 10:37:14 +00:00
Tobias Brunner
70a568b015
fixing another memory leak
2008-04-07 09:36:52 +00:00
Martin Willi
1749642b15
use cert->equals() to filter out equal certificates in seperate instances
2008-04-07 08:48:08 +00:00
Martin Willi
da5e7bdb4c
try to cache the same instance of equal certificates
2008-04-07 08:44:43 +00:00
Martin Willi
b5dbcc6270
compare certificates against full encoding to allow equality check of untrusted certs
2008-04-07 08:28:35 +00:00
Martin Willi
9caadea8c8
fixed bad cleanup which results in segfault if no issuer cert found, fixes #43
2008-04-07 08:06:02 +00:00
Andreas Steffen
480297b883
cosmetics
2008-04-07 07:02:47 +00:00
Martin Willi
ff867d062e
added ./configure option --with-strongswan-conf=
...
defaults to /etc/strongswan.conf
2008-04-07 06:56:33 +00:00
Martin Willi
4071ad1e5b
fixed segfault when opening a SQLite database fails
2008-04-07 06:49:13 +00:00
Andreas Steffen
f8ab4a8f76
log shared secret with debug level 4
2008-04-06 17:51:29 +00:00
Andreas Steffen
1b247314fd
default is hostaccess=no
2008-04-06 12:15:05 +00:00
Andreas Steffen
bc722433be
version bump to 4.2.1
2008-04-06 12:12:13 +00:00
Martin Willi
a9184df36b
do not build leak_detective.o if not enabled
2008-04-04 11:38:16 +00:00
Martin Willi
2429fb4958
defining hook functions ourself as definition in uClibc and glibc differ, fixes #36
2008-04-04 11:37:19 +00:00
Martin Willi
67d147e888
removed unused gmp.h to build libstrongswan without libgmp
2008-04-04 11:13:14 +00:00
Tobias Brunner
4c7e6112c5
and another
2008-04-03 15:22:06 +00:00
Tobias Brunner
471f923071
fixed two other memory leaks
2008-04-03 15:13:25 +00:00
Martin Willi
cce97b647a
redirecting all leak_report information to stderr
2008-04-03 11:25:08 +00:00
Martin Willi
6c45e62242
some code cleanups
2008-04-03 10:22:17 +00:00
Tobias Brunner
84b18d5fc7
replaced mutex in leak detective with thread scheduling
2008-04-03 09:24:35 +00:00
Tobias Brunner
8e91a36314
thread locking for sender and processor optimized
2008-04-03 09:19:12 +00:00
Martin Willi
6af29ccf33
configure option in strongswan.conf for thread count
2008-04-03 08:37:24 +00:00
Martin Willi
6e4e27f8de
updated test data to use correct encoding data
2008-04-03 06:45:17 +00:00
Andreas Steffen
196b28a470
demoted more notify debug messages to level 2
2008-04-02 19:15:05 +00:00
Andreas Steffen
f342cc08c0
make peer IP address and peer IP available to the xauth_module.verify_secret() method
2008-04-02 19:04:45 +00:00
Andreas Steffen
97da3d2de0
renamed AES_cbc_encrypt to SS_AES_cbc_encrypt due to name collision with OpenSSL library
2008-04-02 18:51:10 +00:00
Andreas Steffen
7a9d3ae471
support of force_keepalive parameter
2008-04-02 18:35:23 +00:00
Tobias Brunner
c3f803c4c6
fixing some memory leaks
2008-04-02 18:21:03 +00:00
Tobias Brunner
f049b29491
securing total_threads with the mutex while destroying the processor
2008-04-02 15:28:08 +00:00
Andreas Steffen
1ee637d8b1
generate debug output if ocsp response does not contain status information for a given certificate
2008-04-02 14:28:17 +00:00
Martin Willi
513f20156a
fixed med_db test
2008-04-02 12:27:39 +00:00
Martin Willi
489e3da0ea
updated mediation database to public key authentication
...
added mysql table definition, test data
testcase
2008-04-02 12:25:14 +00:00
Martin Willi
e29ebcb1af
fixed compile warnings
2008-04-02 09:54:20 +00:00
Andreas Steffen
281d04502e
additional debug line makes certificate status checking more understandable
2008-04-02 06:25:59 +00:00
Andreas Steffen
9372f44c67
workaround for parsing IPv6 PSKs requires extract_last_token()
2008-04-01 20:40:29 +00:00
Andreas Steffen
080555e76a
demoted received notify debug message to level 2
2008-04-01 20:22:38 +00:00
Martin Willi
372b7ac7e2
added missing files for commit [3721]
2008-04-01 15:03:02 +00:00
Martin Willi
9d1c384b4b
loading of subjectPublicKeyInfo wrapped keys using KEY_ANY (openssl format)
...
testcase
2008-04-01 14:51:31 +00:00
Martin Willi
0ea70ca66e
removed unneded publicKeyInfo ASN1 structure
2008-04-01 13:39:12 +00:00
Andreas Steffen
392f4e17c2
minimal stroke_list_ocsp() implementation
2008-04-01 12:11:09 +00:00
Tobias Brunner
9c2a905d63
stopping connectivity checks on the responders side after receiving an IKE_SA_INIT request with the proper ME_CONNECTID
2008-04-01 11:38:18 +00:00
Martin Willi
45d66f5af6
some simplifications to trusted_enumerator_t
2008-04-01 10:56:08 +00:00
Martin Willi
1bb85edffe
checking pretrusted but bad certificates only once
2008-04-01 10:43:44 +00:00
Andreas Steffen
946d1ecd59
stroke_list groups certificates by issuer
2008-04-01 10:26:27 +00:00
Martin Willi
dd2efc2c03
replaced the example manager database by a sql script
2008-04-01 07:16:48 +00:00
Martin Willi
e411f94d44
changed enumerator implementation to handle reentrant code
2008-04-01 06:51:55 +00:00
Andreas Steffen
c096472605
minor changes in debug output
2008-03-31 21:59:32 +00:00
Andreas Steffen
aaa7643b73
put DN in double quotes
2008-03-31 21:08:56 +00:00
Andreas Steffen
a92ea0ccb3
output error message if maximum ca path length is reached
2008-03-31 20:42:57 +00:00
Andreas Steffen
eafc0654ca
ipsec list suppresses duplicates
2008-03-31 20:21:24 +00:00
Tobias Brunner
e5ab32a7ee
timing of connectivity checks adjusted
2008-03-31 15:04:38 +00:00
Martin Willi
9e72d3bcaf
defining ME globally, as we need it in plugins
2008-03-31 15:01:43 +00:00
Andreas Steffen
58a05045cc
utc argument in %#T was missing
2008-03-31 14:36:00 +00:00
Tobias Brunner
9e183cd5b8
signal fixed
2008-03-31 14:27:16 +00:00
Tobias Brunner
f98736aee6
changed order of server and peer reflexive endpoints (and also the priorities)
2008-03-31 10:56:49 +00:00
Martin Willi
0f7ef3d2a0
received certificates have least priority
...
fixed manager unlocking
2008-03-31 08:43:18 +00:00
Martin Willi
d69b267d58
fixed refcounting in certificate trustchain validation
2008-03-31 07:16:12 +00:00
Andreas Steffen
dcc777652e
changed error message
2008-03-29 13:26:53 +00:00
Andreas Steffen
40f9006845
output uptime in status in local time
2008-03-29 08:55:09 +00:00
Andreas Steffen
d2aa6fcaeb
shortened menu item
2008-03-28 22:46:09 +00:00
Andreas Steffen
c63dc50f15
demoted ldap debug output to level 2
2008-03-28 22:44:45 +00:00
Martin Willi
b7ef3f625d
leak detective detects heap over- and underflow
2008-03-28 14:51:26 +00:00
Martin Willi
7939864dec
updated leak_detective whitelist: libxml and clearsilver functions
2008-03-28 13:16:36 +00:00
Martin Willi
6b9290ff12
renamed xml plugin to smp to avoid confusion
...
added some dependency checks to configure
configure checks ClearSilver and fastcgi
cleanups in the build system here and there
2008-03-28 12:44:01 +00:00
Martin Willi
892fb43b12
fixed manager plugin loading
...
manager uses strongswan.conf to read its configuration
2008-03-28 12:41:05 +00:00
Martin Willi
35b6e2301f
fixed crash if crl fetching fails
2008-03-28 12:00:51 +00:00
Martin Willi
dca40a9483
fixed all pluto compiler warnings
2008-03-28 11:48:14 +00:00
Martin Willi
7539b1d1aa
fixed compiler warning in openace
...
fixed pem loading bug
2008-03-28 11:47:11 +00:00
Martin Willi
acf7956c68
fixed compiler warning in libfreeswan
2008-03-28 11:46:30 +00:00
Martin Willi
a43eb5aa3f
fixed compiler warning in scepclient
2008-03-28 11:45:56 +00:00
Martin Willi
0d2670e7e6
removed unused yynuput to fix compiler warning
2008-03-28 11:45:01 +00:00
Martin Willi
15e21c5cba
fixed compiler warning
2008-03-28 10:21:04 +00:00
Martin Willi
d55fa9aff7
reentrant save cert_cache
2008-03-28 08:38:51 +00:00
Martin Willi
ac1fefc2de
caching of CRLs
2008-03-28 08:14:47 +00:00
Martin Willi
d20e5c6ab5
replaced get_public() by create_public_enumerator() to try multiple public keys for signature verification
2008-03-27 19:07:23 +00:00
Martin Willi
0d30ba3343
use trusted self-signed root CA certificates as trust anchor only
2008-03-27 13:38:02 +00:00
Tobias Brunner
e74bc8e51d
changed external interface to the mediation extension.
2008-03-27 12:31:35 +00:00
Tobias Brunner
b42421a04c
corrected ME_ENDPOINT length check
2008-03-27 12:29:51 +00:00
Martin Willi
52a61742e7
reusing generic shared_key_t implementation in med_db
2008-03-27 11:45:49 +00:00
Martin Willi
cf4caefab1
whitelisted FCGX_Init
...
reporting count of leaks suppressed by whitelist
2008-03-27 11:42:35 +00:00
Martin Willi
4204db116b
fixed memory leak in dispatcher
2008-03-27 10:24:37 +00:00
Tobias Brunner
54150b3f13
checking the size of ME_* notify payloads
2008-03-27 10:17:29 +00:00
Tobias Brunner
b0dee635d2
replaced the COOKIE notify payload in connectivity checks with a ME_CONNECTAUTH notify payload
2008-03-27 09:54:09 +00:00
Martin Willi
f957f7dfb3
implemented cert cache flushing, ipsec purgeocsp
2008-03-27 06:37:29 +00:00
Andreas Steffen
d61bd27a9a
fixed plugin/stroke Makefile
2008-03-26 20:24:55 +00:00
Andreas Steffen
1aad8bdfad
makeshift fix of --enable-integrity-test option
2008-03-26 20:16:42 +00:00
Tobias Brunner
dc04b7c743
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed
2008-03-26 18:40:19 +00:00
Martin Willi
685232670a
added uptime statistics to statusall
2008-03-26 16:13:14 +00:00
Martin Willi
7b88a983d8
caching of ocsp responses (experimental), no crl caching yet
2008-03-26 15:21:50 +00:00
Martin Willi
391abda082
fixed compile error if --enable-p2p is set
2008-03-26 14:45:24 +00:00
Andreas Steffen
5298777ad8
treat sig_alg and algorithm comparison in a consistent way over all certificate types
2008-03-26 13:10:36 +00:00
Martin Willi
e37f7715bf
fixed rightca= constraint checking
...
implemented rightca= for intermediate CAs we do not have the certificate at config load
2008-03-26 12:23:46 +00:00
Martin Willi
2d84da89b9
fixed auth_info_t.equals()
2008-03-26 10:58:19 +00:00
Martin Willi
0b14fdb92b
splitted stroke plugin to several files:
...
socket: reads messages from socket, dispatching
config: process add/del conn, serves configs through backend_t
control: controlling of the daemon (up/down/route/...(
cred: credential loading, serves creds through credential_set_t
ca: ca sections from ipsec.conf, serves cdp's through credential_set_t
list: log status information to stroke console (status/statusall/list*)
shared_key: shared key implementation for keys read from ipsec.secrets
plugin: registers stroke plugin and starts socket w/ thread
2008-03-26 10:10:40 +00:00
Martin Willi
3c7e72f5b0
added equals() method to peer_cfg, ike_cfg, proposals, auth_info
...
allows easier merging of ipsec.conf connections
replaced some iterators through enumerators
made proposals algorithm_t private using enumerator
2008-03-26 10:06:45 +00:00
Martin Willi
a852928a6f
fixed compiler warnings
2008-03-26 09:29:30 +00:00
Andreas Steffen
26930a8c3e
certificate factory can load certs from file
2008-03-25 22:28:27 +00:00
Andreas Steffen
ff98c85b57
added component BUILD_FROM_FILE
2008-03-25 13:26:33 +00:00
Andreas Steffen
13bec89740
renamed certificate field in x509_cert.c to encoding
2008-03-25 12:22:12 +00:00
Andreas Steffen
84a5c6a679
added ac.c
2008-03-25 10:13:57 +00:00
Andreas Steffen
3e6ee16478
defined *_create_from_file() constructors in libstrongswan/credentials/certificates
2008-03-25 10:12:45 +00:00
Andreas Steffen
63cb8a7fee
fixed refence counts before calling attribute certificate factory
2008-03-25 09:39:23 +00:00
Andreas Steffen
9bb8d23e17
corrected some doxygen entries
2008-03-22 08:15:18 +00:00
Andreas Steffen
855606efd4
optimized self-signed certificate detection
2008-03-21 20:37:08 +00:00
Andreas Steffen
36617c1ad5
shortened debug output
2008-03-21 20:36:19 +00:00
Andreas Steffen
02fd225ea5
detect trusted self-signed before trust chain verification
2008-03-21 19:10:55 +00:00
Andreas Steffen
ffce5db1b7
self-signed certificates were not marked by x509_cert.c
2008-03-21 19:07:12 +00:00
Andreas Steffen
c081a9bfe6
added ietf group attribute support to attibute certificate factory
2008-03-21 16:59:21 +00:00
Andreas Steffen
93da2684b6
fixed memory allocation problem in openac
2008-03-21 15:58:48 +00:00
Andreas Steffen
104c96a63c
added BUILD_SERIAL component and fixed several ac bugs
2008-03-21 12:44:15 +00:00
Andreas Steffen
a2083c30d5
added VALIDATION_UNKNOWN to cert_validation_names
2008-03-21 11:54:12 +00:00
Andreas Steffen
6ac3a7acbb
added credential factory support for BULD_NOT_BEFORE_TIME and BUILD_NOT_AFTER_TIME
2008-03-21 11:32:33 +00:00
Andreas Steffen
b6377673e7
added x509_ac_builder plugin
2008-03-21 10:52:11 +00:00
Andreas Steffen
3d48f3301a
initialize library in openac
2008-03-21 10:42:05 +00:00
Andreas Steffen
754c1c0ef7
suppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from Astaro.
2008-03-21 09:34:40 +00:00
Andreas Steffen
112482d3f4
optimized debug output of credential_manager.c
2008-03-21 09:28:25 +00:00
Andreas Steffen
dd7924f033
removed build.h include
2008-03-20 15:25:02 +00:00
Andreas Steffen
bdec2e4f52
refactored openac and its attribute certificate factory
2008-03-20 15:23:52 +00:00
Andreas Steffen
25c9637222
modified debug text
2008-03-20 15:22:26 +00:00
Martin Willi
dfd5cdcb88
cert_cache_t caches subject-issuer relations and subject certificates
...
ocsp/crl do not benefit yet due missing lookup function
2008-03-20 14:31:36 +00:00
Martin Willi
fe8f7626d1
fallback to random end entity certificate if trustchain building fails
2008-03-20 13:14:55 +00:00
Martin Willi
629e55434a
2008-03-20 11:38:51 +00:00
Martin Willi
a86e3ab37a
some C libraries need _GNU_SOURCE for rwlocks
2008-03-20 11:27:55 +00:00
Martin Willi
36524c4844
added support for certificate requests for not yet known CAs
2008-03-20 10:09:56 +00:00
Andreas Steffen
2b522ab450
added $
2008-03-20 09:30:07 +00:00
Martin Willi
9be0dc922e
fixed verification of preinstalled certificates
2008-03-20 09:30:02 +00:00
Andreas Steffen
384ebaa57a
included utils/linked_list.h
2008-03-20 09:28:58 +00:00
Martin Willi
44ab7c85d7
more trustchain verification improvements
...
should fix crl-revoked and two-certs scenarios
2008-03-20 09:27:57 +00:00
Andreas Steffen
1a9ad33e3b
cleaned up includes
2008-03-20 09:24:22 +00:00
Martin Willi
ca7663ece6
CA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flag
2008-03-20 07:21:44 +00:00
Martin Willi
48acfe98ae
refactored trustchain verification, this should fix #33
...
moved auth_info/ocsp_response credset wrapper to separate files
2008-03-19 17:54:54 +00:00
Andreas Steffen
84d8ff64cd
increased debug level in trust chain verification for auditing purposes
2008-03-19 17:04:09 +00:00
Martin Willi
de7062a280
removed unimplemented private/public key function declarations
2008-03-19 14:21:56 +00:00
Martin Willi
cfede7f6e2
The introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
...
as it requires to XOR the key into the hashers state.
A new SHA1 based keyed hash function, implemented as PRF, enables EAP-AKA
and the FIPS-PRF function to properly use the existing SHA1 implementation.
2008-03-19 14:02:52 +00:00
Andreas Steffen
c912c3d382
log nextUpdate of crls and ocsp responses
2008-03-19 13:11:29 +00:00
Andreas Steffen
2590faa330
fixed stupid bug in fetch_ocsp()
2008-03-19 12:36:15 +00:00
Andreas Steffen
ae8715f956
attempt to achieve consistent debugging output
2008-03-19 12:06:38 +00:00
Martin Willi
d3a6993777
fixed shared key lookup in stroke
2008-03-19 10:24:51 +00:00
Martin Willi
3c448f019b
fixed peer_cfg lookup when omitting IDr
2008-03-19 10:08:59 +00:00
Martin Willi
081ae2eb61
fixed CRL check return value on revoked certificates
...
fixed possible refcounting bugs
generic return_null() implementation
2008-03-19 09:44:47 +00:00
Martin Willi
a40708e511
fixed compiler warning
2008-03-18 14:06:11 +00:00
Martin Willi
bed94c8aeb
added generic payload order rules for notifies
2008-03-18 12:45:23 +00:00
Martin Willi
7162be5772
fixed ike_cfg lookup in stroke
2008-03-18 12:40:41 +00:00
Martin Willi
4bfa63ed25
added false positive signature check
2008-03-18 12:25:39 +00:00
Martin Willi
18be601fcd
added missing test case file ([3607])
2008-03-18 12:16:36 +00:00
Martin Willi
d7c529f5a6
creating public key from RSA private key
...
RSA key generation and signature test
2008-03-18 12:13:51 +00:00