fa3fe3c1cf
sql pool prototype
2008-04-18 11:51:58 +00:00
ebb036feec
functions invoked on all linked list items now support up to five additional arguments
2008-04-18 11:48:53 +00:00
be2e5b48cd
updated list of ESP and AH algorithms
2008-04-18 11:25:37 +00:00
6439267a8c
support for hash and URL encoded certificate payloads in charon
2008-04-18 11:24:45 +00:00
eed87e1d76
typo
2008-04-18 10:58:36 +00:00
4075225466
fixed peer config equality check
2008-04-18 10:30:52 +00:00
ab7ed97c93
type corrected
2008-04-18 10:11:41 +00:00
8eeb796a51
changed logging of crl writing to old style
2008-04-17 20:23:31 +00:00
5434d5f7e9
corrected variable name
2008-04-17 18:56:55 +00:00
c4ec8c9d18
fixed compiler warning
2008-04-17 15:08:48 +00:00
b360e3933d
respecting ipsec.conf cachecrls= option
2008-04-17 15:01:57 +00:00
58126dd295
added missing bits for credential caching
2008-04-17 15:00:51 +00:00
d33fa48bc7
caching of CRLs to /etc/ipsec.d/crls
2008-04-17 14:08:38 +00:00
72c882d8c0
cosmetics to chunk_write()
2008-04-17 14:06:37 +00:00
2270b396b3
added missing credential_set method to stroke_ca
2008-04-17 13:00:05 +00:00
233b853dfa
extended credential_set_t interface by a cache_cert() method
...
allows persistent or in-memory caching of fetched certificates
2008-04-17 11:22:37 +00:00
46a5604a04
splitted IKE_SA manager destroy to allow plugin interaction
2008-04-17 10:46:25 +00:00
e5617e40d1
adding rightsourceip=%poolname properly to peer config
2008-04-17 08:55:32 +00:00
4904d26120
slightly optimized IKE_SA checkin
2008-04-16 08:43:32 +00:00
054c9e6031
parallelized trust chain verification
...
temporary imported certificates are thread-local only
read-write locking on credential manager
credential sets must be thread-save now
2008-04-16 08:38:15 +00:00
2c463cdfb1
optimized half-open IKE_SA lookup (no checkout)
2008-04-16 08:34:52 +00:00
140ed97c0c
disable DPD if dpddelay is set but dpdaction=none
2008-04-16 05:50:56 +00:00
02e4180e48
updated sql plugin to respect config changes
2008-04-15 15:13:53 +00:00
1822ca740b
disabled SQL logging by default, as tests scenarios do not have a logging table
2008-04-15 15:13:08 +00:00
f722fa31db
added error logging to sqlite plugin
2008-04-15 15:12:01 +00:00
0dab0f1d5d
fixed build of smp plugin
2008-04-15 11:51:46 +00:00
f45411c045
set long-forgotten DPD defaults
2008-04-15 11:27:45 +00:00
82d8368bd7
build plugins after daemon/libstrongswan
2008-04-15 07:57:01 +00:00
6a365f0740
added API for random number generators, served through credential factory
...
ported randomizer_t to a rng_t on top of /dev/(u)random (plugin random)
2008-04-15 05:56:35 +00:00
0644ebd3de
implemented IKE_SA uniqueness using ipsec.conf uniqueids paramater
...
additionally supports a "keep" value to keep the old IKE_SA
2008-04-14 13:23:24 +00:00
a593db5d35
ike_sa_manager enumerable, not iterable
2008-04-14 11:37:46 +00:00
b010310517
updated rightsourceip parameter in man page
2008-04-14 08:27:05 +00:00
348af092ac
added close_action as a seperate config option to dpd_action
2008-04-14 08:17:18 +00:00
cadb5d16e5
fixed jumping IKE_SA unique ids
2008-04-14 07:55:23 +00:00
45819d7d49
fixed rightsourceip=%config scenarios
2008-04-14 07:18:16 +00:00
ff41ca0dc4
host_srcip was not properly initialized in starterwhack.c
2008-04-13 21:42:44 +00:00
b1bdfa4890
fixed disabling the sending of cert requests
2008-04-13 17:31:07 +00:00
96926b006d
using dpd actions to enforce connection state
...
dpd actions a per child-, not peer ike-sa
2008-04-11 08:14:48 +00:00
4a6474c2c3
enabling acquire for mediated connections
2008-04-10 12:51:04 +00:00
78abba428f
enabling reauthentication on mediation connections
2008-04-10 08:42:27 +00:00
4a03518112
fixing a problem if the mediation server initiates the rekeying
2008-04-10 07:24:30 +00:00
22452f70fc
mediation connections should now properly rekey
2008-04-09 18:12:22 +00:00
ad81e51afc
implemented a simple attribute provider for stroke
2008-04-09 12:56:20 +00:00
cdcfe777f4
implementation of an CFG attribute framework, currently supporting virtual IPs
...
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool
2008-04-09 12:54:47 +00:00
4a96521965
signature in connectivity checks is now built with the message id in network byte order
2008-04-08 13:45:30 +00:00
5df92bba51
changed force_encap to forceencaps
2008-04-08 12:53:36 +00:00
1d295d1ffa
printing the checklist, two bugfixes
2008-04-08 12:31:27 +00:00
6f186d7e2e
connect manager: restart the sender if it is not running anymore
2008-04-08 09:21:27 +00:00
03e5336340
better logging for chunks in connect manager
2008-04-08 08:41:23 +00:00
028a345c63
refactored callback data in connect manager
2008-04-08 08:33:15 +00:00
f6e7c0f785
removed stale ocsp header
2008-04-08 06:27:04 +00:00
6970925422
fast finishing connectivity checks on the initiators side
2008-04-07 15:45:37 +00:00
dd563e60df
corrected the logging for retransmissions of connectivity checks
2008-04-07 14:45:39 +00:00
b03c1d415c
changed how retransmissions of connectivity checks are sent
2008-04-07 11:26:15 +00:00
852abcd3a3
fixed doxygen groups to avoid recursion
2008-04-07 10:37:14 +00:00
70a568b015
fixing another memory leak
2008-04-07 09:36:52 +00:00
1749642b15
use cert->equals() to filter out equal certificates in seperate instances
2008-04-07 08:48:08 +00:00
da5e7bdb4c
try to cache the same instance of equal certificates
2008-04-07 08:44:43 +00:00
b5dbcc6270
compare certificates against full encoding to allow equality check of untrusted certs
2008-04-07 08:28:35 +00:00
9caadea8c8
fixed bad cleanup which results in segfault if no issuer cert found, fixes #43
2008-04-07 08:06:02 +00:00
480297b883
cosmetics
2008-04-07 07:02:47 +00:00
ff867d062e
added ./configure option --with-strongswan-conf=
...
defaults to /etc/strongswan.conf
2008-04-07 06:56:33 +00:00
4071ad1e5b
fixed segfault when opening a SQLite database fails
2008-04-07 06:49:13 +00:00
f8ab4a8f76
log shared secret with debug level 4
2008-04-06 17:51:29 +00:00
1b247314fd
default is hostaccess=no
2008-04-06 12:15:05 +00:00
bc722433be
version bump to 4.2.1
2008-04-06 12:12:13 +00:00
a9184df36b
do not build leak_detective.o if not enabled
2008-04-04 11:38:16 +00:00
2429fb4958
defining hook functions ourself as definition in uClibc and glibc differ, fixes #36
2008-04-04 11:37:19 +00:00
67d147e888
removed unused gmp.h to build libstrongswan without libgmp
2008-04-04 11:13:14 +00:00
4c7e6112c5
and another
2008-04-03 15:22:06 +00:00
471f923071
fixed two other memory leaks
2008-04-03 15:13:25 +00:00
cce97b647a
redirecting all leak_report information to stderr
2008-04-03 11:25:08 +00:00
6c45e62242
some code cleanups
2008-04-03 10:22:17 +00:00
84b18d5fc7
replaced mutex in leak detective with thread scheduling
2008-04-03 09:24:35 +00:00
8e91a36314
thread locking for sender and processor optimized
2008-04-03 09:19:12 +00:00
6af29ccf33
configure option in strongswan.conf for thread count
2008-04-03 08:37:24 +00:00
6e4e27f8de
updated test data to use correct encoding data
2008-04-03 06:45:17 +00:00
196b28a470
demoted more notify debug messages to level 2
2008-04-02 19:15:05 +00:00
f342cc08c0
make peer IP address and peer IP available to the xauth_module.verify_secret() method
2008-04-02 19:04:45 +00:00
97da3d2de0
renamed AES_cbc_encrypt to SS_AES_cbc_encrypt due to name collision with OpenSSL library
2008-04-02 18:51:10 +00:00
7a9d3ae471
support of force_keepalive parameter
2008-04-02 18:35:23 +00:00
c3f803c4c6
fixing some memory leaks
2008-04-02 18:21:03 +00:00
f049b29491
securing total_threads with the mutex while destroying the processor
2008-04-02 15:28:08 +00:00
1ee637d8b1
generate debug output if ocsp response does not contain status information for a given certificate
2008-04-02 14:28:17 +00:00
513f20156a
fixed med_db test
2008-04-02 12:27:39 +00:00
489e3da0ea
updated mediation database to public key authentication
...
added mysql table definition, test data
testcase
2008-04-02 12:25:14 +00:00
e29ebcb1af
fixed compile warnings
2008-04-02 09:54:20 +00:00
281d04502e
additional debug line makes certificate status checking more understandable
2008-04-02 06:25:59 +00:00
9372f44c67
workaround for parsing IPv6 PSKs requires extract_last_token()
2008-04-01 20:40:29 +00:00
080555e76a
demoted received notify debug message to level 2
2008-04-01 20:22:38 +00:00
372b7ac7e2
added missing files for commit [3721]
2008-04-01 15:03:02 +00:00
9d1c384b4b
loading of subjectPublicKeyInfo wrapped keys using KEY_ANY (openssl format)
...
testcase
2008-04-01 14:51:31 +00:00
0ea70ca66e
removed unneded publicKeyInfo ASN1 structure
2008-04-01 13:39:12 +00:00
392f4e17c2
minimal stroke_list_ocsp() implementation
2008-04-01 12:11:09 +00:00
9c2a905d63
stopping connectivity checks on the responders side after receiving an IKE_SA_INIT request with the proper ME_CONNECTID
2008-04-01 11:38:18 +00:00
45d66f5af6
some simplifications to trusted_enumerator_t
2008-04-01 10:56:08 +00:00
1bb85edffe
checking pretrusted but bad certificates only once
2008-04-01 10:43:44 +00:00
946d1ecd59
stroke_list groups certificates by issuer
2008-04-01 10:26:27 +00:00
dd2efc2c03
replaced the example manager database by a sql script
2008-04-01 07:16:48 +00:00
e411f94d44
changed enumerator implementation to handle reentrant code
2008-04-01 06:51:55 +00:00
c096472605
minor changes in debug output
2008-03-31 21:59:32 +00:00
aaa7643b73
put DN in double quotes
2008-03-31 21:08:56 +00:00
a92ea0ccb3
output error message if maximum ca path length is reached
2008-03-31 20:42:57 +00:00
eafc0654ca
ipsec list suppresses duplicates
2008-03-31 20:21:24 +00:00
e5ab32a7ee
timing of connectivity checks adjusted
2008-03-31 15:04:38 +00:00
9e72d3bcaf
defining ME globally, as we need it in plugins
2008-03-31 15:01:43 +00:00
58a05045cc
utc argument in %#T was missing
2008-03-31 14:36:00 +00:00
9e183cd5b8
signal fixed
2008-03-31 14:27:16 +00:00
f98736aee6
changed order of server and peer reflexive endpoints (and also the priorities)
2008-03-31 10:56:49 +00:00
0f7ef3d2a0
received certificates have least priority
...
fixed manager unlocking
2008-03-31 08:43:18 +00:00
d69b267d58
fixed refcounting in certificate trustchain validation
2008-03-31 07:16:12 +00:00
dcc777652e
changed error message
2008-03-29 13:26:53 +00:00
40f9006845
output uptime in status in local time
2008-03-29 08:55:09 +00:00
d2aa6fcaeb
shortened menu item
2008-03-28 22:46:09 +00:00
c63dc50f15
demoted ldap debug output to level 2
2008-03-28 22:44:45 +00:00
b7ef3f625d
leak detective detects heap over- and underflow
2008-03-28 14:51:26 +00:00
7939864dec
updated leak_detective whitelist: libxml and clearsilver functions
2008-03-28 13:16:36 +00:00
6b9290ff12
renamed xml plugin to smp to avoid confusion
...
added some dependency checks to configure
configure checks ClearSilver and fastcgi
cleanups in the build system here and there
2008-03-28 12:44:01 +00:00
892fb43b12
fixed manager plugin loading
...
manager uses strongswan.conf to read its configuration
2008-03-28 12:41:05 +00:00
35b6e2301f
fixed crash if crl fetching fails
2008-03-28 12:00:51 +00:00
dca40a9483
fixed all pluto compiler warnings
2008-03-28 11:48:14 +00:00
7539b1d1aa
fixed compiler warning in openace
...
fixed pem loading bug
2008-03-28 11:47:11 +00:00
acf7956c68
fixed compiler warning in libfreeswan
2008-03-28 11:46:30 +00:00
a43eb5aa3f
fixed compiler warning in scepclient
2008-03-28 11:45:56 +00:00
0d2670e7e6
removed unused yynuput to fix compiler warning
2008-03-28 11:45:01 +00:00
15e21c5cba
fixed compiler warning
2008-03-28 10:21:04 +00:00
d55fa9aff7
reentrant save cert_cache
2008-03-28 08:38:51 +00:00
ac1fefc2de
caching of CRLs
2008-03-28 08:14:47 +00:00
d20e5c6ab5
replaced get_public() by create_public_enumerator() to try multiple public keys for signature verification
2008-03-27 19:07:23 +00:00
0d30ba3343
use trusted self-signed root CA certificates as trust anchor only
2008-03-27 13:38:02 +00:00
e74bc8e51d
changed external interface to the mediation extension.
2008-03-27 12:31:35 +00:00
b42421a04c
corrected ME_ENDPOINT length check
2008-03-27 12:29:51 +00:00
52a61742e7
reusing generic shared_key_t implementation in med_db
2008-03-27 11:45:49 +00:00
cf4caefab1
whitelisted FCGX_Init
...
reporting count of leaks suppressed by whitelist
2008-03-27 11:42:35 +00:00
4204db116b
fixed memory leak in dispatcher
2008-03-27 10:24:37 +00:00
54150b3f13
checking the size of ME_* notify payloads
2008-03-27 10:17:29 +00:00
b0dee635d2
replaced the COOKIE notify payload in connectivity checks with a ME_CONNECTAUTH notify payload
2008-03-27 09:54:09 +00:00
f957f7dfb3
implemented cert cache flushing, ipsec purgeocsp
2008-03-27 06:37:29 +00:00
d61bd27a9a
fixed plugin/stroke Makefile
2008-03-26 20:24:55 +00:00
1aad8bdfad
makeshift fix of --enable-integrity-test option
2008-03-26 20:16:42 +00:00
dc04b7c743
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed
2008-03-26 18:40:19 +00:00
685232670a
added uptime statistics to statusall
2008-03-26 16:13:14 +00:00
7b88a983d8
caching of ocsp responses (experimental), no crl caching yet
2008-03-26 15:21:50 +00:00
391abda082
fixed compile error if --enable-p2p is set
2008-03-26 14:45:24 +00:00
5298777ad8
treat sig_alg and algorithm comparison in a consistent way over all certificate types
2008-03-26 13:10:36 +00:00
e37f7715bf
fixed rightca= constraint checking
...
implemented rightca= for intermediate CAs we do not have the certificate at config load
2008-03-26 12:23:46 +00:00
2d84da89b9
fixed auth_info_t.equals()
2008-03-26 10:58:19 +00:00
0b14fdb92b
splitted stroke plugin to several files:
...
socket: reads messages from socket, dispatching
config: process add/del conn, serves configs through backend_t
control: controlling of the daemon (up/down/route/...(
cred: credential loading, serves creds through credential_set_t
ca: ca sections from ipsec.conf, serves cdp's through credential_set_t
list: log status information to stroke console (status/statusall/list*)
shared_key: shared key implementation for keys read from ipsec.secrets
plugin: registers stroke plugin and starts socket w/ thread
2008-03-26 10:10:40 +00:00
3c7e72f5b0
added equals() method to peer_cfg, ike_cfg, proposals, auth_info
...
allows easier merging of ipsec.conf connections
replaced some iterators through enumerators
made proposals algorithm_t private using enumerator
2008-03-26 10:06:45 +00:00
a852928a6f
fixed compiler warnings
2008-03-26 09:29:30 +00:00
26930a8c3e
certificate factory can load certs from file
2008-03-25 22:28:27 +00:00
ff98c85b57
added component BUILD_FROM_FILE
2008-03-25 13:26:33 +00:00
13bec89740
renamed certificate field in x509_cert.c to encoding
2008-03-25 12:22:12 +00:00
84a5c6a679
added ac.c
2008-03-25 10:13:57 +00:00
3e6ee16478
defined *_create_from_file() constructors in libstrongswan/credentials/certificates
2008-03-25 10:12:45 +00:00
63cb8a7fee
fixed refence counts before calling attribute certificate factory
2008-03-25 09:39:23 +00:00
9bb8d23e17
corrected some doxygen entries
2008-03-22 08:15:18 +00:00
855606efd4
optimized self-signed certificate detection
2008-03-21 20:37:08 +00:00
36617c1ad5
shortened debug output
2008-03-21 20:36:19 +00:00
02fd225ea5
detect trusted self-signed before trust chain verification
2008-03-21 19:10:55 +00:00
ffce5db1b7
self-signed certificates were not marked by x509_cert.c
2008-03-21 19:07:12 +00:00
c081a9bfe6
added ietf group attribute support to attibute certificate factory
2008-03-21 16:59:21 +00:00
93da2684b6
fixed memory allocation problem in openac
2008-03-21 15:58:48 +00:00
104c96a63c
added BUILD_SERIAL component and fixed several ac bugs
2008-03-21 12:44:15 +00:00
a2083c30d5
added VALIDATION_UNKNOWN to cert_validation_names
2008-03-21 11:54:12 +00:00
6ac3a7acbb
added credential factory support for BULD_NOT_BEFORE_TIME and BUILD_NOT_AFTER_TIME
2008-03-21 11:32:33 +00:00
b6377673e7
added x509_ac_builder plugin
2008-03-21 10:52:11 +00:00
3d48f3301a
initialize library in openac
2008-03-21 10:42:05 +00:00
754c1c0ef7
suppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from Astaro.
2008-03-21 09:34:40 +00:00
112482d3f4
optimized debug output of credential_manager.c
2008-03-21 09:28:25 +00:00
dd7924f033
removed build.h include
2008-03-20 15:25:02 +00:00
bdec2e4f52
refactored openac and its attribute certificate factory
2008-03-20 15:23:52 +00:00
25c9637222
modified debug text
2008-03-20 15:22:26 +00:00
dfd5cdcb88
cert_cache_t caches subject-issuer relations and subject certificates
...
ocsp/crl do not benefit yet due missing lookup function
2008-03-20 14:31:36 +00:00
fe8f7626d1
fallback to random end entity certificate if trustchain building fails
2008-03-20 13:14:55 +00:00
629e55434a
2008-03-20 11:38:51 +00:00
a86e3ab37a
some C libraries need _GNU_SOURCE for rwlocks
2008-03-20 11:27:55 +00:00
36524c4844
added support for certificate requests for not yet known CAs
2008-03-20 10:09:56 +00:00
2b522ab450
added $
2008-03-20 09:30:07 +00:00
9be0dc922e
fixed verification of preinstalled certificates
2008-03-20 09:30:02 +00:00
384ebaa57a
included utils/linked_list.h
2008-03-20 09:28:58 +00:00
44ab7c85d7
more trustchain verification improvements
...
should fix crl-revoked and two-certs scenarios
2008-03-20 09:27:57 +00:00
1a9ad33e3b
cleaned up includes
2008-03-20 09:24:22 +00:00
ca7663ece6
CA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flag
2008-03-20 07:21:44 +00:00
48acfe98ae
refactored trustchain verification, this should fix #33
...
moved auth_info/ocsp_response credset wrapper to separate files
2008-03-19 17:54:54 +00:00
84d8ff64cd
increased debug level in trust chain verification for auditing purposes
2008-03-19 17:04:09 +00:00
de7062a280
removed unimplemented private/public key function declarations
2008-03-19 14:21:56 +00:00
cfede7f6e2
The introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
...
as it requires to XOR the key into the hashers state.
A new SHA1 based keyed hash function, implemented as PRF, enables EAP-AKA
and the FIPS-PRF function to properly use the existing SHA1 implementation.
2008-03-19 14:02:52 +00:00
c912c3d382
log nextUpdate of crls and ocsp responses
2008-03-19 13:11:29 +00:00
2590faa330
fixed stupid bug in fetch_ocsp()
2008-03-19 12:36:15 +00:00
ae8715f956
attempt to achieve consistent debugging output
2008-03-19 12:06:38 +00:00
d3a6993777
fixed shared key lookup in stroke
2008-03-19 10:24:51 +00:00
3c448f019b
fixed peer_cfg lookup when omitting IDr
2008-03-19 10:08:59 +00:00
081ae2eb61
fixed CRL check return value on revoked certificates
...
fixed possible refcounting bugs
generic return_null() implementation
2008-03-19 09:44:47 +00:00
a40708e511
fixed compiler warning
2008-03-18 14:06:11 +00:00
bed94c8aeb
added generic payload order rules for notifies
2008-03-18 12:45:23 +00:00
7162be5772
fixed ike_cfg lookup in stroke
2008-03-18 12:40:41 +00:00
4bfa63ed25
added false positive signature check
2008-03-18 12:25:39 +00:00
18be601fcd
added missing test case file ([3607])
2008-03-18 12:16:36 +00:00
d7c529f5a6
creating public key from RSA private key
...
RSA key generation and signature test
2008-03-18 12:13:51 +00:00
8d49b51f8b
made is_newer() a certificate_t method
2008-03-18 10:36:08 +00:00
50045c3b14
better normalized tables for SQL plugin (IDs)
2008-03-18 09:07:04 +00:00
34e281ed32
enforcing x509_flags on certificate construction
2008-03-17 08:06:49 +00:00
d4ba109c9c
fixed CRL revoked certs enumeration
2008-03-17 07:25:32 +00:00
933f80c391
logging to SQL database
2008-03-15 14:17:09 +00:00
72d68379dc
correctly unregister IKE_SA at the bus
2008-03-15 14:08:43 +00:00
8d04f78d07
removed X509_PEER flag; flags are meant to read cert, not to store additional state in cert
...
removed x509_t.set_flags for the reason above
implemented a simple, generic shared_key_t
2008-03-14 15:11:29 +00:00
39ea88f694
credential lookup in mysql/sqlite database
2008-03-14 15:06:42 +00:00
9c410a8806
refactored buggy trustchain building, fixed refcount bug
2008-03-14 15:04:16 +00:00
dbcf4e7451
reduced mysql pool verbosity
2008-03-14 15:03:19 +00:00
8f1596d606
SQL schema for MySQL and SQLite, test data
2008-03-14 07:39:01 +00:00
df3462ddbe
two small fixes
2008-03-13 15:03:06 +00:00
e42db695e2
fixed apidoc grouping
2008-03-13 14:53:57 +00:00
419ee1072e
added NetworkManager prototype DBUS policy, applet config
2008-03-13 14:41:27 +00:00
2d94fdfab7
added old and unmaintained prototype of NetworkManager applet and authenticator
2008-03-13 14:37:11 +00:00
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
b48bdac20b
improved P2P_NAT debugging
2008-02-27 20:30:39 +00:00
e633b1998f
creating sysconfdir if it does not exist
...
moved all directory creations into starters Makefile
2008-02-22 14:50:38 +00:00
a11ea97db8
version bump to 4.2.0
2008-02-15 18:44:29 +00:00
6859f760d9
release of 4.1.11 bug fix version
2008-02-14 21:26:21 +00:00
fb7e7dc484
refactored connect_manager_t to use the find functions on linked lists
2008-02-14 13:42:36 +00:00
e3311a40f0
find methods for linked lists
2008-02-14 12:29:29 +00:00
298c9c8eed
some websites append a newline character to a DER-encoded binary blob
2008-02-05 19:27:05 +00:00
5bbac9ffff
split connections with different virtual IPs in different peer_cfgs
...
respect different peer_cfg's when initiating a CHILD_SA within an existing IKE_SA
2008-02-05 12:39:30 +00:00
cdd33ec665
* replaced __thread with pthread_key_t/pthread_setspecific
...
* use pthread_once to initialize the request handler
2008-02-05 09:31:21 +00:00
663fedbe44
implemented IKEV2 EAP-SIM server and client test module that use triplets stored in a file. For details see the scenario 'ikev2/rw-eap-sim-rsa'
2008-02-04 14:52:06 +00:00
7094e840bf
use the new options_t class
2008-02-04 14:46:43 +00:00
b388a81848
fixed tabs
2008-02-04 14:45:50 +00:00
0730fec464
refactored optionsfrom as in an object-oriented way using the options_t class. Eliminated all memory leaks
2008-02-04 14:44:14 +00:00
3b1692c058
use identifiers in EAP_SUCCESS/EAP_FAILURE payloads
2008-02-04 11:43:10 +00:00
9514d26c5c
parse signedData object with empty content
2008-02-02 00:29:03 +00:00
f4a459473e
build_signedData() now computes messageDigest attribute
2008-02-01 22:26:01 +00:00
7734c01677
added set_messageDigest() and get_messageDigest() methods
2008-02-01 22:24:51 +00:00
e8bfe74289
extended and debugged PKCS#7 signedData support
2008-02-01 14:19:26 +00:00
daccbee77e
added S/MIME capabilities OID
2008-02-01 10:40:03 +00:00
26e9e2ecd9
changed tabs to 4 spaces
2008-02-01 01:01:17 +00:00
071e037124
next_payload must be of type u_int8_t
2008-02-01 00:07:56 +00:00
b0e40caafb
NAT-T conditions were not inherited during IKE_SA rekeying
2008-01-29 01:41:47 +00:00
5862981ce9
fixed comment
2008-01-27 20:59:22 +00:00
f19628490c
implemented pkcs1_encrypt()
2008-01-27 20:58:52 +00:00
e575b3daff
fixed padding bug in RSA_encrypt()
2008-01-27 20:17:15 +00:00
5bb8fcc074
added RCSID
2008-01-22 10:52:26 +00:00
2e3d4743d3
added md2WithRSA algorithm identifier
2008-01-22 10:52:03 +00:00
93eb6ec8a1
extended asn1_algorithmIdentifier() to SHA-2
2008-01-22 10:34:44 +00:00
cd543a69a2
extended asn1_algorithmIdentifier() to SHA-2
2008-01-22 10:32:37 +00:00
2d49eaa131
x509_t.build_encoding() now supports any hash algorithm
2008-01-22 01:32:12 +00:00
a7419b07d1
fully implemented x509_create()
2008-01-22 01:09:19 +00:00
c8b6375c5c
fixed destruction of generalNames linked list
2008-01-21 22:56:58 +00:00
0be06e472a
fixed parsing and building of generalNames
2008-01-21 10:00:13 +00:00
55dbc3fd7b
implemented rsa_private_key_t.get_public_key()
2008-01-21 00:36:38 +00:00
b5d8c9779a
added rsa_public_key_create(mpz_t n, mpz_t e)
2008-01-21 00:34:41 +00:00
d349a3d11a
added notBefore and notAfter to x509_create()
2008-01-21 00:30:26 +00:00
3a36ce1164
added missing hasher include
2008-01-03 10:42:21 +00:00
fb6d76cd5c
version bump to 4.2.0
2007-12-24 18:07:55 +00:00
85b1fd00f4
include pipe-thin-green icons in distribution
2007-12-19 21:00:52 +00:00
aa1a730bfb
set nexthop default value to 0::0 in IPv6 connections
2007-12-19 00:49:32 +00:00
005861b47b
make config view in strongSwan manager look similar to ikesa view
2007-12-18 15:41:37 +00:00
b8461a37db
fixed EAP-MD5 to accept Name attribute in challenge
2007-12-18 10:44:44 +00:00
0f806802ae
implemented Expanded EAP types to support vendor specific methods
2007-12-13 17:31:21 +00:00
3243ac6d5e
fixed actual ID length when AT_IDENTITY gets padded
2007-12-13 14:39:38 +00:00
26e2467692
ported EAP-AKA branch into trunk
2007-12-13 10:54:29 +00:00
2a0ba292f2
sbindir is required in the PATH of ipsec
2007-12-12 22:27:40 +00:00
52bb1876ec
sbindir is required in the PATH of _updown
2007-12-12 22:12:10 +00:00
35b2b1e334
fixed error in the ordering of the certinfo_t records in the ocsp cache that caused multiple entries of the same serial number to be created. This was caused by the iterator_t method insert_after() that inserts a record in the first instead of the last position of a linked list if the end of the list is reached. Fix: use linked_list_t method insert_last() instead.
2007-12-12 20:25:50 +00:00
c2bb1ecacb
define a minimum PATH environment
2007-12-12 14:56:35 +00:00
6fa3dcba3c
aligned error messages
2007-12-12 14:54:28 +00:00
4b403e7672
merged EAP-MD5 into trunk
2007-12-12 14:29:10 +00:00
f9d80d53c3
accept unknown attributes in config payloads
2007-12-09 19:43:41 +00:00
98d0002644
fixed build when using --disable-pluto
2007-12-07 10:25:01 +00:00
81edb520b2
version bump to 4.1.10
2007-12-04 23:54:32 +00:00
3895125275
removed c++ style comments
...
fixed compiler warnings
2007-12-04 10:48:27 +00:00
b8249ff5ed
fixed mobike/auth_lifetime in conjunction with p2p-natt
2007-12-04 10:05:36 +00:00
addc4b3ce4
removed redundant server reflexive endpoint debug message
2007-12-04 00:45:00 +00:00
3af513753a
improved P2P_ENDPOINT debugging
2007-12-03 23:06:17 +00:00
cbfb2aff50
added more ./configure build options for
...
EAP-Identity module
ipsec tools (openac, scepclient)
optional charon/pluto build
charon stroke interface
2007-12-03 14:47:15 +00:00
7805ad302d
moved AUTH_LIFETIME handling in its own task (cleaner separation, proper payload order)
2007-12-03 10:52:18 +00:00
8e78e43220
added a "libcharon-" prefix to plugins to avoid conflicts
2007-12-03 09:03:22 +00:00
89f112ff34
some return code changes proposed by Marius Tomaschewski
2007-11-29 18:27:04 +00:00
0b72091970
ipsec and starter exit with LSB-compliant return codes
2007-11-28 17:02:12 +00:00
733f336ad3
socket_t implementation withouth raw sockets
...
--disable-raw-socket configure option
prevents charon/pluto to run in parallel
2007-11-26 11:20:00 +00:00
17d6e9aa00
improving [3361]: moved one of the added return values
2007-11-22 11:22:33 +00:00
f210387a6b
added two return statements comitted by Marius Tomaschewski
2007-11-21 23:42:27 +00:00
ee61471113
implemented RFC4478 (repeated authentication)
...
changed %V printf handler to take a time delta, %#V now takes two arguments
2007-11-20 12:06:40 +00:00
7b36b734a4
fixed callback_job cancellation for threads waiting in the bus
2007-11-19 12:32:28 +00:00
e533b928f0
fixed memrchr compiler warning
2007-11-19 12:27:08 +00:00
729a6ec965
fixed two leaks in stroke_interface
2007-11-19 11:28:11 +00:00
83ac4cde64
indentation of list.cs
2007-11-18 20:59:46 +00:00
3a19f38d15
handle right=%any case in strongSwan manager
2007-11-17 23:08:16 +00:00
b073aada23
search : delimiter in ipsec.secrets entries from the rear
2007-11-16 20:23:29 +00:00
e101f162ab
refactored bus and interface to resolve threading issues (WIP)
2007-11-15 18:35:54 +00:00
1871cffdc4
be less agressive, but more verbose in killing charon
2007-11-15 18:34:05 +00:00
73294df547
added IKE IP addresses to config list for manager
2007-11-15 10:09:48 +00:00
5d4aea685f
filtering out IKEv1 configurations for manager
2007-11-15 10:09:14 +00:00
93fc29c6cf
fixed daemon kill before threads are spawned
2007-11-14 10:12:34 +00:00
91b16af0fa
fixed NO_PROPOSAL_CHOSEN response on IKE_SA_INIT
2007-11-14 09:41:08 +00:00
a8cd906576
changed session timeout to 15 minutes
2007-11-13 12:00:02 +00:00
e8287a405e
implemented IKE_SA initiation in manager
2007-11-13 11:58:28 +00:00
30a68d715b
implemented configuration query and IKE_SA initiation in XML interface
2007-11-13 11:56:52 +00:00
e36f5f3fd3
configuration query for manager (WIP)
2007-11-12 18:34:50 +00:00
55b02db74e
implemented IKE/CHILD_SA close through manager
2007-11-12 15:09:11 +00:00
275cec2eac
implemented IKE/CHILD_SA termination through XML interface
2007-11-12 15:06:04 +00:00
b14a876858
the _updown scripts now fully supports ip6tables firewall rule insertion and deletion
2007-11-07 12:20:15 +00:00
8ad95a2000
version bumpt to 4.1.9
2007-11-06 13:47:27 +00:00
bd55836e48
fixed ipv6 target in _updown script
2007-11-06 13:46:35 +00:00
d5da42a9e4
fixed _updown target for ipv6
2007-11-06 13:45:54 +00:00
00fb758755
adding new virtual ip before deleting old one to keep IP on reauthentication
2007-10-25 07:50:23 +00:00
bd99d1852a
added vsignal todo
2007-10-25 07:49:32 +00:00
0e0e7d5b71
request_t.redirect takes variable argument list
...
request_t.serve to serve non-template data
fixed dispatcher thread locking code
2007-10-19 19:40:53 +00:00
6d8bec0b97
corrected typos
2007-10-17 02:56:24 +00:00
57423bb7ac
corrected brief
2007-10-17 02:55:53 +00:00
b73595a373
corrected brief
2007-10-17 02:55:17 +00:00
f39e4d3209
added hasher_signature_algorithm_to_oid() function
2007-10-12 23:18:42 +00:00
bad1a23f02
added get_publicKeyInfo() method
2007-10-12 22:49:39 +00:00
0fa2c4fada
added create_certificate_iterator() method
2007-10-12 21:57:20 +00:00
92a0b9d5ec
added x509_build_generalNames() and x509_build_subjectAltNames() functions
2007-10-12 21:56:30 +00:00
340376e316
added x509_ prefix to imported parse functions
2007-10-12 21:53:18 +00:00
aa57b221e3
added RCSID
2007-10-12 19:29:00 +00:00
466c5439e5
cosmetics
2007-10-12 19:20:59 +00:00
26c49478f3
added briefs
2007-10-12 18:39:40 +00:00
3edea3497f
implemented pkcs1_write() method
2007-10-12 15:23:29 +00:00
dba89b1bb7
added x509_create() synthesis function
2007-10-11 14:39:40 +00:00
a09bbc82ce
added get_data() method
2007-10-11 14:38:46 +00:00
86150b684d
call get_keysize with const rsa_private_key_t*
2007-10-11 11:36:37 +00:00
5ff927425f
cosmetics
2007-10-11 11:26:20 +00:00
b61e95a659
renamed eme_pkcs1_decrypt() to pkcs1_decrypt()
2007-10-11 11:25:52 +00:00
c5d0c18149
corrected brief
2007-10-08 21:25:44 +00:00
b607203490
cosmetics
2007-10-08 21:21:21 +00:00
d41a77e45c
added RCSID
2007-10-08 20:12:25 +00:00
99d7cd20ad
added RCSID
2007-10-08 20:09:57 +00:00
9945819c25
added RCSID
2007-10-08 20:03:02 +00:00
d50e491b7b
added RCSID
2007-10-08 19:59:18 +00:00
496e76cbdf
added RCSID
2007-10-08 19:57:54 +00:00
43a87d4211
added RCSID
2007-10-08 19:57:37 +00:00
4e81869c44
added RCSID
2007-10-08 19:52:55 +00:00
2ea8c74c64
added RCSID
2007-10-08 19:49:56 +00:00
de63a765ef
increase debug level from 1 to 2
2007-10-08 19:36:42 +00:00
06ba2d36c3
completed pkcs7 parsing methods
2007-10-07 22:11:42 +00:00
2d8a418059
added eme_pkcs1_decrypt() method
2007-10-07 21:43:24 +00:00
e1513577fb
added error message in case of incorrect padding
2007-10-07 21:42:38 +00:00
2f5199ec48
added RCSID
2007-10-07 21:41:37 +00:00
27e715cb06
replaced strncmp() == 0 by strneq()
2007-10-07 13:42:43 +00:00
5f854d7f95
added strneq(x,y,len) macro
2007-10-07 13:35:42 +00:00
3f76aebe74
cosmetics
2007-10-07 09:17:59 +00:00
f73338d656
use RCSID
2007-10-06 21:39:00 +00:00
ab40277fd0
activated Id property
2007-10-06 21:24:50 +00:00
8a574652d5
activated Id property
2007-10-06 21:20:18 +00:00
e4731e8784
activated Id property
2007-10-06 21:19:41 +00:00
39a8e5a580
fixed some typos
2007-10-05 09:52:23 +00:00
1169ab4ec7
removed recursive mutex and __USE_UNIX98, should fix uClibc build
2007-10-05 09:47:55 +00:00
6705052c2d
fixed bad cast which resulted in a crash on "ipsec update"
2007-10-05 09:13:03 +00:00
493f377b41
fixed memory leak
2007-10-04 15:20:00 +00:00
c96aefe268
implemented an optional DH public value test
...
some other cleanups, using RFC2631 variable names
2007-10-04 15:19:24 +00:00
40f10fd88e
cleanups, fixes and simplification of diffie hellman code
2007-10-04 12:08:11 +00:00
a7e65d5262
implemented enumerator for linked_list
2007-10-04 08:40:20 +00:00
d62a4526fd
moved enumerator from libappserv to libstrongswan
2007-10-04 08:21:53 +00:00
b9bc74979e
fixed sqlite_backend compilation to respect changes from [3238]
2007-10-04 08:18:42 +00:00
c840a9b484
version bump to 4.1.8
2007-10-04 06:41:45 +00:00
eb4e244230
added Andreas Eigenmann and Joel Stillhart to copyright statement
2007-10-03 21:48:42 +00:00
d5cc175833
experimental P2P-NAT-T for IKEv2 merged back from branch
2007-10-03 15:10:41 +00:00
99670c3714
proper cleanup on error
2007-10-03 15:07:46 +00:00
6a8e7381d0
more libstrongswan-like error handling in optionsfrom
2007-10-03 15:02:29 +00:00
8bcdf1562c
added inbound and outbound arrows to ESP SPIs
2007-10-03 10:09:40 +00:00
2970674faf
reverted changeset [3215], as we need NULL callback to do asynchronous calls
...
added interface_manager_cb_empty function, which calls synchronous but doesn't do anything
2007-10-03 08:10:03 +00:00
a6f31da40a
added missing enumerator implementation
2007-10-03 05:29:49 +00:00
183ddc20a9
typo
2007-10-02 13:56:58 +00:00
9b997daab9
do not attempt to encrypt payloads without crypter or signer (allows to override message rules)
2007-10-02 13:31:12 +00:00
06d00e4f7b
fixed "ipsec statusall" SPI formatting
2007-10-02 13:11:23 +00:00
0572d41459
destruction helper macros
2007-10-02 12:04:03 +00:00
e4c9b92171
fixed sqlite database path
2007-10-02 11:55:19 +00:00
56db479192
ID payload with explicit payload type
2007-10-02 11:55:10 +00:00
1fbcbe32d0
get_first_payload_type for message_t
2007-10-02 11:42:27 +00:00
17e78a0981
dummy callback added to interface manager
2007-10-02 11:33:16 +00:00
754f90165f
added thread initialization/deinitialization hooks
...
moved empty_enumerator to a public implementation
2007-10-02 11:23:14 +00:00
06011f6882
remove control sockets on startup, as we don't have privileges on shutdown
2007-10-02 11:20:07 +00:00
a3f100fa09
improved debugging code for traffic selector processing
2007-10-02 07:39:56 +00:00
f9b8417a7c
renamed force_encap to forceencaps (as it is named in openswan)
2007-10-02 06:57:58 +00:00
b3d23996eb
fixed path to the local libstrongswan build
2007-10-01 20:15:28 +00:00
f53b74c96f
moved force_encap to ike_config, enables responder to enforce udp encapsulation
...
fixed bugs in force_encap code
2007-10-01 16:41:34 +00:00
011fb1b97e
removed accidentally checked in debugging code
2007-10-01 12:25:26 +00:00
9dae1bed00
implemented IKEv2 force_encap connection parameter
...
enforces UDP encapsulation by faking NAT detection payloads
to hurdle restrictive firewalls
2007-10-01 12:19:39 +00:00
92232dab33
fixed stuid()/setgid() and error handling
2007-10-01 09:07:10 +00:00
9f3c55cdc4
fixed updown script privilige inheritance for pluto, too
2007-09-28 09:42:55 +00:00
f215e91999
implemented more aggressive MOBIKE path probing
...
do not queue more than one MOBIKE task
2007-09-28 08:22:37 +00:00
052d58feaf
fixed CHILD_SA SPI byte order in XML interface
2007-09-28 07:05:15 +00:00
055d016b49
changed inheritable capability set to the permitted one to execute firewall script with CAP_NET_ADMIN
2007-09-28 07:04:09 +00:00
780050cbc3
implemented proper argument parsing code
2007-09-28 06:43:59 +00:00
a57ab4d690
removed colons from session cookie
2007-09-27 13:10:10 +00:00
85c6fc0283
reduced debbugging level
2007-09-27 13:09:50 +00:00
983d7cd292
made add_ip()/del_ip() calls synchron (waiting until kernel event received)
...
this should fix MOBIKE route migration with virtual IPs
2007-09-27 12:48:00 +00:00
278396b6da
typos
2007-09-27 10:36:03 +00:00
93720075df
implemented SHA1 encrypted passwords for manager
2007-09-27 07:15:47 +00:00
324abae2ef
added vsyslog to leak detectives white list
...
removed debugging hook on openac cleanup
2007-09-27 06:40:50 +00:00
8207e3ea4d
fixed argument processing bug
2007-09-26 15:07:34 +00:00
c295d0eb4b
refactored strongswan manager
...
removed buggy request parsing code, use ClearSilvers CGI kit instead
fixed CHILD_SA listing in manager (needs better design)
using secure XML communication through unix sockets
removed images with questionable (non-GPL) license
2007-09-26 14:02:21 +00:00
a9522e1600
cleaning up
2007-09-25 20:13:06 +00:00
b8eb1644a7
updated openac man page
2007-09-25 20:11:28 +00:00
75dbbcfe31
updated copyright
2007-09-25 20:10:58 +00:00
c4e252c55b
ignore : separators in hex input
2007-09-25 20:09:40 +00:00
8129cc848a
fixed bug occuring with multiple queued Quick Modes and NAT Traversal
2007-09-25 20:07:04 +00:00
d9d69536b0
improved MOBIKE roaming between interfaces
2007-09-24 12:15:25 +00:00
Martin Willi