Martin Willi
fa3fe3c1cf
sql pool prototype
2008-04-18 11:51:58 +00:00
Tobias Brunner
ebb036feec
functions invoked on all linked list items now support up to five additional arguments
2008-04-18 11:48:53 +00:00
Andreas Steffen
be2e5b48cd
updated list of ESP and AH algorithms
2008-04-18 11:25:37 +00:00
Tobias Brunner
6439267a8c
support for hash and URL encoded certificate payloads in charon
2008-04-18 11:24:45 +00:00
Tobias Brunner
eed87e1d76
typo
2008-04-18 10:58:36 +00:00
Martin Willi
4075225466
fixed peer config equality check
2008-04-18 10:30:52 +00:00
Tobias Brunner
ab7ed97c93
type corrected
2008-04-18 10:11:41 +00:00
Andreas Steffen
8eeb796a51
changed logging of crl writing to old style
2008-04-17 20:23:31 +00:00
Andreas Steffen
5434d5f7e9
corrected variable name
2008-04-17 18:56:55 +00:00
Martin Willi
c4ec8c9d18
fixed compiler warning
2008-04-17 15:08:48 +00:00
Martin Willi
b360e3933d
respecting ipsec.conf cachecrls= option
2008-04-17 15:01:57 +00:00
Martin Willi
58126dd295
added missing bits for credential caching
2008-04-17 15:00:51 +00:00
Martin Willi
d33fa48bc7
caching of CRLs to /etc/ipsec.d/crls
2008-04-17 14:08:38 +00:00
Martin Willi
72c882d8c0
cosmetics to chunk_write()
2008-04-17 14:06:37 +00:00
Martin Willi
2270b396b3
added missing credential_set method to stroke_ca
2008-04-17 13:00:05 +00:00
Martin Willi
233b853dfa
extended credential_set_t interface by a cache_cert() method
...
allows persistent or in-memory caching of fetched certificates
2008-04-17 11:22:37 +00:00
Martin Willi
46a5604a04
splitted IKE_SA manager destroy to allow plugin interaction
2008-04-17 10:46:25 +00:00
Martin Willi
e5617e40d1
adding rightsourceip=%poolname properly to peer config
2008-04-17 08:55:32 +00:00
Martin Willi
4904d26120
slightly optimized IKE_SA checkin
2008-04-16 08:43:32 +00:00
Martin Willi
054c9e6031
parallelized trust chain verification
...
temporary imported certificates are thread-local only
read-write locking on credential manager
credential sets must be thread-save now
2008-04-16 08:38:15 +00:00
Martin Willi
2c463cdfb1
optimized half-open IKE_SA lookup (no checkout)
2008-04-16 08:34:52 +00:00
Martin Willi
140ed97c0c
disable DPD if dpddelay is set but dpdaction=none
2008-04-16 05:50:56 +00:00
Martin Willi
02e4180e48
updated sql plugin to respect config changes
2008-04-15 15:13:53 +00:00
Martin Willi
1822ca740b
disabled SQL logging by default, as tests scenarios do not have a logging table
2008-04-15 15:13:08 +00:00
Martin Willi
f722fa31db
added error logging to sqlite plugin
2008-04-15 15:12:01 +00:00
Martin Willi
0dab0f1d5d
fixed build of smp plugin
2008-04-15 11:51:46 +00:00
Andreas Steffen
f45411c045
set long-forgotten DPD defaults
2008-04-15 11:27:45 +00:00
Martin Willi
82d8368bd7
build plugins after daemon/libstrongswan
2008-04-15 07:57:01 +00:00
Martin Willi
6a365f0740
added API for random number generators, served through credential factory
...
ported randomizer_t to a rng_t on top of /dev/(u)random (plugin random)
2008-04-15 05:56:35 +00:00
Martin Willi
0644ebd3de
implemented IKE_SA uniqueness using ipsec.conf uniqueids paramater
...
additionally supports a "keep" value to keep the old IKE_SA
2008-04-14 13:23:24 +00:00
Martin Willi
a593db5d35
ike_sa_manager enumerable, not iterable
2008-04-14 11:37:46 +00:00
Martin Willi
b010310517
updated rightsourceip parameter in man page
2008-04-14 08:27:05 +00:00
Martin Willi
348af092ac
added close_action as a seperate config option to dpd_action
2008-04-14 08:17:18 +00:00
Martin Willi
cadb5d16e5
fixed jumping IKE_SA unique ids
2008-04-14 07:55:23 +00:00
Martin Willi
45819d7d49
fixed rightsourceip=%config scenarios
2008-04-14 07:18:16 +00:00
Andreas Steffen
ff41ca0dc4
host_srcip was not properly initialized in starterwhack.c
2008-04-13 21:42:44 +00:00
Andreas Steffen
b1bdfa4890
fixed disabling the sending of cert requests
2008-04-13 17:31:07 +00:00
Martin Willi
96926b006d
using dpd actions to enforce connection state
...
dpd actions a per child-, not peer ike-sa
2008-04-11 08:14:48 +00:00
Tobias Brunner
4a6474c2c3
enabling acquire for mediated connections
2008-04-10 12:51:04 +00:00
Tobias Brunner
78abba428f
enabling reauthentication on mediation connections
2008-04-10 08:42:27 +00:00
Tobias Brunner
4a03518112
fixing a problem if the mediation server initiates the rekeying
2008-04-10 07:24:30 +00:00
Tobias Brunner
22452f70fc
mediation connections should now properly rekey
2008-04-09 18:12:22 +00:00
Martin Willi
ad81e51afc
implemented a simple attribute provider for stroke
2008-04-09 12:56:20 +00:00
Martin Willi
cdcfe777f4
implementation of an CFG attribute framework, currently supporting virtual IPs
...
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool
2008-04-09 12:54:47 +00:00
Tobias Brunner
4a96521965
signature in connectivity checks is now built with the message id in network byte order
2008-04-08 13:45:30 +00:00
Martin Willi
5df92bba51
changed force_encap to forceencaps
2008-04-08 12:53:36 +00:00
Tobias Brunner
1d295d1ffa
printing the checklist, two bugfixes
2008-04-08 12:31:27 +00:00
Tobias Brunner
6f186d7e2e
connect manager: restart the sender if it is not running anymore
2008-04-08 09:21:27 +00:00
Tobias Brunner
03e5336340
better logging for chunks in connect manager
2008-04-08 08:41:23 +00:00
Tobias Brunner
028a345c63
refactored callback data in connect manager
2008-04-08 08:33:15 +00:00
Martin Willi
f6e7c0f785
removed stale ocsp header
2008-04-08 06:27:04 +00:00
Tobias Brunner
6970925422
fast finishing connectivity checks on the initiators side
2008-04-07 15:45:37 +00:00
Tobias Brunner
dd563e60df
corrected the logging for retransmissions of connectivity checks
2008-04-07 14:45:39 +00:00
Tobias Brunner
b03c1d415c
changed how retransmissions of connectivity checks are sent
2008-04-07 11:26:15 +00:00
Martin Willi
852abcd3a3
fixed doxygen groups to avoid recursion
2008-04-07 10:37:14 +00:00
Tobias Brunner
70a568b015
fixing another memory leak
2008-04-07 09:36:52 +00:00
Martin Willi
1749642b15
use cert->equals() to filter out equal certificates in seperate instances
2008-04-07 08:48:08 +00:00
Martin Willi
da5e7bdb4c
try to cache the same instance of equal certificates
2008-04-07 08:44:43 +00:00
Martin Willi
b5dbcc6270
compare certificates against full encoding to allow equality check of untrusted certs
2008-04-07 08:28:35 +00:00
Martin Willi
9caadea8c8
fixed bad cleanup which results in segfault if no issuer cert found, fixes #43
2008-04-07 08:06:02 +00:00
Andreas Steffen
480297b883
cosmetics
2008-04-07 07:02:47 +00:00
Martin Willi
ff867d062e
added ./configure option --with-strongswan-conf=
...
defaults to /etc/strongswan.conf
2008-04-07 06:56:33 +00:00
Martin Willi
4071ad1e5b
fixed segfault when opening a SQLite database fails
2008-04-07 06:49:13 +00:00
Andreas Steffen
f8ab4a8f76
log shared secret with debug level 4
2008-04-06 17:51:29 +00:00
Andreas Steffen
1b247314fd
default is hostaccess=no
2008-04-06 12:15:05 +00:00
Andreas Steffen
bc722433be
version bump to 4.2.1
2008-04-06 12:12:13 +00:00
Martin Willi
a9184df36b
do not build leak_detective.o if not enabled
2008-04-04 11:38:16 +00:00
Martin Willi
2429fb4958
defining hook functions ourself as definition in uClibc and glibc differ, fixes #36
2008-04-04 11:37:19 +00:00
Martin Willi
67d147e888
removed unused gmp.h to build libstrongswan without libgmp
2008-04-04 11:13:14 +00:00
Tobias Brunner
4c7e6112c5
and another
2008-04-03 15:22:06 +00:00
Tobias Brunner
471f923071
fixed two other memory leaks
2008-04-03 15:13:25 +00:00
Martin Willi
cce97b647a
redirecting all leak_report information to stderr
2008-04-03 11:25:08 +00:00
Martin Willi
6c45e62242
some code cleanups
2008-04-03 10:22:17 +00:00
Tobias Brunner
84b18d5fc7
replaced mutex in leak detective with thread scheduling
2008-04-03 09:24:35 +00:00
Tobias Brunner
8e91a36314
thread locking for sender and processor optimized
2008-04-03 09:19:12 +00:00
Martin Willi
6af29ccf33
configure option in strongswan.conf for thread count
2008-04-03 08:37:24 +00:00
Martin Willi
6e4e27f8de
updated test data to use correct encoding data
2008-04-03 06:45:17 +00:00
Andreas Steffen
196b28a470
demoted more notify debug messages to level 2
2008-04-02 19:15:05 +00:00
Andreas Steffen
f342cc08c0
make peer IP address and peer IP available to the xauth_module.verify_secret() method
2008-04-02 19:04:45 +00:00
Andreas Steffen
97da3d2de0
renamed AES_cbc_encrypt to SS_AES_cbc_encrypt due to name collision with OpenSSL library
2008-04-02 18:51:10 +00:00
Andreas Steffen
7a9d3ae471
support of force_keepalive parameter
2008-04-02 18:35:23 +00:00
Tobias Brunner
c3f803c4c6
fixing some memory leaks
2008-04-02 18:21:03 +00:00
Tobias Brunner
f049b29491
securing total_threads with the mutex while destroying the processor
2008-04-02 15:28:08 +00:00
Andreas Steffen
1ee637d8b1
generate debug output if ocsp response does not contain status information for a given certificate
2008-04-02 14:28:17 +00:00
Martin Willi
513f20156a
fixed med_db test
2008-04-02 12:27:39 +00:00
Martin Willi
489e3da0ea
updated mediation database to public key authentication
...
added mysql table definition, test data
testcase
2008-04-02 12:25:14 +00:00
Martin Willi
e29ebcb1af
fixed compile warnings
2008-04-02 09:54:20 +00:00
Andreas Steffen
281d04502e
additional debug line makes certificate status checking more understandable
2008-04-02 06:25:59 +00:00
Andreas Steffen
9372f44c67
workaround for parsing IPv6 PSKs requires extract_last_token()
2008-04-01 20:40:29 +00:00
Andreas Steffen
080555e76a
demoted received notify debug message to level 2
2008-04-01 20:22:38 +00:00
Martin Willi
372b7ac7e2
added missing files for commit [3721]
2008-04-01 15:03:02 +00:00
Martin Willi
9d1c384b4b
loading of subjectPublicKeyInfo wrapped keys using KEY_ANY (openssl format)
...
testcase
2008-04-01 14:51:31 +00:00
Martin Willi
0ea70ca66e
removed unneded publicKeyInfo ASN1 structure
2008-04-01 13:39:12 +00:00
Andreas Steffen
392f4e17c2
minimal stroke_list_ocsp() implementation
2008-04-01 12:11:09 +00:00
Tobias Brunner
9c2a905d63
stopping connectivity checks on the responders side after receiving an IKE_SA_INIT request with the proper ME_CONNECTID
2008-04-01 11:38:18 +00:00
Martin Willi
45d66f5af6
some simplifications to trusted_enumerator_t
2008-04-01 10:56:08 +00:00
Martin Willi
1bb85edffe
checking pretrusted but bad certificates only once
2008-04-01 10:43:44 +00:00
Andreas Steffen
946d1ecd59
stroke_list groups certificates by issuer
2008-04-01 10:26:27 +00:00
Martin Willi
dd2efc2c03
replaced the example manager database by a sql script
2008-04-01 07:16:48 +00:00
Martin Willi
e411f94d44
changed enumerator implementation to handle reentrant code
2008-04-01 06:51:55 +00:00
Andreas Steffen
c096472605
minor changes in debug output
2008-03-31 21:59:32 +00:00
Andreas Steffen
aaa7643b73
put DN in double quotes
2008-03-31 21:08:56 +00:00
Andreas Steffen
a92ea0ccb3
output error message if maximum ca path length is reached
2008-03-31 20:42:57 +00:00
Andreas Steffen
eafc0654ca
ipsec list suppresses duplicates
2008-03-31 20:21:24 +00:00
Tobias Brunner
e5ab32a7ee
timing of connectivity checks adjusted
2008-03-31 15:04:38 +00:00
Martin Willi
9e72d3bcaf
defining ME globally, as we need it in plugins
2008-03-31 15:01:43 +00:00
Andreas Steffen
58a05045cc
utc argument in %#T was missing
2008-03-31 14:36:00 +00:00
Tobias Brunner
9e183cd5b8
signal fixed
2008-03-31 14:27:16 +00:00
Tobias Brunner
f98736aee6
changed order of server and peer reflexive endpoints (and also the priorities)
2008-03-31 10:56:49 +00:00
Martin Willi
0f7ef3d2a0
received certificates have least priority
...
fixed manager unlocking
2008-03-31 08:43:18 +00:00
Martin Willi
d69b267d58
fixed refcounting in certificate trustchain validation
2008-03-31 07:16:12 +00:00
Andreas Steffen
dcc777652e
changed error message
2008-03-29 13:26:53 +00:00
Andreas Steffen
40f9006845
output uptime in status in local time
2008-03-29 08:55:09 +00:00
Andreas Steffen
d2aa6fcaeb
shortened menu item
2008-03-28 22:46:09 +00:00
Andreas Steffen
c63dc50f15
demoted ldap debug output to level 2
2008-03-28 22:44:45 +00:00
Martin Willi
b7ef3f625d
leak detective detects heap over- and underflow
2008-03-28 14:51:26 +00:00
Martin Willi
7939864dec
updated leak_detective whitelist: libxml and clearsilver functions
2008-03-28 13:16:36 +00:00
Martin Willi
6b9290ff12
renamed xml plugin to smp to avoid confusion
...
added some dependency checks to configure
configure checks ClearSilver and fastcgi
cleanups in the build system here and there
2008-03-28 12:44:01 +00:00
Martin Willi
892fb43b12
fixed manager plugin loading
...
manager uses strongswan.conf to read its configuration
2008-03-28 12:41:05 +00:00
Martin Willi
35b6e2301f
fixed crash if crl fetching fails
2008-03-28 12:00:51 +00:00
Martin Willi
dca40a9483
fixed all pluto compiler warnings
2008-03-28 11:48:14 +00:00
Martin Willi
7539b1d1aa
fixed compiler warning in openace
...
fixed pem loading bug
2008-03-28 11:47:11 +00:00
Martin Willi
acf7956c68
fixed compiler warning in libfreeswan
2008-03-28 11:46:30 +00:00
Martin Willi
a43eb5aa3f
fixed compiler warning in scepclient
2008-03-28 11:45:56 +00:00
Martin Willi
0d2670e7e6
removed unused yynuput to fix compiler warning
2008-03-28 11:45:01 +00:00
Martin Willi
15e21c5cba
fixed compiler warning
2008-03-28 10:21:04 +00:00
Martin Willi
d55fa9aff7
reentrant save cert_cache
2008-03-28 08:38:51 +00:00
Martin Willi
ac1fefc2de
caching of CRLs
2008-03-28 08:14:47 +00:00
Martin Willi
d20e5c6ab5
replaced get_public() by create_public_enumerator() to try multiple public keys for signature verification
2008-03-27 19:07:23 +00:00
Martin Willi
0d30ba3343
use trusted self-signed root CA certificates as trust anchor only
2008-03-27 13:38:02 +00:00
Tobias Brunner
e74bc8e51d
changed external interface to the mediation extension.
2008-03-27 12:31:35 +00:00
Tobias Brunner
b42421a04c
corrected ME_ENDPOINT length check
2008-03-27 12:29:51 +00:00
Martin Willi
52a61742e7
reusing generic shared_key_t implementation in med_db
2008-03-27 11:45:49 +00:00
Martin Willi
cf4caefab1
whitelisted FCGX_Init
...
reporting count of leaks suppressed by whitelist
2008-03-27 11:42:35 +00:00
Martin Willi
4204db116b
fixed memory leak in dispatcher
2008-03-27 10:24:37 +00:00
Tobias Brunner
54150b3f13
checking the size of ME_* notify payloads
2008-03-27 10:17:29 +00:00
Tobias Brunner
b0dee635d2
replaced the COOKIE notify payload in connectivity checks with a ME_CONNECTAUTH notify payload
2008-03-27 09:54:09 +00:00
Martin Willi
f957f7dfb3
implemented cert cache flushing, ipsec purgeocsp
2008-03-27 06:37:29 +00:00
Andreas Steffen
d61bd27a9a
fixed plugin/stroke Makefile
2008-03-26 20:24:55 +00:00
Andreas Steffen
1aad8bdfad
makeshift fix of --enable-integrity-test option
2008-03-26 20:16:42 +00:00
Tobias Brunner
dc04b7c743
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed
2008-03-26 18:40:19 +00:00
Martin Willi
685232670a
added uptime statistics to statusall
2008-03-26 16:13:14 +00:00
Martin Willi
7b88a983d8
caching of ocsp responses (experimental), no crl caching yet
2008-03-26 15:21:50 +00:00
Martin Willi
391abda082
fixed compile error if --enable-p2p is set
2008-03-26 14:45:24 +00:00
Andreas Steffen
5298777ad8
treat sig_alg and algorithm comparison in a consistent way over all certificate types
2008-03-26 13:10:36 +00:00
Martin Willi
e37f7715bf
fixed rightca= constraint checking
...
implemented rightca= for intermediate CAs we do not have the certificate at config load
2008-03-26 12:23:46 +00:00
Martin Willi
2d84da89b9
fixed auth_info_t.equals()
2008-03-26 10:58:19 +00:00
Martin Willi
0b14fdb92b
splitted stroke plugin to several files:
...
socket: reads messages from socket, dispatching
config: process add/del conn, serves configs through backend_t
control: controlling of the daemon (up/down/route/...(
cred: credential loading, serves creds through credential_set_t
ca: ca sections from ipsec.conf, serves cdp's through credential_set_t
list: log status information to stroke console (status/statusall/list*)
shared_key: shared key implementation for keys read from ipsec.secrets
plugin: registers stroke plugin and starts socket w/ thread
2008-03-26 10:10:40 +00:00
Martin Willi
3c7e72f5b0
added equals() method to peer_cfg, ike_cfg, proposals, auth_info
...
allows easier merging of ipsec.conf connections
replaced some iterators through enumerators
made proposals algorithm_t private using enumerator
2008-03-26 10:06:45 +00:00
Martin Willi
a852928a6f
fixed compiler warnings
2008-03-26 09:29:30 +00:00
Andreas Steffen
26930a8c3e
certificate factory can load certs from file
2008-03-25 22:28:27 +00:00
Andreas Steffen
ff98c85b57
added component BUILD_FROM_FILE
2008-03-25 13:26:33 +00:00
Andreas Steffen
13bec89740
renamed certificate field in x509_cert.c to encoding
2008-03-25 12:22:12 +00:00
Andreas Steffen
84a5c6a679
added ac.c
2008-03-25 10:13:57 +00:00
Andreas Steffen
3e6ee16478
defined *_create_from_file() constructors in libstrongswan/credentials/certificates
2008-03-25 10:12:45 +00:00
Andreas Steffen
63cb8a7fee
fixed refence counts before calling attribute certificate factory
2008-03-25 09:39:23 +00:00
Andreas Steffen
9bb8d23e17
corrected some doxygen entries
2008-03-22 08:15:18 +00:00
Andreas Steffen
855606efd4
optimized self-signed certificate detection
2008-03-21 20:37:08 +00:00
Andreas Steffen
36617c1ad5
shortened debug output
2008-03-21 20:36:19 +00:00
Andreas Steffen
02fd225ea5
detect trusted self-signed before trust chain verification
2008-03-21 19:10:55 +00:00
Andreas Steffen
ffce5db1b7
self-signed certificates were not marked by x509_cert.c
2008-03-21 19:07:12 +00:00
Andreas Steffen
c081a9bfe6
added ietf group attribute support to attibute certificate factory
2008-03-21 16:59:21 +00:00
Andreas Steffen
93da2684b6
fixed memory allocation problem in openac
2008-03-21 15:58:48 +00:00
Andreas Steffen
104c96a63c
added BUILD_SERIAL component and fixed several ac bugs
2008-03-21 12:44:15 +00:00
Andreas Steffen
a2083c30d5
added VALIDATION_UNKNOWN to cert_validation_names
2008-03-21 11:54:12 +00:00
Andreas Steffen
6ac3a7acbb
added credential factory support for BULD_NOT_BEFORE_TIME and BUILD_NOT_AFTER_TIME
2008-03-21 11:32:33 +00:00
Andreas Steffen
b6377673e7
added x509_ac_builder plugin
2008-03-21 10:52:11 +00:00
Andreas Steffen
3d48f3301a
initialize library in openac
2008-03-21 10:42:05 +00:00
Andreas Steffen
754c1c0ef7
suppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from Astaro.
2008-03-21 09:34:40 +00:00
Andreas Steffen
112482d3f4
optimized debug output of credential_manager.c
2008-03-21 09:28:25 +00:00
Andreas Steffen
dd7924f033
removed build.h include
2008-03-20 15:25:02 +00:00
Andreas Steffen
bdec2e4f52
refactored openac and its attribute certificate factory
2008-03-20 15:23:52 +00:00
Andreas Steffen
25c9637222
modified debug text
2008-03-20 15:22:26 +00:00
Martin Willi
dfd5cdcb88
cert_cache_t caches subject-issuer relations and subject certificates
...
ocsp/crl do not benefit yet due missing lookup function
2008-03-20 14:31:36 +00:00
Martin Willi
fe8f7626d1
fallback to random end entity certificate if trustchain building fails
2008-03-20 13:14:55 +00:00
Martin Willi
629e55434a
2008-03-20 11:38:51 +00:00
Martin Willi
a86e3ab37a
some C libraries need _GNU_SOURCE for rwlocks
2008-03-20 11:27:55 +00:00
Martin Willi
36524c4844
added support for certificate requests for not yet known CAs
2008-03-20 10:09:56 +00:00
Andreas Steffen
2b522ab450
added $
2008-03-20 09:30:07 +00:00
Martin Willi
9be0dc922e
fixed verification of preinstalled certificates
2008-03-20 09:30:02 +00:00
Andreas Steffen
384ebaa57a
included utils/linked_list.h
2008-03-20 09:28:58 +00:00
Martin Willi
44ab7c85d7
more trustchain verification improvements
...
should fix crl-revoked and two-certs scenarios
2008-03-20 09:27:57 +00:00
Andreas Steffen
1a9ad33e3b
cleaned up includes
2008-03-20 09:24:22 +00:00
Martin Willi
ca7663ece6
CA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flag
2008-03-20 07:21:44 +00:00
Martin Willi
48acfe98ae
refactored trustchain verification, this should fix #33
...
moved auth_info/ocsp_response credset wrapper to separate files
2008-03-19 17:54:54 +00:00
Andreas Steffen
84d8ff64cd
increased debug level in trust chain verification for auditing purposes
2008-03-19 17:04:09 +00:00
Martin Willi
de7062a280
removed unimplemented private/public key function declarations
2008-03-19 14:21:56 +00:00
Martin Willi
cfede7f6e2
The introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
...
as it requires to XOR the key into the hashers state.
A new SHA1 based keyed hash function, implemented as PRF, enables EAP-AKA
and the FIPS-PRF function to properly use the existing SHA1 implementation.
2008-03-19 14:02:52 +00:00
Andreas Steffen
c912c3d382
log nextUpdate of crls and ocsp responses
2008-03-19 13:11:29 +00:00
Andreas Steffen
2590faa330
fixed stupid bug in fetch_ocsp()
2008-03-19 12:36:15 +00:00
Andreas Steffen
ae8715f956
attempt to achieve consistent debugging output
2008-03-19 12:06:38 +00:00
Martin Willi
d3a6993777
fixed shared key lookup in stroke
2008-03-19 10:24:51 +00:00
Martin Willi
3c448f019b
fixed peer_cfg lookup when omitting IDr
2008-03-19 10:08:59 +00:00
Martin Willi
081ae2eb61
fixed CRL check return value on revoked certificates
...
fixed possible refcounting bugs
generic return_null() implementation
2008-03-19 09:44:47 +00:00
Martin Willi
a40708e511
fixed compiler warning
2008-03-18 14:06:11 +00:00
Martin Willi
bed94c8aeb
added generic payload order rules for notifies
2008-03-18 12:45:23 +00:00
Martin Willi
7162be5772
fixed ike_cfg lookup in stroke
2008-03-18 12:40:41 +00:00
Martin Willi
4bfa63ed25
added false positive signature check
2008-03-18 12:25:39 +00:00
Martin Willi
18be601fcd
added missing test case file ([3607])
2008-03-18 12:16:36 +00:00
Martin Willi
d7c529f5a6
creating public key from RSA private key
...
RSA key generation and signature test
2008-03-18 12:13:51 +00:00
Andreas Steffen
8d49b51f8b
made is_newer() a certificate_t method
2008-03-18 10:36:08 +00:00
Martin Willi
50045c3b14
better normalized tables for SQL plugin (IDs)
2008-03-18 09:07:04 +00:00
Martin Willi
34e281ed32
enforcing x509_flags on certificate construction
2008-03-17 08:06:49 +00:00
Martin Willi
d4ba109c9c
fixed CRL revoked certs enumeration
2008-03-17 07:25:32 +00:00
Martin Willi
933f80c391
logging to SQL database
2008-03-15 14:17:09 +00:00
Martin Willi
72d68379dc
correctly unregister IKE_SA at the bus
2008-03-15 14:08:43 +00:00
Martin Willi
8d04f78d07
removed X509_PEER flag; flags are meant to read cert, not to store additional state in cert
...
removed x509_t.set_flags for the reason above
implemented a simple, generic shared_key_t
2008-03-14 15:11:29 +00:00
Martin Willi
39ea88f694
credential lookup in mysql/sqlite database
2008-03-14 15:06:42 +00:00
Martin Willi
9c410a8806
refactored buggy trustchain building, fixed refcount bug
2008-03-14 15:04:16 +00:00
Martin Willi
dbcf4e7451
reduced mysql pool verbosity
2008-03-14 15:03:19 +00:00
Martin Willi
8f1596d606
SQL schema for MySQL and SQLite, test data
2008-03-14 07:39:01 +00:00
Tobias Brunner
df3462ddbe
two small fixes
2008-03-13 15:03:06 +00:00
Martin Willi
e42db695e2
fixed apidoc grouping
2008-03-13 14:53:57 +00:00
Martin Willi
419ee1072e
added NetworkManager prototype DBUS policy, applet config
2008-03-13 14:41:27 +00:00
Martin Willi
2d94fdfab7
added old and unmaintained prototype of NetworkManager applet and authenticator
2008-03-13 14:37:11 +00:00
Martin Willi
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
Andreas Steffen
b48bdac20b
improved P2P_NAT debugging
2008-02-27 20:30:39 +00:00
Martin Willi
e633b1998f
creating sysconfdir if it does not exist
...
moved all directory creations into starters Makefile
2008-02-22 14:50:38 +00:00
Andreas Steffen
a11ea97db8
version bump to 4.2.0
2008-02-15 18:44:29 +00:00
Andreas Steffen
6859f760d9
release of 4.1.11 bug fix version
2008-02-14 21:26:21 +00:00
Tobias Brunner
fb7e7dc484
refactored connect_manager_t to use the find functions on linked lists
2008-02-14 13:42:36 +00:00
Tobias Brunner
e3311a40f0
find methods for linked lists
2008-02-14 12:29:29 +00:00
Andreas Steffen
298c9c8eed
some websites append a newline character to a DER-encoded binary blob
2008-02-05 19:27:05 +00:00
Martin Willi
5bbac9ffff
split connections with different virtual IPs in different peer_cfgs
...
respect different peer_cfg's when initiating a CHILD_SA within an existing IKE_SA
2008-02-05 12:39:30 +00:00
Tobias Brunner
cdd33ec665
* replaced __thread with pthread_key_t/pthread_setspecific
...
* use pthread_once to initialize the request handler
2008-02-05 09:31:21 +00:00
Andreas Steffen
663fedbe44
implemented IKEV2 EAP-SIM server and client test module that use triplets stored in a file. For details see the scenario 'ikev2/rw-eap-sim-rsa'
2008-02-04 14:52:06 +00:00
Andreas Steffen
7094e840bf
use the new options_t class
2008-02-04 14:46:43 +00:00
Andreas Steffen
b388a81848
fixed tabs
2008-02-04 14:45:50 +00:00
Andreas Steffen
0730fec464
refactored optionsfrom as in an object-oriented way using the options_t class. Eliminated all memory leaks
2008-02-04 14:44:14 +00:00
Martin Willi
3b1692c058
use identifiers in EAP_SUCCESS/EAP_FAILURE payloads
2008-02-04 11:43:10 +00:00
Andreas Steffen
9514d26c5c
parse signedData object with empty content
2008-02-02 00:29:03 +00:00
Andreas Steffen
f4a459473e
build_signedData() now computes messageDigest attribute
2008-02-01 22:26:01 +00:00
Andreas Steffen
7734c01677
added set_messageDigest() and get_messageDigest() methods
2008-02-01 22:24:51 +00:00
Andreas Steffen
e8bfe74289
extended and debugged PKCS#7 signedData support
2008-02-01 14:19:26 +00:00
Andreas Steffen
daccbee77e
added S/MIME capabilities OID
2008-02-01 10:40:03 +00:00
Andreas Steffen
26e9e2ecd9
changed tabs to 4 spaces
2008-02-01 01:01:17 +00:00
Andreas Steffen
071e037124
next_payload must be of type u_int8_t
2008-02-01 00:07:56 +00:00
Andreas Steffen
b0e40caafb
NAT-T conditions were not inherited during IKE_SA rekeying
2008-01-29 01:41:47 +00:00
Andreas Steffen
5862981ce9
fixed comment
2008-01-27 20:59:22 +00:00
Andreas Steffen
f19628490c
implemented pkcs1_encrypt()
2008-01-27 20:58:52 +00:00
Andreas Steffen
e575b3daff
fixed padding bug in RSA_encrypt()
2008-01-27 20:17:15 +00:00
Andreas Steffen
5bb8fcc074
added RCSID
2008-01-22 10:52:26 +00:00
Andreas Steffen
2e3d4743d3
added md2WithRSA algorithm identifier
2008-01-22 10:52:03 +00:00
Andreas Steffen
93eb6ec8a1
extended asn1_algorithmIdentifier() to SHA-2
2008-01-22 10:34:44 +00:00
Andreas Steffen
cd543a69a2
extended asn1_algorithmIdentifier() to SHA-2
2008-01-22 10:32:37 +00:00
Andreas Steffen
2d49eaa131
x509_t.build_encoding() now supports any hash algorithm
2008-01-22 01:32:12 +00:00
Andreas Steffen
a7419b07d1
fully implemented x509_create()
2008-01-22 01:09:19 +00:00
Andreas Steffen
c8b6375c5c
fixed destruction of generalNames linked list
2008-01-21 22:56:58 +00:00
Andreas Steffen
0be06e472a
fixed parsing and building of generalNames
2008-01-21 10:00:13 +00:00
Andreas Steffen
55dbc3fd7b
implemented rsa_private_key_t.get_public_key()
2008-01-21 00:36:38 +00:00
Andreas Steffen
b5d8c9779a
added rsa_public_key_create(mpz_t n, mpz_t e)
2008-01-21 00:34:41 +00:00
Andreas Steffen
d349a3d11a
added notBefore and notAfter to x509_create()
2008-01-21 00:30:26 +00:00
Martin Willi
3a36ce1164
added missing hasher include
2008-01-03 10:42:21 +00:00
Andreas Steffen
fb6d76cd5c
version bump to 4.2.0
2007-12-24 18:07:55 +00:00
Andreas Steffen
85b1fd00f4
include pipe-thin-green icons in distribution
2007-12-19 21:00:52 +00:00
Andreas Steffen
aa1a730bfb
set nexthop default value to 0::0 in IPv6 connections
2007-12-19 00:49:32 +00:00
Andreas Steffen
005861b47b
make config view in strongSwan manager look similar to ikesa view
2007-12-18 15:41:37 +00:00
Martin Willi
b8461a37db
fixed EAP-MD5 to accept Name attribute in challenge
2007-12-18 10:44:44 +00:00
Martin Willi
0f806802ae
implemented Expanded EAP types to support vendor specific methods
2007-12-13 17:31:21 +00:00
Martin Willi
3243ac6d5e
fixed actual ID length when AT_IDENTITY gets padded
2007-12-13 14:39:38 +00:00
Martin Willi
26e2467692
ported EAP-AKA branch into trunk
2007-12-13 10:54:29 +00:00
Andreas Steffen
2a0ba292f2
sbindir is required in the PATH of ipsec
2007-12-12 22:27:40 +00:00
Andreas Steffen
52bb1876ec
sbindir is required in the PATH of _updown
2007-12-12 22:12:10 +00:00
Andreas Steffen
35b2b1e334
fixed error in the ordering of the certinfo_t records in the ocsp cache that caused multiple entries of the same serial number to be created. This was caused by the iterator_t method insert_after() that inserts a record in the first instead of the last position of a linked list if the end of the list is reached. Fix: use linked_list_t method insert_last() instead.
2007-12-12 20:25:50 +00:00
Andreas Steffen
c2bb1ecacb
define a minimum PATH environment
2007-12-12 14:56:35 +00:00
Andreas Steffen
6fa3dcba3c
aligned error messages
2007-12-12 14:54:28 +00:00
Martin Willi
4b403e7672
merged EAP-MD5 into trunk
2007-12-12 14:29:10 +00:00
Martin Willi
f9d80d53c3
accept unknown attributes in config payloads
2007-12-09 19:43:41 +00:00
Martin Willi
98d0002644
fixed build when using --disable-pluto
2007-12-07 10:25:01 +00:00
Andreas Steffen
81edb520b2
version bump to 4.1.10
2007-12-04 23:54:32 +00:00
Martin Willi
3895125275
removed c++ style comments
...
fixed compiler warnings
2007-12-04 10:48:27 +00:00
Martin Willi
b8249ff5ed
fixed mobike/auth_lifetime in conjunction with p2p-natt
2007-12-04 10:05:36 +00:00
Andreas Steffen
addc4b3ce4
removed redundant server reflexive endpoint debug message
2007-12-04 00:45:00 +00:00
Andreas Steffen
3af513753a
improved P2P_ENDPOINT debugging
2007-12-03 23:06:17 +00:00
Martin Willi
cbfb2aff50
added more ./configure build options for
...
EAP-Identity module
ipsec tools (openac, scepclient)
optional charon/pluto build
charon stroke interface
2007-12-03 14:47:15 +00:00
Martin Willi
7805ad302d
moved AUTH_LIFETIME handling in its own task (cleaner separation, proper payload order)
2007-12-03 10:52:18 +00:00
Martin Willi
8e78e43220
added a "libcharon-" prefix to plugins to avoid conflicts
2007-12-03 09:03:22 +00:00
Andreas Steffen
89f112ff34
some return code changes proposed by Marius Tomaschewski
2007-11-29 18:27:04 +00:00
Andreas Steffen
0b72091970
ipsec and starter exit with LSB-compliant return codes
2007-11-28 17:02:12 +00:00
Martin Willi
733f336ad3
socket_t implementation withouth raw sockets
...
--disable-raw-socket configure option
prevents charon/pluto to run in parallel
2007-11-26 11:20:00 +00:00
Tobias Brunner
17d6e9aa00
improving [3361]: moved one of the added return values
2007-11-22 11:22:33 +00:00
Andreas Steffen
f210387a6b
added two return statements comitted by Marius Tomaschewski
2007-11-21 23:42:27 +00:00
Martin Willi
ee61471113
implemented RFC4478 (repeated authentication)
...
changed %V printf handler to take a time delta, %#V now takes two arguments
2007-11-20 12:06:40 +00:00
Martin Willi
7b36b734a4
fixed callback_job cancellation for threads waiting in the bus
2007-11-19 12:32:28 +00:00
Martin Willi
e533b928f0
fixed memrchr compiler warning
2007-11-19 12:27:08 +00:00
Martin Willi
729a6ec965
fixed two leaks in stroke_interface
2007-11-19 11:28:11 +00:00
Andreas Steffen
83ac4cde64
indentation of list.cs
2007-11-18 20:59:46 +00:00
Andreas Steffen
3a19f38d15
handle right=%any case in strongSwan manager
2007-11-17 23:08:16 +00:00
Andreas Steffen
b073aada23
search : delimiter in ipsec.secrets entries from the rear
2007-11-16 20:23:29 +00:00
Martin Willi
e101f162ab
refactored bus and interface to resolve threading issues (WIP)
2007-11-15 18:35:54 +00:00
Martin Willi
1871cffdc4
be less agressive, but more verbose in killing charon
2007-11-15 18:34:05 +00:00
Martin Willi
73294df547
added IKE IP addresses to config list for manager
2007-11-15 10:09:48 +00:00
Martin Willi
5d4aea685f
filtering out IKEv1 configurations for manager
2007-11-15 10:09:14 +00:00
Martin Willi
93fc29c6cf
fixed daemon kill before threads are spawned
2007-11-14 10:12:34 +00:00
Martin Willi
91b16af0fa
fixed NO_PROPOSAL_CHOSEN response on IKE_SA_INIT
2007-11-14 09:41:08 +00:00
Martin Willi
a8cd906576
changed session timeout to 15 minutes
2007-11-13 12:00:02 +00:00
Martin Willi
e8287a405e
implemented IKE_SA initiation in manager
2007-11-13 11:58:28 +00:00
Martin Willi
30a68d715b
implemented configuration query and IKE_SA initiation in XML interface
2007-11-13 11:56:52 +00:00
Martin Willi
e36f5f3fd3
configuration query for manager (WIP)
2007-11-12 18:34:50 +00:00
Martin Willi
55b02db74e
implemented IKE/CHILD_SA close through manager
2007-11-12 15:09:11 +00:00
Martin Willi
275cec2eac
implemented IKE/CHILD_SA termination through XML interface
2007-11-12 15:06:04 +00:00
Andreas Steffen
b14a876858
the _updown scripts now fully supports ip6tables firewall rule insertion and deletion
2007-11-07 12:20:15 +00:00
Andreas Steffen
8ad95a2000
version bumpt to 4.1.9
2007-11-06 13:47:27 +00:00
Andreas Steffen
bd55836e48
fixed ipv6 target in _updown script
2007-11-06 13:46:35 +00:00
Andreas Steffen
d5da42a9e4
fixed _updown target for ipv6
2007-11-06 13:45:54 +00:00
Martin Willi
00fb758755
adding new virtual ip before deleting old one to keep IP on reauthentication
2007-10-25 07:50:23 +00:00
Martin Willi
bd99d1852a
added vsignal todo
2007-10-25 07:49:32 +00:00
Martin Willi
0e0e7d5b71
request_t.redirect takes variable argument list
...
request_t.serve to serve non-template data
fixed dispatcher thread locking code
2007-10-19 19:40:53 +00:00
Andreas Steffen
6d8bec0b97
corrected typos
2007-10-17 02:56:24 +00:00
Andreas Steffen
57423bb7ac
corrected brief
2007-10-17 02:55:53 +00:00
Andreas Steffen
b73595a373
corrected brief
2007-10-17 02:55:17 +00:00
Andreas Steffen
f39e4d3209
added hasher_signature_algorithm_to_oid() function
2007-10-12 23:18:42 +00:00
Andreas Steffen
bad1a23f02
added get_publicKeyInfo() method
2007-10-12 22:49:39 +00:00
Andreas Steffen
0fa2c4fada
added create_certificate_iterator() method
2007-10-12 21:57:20 +00:00
Andreas Steffen
92a0b9d5ec
added x509_build_generalNames() and x509_build_subjectAltNames() functions
2007-10-12 21:56:30 +00:00
Andreas Steffen
340376e316
added x509_ prefix to imported parse functions
2007-10-12 21:53:18 +00:00
Andreas Steffen
aa57b221e3
added RCSID
2007-10-12 19:29:00 +00:00
Andreas Steffen
466c5439e5
cosmetics
2007-10-12 19:20:59 +00:00
Andreas Steffen
26c49478f3
added briefs
2007-10-12 18:39:40 +00:00
Andreas Steffen
3edea3497f
implemented pkcs1_write() method
2007-10-12 15:23:29 +00:00
Andreas Steffen
dba89b1bb7
added x509_create() synthesis function
2007-10-11 14:39:40 +00:00
Andreas Steffen
a09bbc82ce
added get_data() method
2007-10-11 14:38:46 +00:00
Andreas Steffen
86150b684d
call get_keysize with const rsa_private_key_t*
2007-10-11 11:36:37 +00:00
Andreas Steffen
5ff927425f
cosmetics
2007-10-11 11:26:20 +00:00
Andreas Steffen
b61e95a659
renamed eme_pkcs1_decrypt() to pkcs1_decrypt()
2007-10-11 11:25:52 +00:00
Andreas Steffen
c5d0c18149
corrected brief
2007-10-08 21:25:44 +00:00
Andreas Steffen
b607203490
cosmetics
2007-10-08 21:21:21 +00:00
Andreas Steffen
d41a77e45c
added RCSID
2007-10-08 20:12:25 +00:00
Andreas Steffen
99d7cd20ad
added RCSID
2007-10-08 20:09:57 +00:00
Andreas Steffen
9945819c25
added RCSID
2007-10-08 20:03:02 +00:00
Andreas Steffen
d50e491b7b
added RCSID
2007-10-08 19:59:18 +00:00
Andreas Steffen
496e76cbdf
added RCSID
2007-10-08 19:57:54 +00:00
Andreas Steffen
43a87d4211
added RCSID
2007-10-08 19:57:37 +00:00
Andreas Steffen
4e81869c44
added RCSID
2007-10-08 19:52:55 +00:00
Andreas Steffen
2ea8c74c64
added RCSID
2007-10-08 19:49:56 +00:00
Andreas Steffen
de63a765ef
increase debug level from 1 to 2
2007-10-08 19:36:42 +00:00
Andreas Steffen
06ba2d36c3
completed pkcs7 parsing methods
2007-10-07 22:11:42 +00:00
Andreas Steffen
2d8a418059
added eme_pkcs1_decrypt() method
2007-10-07 21:43:24 +00:00
Andreas Steffen
e1513577fb
added error message in case of incorrect padding
2007-10-07 21:42:38 +00:00
Andreas Steffen
2f5199ec48
added RCSID
2007-10-07 21:41:37 +00:00
Andreas Steffen
27e715cb06
replaced strncmp() == 0 by strneq()
2007-10-07 13:42:43 +00:00
Andreas Steffen
5f854d7f95
added strneq(x,y,len) macro
2007-10-07 13:35:42 +00:00
Andreas Steffen
3f76aebe74
cosmetics
2007-10-07 09:17:59 +00:00
Andreas Steffen
f73338d656
use RCSID
2007-10-06 21:39:00 +00:00
Andreas Steffen
ab40277fd0
activated Id property
2007-10-06 21:24:50 +00:00
Andreas Steffen
8a574652d5
activated Id property
2007-10-06 21:20:18 +00:00
Andreas Steffen
e4731e8784
activated Id property
2007-10-06 21:19:41 +00:00
Martin Willi
39a8e5a580
fixed some typos
2007-10-05 09:52:23 +00:00
Martin Willi
1169ab4ec7
removed recursive mutex and __USE_UNIX98, should fix uClibc build
2007-10-05 09:47:55 +00:00
Martin Willi
6705052c2d
fixed bad cast which resulted in a crash on "ipsec update"
2007-10-05 09:13:03 +00:00
Martin Willi
493f377b41
fixed memory leak
2007-10-04 15:20:00 +00:00
Martin Willi
c96aefe268
implemented an optional DH public value test
...
some other cleanups, using RFC2631 variable names
2007-10-04 15:19:24 +00:00
Martin Willi
40f10fd88e
cleanups, fixes and simplification of diffie hellman code
2007-10-04 12:08:11 +00:00
Martin Willi
a7e65d5262
implemented enumerator for linked_list
2007-10-04 08:40:20 +00:00
Martin Willi
d62a4526fd
moved enumerator from libappserv to libstrongswan
2007-10-04 08:21:53 +00:00
Martin Willi
b9bc74979e
fixed sqlite_backend compilation to respect changes from [3238]
2007-10-04 08:18:42 +00:00
Andreas Steffen
c840a9b484
version bump to 4.1.8
2007-10-04 06:41:45 +00:00
Andreas Steffen
eb4e244230
added Andreas Eigenmann and Joel Stillhart to copyright statement
2007-10-03 21:48:42 +00:00
Tobias Brunner
d5cc175833
experimental P2P-NAT-T for IKEv2 merged back from branch
2007-10-03 15:10:41 +00:00
Martin Willi
99670c3714
proper cleanup on error
2007-10-03 15:07:46 +00:00
Martin Willi
6a8e7381d0
more libstrongswan-like error handling in optionsfrom
2007-10-03 15:02:29 +00:00
Andreas Steffen
8bcdf1562c
added inbound and outbound arrows to ESP SPIs
2007-10-03 10:09:40 +00:00
Martin Willi
2970674faf
reverted changeset [3215], as we need NULL callback to do asynchronous calls
...
added interface_manager_cb_empty function, which calls synchronous but doesn't do anything
2007-10-03 08:10:03 +00:00
Martin Willi
a6f31da40a
added missing enumerator implementation
2007-10-03 05:29:49 +00:00
Tobias Brunner
183ddc20a9
typo
2007-10-02 13:56:58 +00:00
Tobias Brunner
9b997daab9
do not attempt to encrypt payloads without crypter or signer (allows to override message rules)
2007-10-02 13:31:12 +00:00
Martin Willi
06d00e4f7b
fixed "ipsec statusall" SPI formatting
2007-10-02 13:11:23 +00:00
Tobias Brunner
0572d41459
destruction helper macros
2007-10-02 12:04:03 +00:00
Martin Willi
e4c9b92171
fixed sqlite database path
2007-10-02 11:55:19 +00:00
Tobias Brunner
56db479192
ID payload with explicit payload type
2007-10-02 11:55:10 +00:00
Tobias Brunner
1fbcbe32d0
get_first_payload_type for message_t
2007-10-02 11:42:27 +00:00
Tobias Brunner
17e78a0981
dummy callback added to interface manager
2007-10-02 11:33:16 +00:00
Martin Willi
754f90165f
added thread initialization/deinitialization hooks
...
moved empty_enumerator to a public implementation
2007-10-02 11:23:14 +00:00
Martin Willi
06011f6882
remove control sockets on startup, as we don't have privileges on shutdown
2007-10-02 11:20:07 +00:00
Martin Willi
a3f100fa09
improved debugging code for traffic selector processing
2007-10-02 07:39:56 +00:00
Martin Willi
f9b8417a7c
renamed force_encap to forceencaps (as it is named in openswan)
2007-10-02 06:57:58 +00:00
Andreas Steffen
b3d23996eb
fixed path to the local libstrongswan build
2007-10-01 20:15:28 +00:00
Martin Willi
f53b74c96f
moved force_encap to ike_config, enables responder to enforce udp encapsulation
...
fixed bugs in force_encap code
2007-10-01 16:41:34 +00:00
Martin Willi
011fb1b97e
removed accidentally checked in debugging code
2007-10-01 12:25:26 +00:00
Martin Willi
9dae1bed00
implemented IKEv2 force_encap connection parameter
...
enforces UDP encapsulation by faking NAT detection payloads
to hurdle restrictive firewalls
2007-10-01 12:19:39 +00:00
Martin Willi
92232dab33
fixed stuid()/setgid() and error handling
2007-10-01 09:07:10 +00:00
Martin Willi
9f3c55cdc4
fixed updown script privilige inheritance for pluto, too
2007-09-28 09:42:55 +00:00
Martin Willi
f215e91999
implemented more aggressive MOBIKE path probing
...
do not queue more than one MOBIKE task
2007-09-28 08:22:37 +00:00
Martin Willi
052d58feaf
fixed CHILD_SA SPI byte order in XML interface
2007-09-28 07:05:15 +00:00
Martin Willi
055d016b49
changed inheritable capability set to the permitted one to execute firewall script with CAP_NET_ADMIN
2007-09-28 07:04:09 +00:00
Martin Willi
780050cbc3
implemented proper argument parsing code
2007-09-28 06:43:59 +00:00
Martin Willi
a57ab4d690
removed colons from session cookie
2007-09-27 13:10:10 +00:00
Martin Willi
85c6fc0283
reduced debbugging level
2007-09-27 13:09:50 +00:00
Martin Willi
983d7cd292
made add_ip()/del_ip() calls synchron (waiting until kernel event received)
...
this should fix MOBIKE route migration with virtual IPs
2007-09-27 12:48:00 +00:00
Tobias Brunner
278396b6da
typos
2007-09-27 10:36:03 +00:00
Martin Willi
93720075df
implemented SHA1 encrypted passwords for manager
2007-09-27 07:15:47 +00:00
Martin Willi
324abae2ef
added vsyslog to leak detectives white list
...
removed debugging hook on openac cleanup
2007-09-27 06:40:50 +00:00
Martin Willi
8207e3ea4d
fixed argument processing bug
2007-09-26 15:07:34 +00:00
Martin Willi
c295d0eb4b
refactored strongswan manager
...
removed buggy request parsing code, use ClearSilvers CGI kit instead
fixed CHILD_SA listing in manager (needs better design)
using secure XML communication through unix sockets
removed images with questionable (non-GPL) license
2007-09-26 14:02:21 +00:00
Andreas Steffen
a9522e1600
cleaning up
2007-09-25 20:13:06 +00:00
Andreas Steffen
b8eb1644a7
updated openac man page
2007-09-25 20:11:28 +00:00
Andreas Steffen
75dbbcfe31
updated copyright
2007-09-25 20:10:58 +00:00
Andreas Steffen
c4e252c55b
ignore : separators in hex input
2007-09-25 20:09:40 +00:00
Andreas Steffen
8129cc848a
fixed bug occuring with multiple queued Quick Modes and NAT Traversal
2007-09-25 20:07:04 +00:00
Martin Willi
d9d69536b0
improved MOBIKE roaming between interfaces
2007-09-24 12:15:25 +00:00