Martin Willi
ed2bcd0315
added IKE_SA established timer to "ipsec statusall"
2008-12-10 09:59:35 +00:00
Martin Willi
d5d5bc0f16
using rwlock to parallel build credentials
2008-12-09 15:57:51 +00:00
Martin Willi
5e5b2dc105
use thread-safe variant of gmtime
2008-12-09 15:00:30 +00:00
Martin Willi
6144daba9d
fixed load-tester shared key lookup
2008-12-09 14:45:56 +00:00
Martin Willi
7023d49ee1
purge auth_info when IKE_SA is established, releases cert memory
2008-12-09 14:34:15 +00:00
Martin Willi
a1466a3ec2
limit number of ADDITIONAL_IPV*_ADDR notifies
2008-12-09 14:32:57 +00:00
Martin Willi
2e03196551
list pools and usage in ipsec statusall
2008-12-09 13:24:12 +00:00
Martin Willi
adf9965272
extended stroke in-memory pool to use hash-tables
...
supports online/offline leases
properly reassign addresses to identities
2008-12-09 13:23:42 +00:00
Martin Willi
20fbc4277e
fixed hashtable->get_count() after doubling table size
2008-12-09 11:13:52 +00:00
Martin Willi
15ed045c87
require explicit enabling of load-testing plugin
2008-12-09 09:11:37 +00:00
Martin Willi
5bdc8fc794
generating different initiator identities, configs and certificates on the fly
2008-12-08 19:18:28 +00:00
Martin Willi
aa5c5d3fde
removed debugging leftovers
2008-12-08 19:15:38 +00:00
Martin Willi
474998099f
fixed out-of-tree build of scepclient
2008-12-08 16:00:33 +00:00
Martin Willi
df68b54f4e
basic x509 certificate generation
2008-12-08 15:29:36 +00:00
Martin Willi
9eb85cffe1
whitelisted another pthread_setspecific implementation
2008-12-08 15:27:24 +00:00
Martin Willi
d21b3549f7
accept NULL values in hashtable enumerator
2008-12-05 12:34:17 +00:00
Martin Willi
19e0010f51
hashtable enumerator enumerates over both, key and values
2008-12-05 10:01:52 +00:00
Martin Willi
a6d7a6107c
added actual ikev2bis draft
2008-12-05 09:41:20 +00:00
Martin Willi
876d5c63a3
pass identity to release_address(), allows providers to do a lookup by id
2008-12-05 09:40:50 +00:00
Andreas Steffen
c333bb4678
extended changeset [4753]
2008-12-04 23:16:10 +00:00
Tobias Brunner
3fb404d8da
implemented the policy cache in kernel_netlink_ipsec_t with a hash table instead of a linked list.
2008-12-04 16:46:08 +00:00
Tobias Brunner
ffa6450695
fixed off by one error
2008-12-04 16:33:39 +00:00
Martin Willi
7710a286ca
fixed copy-paste bug (double-free)
2008-12-04 10:10:37 +00:00
Martin Willi
d0eee69822
reset pointer for a clean destruction
2008-12-04 10:09:21 +00:00
Martin Willi
3bfd0fe3f2
handling peer_match with higher priority tan ike_match to select correct config if IPs are equal
2008-12-04 10:00:03 +00:00
Martin Willi
0442562516
leak whitelisting of OPENSSL_config()
2008-12-04 09:23:53 +00:00
Andreas Steffen
c165d32d9e
suppress output from leak-detective in openac
2008-12-04 04:51:05 +00:00
Andreas Steffen
cf62817286
load openac plugins explicitly
2008-12-04 04:36:39 +00:00
Andreas Steffen
9c674e7214
fixed refactoring error in openac
2008-12-04 04:34:49 +00:00
Andreas Steffen
04409bbb74
suppress leak-detective stderr output in ipsec pool
2008-12-04 03:31:53 +00:00
Andreas Steffen
9b6f9d14ab
fixed double free of host in sadb_address2ts
2008-12-04 01:08:19 +00:00
Andreas Steffen
17a1045906
enable leak-detective and integrity-test in UML tests by default
2008-12-04 00:34:59 +00:00
Tobias Brunner
83c42156a2
add support for smartcards in charon by using the ENGINE API provided by OpenSSL, based on patches by Michael Roßberg.
2008-12-03 10:12:20 +00:00
Tobias Brunner
c3bdc3cd7f
enable quoted tokens in the token enumerator
2008-12-03 10:03:59 +00:00
Tobias Brunner
f4bcf49bcb
fixed compiler warning
2008-12-03 10:03:02 +00:00
Tobias Brunner
81736d7d24
added memstr and extract_token_str helper functions
2008-12-03 09:45:58 +00:00
Tobias Brunner
0948edbbff
adding general purpose hash table
2008-12-03 09:32:16 +00:00
Martin Willi
70691c31b2
fixed double free of host in selector2ts
2008-12-03 09:15:29 +00:00
Martin Willi
efd0fe21e4
ref_get()/ref_put() use atomic gcc operations if supported, thanks to Thomas Jarosch for the patch
2008-12-02 12:14:32 +00:00
Martin Willi
6905f794bb
added a --disable-threads ./configure option for pluto
2008-12-02 09:01:57 +00:00
Martin Willi
2671a8fcee
use DBG_ANY to set all loglevels
2008-12-02 08:52:46 +00:00
Martin Willi
f464d75070
added time.h include for struct tm
2008-12-02 08:46:15 +00:00
Martin Willi
394eb35b0c
some task queueing improvements:
...
- do not pass CHILD_SAs to task constructor, might not
be valid anymore during execution (late lookup)
- use sub-tasks to delete CHILD/IKE_SA after rekeying,
as we want to execute the delete before additional
queued tasks
2008-12-01 18:38:28 +00:00
Andreas Steffen
9a96ccd485
re-established lost default auth sys_logger
2008-12-01 01:24:55 +00:00
Martin Willi
405cc1d924
schedule rekeying when activating passive IKE_SAs
2008-11-28 16:19:19 +00:00
Martin Willi
dd6b7af3f7
do not delete passive IKE_SAs
2008-11-28 15:44:25 +00:00
Martin Willi
c610f42430
added a PASSIVE IKE_SA state to manage it externally
2008-11-28 10:49:14 +00:00
Martin Willi
ddef455219
pass SKd to derive_ike_keys() to have a more interoperable API
2008-11-28 09:51:44 +00:00
Martin Willi
9a1263c3c1
fixed a double-unlock bug, showed up when using rwlocks in backend manager
2008-11-28 08:22:55 +00:00
Martin Willi
ced41695dc
use rwlocks in backend manager to allow simultaneous access
2008-11-27 15:34:17 +00:00