Andreas Steffen
acb92cb44c
version bump to 4.6.1
2011-11-08 21:00:09 +01:00
Andreas Steffen
e7cb8f9b37
added dummy libtls_init() function needed for integrity testing
2011-11-08 20:27:17 +01:00
Tobias Brunner
856baca23e
Fixed monolithic build of libcharon with libtnccs enabled.
2011-11-08 18:35:11 +01:00
Tobias Brunner
59c5f048bb
Correctly refer to tnc-tnccs plugin when building monolithically.
2011-11-08 18:35:11 +01:00
Tobias Brunner
b12ad862c1
Calculate checksums for libsimaka and libtls.
...
These are currently not checked though. And because they don't define a
<libname>_init function an warning is reported when the checksum is
calculated.
2011-11-08 18:35:11 +01:00
Tobias Brunner
89bad63bac
Defer calculation of checksums until installation.
...
The checksum is now calculated from the installed libraries and plugins.
This allows to calculate checksums for plugins linking to libraries like
libtls as these are relinked during installation.
2011-11-08 18:35:11 +01:00
Tobias Brunner
4ad67fe7d5
Fixed formatting for longer plugin names in checksum_builder output.
2011-11-08 18:35:11 +01:00
Tobias Brunner
9192f78f70
Don't link libtnccs to checksum_builder.
...
Linking is only required for libraries defining global symbols used by
plugins to which the plugins do not link themselves.
2011-11-08 18:35:11 +01:00
Tobias Brunner
48e87e12ab
Revert "fixed integrity tests of plugins using libtls or libtnccs"
...
This reverts commit b597ac4a4c
(not
completely).
2011-11-08 18:35:11 +01:00
Tobias Brunner
e034cc9ca9
Revert "fixed integrity tests of plugins using libsimaka"
...
This reverts commit 8c42f16dee
.
Conflicts:
src/charon/Makefile.am
2011-11-08 18:35:11 +01:00
Tobias Brunner
9b6502ade8
maemo: New upstream release.
2011-11-08 18:35:11 +01:00
Andreas Steffen
bc0a4f7663
assign get_features method
2011-11-07 19:15:41 +01:00
Andreas Steffen
566311862f
moved random plugin in front of openssl in order to prefer gmp
2011-11-05 07:24:17 +01:00
Thomas Egerer
72a1b2e308
Allow support for CA-certificate retrieval in scepclient
...
I think somehow this functionality got lost in the way from
strongswan-2.7.0...
2011-11-04 15:13:32 +01:00
Tobias Brunner
866858527d
Fix 'ipsec pool --status' for empty pools.
2011-11-04 15:07:54 +01:00
Tobias Brunner
39b30518c2
Syntax error in sqlite.sql fixed.
2011-11-04 14:37:22 +01:00
Tobias Brunner
5fd8e53002
Some Android NEWS added.
2011-11-04 12:24:16 +01:00
Tobias Brunner
2e94a02115
Don't build pluto and starter by default on Android.
2011-11-04 12:20:21 +01:00
Andreas Steffen
ef4206b50e
if available link libsimaka to checksum_builder
2011-11-04 11:27:19 +01:00
Andreas Steffen
f094dbc9bf
use the correct USE_SIMAKA conditional
2011-11-04 11:27:19 +01:00
Andreas Steffen
0986fe362f
added integrity test to rw-eap-sim-rsa and rw-eap-aka-rsa scenarios
2011-11-04 11:27:19 +01:00
Andreas Steffen
8c42f16dee
fixed integrity tests of plugins using libsimaka
2011-11-04 11:27:19 +01:00
Thomas Egerer
93818392cd
Change order of ocsp uris when parsing a cert
2011-11-04 11:11:17 +01:00
Thomas Egerer
6e5e2762d3
Handle certificates being on hold in a CRL
...
Certificates which are set on hold in a CRL might be removed from any
subsequent CRL. Hence you cannot conclude that a certificate is revoked
for good in this case, you would try to retrieve an update CRL to see if
the certificate on hold is still on it or not.
2011-11-04 11:11:17 +01:00
Thomas Egerer
c125d1ba13
Memwipe request after sa update, too
2011-11-04 11:11:17 +01:00
Thomas Egerer
42e2da606c
Use chunk_clear to memwipe shared secret
2011-11-04 11:11:17 +01:00
Thomas Egerer
dbd2169569
Change order of destroy/get_ref function calls
...
Since DESTROY_IF might destroy the peer_cfg, a get_ref on a freed object
is subject to fail.
2011-11-04 11:11:17 +01:00
Thomas Egerer
c230885a07
Fix resource leak in x509_ocsp_response
2011-11-04 11:11:17 +01:00
Thomas Egerer
dbfd1a63aa
Extend xfrm_attr_type_names by newly added enum values
2011-11-04 11:11:17 +01:00
Tobias Brunner
051226d5c0
Silently install route again, even if it did not change.
...
Address/interface changes can cause the route to disappear. Afterwards
the route might look the same but that does not mean it is still installed.
2011-11-04 11:11:17 +01:00
Tobias Brunner
25d59e9e2d
Compile warning fixed in kernel interfaces.
2011-11-04 11:11:17 +01:00
Tobias Brunner
f3eef176f4
Common spelling errors fixed.
2011-11-03 19:30:17 +01:00
Tobias Brunner
602ee58e45
NEWS about pkcs11 plugin added.
2011-11-03 18:39:57 +01:00
Tobias Brunner
53e2fc690e
pkcs11: Documented use_pubkey option in strongswan.conf(5).
2011-11-03 18:36:34 +01:00
Tobias Brunner
1bdd255ed3
pkcs11: Make public key operations on tokens optional.
2011-11-03 17:56:40 +01:00
Tobias Brunner
5b85b94e27
pkcs11: Make sure a key can be used for a given signature scheme.
2011-11-02 20:27:55 +01:00
Tobias Brunner
58d0a8d49b
pkcs11: Register ECDSA feature.
2011-11-02 20:27:55 +01:00
Tobias Brunner
fd48b220ed
pkcs11: We have to create our own hashes for some signature schemes.
2011-11-02 20:27:55 +01:00
Tobias Brunner
30a3ede8ce
pkcs11: Lookup the public key of a private key by CKA_ID.
...
Currently this only works if a public key object with the same ID is
available, if there isn't one we could search for a certificate with the
same ID and extract the key from there.
2011-11-02 20:27:55 +01:00
Tobias Brunner
5d2fccf439
pkcs11: Search for private keys in a more generic way.
...
Also, don't extract the public key directly from the private key. Some
tokens actually do not return the public exponent (it's not required).
We have to find a different way to get the public key.
2011-11-02 20:27:55 +01:00
Tobias Brunner
9e3b1e1495
pkcs11: Added support to encode ECDSA public keys.
2011-11-02 20:27:55 +01:00
Tobias Brunner
36d1627f6e
pkcs11: Parse ECDSA public keys and find/create them on tokens.
2011-11-02 20:27:55 +01:00
Tobias Brunner
574261163f
pkcs11: Added generic functions to find/create public keys on tokens.
2011-11-02 20:27:55 +01:00
Tobias Brunner
a8084ee011
pkcs11: Store public key length in bits.
2011-11-02 20:27:55 +01:00
Tobias Brunner
8859c1f26b
pkcs11: Fix encoding of RSA public keys.
2011-11-02 20:27:55 +01:00
Tobias Brunner
dae19d448d
pkcs11: Use create_object_attr_enumerator to encode RSA public key.
2011-11-02 20:27:54 +01:00
Tobias Brunner
b0319fe860
pkcs11: Instead of a mutex use a new session to do multipart operations.
2011-11-02 20:27:54 +01:00
Tobias Brunner
c198525104
pkcs11: Function added to retrieve multiple attributes from a single object.
2011-11-02 20:27:54 +01:00
Tobias Brunner
817d165cbc
pkcs11: Memory leak fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
Tobias Brunner
43cd036a77
pkcs11: Invalid free fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00