acb92cb44c
version bump to 4.6.1
2011-11-08 21:00:09 +01:00
e7cb8f9b37
added dummy libtls_init() function needed for integrity testing
2011-11-08 20:27:17 +01:00
856baca23e
Fixed monolithic build of libcharon with libtnccs enabled.
2011-11-08 18:35:11 +01:00
59c5f048bb
Correctly refer to tnc-tnccs plugin when building monolithically.
2011-11-08 18:35:11 +01:00
b12ad862c1
Calculate checksums for libsimaka and libtls.
...
These are currently not checked though. And because they don't define a
<libname>_init function an warning is reported when the checksum is
calculated.
2011-11-08 18:35:11 +01:00
89bad63bac
Defer calculation of checksums until installation.
...
The checksum is now calculated from the installed libraries and plugins.
This allows to calculate checksums for plugins linking to libraries like
libtls as these are relinked during installation.
2011-11-08 18:35:11 +01:00
4ad67fe7d5
Fixed formatting for longer plugin names in checksum_builder output.
2011-11-08 18:35:11 +01:00
9192f78f70
Don't link libtnccs to checksum_builder.
...
Linking is only required for libraries defining global symbols used by
plugins to which the plugins do not link themselves.
2011-11-08 18:35:11 +01:00
48e87e12ab
Revert "fixed integrity tests of plugins using libtls or libtnccs"
...
This reverts commit b597ac4a4c
2011-11-08 18:35:11 +01:00
e034cc9ca9
Revert "fixed integrity tests of plugins using libsimaka"
...
This reverts commit 8c42f16dee
2011-11-08 18:35:11 +01:00
9b6502ade8
maemo: New upstream release.
2011-11-08 18:35:11 +01:00
bc0a4f7663
assign get_features method
2011-11-07 19:15:41 +01:00
566311862f
moved random plugin in front of openssl in order to prefer gmp
2011-11-05 07:24:17 +01:00
72a1b2e308
Allow support for CA-certificate retrieval in scepclient
...
I think somehow this functionality got lost in the way from
strongswan-2.7.0...
2011-11-04 15:13:32 +01:00
866858527d
Fix 'ipsec pool --status' for empty pools.
2011-11-04 15:07:54 +01:00
39b30518c2
Syntax error in sqlite.sql fixed.
2011-11-04 14:37:22 +01:00
5fd8e53002
Some Android NEWS added.
2011-11-04 12:24:16 +01:00
2e94a02115
Don't build pluto and starter by default on Android.
2011-11-04 12:20:21 +01:00
ef4206b50e
if available link libsimaka to checksum_builder
2011-11-04 11:27:19 +01:00
f094dbc9bf
use the correct USE_SIMAKA conditional
2011-11-04 11:27:19 +01:00
0986fe362f
added integrity test to rw-eap-sim-rsa and rw-eap-aka-rsa scenarios
2011-11-04 11:27:19 +01:00
8c42f16dee
fixed integrity tests of plugins using libsimaka
2011-11-04 11:27:19 +01:00
93818392cd
Change order of ocsp uris when parsing a cert
2011-11-04 11:11:17 +01:00
6e5e2762d3
Handle certificates being on hold in a CRL
...
Certificates which are set on hold in a CRL might be removed from any
subsequent CRL. Hence you cannot conclude that a certificate is revoked
for good in this case, you would try to retrieve an update CRL to see if
the certificate on hold is still on it or not.
2011-11-04 11:11:17 +01:00
c125d1ba13
Memwipe request after sa update, too
2011-11-04 11:11:17 +01:00
42e2da606c
Use chunk_clear to memwipe shared secret
2011-11-04 11:11:17 +01:00
dbd2169569
Change order of destroy/get_ref function calls
...
Since DESTROY_IF might destroy the peer_cfg, a get_ref on a freed object
is subject to fail.
2011-11-04 11:11:17 +01:00
c230885a07
Fix resource leak in x509_ocsp_response
2011-11-04 11:11:17 +01:00
dbfd1a63aa
Extend xfrm_attr_type_names by newly added enum values
2011-11-04 11:11:17 +01:00
051226d5c0
Silently install route again, even if it did not change.
...
Address/interface changes can cause the route to disappear. Afterwards
the route might look the same but that does not mean it is still installed.
2011-11-04 11:11:17 +01:00
25d59e9e2d
Compile warning fixed in kernel interfaces.
2011-11-04 11:11:17 +01:00
f3eef176f4
Common spelling errors fixed.
2011-11-03 19:30:17 +01:00
602ee58e45
NEWS about pkcs11 plugin added.
2011-11-03 18:39:57 +01:00
53e2fc690e
pkcs11: Documented use_pubkey option in strongswan.conf(5).
2011-11-03 18:36:34 +01:00
1bdd255ed3
pkcs11: Make public key operations on tokens optional.
2011-11-03 17:56:40 +01:00
5b85b94e27
pkcs11: Make sure a key can be used for a given signature scheme.
2011-11-02 20:27:55 +01:00
58d0a8d49b
pkcs11: Register ECDSA feature.
2011-11-02 20:27:55 +01:00
fd48b220ed
pkcs11: We have to create our own hashes for some signature schemes.
2011-11-02 20:27:55 +01:00
30a3ede8ce
pkcs11: Lookup the public key of a private key by CKA_ID.
...
Currently this only works if a public key object with the same ID is
available, if there isn't one we could search for a certificate with the
same ID and extract the key from there.
2011-11-02 20:27:55 +01:00
5d2fccf439
pkcs11: Search for private keys in a more generic way.
...
Also, don't extract the public key directly from the private key. Some
tokens actually do not return the public exponent (it's not required).
We have to find a different way to get the public key.
2011-11-02 20:27:55 +01:00
9e3b1e1495
pkcs11: Added support to encode ECDSA public keys.
2011-11-02 20:27:55 +01:00
36d1627f6e
pkcs11: Parse ECDSA public keys and find/create them on tokens.
2011-11-02 20:27:55 +01:00
574261163f
pkcs11: Added generic functions to find/create public keys on tokens.
2011-11-02 20:27:55 +01:00
a8084ee011
pkcs11: Store public key length in bits.
2011-11-02 20:27:55 +01:00
8859c1f26b
pkcs11: Fix encoding of RSA public keys.
2011-11-02 20:27:55 +01:00
dae19d448d
pkcs11: Use create_object_attr_enumerator to encode RSA public key.
2011-11-02 20:27:54 +01:00
b0319fe860
pkcs11: Instead of a mutex use a new session to do multipart operations.
2011-11-02 20:27:54 +01:00
c198525104
pkcs11: Function added to retrieve multiple attributes from a single object.
2011-11-02 20:27:54 +01:00
817d165cbc
pkcs11: Memory leak fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
43cd036a77
pkcs11: Invalid free fixed in DH/ECDH implementation.
2011-11-02 20:27:54 +01:00
Andreas Steffen