ae9ce83511
Properly initialize src in ike_sa_t.is_any_path_valid().
2012-04-06 10:54:44 +02:00
367e1e22b8
checksum need a libradius_init() symbol
2012-04-05 16:52:37 +02:00
e90e106117
version bump to 4.6.3rc1
2012-04-05 09:11:47 +02:00
4626e49ad9
remove leading zero in ASN.1 encoded serial numbers
2012-04-05 09:04:11 +02:00
5ff99529e6
ASN.1 two's complement encoding prevents overflow in CRL serial number
2012-04-04 11:29:12 +02:00
bad192069f
Make AES-CMAC actually usable for IKEv2.
2012-04-04 10:51:46 +02:00
89a5881c63
Added another bunch of commonly used IKEv1 NATT vendor IDs
2012-04-04 10:32:15 +02:00
4670661d6d
represent 0 as a single byte
2012-04-03 14:19:37 +02:00
320fd5fe62
moved chunk_skip_zero to chunk.h
2012-04-03 14:12:50 +02:00
4e5b7e09ee
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:49:05 +02:00
5893d1b156
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:48:48 +02:00
f54c4ed8d6
added GSPM IKEv2 payload
2012-04-03 12:21:39 +02:00
d1391b8fdb
fixed typo
2012-04-03 12:07:13 +02:00
37d43ebbde
Doxygen fixes.
2012-04-03 10:56:47 +02:00
d7590217c3
Added NEWS about cmac plugin.
2012-04-03 10:48:03 +02:00
811e7490f6
Added test vectors for AES-CMAC.
2012-04-03 10:45:09 +02:00
c0d39c205c
Implemented AES-CMAC based PRF and signer.
...
The cmac plugin implements AES-CMAC as defined in RFC 4493 and the
signer and PRF based on it as defined in RFC 4494 and RFC 4615,
respectively.
2012-04-03 10:40:47 +02:00
9a6b1cb412
Fixed GNU license header in hmac and xcbc plugins.
2012-04-03 10:33:59 +02:00
4bc7577db2
More detailed NEWS about RADIUS extensions
2012-04-02 13:58:21 +02:00
0293f09597
updated supported EAP methods
2012-03-30 11:15:10 +02:00
ef511fc03d
Add support for dnQualifier in DNs.
2012-03-29 10:01:55 +02:00
e464894e8b
remove leading zeros in ASN.1 encoded serial numbers
2012-03-27 15:05:36 +02:00
a281494abd
Added NEWS about resolvconf support.
2012-03-27 10:44:21 +02:00
ed2cab08d2
Make resolvconf interface prefix configurable.
2012-03-27 10:44:21 +02:00
caae5a5c0f
Added support for the resolvconf framework in resolve plugin.
...
If /sbin/resolvconf is found nameservers are not written directly to
/etc/resolv.conf but instead resolvconf is invoked.
2012-03-27 10:44:21 +02:00
6e921f2017
Use single DBG2 statements in kernel_netlink plugin (i.e. ignore mark.value).
2012-03-27 10:37:56 +02:00
817ab8a8d4
Don't cast second argument of mem_printf_hook (%b) to size_t.
...
Also treat the given number as unsigned int.
Due to the printf hook registration the second argument of
mem_printf_hook (if called via printf etc.) is always of type int*.
Casting this to a size_t pointer and then dereferencing that as int does
not work on big endian machines if int is smaller than size_t (e.g. on ppc64).
In order to make this change work if the argument is of a type larger
than int, size_t for instance, the second argument for %b has to be casted
to (u_)int.
2012-03-27 09:10:34 +02:00
adfd3b992f
smp: Use proper signed type to get return value of read(2).
2012-03-27 09:10:33 +02:00
008e2df477
pluto: Use time_monotonic() instead of a custom implementation.
2012-03-27 09:10:33 +02:00
8e066237a7
Don't include individual glib headers in nm plugin.
...
Expections are glib/gi18n.h, glib/gi18n-lib.h, glib/gprintf.h and
glib/gstdio.h.
2012-03-26 15:23:17 +02:00
3110744a6b
Fix null-terminated XAuth passwords, as sent by Android 4
2012-03-22 15:09:25 +01:00
83d77866f4
Store authentication info of a XAUTH round on IKE_SA
2012-03-22 09:06:31 +01:00
79f39ecf5d
Added a getter for CHILD_SA marks
2012-03-22 09:06:12 +01:00
3de54af7ec
Define a special XFRM mark_t.value that dynamically uses the CHILD_SA reqid
2012-03-22 09:05:56 +01:00
80abe22f65
fixed parsing of IF-MAP SOAP responses
2012-03-21 14:25:19 +01:00
4f3cf61dfd
Reply with received configuration payload identifier in Mode Config
2012-03-20 18:06:29 +01:00
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
d112a7e1fe
Properly handle retransmitted initial IKE messages.
...
This change allows to properly handle retransmits of initial IKE
messages when we've already processed them (i.e. our response is now resent
immediately).
2012-03-20 17:31:41 +01:00
de9357bb44
Implemented table of init hashes without linked_list_t.
2012-03-20 17:31:41 +01:00
6f0cca20d8
Implemented table of connected peers without linked_list_t.
2012-03-20 17:31:41 +01:00
3489370458
Implemented table of half open IKE_SAs without linked_list_t.
2012-03-20 17:31:41 +01:00
e49bb4e3e3
Don't use linked_list_t for buckets in main IKE_SA hash table.
2012-03-20 17:31:41 +01:00
894c52cba2
Fixed deadlock if checkin_and_destroy is called during shutdown.
2012-03-20 17:31:40 +01:00
4b2f428f40
Do not clone hashes of initial IKE messages when storing them in the hash table.
2012-03-20 17:31:40 +01:00
20e3d5ea00
Store IKEv2 IKE_SAs by local SPI in the IKE_SA manager hash table.
...
For IKEv1 the previous behavior of always using the initiator's SPI as
key is maintained.
2012-03-20 17:31:40 +01:00
71cf97871f
Added separate hashtable for hashes of initial IKE messages.
...
This does not require us to do a lookup for an SA by SPI first.
2012-03-20 17:31:40 +01:00
68611395dc
chunk_equals_ptr added to compare chunks given as pointers.
2012-03-20 17:31:40 +01:00
1726795fa9
Store the major IKE version on ike_sa_id_t.
2012-03-20 17:31:40 +01:00
8254e7ecb8
Implemented handling of UNITY_LOAD_BALANCE as reauthentication.
2012-03-20 17:31:40 +01:00
a7d3b0e098
Check if we actually have a packet before retransmitting it
2012-03-20 17:31:40 +01:00
Tobias Brunner