Martin Willi
c15c3d4be9
updated for release
2006-06-15 13:23:06 +00:00
Martin Willi
147fe5095d
fixed aes code, we support now aes128, aes192, aes256 in IKE
2006-06-15 13:14:09 +00:00
Martin Willi
c095388f7f
added support for "ike" and "esp" keywords
...
fixed bugs in proposal code
algorithm selection for charon works now with ipsec.conf
a lot of other fixes
2006-06-15 11:09:11 +00:00
Martin Willi
3efbf98312
implemented clean spi allocation behavior when using multiple proposals
2006-06-15 11:06:22 +00:00
Martin Willi
525a5538db
fixed logleve(l) keyword typo
2006-06-15 11:03:41 +00:00
Martin Willi
56f1a8f2d6
handling of "rekey=no" parameter added
2006-06-15 11:02:15 +00:00
Martin Willi
ad038f770d
changed default algorithms to:
...
ike: aes128-sha-modp2048
esp: aes128-sha1, 3des-md5
2006-06-15 11:01:17 +00:00
Andreas Steffen
b98e0927f4
added default CRL directory path
2006-06-14 12:44:12 +00:00
Andreas Steffen
311b225740
added strictcrlpolicy command line argument
2006-06-14 12:43:51 +00:00
Andreas Steffen
03442041a9
added option parsing
2006-06-14 12:42:36 +00:00
Andreas Steffen
d9d35d5911
added local CRLs
2006-06-14 12:41:37 +00:00
Andreas Steffen
71d277e468
added rekeying parameters
2006-06-14 12:41:17 +00:00
Andreas Steffen
b3b4c0e44b
corrected some descriptions
2006-06-13 11:33:13 +00:00
Andreas Steffen
3c846c630a
moved RSA key size constraints to definitions.h
2006-06-13 11:32:12 +00:00
Martin Willi
b7e3329f17
fixed down keyword
2006-06-13 10:11:45 +00:00
Martin Willi
fa32cd3c47
debug and logging improvements
2006-06-13 10:01:04 +00:00
Martin Willi
22ff6f578f
2006-06-13 10:00:19 +00:00
Andreas Steffen
64f4d91898
support for stroke listcerts|listcacerts|listcrls|listall
2006-06-12 08:47:28 +00:00
Andreas Steffen
5347233204
support for stroke listcerts|listcacerts|listall and left|rightca=
2006-06-12 08:43:46 +00:00
Andreas Steffen
299dbc604f
gperf creates optimum hash table for stroke keywords
2006-06-12 08:42:32 +00:00
Martin Willi
50f98119dd
using same reqid if a child sa rekeys an existing one
2006-06-12 08:36:41 +00:00
Andreas Steffen
fec9cb332f
NULL string argument is treated as %any
2006-06-12 08:26:14 +00:00
Andreas Steffen
bc35460db7
add_certificate() now returns pointer to added cert
2006-06-12 07:57:14 +00:00
Andreas Steffen
c4a7413e72
cosmetics
2006-06-12 07:55:37 +00:00
Andreas Steffen
016816b880
single tests now start up faster
2006-06-12 07:51:18 +00:00
Martin Willi
a2a3fb3e25
workaround for peers rekeying at the same time
...
loading lifetime policies from ipsec.conf
2006-06-12 07:33:20 +00:00
Martin Willi
695723d4e8
old child_sa gets deleted after rekeying
...
rekeying almost complete, but:
IKE_SA get in an invalid state when both initiate rekeying at the same time,
2006-06-09 15:12:43 +00:00
Andreas Steffen
2a13996de0
corrected type
2006-06-09 11:06:37 +00:00
Martin Willi
b543bef50c
improved kernel interface logging
2006-06-09 08:41:41 +00:00
Martin Willi
0bb32cb5f3
fixed clone/destroy behavior when not using CAs
2006-06-09 07:40:40 +00:00
Martin Willi
5c131a016b
specifying keysize in bits, as it is required in IKEv2
...
added generic kernel SA algorithm handling, which brings us:
aes-128, aes-256, blowfish, des, 3des and null encryption for CHILD_SAs
2006-06-09 07:31:30 +00:00
Andreas Steffen
b7f9ca5837
added support for leftsendcert= and left|rightca= parameters
2006-06-09 05:50:41 +00:00
Andreas Steffen
ac427e3677
discard cert if CA basic constraints flag is not set and warn if cert is not valide
2006-06-09 05:48:49 +00:00
Andreas Steffen
a612f2dd00
added public methods is_ca() and is_valid()
2006-06-09 05:47:00 +00:00
Andreas Steffen
5407d563b7
changed ASN.1 CONTROL log output to LEVEL2
2006-06-09 05:45:37 +00:00
Andreas Steffen
996865b09e
cosmetics
2006-06-09 05:44:34 +00:00
Martin Willi
180f924ba5
removed unused Makefile
2006-06-09 05:42:29 +00:00
Andreas Steffen
d521714c9a
stroke.h requires libstrongswan/types.h
2006-06-09 05:41:31 +00:00
Martin Willi
5238c9afef
fixed compile warnings when using -Wall
...
further CHILD_SA rekeying work done:
creation of a new CHILD_SA on a expire from a kernel works
delete of old CHILD_SA still missing
some issues when both initiate rekeing
2006-06-08 14:20:05 +00:00
Martin Willi
c0d63ac9db
updated INSTALL to conform with autotools
...
added a short HACKING introduction
2006-06-08 06:34:52 +00:00
Martin Willi
8d77eddec2
further work for rekeying:
...
get liftimes from policy
added new state
initiation of rekeying done
proposal redone:
removed support for AH+ESP proposals
2006-06-07 13:26:23 +00:00
Martin Willi
a401efd091
proper leak detective hook for realloc
...
excluded pthread_setspecific from leak detective
2006-06-07 13:22:38 +00:00
Martin Willi
6a030ba9ea
fixed a memleak
2006-06-07 05:54:09 +00:00
Andreas Steffen
0f2094930d
cosmetics
2006-06-06 06:24:04 +00:00
Andreas Steffen
71c80765a5
ipv6-host2host scenario added
2006-06-06 05:43:32 +00:00
Andreas Steffen
fc0afb6810
created IPv6 environment
2006-06-06 05:41:21 +00:00
Martin Willi
32b6500fbf
job management:
...
moved job code from thread_pool to job, jobs have an "execute" method now
added two new jobs: delete_child_sa & rekey_child_sa
kernel interface:
listens now for ACQUIRE & EXPIRE
supports hard and soft lifetimes
fires jobs for delete and rekey child sa
ike sa manager:
can checkout IKE SAs by requid of owned CHILD SAs
we have now the infrastructure to do the rekeying... :-)
2006-05-31 14:23:15 +00:00
Martin Willi
6f2aba1322
- fixed some memleaks/freebugs
...
- leak detective works almost usable now (?!)
2006-05-31 14:13:26 +00:00
Martin Willi
3b8af2ab60
- added host2host test for ikev2
2006-05-31 08:15:23 +00:00
Martin Willi
bd72398729
- fixed host-host tunnel traffic selection, host-host works now
2006-05-31 06:52:27 +00:00