Commit Graph

4759 Commits

Author SHA1 Message Date
Tobias Brunner c711687c00 Force libdl if the android plugin is enabled. AC_SEARCH_LIBS thinks it's not required, but on Android 2.0 it is. 2010-02-25 13:51:05 +01:00
Tobias Brunner eba28948a5 Link all plugins to libstrongswan. 2010-02-25 13:51:05 +01:00
Tobias Brunner 608af0a445 Avoid a race condition that could lead to a segmentation fault.
Let's assume the callback function of a callback job returns
JOB_REQUEUE_FAIR in one call and JOB_REQUEUE_NONE in the next. Before
this fix, the thread executing the callback job would requeue the job
before unregistering itself. If there was a context switch right after
the job got requeued, and if the thread that requeued the job never got
resumed until a second thread executed the job and, due to the return
value of JOB_REQUEUE_NONE, destroyed it, then when the first thread
eventually got resumed and tried to lock the mutex to unregister itself
the pointer wouldn't be valid anymore, thus resulting in a segmentation fault.
2010-02-25 09:26:16 +01:00
Martin Willi 3e35a6e7a1 Use side-channel secured mpz_powm_sec of libgmp 5, if available 2010-02-18 17:38:59 +01:00
Martin Willi 7d3a830a71 Updated debian package for NetworkManager-strongswan-1.1.2 2010-02-18 09:51:45 +01:00
Martin Willi e159cd1d1a Version bump and NEWS for NetworkManager-strongswan-1.1.2 release 2010-02-18 09:51:44 +01:00
Martin Willi 0209179a30 Updated german translation 2010-02-18 09:51:40 +01:00
Martin Willi 7613a68f33 Tooltips are translatable 2010-02-18 09:20:13 +01:00
Martin Willi d178eee895 Newer glade requires explicit vertical vboxes 2010-02-18 09:03:17 +01:00
Martin Willi 71070c88b7 Fixed lost renaimings in android plugin 2010-02-18 08:31:10 +01:00
Martin Willi 55699f037f Added Android plugin, currently provides DNS handling on Android 2010-02-17 18:24:11 +01:00
Martin Willi 63b0bc9c2d Invoke missing message() hook for incoming responses 2010-02-17 18:23:14 +01:00
Andreas Steffen b65d7f8a15 version bump to 4.4.0 2010-02-15 20:58:41 +01:00
Tobias Brunner 38da64fe12 Detect windows hosts to add specific workarounds. 2010-02-12 10:57:39 +01:00
Tobias Brunner 71baf5a8f0 Adding support for AES GMAC (RFC4543). 2010-02-12 10:57:39 +01:00
Martin Willi 2aa553d773 Do not build own authentication data before we've verified others, we need the other identity in EAP 2010-02-09 16:11:07 +01:00
Andreas Steffen 2d07095e01 hash-and-url avoids IP fragementation, cert and crl fetch based on IPv6 2010-02-06 12:34:41 +01:00
Andreas Steffen dd0b1b9a16 generated hash-and-url files for rfc3779 certs 2010-02-06 11:41:44 +01:00
Andreas Steffen 76fe5500c4 hash-and-url avoids IP fragementation, cert and crl fetch based on IPv6 2010-02-06 11:39:33 +01:00
Andreas Steffen 5094bfd85f hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6 2010-02-05 20:39:13 +01:00
Andreas Steffen 61d7ff0c19 IPv6 fragment and http access are not needed in PSK scenario 2010-02-05 20:27:03 +01:00
Andreas Steffen 699c47a9be hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6 2010-02-05 20:16:26 +01:00
Tobias Brunner 3cc0cc4332 Increased the buffer for netlink responses.
If an error occurs while manipulating policies in the kernel, the
original netlink request gets attached to the response.

Prior to Linux 2.6.32 the size in the netlink header of the response was
wrong.
2010-02-05 20:10:54 +01:00
Andreas Steffen 1f2da75069 IPv6 frag netfilter rule not needed anymore 2010-02-05 20:04:01 +01:00
Andreas Steffen 563a177830 hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6 2010-02-05 19:58:42 +01:00
Andreas Steffen b917f49684 initialize variables to avoid compiler warning 2010-02-05 12:34:37 +01:00
Martin Willi 313a53d4fc Use destination address of ppp interfaces as nexthop in starters default route lookup 2010-02-05 09:28:31 +01:00
Andreas Steffen 6c9c0baee9 init_fetch() changed to fetch_initialize() 2010-02-05 06:17:02 +01:00
Andreas Steffen 52719d719c use static IPsec policy netfilter rules in MOBIKE scenarios 2010-02-04 10:05:44 +01:00
Andreas Steffen 8501181925 remove any charon.pid files remaining at the end of each scenario 2010-02-04 08:53:52 +01:00
Andreas Steffen 00eb9267ad IPSEC_ROUTING_TABLE is now called routing_table 2010-02-03 19:32:50 +01:00
Andreas Steffen ec37b04732 differentiate between executed and displayed iptables commands 2010-02-03 19:21:55 +01:00
Martin Willi 7481f964ae Use child_updown hook in updown plugin, fixes doubled invocation of down script 2010-02-03 11:07:53 +01:00
Andreas Steffen 0d8bdf24ff added ikev2/inactivity-timeout scenario 2010-02-03 10:28:30 +01:00
Andreas Steffen 889ff9389b renamed init_fetch() to fetch_initialize() 2010-02-02 19:44:34 +01:00
Tobias Brunner 41faec0791 Some whitespace and code cleanups concerning the mediation extension. 2010-02-02 15:53:22 +01:00
Tobias Brunner dc5969242f Join pluto's fetching thread instead of detaching it in order to avoid that the leak-detective reports a memleak. 2010-02-02 15:23:39 +01:00
Andreas Steffen b7fd2ea76c corrected captions 2010-02-01 12:44:44 +01:00
Andreas Steffen bf1e0df7c5 warn if loaded local certificate is invalid 2010-02-01 12:29:32 +01:00
Martin Willi 909c0c3d63 Updated NEWS about per-connection inactivity timeout 2010-01-27 16:08:06 +01:00
Martin Willi 8015c91cb9 Added a ipsec.conf "inactivity" option to configure inactivity timeout for CHILD_SAs 2010-01-27 16:05:11 +01:00
Martin Willi 71da001753 Made inactivity_timeout a per CHILD_SA config option 2010-01-27 15:47:08 +01:00
Martin Willi db05341916 Refactored EAP payload, avoid unaligned word access 2010-01-21 14:43:07 +01:00
Martin Willi 23d2bf84a3 Added a METHOD2() macro that implements a method for two different interfaces 2010-01-21 14:42:08 +01:00
Martin Willi 47498044c3 Support RADIUS messages up to 4096 bytes, RADIUS EAP-Message fragmentation 2010-01-19 16:47:21 +01:00
Martin Willi 7eab4a1be6 Support TLS client authentication Extended Key Usage in x509 generation 2010-01-14 12:00:43 +01:00
Tobias Brunner 776f59f7be Block the signals before the call to sigwait. 2010-01-12 11:52:03 +01:00
Martin Willi aa9eeb5deb Support for closing CHILD/IKE_SA if a CHILD_SA is inactive. 2010-01-12 10:23:42 +01:00
Martin Willi bc6ff2fc99 Added strongswan.conf options to configure retransmission timeouts 2010-01-11 16:42:12 +01:00
Martin Willi 527f7f9b1c Added a "double" getter to libstrongswan settings 2010-01-11 16:39:28 +01:00