Tobias Brunner
c711687c00
Force libdl if the android plugin is enabled. AC_SEARCH_LIBS thinks it's not required, but on Android 2.0 it is.
2010-02-25 13:51:05 +01:00
Tobias Brunner
eba28948a5
Link all plugins to libstrongswan.
2010-02-25 13:51:05 +01:00
Tobias Brunner
608af0a445
Avoid a race condition that could lead to a segmentation fault.
...
Let's assume the callback function of a callback job returns
JOB_REQUEUE_FAIR in one call and JOB_REQUEUE_NONE in the next. Before
this fix, the thread executing the callback job would requeue the job
before unregistering itself. If there was a context switch right after
the job got requeued, and if the thread that requeued the job never got
resumed until a second thread executed the job and, due to the return
value of JOB_REQUEUE_NONE, destroyed it, then when the first thread
eventually got resumed and tried to lock the mutex to unregister itself
the pointer wouldn't be valid anymore, thus resulting in a segmentation fault.
2010-02-25 09:26:16 +01:00
Martin Willi
3e35a6e7a1
Use side-channel secured mpz_powm_sec of libgmp 5, if available
2010-02-18 17:38:59 +01:00
Martin Willi
7d3a830a71
Updated debian package for NetworkManager-strongswan-1.1.2
2010-02-18 09:51:45 +01:00
Martin Willi
e159cd1d1a
Version bump and NEWS for NetworkManager-strongswan-1.1.2 release
2010-02-18 09:51:44 +01:00
Martin Willi
0209179a30
Updated german translation
2010-02-18 09:51:40 +01:00
Martin Willi
7613a68f33
Tooltips are translatable
2010-02-18 09:20:13 +01:00
Martin Willi
d178eee895
Newer glade requires explicit vertical vboxes
2010-02-18 09:03:17 +01:00
Martin Willi
71070c88b7
Fixed lost renaimings in android plugin
2010-02-18 08:31:10 +01:00
Martin Willi
55699f037f
Added Android plugin, currently provides DNS handling on Android
2010-02-17 18:24:11 +01:00
Martin Willi
63b0bc9c2d
Invoke missing message() hook for incoming responses
2010-02-17 18:23:14 +01:00
Andreas Steffen
b65d7f8a15
version bump to 4.4.0
2010-02-15 20:58:41 +01:00
Tobias Brunner
38da64fe12
Detect windows hosts to add specific workarounds.
2010-02-12 10:57:39 +01:00
Tobias Brunner
71baf5a8f0
Adding support for AES GMAC (RFC4543).
2010-02-12 10:57:39 +01:00
Martin Willi
2aa553d773
Do not build own authentication data before we've verified others, we need the other identity in EAP
2010-02-09 16:11:07 +01:00
Andreas Steffen
2d07095e01
hash-and-url avoids IP fragementation, cert and crl fetch based on IPv6
2010-02-06 12:34:41 +01:00
Andreas Steffen
dd0b1b9a16
generated hash-and-url files for rfc3779 certs
2010-02-06 11:41:44 +01:00
Andreas Steffen
76fe5500c4
hash-and-url avoids IP fragementation, cert and crl fetch based on IPv6
2010-02-06 11:39:33 +01:00
Andreas Steffen
5094bfd85f
hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6
2010-02-05 20:39:13 +01:00
Andreas Steffen
61d7ff0c19
IPv6 fragment and http access are not needed in PSK scenario
2010-02-05 20:27:03 +01:00
Andreas Steffen
699c47a9be
hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6
2010-02-05 20:16:26 +01:00
Tobias Brunner
3cc0cc4332
Increased the buffer for netlink responses.
...
If an error occurs while manipulating policies in the kernel, the
original netlink request gets attached to the response.
Prior to Linux 2.6.32 the size in the netlink header of the response was
wrong.
2010-02-05 20:10:54 +01:00
Andreas Steffen
1f2da75069
IPv6 frag netfilter rule not needed anymore
2010-02-05 20:04:01 +01:00
Andreas Steffen
563a177830
hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6
2010-02-05 19:58:42 +01:00
Andreas Steffen
b917f49684
initialize variables to avoid compiler warning
2010-02-05 12:34:37 +01:00
Martin Willi
313a53d4fc
Use destination address of ppp interfaces as nexthop in starters default route lookup
2010-02-05 09:28:31 +01:00
Andreas Steffen
6c9c0baee9
init_fetch() changed to fetch_initialize()
2010-02-05 06:17:02 +01:00
Andreas Steffen
52719d719c
use static IPsec policy netfilter rules in MOBIKE scenarios
2010-02-04 10:05:44 +01:00
Andreas Steffen
8501181925
remove any charon.pid files remaining at the end of each scenario
2010-02-04 08:53:52 +01:00
Andreas Steffen
00eb9267ad
IPSEC_ROUTING_TABLE is now called routing_table
2010-02-03 19:32:50 +01:00
Andreas Steffen
ec37b04732
differentiate between executed and displayed iptables commands
2010-02-03 19:21:55 +01:00
Martin Willi
7481f964ae
Use child_updown hook in updown plugin, fixes doubled invocation of down script
2010-02-03 11:07:53 +01:00
Andreas Steffen
0d8bdf24ff
added ikev2/inactivity-timeout scenario
2010-02-03 10:28:30 +01:00
Andreas Steffen
889ff9389b
renamed init_fetch() to fetch_initialize()
2010-02-02 19:44:34 +01:00
Tobias Brunner
41faec0791
Some whitespace and code cleanups concerning the mediation extension.
2010-02-02 15:53:22 +01:00
Tobias Brunner
dc5969242f
Join pluto's fetching thread instead of detaching it in order to avoid that the leak-detective reports a memleak.
2010-02-02 15:23:39 +01:00
Andreas Steffen
b7fd2ea76c
corrected captions
2010-02-01 12:44:44 +01:00
Andreas Steffen
bf1e0df7c5
warn if loaded local certificate is invalid
2010-02-01 12:29:32 +01:00
Martin Willi
909c0c3d63
Updated NEWS about per-connection inactivity timeout
2010-01-27 16:08:06 +01:00
Martin Willi
8015c91cb9
Added a ipsec.conf "inactivity" option to configure inactivity timeout for CHILD_SAs
2010-01-27 16:05:11 +01:00
Martin Willi
71da001753
Made inactivity_timeout a per CHILD_SA config option
2010-01-27 15:47:08 +01:00
Martin Willi
db05341916
Refactored EAP payload, avoid unaligned word access
2010-01-21 14:43:07 +01:00
Martin Willi
23d2bf84a3
Added a METHOD2() macro that implements a method for two different interfaces
2010-01-21 14:42:08 +01:00
Martin Willi
47498044c3
Support RADIUS messages up to 4096 bytes, RADIUS EAP-Message fragmentation
2010-01-19 16:47:21 +01:00
Martin Willi
7eab4a1be6
Support TLS client authentication Extended Key Usage in x509 generation
2010-01-14 12:00:43 +01:00
Tobias Brunner
776f59f7be
Block the signals before the call to sigwait.
2010-01-12 11:52:03 +01:00
Martin Willi
aa9eeb5deb
Support for closing CHILD/IKE_SA if a CHILD_SA is inactive.
2010-01-12 10:23:42 +01:00
Martin Willi
bc6ff2fc99
Added strongswan.conf options to configure retransmission timeouts
2010-01-11 16:42:12 +01:00
Martin Willi
527f7f9b1c
Added a "double" getter to libstrongswan settings
2010-01-11 16:39:28 +01:00