d0d600e1ef
Added a note about DH/keymat lifecycle for custom implementations
2012-04-17 10:02:21 +02:00
a59a03670b
Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE
2012-04-17 10:02:21 +02:00
7fd6c078b6
Use IP address as ID as responder if not configured or no IDr received.
2012-04-16 14:09:51 +02:00
b241a37411
Fall back on IP address as IDi if none is configured at all.
2012-04-16 13:44:27 +02:00
b447af658c
Use auth_cfg_t.replace_value where appropriate.
2012-04-16 13:44:27 +02:00
68cca941cf
Added a simple method to replace the value of a rule in auth_cfg_t.
2012-04-16 13:44:27 +02:00
4b32bde48e
Fixed IDi in case neither left nor leftid is configured.
2012-04-16 13:44:27 +02:00
7b910ce274
fixed parsing of port ranges in Scanner IMV
2012-04-15 23:39:27 +02:00
4e2e77d540
Typo fixed in NEWS.
2012-04-14 08:41:32 +02:00
10f24e6599
Don't invoke child_updown hook twice as responder
2012-04-11 17:45:12 +02:00
4ef867f578
Accept zero-length certificate request payloads
2012-04-11 17:22:23 +02:00
ae9ce83511
Properly initialize src in ike_sa_t.is_any_path_valid().
2012-04-06 10:54:44 +02:00
367e1e22b8
checksum need a libradius_init() symbol
2012-04-05 16:52:37 +02:00
e90e106117
version bump to 4.6.3rc1
2012-04-05 09:11:47 +02:00
4626e49ad9
remove leading zero in ASN.1 encoded serial numbers
2012-04-05 09:04:11 +02:00
5ff99529e6
ASN.1 two's complement encoding prevents overflow in CRL serial number
2012-04-04 11:29:12 +02:00
bad192069f
Make AES-CMAC actually usable for IKEv2.
2012-04-04 10:51:46 +02:00
4670661d6d
represent 0 as a single byte
2012-04-03 14:19:37 +02:00
320fd5fe62
moved chunk_skip_zero to chunk.h
2012-04-03 14:12:50 +02:00
4e5b7e09ee
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:49:05 +02:00
5893d1b156
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:48:48 +02:00
f54c4ed8d6
added GSPM IKEv2 payload
2012-04-03 12:21:39 +02:00
d1391b8fdb
fixed typo
2012-04-03 12:07:13 +02:00
37d43ebbde
Doxygen fixes.
2012-04-03 10:56:47 +02:00
d7590217c3
Added NEWS about cmac plugin.
2012-04-03 10:48:03 +02:00
811e7490f6
Added test vectors for AES-CMAC.
2012-04-03 10:45:09 +02:00
c0d39c205c
Implemented AES-CMAC based PRF and signer.
...
The cmac plugin implements AES-CMAC as defined in RFC 4493 and the
signer and PRF based on it as defined in RFC 4494 and RFC 4615,
respectively.
2012-04-03 10:40:47 +02:00
9a6b1cb412
Fixed GNU license header in hmac and xcbc plugins.
2012-04-03 10:33:59 +02:00
4bc7577db2
More detailed NEWS about RADIUS extensions
2012-04-02 13:58:21 +02:00
0293f09597
updated supported EAP methods
2012-03-30 11:15:10 +02:00
ef511fc03d
Add support for dnQualifier in DNs.
2012-03-29 10:01:55 +02:00
e464894e8b
remove leading zeros in ASN.1 encoded serial numbers
2012-03-27 15:05:36 +02:00
a281494abd
Added NEWS about resolvconf support.
2012-03-27 10:44:21 +02:00
ed2cab08d2
Make resolvconf interface prefix configurable.
2012-03-27 10:44:21 +02:00
caae5a5c0f
Added support for the resolvconf framework in resolve plugin.
...
If /sbin/resolvconf is found nameservers are not written directly to
/etc/resolv.conf but instead resolvconf is invoked.
2012-03-27 10:44:21 +02:00
817ab8a8d4
Don't cast second argument of mem_printf_hook (%b) to size_t.
...
Also treat the given number as unsigned int.
Due to the printf hook registration the second argument of
mem_printf_hook (if called via printf etc.) is always of type int*.
Casting this to a size_t pointer and then dereferencing that as int does
not work on big endian machines if int is smaller than size_t (e.g. on ppc64).
In order to make this change work if the argument is of a type larger
than int, size_t for instance, the second argument for %b has to be casted
to (u_)int.
2012-03-27 09:10:34 +02:00
adfd3b992f
smp: Use proper signed type to get return value of read(2).
2012-03-27 09:10:33 +02:00
008e2df477
pluto: Use time_monotonic() instead of a custom implementation.
2012-03-27 09:10:33 +02:00
8e066237a7
Don't include individual glib headers in nm plugin.
...
Expections are glib/gi18n.h, glib/gi18n-lib.h, glib/gprintf.h and
glib/gstdio.h.
2012-03-26 15:23:17 +02:00
80abe22f65
fixed parsing of IF-MAP SOAP responses
2012-03-21 14:25:19 +01:00
3cea55b0c8
corrected description
2012-03-17 23:22:25 +01:00
9da795392e
added ikev2/esp-alg-sha1-160 scenario
2012-03-17 23:20:03 +01:00
d9b539dc33
added ikev2/esp-alg-md5-128 scenario
2012-03-17 22:56:37 +01:00
584178c3bb
version bump to 4.6.3dr2
2012-03-16 22:21:54 +01:00
f673958e59
added the strongswan.conf options of the tnc-pdp plugin
2012-03-16 11:14:40 +01:00
bd360b3911
keep a copy of refreshed carolCert-ocsp.pem
2012-03-15 07:59:42 +01:00
ebf292bad0
refreshed carolCert-ocsp.pem
2012-03-15 07:58:35 +01:00
68c2c7ece4
eliminate unneeded private variable
2012-03-14 21:38:30 +01:00
ea2f340e27
added tnc/tnccs-20-pdp scenario
2012-03-14 08:47:12 +01:00
9b8053a63a
edited description of tnc/tnccs-11-radius scenario
2012-03-14 08:46:52 +01:00
Martin Willi