Tobias Brunner
95ecc11774
unit-tests: Double escape backslashes in Windows paths in settings test
...
That's required when these are used as include paths in settings file
strings.
2017-07-28 11:22:40 +02:00
Tobias Brunner
67ad553a2c
unit-tests: Stringify direction in message asserts early
...
x86_64-w64-mingw32-gcc on Windows requires this.
2017-07-28 11:18:59 +02:00
Tobias Brunner
65064cc33b
unit-tests: iv_gen_seq has a dependency on RNG_STRONG
...
We currently don't have an RNG in Windows builds.
2017-07-28 11:18:59 +02:00
Tobias Brunner
6eb7dd11ec
appveyor: Run tests on AppVeyor Windows containers
...
We can't enable leak detective as it is so slow then that we run into a
timeout (60 minutes).
2017-07-28 11:18:17 +02:00
Tobias Brunner
8d4ebb3ac4
peer-cfg: Use an rwlock instead of a mutex to safely access child-cfgs
...
If multiple threads want to enumerate child-cfgs and potentially lock
other locks (e.g. check out IKE_SAs) while doing so a deadlock could
be caused (as was the case with VICI configs with start_action=start).
It should also improve performance for roadwarrior connections and lots
of clients connecting concurrently.
Fixes #2374 .
2017-07-27 13:34:40 +02:00
Tobias Brunner
578d893b4a
credential-manager: Log issuer identity if not found
2017-07-27 13:28:13 +02:00
Tobias Brunner
0b756fbe95
auth-cfg: Don't limit subjectAltName check to received certificates
...
Otherwise this won't work if the certificate is only locally available.
2017-07-27 13:27:19 +02:00
Tobias Brunner
4272a3e9d7
swanctl: Read default socket from swanctl.socket option
...
Also read from swanctl.plugins.vici.socket so we get
libstrongswan.plugins.vici.socket if it is defined.
Fixes #2372 .
2017-07-27 13:22:57 +02:00
Tobias Brunner
ae48325a59
swanctl: Include config snippets from conf.d subdirectory
...
Fixes #2371 .
2017-07-27 13:20:24 +02:00
Tobias Brunner
fb8c9b3d08
conf: Add support to generate include statements in .conf files
2017-07-27 13:19:38 +02:00
Tobias Brunner
67402ec77b
curl: Enable following redirects
...
The maximum number of redirects can be limited. The functionality can also
be disabled.
Fixes #2366 .
2017-07-27 13:15:43 +02:00
Tobias Brunner
791cfe82a1
ikev2: AES-CMAC-PRF-128 only uses the first 64 bits of each nonce
...
References #2377 .
2017-07-27 13:09:26 +02:00
Tobias Brunner
ed926a73df
error-notify: Don't stop sending notifies after removing a disconnected listener
...
This prevented new listeners from receiving notifies if they joined
after another listener disconnected previously, and if they themselves
disconnected their old connection would prevent them again from getting
notifies.
2017-07-27 13:07:24 +02:00
Tobias Brunner
6138b8d629
farp: Only remove one tracked entry
...
Multiple CHILD_SAs sharing the same traffic selectors (e.g. during
make-before-break reauthentication) also have the same reqid assigned.
If all matching entries are removed we could end up without entry even
though an SA exists that still uses these traffic selectors.
Fixes #2373 .
2017-07-27 13:07:23 +02:00
Tobias Brunner
a0cde76958
ike: Trigger CHILD_INSTALLED state change after corresponding log message
...
This way we get the log message in stroke and swanctl as last message
when establishing a connection. It's already like this for the IKE_SA
where IKE_ESTABLISHED is set after the corresponding log message.
Fixes #2364 .
2017-07-27 13:07:23 +02:00
Andreas Steffen
f35fbb2b5f
sw-collector: sw-collector.first_file setting retrieves creation date from file stats
2017-07-26 19:51:21 +02:00
Tobias Brunner
6b69a66379
swima-collector: Fix compile error if SWID_DIRECTORY is not defined
2017-07-24 11:34:39 +02:00
Tobias Brunner
bf565b650c
libimcv: Add missing files to Android.mk
2017-07-24 11:31:19 +02:00
Andreas Steffen
05f8e64d79
Version bump to 5.6.0dr3
2017-07-18 20:53:35 +02:00
Andreas Steffen
a3b3538630
testing: Fixed the path of pt-tls-client
2017-07-18 20:43:03 +02:00
Andreas Steffen
a9383c2b46
checksum: Compile sw-collector before checksum
2017-07-18 20:02:21 +02:00
Andreas Steffen
8362378a15
checksum: Added pt-tls-client and sw-collector
2017-07-18 07:25:46 +02:00
Andreas Steffen
964bf73237
sw-collector: Moved to its own directory and added man page
2017-07-18 07:25:45 +02:00
Andreas Steffen
34cade8b84
pt-tls-client: Added man page
2017-07-16 15:37:03 +02:00
Andreas Steffen
693705c74e
Version bump to 5.6.0dr2
2017-07-13 14:24:32 +02:00
Andreas Steffen
cab4cc3a10
sw-collector: strip arch suffix from package names
2017-07-13 12:03:27 +02:00
Andreas Steffen
5b1dbc3a8d
sw-collector: Check for epoch-less Debian package versions
2017-07-12 19:12:22 +02:00
Andreas Steffen
eab650d62f
libtpmtss: Support of Intel TABRMD interface
2017-07-12 17:07:34 +02:00
Andreas Steffen
991703007a
Version bump to 5.6.0dr1
...
This major version includes the new SWIMA IMC/IMV pair which
implements the "draft-ietf-sacm-nea-swima-patnc" Internet Draft.
Full compliance to the ISO 19770-2:2015 SWID tag standard has
been achieved.
2017-07-08 23:21:56 +02:00
Andreas Steffen
803ac56626
Merge branch 'swima'
2017-07-08 23:20:32 +02:00
Andreas Steffen
23e0d6dca3
testing: Added tnc/tnccs-20-nea-pt-tls scenario
2017-07-08 23:19:51 +02:00
Andreas Steffen
facf1c76ea
testing: Adaptation to ISO 19770-2:2015 SWID standard
2017-07-08 23:19:51 +02:00
Andreas Steffen
3bf8392d36
pt-tls-client: Support for TPM keyids
2017-07-08 23:19:51 +02:00
Andreas Steffen
49d56e1b39
imv-swima: Implemented SW event processing
2017-07-08 23:19:51 +02:00
Andreas Steffen
74aa1626d2
sw-collector: Query central collector database
2017-07-08 23:19:51 +02:00
Andreas Steffen
8ba6bf511e
libimcv: Moved REST API from imv_swid and imv_swima to libimcv
2017-07-08 23:19:51 +02:00
Andreas Steffen
7e796bba67
swidtag: strongSwan swidtag file with double underscores
2017-07-08 23:19:51 +02:00
Andreas Steffen
032a5767ad
sw-collector: Collects endpoint software events
2017-07-08 23:19:51 +02:00
Andreas Steffen
3a7c594c14
imv-swima: Created SWIMA IMV plugin
2017-07-08 23:19:51 +02:00
Andreas Steffen
2821c0f740
imc-swima: Created SWIMA IMC plugin
2017-07-08 23:19:51 +02:00
Andreas Steffen
bf22470623
unit-tests: Added IETF SWIMA PA-TNC attribute tests
2017-07-08 23:19:51 +02:00
Andreas Steffen
84c0366bd3
libimcv: Implemented IETF SW PA-TNC attributes
2017-07-08 23:19:51 +02:00
Andreas Steffen
bb87af2a73
libimcv: Fixed memory leak
2017-07-08 23:19:51 +02:00
Andreas Steffen
37205b05e6
libimcv: Corrected order of subscription flags
2017-07-08 23:19:51 +02:00
Andreas Steffen
0cc0b53b2f
libimcv: Added IETF Software PA-TNC attributes
2017-07-08 23:19:51 +02:00
Andreas Steffen
8c4c824706
libtncif: Added IETF Software PA-TNC message subtype
2017-07-08 23:19:51 +02:00
Andreas Steffen
6795de0408
libimcv: SWID tag generation and discovery
2017-07-08 23:19:51 +02:00
Andreas Steffen
60da0153ee
libimcv: Update database to ISO 19770-2:2015 SWID standard
2017-07-08 23:19:51 +02:00
Andreas Steffen
88b941939f
testing: Fixed typo in openssl-ikev2/rw-suite-b-192 scenario
2017-07-08 23:19:18 +02:00
Tobias Brunner
49917f0028
testing: Support running multiple tests with * as wildcard (e.g. ikev2/ocsp-*)
2017-07-07 09:23:14 +02:00