Andreas Steffen
d505658038
testing: Added swanctl/net2net-sha3-rsa-cert and swanctl/rw-eap-tls-sha3-rsa scenarios
2016-09-22 17:34:31 +02:00
Andreas Steffen
40f2589abf
gmp: Support of SHA-3 RSA signatures
2016-09-22 17:34:31 +02:00
Andreas Steffen
c54d1ef12c
bliss sampler unit-test: Fixed enumeration type
2016-09-22 10:46:39 +02:00
Andreas Steffen
a3a8b4acae
bliss: bliss_sampler expects XOF type
2016-09-22 09:23:47 +02:00
Tobias Brunner
11140e717f
unit-tests: MGF1 tests depend on an XOF implementation not just a hash function
...
If the mgf1 plugin was not enabled (e.g. with the default configure
options) the tests failed.
2016-09-21 18:36:28 +02:00
Andreas Steffen
e31ed9ab98
Version bump to 5.5.1dr4
2016-09-21 14:14:42 +02:00
Andreas Steffen
188b190a70
mgf1: Refactored MGF1 as an XOF
2016-09-21 06:40:52 +02:00
Tobias Brunner
e9e643b240
leak-detective: Fix compile warning due to unused variable if LD is disabled
2016-09-20 17:24:52 +02:00
Tobias Brunner
f654324e5e
Merge branch 'testing-leak-detective'
...
Test scenarios now fail if any leaks are detected by the leak detective.
Several leaks found this way have been fixed.
2016-09-20 16:26:58 +02:00
Tobias Brunner
95f9fa82d5
leak-detective: Whitelist thread ID getter
...
In case an external thread calls into our code and logs messages, a thread
object is allocated that will never be released. Even if we try to clean
up the object via thread value destructor there is no guarantee that the
thread actually terminates before we check for leaks, which seems to be the
case for the Ada Tasking threads.
2016-09-20 16:26:05 +02:00
Tobias Brunner
6250e813ca
charon-tkm: Build C code with debug information
2016-09-20 16:26:05 +02:00
Tobias Brunner
fd2ade9935
leak-detective: Whitelist functions of the Ada runtime related to Tasking
2016-09-20 16:26:05 +02:00
Tobias Brunner
8bc2ddb2cc
charon-tkm: Free name of the PID file
2016-09-20 16:26:05 +02:00
Tobias Brunner
b71f5f9305
charon-tkm: Deinitialize tkm before libstrongswan
...
In particular because of leak-detective.
2016-09-20 16:26:05 +02:00
Tobias Brunner
0b5d490e33
leak-detective: Whitelist some glib/libsoup functions
...
Some of these are pretty broad, so maybe an alternative option is to
not use the soup plugin in the openssl-ikev2/rw-suite-b* scenarios. But
the plugin is not tested anywhere else so lets go with this for now.
2016-09-20 16:22:08 +02:00
Tobias Brunner
b69cbacdfb
testing: Use curl instead of soup plugin in libipsec/rw-suite-b scenario
...
The soup plugin is already used in the openssl-ikev2/rw-suite-b*
scenarios.
2016-09-20 15:36:15 +02:00
Tobias Brunner
70ac90c552
eap-peap: Fix memory leaks when handling tunneled methods
2016-09-20 15:36:15 +02:00
Tobias Brunner
0b4ba9c53d
ipseckey: Properly free enumerated certificates
2016-09-20 15:36:15 +02:00
Tobias Brunner
c0c14af8c2
ipseckey: Properly free public key after creating certificate
2016-09-20 15:36:15 +02:00
Tobias Brunner
149b7de35c
dnscert: Properly free enumerated certificates
2016-09-20 15:36:15 +02:00
Tobias Brunner
15cbe526ac
unbound: Avoid unnecessary cloning of RR list that caused a memory leak
2016-09-20 15:36:14 +02:00
Tobias Brunner
3a25032c16
unbound: Fix memory leak
2016-09-20 15:36:14 +02:00
Tobias Brunner
8c33a1897a
pool: Fix (known) memory leak when querying leases
2016-09-20 15:36:14 +02:00
Tobias Brunner
f44e0efb11
leak-detective: Whitelist leak in libldap
2016-09-20 15:36:14 +02:00
Tobias Brunner
6307a18fe1
testing: Fix totals if post test checks fail
2016-09-20 15:36:14 +02:00
Tobias Brunner
d8b2980aa5
testing: Log leaks and fail tests if any are detected
2016-09-20 15:36:14 +02:00
Tobias Brunner
4f1c6bc5a6
leak-detective: Optionally write report to a log file
2016-09-20 15:36:09 +02:00
Tobias Brunner
d344474b3d
vici: Fix indention of flush_certs() method in Python bindings
2016-09-20 15:33:18 +02:00
Tobias Brunner
39d544d56e
travis: Run 32-bit Windows build on precise (12.04) image
...
That's required due to a bug in MinGW 3.1.0 that's shipped with trusty.
2016-09-20 15:33:01 +02:00
Tobias Brunner
003fec52e0
travis: Properly pass back result of make
...
Fixes: 4e8f5a189c
("travis: Add apidoc check")
2016-09-20 15:32:28 +02:00
Tobias Brunner
44280a1901
travis: Don't disable connmark and forecast plugins anymore
...
They build fine on Ubuntu 14.04.
2016-09-20 15:32:28 +02:00
Tobias Brunner
1aec64a031
Merge branch 'maemo-bye-bye'
...
Removes the code and helper files related to the unused and unmaintained
Maemo port.
2016-09-15 18:38:48 +02:00
Tobias Brunner
5112cb08aa
packages: Remove obsolete Maemo packaging files
2016-09-15 18:33:52 +02:00
Tobias Brunner
d8f27ba679
maemo: Remove unused plugin
2016-09-15 18:33:52 +02:00
Tobias Brunner
5f564b94a0
maemo: Remove obsolete status/settings applet
2016-09-15 18:33:52 +02:00
Tobias Brunner
318a48a589
swanctl: Add man page entry for flush-certs command
2016-09-15 11:58:51 +02:00
Andreas Steffen
8aaa6de322
Version bump to 5.5.1dr3
2016-09-15 11:45:17 +02:00
Andreas Steffen
29a48b4c69
Merge branch 'flush-certs'
2016-09-15 11:39:16 +02:00
Andreas Steffen
2c7cfe7630
vici: flush-certs command flushes certificate cache
...
When fresh CRLs are released with a high update frequency (e.g.
every 24 hours) or OCSP is used then the certificate cache gets
quickly filled with stale CRLs or OCSP responses. The new VICI
flush-certs command allows to flush e.g. cached CRLs or OCSP
responses only. Without the type argument all kind of certificates
(e.g. also received end entity and intermediate CA certificates)
are purged.
2016-09-13 17:02:59 +02:00
Tobias Brunner
8efcc78f2b
auth-cfg-wrapper: Fix memory leak with hash-and-URL certificates
...
We wrap the auth-cfg object and its contents, so there is no need to get
an additional reference for the enumerated certificate.
Fixes a44bb9345f
("merged multi-auth branch back into trunk")
2016-09-12 16:20:34 +02:00
Tobias Brunner
ac67aeb100
testing: Add output of iptables-save
...
This might be helpful to get the complete picture of the installed
rules. `-c` is currently not used as the counters that are added in
front of every rule make the output quite hard to read and the counters
are already provided in the accompanying `iptables -v -L` output.
Fixes #2111 .
2016-09-12 16:15:45 +02:00
Tobias Brunner
fa36699bfa
testing: List `nat` and `mangle` tables in addition to the `filter` table
...
This is useful in scenarios that e.g. use NAT and/or marks.
References #2111 .
2016-09-12 16:15:14 +02:00
Tobias Brunner
92ccc0b412
testing: Ignore comments (lines starting with #) in pre-/eval-/posttest.dat
2016-09-09 12:19:14 +02:00
Tobias Brunner
d9fe0ec712
ikev2: (Re-)Queue tasks used to establish an IKE_SA in reset()
...
Some tasks might get removed immediately once the IKE_SA_INIT response has
been handled even if there were notifies that require a restart of the
IKE_SA (e.g. COOKIE or INVALID_KE_PAYLOAD). Such a task is ike_vendor,
which caused vendor IDs not to get sent in a retry. This change ensures
all required tasks are queued after the reset, which some callers did
already anyway.
2016-09-06 10:09:17 +02:00
Tobias Brunner
fd1662cdbd
ikev2: Store proposal on IKE_SA before creating DH object
...
This might be useful for custom implementations of keymat_t.
2016-09-06 09:38:22 +02:00
Tobias Brunner
4e8f5a189c
travis: Add apidoc check
...
This requires at least Ubuntu 14.04 (the Doxygen version in 12.04 has some
issues with our Doxyfile and prints lots of warnings).
2016-09-05 16:58:29 +02:00
Tobias Brunner
94a6998608
travis: Use Trusty beta image
2016-09-05 16:58:29 +02:00
Tobias Brunner
d9cb28c015
nm: Updated NEWS
2016-09-05 16:24:50 +02:00
Tobias Brunner
e6adc5d487
Merge branch 'nm-1.2'
...
Provides fixes and changes for compatibility with current NM releases.
Closes strongswan/strongswan#15.
Fixes #797 .
2016-09-05 15:41:51 +02:00
Tobias Brunner
f201d86deb
nm: Pass external gateway to NM
...
This seems to be required by newer versions.
2016-09-05 15:41:16 +02:00