ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
15,395 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

15395 Commits

Author SHA1 Message Date
Andreas Steffen d505658038 testing: Added swanctl/net2net-sha3-rsa-cert and swanctl/rw-eap-tls-sha3-rsa scenarios 2016-09-22 17:34:31 +02:00
Andreas Steffen 40f2589abf gmp: Support of SHA-3 RSA signatures 2016-09-22 17:34:31 +02:00
Andreas Steffen c54d1ef12c bliss sampler unit-test: Fixed enumeration type 2016-09-22 10:46:39 +02:00
Andreas Steffen a3a8b4acae bliss: bliss_sampler expects XOF type 2016-09-22 09:23:47 +02:00
Tobias Brunner 11140e717f unit-tests: MGF1 tests depend on an XOF implementation not just a hash function 
If the mgf1 plugin was not enabled (e.g. with the default configure
options) the tests failed.
 2016-09-21 18:36:28 +02:00
Andreas Steffen e31ed9ab98 Version bump to 5.5.1dr4 2016-09-21 14:14:42 +02:00
Andreas Steffen 188b190a70 mgf1: Refactored MGF1 as an XOF 2016-09-21 06:40:52 +02:00
Tobias Brunner e9e643b240 leak-detective: Fix compile warning due to unused variable if LD is disabled 2016-09-20 17:24:52 +02:00
Tobias Brunner f654324e5e Merge branch 'testing-leak-detective' 
Test scenarios now fail if any leaks are detected by the leak detective.
Several leaks found this way have been fixed.
 2016-09-20 16:26:58 +02:00
Tobias Brunner 95f9fa82d5 leak-detective: Whitelist thread ID getter 
In case an external thread calls into our code and logs messages, a thread
object is allocated that will never be released.  Even if we try to clean
up the object via thread value destructor there is no guarantee that the
thread actually terminates before we check for leaks, which seems to be the
case for the Ada Tasking threads.
 2016-09-20 16:26:05 +02:00
Tobias Brunner 6250e813ca charon-tkm: Build C code with debug information 2016-09-20 16:26:05 +02:00
Tobias Brunner fd2ade9935 leak-detective: Whitelist functions of the Ada runtime related to Tasking 2016-09-20 16:26:05 +02:00
Tobias Brunner 8bc2ddb2cc charon-tkm: Free name of the PID file 2016-09-20 16:26:05 +02:00
Tobias Brunner b71f5f9305 charon-tkm: Deinitialize tkm before libstrongswan 
In particular because of leak-detective.
 2016-09-20 16:26:05 +02:00
Tobias Brunner 0b5d490e33 leak-detective: Whitelist some glib/libsoup functions 
Some of these are pretty broad, so maybe an alternative option is to
not use the soup plugin in the openssl-ikev2/rw-suite-b* scenarios.  But
the plugin is not tested anywhere else so lets go with this for now.
 2016-09-20 16:22:08 +02:00
Tobias Brunner b69cbacdfb testing: Use curl instead of soup plugin in libipsec/rw-suite-b scenario 
The soup plugin is already used in the openssl-ikev2/rw-suite-b*
scenarios.
 2016-09-20 15:36:15 +02:00
Tobias Brunner 70ac90c552 eap-peap: Fix memory leaks when handling tunneled methods 2016-09-20 15:36:15 +02:00
Tobias Brunner 0b4ba9c53d ipseckey: Properly free enumerated certificates 2016-09-20 15:36:15 +02:00
Tobias Brunner c0c14af8c2 ipseckey: Properly free public key after creating certificate 2016-09-20 15:36:15 +02:00
Tobias Brunner 149b7de35c dnscert: Properly free enumerated certificates 2016-09-20 15:36:15 +02:00
Tobias Brunner 15cbe526ac unbound: Avoid unnecessary cloning of RR list that caused a memory leak 2016-09-20 15:36:14 +02:00
Tobias Brunner 3a25032c16 unbound: Fix memory leak 2016-09-20 15:36:14 +02:00
Tobias Brunner 8c33a1897a pool: Fix (known) memory leak when querying leases 2016-09-20 15:36:14 +02:00
Tobias Brunner f44e0efb11 leak-detective: Whitelist leak in libldap 2016-09-20 15:36:14 +02:00
Tobias Brunner 6307a18fe1 testing: Fix totals if post test checks fail 2016-09-20 15:36:14 +02:00
Tobias Brunner d8b2980aa5 testing: Log leaks and fail tests if any are detected 2016-09-20 15:36:14 +02:00
Tobias Brunner 4f1c6bc5a6 leak-detective: Optionally write report to a log file 2016-09-20 15:36:09 +02:00
Tobias Brunner d344474b3d vici: Fix indention of flush_certs() method in Python bindings 2016-09-20 15:33:18 +02:00
Tobias Brunner 39d544d56e travis: Run 32-bit Windows build on precise (12.04) image 
That's required due to a bug in MinGW 3.1.0 that's shipped with trusty.
 2016-09-20 15:33:01 +02:00
Tobias Brunner 003fec52e0 travis: Properly pass back result of make 
Fixes: 4e8f5a189c ("travis: Add apidoc check")
 2016-09-20 15:32:28 +02:00
Tobias Brunner 44280a1901 travis: Don't disable connmark and forecast plugins anymore 
They build fine on Ubuntu 14.04.
 2016-09-20 15:32:28 +02:00
Tobias Brunner 1aec64a031 Merge branch 'maemo-bye-bye' 
Removes the code and helper files related to the unused and unmaintained
Maemo port.
 2016-09-15 18:38:48 +02:00
Tobias Brunner 5112cb08aa packages: Remove obsolete Maemo packaging files 2016-09-15 18:33:52 +02:00
Tobias Brunner d8f27ba679 maemo: Remove unused plugin 2016-09-15 18:33:52 +02:00
Tobias Brunner 5f564b94a0 maemo: Remove obsolete status/settings applet 2016-09-15 18:33:52 +02:00
Tobias Brunner 318a48a589 swanctl: Add man page entry for flush-certs command 2016-09-15 11:58:51 +02:00
Andreas Steffen 8aaa6de322 Version bump to 5.5.1dr3 2016-09-15 11:45:17 +02:00
Andreas Steffen 29a48b4c69 Merge branch 'flush-certs' 2016-09-15 11:39:16 +02:00
Andreas Steffen 2c7cfe7630 vici: flush-certs command flushes certificate cache 
When fresh CRLs are released with a high update frequency (e.g.
every 24 hours) or OCSP is used then the certificate cache gets
quickly filled with stale CRLs or OCSP responses. The new VICI
flush-certs command allows to flush e.g. cached CRLs or OCSP
responses only. Without the type argument all kind of certificates
(e.g. also received end entity and intermediate CA certificates)
are purged.
 2016-09-13 17:02:59 +02:00
Tobias Brunner 8efcc78f2b auth-cfg-wrapper: Fix memory leak with hash-and-URL certificates 
We wrap the auth-cfg object and its contents, so there is no need to get
an additional reference for the enumerated certificate.

Fixes a44bb9345f ("merged multi-auth branch back into trunk")
 2016-09-12 16:20:34 +02:00
Tobias Brunner ac67aeb100 testing: Add output of iptables-save 
This might be helpful to get the complete picture of the installed
rules.  `-c` is currently not used as the counters that are added in
front of every rule make the output quite hard to read and the counters
are already provided in the accompanying `iptables -v -L` output.

Fixes #2111.
 2016-09-12 16:15:45 +02:00
Tobias Brunner fa36699bfa testing: List `nat` and `mangle` tables in addition to the `filter` table 
This is useful in scenarios that e.g. use NAT and/or marks.

References #2111.
 2016-09-12 16:15:14 +02:00
Tobias Brunner 92ccc0b412 testing: Ignore comments (lines starting with #) in pre-/eval-/posttest.dat 2016-09-09 12:19:14 +02:00
Tobias Brunner d9fe0ec712 ikev2: (Re-)Queue tasks used to establish an IKE_SA in reset() 
Some tasks might get removed immediately once the IKE_SA_INIT response has
been handled even if there were notifies that require a restart of the
IKE_SA (e.g. COOKIE or INVALID_KE_PAYLOAD).  Such a task is ike_vendor,
which caused vendor IDs not to get sent in a retry.  This change ensures
all required tasks are queued after the reset, which some callers did
already anyway.
 2016-09-06 10:09:17 +02:00
Tobias Brunner fd1662cdbd ikev2: Store proposal on IKE_SA before creating DH object 
This might be useful for custom implementations of keymat_t.
 2016-09-06 09:38:22 +02:00
Tobias Brunner 4e8f5a189c travis: Add apidoc check 
This requires at least Ubuntu 14.04 (the Doxygen version in 12.04 has some
issues with our Doxyfile and prints lots of warnings).
 2016-09-05 16:58:29 +02:00
Tobias Brunner 94a6998608 travis: Use Trusty beta image 2016-09-05 16:58:29 +02:00
Tobias Brunner d9cb28c015 nm: Updated NEWS 2016-09-05 16:24:50 +02:00
Tobias Brunner e6adc5d487 Merge branch 'nm-1.2' 
Provides fixes and changes for compatibility with current NM releases.

Closes strongswan/strongswan#15.
Fixes #797.
 2016-09-05 15:41:51 +02:00
Tobias Brunner f201d86deb nm: Pass external gateway to NM 
This seems to be required by newer versions.
 2016-09-05 15:41:16 +02:00