eb01649079
android: Reload CA certificates without AsyncTask
...
We already use loaders in the GUI that can handle this asynchronously.
2014-07-22 10:41:50 +02:00
918200378d
android: Change how CA certificate reloads are initiated
2014-07-22 10:41:50 +02:00
08de6a08f0
android: Add option to reload CA certificates to TrustedCertificatesActivity
2014-07-22 10:41:50 +02:00
2312985b2a
android: Replace option to reload CA certificates with CA certificate view
...
The reload option will be added there.
2014-07-22 10:41:50 +02:00
1353f08fbc
android: Only close TrustedCertificatesActivity on click when selecting a certificate
2014-07-22 10:41:50 +02:00
9c841b1f34
android: Set action when using TrustedCertificatesActivity to select a certificate
2014-07-22 10:41:50 +02:00
f21a69dbec
android: Allow selection of local certificates
2014-07-22 10:41:49 +02:00
3b2b536b70
android: Change how CA certificates from different sources are accessed
2014-07-22 10:41:49 +02:00
8cdce00eb1
android: Cache certificates from multiple KeyStores
...
Including the new local one.
2014-07-22 10:41:49 +02:00
8d3a058abc
android: Register local certificate store provider when the app is initialized
2014-07-22 10:41:49 +02:00
5eb4297046
android: Add Provider for the local certificate store
2014-07-22 10:41:49 +02:00
544267889e
android: Add KeyStoreSpi implementation that uses LocalCertificateStore
2014-07-22 10:41:49 +02:00
275888d255
android: Add local certificate store
...
The class manages certificates stored in files within the app's
private data directory.
2014-07-22 10:41:49 +02:00
463a6cd005
android: Move TrustedCertificateEntry to a new package
2014-07-22 10:41:49 +02:00
6684195505
android: Subclass Application to provide static access to the application context
2014-07-22 10:41:49 +02:00
7229bdd5c7
android: Target latest SDK version
2014-07-22 10:41:49 +02:00
140ce41a39
android: Add utility method to convert a byte array to a hex string
2014-07-22 10:41:48 +02:00
9d994ba5ea
android: Remove unused hash argument from getTrustedCertificates()
2014-07-22 10:41:48 +02:00
b9fd95f476
android: Use correct tag to define category for CREATE_SHORTCUT intent-filter
2014-07-22 10:41:48 +02:00
3e4ce88633
android: Define HAVE_DLADDR as plugin loader checks for it
2014-06-24 15:53:25 +02:00
30c009c2fe
kernel-interface: Add a replay_window parameter to add_sa()
2014-06-17 16:41:30 +02:00
8d74ec9e80
ike: Add an additional but separate AEAD proposal to CHILD config
...
This currently has no effect: We don't include AEAD algorithms in the default
ESP proposal, as we don't know if it is supported by the backend. But as we
hopefully get an algorithm query mechanism on kernel interfaces some day, we
add the appropriate functionality nonetheless.
2014-05-16 16:51:19 +02:00
879e3d12ca
ike: Add an additional but separate AEAD proposal to IKE config, if supported
2014-05-16 16:51:19 +02:00
446c036794
android: New release based on 5.1.3
...
Also links OpenSSL statically and doesn't limit the number of packets
during EAP-TTLS.
2014-04-25 14:39:22 +02:00
8064764070
android: Use static version of libcrypto
...
System.loadLibrary() searches in system directories first (at least in
recent releases), that is, our own build wouldn't actually get used.
2014-04-25 14:26:31 +02:00
65117a0764
nm: Bump NetworkManager plugin version to 1.3.1
2014-04-24 15:53:38 +02:00
65ee857a88
android: Don't limit number to packets during EAP-TTLS
2014-02-18 11:32:37 +01:00
1c306c0ee9
libcharon: Remove unused charon->name
2014-02-12 14:34:33 +01:00
10c4f4e1fd
libhydra: Remove unused hydra->daemon
2014-02-12 14:34:32 +01:00
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
0b506edb19
nm: Require the PSK to be at least 20 characters long
2013-11-27 18:36:58 +01:00
692a421aa0
nm: German translation updated
2013-11-27 18:36:58 +01:00
594878e552
nm: Add PSK option to auth-dialog
2013-11-27 18:36:58 +01:00
63528ebd3f
nm: Add pre-shared key option in GUI
2013-11-27 18:36:58 +01:00
cfaec93111
nm: Make intltool recognize glade files properly
2013-11-27 18:36:58 +01:00
85adb98daf
android: New release based on 5.1.1
...
This fixes issues with IVs and padding in ESP handling and removes the
Vstr dependency.
2013-11-13 17:41:24 +01:00
20c99edab9
android: Remove dependency on libvstr
2013-11-13 11:40:47 +01:00
10900ed7e7
charon-xpc: Set AUTH_RULE_IDENTITY_LOOSE on responder config
...
This allows the server to use a different IKE identity as long as the
configured hostname is contained in the certificate.
2013-11-01 12:05:48 +01:00
1ba47fa565
charon-xpc: Load missing eap-md5 plugin after enabling it
2013-10-28 15:18:11 +01:00
9f2a4d3315
charon-xpc: Disable warnings about deprecated functions
...
This avoids all the deprecated warnings when using OpenSSL functins.
2013-10-28 14:51:59 +01:00
f5ea7d781f
charon-xpc: Avoid -all_load linker flag
...
This seems to be not required anymore with the LLVM 5 toolchain.
2013-10-28 14:51:51 +01:00
a1c2ed8820
charon-xpc: Properly xpc_retain() connections we xpc_release()
2013-10-28 14:51:40 +01:00
888d8d73ab
charon-xpc: Properly cast SA identifier to uintptr representation
2013-10-28 14:51:28 +01:00
3e40dbb128
charon-xpc: Don’t build against libvstr anymore
...
We now have our own printf backend and use it instead of Vstr.
2013-10-28 14:51:03 +01:00
6a3cfbdc0d
charon-xpc: Build with EAP-MD5 support
2013-10-28 14:49:19 +01:00
d7083b6541
kernel: Use a time_t to report use time in query_policy()
2013-10-11 10:23:17 +02:00
c99458e94e
kernel: Use a time_t to report use time in query_sa()
2013-10-11 10:23:17 +02:00
e4d63cfae7
android: New release after fixing remediation instructions regression
2013-09-26 13:53:39 +02:00
00f7b29422
android: Change progress dialog handling
...
With the previous code the dialog sometimes was hidden for a short while
before it got reopened.
2013-09-26 13:53:25 +02:00
cfed5679b8
android: Clear remediation instructions when starting a new connection
2013-09-26 13:00:45 +02:00
c17cbfdb72
android: New release after improving recovery after connectivity changes
2013-09-23 14:33:29 +02:00
3817231333
android: Change state handling to display errors occurring while the app is hidden
...
A new connection ID allows listeners to track which errors they have
already shown to the user or were already dismissed by the user.
This was necessary because the state fragment is now unregistered from
state changes when it is not shown.
2013-09-23 12:01:43 +02:00
b4a5b185fc
android: Don't update state fragments when they are not displayed
...
Besides that updates don't make much sense when the fragments are not
displayed this fixes the following exception:
java.lang.IllegalStateException: Can not perform this action after
onSaveInstanceState
2013-09-23 12:01:42 +02:00
c3ee829eee
android: Properly handle failures while initializing charon
2013-09-23 11:49:52 +02:00
c742905f50
android: Fix compilation after PTS header files were moved
2013-09-04 16:18:29 +02:00
3070697f9f
ike: support multiple addresses, ranges and subnets in IKE address config
...
Replace the allowany semantic by a more powerful subnet and IP range matching.
Multiple addresses, DNS names, subnets and ranges can be specified in a comma
separated list. Initiators ignore the ranges/subnets, responders match
configurations against all addresses, ranges and subnets.
2013-09-04 10:38:37 +02:00
9aeaa7396e
peer-cfg: add a pull/push mode option to use with mode config
2013-09-04 10:33:37 +02:00
a0cd955f42
charon-xpc: add a note how to build the source tarball
2013-08-29 12:28:54 +02:00
74ee1120d7
charon-xpc: include and prefer AES-GCM algorithms in ESP proposal
2013-08-29 11:37:07 +02:00
8fa7c5c191
charon-xpc: load missing ctr/ccm/gcm plugins
2013-07-31 16:28:11 +02:00
aafb6fa6c2
charon-xpc: use kernel-libipsec instead of kernel-pfkey
2013-07-31 11:41:37 +02:00
546235d34c
charon-xpc: fix TS getting after changing CHILD_SA API
2013-07-31 11:41:31 +02:00
146fa8b2d3
charon-xpc: Use correct namespace when setting default settings
2013-07-22 17:44:37 +02:00
0ceb288815
Fix various API doc issues and typos
...
Partially based on an old patch by Adrian-Ken Rueegsegger.
2013-07-18 18:30:36 +02:00
b9c47eae06
xpc: allow easy copy & pase of ./configure instructions
2013-07-18 12:17:56 +02:00
7f1adbe94e
xpc: use -idirafter to build against openssl headers from /usr/include
2013-07-18 12:17:56 +02:00
06e8712cb3
xpc: forward some risen alerts over XPC to App
2013-07-18 12:17:56 +02:00
e7ee45ef38
xpc: enable close_ike_on_child_failure
2013-07-18 12:17:56 +02:00
e37c5d46d3
xpc: send a "connecting" event when establishing a connection starts
2013-07-18 12:17:56 +02:00
3ffa310c44
xpc: use osx-attr plugin to install configuration attributes
2013-07-18 12:17:56 +02:00
c7ac7f92e9
xpc: update README with new events, markdown style fixes
2013-07-18 12:17:55 +02:00
4edcc86149
xpc: send child_updown events over XPC channel
2013-07-18 12:17:55 +02:00
d60c8d2c74
xpc: support termination of IKE_SAs using XPC RPC on connection channel
2013-07-18 12:17:55 +02:00
790ad9e677
xpc: move XPC RPC reply creation to command dispatching
2013-07-18 12:17:55 +02:00
a0c125eacb
xpc: terminate daemon when last XPC connection to App gone
2013-07-18 12:17:55 +02:00
6aae6268d7
xpc: fix some refcounting issues related to XPC connections
2013-07-18 12:17:55 +02:00
22bffc647d
xpc: no need to clear channel table, they are bound to IKE_SA lifetime
2013-07-18 12:17:55 +02:00
1a3f71d97a
xpc: add support for logging over XPC channels
2013-07-18 12:17:55 +02:00
fbc89786b5
xpc: don't warn about pointer signedness mismatch (-Wno-pointer-sign)
2013-07-18 12:17:55 +02:00
dcf8a3c78b
xpc: add a description of the basic XPC protocol to README
2013-07-18 12:17:55 +02:00
d5966e71e9
xpc: use the same XPC message "type" mechanism on Mach service as on channels
2013-07-18 12:17:55 +02:00
39d15dde67
xpc: ask App for passwords using connection specific channel
2013-07-18 12:17:55 +02:00
8279ce99c4
xpc: use IKE_SA specific XPC return channels for further communication
2013-07-18 12:17:55 +02:00
bc74e18223
xpc: don't send certificate requests, there are too many when using keychain
2013-07-18 12:17:55 +02:00
5016370390
xpc: build with support for the keychain plugin
2013-07-18 12:17:55 +02:00
e73a653451
xpc: add support for initiate simple IKEv2 EAP connections
2013-07-18 12:17:54 +02:00
3dcc9d7aa7
xpc: move dispatching to dedicated class, using dedicated thread
2013-07-18 12:17:54 +02:00
4204d1d71a
xpc: use non-inlining variant of vstr, compiler does not like it
2013-07-18 12:17:54 +02:00
6f8c626b81
xpc: add Xcode project for a charon controlled through XPC
2013-07-18 12:17:54 +02:00
b23bd71466
android: New release after adding support for EAP-TNC
...
Also disabled listening on IPv6 because the Linux kernel currently does
not support UDP encapsulation for IPv6.
2013-07-08 18:51:07 +02:00
7ccf02ee93
android: Properly handle dotted-quad notation of IPv6 addresses
...
For nestat output like ::ffff:127.0.0.1:9876 we shall not treat 127 as
port but 9876 instead.
2013-07-08 18:49:30 +02:00
97f1dfb3ec
android: Allow IMC state to be dismissed with a swipe gesture
2013-07-08 18:49:30 +02:00
a9f94d7efb
android: Use explicit locale when converting settings names
...
Apparently, these functions use the user's default locale which might not
yield the expected result (e.g. lowercase I is not i in the Turkish
locale but ı instead).
2013-07-08 18:49:30 +02:00
e1a98e7956
android: Add information about transmitted data if EAP-TNC is selected
2013-07-08 18:49:30 +02:00
9390499584
android: Reuse certificate selector as generic two line button
2013-07-08 18:49:30 +02:00
671614d229
android: Add device ID in BeginHandshake
2013-07-08 18:49:30 +02:00
8a5bffb0fe
android: Add new VpnType to enable BYOD features
2013-07-08 18:49:30 +02:00
2ecda3421a
android: Use a different set of plugins if BYOD features are enabled
2013-07-08 18:49:29 +02:00
6e872fea7a
android: IMC state fragment is a button that shows remediation instructions or log
2013-07-08 18:49:29 +02:00
254d8679c6
android: Show remediation instructions instead of log on failure
2013-07-08 18:49:29 +02:00
873f389b37
android: Properly hide the IMC state fragment initially
2013-07-08 18:49:29 +02:00
0ef98957a7
android: Add activity that displays a list of remediation instructions
...
On large displays a two-pane layout is used that displays the list next
to the actual instructions.
2013-07-08 18:49:29 +02:00
611d35e8e8
android: Add fragment for a list of remediation instructions
...
This fragment can later be used in one- or two-pane layouts.
2013-07-08 18:49:29 +02:00
b6e05f6518
android: Add adapter for remediation instructions
2013-07-08 18:49:29 +02:00
ea022bb194
android: Add fragment that displays a single remediation instruction
2013-07-08 18:49:29 +02:00
c469cd2a66
android: RemediationInstruction implements Parcelable interface
2013-07-08 18:49:29 +02:00
2b91085701
android: Background for state panels provides separator
2013-07-08 18:49:29 +02:00
e5bf6dcddc
android: Add fragment that displays the IMC state
...
The fragment hides itself if the state is unknown or the assessment
succeeded.
2013-07-08 18:49:29 +02:00
a05acd7629
android: Handle and store IETF remediation instructions
2013-07-08 18:49:28 +02:00
0484989dbd
android: Add a parser for XML remediation instructions
2013-07-08 18:49:28 +02:00
a8dc42b295
android: Show different error message depending on IMC state
2013-07-08 18:49:28 +02:00
5e7a4193e5
android: Clear error only when the user explicitly dismisses the dialog
...
The previous code worked fine on rotation changes as the fragment is
destroyed and recreated causing onCreate to be called, which restores the
saved error state. But if the user switches to a different application
and then back this is not the case. The dialog still gets dismissed (as
we have to do so to avoid nasty exceptions on rotation changes) but since
that implicitly cleared the error state the UI was never fully restored.
2013-07-08 18:49:28 +02:00
dc52cfab73
android: Add state of IMC to VpnStateService and update it via JNI
2013-07-08 18:49:28 +02:00
d087f080f0
android: Handle TCG file measurement related attributes using PTS
2013-07-08 18:49:28 +02:00
fd3aa004e4
android: Android IMC state provides a Platform Trust Service (PTS) instance
2013-07-08 18:49:28 +02:00
0e53beda32
android: Provide a public interface for Android IMC state
2013-07-08 18:49:28 +02:00
403165102c
android: Define IMC functions static and with lower-case names
2013-07-08 18:49:28 +02:00
583fe0ccb6
android: Add measurement collector for ITA Device ID
2013-07-08 18:49:28 +02:00
44330a171f
android: Add measurement collector for ITA Settings
2013-07-08 18:49:27 +02:00
c179a3f6f2
android: Handle ITA PA-TNC attributes
2013-07-08 18:49:27 +02:00
036fa7a166
android: Overload for getMeasurement() that takes a String array as argument
2013-07-08 18:49:27 +02:00
ba59486fc8
android: Add measurement collector for Port Filter
...
This collector reports all listening TCP and UDP sockets/ports.
2013-07-08 18:49:27 +02:00
6500727d6a
android: Enum type for transport protocols added
2013-07-08 18:49:27 +02:00
7cb8f570ed
android: Add measurement collector for Installed Packages
2013-07-08 18:49:27 +02:00
2d61172314
android: Add measurement collector for Product Information
2013-07-08 18:49:27 +02:00
75d710ec63
android: Also support writing of 24-bit values
2013-07-08 18:49:27 +02:00
5c9706f30b
android: Add measurement collector for String Version
2013-07-08 18:49:27 +02:00
4eec7912a1
android: Interfaces for measurement collectors and attributes added
2013-07-08 18:49:27 +02:00
2d378d8a74
android: Add a Java utility class similar to bio_writer_t
2013-07-08 18:49:27 +02:00
28c268d707
android: Add enum types for PENs and attribute types
2013-07-08 18:49:26 +02:00
c53210f9b0
android: Add a generic handler for PA-TNC attribute requests
...
The idea is that the Android IMC will return attributes in their binary
encoding. This keeps the JNI interface to the IMC pretty simple.
2013-07-08 18:49:26 +02:00
aa4ff3b211
android: Added a Java part to the Android IMC
2013-07-08 18:49:26 +02:00
753035f6d7
android: Don't attempt loading IMCs from /etc/tnc_config
2013-07-08 18:49:26 +02:00
a6507df2ec
android: Build libpts and init/deinit libpts in BYOD IMC
2013-07-08 18:49:26 +02:00
96658d7264
android: Added a sample IMC that sends some dummy OS data
2013-07-08 18:49:26 +02:00
933155fae6
android: Build option added to load BYOD related plugins and libraries in the Android app
2013-07-08 18:49:26 +02:00
0015727ebd
android: Disable listening on IPv6
...
As we have to use UDP encapsulation and the Linux kernel currently does
not support that this avoids issues with dual-stack gateways.
2013-07-05 09:48:27 +02:00
607f8e9906
plugin-loader: Add method to print loaded plugins on a given log level
2013-06-21 15:17:53 +02:00
92f102c21b
android: Forward initiator flag to libipsec when adding IPsec SA
2013-06-13 13:55:58 +02:00
a8c9454423
kernel-interface: add an exchange initiator parameter to add_sa()
...
This new flag gives the kernel-interface a hint how it should priorize the
use of newly installed SAs during rekeying.
Consider the following rekey procedure in IKEv2:
Initiator --- Responder
I1 -------CREATE-------> R1
I2 <------CREATE--------
-------DELETE-------> R2
I3 <------DELETE--------
SAs are always handled as pairs, the following happens at the SA level:
* Initiator starts the exchange at I1
* Responder installs new SA pair at R1
* Initiator installs new SA pair at I2
* Responder removes old SA pair at R2
* Initiator removes old SA pair at I3
This makes sure SAs get installed/removed overlapping during rekeying. However,
to avoid any packet loss, it is crucial that the new outbound SA gets
activated at the correct position:
* as exchange initiator, in I2
* as exchange responder, in R2
This should guarantee that we don't use the new outbound SA before the peer
could install its corresponding inbound SA.
The new parameter allows the kernel backend to install the new SA with
appropriate priorities, i.e. it should:
* as exchange inititator, have the new outbound SA installed with higher
priority than the old SA
* as exchange responder, have the new outbound SA installed with lower
priority than the old SA
While we could split up the SA installation at the responder, this approach
has another advantage: it allows the kernel backend to switch SAs based on
other criteria, for example when receiving traffic on the new inbound SA.
2013-06-11 15:58:48 +02:00
5c12700f9a
kernel-interface: query SAD for last use time if SPD query didn't yield one
2013-05-06 17:01:13 +02:00
0be946dce3
Use the GEN silent rule when generating files with sed
2013-05-06 15:04:56 +02:00
55321dcfb6
New Android release after adding AES-GCM, IPv6-in-IPv4 and using kernel-netlink
...
libipsec now supports AES-GCM, IPv6 tunnels over IPv4 are supported,
native x86 libraries are built (requires a new Vstr build script).
Also, the existing kernel-netlink plugin now provides the kernel-net
implementation, which should be more stable in case multiple interfaces
are up and have IP addresses installed on them.
2013-05-03 16:02:39 +02:00
740aedfec1
android: Use stronger ESP proposal including AES-GCM
2013-05-03 16:02:39 +02:00
61fb3267b2
android: Remove unused methods on NetworkManager/network_manager_t
2013-05-03 15:11:20 +02:00
70dfac4459
android: Ignore interface 'lo'
...
Android adds a default route via 'lo' if no connectivity is available
causing charon to send packets via lo and triggering DPD.
2013-05-03 15:11:20 +02:00
18dab76bfa
android: Repurpose android-net to simply handle connectivity events
...
Using the events by NetworkManager/ConnectivityManager to trigger roam events
instead of the events generated by the kernel-netlink plugin the noise level
is much lower.
2013-05-03 15:11:20 +02:00
3b7f25906e
android: Replace android-net plugin with kernel-netlink
...
Virtual IPs are not handled by the kernel-netlink plugin and tun devices are
ignored.
2013-05-03 15:11:19 +02:00
67332b4e22
android: Set strongswan.conf options before initializing other libraries
2013-05-03 15:11:19 +02:00
24b5e71522
android: No need to disable CMS explicitly
...
The version check introduced with 0d237763
2013-03-20 17:02:37 +01:00
29d93e2470
android: Build native libraries also for x86
...
Requires an updated build script for Vstr.
2013-03-20 15:24:27 +01:00
e5d819b617
android: Remove/filter header files from LOCAL_SRC_FILES
...
This avoids huge warnings when building the native code.
2013-03-20 15:24:26 +01:00
8249f288f2
android: Request and install an IPv6 DNS server
2013-03-20 15:24:26 +01:00
ee66565d43
android: Also request a virtual IPv6 address and propose IPv6 TS
...
This allows IPv6 over IPv4 but falls back nicely if we don't get a
virtual IPv6 (or IPv4) address.
2013-03-20 15:24:26 +01:00
7eeeb1c702
kernel_ipsec_t.query_sa() additionally returns the number of processed packets
2013-03-14 14:20:54 +01:00
d6da0a367a
New Android release after adding translations and Cert/EAP authentication
...
Also fixed a race condition during reauthentication and a freeze that
might happen while disconnecting.
2013-03-07 14:14:34 +01:00
76de964617
android: Add support for combined certificate and EAP authentication
...
This uses RFC 4739 multiple authentication rounds to first
authenticate the client with a certificate followed by an
EAP authentication round with username and password.
2013-03-07 14:14:34 +01:00
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
e88b529a30
android: Mitigate race condition on reauthentication
...
If the TUN device gets recreated while another thread in handle_plain()
has not yet called select(2) but already stored the file descriptor of the
old TUN device in its FD set, select() will fail with EBADF.
Fixes #301 .
2013-03-01 17:06:01 +01:00
306a269e34
Add a DSCP configuration value to IKE configs
2013-02-06 15:20:32 +01:00
30abe1fd19
android: Properly escape apostrophes in Ukrainian translation
2013-01-14 17:23:52 +01:00
b9cda4f3e1
android: Implement kernel_net_t.get_interface via JNI
...
This is now required to properly accept/install a virtual IP address.
Fixes #275 .
2013-01-14 17:22:56 +01:00
53ce5c4c91
android: Moved chunk_from_byte_array and byte_array_from_chunk helper functions
2013-01-14 17:19:58 +01:00
ecff0e5685
android: Set OPENSSL_NO_CMS in Android.mk as it is not set in opensslconf.h on Android
2013-01-14 17:16:18 +01:00
21235e1ec2
Merge branch 'ikev1-fragmentation'
...
This adds support for the proprietary IKEv1 fragmentation extension.
Conflicts:
NEWS
2013-01-12 11:58:26 +01:00
365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00
3365bddccf
Fixed some typos in Ukrainian translation
2013-01-09 05:30:55 +01:00
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
a0117b9122
Added Russian and Ukrainian strings for Android client
2012-12-24 12:06:12 +01:00
b185cdd16d
Install virtual IPs via interface name, and use an interface lookup where required
2012-11-29 10:22:51 +01:00
50bd755871
Add an optional kernel-interface parameter to install IPs with a custom prefix
2012-11-29 10:22:51 +01:00
2cb9a014df
New Android release after adding shortcuts and confirmation dialog
...
Also fixed some Android 4.2 specific issues.
2012-11-21 19:07:52 +01:00
df3e34fe86
android: Don't allow any backup for now
2012-11-21 19:05:18 +01:00
37d42a76d3
android: Properly handle exceptions when loading keys/certificates
2012-11-21 18:57:41 +01:00
73d0fb0a66
android: Use the same tag string for all dialogs in MainActivity
2012-11-21 18:57:41 +01:00
8c0b32d892
android: Hide previous dialogs when handling a new connection attempt
2012-11-21 18:57:41 +01:00
50b048983c
android: Show confirmation dialog when starting a profile while already connected
2012-11-21 18:57:41 +01:00
ac3c6ff479
android: Add the ability to create shortcuts to specific VPN profiles
2012-11-21 18:57:41 +01:00
127d83bb21
android: Start a specific VPN profile based on special Intents
2012-11-21 18:57:40 +01:00
7241102ace
android: Attribute added to display the list of VPN profiles in read-only mode
2012-11-21 18:57:40 +01:00
2e50a8e751
android: Show an error if VPN fails due to lock down mode in Android 4.2
2012-11-19 11:43:32 +01:00
be2e7ecc2f
android: Add error message as argument to "VPN not supported" dialog
2012-11-19 11:43:32 +01:00
0c3b8028e7
android: Content providers are not exported by default in Android 4.2
2012-11-19 11:43:32 +01:00
48e45153f5
android: Set target SDK to 17 (Android 4.2)
2012-11-19 11:43:31 +01:00
277ff80a2e
android: Private key bug has been fixed with Android 4.2
2012-11-19 11:43:31 +01:00
acb300f920
android: Use proper intent-filter for our VpnService
2012-11-02 15:55:08 +01:00
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
9fc7cc6f9b
Add IKE version information to ike_cfg_t
2012-10-24 10:18:35 +02:00
23ca39010e
android: Enable ECC in the app as our custom built libcrypto supports it
2012-10-23 18:13:58 +02:00
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
d35d669180
Make syslog and file loggers configurable at runtime
2012-10-18 14:42:10 +02:00
c30573467b
New Android release after adding MOBIKE support
2012-10-18 14:03:38 +02:00
eecd41e349
Use a helper function to add milliseconds to timeval structs
2012-10-18 12:25:59 +02:00
2b6088c718
android: Ignore if peer is unreachable when reestablishing an SA
2012-10-18 12:25:59 +02:00
901f6ac403
android: Use a shorter timeout for retransmits
2012-10-18 10:57:55 +02:00
8658e87b35
android: Use keyingtries=%forever and dpd|closeaction=restart
...
We also ignore the CHILD_SA_DOWN event.
This should allow us to keep the connection up as long as the user does
not manually disconnect.
2012-10-18 10:57:55 +02:00
272ce5b580
android: Handle unreachable peers via alert
2012-10-16 14:16:17 +02:00
b00806cf85
android: Use 0.0.0.0/0 as local traffic selector
...
This is helpful if the responder also wants to tunnel e.g. multicast
packages.
2012-10-16 14:16:17 +02:00
45885ca613
android: Bypass/protect previously bypassed sockets if connectivity changes
2012-10-16 14:16:17 +02:00
9167ca8b2b
android: Support for IPsec SA update added
2012-10-16 14:16:17 +02:00
5b88d80f22
android: Trigger roam events in case connectivity changes
2012-10-16 14:16:17 +02:00
ef3d1a1ba9
android: Register NetworkManager as BroadcastReceiver and relay events via JNI
2012-10-16 14:16:17 +02:00
38bbca587f
android: Determine source address dynamically
2012-10-16 14:16:17 +02:00
8f092a2221
android: Added NetworkManager class which allows to retrieve a local IP address
2012-10-16 14:16:17 +02:00
b0e0932538
android: Increase compile warnings
2012-10-16 14:16:16 +02:00
c3bce1aa3d
android: Fixed "Configure" button in Android VPN dialog
2012-10-16 14:16:16 +02:00
e3d98f2c4c
android: Don't use the default ESP proposal as it includes unsupported algorithms
2012-10-16 14:16:16 +02:00
012d7382b0
New Android release after fixing private key issues on Jelly Bean
2012-09-24 17:16:29 +02:00
94106ddc85
android: Leak the private key reference on Jelly Bean to avoid a bug in the framework
...
A bug in the framework on Android Jelly Bean causes a SIGSEGV when the private
key object returned from KeyChain.getPrivateKey is garbage collected.
Leaking the global reference to that object prevents the garbage
collection and thereby the crash.
2012-09-24 17:16:29 +02:00
dfefa2f6dc
android: Added a global variable to check the current SDK version
2012-09-24 17:12:18 +02:00
64595464b2
android: Load the private key and certificates separately in android_creds_t
2012-09-24 17:12:18 +02:00
406d680e45
android: Added a method to get the user's private key via JNI
2012-09-24 17:12:18 +02:00
c35d468fb1
android: Added a JNI backed private key implementation
...
This is required because private keys are provided by an OpenSSL engine
in Jelly Bean, which makes them inaccessible directly via getEncoding.
2012-09-24 17:12:18 +02:00
4157a40b45
New Android release after fixing IDr problems
2012-09-18 15:29:29 +02:00
e596d0ef1e
android: Use AUTH_RULE_IDENTITY_LOOSE
2012-09-18 11:21:49 +02:00
cf1ec85207
New Android release after fixing Unicode conversion bug
2012-09-17 10:55:10 +02:00
b7c54cf226
android: Fix conversion of actual Unicode strings (i.e. bytes!=chars)
2012-09-17 10:30:39 +02:00
ccba4f1533
android: New release after adding certificate authentication and reauth fix
2012-09-06 14:54:37 +02:00
d7d2a5ec38
android: Properly handle reauthentication initiated by the client
2012-09-06 11:27:07 +02:00
0326ceda64
android: Create a new VpnService.Builder after VPN has been established
2012-09-06 11:25:24 +02:00
d1604d0551
Merge branch 'android-client-cert'
...
Introduces IKEv2 client certificate authentication for the Android App.
2012-09-04 13:58:49 +02:00
c89cc22692
android: Native parts handle ikev2-cert VPN type
2012-08-31 18:24:46 +02:00
094a059bcf
android: android_creds_t can provide a user's private key and certificate
2012-08-31 18:24:46 +02:00
3aba33868b
android: Added JNI method to retrieve user certificate and private key
...
To simplify things the private key, the user certificate and the CA
certificates are all put into the same list.
2012-08-31 18:24:46 +02:00
38e866c3dd
android: Don't show the password dialog if not required
2012-08-31 18:24:46 +02:00
69f731a9d8
android: Enable pkcs8 plugin
2012-08-31 18:24:46 +02:00
5eb7ad3a38
android: Pass the type of VPN to the native parts
2012-08-31 18:24:46 +02:00
655362464e
android: Make sure NULL jstrings are converted properly
2012-08-31 18:24:45 +02:00
6de38fe88a
android: Display the selected certificate alias in the profile list
2012-08-31 18:24:45 +02:00
f46da851ab
android: Allow configuration of a user certificate
2012-08-31 18:24:43 +02:00
3f9e90f618
android: Remove NOT NULL constraint from username column
2012-08-31 18:24:23 +02:00
d0f6481eb0
android: Separate view added to select certificates
2012-08-31 18:24:23 +02:00
7fedacb2e7
android: Don't try to load the profile with ID 0
2012-08-31 18:24:22 +02:00
825c192d4f
android: Spinner added to select the VPN type
2012-08-31 18:24:19 +02:00
1323dc1138
Merge branch 'multi-vip'
...
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
2012-08-31 12:55:56 +02:00
feb8550401
Pass a list instead of a single virtual IP to attribute enumerators
2012-08-30 16:43:42 +02:00
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
48f51d9454
android: Field added to store the type of a VPN profile
2012-08-27 15:36:36 +02:00
1f6f501978
android: Enum added for VPN types
2012-08-27 15:33:58 +02:00
8a9956762c
android: Simplified handling of error dialog that is displayed if VpnService API is not supported
2012-08-27 10:48:13 +02:00
aa55040192
android: LoginDialog refactored so it also works when the device is rotated
2012-08-27 10:48:13 +02:00
e09f4120d4
android: Added a field to store selected user certificate
2012-08-27 10:48:13 +02:00
8528f841de
Ewa did the new Polish translation
2012-08-24 16:59:47 +02:00
ef73bb52b1
Without the ties to PAM we can build eap-gtc on Android
2012-08-17 14:24:48 +02:00
f0b8d8c2c4
New Android release after adding error dialog
...
Skipped one version due to a rebasing mishap.
2012-08-15 11:23:06 +02:00
8df118f733
Show an error message if VPN is not supported
...
Some devices have Android 4 installed but the system images still seem to
lack the components that are required for VPN support. One such
component is the dialog used to grant permission to create .
2012-08-15 11:19:43 +02:00
Tobias Brunner