Martin Willi
da9724e6d0
Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding
2010-07-13 11:29:35 +02:00
Martin Willi
5db798c8e0
Charon uses a generic trunstchain length limit, not only for X509 certificates
2010-07-13 10:26:06 +02:00
Heiko Hund
ec7adea007
Added support for named attribute groups
...
Add the possibility to group attributes by a name and assign these
groups to connections. This allows a more granular configuration of
which client will receive what atrributes.
2010-07-09 13:09:31 +02:00
Martin Willi
5d31217232
Ignore IKEv2 packets in pluto with any minor version
2010-06-22 11:14:07 +02:00
Tobias Brunner
946be4d357
Adding support for the native Linux capabilities interface.
...
Note that this interface is deprecated and mainly added to support
Android. Use libcap, if possible.
2010-06-15 19:58:30 +02:00
Tobias Brunner
b77e493bea
Explicitly refer to LIBCAP in Makefiles.
2010-06-15 19:57:31 +02:00
Andreas Steffen
5d4c258de7
refer to correct PLUTO_XAUTH_ID variable
2010-06-09 15:21:26 +02:00
Andreas Steffen
fcfd54acde
rename environment variable to PLUTO_XAUTH_ID
2010-06-08 23:18:51 +02:00
Andreas Steffen
611368339b
do not destroy xauth_id if phase2 equals phase1 connection
2010-06-08 23:18:00 +02:00
Andreas Steffen
964f6372cc
make an optional XAUTH user ID available in the updown script
2010-06-08 17:50:22 +02:00
Heiko Hund
52ee813156
inherit XAUTH identities in Phase 2
2010-06-08 12:15:42 +02:00
Martin Willi
80b5661a9b
Added generated manpages to .gitignore
2010-05-31 13:41:25 +02:00
Tobias Brunner
8f76653a4c
Adding the version number to the most relevant manual pages.
2010-05-30 13:03:04 +02:00
Tobias Brunner
1d3a48b559
Updated and corrected the ipsec.secrets(5) manual page.
2010-05-30 12:29:32 +02:00
Andreas Steffen
e8960c2a99
be lenient towards wrong attribute encodings
2010-05-28 15:07:21 +02:00
Martin Willi
24632bc0e8
Fixed compiler warning in invocation of crl_is_newer()
2010-05-21 16:41:13 +02:00
Martin Willi
8029e5efd2
Added generic implementations for crl_is_newer/certificate_is_newer
2010-05-21 16:25:51 +02:00
Andreas Steffen
ab0ecb7dd9
register virtual IPs under the XAUTH identity
2010-05-18 22:41:22 +02:00
Andreas Steffen
8d7fffc942
clarified secret loading debug output
2010-05-18 16:54:25 +02:00
Tobias Brunner
9ffb475e5d
Typo fixed.
2010-05-18 13:59:23 +02:00
Andreas Steffen
26ec52a405
implemented xauth as a pluto plugin
2010-05-18 13:51:27 +02:00
Andreas Steffen
8143f10914
introduced xauth_identity keyword
2010-05-15 10:18:29 +02:00
Andreas Steffen
03b5e4d8d7
refactoring of Mode Config functionality allows transport and handling of any attribute
2010-05-14 17:07:03 +02:00
Andreas Steffen
fb7de3a8bf
implemented support of resolve plugin
2010-05-08 16:09:02 +02:00
Andreas Steffen
c2651ff13d
include demux.h only once
2010-05-06 21:55:19 +02:00
Andreas Steffen
c158df0f23
already defined in attributes/attributes.h
2010-05-06 21:44:15 +02:00
Andreas Steffen
4eee16354b
include state.h only once
2010-05-06 21:35:00 +02:00
Andreas Steffen
9a0333fa62
moved resolve plugin from libcharon to libhydra
2010-05-04 23:53:08 +02:00
Tobias Brunner
257e27df07
Fixing out-of-tree build after adding dependency to config.status.
2010-04-29 13:29:53 +02:00
Martin Willi
b0e789035c
Users of PLUGINS depend on config.status, rebuilding them if plugin configuration is updated
2010-04-29 11:28:27 +02:00
Andreas Steffen
916fd45709
do not destroy whack_attr if it hasn't been initialized
2010-04-29 07:28:51 +02:00
Andreas Steffen
e20a494013
added debug output argument
2010-04-28 12:28:25 +02:00
Andreas Steffen
af3be116cb
added AES_GMAC output string
2010-04-27 13:47:11 +02:00
Heiko Hund
d0f1b3b96f
fixed segfault in pluto with multiple ISAKMP SAs in delete payload
2010-04-20 21:23:05 +02:00
Martin Willi
4590260b2d
Added support for DH groups 22, 23 and 24, patch contributed by Joy Latten
2010-04-19 14:41:20 +02:00
Andreas Steffen
d3d2b7390f
implemented inheritance of virtual IP assigned by Mode Config on the responder side
2010-04-11 19:19:20 +02:00
Andreas Steffen
ec96692c38
show in-memory pools in ipsec statusall
2010-04-11 11:46:47 +02:00
Andreas Steffen
b1701d097c
added missing curly brackets
2010-04-11 00:49:04 +02:00
Andreas Steffen
b3127b42f9
support in-memory pools in swapped connection definitions
2010-04-11 00:27:04 +02:00
Tobias Brunner
e41932320c
Explicitly unload plugins before deinitializing libhydra and libstrongswan in pluto.
2010-04-06 12:47:41 +02:00
Tobias Brunner
894936ce9e
Replaced some DBG_LIB with more specific groups.
2010-04-06 12:47:40 +02:00
Tobias Brunner
8b0e09103b
Adding DBG_LIB to all calls of libstrongswan's version of DBG*.
2010-04-06 12:47:40 +02:00
Tobias Brunner
9ed6341d3f
Adding support for debug groups in libstrongswan's logger.
2010-04-06 12:47:40 +02:00
Tobias Brunner
9f3df622e4
Manually loading the pluto.(n)dns* settings is not needed anymore.
2010-04-06 12:47:40 +02:00
Tobias Brunner
facf887253
Store the name of the daemon that initialized libhydra to load daemon-specific settings.
2010-04-06 12:47:40 +02:00
Tobias Brunner
6bfa8e907c
Added options to whack to query in-memory leases.
2010-04-06 12:47:39 +02:00
Tobias Brunner
4db0af9080
Added function to list the leases of the in-memory pools.
2010-04-06 12:47:39 +02:00
Tobias Brunner
4e06abe0fa
Delete the in-memory IP address pools if a connection gets deleted.
...
This fixes ipsec reload.
2010-04-06 12:47:39 +02:00
Tobias Brunner
bd22823358
Use whack_attribute in pluto to provide in-memory IP address pools.
...
The pools are configured by setting rightsourceip in ipsec.conf to a
network in CIDR notation.
2010-04-06 12:47:39 +02:00
Tobias Brunner
89715bd790
Adding a whack_attribute class which manages in-memory pools in pluto and is very similar to stroke_attribute.
2010-04-06 12:47:39 +02:00