Andreas Steffen
ab13376877
fips_verify_hmac_signature() now returns a boolean status
2007-08-29 09:43:02 +00:00
Andreas Steffen
2fb15ac606
changed interface of fips_verify_hmac_signature
2007-08-29 05:43:45 +00:00
Andreas Steffen
55434a1ba5
started implementation of libstrongswan code integrity check
2007-08-29 00:37:10 +00:00
Andreas Steffen
84db83336b
support of ipsec rereadsecrets for stroke
2007-08-10 07:16:32 +00:00
Martin Willi
4cb9d7a758
further fixed for mobike roaming
2007-06-25 13:26:02 +00:00
Martin Willi
02b3ec0a10
implemented address change notification (for MOBIKE)
...
implemented up to date address list cache to list interfaces
2007-06-14 15:16:15 +00:00
Martin Willi
9fe1a1ca76
introduced callback_job:
...
simple asynchronous method invocation
use daemons thread pool for all threads
proper cancellation and cleanups
cancellation mechanism to dynamically unload multithreaded code
unified event_queue and scheduler => scheduler
unified job_queue and thread_pool => processor
removed job_type_t, not really needed
fixes here, there and everywhere
2007-06-11 10:57:19 +00:00
Martin Willi
a6a039aa10
simplified capability dropping
2007-05-09 13:12:06 +00:00
Martin Willi
3cd3f48428
properly implemented interface_managers initiate, terminte_[ike|child]
...
proper thread release when stroke is CTRL+C'ed
fixed some permission issues
2007-05-09 12:33:08 +00:00
Martin Willi
6874bf698c
changing UID/GID after startup of pluto/charon
...
added --with-uid/--with-gid configure option
2007-05-07 12:38:46 +00:00
Martin Willi
66560f4267
reducing capabilities of the threads to a minimum
...
proper flush of pending packets on daemon shutdown
adding local address as gateway address in dynamic route
2007-05-03 14:21:22 +00:00
Martin Willi
a84fb01b96
restructuring of configuration backends
...
added propotypes of new control interfaces (xml & dbus)
introduced loadable:
configuration backends
control interfaces
using pluggable modules as in EAP
2007-04-27 14:25:08 +00:00
Andreas Steffen
4841189b72
implementation of strictcrlpolicy=ifuri
2007-04-20 11:12:08 +00:00
Martin Willi
217e985b41
moved initiate() code to the generic controller_t class
2007-04-16 12:52:49 +00:00
Andreas Steffen
f880eb2dca
started support of X.509 attribute certificates
2007-04-12 17:49:33 +00:00
Martin Willi
3b138b8422
cleaned up apidoc
...
added some comments
removed configuration.[ch], as it does not make sense like it is
2007-04-11 07:20:39 +00:00
Martin Willi
e0fe765152
restructured file layout
...
new configuration structure:
peer_cfg: configuration related to a peer (authenitcation, ...=
ike_cfg: config to use for IKE setup (proposals)
child_Cfg: config for CHILD_SA (proposals, traffic selectors)
a peer_cfg has one ike_cfg and multiple child_cfg's
stroke now uses fixed count of threads
2007-04-10 06:01:03 +00:00
Andreas Steffen
8883eef7b8
support cachecrls=yes
2007-04-05 17:07:14 +00:00
Andreas Steffen
e58afb1a0a
support of crlcheckinterval=0 to disable IKEv2 CRL fetching
2007-04-04 07:49:05 +00:00
Martin Willi
4deb89485c
removed send_queue, handled internally in sender_t know
...
do header parsing in receiver, ready for cookie integration
2007-03-28 13:34:02 +00:00
Andreas Steffen
54645fb275
added fetcher_finalize() to clean up libcurl
2007-03-08 17:00:32 +00:00
Andreas Steffen
9149635ffa
support if ocsp signing certificates
2007-03-08 16:47:18 +00:00
Andreas Steffen
78703918aa
http post fetching using libcurl implemented
2007-03-07 19:28:03 +00:00
Martin Willi
373b8a607f
fixed netlink socket receiver code
...
implemented interface enumeration code with netlink: no getifaddrs reqired anymore
2007-03-03 14:56:24 +00:00
Martin Willi
f27f6296e6
merged EAP framework from branch into trunk
...
includes a lot of other modifications
2007-02-12 15:56:47 +00:00
Martin Willi
5347a84f81
fixed HAVE_BACKTRACE checks
...
starter Makefile now uses proper $(COMPILE) to build pluto objects
2006-12-11 09:29:34 +00:00
Martin Willi
e696757c47
made backtrace() calls optional to support uClibc
2006-12-06 13:59:13 +00:00
Martin Willi
db7ef62494
better split up of library files "types.h" & "definitions.h"
...
centralized all printf specifier character definitions
reuse of arginfo handlers
more cleanups
fixed more AMD64 issues
added DEBUG_LEVEL compile flag to exclude DBGn() statements
2006-10-31 12:27:59 +00:00
Martin Willi
b83806d83d
improved signal handling and emitting
2006-10-26 09:46:56 +00:00
Martin Willi
60356f3375
introduced new logging subsystem using bus:
...
passive listeners can register on the bus
active listeners wait for signals actively
multiplexing allows multiple listeners to receive debug signals
a lot more...
2006-10-18 11:46:13 +00:00
Martin Willi
47f5027807
introduced printf() specifiers for:
...
host_t (%H)
identification_t (%D)
chunk pointers (%B)
memory pointer/length (%b)
added a signaling bus:
receives event and debug messages, sends them to its listeners
stream_logger, sys_logger, file_logger added, listen to bus
some other tweaks here and there
2006-09-27 14:14:44 +00:00
Andreas Steffen
e2de376c74
added PSK support
2006-09-18 07:42:57 +00:00
Martin Willi
48d9883a3e
initial support for IPv6 (more testing needed)
...
socket works (without v6 filter)
traffic selector handle IPv4/v4 cleanly
improvements in traffic selector code
kernel interface accepts v6 traffic selectors and hosts
host_t class has full IPv6 support
2006-08-30 17:12:56 +00:00
Martin Willi
4c23a8c9ec
moved interface enumeration code to socket, where it belongs
...
query interfaces every time we need it to respect changes in network config
added address listing on startup and "ipsec statusall"
2006-08-28 08:45:22 +00:00
Martin Willi
f698448ea3
implemented proper refcounting using atomic operations
2006-07-28 09:45:18 +00:00
Martin Willi
fe04e93a8b
implemented IKE_SA rekeying
...
uses ikelifetime, rekeymargin and rekeyfuzz config settings
no handling of simultaneus exchanges yet!
2006-07-27 12:18:40 +00:00
Martin Willi
c71d53ba4e
updated copyright information
2006-07-07 08:49:06 +00:00
Martin Willi
3dd3c5f39e
redesigned IKE_SA using a transaction mechanism:
...
removed old state machine
reimplemented IKE_SA setup and delete
implemented dead peer detection
implemented keep-alives
a lot of fixes
no rekeying yet
2006-07-05 10:53:20 +00:00
Martin Willi
1396815afb
first merge of NATT code
2006-06-22 06:36:28 +00:00
Martin Willi
986d23bd6e
reworked function ignore mechanism to not-report whitelist
...
rather than overriding functions
2006-06-20 10:05:56 +00:00
Martin Willi
aed58dcc93
readded local_credential_store
...
added sendcert policy to connection
some other cleanups
2006-06-20 08:43:57 +00:00
Andreas Steffen
21b433c641
implemented rereadcrls rereadcacerts
2006-06-20 06:05:01 +00:00
Martin Willi
f7eb60dd5e
2006-06-16 14:10:49 +00:00
Martin Willi
c859ec9592
fixed compilation error
2006-06-15 13:41:06 +00:00
Andreas Steffen
03442041a9
added option parsing
2006-06-14 12:42:36 +00:00
Andreas Steffen
90ed2e8278
charon outputs strongSwan version
2006-05-31 05:48:32 +00:00
Andreas Steffen
92d30836fd
load all ca certificates
2006-05-30 07:37:48 +00:00
Martin Willi
db66c624bf
- fixed daemon destruction order to prevent
...
crashes on termination
2006-05-30 06:14:23 +00:00
Martin Willi
b8577029d1
2006-05-10 08:02:49 +00:00