Martin Willi
37884ab10f
Add locking to TNC-PDP connections
2013-02-14 17:19:49 +01:00
Martin Willi
d20a2cc5f3
Add IF-M message subtype getter to IMC/IMV messages
2013-02-14 17:18:24 +01:00
Martin Willi
bbe9261bbf
Use a generic constructor to create PA-TNC error attributes
2013-02-14 17:18:00 +01:00
Martin Willi
4755ab505d
Add a global return_success() method implementation
2013-02-14 17:17:45 +01:00
Martin Willi
de32b8aed6
Add a convenience method to check pen_type_t for vendor and type
2013-02-14 17:17:30 +01:00
Martin Willi
d03b338487
Add a comparison function for pen_type_t
2013-02-14 17:17:22 +01:00
Martin Willi
9db54bbcd4
Whitespace and comment cleanups in pen.[ch]
2013-02-14 17:17:07 +01:00
Andreas Steffen
f838f457a8
resolve dependency on libtls
2013-02-14 17:15:33 +01:00
Martin Willi
e212033ef2
Merge branch 'ike-dscp'
2013-02-14 17:11:35 +01:00
Martin Willi
285668b6e3
Check if recommendations is set before applying language preference
2013-02-14 17:09:28 +01:00
Martin Willi
a9df87bf89
PT-TLS dispatcher TNCCS constructor takes peer identities to pass to factory
2013-02-14 17:09:28 +01:00
Martin Willi
8b56943222
Merge branch 'pt-tls'
2013-02-14 17:06:07 +01:00
Martin Willi
46ae05dd17
Remove leading zeros in SCEP certificate serialNumbers
2013-02-14 16:56:32 +01:00
Tobias Brunner
96a2d2077b
Fix 'stroke loglevel any'
...
Before b46a5cd4
this worked if debug_t was unsigned. In that case -1,
as returned by enum_from_name(), would result in a large positive number.
So any unknown debug group (including 'any') had the same effect that
was only intended for 'any'.
2013-02-13 12:18:20 +01:00
Andreas Steffen
5374fe3a09
added ikev1/net2net-fragmentation scenario
2013-02-12 23:01:48 +01:00
Andreas Steffen
bac1052dea
treat EAP identities as user IDs
2013-02-12 21:58:03 +01:00
Andreas Steffen
7d355f853d
use EAP identity in tnc/tnccs-20-pdp scenario
2013-02-12 20:41:37 +01:00
Andreas Steffen
2a421163bf
make TNC client authentication type available to IMVs
2013-02-12 20:38:05 +01:00
Andreas Steffen
3e56352815
determine underlying IF-T transport protocol
2013-02-12 12:25:39 +01:00
Andreas Steffen
bd1ee5bdc4
make AR identities available to IMVs via IF-IMV 1.4 draft
2013-02-11 15:30:44 +01:00
Andreas Steffen
ebb87f08f7
Make IKE/EAP IDs available to TNC server/client
2013-02-11 15:30:44 +01:00
Tobias Brunner
98063d8187
Don't use a time_t variable with fscanf when parsing uptime
...
Because "%u" is used as format string in the fscanf call that parses the
uptime and because the length of time_t varies on different platforms
and architectures the value was not written properly if time_t was longer
than an unsigned int and depending on how the target variable was aligned
on the stack. Since there is no conversion specifier to properly parse a
time_t value we use the appropriate integer type instead.
2013-02-08 11:33:13 +01:00
Tobias Brunner
af5452ba76
Allow more than one CERTREQ payload for IKEv2
...
There is no reason not to do so (RFC 5996 explicitly mentions multiple
CERTREQ payloads) and some implementations seem to use the same behavior
as had to be used with IKEv1 (i.e. each CA in its own CERTREQ payload).
2013-02-08 11:28:56 +01:00
Martin Willi
f476ff84f3
Add a --httptimeout option to scepclient
2013-02-08 11:09:33 +01:00
Martin Willi
763e86c093
Use CURL_TIMEOUT and not CURL_CONNECTTIMEOUT for FETCHER_TIMEOUT in curl
...
This allows us to use this timeout beyond DNS resolution. For the initial
connect, we use a hardcoded timeout of 10s for now.
2013-02-08 11:08:06 +01:00
Martin Willi
88f4cd3988
Add ikedscp documentation to ipsec.conf.5
2013-02-06 15:42:14 +01:00
Martin Willi
7fbe516f88
Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets
2013-02-06 15:36:36 +01:00
Martin Willi
5b15bd5f9d
Set configured DSCP value while generating IKE packets
2013-02-06 15:20:32 +01:00
Martin Willi
306a269e34
Add a DSCP configuration value to IKE configs
2013-02-06 15:20:32 +01:00
Martin Willi
ea5917afd8
Set DSCP values when sending IP packets in socket-default
2013-02-06 15:20:32 +01:00
Martin Willi
6e82269ee6
Don't send a packet in default socket if family is not IPv4 nor IPv6
2013-02-06 15:20:32 +01:00
Martin Willi
1116689944
Add a DSCP value with getter/setter on packet_t
2013-02-06 15:20:32 +01:00
Martin Willi
6c37daaa3b
Avoid extensive casting of sockaddr types in socket-default by using a union
...
Additionally fixes a strict-aliasing rule compiler warning with older gcc.
2013-02-06 15:20:32 +01:00
Martin Willi
82c884c015
Set sockaddr family on ifreq instead of casted familiy specific sockaddr
...
Fixes a strict-aliasing rule compiler warning with older gcc.
2013-02-06 15:20:32 +01:00
Tobias Brunner
2ccdc19ed9
Report enabled plugins at the end of configure
2013-02-04 16:24:58 +01:00
Tobias Brunner
f2b508c1ab
Streamlined comments in configure.in
...
dnl should only be used in rare cases (like escaping newlines)
2013-02-04 16:24:58 +01:00
Tobias Brunner
39a6c39519
Updated configure.in to newer autoconf
...
AC_TRY_COMPILE and AC_TRY_RUN are deprecated. The new construct with
AC_*_IFELSE and AC_LANG_PROGRAM requires double quoting the source code
of these test programs.
2013-02-04 16:24:58 +01:00
Tobias Brunner
eaf752d203
Add a configure option to disable all default plugins
...
The --disable-defaults option disables all plugins that would be
enabled by default. This allows to selectively enable specific plugins
without issues when new default options get added in future releases.
2013-02-04 16:24:58 +01:00
Andreas Steffen
cf29fc075a
time is a time_t pointer
2013-02-04 13:05:29 +01:00
Andreas Steffen
1f6ee9ec44
version bump to 5.0.3dr1
2013-02-04 07:51:07 +01:00
Andreas Steffen
ba62be506a
improved control when an attribute request is sent
2013-02-03 20:48:05 +01:00
Andreas Steffen
459c50ccb8
print PEN value 0xfffffe as Unassigned
2013-02-03 18:52:59 +01:00
Andreas Steffen
818fe7c024
send an error attribute if vendor ID or type of received attribute is reserved
2013-02-03 18:52:03 +01:00
Tobias Brunner
a3a190b7bd
openssl: Properly honor OPENSSL_NO_* defines
2013-01-31 17:33:23 +01:00
Tobias Brunner
25637aa5d8
Fix Doxygen comment for rdrand plugin
2013-01-31 12:11:37 +01:00
Tobias Brunner
9d9410e7b9
Typo in strongswan.conf(5) man page fixed
2013-01-31 11:52:11 +01:00
Andreas Steffen
d830174e3c
version bump to 5.0.2
2013-01-30 07:51:44 +01:00
Tobias Brunner
c186b3940a
Documented new options in strongswan.conf(5) man page
2013-01-25 20:22:20 +01:00
Tobias Brunner
58fd1f3eef
Don't use pointer to a union member in host_create_from_string_and_family()
2013-01-25 13:18:50 +01:00
Tobias Brunner
572a707765
Properly check MSB in openssl plugin's PKCS#7 implementation
2013-01-24 23:36:02 +01:00