37884ab10f
Add locking to TNC-PDP connections
2013-02-14 17:19:49 +01:00
d20a2cc5f3
Add IF-M message subtype getter to IMC/IMV messages
2013-02-14 17:18:24 +01:00
bbe9261bbf
Use a generic constructor to create PA-TNC error attributes
2013-02-14 17:18:00 +01:00
4755ab505d
Add a global return_success() method implementation
2013-02-14 17:17:45 +01:00
de32b8aed6
Add a convenience method to check pen_type_t for vendor and type
2013-02-14 17:17:30 +01:00
d03b338487
Add a comparison function for pen_type_t
2013-02-14 17:17:22 +01:00
9db54bbcd4
Whitespace and comment cleanups in pen.[ch]
2013-02-14 17:17:07 +01:00
f838f457a8
resolve dependency on libtls
2013-02-14 17:15:33 +01:00
e212033ef2
Merge branch 'ike-dscp'
2013-02-14 17:11:35 +01:00
285668b6e3
Check if recommendations is set before applying language preference
2013-02-14 17:09:28 +01:00
a9df87bf89
PT-TLS dispatcher TNCCS constructor takes peer identities to pass to factory
2013-02-14 17:09:28 +01:00
8b56943222
Merge branch 'pt-tls'
2013-02-14 17:06:07 +01:00
46ae05dd17
Remove leading zeros in SCEP certificate serialNumbers
2013-02-14 16:56:32 +01:00
96a2d2077b
Fix 'stroke loglevel any'
...
Before b46a5cd4
2013-02-13 12:18:20 +01:00
5374fe3a09
added ikev1/net2net-fragmentation scenario
2013-02-12 23:01:48 +01:00
bac1052dea
treat EAP identities as user IDs
2013-02-12 21:58:03 +01:00
7d355f853d
use EAP identity in tnc/tnccs-20-pdp scenario
2013-02-12 20:41:37 +01:00
2a421163bf
make TNC client authentication type available to IMVs
2013-02-12 20:38:05 +01:00
3e56352815
determine underlying IF-T transport protocol
2013-02-12 12:25:39 +01:00
bd1ee5bdc4
make AR identities available to IMVs via IF-IMV 1.4 draft
2013-02-11 15:30:44 +01:00
ebb87f08f7
Make IKE/EAP IDs available to TNC server/client
2013-02-11 15:30:44 +01:00
98063d8187
Don't use a time_t variable with fscanf when parsing uptime
...
Because "%u" is used as format string in the fscanf call that parses the
uptime and because the length of time_t varies on different platforms
and architectures the value was not written properly if time_t was longer
than an unsigned int and depending on how the target variable was aligned
on the stack. Since there is no conversion specifier to properly parse a
time_t value we use the appropriate integer type instead.
2013-02-08 11:33:13 +01:00
af5452ba76
Allow more than one CERTREQ payload for IKEv2
...
There is no reason not to do so (RFC 5996 explicitly mentions multiple
CERTREQ payloads) and some implementations seem to use the same behavior
as had to be used with IKEv1 (i.e. each CA in its own CERTREQ payload).
2013-02-08 11:28:56 +01:00
f476ff84f3
Add a --httptimeout option to scepclient
2013-02-08 11:09:33 +01:00
763e86c093
Use CURL_TIMEOUT and not CURL_CONNECTTIMEOUT for FETCHER_TIMEOUT in curl
...
This allows us to use this timeout beyond DNS resolution. For the initial
connect, we use a hardcoded timeout of 10s for now.
2013-02-08 11:08:06 +01:00
88f4cd3988
Add ikedscp documentation to ipsec.conf.5
2013-02-06 15:42:14 +01:00
7fbe516f88
Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets
2013-02-06 15:36:36 +01:00
5b15bd5f9d
Set configured DSCP value while generating IKE packets
2013-02-06 15:20:32 +01:00
306a269e34
Add a DSCP configuration value to IKE configs
2013-02-06 15:20:32 +01:00
ea5917afd8
Set DSCP values when sending IP packets in socket-default
2013-02-06 15:20:32 +01:00
6e82269ee6
Don't send a packet in default socket if family is not IPv4 nor IPv6
2013-02-06 15:20:32 +01:00
1116689944
Add a DSCP value with getter/setter on packet_t
2013-02-06 15:20:32 +01:00
6c37daaa3b
Avoid extensive casting of sockaddr types in socket-default by using a union
...
Additionally fixes a strict-aliasing rule compiler warning with older gcc.
2013-02-06 15:20:32 +01:00
82c884c015
Set sockaddr family on ifreq instead of casted familiy specific sockaddr
...
Fixes a strict-aliasing rule compiler warning with older gcc.
2013-02-06 15:20:32 +01:00
2ccdc19ed9
Report enabled plugins at the end of configure
2013-02-04 16:24:58 +01:00
f2b508c1ab
Streamlined comments in configure.in
...
dnl should only be used in rare cases (like escaping newlines)
2013-02-04 16:24:58 +01:00
39a6c39519
Updated configure.in to newer autoconf
...
AC_TRY_COMPILE and AC_TRY_RUN are deprecated. The new construct with
AC_*_IFELSE and AC_LANG_PROGRAM requires double quoting the source code
of these test programs.
2013-02-04 16:24:58 +01:00
eaf752d203
Add a configure option to disable all default plugins
...
The --disable-defaults option disables all plugins that would be
enabled by default. This allows to selectively enable specific plugins
without issues when new default options get added in future releases.
2013-02-04 16:24:58 +01:00
cf29fc075a
time is a time_t pointer
2013-02-04 13:05:29 +01:00
1f6ee9ec44
version bump to 5.0.3dr1
2013-02-04 07:51:07 +01:00
ba62be506a
improved control when an attribute request is sent
2013-02-03 20:48:05 +01:00
459c50ccb8
print PEN value 0xfffffe as Unassigned
2013-02-03 18:52:59 +01:00
818fe7c024
send an error attribute if vendor ID or type of received attribute is reserved
2013-02-03 18:52:03 +01:00
a3a190b7bd
openssl: Properly honor OPENSSL_NO_* defines
2013-01-31 17:33:23 +01:00
25637aa5d8
Fix Doxygen comment for rdrand plugin
2013-01-31 12:11:37 +01:00
9d9410e7b9
Typo in strongswan.conf(5) man page fixed
2013-01-31 11:52:11 +01:00
d830174e3c
version bump to 5.0.2
2013-01-30 07:51:44 +01:00
c186b3940a
Documented new options in strongswan.conf(5) man page
2013-01-25 20:22:20 +01:00
58fd1f3eef
Don't use pointer to a union member in host_create_from_string_and_family()
2013-01-25 13:18:50 +01:00
572a707765
Properly check MSB in openssl plugin's PKCS#7 implementation
2013-01-24 23:36:02 +01:00
Martin Willi