Tobias Brunner
f35578acb1
Renamed 'use' database column as that is a keyword in MySQL.
...
Reported by Stefan Tomas.
2011-09-01 09:59:37 +02:00
Martin Willi
d0e1b237be
Properly remove listener when listen() times out
2011-08-31 16:50:06 +02:00
Martin Willi
e59a50009c
starter passes unresolved DNS names to charon
...
Based on an initial patch by Mirko Parthey.
2011-08-29 09:58:18 +02:00
Thomas Jarosch
88d180c7d8
Fix file descriptor leak
...
Credit goes to "cppcheck".
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
2011-08-29 09:10:28 +02:00
Thomas Jarosch
f50ee82573
Remove redundant assignment
...
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
2011-08-29 09:10:28 +02:00
Thomas Jarosch
848567fdf2
Fix file descriptor leak on error
...
Credit goes to cppcheck.
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
2011-08-29 09:10:28 +02:00
Martin Willi
8e3f14baab
bus->listen() and the controller wrappers accept a timeout to wait for callbacks
2011-08-26 10:44:25 +02:00
Andreas Steffen
4a2ecc4147
support optional SSL passphrase for Axis2/C connection
2011-08-24 21:27:34 +02:00
Martin Willi
071903235a
Register manager of pkcs11 plugin as library object
2011-08-24 15:45:59 +02:00
Andreas Steffen
a8bbdb1f26
log entry for outbound hash-and-url
2011-08-24 06:05:44 +02:00
Riaan Kruger
2fee7bfe87
auto-detect OS name
2011-08-23 07:54:15 +02:00
Martin Willi
3f455c739d
Added a certexpire empty_string option
2011-08-22 18:42:33 +02:00
Martin Willi
e64fdfa172
Implemented CSV export functionality in certexpire plugin
2011-08-22 18:42:33 +02:00
Martin Willi
d2aeb8fdfd
Added generic cron style callback execution to certexpire plugin
2011-08-22 18:42:33 +02:00
Martin Willi
f4bdc6a3aa
Cache trustchain lifetimes for export
2011-08-22 18:42:33 +02:00
Martin Willi
b274f20a1d
Register a certexpire listener collecting trustchain information
2011-08-22 18:42:33 +02:00
Martin Willi
87ddfcc655
Added missing auth_rule_names
2011-08-22 18:42:32 +02:00
Martin Willi
c991645ff5
Moved auth_rule_names back to auth_cfg.c
2011-08-22 18:42:32 +02:00
Martin Willi
ba2201edf0
Added plugin stub of certexpire plugin
2011-08-22 18:42:32 +02:00
Martin Willi
bff1025201
Don't rekey but delete CHILD_SA to resying against NATed Windows clients
2011-08-19 09:16:17 +02:00
Martin Willi
f54bcf35af
Sync newer IKE_SA condition/extension flags in ha plugin
2011-08-19 09:16:16 +02:00
Martin Willi
61cf9f512c
Try to detect Windows Clients by looking for INTERNAL_IP4/6_SERVER attribute
2011-08-19 09:16:16 +02:00
Andreas Steffen
5c0ab65cae
shortened XAUTH and UNITY attribute short names
2011-08-16 23:37:09 +02:00
Andreas Steffen
f69f067958
fix double delete of old IKE_SA during reauthentication
2011-08-16 23:25:45 +02:00
Andreas Steffen
a022f0863d
increased message buffer to cope with NCP's innumerable UNITY Configuration Payloads
2011-08-16 23:22:20 +02:00
Andreas Steffen
65d5f6bc2b
some more typos
2011-08-15 21:43:26 +02:00
Tobias Brunner
7ebf021d37
typos: initator->initiator, authenticaion->authentication.
2011-08-15 16:31:04 +02:00
Tobias Brunner
19e12db79c
pluto: Some whitespace cleanup.
2011-08-15 15:53:26 +02:00
Andreas Steffen
6224a34481
converted libimcv into a dynamic library
2011-08-14 09:27:43 +02:00
Andreas Steffen
756fd15f55
version bump to 4.6.0dr3
2011-08-14 09:26:21 +02:00
Andreas Steffen
49c03672a3
updated strongswan.conf
2011-08-12 18:11:32 +02:00
Andreas Steffen
7e85bbda19
implement MAP client certificate authentication
2011-08-12 15:16:05 +02:00
Andreas Steffen
c7b8512cc0
cosmetics
2011-08-12 13:18:49 +02:00
Andreas Steffen
537205fa9d
implemented enforcement-report metadata
2011-08-12 13:16:02 +02:00
Andreas Steffen
ae8a984b5a
use EAP identity
2011-08-12 11:34:56 +02:00
Andreas Steffen
d6a69acba4
defined mapping of IKEv2 identity types to IF-MAP identity types
2011-08-12 11:07:29 +02:00
Tobias Brunner
9af9c6772b
If we close a duplicate SA, it is also no authentication failure.
2011-08-12 10:11:39 +02:00
Tobias Brunner
d9eaecd373
If local authentication fails, it is not really a peer auth failure.
2011-08-12 10:04:02 +02:00
Tobias Brunner
ccbe380377
Throw an alert if authentication of the peer fails (not only for initiator).
2011-08-12 10:04:02 +02:00
Tobias Brunner
7ab19d571d
Throw an alert when the peer address cannot be resolved during initiation.
2011-08-12 09:59:27 +02:00
Tobias Brunner
ff4b25f9b7
Throw an alert via bus_t when remote authentication fails.
2011-08-12 09:59:27 +02:00
Andreas Steffen
d0a9173ec9
support capability metadata
2011-08-11 15:06:19 +02:00
Tobias Brunner
45048eae23
Verify that executables are available and set (pluto|charon)start accordingly.
...
Some distributions enable both daemons but then distribute the
executables in two separate packages. If only one package is installed
but both daemons are enabled in ipsec.conf, starter will try to start
the non existing daemon over and over again, and will each time readd
the configs to the other daemon.
2011-08-11 13:38:05 +02:00
Andreas Steffen
92a1b234b4
version bump to 4.6.0dr2
2011-08-11 07:56:42 +02:00
Andreas Steffen
535798cfe3
added tnc-ifmap attributes to manpage
2011-08-10 15:58:18 +02:00
Andreas Steffen
5a2e2e0b8c
version bump to 4.6.0dr1
2011-08-10 09:29:35 +02:00
Andreas Steffen
3205e3be7a
define server_cert in strongswan.conf
2011-08-10 09:29:35 +02:00
Andreas Steffen
dcae107b5a
getting rid of axis2.html configuration
2011-08-10 09:29:34 +02:00
Andreas Steffen
9d690477c9
output PEP device addresses as metadata
2011-08-10 09:29:34 +02:00
Andreas Steffen
e37f1fd6b7
classify an EAP identity as a username
2011-08-10 09:29:34 +02:00