Tobias Brunner
f6aafb3005
Fixed some typos, courtesy of codespell
...
Main change is the conversion from the British cancelling/-ed to the
American canceling/-ed.
2021-06-25 11:32:29 +02:00
Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Tobias Brunner
45c8399d78
Add missing strings to several enum string definitions
2019-10-28 14:26:32 +01:00
Tobias Brunner
b9949e98c2
Some whitespace fixes
...
Didn't change some of the larger testing scripts that use an inconsistent
indentation style.
2019-08-22 15:18:06 +02:00
Tobias Brunner
02b348403a
Fixed some typos, courtesy of codespell
2019-04-29 15:09:20 +02:00
Andreas Steffen
6fcb3baae8
Corrected use of PB-TNC CRETRY and SRETRY batches
...
The PB-TNC finite state machine according to section 3.2 of RFC 5793
was not correctly implemented when sending either a CRETRY or SRETRY
batch. These batches can only be sent in the "Decided" state and a
CRETRY batch can immediately carry all messages usually transported
by a CDATA batch. strongSwan currently is not able to send a SRETRY
batch since full-duplex mode for PT-TLS isn't supported yet.
2019-03-29 17:04:43 +01:00
Andreas Steffen
6a59e1fa9e
tnccs-20: Defer handshake retry when sending SRETRY batch
...
Set a retry_handshake flag on a TNC server when sending a SRETRY
batch and do the retry only after receiving the next CDATA batch
from the TNC client.
2018-08-01 15:44:49 +02:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Tobias Brunner
2db6d5b8b3
Fixed some typos, courtesy of codespell
2018-02-13 12:19:54 +01:00
Tobias Brunner
f871b341d7
libtnccs: Correctly read dlopen_use_rtld_now option
...
Fixes: 50e4aeb22f
("libtnccs: Optionally use RTLD_NOW to load IMC/IMVs with dlopen()")
2017-09-18 12:07:26 +02:00
Andreas Steffen
fca4e70bd3
libtnccs: Fixed memory leak of global variables in libxml2
2017-05-29 10:57:34 +02:00
Tobias Brunner
525cc46cab
Change interface for enumerator_create_filter() callback
...
This avoids the unportable 5 pointer hack, but requires enumerating in
the callback.
2017-05-26 13:56:44 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Andreas Steffen
4d83c5b4a6
Fix of the mutual TNC measurement use case
...
If the IKEv2 initiator acting as a TNC server receives invalid TNC measurements
from the IKEv2 responder acting as a TNC clienti, the exchange of PB-TNC batches
is continued until the IKEv2 responder acting as a TNC server has also finished
its TNC measurements.
In the past if these measurements in the other direction were correct
the IKEv2 responder acting as EAP server declared the IKEv2 EAP authentication
successful and the IPsec connection was established even though the TNC
measurement verification on the EAP peer side failed.
The fix adds an "allow" group membership on each endpoint if the corresponding
TNC measurements of the peer are successful. By requiring a "allow" group
membership in the IKEv2 connection definition the IPsec connection succeeds
only if the TNC measurements on both sides are valid.
2016-02-16 18:00:27 +01:00
Tobias Brunner
50e4aeb22f
libtnccs: Optionally use RTLD_NOW to load IMC/IMVs with dlopen()
2015-11-09 14:37:08 +01:00
Andreas Steffen
a330f72ecf
Fixed AR identities in mutual TNC measurements case
2015-08-15 22:46:21 +02:00
Andreas Steffen
c1c6506391
Fixed PB-TNC directionality debug message
2015-04-24 11:16:16 +02:00
Tobias Brunner
d1e7b31e80
Fix years in some copyright statements
2015-04-16 09:21:00 +02:00
Andreas Steffen
883c11caa0
Added tnc/tnccs-20-fail-init and tnc/tnccs-20-fail-resp scenarios
2015-03-27 20:56:44 +01:00
Andreas Steffen
619e0b4235
Fixed PB-TNC error handling
2015-03-27 20:56:44 +01:00
Tobias Brunner
97c7dc6d14
tnccs-20: Fix error handling in build()
2015-03-25 13:23:14 +01:00
Tobias Brunner
4a5d958bc5
libtnccs: Set apidoc category to libtnccs and move plugins
2015-03-25 12:00:20 +01:00
Tobias Brunner
48087e0944
libtnccs: Fix apidoc category for split IF-TNCCS 2.0 header files
...
Fixes 80322d2cee
("Split IF-TNCCS 2.0 protocol processing into
separate TNC client and server handlers").
2015-03-25 12:00:20 +01:00
Tobias Brunner
a2ec3b0546
Fixed some typos, courtesy of codespell
2015-03-25 12:00:20 +01:00
Andreas Steffen
7b4a96b2f7
Implemented PB-TNC mutual half-duplex protocol
2015-03-23 22:25:43 +01:00
Andreas Steffen
c6aed8aa21
Optionally announce PB-TNC mutual protocol capability
2015-03-23 22:25:43 +01:00
Andreas Steffen
80322d2cee
Split IF-TNCCS 2.0 protocol processing into separate TNC client and server handlers
2015-03-23 22:25:42 +01:00
Andreas Steffen
00cd79b678
Make access requestor IP address available to TNC server
2015-03-08 17:17:11 +01:00
Martin Willi
becc382101
libnccs: Fix casts between integers and pointers
2014-06-04 15:53:07 +02:00
Martin Willi
ce3e7ac57d
tnc-imc/imv: Don't include <dlfcn.h> on Windows
2014-06-04 15:53:07 +02:00
Martin Willi
4163421f91
plugins: Don't link with -rdynamic on Windows
2014-06-04 15:53:02 +02:00
Andreas Steffen
3a726816a2
Increased maximum PT-TLS message size to 2MB
2014-05-31 20:37:56 +02:00
Andreas Steffen
4dda2984e3
Automatic determination of maximum PB-TNC batch and PA-TNC message size
2014-05-31 20:37:56 +02:00
Martin Willi
064fe9c963
enum: Return boolean result for enum_from_name() lookup
...
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.
Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.
This also fixes several clang warnings where enums are unsigned.
2014-05-16 15:42:07 +02:00
Tobias Brunner
abd5c7bea2
libtnccs: Move settings to <ns>.tnc and <ns>.plugins with fallback
2014-02-12 14:34:34 +01:00
Martin Willi
7ae878c357
tnccs: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:33 +01:00
Andreas Steffen
2590cd20d3
PB-TNC PDP_REFERRAL message doesn't have to be in RESULT batch
2013-10-31 12:01:47 +01:00
Tobias Brunner
348b9d82b4
libtnccs: Add dummy entry to pb_tnc_tcg_msg_infos
...
That's required because the first message type in pb_tnc_tcg_msg_type_t
is 1 not 0.
2013-10-29 13:36:15 +01:00
Tobias Brunner
dd438ee22c
Doxygen fixes
2013-10-15 11:25:55 +02:00
Andreas Steffen
3588299fb8
Keep a copy of the tnccs instance for PT-TLS handover
2013-10-09 19:03:07 +02:00
Andreas Steffen
2c4d772a79
Implemented TCG/PB-PDP_Referral message
2013-09-17 21:57:08 +02:00
Andreas Steffen
ddfc589600
Allow vendor-specific PB-TNC messages
2013-09-17 11:19:11 +02:00
Andreas Steffen
97b1d39de5
Extract client identity and authentication type from SASL authentication
2013-08-15 23:34:22 +02:00
Andreas Steffen
12b3db5006
moved tnc_imv plugin to libtnccs thanks to recommendation callback function
2013-08-15 23:34:22 +02:00
Andreas Steffen
e8f65c5cde
Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon plugins to libtnccs
2013-08-15 23:34:22 +02:00