ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,925 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

45 Commits

Author SHA1 Message Date
Tobias Brunner f6aafb3005 Fixed some typos, courtesy of codespell 
Main change is the conversion from the British cancelling/-ed to the
American canceling/-ed.
 2021-06-25 11:32:29 +02:00
Josh Soref b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner 45c8399d78 Add missing strings to several enum string definitions 2019-10-28 14:26:32 +01:00
Tobias Brunner b9949e98c2 Some whitespace fixes 
Didn't change some of the larger testing scripts that use an inconsistent
indentation style.
 2019-08-22 15:18:06 +02:00
Tobias Brunner 02b348403a Fixed some typos, courtesy of codespell 2019-04-29 15:09:20 +02:00
Andreas Steffen 6fcb3baae8 Corrected use of PB-TNC CRETRY and SRETRY batches 
The PB-TNC finite state machine according to section 3.2 of RFC 5793
was not correctly implemented when sending either a CRETRY or SRETRY
batch. These batches can only be sent in the "Decided" state and a
CRETRY batch can immediately carry all messages usually transported
by a CDATA batch. strongSwan currently is not able to send a SRETRY
batch since full-duplex mode for PT-TLS isn't supported yet.
 2019-03-29 17:04:43 +01:00
Andreas Steffen 6a59e1fa9e tnccs-20: Defer handshake retry when sending SRETRY batch 
Set a retry_handshake flag on a TNC server when sending a SRETRY
batch and do the retry only after receiving the next CDATA batch
from the TNC client.
 2018-08-01 15:44:49 +02:00
Tobias Brunner 1b67166921 Unify format of HSR copyright statements 2018-05-23 16:32:53 +02:00
Tobias Brunner 2db6d5b8b3 Fixed some typos, courtesy of codespell 2018-02-13 12:19:54 +01:00
Tobias Brunner f871b341d7 libtnccs: Correctly read dlopen_use_rtld_now option 
Fixes: 50e4aeb22f ("libtnccs: Optionally use RTLD_NOW to load IMC/IMVs with dlopen()")
 2017-09-18 12:07:26 +02:00
Andreas Steffen fca4e70bd3 libtnccs: Fixed memory leak of global variables in libxml2 2017-05-29 10:57:34 +02:00
Tobias Brunner 525cc46cab Change interface for enumerator_create_filter() callback 
This avoids the unportable 5 pointer hack, but requires enumerating in
the callback.
 2017-05-26 13:56:44 +02:00
Andreas Steffen b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Andreas Steffen 4d83c5b4a6 Fix of the mutual TNC measurement use case 
If the IKEv2 initiator acting as a TNC server receives invalid TNC measurements
from the IKEv2 responder acting as a TNC clienti, the exchange of PB-TNC batches
is continued until the IKEv2 responder acting as a TNC server has also finished
its TNC measurements.

In the past if these measurements in the other direction were correct
the IKEv2 responder acting as EAP server declared the IKEv2 EAP authentication
successful and the IPsec connection was established even though the TNC
measurement verification on the EAP peer side failed.

The fix adds an "allow" group membership on each endpoint if the corresponding
TNC measurements of the peer are successful. By requiring a "allow" group
membership in the IKEv2 connection definition the IPsec connection succeeds
only if the TNC measurements on both sides are valid.
 2016-02-16 18:00:27 +01:00
Tobias Brunner 50e4aeb22f libtnccs: Optionally use RTLD_NOW to load IMC/IMVs with dlopen() 2015-11-09 14:37:08 +01:00
Andreas Steffen a330f72ecf Fixed AR identities in mutual TNC measurements case 2015-08-15 22:46:21 +02:00
Andreas Steffen c1c6506391 Fixed PB-TNC directionality debug message 2015-04-24 11:16:16 +02:00
Tobias Brunner d1e7b31e80 Fix years in some copyright statements 2015-04-16 09:21:00 +02:00
Andreas Steffen 883c11caa0 Added tnc/tnccs-20-fail-init and tnc/tnccs-20-fail-resp scenarios 2015-03-27 20:56:44 +01:00
Andreas Steffen 619e0b4235 Fixed PB-TNC error handling 2015-03-27 20:56:44 +01:00
Tobias Brunner 97c7dc6d14 tnccs-20: Fix error handling in build() 2015-03-25 13:23:14 +01:00
Tobias Brunner 4a5d958bc5 libtnccs: Set apidoc category to libtnccs and move plugins 2015-03-25 12:00:20 +01:00
Tobias Brunner 48087e0944 libtnccs: Fix apidoc category for split IF-TNCCS 2.0 header files 
Fixes 80322d2cee ("Split IF-TNCCS 2.0 protocol processing into
separate TNC client and server handlers").
 2015-03-25 12:00:20 +01:00
Tobias Brunner a2ec3b0546 Fixed some typos, courtesy of codespell 2015-03-25 12:00:20 +01:00
Andreas Steffen 7b4a96b2f7 Implemented PB-TNC mutual half-duplex protocol 2015-03-23 22:25:43 +01:00
Andreas Steffen c6aed8aa21 Optionally announce PB-TNC mutual protocol capability 2015-03-23 22:25:43 +01:00
Andreas Steffen 80322d2cee Split IF-TNCCS 2.0 protocol processing into separate TNC client and server handlers 2015-03-23 22:25:42 +01:00
Andreas Steffen 00cd79b678 Make access requestor IP address available to TNC server 2015-03-08 17:17:11 +01:00
Martin Willi becc382101 libnccs: Fix casts between integers and pointers 2014-06-04 15:53:07 +02:00
Martin Willi ce3e7ac57d tnc-imc/imv: Don't include <dlfcn.h> on Windows 2014-06-04 15:53:07 +02:00
Martin Willi 4163421f91 plugins: Don't link with -rdynamic on Windows 2014-06-04 15:53:02 +02:00
Andreas Steffen 3a726816a2 Increased maximum PT-TLS message size to 2MB 2014-05-31 20:37:56 +02:00
Andreas Steffen 4dda2984e3 Automatic determination of maximum PB-TNC batch and PA-TNC message size 2014-05-31 20:37:56 +02:00
Martin Willi 064fe9c963 enum: Return boolean result for enum_from_name() lookup 
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.

Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.

This also fixes several clang warnings where enums are unsigned.
 2014-05-16 15:42:07 +02:00
Tobias Brunner abd5c7bea2 libtnccs: Move settings to <ns>.tnc and <ns>.plugins with fallback 2014-02-12 14:34:34 +01:00
Martin Willi 7ae878c357 tnccs: Use chunk_map() instead of non-portable mmap() 2014-01-23 15:55:33 +01:00
Andreas Steffen 2590cd20d3 PB-TNC PDP_REFERRAL message doesn't have to be in RESULT batch 2013-10-31 12:01:47 +01:00
Tobias Brunner 348b9d82b4 libtnccs: Add dummy entry to pb_tnc_tcg_msg_infos 
That's required because the first message type in pb_tnc_tcg_msg_type_t
is 1 not 0.
 2013-10-29 13:36:15 +01:00
Tobias Brunner dd438ee22c Doxygen fixes 2013-10-15 11:25:55 +02:00
Andreas Steffen 3588299fb8 Keep a copy of the tnccs instance for PT-TLS handover 2013-10-09 19:03:07 +02:00
Andreas Steffen 2c4d772a79 Implemented TCG/PB-PDP_Referral message 2013-09-17 21:57:08 +02:00
Andreas Steffen ddfc589600 Allow vendor-specific PB-TNC messages 2013-09-17 11:19:11 +02:00
Andreas Steffen 97b1d39de5 Extract client identity and authentication type from SASL authentication 2013-08-15 23:34:22 +02:00
Andreas Steffen 12b3db5006 moved tnc_imv plugin to libtnccs thanks to recommendation callback function 2013-08-15 23:34:22 +02:00
Andreas Steffen e8f65c5cde Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon plugins to libtnccs 2013-08-15 23:34:22 +02:00