e5455e9413
imv-os: check_packages() fails if product query fails
2013-07-24 16:17:22 +02:00
cfca183d55
pkcs5: Add missing break statements when checking crypto primitives
2013-07-24 16:17:22 +02:00
346a4a1fc2
imv-scanner: Properly check snprintf() return value
2013-07-24 16:17:22 +02:00
16748bdff7
socket-dynamic: Properly initialize IPv6 address
2013-07-24 16:17:22 +02:00
5baec6448d
unit-tests: Add test for host_create_netmask()
2013-07-24 16:17:21 +02:00
6e2ec33f9d
host: Prevent overflow in host_create_netmask() if mask is 0 or 32/128
2013-07-24 16:17:03 +02:00
a00ac1d9ee
imv-attestation: Use proper cast for length when using %.*s
2013-07-24 10:54:47 +02:00
0c76d820dc
tnc-ifmap: Use proper cast for length when using %.*s
2013-07-24 10:54:47 +02:00
cfdd23b967
capabilities: Proper error handling when reading groups
2013-07-24 10:54:26 +02:00
3021139f6f
strongswan.conf: Moved some stuff around
2013-07-23 12:23:05 +02:00
5b1e3d3fdc
ipsec: Add --piddir to retrieve the PID/socket directory
2013-07-22 18:12:04 +02:00
517823b466
starter: Properly refer to the ipsec script if it was renamed
2013-07-22 18:00:19 +02:00
62293ed271
coupling: Fix call to call_hook()
2013-07-22 17:53:56 +02:00
2ed8b36a8a
strongswan.conf: Add missing options
2013-07-22 17:46:41 +02:00
146fa8b2d3
charon-xpc: Use correct namespace when setting default settings
2013-07-22 17:44:37 +02:00
a14d907e33
tnc-pdp: Fix reading port setting from strongswan.conf
2013-07-22 17:43:54 +02:00
2b1ac51c9c
fixed typo
2013-07-19 20:07:32 +02:00
645e9291f0
updated some TNC scenarios
2013-07-19 19:36:07 +02:00
dcd5129c25
processor: force synchronous execute_job() if set_threads(0) has been called
...
During daemon shutdown, some idle threads might be lingering around even if
set_threads(0) already has been called. To avoid any races, we enforce
synchronous execution of the job.
2013-07-19 15:30:22 +02:00
2fa92ad256
proposal: correctly enumerate registered AEADs to build default IKE proposal
...
AEADs are not returned (anymore) with the encryption enumerator.
2013-07-19 15:05:17 +02:00
3cd01df785
Version bump to 5.1.0rc1
2013-07-19 10:40:53 +02:00
82b1a38601
tkm: Properly refer to includes now that AM_CPPFLAGS is used
2013-07-19 09:02:04 +02:00
8f1b44b40c
keychain: Use AM_CPPFLAGS instead of INCLUDES
2013-07-19 09:01:39 +02:00
0ceb288815
Fix various API doc issues and typos
...
Partially based on an old patch by Adrian-Ken Rueegsegger.
2013-07-18 18:30:36 +02:00
cb6c4e0430
identification: parse identities having a "@@" prefix as ID_RFC822_ADDR
...
Original patch by Gerald Richter.
2013-07-18 16:45:10 +02:00
c3b8335cfb
NEWS: mention watcher and stream services
2013-07-18 16:10:48 +02:00
666dff70eb
Merge branch 'ipc-service'
...
Adds network transparency and TCP support to the IPC interfaces of different
plugins using the new stream and stream service classes. A central watcher
thread can watch multiple file descriptors to handle connection requests
for these and other services using only a single thread.
2013-07-18 16:03:14 +02:00
b4b3959b22
stream-service: move CAP_CHOWN check from plugins to service constructor
...
A plugin service can be a TCP socket now, so it does not make much sense
to strictly check for CAP_CHOWN.
2013-07-18 16:00:31 +02:00
1897dd730f
processor: remove the now unused get_threads() method again
2013-07-18 16:00:31 +02:00
ea009869e9
watcher: use processors new execute_job() to notify FDs
...
Just queueing is problematic, as all threads might be busy waiting for events
that the queued (but never executed) job delivers.
2013-07-18 16:00:31 +02:00
6653e6c13e
processor: add an execute_job() method to directly execute an important job
...
If all worker threads are busy and waiting for an event, we must ensure that
a job delivering that event gets executed. This new method has this property
for CRITICAL jobs, using a worker if we have one, but executing the job directly
if not.
2013-07-18 16:00:31 +02:00
55240835b0
watcher: properly support multiple watch callback types for the same FD
2013-07-18 16:00:31 +02:00
d0c25a3f23
watcher: read multiple notifications if available
...
Use non-blocking I/O on the read end of the notify pipe. This also makes sure
the read does not block should select() signal data while there is none.
2013-07-18 16:00:31 +02:00
8fc89db7b6
certexpire: add an option to enforce exporting trustchains having a private key
2013-07-18 16:00:31 +02:00
868abd0626
error-notify: catch and forward some alerts related to certificate validation
2013-07-18 16:00:30 +02:00
58750670cf
bus: raise certificate validation alerts using credential manager hook
2013-07-18 16:00:30 +02:00
4d7a762871
credmgr: introduce a hook function to catch trust chain validation errors
2013-07-18 16:00:30 +02:00
f7cff7fac4
lookip: double size of id field in message
2013-07-18 16:00:30 +02:00
f33d1d503f
error-notify: increase size of string/identity fields in messages
2013-07-18 16:00:30 +02:00
0a35ae781d
whitelist: use a read-copy when listing entries
...
While this requires a little more overhead, we can free the lock should the
stream block, allowing other threads to add/remove entries.
2013-07-18 16:00:30 +02:00
0ccc5bb216
whitelist: fix error handling when creating the socket fails
2013-07-18 16:00:30 +02:00
d3278c1f73
lookip: fix error handling when creating the socket fails
2013-07-18 16:00:30 +02:00
cfdb5f4855
error-notify: fix error handling when creating the socket fails
2013-07-18 16:00:30 +02:00
46666dd3c1
kernel-pfroute: use watcher to receive kernel events
2013-07-18 16:00:30 +02:00
7f698daef9
kernel-pfkey: use watcher to receive networking events
2013-07-18 16:00:30 +02:00
f4f77d7467
kernel-netlink: use watcher to receive kernel events for net/ipsec
2013-07-18 16:00:30 +02:00
5f755cef46
eap-radius: use watcher instead of receiver thread on DAE socket
2013-07-18 16:00:30 +02:00
c0db5d3845
dhcp: use watcher instead of dedicated receiver thread
2013-07-18 16:00:30 +02:00
17028e29c2
farp: use watcher instead of dedicated receiver thread
2013-07-18 16:00:29 +02:00
73da4ed849
load-tester: use a stream service to dispatch control connections
2013-07-18 16:00:29 +02:00
Tobias Brunner