d30df6ff3d
stroke: Usage output updated.
2011-05-16 18:47:52 +02:00
92abe2bd68
Update working thread count without allocation.
2011-05-16 18:28:03 +02:00
21692169b9
Make sure working thread count is correctly updated
2011-05-16 15:24:16 +02:00
4baf1f3bfe
Migrated controller_t to INIT/METHOD macros
2011-05-16 15:24:15 +02:00
83245de0ac
Provide get_priority() method in controller jobs
2011-05-16 15:24:15 +02:00
c8972da757
Added a load tester strongswan.conf option to throttle initiation
2011-05-16 15:24:15 +02:00
8606725676
Migrated load_tester_listern to INIT/METHOD macros
2011-05-16 15:24:15 +02:00
a4c040d536
Added strongswan.conf option to override half open IKE_SA timeout
2011-05-16 15:24:15 +02:00
14bf2f689d
Use CRITICAL job priority class for long running dispatcher jobs
2011-05-16 15:24:15 +02:00
1c8f58adb9
Introduce a highest priority job for critical thread services
2011-05-16 15:24:15 +02:00
4cf6f101d8
Show total and half-open SA count in statusall
2011-05-16 15:24:15 +02:00
9a96ba4b6e
Added a get_count() method to IKE_SA manager
2011-05-16 15:24:15 +02:00
a836cf8085
Fixed identiation in private_ike_sa_manager
2011-05-16 15:24:15 +02:00
c6089e252d
Added a callback_job constructor supporting custom priorities
2011-05-16 15:24:15 +02:00
0b04bdde30
Added a DPD option for load-tester
2011-05-16 15:24:14 +02:00
015c15688c
Don't simulate traffic on load-tester kernel interface
2011-05-16 15:24:14 +02:00
c726b1a6a5
Show how many threads are active in each class in statusall
2011-05-16 15:24:14 +02:00
877fdcf0b8
Count number of threads active in each class, and reserve threads only if none active
2011-05-16 15:24:14 +02:00
a694b481ee
Added a statusallnb stroke command to show status non-blocking
2011-05-16 15:24:14 +02:00
a2302d2322
Added init_limit_half_open and a init_limit_job_load (replacing job_threshold) options, some refactorings
2011-05-16 15:24:14 +02:00
a1bf879a43
Added preshared_key/eap_password load_tester options to set custom credentials
2011-05-16 15:24:14 +02:00
ac96ca80eb
Added initiator/responder_id load tester options to enforce different identities
2011-05-16 15:24:14 +02:00
187bf24e4d
Migrated load_tester_config to INIT/METHOD macros
2011-05-16 15:24:13 +02:00
8e67b5413c
Migrated load_tester_creds to INIT/METHOD macros
2011-05-16 15:24:13 +02:00
e13819507e
Fix load tester shared key enumerator, provide dedicated EAP password
2011-05-16 15:24:13 +02:00
69c3eca0e9
Added a non-blocking, skipping variant of IKE_SA enumerator
2011-05-16 15:24:13 +02:00
3f06403705
Added a job_threshold option to drop IKE_SA_INITs if a certain job load reached
2011-05-16 15:24:13 +02:00
06f0ede759
Use high priority for retransmit/dpd/keepalive jobs
2011-05-16 15:24:13 +02:00
ea69c70d0e
Use job priorities in process_message job based on exchange types
2011-05-16 15:24:13 +02:00
68f56418cd
Reserve threads for job priority classes based on strongswan.conf options
2011-05-16 15:24:13 +02:00
2959ea6f84
Added job priority enum names
2011-05-16 15:24:13 +02:00
c73d4f53f5
Processor job scheduling respects job priority classes
2011-05-16 15:24:13 +02:00
f77203bbfb
Introduce priority classes for jobs
2011-05-16 15:24:12 +02:00
dfe9bad981
Added a stroke memusage command to show memory usage
2011-05-16 15:22:21 +02:00
fce3b5c3ba
Added a leak detective method to report current memory usage with backtraces
2011-05-16 15:22:21 +02:00
f37e8252a3
Make leak detective public
2011-05-16 15:22:21 +02:00
42e0f26e53
Migrated leak_detective to INIT/METHOD macros
2011-05-16 15:22:21 +02:00
61a141d01c
Added a frame enumerator to backtrace_t
2011-05-16 15:22:21 +02:00
c238e8ea86
Added an equals function to backtrace_t
2011-05-16 15:22:21 +02:00
79edee7422
Migrated backtrace_t to METHOD macro
2011-05-16 15:22:21 +02:00
19ae24f0ea
fixed whitelist enabling
2011-05-14 17:09:45 +02:00
706ae005c6
do not call recommendations if recs does not exist
2011-05-14 16:36:05 +02:00
cc546c3ce6
Restrict IMCs and IMVs to call SendMessage()
2011-05-14 13:31:16 +02:00
0e080d9b64
Don't compile login() in openssl_rsa_private_key_t if ENGINE support is disabled in OpenSSL.
2011-05-13 13:11:11 +02:00
38a93a3cd9
fetcher.c added to Android.mk.
2011-05-13 13:09:38 +02:00
6fd23444ea
Disable whitelist plugin by default
2011-05-12 09:07:14 +02:00
4b6ebf9995
Protect the communication with the SIM card during a transaction from access by a second application
2011-05-12 06:20:11 +02:00
e8a512f800
protection against insane IMCs and IMVs
2011-05-11 19:34:01 +02:00
61e3819d04
Do not use deprecated vte_terminal_fork_command()
2011-05-11 12:12:02 +02:00
38865eced3
Return correct status code in kernel_netlink_ipsec_t.query_sa.
2011-05-10 15:45:42 +02:00
70f918ec1d
chunk_clear not clear_chunk.
2011-05-10 15:40:46 +02:00
59965aaf96
pluto: Securely wipe quick mode keys from memory.
...
Keying material is derived in two separate steps for local and remote
endpoint. This allows us to securely wipe local/remote secrets
separately, too -- a precondition to wipe quick mode keys from memory in
a secure fashion.
2011-05-10 15:39:00 +02:00
9e6bb93ab9
pluto: Securely wipe sensitive data from memory.
2011-05-10 15:19:46 +02:00
261d5f22db
terminate imc/imv that couldn't be initialized properly
2011-05-10 07:03:50 +02:00
bb6b2fbb81
lock the set_message_types() method for imvs
2011-05-09 16:46:08 +02:00
375ac27609
cosmetics
2011-05-09 16:46:08 +02:00
f7812f6492
Wipe memory after using key material (incomplete, to be continued)
2011-05-09 14:36:15 +02:00
7dc48bab1b
Use memwipe() in chunk_clear()
2011-05-09 14:36:14 +02:00
ed678b52e2
Added a memwipe() function to safely overwrite sensitive memory
2011-05-09 14:36:14 +02:00
52cab8874b
fixed debug output
2011-05-09 00:49:59 +02:00
d6eec513f1
adapted state_machine for retry batches
2011-05-09 00:49:36 +02:00
ff30e06bf0
lock the set_message_types() method
2011-05-07 17:51:53 +02:00
2c3464af46
added missing comma
2011-05-07 10:22:57 +02:00
50a43c79a6
refactored tnccs->remove_connection()
2011-05-06 15:13:05 +02:00
51f259a82d
id of non-registered threads defaults to 0
2011-05-06 06:22:19 +02:00
e7643c92d3
Migrated scheduler_t to INIT/METHOD macros
2011-05-05 11:14:51 +02:00
cda46be72a
Migrated callback_job to INIT/METHOD macros
2011-05-05 11:14:51 +02:00
3316742969
Migrated processor to INIT/METHOD macros
2011-05-05 11:14:50 +02:00
e35727c14d
Fix algorithm type for signers, fixes warning with gcc 4.5
2011-05-03 11:33:40 +02:00
b4c9ab9c79
Cache group name in sys_logger_t to avoid problems with Vstr.
...
Because syslog(3) is not replaced when using the Vstr wrapper, %N can
not be resolved properly.
2011-05-03 10:50:28 +02:00
b7cb8100c4
Migrated sys_logger_t to INIT/METHOD macros.
2011-05-03 10:21:58 +02:00
5bbe0ee18c
Migrated file_logger_t to INIT/METHOD macros.
2011-05-03 10:21:03 +02:00
7b12521679
Removed superfluous parameter missed in e5e5bcc92f.
2011-05-02 17:13:14 +02:00
aca6434ba9
Fix a potential memleak if two threads fingerprint a credential simultaneously
2011-05-02 15:05:41 +02:00
33bad71ce9
Accept name fields in EAP-MD5 messages
2011-05-02 09:57:58 +02:00
ca0341bf85
added missing tab
2011-04-28 13:30:40 +02:00
083fe967e5
adapted debug output
2011-04-28 13:28:40 +02:00
02472e3417
do not send messages of type TNC_VENDORID_ANY or subtye TNC_SUBTYPE_ANY
2011-04-28 13:28:40 +02:00
68447302d6
Typo fixed.
2011-04-28 12:50:30 +02:00
7d39f3e1b9
log unsupported IMC_IMV message types
2011-04-28 02:27:08 +02:00
e7f21e33b1
list registered TNCCS message types
2011-04-28 01:35:45 +02:00
67ec2be665
IKEv2 was only partially the default for connections with auto=route and auto=start.
...
Connections with auto=route and auto=start that did not have
keyexchange=ikev2 explicitly specified did get added to charon,
but did not get routed or started by charon.
2011-04-27 11:33:06 +02:00
cce8f65232
Fixed two typos in kernel-pfroute plugin.
2011-04-26 17:58:39 +02:00
8af1e3606b
fixed loop error in parsing of OCSP basic responses
2011-04-26 12:32:19 +02:00
6ab1a83059
Migrated eap_sim_file to INIT/METHOD macros
2011-04-22 11:30:42 +02:00
406051ea4e
fixed segmentation fault due to null pointer
2011-04-22 10:11:16 +02:00
4b06f9f265
debug type is EAP_TLS
2011-04-21 21:04:11 +02:00
2778b6644b
do not include length field in non-fragmented EAP-PEAP packets
2011-04-21 19:52:49 +02:00
c223ccd174
Win 7 accepts compressed EAP Identity request
2011-04-21 19:52:49 +02:00
20c428b670
added level 3 debug output of forwarded EAP payloads
2011-04-21 19:52:49 +02:00
f9a552f011
Resolve and connect to RADIUS servers not before required
2011-04-21 14:01:25 +02:00
5b0bcfb1fc
Revert alloc_str changes
...
This reverts commit fdead26ffe3e2419ebe317ce69b47a
2011-04-21 13:35:31 +02:00
fdead26ffe
If key not found, strdup default value, too
2011-04-21 10:57:17 +02:00
3e2419ebe3
Use thread save settings alloc_str function where appropriate
2011-04-21 10:48:16 +02:00
17ce69b47a
Added a thread save, allocating settings get_str variant called alloc_str
2011-04-21 10:10:26 +02:00
6d41218ced
Be a little more liberal in checking maximum payload count
2011-04-20 15:15:00 +02:00
f7aca91603
Accept IKE_SA_INIT responses without CERTIFICATE_REQUESTs
2011-04-20 15:04:02 +02:00
4778655726
Cast size_t len arguments to %.*s to int
2011-04-20 13:08:32 +02:00
52846ec820
Remove superfluous test for peer_cfg on established IKE_SAs
2011-04-20 12:31:29 +02:00
98788537be
Synchronize ESN support in HA plugin
2011-04-20 12:26:58 +02:00
390b38b8c9
Add NO_EXT_SEQ_NUMBER to proposal only if it has not been specified in string
2011-04-20 12:26:58 +02:00
f8b26c452a
Added proposal keywords for ESN support
2011-04-20 12:26:58 +02:00
bd01b9d8b2
Install ESN SAs if such a proposal has been negotiated
2011-04-20 12:26:58 +02:00
05e9589783
Copy ESN enabled replay state during update_sa, if supported
2011-04-20 12:26:58 +02:00
ee8c89e2ee
Add ESN support to kernel netlink plugin, including custom replay windows
2011-04-20 12:26:58 +02:00
4876d4f3b3
Added an esn parameter to the kernel interface add_sa functions
2011-04-20 12:26:57 +02:00
f7925cad04
Updated copy of linux/xfrm.h to 2.6.39, featuring ESN support
2011-04-20 12:26:57 +02:00
dd0696ec8e
Use strncpy when reading smartcard keyids from ipsec.secrets.
2011-04-19 18:00:16 +02:00
6e0c82141f
pluto: Replaced some strcpy usages with strncpy.
2011-04-19 17:35:57 +02:00
81b598ca5f
openac: --out is a mandatory argument.
2011-04-19 17:35:57 +02:00
2bf1d44f7b
openac: Fixed potential overflow while reading passphrase.
2011-04-19 13:48:51 +02:00
68e9275134
openac: Make sure path is null-terminated.
2011-04-19 13:48:51 +02:00
2653c08513
pluto: Make sure connection name is null-terminated during DPD restart.
2011-04-19 13:48:51 +02:00
f36a6ebd30
starter: Make sure interface name is null-terminated.
2011-04-19 13:48:51 +02:00
e0d388f2e3
Use proper return value for ietf_attr_t.compare.
2011-04-19 13:48:50 +02:00
e78c915241
scepclient: Proper handling of multiple received certificates.
2011-04-19 13:48:50 +02:00
00b9f755f8
pool: Proper cleanup in error cases when adding addresses from a file.
2011-04-19 13:48:50 +02:00
e5143952f0
pool: Proper handling of address family when adding addresses.
2011-04-19 13:48:50 +02:00
a5543f99e4
Added missing return in iterator_t.insert_before of linked_list_t.
2011-04-19 13:48:50 +02:00
75cf0cc012
pluto: Clarified parsing of long durations.
2011-04-19 13:48:50 +02:00
1c004bebd8
Clearly mark switch cases that fall through.
2011-04-19 13:48:50 +02:00
119fc2d3d7
Added missing break statement.
2011-04-19 13:48:50 +02:00
73ac1f2040
pluto: Avoid potential null-pointer dereference when checking CRLs.
2011-04-19 13:48:50 +02:00
a61b696380
pluto: Added missing PF_KEY debug messages.
...
libfreeswan does not use the version of the PF_KEY header file provided
in src/include/linux so this list is not exactly up to date.
2011-04-19 13:48:50 +02:00
f526b35c45
Properly copy interface name if unknown.
...
We use a static string if the interface name is unknown, so using memcpy
with IFNAMSIZ is incorrect as that would overrun the static string.
2011-04-19 13:48:50 +02:00
82017bf417
pluto: from_state is strictly lower than STATE_IKE_ROOF.
2011-04-19 13:48:50 +02:00
c8bb9a2ec6
Fixed typo in unit-tester plugin.
2011-04-19 13:48:49 +02:00
a30e025901
support unstructuredAddress in left|rightid
2011-04-18 23:40:31 +02:00
733813c7fb
send an empty EAP Ack client message if TLS was successful and handle it on the server
2011-04-15 15:02:39 +02:00
ad5033a67c
Windows 7 expects an uncompressed EAP Identity request
2011-04-15 15:02:39 +02:00
2b3c87b49a
Set broadcast flag in DHCP requests when sending broadcasts
2011-04-15 13:00:23 +02:00
96409be320
Add reload support to attr plugin
2011-04-15 10:07:13 +02:00
00b4b4b0d1
Migrated attr plugin to INIT/METHOD macros
2011-04-15 10:07:13 +02:00
f0331baf1a
Added reload support to eap-radius plugin
2011-04-15 10:07:13 +02:00
3b71d3d033
Reload strongswan.conf and plugins supporting reloading on SIGHUP
2011-04-15 10:07:13 +02:00
fd3c12bf06
Accept NULL files in load_files[_section] as we do in constructor
2011-04-15 10:07:13 +02:00
32973044b0
Added a merge option to optionally reload files instead of merging them
2011-04-15 10:07:13 +02:00
ed49e9a303
Added plugin_loader method to reload plugin configurations
2011-04-15 10:07:13 +02:00
c55818ebb0
Added a (not yet implemented) plugin_t method to reload plugin configuration
2011-04-15 10:07:13 +02:00
787b5884aa
Added a get_name() function to plugin_t, create_plugin_enumerator enumerates over plugin_t
2011-04-15 10:07:12 +02:00
6e2791715b
Migrated remaining plugin_t implementations to INIT/METHOD macros
2011-04-15 10:07:12 +02:00
2b36342551
Migrated plugin_loader to INIT/METHOD macros
2011-04-15 10:07:12 +02:00
2db8b58f62
Continue without client authentication if no matching certificate found
2011-04-14 20:02:12 +02:00
6a8f1a578f
Ignore TLS certificate requests as peer if peer authentication disabled
2011-04-14 20:02:12 +02:00
1c21f47a06
Send TLS Server Name Indication as peer if server identity is a FQDN
2011-04-14 20:02:12 +02:00
eea2bdb203
Fix tls_writer wrap functions
2011-04-14 20:02:11 +02:00
823d2f5035
pluto: Fixed check for NAT-T keepalives.
2011-04-14 18:11:47 +02:00
3bec23d88c
pluto: Properly initialize constants.
2011-04-14 18:11:46 +02:00
7223229924
pluto: Avoid hiding outer parameter.
2011-04-14 18:11:46 +02:00
33c9e8b28d
pluto: Use %zu to print values of type size_t.
2011-04-14 18:11:46 +02:00
8e4da8f2e8
Use %tx to print a value of type ptrdiff_t.
2011-04-14 18:11:46 +02:00
e5e5bcc92f
Removed superfluous parameter to printf.
2011-04-14 18:11:46 +02:00
b0fd7d1482
Proper cleanup if IDs in ipsec.secrets cannot be parsed.
2011-04-14 18:11:45 +02:00
3c3c832a10
Fixed potential memory leak in host_create_any.
2011-04-14 18:11:45 +02:00
6045eaa54a
pluto: Fixed potential memory leak in atoaddr.
2011-04-14 18:11:45 +02:00
862ef49f85
Fixed potential memory leak when processing routes from the kernel.
2011-04-14 18:11:45 +02:00
29388829fa
Do proper cleanup in error case in pki req.
2011-04-14 18:11:45 +02:00
3fe6c0b27e
Do proper cleanup in some error cases in pki signcrl.
2011-04-14 18:11:44 +02:00
809750d72b
pluto: Fixed potential memory leak when processing requested virtual IPs.
2011-04-14 18:10:52 +02:00
267d47d6f2
pluto: Properly free buffer in error cases in read_packet.
2011-04-14 18:10:27 +02:00
3c0c321776
Neither rekey nor del can be NULL.
2011-04-14 18:10:27 +02:00
cc2429d9a2
In scanf the maxmium length of %s does not include the null-terminator.
2011-04-14 18:10:27 +02:00
bac28c73ed
starter_conn_t.id is an unsigned long.
2011-04-14 18:10:27 +02:00
e51cae33a9
Fix compiler warnings at creation of CRL cache filenames.
...
This was not really a problem because ptr is the first member of a chunk_t
and it contains a null-terminated string at that point. But it's clearer
this way.
2011-04-14 18:10:27 +02:00
1f02bdc8d3
Fixed output in ietf_attributes_t.get_string.
2011-04-14 18:10:26 +02:00
64f4237b1e
Fix "set nexthop to him when instantiating rightallowyes template with leftnexthop == right"
...
This fixes commit 280f6b1ab2
2011-04-14 18:10:26 +02:00
a9ee43e96a
added TLS renegotiation_info extension
2011-04-14 16:54:46 +02:00
2a277867be
Show full blown traffic selector in log_ts hook
2011-04-14 09:21:58 +02:00
aee071ed8b
Fixed check for member of stroke_msg_t in pop_string.
...
Because of the cast to char** the length of the message was multiplied
by sizeof(char*), i.e. 4 or 8 bytes (depending on the architecture) instead
of by 1 (sizeof(char)).
2011-04-13 18:18:03 +02:00
e54a2bd20e
pluto: Properly initialize a.continuation.
2011-04-12 17:39:11 +02:00
2cec32e8eb
pluto: Properly initialize ta.encrypter.
2011-04-12 17:22:50 +02:00
7f1fb6b69d
pluto: Fixed off by one error when reading private keys.
2011-04-12 15:54:29 +02:00
24e0595437
Removed unused variables.
2011-04-12 14:44:49 +02:00
f486bf2666
Fix compiler warning after fetcher_t.fetch signature change
2011-04-12 09:29:24 +02:00
8dad3072c6
Use an IV size of zero for DES in ECB mode
2011-04-08 14:55:46 +02:00
6dc36a73e2
Fixed debug statement if algorithm benchmarking enabled
2011-04-08 14:55:10 +02:00
be4caf7d3e
fixed bit mask
2011-04-07 21:41:41 +02:00
e4444c7b4a
define MSCHAPv2 as default phase2 algorithm for EAP-PEAP
2011-04-06 20:07:59 +02:00
30c42831a0
allow multi-pass authentication schemes as e.g. MSCHAPv2
2011-04-06 19:39:00 +02:00
c98ed04de0
display EAP identifiers in HEX format
2011-04-06 17:34:27 +02:00
0ef9744123
no EAP identifier offset required in build() function
2011-04-06 17:33:01 +02:00
915aa1f198
added missing function pointers in eap_identity_create_server()
2011-04-06 15:47:49 +02:00
1be296dfb2
implemented the PEAP tunneling protocol as an EAP plugin
2011-04-06 14:42:02 +02:00
0e83847088
added get|set_identifier() methods to eap_tnc_t
2011-04-06 07:50:42 +02:00
555a8ca238
added EAP identifier to debug output
2011-04-05 20:53:46 +02:00
934216df2d
added get|set_identifier() methods to eap_tls_t and eap_ttls_t
2011-04-05 18:35:22 +02:00
1bee89d339
added TLS_PURPOSE_EAP_PEAP
2011-04-05 18:16:28 +02:00
6f69fb0134
implemented get|set_identifier() for tls_eap_t
2011-04-05 18:14:58 +02:00
2e44a2753f
eap_packet_t definition moved to libstrongswan/eap/eap.h
2011-04-05 18:04:45 +02:00
6f05ad829a
added EAP PEAP and MSTLV protocols
2011-04-05 17:59:49 +02:00
dcfb8177b3
implemented get|set_identifier() for eap_sim_t
2011-04-05 17:01:28 +02:00
125fadb3e0
Migrated eap_sim plugin to INIT/METHOD macros
2011-04-05 16:12:38 +02:00
ab5e087309
implemented get|set_identifier() for eap_radius_t
2011-04-05 15:57:00 +02:00
07313dbe38
store EAP identifier on peer side
2011-04-05 15:45:51 +02:00
1b80fdd9e0
implemented get|set_identifier() for eap_aka_t
2011-04-05 15:40:20 +02:00
2f02375a82
Added support for DES_ECB to af-alg, required for eap-mschapv2
2011-04-05 15:20:38 +02:00
b5240b7c64
Migrated eap_aka plugin to INIT/METHOD macros
2011-04-05 15:20:22 +02:00
05aa206dcd
implemented get|set_identifier() for eap_gtc_t
2011-04-05 14:47:19 +02:00
e053961dcc
Migrated eap_gtc plugin to INIT/METHOD macros
2011-04-05 14:44:26 +02:00
4ea837d951
implemented get|set_identifier() for eap_mschapv2_t
2011-04-05 14:44:09 +02:00
dae5a088c5
Migrated eap_mschapv2 plugin to INIT/METHOD macros
2011-04-05 14:23:59 +02:00
689f887147
implemented get|set_identifier() for eap_identity_t and eap_md5_t
2011-04-05 14:22:58 +02:00
adcb221f19
log the EAP identifier also for vendor specific EAP methods
2011-04-05 13:57:37 +02:00
de93154231
log the initial value of the EAP identifier
2011-04-05 13:54:26 +02:00
2f7c12a2f4
added get_identifier() and set_identifier() methods
2011-04-05 13:32:10 +02:00
ce9352b3d7
Migrated eap_sim_pcsc plugin to INIT/METHOD macros
2011-04-04 09:31:45 +02:00
13d72e90c1
Slightly reformatted SIM pcsc code
2011-04-04 09:21:54 +02:00
80dca77a50
Added SIM card backend based on pcsc-lite
2011-04-04 08:51:50 +02:00
f27705cea1
Added support for FETCH_CALLBACK to soup fetcher
2011-04-04 08:48:27 +02:00
c5a46f3b63
Support FETCH_CALLBACK in curl fetcher
2011-04-04 08:48:27 +02:00
13eda8e903
Added a new FETCH_CALLBACK option to fetch data without allocation
2011-04-04 08:48:27 +02:00
5131c62517
Migrated fetcher_manager to INIT/METHOD macros
2011-04-04 08:48:27 +02:00
7aa2d1ca49
log TNC PEP decision with level 0
2011-03-25 12:49:05 +01:00
952fb7b5a1
Increase whitelist message identity buffer to 128 bytes
2011-03-23 14:18:15 +01:00
fc2e43eb27
Fix order of PURGE_* flags to be compatible with STROKE_PURGE_* keywords
2011-03-23 09:28:40 +01:00
a6390879d5
Make availability of glob(3) optional in settings_t.
...
If glob(3) is not available just try to open the pattern as regular
file. The reason for this change is that glob(3) is not available on Android.
2011-03-22 19:21:26 +01:00
913591ecb8
Make sure that files included in settings_t are regular files.
2011-03-22 19:21:15 +01:00
566173366d
File lists in Android.mk files updated to those in the Makefiles.
2011-03-22 17:41:29 +01:00
3eede76288
Fall back to _LINUX_CAPABILITY_VERSION if no explicit version is defined.
...
This is the case on Android.
2011-03-22 17:39:05 +01:00
16ee58e036
TNC server did not issue a TNC_CONNECTION_STATE_HANDSHAKE NotifyConnection message
2011-03-19 16:43:22 +01:00
edd1fc71c2
include linux/if_alg.h in the strongSwan distribution
2011-03-17 22:52:04 +01:00
f8d2f903bf
Added a strongswan.conf "enabled" option for duplicheck plugin
2011-03-17 17:34:11 +01:00
c236b214f2
Added strongswan.conf and runtime option to enable/disable whitelist plugin
2011-03-17 17:15:16 +01:00
3ced6b51e4
Move establish/inherit of rekeyed IKE_SAs to delete messages
...
Having the inherit() function delayed to the IKE_SA establish procedure
was problematic. The task destroy function was never a good place and
results in locking/cleanup problems. After establishing the SA, it
should be really checked in ASAP to avoid any triggered DPD checks
to get lost.
2011-03-15 15:20:09 +01:00
f42156a8c8
Wrap IKE delete after rekey into rekey task for responder, too
2011-03-15 11:51:53 +01:00
11f89bc948
Do not invoke processor restart() if not required
...
Doing so might result in a deadlock during shutdown if a delayed
restart is locked on the bus during the debug statement.
2011-03-15 11:48:19 +01:00
41080cbbd9
Migrated ike_rekey task to INIT/METHOD macros
2011-03-15 11:30:02 +01:00
19897724d3
fixed asn1_oid_from_string(), allowing it to handle up to 32 bit node numbers
2011-03-12 13:46:14 +01:00
4953a78a66
fixed parsing of X.509 certificatePolicies
2011-03-11 12:38:00 +01:00
cfeb687d7f
added tcg-at-tpmIdLabel OID
2011-03-11 11:48:46 +01:00
fc01176a7d
output unknown OIDs in dot string notation
2011-03-11 11:48:22 +01:00
f813069e89
fixed asn1_oid_to_string() conversion
2011-03-09 15:36:05 +01:00
21f411b861
Use a boolean expression for refcount check, fixes refcounting if bool is a signed char
2011-03-09 07:52:13 +01:00
5f47296f22
Migrated sim_manager to INIT/METHOD macros
2011-03-08 16:42:27 +01:00
7b3bfe4b6c
Protect sim card/provider/hook (un-)registration with a rwlock
2011-03-08 16:42:27 +01:00
f58db72482
Splitted sim_manager.h header to sim_{card,provider,hooks}.h
2011-03-08 16:42:27 +01:00
c54e1bb83b
defined some TCG attribute OIDs
2011-03-08 07:27:00 +01:00
04be19127d
support of RSAES-OAEP public keys
2011-03-08 07:03:22 +01:00
bf10d793f6
added id-RSAES-OAEP and id-pSpecified OIDs
2011-03-07 22:46:28 +01:00
25ed5672a6
initiate or route all child configs if they have different names from their parent peer config
2011-03-04 07:02:31 +01:00
50110dfef8
Align netlink attributes properly if rta_len not a multiple of RTA_ALIGNTO
2011-03-02 16:07:38 +01:00
ea1c20d14b
initiate or route child configs which don't have a peer config of the same name
2011-03-01 22:24:19 +01:00
a2ebc1bd69
put DN in double quotes
2011-03-01 22:19:59 +01:00
a79eba2e9c
corrected pkcs11 error message
2011-03-01 22:19:58 +01:00
007c47088c
Implemented permanent certificate coupling plugin
2011-02-28 16:39:40 +01:00
0d6d992589
Update duplicheck entry during IKE rekeying
2011-02-28 15:37:18 +00:00
b85be69079
Remove entry from active duplicate list only if it was not in checking
2011-02-28 15:37:18 +00:00
ee0f53e189
Added an example application listening to duplicheck notifications
2011-02-28 15:37:18 +00:00
3883150779
Notify duplicate detections over a UNIX sockets to listening applications
2011-02-28 15:37:18 +00:00
3e74ebbecc
Added an advanced duplicate checking plugin with liveness check of old SA
2011-02-28 15:37:18 +00:00
Tobias Brunner