[thirdparty/strongswan.git] / ChangeLog

 strongSwan-4.0.0 / Revision: 967
==================================

- removed IKEV2 ifdefs
- applied patch from andreas
  - added charonstart option to config
  - new ikev2 tests for UML
- applied patch from andreas
	- pem loading
	- secrets file parsing
	- ikev2 testcase
	- some other additions here and there
- connection termination is handled cleanly by name now
- fixed bad bug, certs load now cleanly again
- fixed make install (subdir order)
- fixed include path
- added missing script
- finished initial import of strongswan file tree
- removed a lot of old and unused stuff
- moved RFCs from ikev2 into doc dir
- added missing files for starter
- applied patch for charon (this time really)
- import of strongswan-2.7.0
- applied patch for charon
- renamed get_block_size of hasher
- reworked usage of IDs in various states
- using ID_ANY for any, not NULL as before
- initiator sends IDr payload in IKE_AUTH when ID unique
- fixed charon checks
- using status & statusall
- patch for 2.7.0 
- add connection names to connections
- stroke status / ipsec status shows them
- added statusall for stroke
- added status by connection name
- some tests repaired, more to come
- fixed spi conversion
- improved "stroke status" output
- setup PID file after daemon initilization, to correctly inform
  starter about daemon startup
- added separate implementation for connection_store, credential_store, policy_store
- added folder structure to config
- credentials are fetched solely on IDs now
- identification_t supports now almost all id types
- x509 certificates work with identification_t now
- fixes here, fixes there
- fixed doxygen build
- seperates now in lib and charon
- library initialization done at a central point (library.c)
- some leak_detective fixes
- updated Todos
- fixed log-to-syslog behavior
- added patch against strongswan-2.6.4
- x509 certificate loading with pluto asn1 code
- x509 needs a lot more attention!
- renamed some files
- using asn1 pluto stuff now
- removed, since we use pluto asn1 stuff
- leak detective is usable, but does not show static function names
  - a script which gets address via ldd and resolves address via addr2line would be nice
- fixed a leak in child_sa with new detective ;-)
- some improvements to new asn1 stuff
- to be continued
- fixed bad bugs in kernel interface
- added some logging info
- works now much more stable
- startet importing pluto ASN1 stuff
- der PKCS#1 key loading works (as it did with der_decoder)
- split up in libstrong, charon, stroke, testing done
- new leak detective with malloc hook in library
  - useable, but needs improvements
- logger_manager has now a single instance per library
  - allows use of loggers from any linking prog
- a LOT of other things
../svn-commit.tmp
- added misssing stroke.h
- improved strokeing
	- down connection
	- status
- some other tweaks
- rewrote a lot of RSA stuff
- done major work for ASN1/decoder
- allow loading of ASN1 der encoded private keys, public keys and certificates
- extracting public key from certificates
- passing certificates from stroke to charon
=> basic authentication with RSA certificates works!
- starter work on asn1 with der de/encoder
- RSA private and public key can load read key from ASN1 DER
- some other fixes here and there
- rewrite of logger_manager, uses now one instance per context
- cleanups for logger here and there
- removed critical flag check in payload verification (conformance to IKEv2)
- so thats and theres everywere... ;-)
- patch for strongswan-2.6.3
- added charon support for strongswan build process
- ipsec starter supports charon startup and control
- removed old diploma thesis scripts
- some cleanups
- compatibility to strongswan, Makefile can be called by "make programs"
  and "make install" (ikev2 patch must be applied to strongswan)
- first version of stroke control utility
- moved output to doc/api, since doc is used for other docs now
- some first documentation in english
- removed old eclipse project files
- works quite well now with ipsec.conf & ipsec starter
- belongs to previous commit ;-)
- reworked configuration framework completly
- configuration is now split up in: connections, policies, credentials and daemon config
- further alloc/free fixes needed!
- first attempt for connection loading and starting via "stroke"
- some improvements here and there
- configuration_manager replaced by configuration_t interface
- current configuration_manager is now static_configuration (testing)
- first draft of starter_configuration, which should once interact with ipsec starter (via whack?)
- some cleanups
- socket_t uses RAW socket, which allows parallel service of pluto/charon
- comments and cleanups
- working policy installation and removal
- fixed policy setup bug
- proposal setup implementation begun
- fixed socket code, so we know on which address we receive traffic
- AH/ESP setup in kernel is working now!!! :-)))
- installing of child sa works
- need correct IP adresses to actually use IPsec
- new RFCs of IKEv2, IKEv2 algs and IPSec arch added
- update of IKEv2 clarification document
- refactored ike proposal
- uses now proposal_t, wich is also used by child proposals
- ike key derivation refactored
- crypter_t api has get_key_size now
- some other improvements here and there
- config uses uml hosts alice and bob
- key derivation for child_sa works
- some fixes here and there
- fixed memleaks
- works with new proposal code
- still some(!) memleaks
- fixed alot of bugs in child_proposal
- near to working state ;-)
- dead end implementation

- ... there is a lot more of it, but 
  nothing of interest
Commit	Line	Data
17b29683	1	strongSwan-4.0.0 / Revision: 967
8ba04040 MW	2	==================================
8ba04040 MW	3
8ba04040 MW	4	- removed IKEV2 ifdefs
	5	- applied patch from andreas
	6	- added charonstart option to config
	7	- new ikev2 tests for UML
	8	- applied patch from andreas
	9	- pem loading
	10	- secrets file parsing
	11	- ikev2 testcase
	12	- some other additions here and there
	13	- connection termination is handled cleanly by name now
	14	- fixed bad bug, certs load now cleanly again
	15	- fixed make install (subdir order)
	16	- fixed include path
	17	- added missing script
	18	- finished initial import of strongswan file tree
	19	- removed a lot of old and unused stuff
	20	- moved RFCs from ikev2 into doc dir
	21	- added missing files for starter
	22	- applied patch for charon (this time really)
	23	- import of strongswan-2.7.0
	24	- applied patch for charon
	25	- renamed get_block_size of hasher
	26	- reworked usage of IDs in various states
	27	- using ID_ANY for any, not NULL as before
	28	- initiator sends IDr payload in IKE_AUTH when ID unique
	29	- fixed charon checks
	30	- using status & statusall
	31	- patch for 2.7.0
	32	- add connection names to connections
	33	- stroke status / ipsec status shows them
	34	- added statusall for stroke
	35	- added status by connection name
	36	- some tests repaired, more to come
	37	- fixed spi conversion
	38	- improved "stroke status" output
	39	- setup PID file after daemon initilization, to correctly inform
	40	starter about daemon startup
	41	- added separate implementation for connection_store, credential_store, policy_store
	42	- added folder structure to config
	43	- credentials are fetched solely on IDs now
	44	- identification_t supports now almost all id types
	45	- x509 certificates work with identification_t now
	46	- fixes here, fixes there
	47	- fixed doxygen build
	48	- seperates now in lib and charon
	49	- library initialization done at a central point (library.c)
	50	- some leak_detective fixes
	51	- updated Todos
	52	- fixed log-to-syslog behavior
	53	- added patch against strongswan-2.6.4
	54	- x509 certificate loading with pluto asn1 code
	55	- x509 needs a lot more attention!
	56	- renamed some files
	57	- using asn1 pluto stuff now
	58	- removed, since we use pluto asn1 stuff
	59	- leak detective is usable, but does not show static function names
	60	- a script which gets address via ldd and resolves address via addr2line would be nice
	61	- fixed a leak in child_sa with new detective ;-)
	62	- some improvements to new asn1 stuff
	63	- to be continued
	64	- fixed bad bugs in kernel interface
	65	- added some logging info
	66	- works now much more stable
	67	- startet importing pluto ASN1 stuff
68	- der PKCS#1 key loading works (as it did with der_decoder)
69	- split up in libstrong, charon, stroke, testing done
70	- new leak detective with malloc hook in library
71	- useable, but needs improvements
72	- logger_manager has now a single instance per library
73	- allows use of loggers from any linking prog
74	- a LOT of other things
75	../svn-commit.tmp
76	- added misssing stroke.h
77	- improved strokeing
78	- down connection
79	- status
80	- some other tweaks
81	- rewrote a lot of RSA stuff
82	- done major work for ASN1/decoder
83	- allow loading of ASN1 der encoded private keys, public keys and certificates
84	- extracting public key from certificates
85	- passing certificates from stroke to charon
86	=> basic authentication with RSA certificates works!
87	- starter work on asn1 with der de/encoder
88	- RSA private and public key can load read key from ASN1 DER
89	- some other fixes here and there
90	- rewrite of logger_manager, uses now one instance per context
91	- cleanups for logger here and there
92	- removed critical flag check in payload verification (conformance to IKEv2)
93	- so thats and theres everywere... ;-)
94	- patch for strongswan-2.6.3
95	- added charon support for strongswan build process
96	- ipsec starter supports charon startup and control
97	- removed old diploma thesis scripts
98	- some cleanups
99	- compatibility to strongswan, Makefile can be called by "make programs"
100	and "make install" (ikev2 patch must be applied to strongswan)
101	- first version of stroke control utility
102	- moved output to doc/api, since doc is used for other docs now
103	- some first documentation in english
104	- removed old eclipse project files
105	- works quite well now with ipsec.conf & ipsec starter
106	- belongs to previous commit ;-)
107	- reworked configuration framework completly
108	- configuration is now split up in: connections, policies, credentials and daemon config
109	- further alloc/free fixes needed!
110	- first attempt for connection loading and starting via "stroke"
111	- some improvements here and there
112	- configuration_manager replaced by configuration_t interface
113	- current configuration_manager is now static_configuration (testing)
114	- first draft of starter_configuration, which should once interact with ipsec starter (via whack?)
115	- some cleanups
116	- socket_t uses RAW socket, which allows parallel service of pluto/charon
117	- comments and cleanups
118	- working policy installation and removal
119	- fixed policy setup bug
120	- proposal setup implementation begun
121	- fixed socket code, so we know on which address we receive traffic
122	- AH/ESP setup in kernel is working now!!! :-)))
123	- installing of child sa works
124	- need correct IP adresses to actually use IPsec
125	- new RFCs of IKEv2, IKEv2 algs and IPSec arch added
126	- update of IKEv2 clarification document
127	- refactored ike proposal
128	- uses now proposal_t, wich is also used by child proposals
129	- ike key derivation refactored
130	- crypter_t api has get_key_size now
131	- some other improvements here and there
132	- config uses uml hosts alice and bob
133	- key derivation for child_sa works
134	- some fixes here and there
135	- fixed memleaks
136	- works with new proposal code
137	- still some(!) memleaks
138	- fixed alot of bugs in child_proposal
139	- near to working state ;-)
140	- dead end implementation
141
142	- ... there is a lot more of it, but
143	nothing of interest