[thirdparty/strongswan.git] / ChangeLog

 strongSwan-4.0.0 / R:967
==========================

removed IKEV2 ifdefs
applied patch from andreas
  added charonstart option to config
  new ikev2 tests for UML
applied patch from andreas
  pem loading
  secrets file parsing
  ikev2 testcase
  some other additions here and there
connection termination is handled cleanly by name now
fixed bad bug, certs load now cleanly again
fixed make install (subdir order)
fixed include path
added missing script
finished initial import of strongswan file tree
removed a lot of old and unused stuff
moved RFCs from ikev2 into doc dir
added missing files for starter
applied patch for charon (this time really)
import of strongswan-2.7.0
applied patch for charon
renamed get_block_size of hasher
reworked usage of IDs in various states
using ID_ANY for any, not NULL as before
initiator sends IDr payload in IKE_AUTH when ID unique
fixed charon checks
using status & statusall
patch for 2.7.0 
add connection names to connections
stroke status / ipsec status shows them
added statusall for stroke
added status by connection name
some tests repaired, more to come
fixed spi conversion
improved "stroke status" output
setup PID file after daemon initilization, to correctly inform
  starter about daemon startup
added separate implementation for connection_store, credential_store, policy_store
added folder structure to config
credentials are fetched solely on IDs now
identification_t supports now almost all id types
x509 certificates work with identification_t now
fixes here, fixes there
fixed doxygen build
seperates now in lib and charon
library initialization done at a central point (library.c)
some leak_detective fixes
updated Todos
fixed log-to-syslog behavior
added patch against strongswan-2.6.4
x509 certificate loading with pluto asn1 code
x509 needs a lot more attention!
renamed some files
using asn1 pluto stuff now
removed, since we use pluto asn1 stuff
leak detective is usable, but does not show static function names
  a script which gets address via ldd and resolves address via addr2line would be nice
fixed a leak in child_sa with new detective ;-)
some improvements to new asn1 stuff
to be continued
fixed bad bugs in kernel interface
added some logging info
works now much more stable
startet importing pluto ASN1 stuff
der PKCS#1 key loading works (as it did with der_decoder)
split up in libstrong, charon, stroke, testing done
new leak detective with malloc hook in library
  useable, but needs improvements
logger_manager has now a single instance per library
  allows use of loggers from any linking prog
a LOT of other things
../svn-commit.tmp
added misssing stroke.h
improved strokeing
  down connection
  status
some other tweaks
rewrote a lot of RSA stuff
done major work for ASN1/decoder
allow loading of ASN1 der encoded private keys, public keys and certificates
extracting public key from certificates
passing certificates from stroke to charon
=> basic authentication with RSA certificates works!
starter work on asn1 with der de/encoder
RSA private and public key can load read key from ASN1 DER
some other fixes here and there
rewrite of logger_manager, uses now one instance per context
cleanups for logger here and there
removed critical flag check in payload verification (conformance to IKEv2)
so thats and theres everywere... ;-)
patch for strongswan-2.6.3
added charon support for strongswan build process
ipsec starter supports charon startup and control
removed old diploma thesis scripts
some cleanups
compatibility to strongswan, Makefile can be called by "make programs"
  and "make install" (ikev2 patch must be applied to strongswan)
first version of stroke control utility
moved output to doc/api, since doc is used for other docs now
some first documentation in english
removed old eclipse project files
works quite well now with ipsec.conf & ipsec starter
belongs to previous commit ;-)
reworked configuration framework completly
configuration is now split up in: connections, policies, credentials and daemon config
further alloc/free fixes needed!
first attempt for connection loading and starting via "stroke"
some improvements here and there
configuration_manager replaced by configuration_t interface
current configuration_manager is now static_configuration (testing)
first draft of starter_configuration, which should once interact with ipsec starter (via whack?)
some cleanups
socket_t uses RAW socket, which allows parallel service of pluto/charon
comments and cleanups
working policy installation and removal
fixed policy setup bug
proposal setup implementation begun
fixed socket code, so we know on which address we receive traffic
AH/ESP setup in kernel is working now!!! :-)))
installing of child sa works
need correct IP adresses to actually use IPsec
new RFCs of IKEv2, IKEv2 algs and IPSec arch added
update of IKEv2 clarification document
refactored ike proposal
uses now proposal_t, wich is also used by child proposals
ike key derivation refactored
crypter_t api has get_key_size now
some other improvements here and there
config uses uml hosts alice and bob
key derivation for child_sa works
some fixes here and there
fixed memleaks
works with new proposal code
still some(!) memleaks
fixed alot of bugs in child_proposal
near to working state ;-)
dead end implementation

... there is a lot more of it, but nothing of interest
Commit	Line	Data
d7272314 MW	1	strongSwan-4.0.0 / R:967
d7272314 MW	2	==========================
8ba04040	3
22ff6f57 MW	4	removed IKEV2 ifdefs
	5	applied patch from andreas
	6	added charonstart option to config
	7	new ikev2 tests for UML
	8	applied patch from andreas
	9	pem loading
	10	secrets file parsing
	11	ikev2 testcase
	12	some other additions here and there
	13	connection termination is handled cleanly by name now
	14	fixed bad bug, certs load now cleanly again
	15	fixed make install (subdir order)
	16	fixed include path
	17	added missing script
	18	finished initial import of strongswan file tree
	19	removed a lot of old and unused stuff
	20	moved RFCs from ikev2 into doc dir
	21	added missing files for starter
	22	applied patch for charon (this time really)
	23	import of strongswan-2.7.0
	24	applied patch for charon
	25	renamed get_block_size of hasher
	26	reworked usage of IDs in various states
	27	using ID_ANY for any, not NULL as before
	28	initiator sends IDr payload in IKE_AUTH when ID unique
	29	fixed charon checks
	30	using status & statusall
	31	patch for 2.7.0
	32	add connection names to connections
	33	stroke status / ipsec status shows them
	34	added statusall for stroke
	35	added status by connection name
	36	some tests repaired, more to come
	37	fixed spi conversion
	38	improved "stroke status" output
	39	setup PID file after daemon initilization, to correctly inform
8ba04040	40	starter about daemon startup
22ff6f57 MW	41	added separate implementation for connection_store, credential_store, policy_store
	42	added folder structure to config
	43	credentials are fetched solely on IDs now
	44	identification_t supports now almost all id types
	45	x509 certificates work with identification_t now
	46	fixes here, fixes there
	47	fixed doxygen build
	48	seperates now in lib and charon
	49	library initialization done at a central point (library.c)
	50	some leak_detective fixes
	51	updated Todos
	52	fixed log-to-syslog behavior
	53	added patch against strongswan-2.6.4
	54	x509 certificate loading with pluto asn1 code
	55	x509 needs a lot more attention!
	56	renamed some files
	57	using asn1 pluto stuff now
	58	removed, since we use pluto asn1 stuff
	59	leak detective is usable, but does not show static function names
	60	a script which gets address via ldd and resolves address via addr2line would be nice
	61	fixed a leak in child_sa with new detective ;-)
	62	some improvements to new asn1 stuff
	63	to be continued
	64	fixed bad bugs in kernel interface
	65	added some logging info
	66	works now much more stable
	67	startet importing pluto ASN1 stuff
	68	der PKCS#1 key loading works (as it did with der_decoder)
	69	split up in libstrong, charon, stroke, testing done
	70	new leak detective with malloc hook in library
	71	useable, but needs improvements
	72	logger_manager has now a single instance per library
	73	allows use of loggers from any linking prog
	74	a LOT of other things
8ba04040	75	../svn-commit.tmp
22ff6f57 MW	76	added misssing stroke.h
	77	improved strokeing
	78	down connection
	79	status
	80	some other tweaks
	81	rewrote a lot of RSA stuff
	82	done major work for ASN1/decoder
	83	allow loading of ASN1 der encoded private keys, public keys and certificates
	84	extracting public key from certificates
	85	passing certificates from stroke to charon
8ba04040	86	=> basic authentication with RSA certificates works!
22ff6f57 MW	87	starter work on asn1 with der de/encoder
	88	RSA private and public key can load read key from ASN1 DER
	89	some other fixes here and there
	90	rewrite of logger_manager, uses now one instance per context
	91	cleanups for logger here and there
	92	removed critical flag check in payload verification (conformance to IKEv2)
	93	so thats and theres everywere... ;-)
	94	patch for strongswan-2.6.3
	95	added charon support for strongswan build process
	96	ipsec starter supports charon startup and control
	97	removed old diploma thesis scripts
	98	some cleanups
	99	compatibility to strongswan, Makefile can be called by "make programs"
8ba04040	100	and "make install" (ikev2 patch must be applied to strongswan)
22ff6f57 MW	101	first version of stroke control utility
	102	moved output to doc/api, since doc is used for other docs now
	103	some first documentation in english
	104	removed old eclipse project files
	105	works quite well now with ipsec.conf & ipsec starter
	106	belongs to previous commit ;-)
	107	reworked configuration framework completly
	108	configuration is now split up in: connections, policies, credentials and daemon config
	109	further alloc/free fixes needed!
	110	first attempt for connection loading and starting via "stroke"
	111	some improvements here and there
	112	configuration_manager replaced by configuration_t interface
	113	current configuration_manager is now static_configuration (testing)
	114	first draft of starter_configuration, which should once interact with ipsec starter (via whack?)
	115	some cleanups
	116	socket_t uses RAW socket, which allows parallel service of pluto/charon
	117	comments and cleanups
	118	working policy installation and removal
	119	fixed policy setup bug
	120	proposal setup implementation begun
	121	fixed socket code, so we know on which address we receive traffic
	122	AH/ESP setup in kernel is working now!!! :-)))
	123	installing of child sa works
	124	need correct IP adresses to actually use IPsec
	125	new RFCs of IKEv2, IKEv2 algs and IPSec arch added
	126	update of IKEv2 clarification document
	127	refactored ike proposal
	128	uses now proposal_t, wich is also used by child proposals
	129	ike key derivation refactored
	130	crypter_t api has get_key_size now
	131	some other improvements here and there
	132	config uses uml hosts alice and bob
	133	key derivation for child_sa works
	134	some fixes here and there
	135	fixed memleaks
	136	works with new proposal code
	137	still some(!) memleaks
	138	fixed alot of bugs in child_proposal
	139	near to working state ;-)
	140	dead end implementation
8ba04040	141
22ff6f57	142	... there is a lot more of it, but nothing of interest