]>
git.ipfire.org Git - thirdparty/strongswan.git/log
Tobias Brunner [Thu, 3 May 2012 07:37:35 +0000 (09:37 +0200)]
Updated Android.mk for 5.0 (no IKEv1 support yet).
Andreas Steffen [Wed, 2 May 2012 20:53:45 +0000 (22:53 +0200)]
updated tnc-pdp plugin for 5.0.0
Andreas Steffen [Wed, 2 May 2012 20:53:11 +0000 (22:53 +0200)]
updated testing.conf for 5.0.0
Andreas Steffen [Wed, 2 May 2012 19:13:14 +0000 (21:13 +0200)]
two new options for 5.0.0 UML testing
Tobias Brunner [Wed, 1 Feb 2012 15:02:33 +0000 (16:02 +0100)]
NEWS about route reinstallation added.
Tobias Brunner [Tue, 20 Dec 2011 14:01:06 +0000 (15:01 +0100)]
Route reinstallation in kernel_ipsec_t implementations is not needed anymore.
Tobias Brunner [Tue, 20 Dec 2011 13:59:21 +0000 (14:59 +0100)]
Reinstall routes in kernel-netlink plugin, if interfaces get reactivated or IPs reappear.
Tobias Brunner [Tue, 20 Dec 2011 13:30:10 +0000 (14:30 +0100)]
Keep track of installed source routes in kernel-netlink plugin.
Tobias Brunner [Wed, 1 Feb 2012 15:23:47 +0000 (16:23 +0100)]
NEWS about bus_t refactorings added.
Tobias Brunner [Mon, 23 Jan 2012 12:51:21 +0000 (13:51 +0100)]
Loggers specify what log messages they want to receive during registration.
This also allows us to generate the log message only once for all
loggers that need it (avoids calls to custom printf specifier callbacks).
To update the log levels loggers can simply be registered again.
Tobias Brunner [Mon, 23 Jan 2012 12:38:48 +0000 (13:38 +0100)]
Ensure that multi-line log messages are not torn apart.
Tobias Brunner [Sat, 21 Jan 2012 15:11:28 +0000 (16:11 +0100)]
Added recursive read_lock support to our own implementation of rwlock_t.
Tobias Brunner [Sat, 21 Jan 2012 13:47:13 +0000 (14:47 +0100)]
Use a separate interface for loggers.
The new interface does not allow loggers to unregister themselves from
the bus. This allows us to use a rwlock_t for them.
The latter also means that loggers can now be called concurrently by
multiple threads.
Tobias Brunner [Thu, 29 Dec 2011 18:13:08 +0000 (19:13 +0100)]
Use a separate list and mutex for loggers.
This avoids deadlocks caused by extensive listener_t implementations
which might want to acquire a lock which is currently held by another
thread wanting to log messages. Since the latter requires that thread
to acquire the same lock the initial thread currently holds this
previously resulted in a deadlock.
With this change logging messages does not require threads to acquire
the main lock in bus_t and thus avoids the deadlock.
Tobias Brunner [Thu, 22 Dec 2011 12:54:30 +0000 (13:54 +0100)]
Fixed return value of controller_t functions if callback returns FALSE.
Tobias Brunner [Thu, 22 Dec 2011 09:59:47 +0000 (10:59 +0100)]
Use wrapped semaphore in callback_job_t.
Tobias Brunner [Thu, 22 Dec 2011 09:47:44 +0000 (10:47 +0100)]
Removed remaining parts of controller_t.listen() implementation.
Tobias Brunner [Wed, 21 Dec 2011 17:27:10 +0000 (18:27 +0100)]
Remove obsolete bus_t.listen() method.
Tobias Brunner [Wed, 21 Dec 2011 17:23:56 +0000 (18:23 +0100)]
Implement wait_for_listener in controller_t with semaphores.
This eliminates even the slightest chance of a deadlock.
Tobias Brunner [Wed, 21 Dec 2011 17:22:23 +0000 (18:22 +0100)]
Added a wrapper class around POSIX semaphores.
Tobias Brunner [Wed, 21 Dec 2011 16:15:33 +0000 (17:15 +0100)]
Implement bus_t.listen() directly in controller_t (the only user).
This will hopefully allow us to later simplify bus_t.
Martin Willi [Thu, 1 Mar 2012 16:07:08 +0000 (17:07 +0100)]
Add plugin features support to stroke plugin
Martin Willi [Wed, 29 Feb 2012 15:09:11 +0000 (16:09 +0100)]
Certificate decoding soft-depends on public key decoding of specific types
Martin Willi [Wed, 29 Feb 2012 15:08:07 +0000 (16:08 +0100)]
PEM loading plugin features depend on the same feature, they are helpers only
Martin Willi [Wed, 29 Feb 2012 15:07:16 +0000 (16:07 +0100)]
Don't depend on a feature that has a dependency to the same feauture during unload
Martin Willi [Wed, 2 May 2012 09:12:31 +0000 (11:12 +0200)]
Merge branch 'ikev1'
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
Martin Willi [Wed, 2 May 2012 07:03:23 +0000 (09:03 +0200)]
Added a dedicated sender flush method, delay sender destruction until users gone
Tobias Brunner [Tue, 1 May 2012 11:32:43 +0000 (13:32 +0200)]
Documented strongswan.conf options for radattr plugin.
Andreas Steffen [Mon, 30 Apr 2012 11:40:48 +0000 (13:40 +0200)]
add AUTH_RULE_SUBJECT_CERT for raw public keys
Andreas Steffen [Mon, 30 Apr 2012 09:42:09 +0000 (11:42 +0200)]
added missing whitespace
Tobias Brunner [Mon, 30 Apr 2012 08:48:57 +0000 (10:48 +0200)]
Properly initialize optional subject in PEM builder.
Tobias Brunner [Mon, 30 Apr 2012 08:47:42 +0000 (10:47 +0200)]
Typo fixed.
Andreas Steffen [Mon, 30 Apr 2012 07:48:21 +0000 (09:48 +0200)]
version bump to 4.6.3
Andreas Steffen [Mon, 30 Apr 2012 07:47:34 +0000 (09:47 +0200)]
output validity of raw public key if available
Andreas Steffen [Mon, 30 Apr 2012 05:02:08 +0000 (07:02 +0200)]
ikev2/net2net-pubkey scenario does not need dnskey plugin
Andreas Steffen [Sun, 29 Apr 2012 22:33:18 +0000 (00:33 +0200)]
added ikev2/net2net-pubkey scenario
Andreas Steffen [Sun, 29 Apr 2012 22:32:58 +0000 (00:32 +0200)]
added ikev2/net2net-rsa scenario
Andreas Steffen [Sun, 29 Apr 2012 22:31:42 +0000 (00:31 +0200)]
added support for raw RSA public keys to stroke
Andreas Steffen [Sun, 29 Apr 2012 17:10:25 +0000 (19:10 +0200)]
added ikev2/rw-eap-md5-id-prompt scenario
Martin Willi [Thu, 26 Apr 2012 12:35:27 +0000 (14:35 +0200)]
Fixed Android null terminated password fixup in xauth-eap
Tobias Brunner [Thu, 26 Apr 2012 06:50:39 +0000 (08:50 +0200)]
Fixed null-pointer dereference in smp plugin.
Andreas Steffen [Wed, 25 Apr 2012 18:53:08 +0000 (20:53 +0200)]
CERT_TRUSTED_PUBKEY stores notBefore, notAfter and subject information
Tobias Brunner [Tue, 24 Apr 2012 07:25:38 +0000 (09:25 +0200)]
pluto: Fix for null-terminated XAuth secrets (as sent by Android 4).
Andreas Steffen [Sun, 22 Apr 2012 20:22:25 +0000 (22:22 +0200)]
activated cmac plugin in UML test suites
Andreas Steffen [Sun, 22 Apr 2012 18:24:59 +0000 (20:24 +0200)]
isolate a TNC client if an error occurs
Andreas Steffen [Sun, 22 Apr 2012 15:41:20 +0000 (17:41 +0200)]
version bump to 4.6.3rc2
Andreas Steffen [Sun, 22 Apr 2012 15:40:59 +0000 (17:40 +0200)]
exit if TBOOT dummy measurements are not defined
Tobias Brunner [Fri, 20 Apr 2012 07:21:03 +0000 (09:21 +0200)]
Option added to set identifier for syslog(3) logging.
This identifier is added to each log message by syslog.
Tobias Brunner [Tue, 17 Apr 2012 15:44:10 +0000 (17:44 +0200)]
Removed auth_cfg_t.replace_value() and replaced usages with add().
replace_value() was used to replace identities. Since for these the latest is
now returned by get(), adding the new identity with add() is sufficient.
Tobias Brunner [Tue, 17 Apr 2012 15:37:30 +0000 (17:37 +0200)]
Changed the order and semantics of rules we expect only once in auth_cfg_t.
These rules are now inserted at the front of the internal list, this
allows to retrieve the rule added last with get(). For other rules the
order in which they are added is maintained (this allows to properly
enumerate them).
Tobias Brunner [Tue, 17 Apr 2012 11:58:18 +0000 (13:58 +0200)]
Store password with remote ID to tie it stronger to a specific connection.
Tobias Brunner [Tue, 17 Apr 2012 09:18:37 +0000 (11:18 +0200)]
Added stroke user-creds command, to set username/password for a connection.
Tobias Brunner [Tue, 17 Apr 2012 09:14:38 +0000 (11:14 +0200)]
Added method to add additional shared secrets to stroke_cred_t.
Tobias Brunner [Tue, 17 Apr 2012 09:13:44 +0000 (11:13 +0200)]
Additional prompt keyword added to stroke.
Tobias Brunner [Tue, 17 Apr 2012 09:11:24 +0000 (11:11 +0200)]
Typo fixed.
Martin Willi [Tue, 17 Apr 2012 07:36:39 +0000 (09:36 +0200)]
Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a few secs
Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as
initiator, we can't know if the completing IKE_SA_INIT message is to our first
request or the one with the COOKIE. If the responder just enabled/disabled
COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE
behavior toggling improves the situation, but does not solve the problem during
the initial COOKIE activation.
Martin Willi [Mon, 16 Apr 2012 14:57:18 +0000 (16:57 +0200)]
Added a note about DH/keymat lifecycle for custom implementations
Martin Willi [Mon, 16 Apr 2012 14:55:14 +0000 (16:55 +0200)]
Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE
Martin Willi [Mon, 16 Apr 2012 14:47:17 +0000 (16:47 +0200)]
Fix iteration through half-open IKE_SA table
Tobias Brunner [Mon, 16 Apr 2012 09:55:07 +0000 (11:55 +0200)]
Use IP address as ID as responder if not configured or no IDr received.
Tobias Brunner [Mon, 16 Apr 2012 09:53:06 +0000 (11:53 +0200)]
Fall back on IP address as IDi if none is configured at all.
Tobias Brunner [Fri, 13 Apr 2012 13:47:25 +0000 (15:47 +0200)]
Use auth_cfg_t.replace_value where appropriate.
Tobias Brunner [Fri, 13 Apr 2012 13:46:23 +0000 (15:46 +0200)]
Added a simple method to replace the value of a rule in auth_cfg_t.
Tobias Brunner [Wed, 4 Apr 2012 09:46:59 +0000 (11:46 +0200)]
Fixed IDi in case neither left nor leftid is configured.
Andreas Steffen [Sun, 15 Apr 2012 21:39:27 +0000 (23:39 +0200)]
fixed parsing of port ranges in Scanner IMV
Tobias Brunner [Sat, 14 Apr 2012 06:40:27 +0000 (08:40 +0200)]
Typo fixed in NEWS.
Martin Willi [Wed, 11 Apr 2012 15:43:30 +0000 (17:43 +0200)]
Don't invoke child_updown hook twice as responder
Martin Willi [Tue, 3 Apr 2012 06:35:25 +0000 (08:35 +0200)]
Accept zero-length certificate request payloads
Tobias Brunner [Fri, 6 Apr 2012 08:53:47 +0000 (10:53 +0200)]
Properly initialize src in ike_sa_t.is_any_path_valid().
Andreas Steffen [Thu, 5 Apr 2012 14:52:37 +0000 (16:52 +0200)]
checksum need a libradius_init() symbol
Andreas Steffen [Thu, 5 Apr 2012 07:11:47 +0000 (09:11 +0200)]
version bump to 4.6.3rc1
Andreas Steffen [Thu, 5 Apr 2012 07:04:11 +0000 (09:04 +0200)]
remove leading zero in ASN.1 encoded serial numbers
Andreas Steffen [Wed, 4 Apr 2012 09:29:00 +0000 (11:29 +0200)]
ASN.1 two's complement encoding prevents overflow in CRL serial number
Tobias Brunner [Wed, 4 Apr 2012 08:51:46 +0000 (10:51 +0200)]
Make AES-CMAC actually usable for IKEv2.
Martin Willi [Wed, 4 Apr 2012 08:31:57 +0000 (10:31 +0200)]
Added another bunch of commonly used IKEv1 NATT vendor IDs
Andreas Steffen [Tue, 3 Apr 2012 12:19:37 +0000 (14:19 +0200)]
represent 0 as a single byte
Andreas Steffen [Tue, 3 Apr 2012 12:12:50 +0000 (14:12 +0200)]
moved chunk_skip_zero to chunk.h
Andreas Steffen [Tue, 3 Apr 2012 10:49:05 +0000 (12:49 +0200)]
added IKEv2 Generic Secure Password Authentication Method
Andreas Steffen [Tue, 3 Apr 2012 10:48:48 +0000 (12:48 +0200)]
added IKEv2 Generic Secure Password Authentication Method
Andreas Steffen [Tue, 3 Apr 2012 10:21:39 +0000 (12:21 +0200)]
added GSPM IKEv2 payload
Andreas Steffen [Tue, 3 Apr 2012 10:07:13 +0000 (12:07 +0200)]
fixed typo
Tobias Brunner [Tue, 3 Apr 2012 08:56:47 +0000 (10:56 +0200)]
Doxygen fixes.
Tobias Brunner [Tue, 3 Apr 2012 08:48:03 +0000 (10:48 +0200)]
Added NEWS about cmac plugin.
Tobias Brunner [Tue, 3 Apr 2012 08:45:09 +0000 (10:45 +0200)]
Added test vectors for AES-CMAC.
Tobias Brunner [Tue, 3 Apr 2012 08:40:47 +0000 (10:40 +0200)]
Implemented AES-CMAC based PRF and signer.
The cmac plugin implements AES-CMAC as defined in RFC 4493 and the
signer and PRF based on it as defined in RFC 4494 and RFC 4615,
respectively.
Tobias Brunner [Tue, 3 Apr 2012 08:33:59 +0000 (10:33 +0200)]
Fixed GNU license header in hmac and xcbc plugins.
Martin Willi [Mon, 2 Apr 2012 11:58:21 +0000 (13:58 +0200)]
More detailed NEWS about RADIUS extensions
Andreas Steffen [Fri, 30 Mar 2012 09:15:10 +0000 (11:15 +0200)]
updated supported EAP methods
Tobias Brunner [Thu, 29 Mar 2012 08:01:55 +0000 (10:01 +0200)]
Add support for dnQualifier in DNs.
Andreas Steffen [Tue, 27 Mar 2012 13:05:36 +0000 (15:05 +0200)]
remove leading zeros in ASN.1 encoded serial numbers
Tobias Brunner [Tue, 27 Mar 2012 07:47:38 +0000 (09:47 +0200)]
Added NEWS about resolvconf support.
Tobias Brunner [Mon, 26 Mar 2012 13:09:21 +0000 (15:09 +0200)]
Make resolvconf interface prefix configurable.
Tobias Brunner [Mon, 26 Mar 2012 13:00:14 +0000 (15:00 +0200)]
Added support for the resolvconf framework in resolve plugin.
If /sbin/resolvconf is found nameservers are not written directly to
/etc/resolv.conf but instead resolvconf is invoked.
Tobias Brunner [Tue, 27 Mar 2012 08:37:56 +0000 (10:37 +0200)]
Use single DBG2 statements in kernel_netlink plugin (i.e. ignore mark.value).
Tobias Brunner [Thu, 22 Mar 2012 15:13:15 +0000 (16:13 +0100)]
Don't cast second argument of mem_printf_hook (%b) to size_t.
Also treat the given number as unsigned int.
Due to the printf hook registration the second argument of
mem_printf_hook (if called via printf etc.) is always of type int*.
Casting this to a size_t pointer and then dereferencing that as int does
not work on big endian machines if int is smaller than size_t (e.g. on ppc64).
In order to make this change work if the argument is of a type larger
than int, size_t for instance, the second argument for %b has to be casted
to (u_)int.
Tobias Brunner [Thu, 22 Mar 2012 15:11:39 +0000 (16:11 +0100)]
smp: Use proper signed type to get return value of read(2).
Tobias Brunner [Thu, 22 Mar 2012 13:10:59 +0000 (14:10 +0100)]
pluto: Use time_monotonic() instead of a custom implementation.
Tobias Brunner [Mon, 26 Mar 2012 13:23:17 +0000 (15:23 +0200)]
Don't include individual glib headers in nm plugin.
Expections are glib/gi18n.h, glib/gi18n-lib.h, glib/gprintf.h and
glib/gstdio.h.
Martin Willi [Thu, 22 Mar 2012 14:01:35 +0000 (15:01 +0100)]
Fix null-terminated XAuth passwords, as sent by Android 4
Martin Willi [Wed, 21 Mar 2012 15:57:06 +0000 (16:57 +0100)]
Store authentication info of a XAUTH round on IKE_SA