]>
git.ipfire.org Git - thirdparty/strongswan.git/log
Martin Willi [Fri, 5 Feb 2010 13:25:38 +0000 (14:25 +0100)] 
Refactored common used operations into TLS crypto helper
Martin Willi [Fri, 5 Feb 2010 11:30:01 +0000 (11:30 +0000)]
Properly send empty EAP-TLS messages
Martin Willi [Fri, 5 Feb 2010 11:28:48 +0000 (11:28 +0000)]
Derive MSK for EAP-TLS authentication
Martin Willi [Fri, 5 Feb 2010 11:27:52 +0000 (11:27 +0000)]
Verify Server Finished message
Martin Willi [Fri, 5 Feb 2010 10:50:29 +0000 (10:50 +0000)]
Implemented input record decryption and verification
Martin Willi [Thu, 4 Feb 2010 17:18:10 +0000 (18:18 +0100)]
Implemented key derivation, output record signing and encryption
Martin Willi [Thu, 4 Feb 2010 10:17:48 +0000 (11:17 +0100)]
Derive master secret, create Finished message
Martin Willi [Thu, 4 Feb 2010 09:08:07 +0000 (10:08 +0100)]
Implemented the TLS specific PRF in its TLSv1.0 and TLSv1.2 variants
Martin Willi [Wed, 3 Feb 2010 18:53:40 +0000 (19:53 +0100)]
Implemented sending of Certificate, ClientKeyExchange, CertificateVerify and ChangeCipherSpec as peer
Martin Willi [Mon, 1 Feb 2010 14:12:18 +0000 (15:12 +0100)]
Implemented a tls_writer class to simplify TLS data generation
Martin Willi [Mon, 1 Feb 2010 10:25:44 +0000 (10:25 +0000)]
Implemented a tls_reader class to simplify TLS data parsing
Martin Willi [Mon, 25 Jan 2010 16:31:55 +0000 (17:31 +0100)]
Process ServerHello(Done), Certificate(Request) messages
Martin Willi [Mon, 25 Jan 2010 11:23:59 +0000 (11:23 +0000)]
Send a ClientHello to start TLS negotiation
Martin Willi [Mon, 25 Jan 2010 11:21:57 +0000 (11:21 +0000)]
Added TLS crypto helper, currently supports cipher suite selection
Martin Willi [Mon, 25 Jan 2010 11:15:05 +0000 (11:15 +0000)]
Added support for AUTH_HMAC_SHA2_256_256, used in TLS
Martin Willi [Mon, 25 Jan 2010 09:44:35 +0000 (10:44 +0100)]
Added stubs for handshake handling, server and peer variants
Martin Willi [Mon, 25 Jan 2010 09:42:44 +0000 (10:42 +0100)]
Accept follow-up fragments with a TLS message length
Martin Willi [Fri, 22 Jan 2010 16:24:17 +0000 (17:24 +0100)]
Added dummy/identity implementations of the different TLS record layers
Martin Willi [Fri, 22 Jan 2010 14:35:29 +0000 (15:35 +0100)]
Pass TLS records to newly introduced TLS stack
Martin Willi [Thu, 21 Jan 2010 14:11:38 +0000 (15:11 +0100)]
Added some TLS constants
Martin Willi [Thu, 21 Jan 2010 13:39:39 +0000 (14:39 +0100)]
(De-)fragment EAP-TLS packets, pass TLS records to upper layer
Martin Willi [Mon, 11 Jan 2010 13:21:58 +0000 (14:21 +0100)]
Added EAP-TLS plugin stub
Thomas Egerer [Mon, 2 Aug 2010 14:46:29 +0000 (16:46 +0200)] 
Do not touch child from collision if peer deleted it
Waldemar Brodkorb [Sun, 1 Aug 2010 19:20:15 +0000 (21:20 +0200)] 
substitute obsolete function calls(bzero/index)
Andreas Steffen [Fri, 30 Jul 2010 20:27:41 +0000 (22:27 +0200)] 
delete tarball files
Andreas Steffen [Fri, 30 Jul 2010 20:26:14 +0000 (22:26 +0200)]
version bump to 4.4.2
Martin Willi [Fri, 30 Jul 2010 08:57:59 +0000 (10:57 +0200)]
The va_list trick does not seem to be portable, revert dots-in-section fix
This reverts commit
8f50d06c354cd31fc295afc5598afff4096b5e77.
Thomas Egerer [Thu, 29 Jul 2010 11:03:01 +0000 (13:03 +0200)]
Fix segfault on 'ipsec stroke up ]' command
Martin Willi [Thu, 29 Jul 2010 10:00:21 +0000 (12:00 +0200)]
Fixed settings lookup if the section/key contains dots
Martin Willi [Wed, 28 Jul 2010 09:06:49 +0000 (11:06 +0200)]
Added NEWS for snprintf() fixes
Martin Willi [Fri, 18 Jun 2010 07:15:45 +0000 (09:15 +0200)]
Fix use of snprintf() in pluto subjectAltName enumeration
Martin Willi [Fri, 18 Jun 2010 07:18:49 +0000 (09:18 +0200)]
Fix use of snprintf() in IETF attributes to string conversion
Martin Willi [Fri, 18 Jun 2010 07:18:27 +0000 (09:18 +0200)]
Fix use of snprintf() in identification DN to ASCII conversion
Martin Willi [Wed, 28 Jul 2010 08:49:58 +0000 (10:49 +0200)]
More NEWS for HA functionality
Martin Willi [Wed, 28 Jul 2010 07:51:41 +0000 (09:51 +0200)]
Implemented a HA enabled in-memory address pool
Martin Willi [Wed, 28 Jul 2010 07:43:53 +0000 (09:43 +0200)]
Added a function to segmentate a generic integer
Andreas Steffen [Tue, 27 Jul 2010 19:16:44 +0000 (21:16 +0200)]
added NETMAP rules for the reverse direction
Andreas Steffen [Tue, 27 Jul 2010 18:49:48 +0000 (20:49 +0200)]
fixed description of ikev2/net2net-same-nets scenario
Martin Willi [Tue, 27 Jul 2010 10:05:39 +0000 (12:05 +0200)]
Reserving does not work, as our pools do not support acquiring arbitrary addresses
This reverts commit
d1384080b3ba74f366eaf8b5f027babca3f5d607.
Martin Willi [Tue, 27 Jul 2010 07:54:27 +0000 (09:54 +0200)]
Mem pool does not support multiple leases for an identity
Martin Willi [Tue, 27 Jul 2010 07:18:06 +0000 (09:18 +0200)]
Flush any remaining cache state if an IKE_SA goes down
Martin Willi [Mon, 26 Jul 2010 13:17:19 +0000 (15:17 +0200)]
Added NEWS related to HA functionality
Martin Willi [Mon, 26 Jul 2010 13:10:54 +0000 (15:10 +0200)]
Synchronize EAP-Identity of remote peer
Martin Willi [Mon, 26 Jul 2010 13:01:24 +0000 (15:01 +0200)]
Reserve virtual IP of passive IKE_SAs in the local pool
Martin Willi [Mon, 26 Jul 2010 12:30:19 +0000 (14:30 +0200)]
Added strongswan.conf options for HA heartbeat
Martin Willi [Mon, 26 Jul 2010 11:49:35 +0000 (13:49 +0200)]
Log CHILD_SA segment responsibility
Martin Willi [Mon, 26 Jul 2010 10:07:38 +0000 (12:07 +0200)]
Pass initiator parameter to distinguish between original and exchange initiator
Martin Willi [Mon, 26 Jul 2010 10:05:04 +0000 (12:05 +0200)]
Pass the CREATE_CHILD_SA initiator flag to the child_keys parameter
Martin Willi [Thu, 22 Jul 2010 16:54:35 +0000 (18:54 +0200)]
Use a sync message cache to resynchronize IKE_SAs without rekeying
Martin Willi [Thu, 22 Jul 2010 13:56:11 +0000 (15:56 +0200)]
Log received HA message types
Martin Willi [Thu, 22 Jul 2010 13:55:08 +0000 (15:55 +0200)]
Add enum names for HA message types
Martin Willi [Thu, 22 Jul 2010 13:52:18 +0000 (13:52 +0000)]
Delay resynchronization request until starter has loaded the configurations
Martin Willi [Thu, 22 Jul 2010 12:38:05 +0000 (14:38 +0200)]
Replaces in_segment() by a more generic get_segment() function
Martin Willi [Thu, 22 Jul 2010 11:20:18 +0000 (13:20 +0200)]
Use distinct message types for HA message ID updates
Martin Willi [Thu, 22 Jul 2010 09:42:22 +0000 (11:42 +0200)]
Migrated ha plugin to INIT/METHOD macros
Andreas Steffen [Sun, 25 Jul 2010 09:56:33 +0000 (11:56 +0200)]
added net2net-same-nets
Martin Willi [Fri, 23 Jul 2010 14:02:28 +0000 (16:02 +0200)]
Added NEWS for the eap-simaka-sql plugin
Andreas Steffen [Wed, 21 Jul 2010 19:43:43 +0000 (21:43 +0200)]
NEWS cosmetics
Martin Willi [Wed, 21 Jul 2010 15:27:06 +0000 (17:27 +0200)]
Multiple RADIUS server NEWS
Martin Willi [Wed, 21 Jul 2010 15:06:00 +0000 (17:06 +0200)]
Implemented support for multiple RADIUS servers
Martin Willi [Wed, 21 Jul 2010 07:15:32 +0000 (09:15 +0200)]
Migrated eap-radius plugin to INIT/METHOD macros
Martin Willi [Wed, 21 Jul 2010 12:55:51 +0000 (14:55 +0200)]
Added log statement if peer requests EAP, but current config does not allow it
Andreas Steffen [Sat, 17 Jul 2010 21:25:15 +0000 (23:25 +0200)]
remove the private updown scripts after use
Andreas Steffen [Sat, 17 Jul 2010 15:36:04 +0000 (17:36 +0200)]
minor fixes in the ikev2/rw-mark-in-out scenarios
Andreas Steffen [Sat, 17 Jul 2010 15:25:01 +0000 (17:25 +0200)]
updated NEWS
Andreas Steffen [Sat, 17 Jul 2010 15:19:26 +0000 (17:19 +0200)]
some reformulations
Andreas Steffen [Sat, 17 Jul 2010 14:32:47 +0000 (16:32 +0200)]
the ikev2/nat-two-rw-mark and ikev2/rw-mark-in-out scenarios use the PLUTO_MARK_IN and PLUTO_ESP_ENC variables in the mark_update script
Andreas Steffen [Sat, 17 Jul 2010 11:41:40 +0000 (13:41 +0200)]
documented the new PLUTO environment variables available in the updown script
Andreas Steffen [Sat, 17 Jul 2010 11:27:19 +0000 (13:27 +0200)]
in a ESP_IN_UDP situation make UDP port available in the updown script
Andreas Steffen [Sat, 17 Jul 2010 11:09:28 +0000 (13:09 +0200)]
fix html error in scenario description
Andreas Steffen [Sat, 17 Jul 2010 11:08:50 +0000 (13:08 +0200)]
make xfrm marks available in the updown scripts
Andreas Steffen [Sat, 17 Jul 2010 07:13:48 +0000 (09:13 +0200)]
check for mark changes in ipsec update
Andreas Steffen [Thu, 15 Jul 2010 21:19:52 +0000 (23:19 +0200)]
all x509 based sql scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 21:17:37 +0000 (23:17 +0200)]
all x509 based pfkey scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 21:07:12 +0000 (23:07 +0200)]
all x509 based p2pnat scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 21:02:17 +0000 (23:02 +0200)]
all x509 based ipv6/*-ikev2 scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 20:40:20 +0000 (22:40 +0200)]
all x509 based ike scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 20:33:05 +0000 (22:33 +0200)]
all x509 based openssl-ikev2 scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 20:03:16 +0000 (22:03 +0200)]
all x509 based gcrypt-ikev2 scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 19:39:01 +0000 (21:39 +0200)]
all x509 based ikev2 scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 19:37:45 +0000 (21:37 +0200)]
ikev2/net2net-psk-dscp does not need certificate support
Andreas Steffen [Thu, 15 Jul 2010 18:03:04 +0000 (20:03 +0200)]
add revocation plugin to ikev2/rw-cert scenario
Andreas Steffen [Thu, 15 Jul 2010 04:29:26 +0000 (06:29 +0200)]
Warn about manual plugin load directives for pluto/charon with --disable-load-warning compile option
Martin Willi [Wed, 14 Jul 2010 05:15:56 +0000 (07:15 +0200)]
Revert "Warn about manual plugin load directives for pluto/charon"
This reverts commit
5c46726d0d91db5b1fc4ea53326e73443133f22d.
Andreas Steffen [Tue, 13 Jul 2010 19:04:20 +0000 (21:04 +0200)]
activate --enable-addrblock configure option in UML scenarios
Martin Willi [Tue, 13 Jul 2010 12:43:45 +0000 (14:43 +0200)]
Warn about manual plugin load directives for pluto/charon
Martin Willi [Tue, 13 Jul 2010 12:28:11 +0000 (14:28 +0200)]
Remove plugin load directives from default strongswan.conf
Martin Willi [Tue, 13 Jul 2010 12:18:19 +0000 (14:18 +0200)]
Added NEWS about --signcrl and PEM support in pki utility
Martin Willi [Tue, 13 Jul 2010 12:14:39 +0000 (14:14 +0200)]
Added pki PEM encoding support for certificates, CRLs and PKCS10 requests
Martin Willi [Tue, 13 Jul 2010 11:53:33 +0000 (13:53 +0200)]
Added support for Certificate, CRL and PKCS10 encoding to PEM plugin
Martin Willi [Tue, 13 Jul 2010 11:34:04 +0000 (13:34 +0200)]
Support different encoding types in certificate.get_encoding()
Martin Willi [Tue, 13 Jul 2010 09:28:04 +0000 (11:28 +0200)]
Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding
Martin Willi [Tue, 13 Jul 2010 09:01:08 +0000 (11:01 +0200)]
Moved keys/key_encoding.[ch] to cred_encoding.[ch]
Martin Willi [Tue, 13 Jul 2010 08:42:02 +0000 (10:42 +0200)]
Fixed doxygen group of cert_validator interface
Martin Willi [Tue, 13 Jul 2010 07:34:57 +0000 (09:34 +0200)]
Added NEWS for revocation/addrblock plugin
Martin Willi [Tue, 13 Jul 2010 07:29:57 +0000 (09:29 +0200)]
Added addrblock plugin to RFC3779 test cases
Martin Willi [Tue, 13 Jul 2010 07:28:44 +0000 (09:28 +0200)]
Added revocation plugin to ikev2 crl/ocsp test cases
Martin Willi [Tue, 13 Jul 2010 07:19:39 +0000 (09:19 +0200)]
Moved X509 ipAddrBlock checking to the addrblock plugin
Martin Willi [Tue, 13 Jul 2010 06:39:19 +0000 (08:39 +0200)]
Added a hook to narrow traffic selectors for CHILD_SAs
Martin Willi [Mon, 12 Jul 2010 14:25:56 +0000 (16:25 +0200)]
Moved bus_t to METHOD/INIT macros
projects / thirdparty / strongswan.git / log
