sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
17,125 Commits 101 Branches 327 Tags
Commit Graph

17125 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Brunner
21280da9f5 testing: Fix ikev2/net2net-rsa scenario 2019-05-08 14:56:48 +02:00
Tobias Brunner
da8e33f3ca testing: Add wrapper script to build certificates in root image 
This does not modify the root image but uses the strongSwan version
installed there (avoids build dependencies on version installed on the
host to use pki to generate all the keys and certificates).
 2019-05-08 14:56:48 +02:00
Andreas Steffen
a89ad28b89 testing: Upgrade to Linux 5.1 kernel 2019-05-08 14:56:48 +02:00
Andreas Steffen
df6441a13f pki: Allow inclusion of [unsupported] critical X.509 extension 2019-05-08 14:56:48 +02:00
Andreas Steffen
b213204b3b testing: Updated build-certs script 2019-05-08 14:56:48 +02:00
Andreas Steffen
cfeae14b06 testing: Deleting dynamic test keys and certificates 2019-05-08 14:56:48 +02:00
Tobias Brunner
2a72056cee testing: Exclude files that are ignored in Git from the distribution 
Since the complete hosts and tests directories are part of the tarball
this would include generated certificates and keys.
 2019-05-08 14:56:48 +02:00
Andreas Steffen
92c001f766 testing: Remove dynamic keys and certs from repository 2019-05-08 14:56:48 +02:00
Andreas Steffen
00f1d09729 testing: Build data.sql files for SQL test cases 2019-05-08 14:56:48 +02:00
Tobias Brunner
0c924641e6 pki: Add different output options for --keyid 
Makes machine-processing these identifiers easier.
 2019-05-08 14:56:48 +02:00
Tobias Brunner
05275905ef testing: Build CERT and IPSECKEY RRs for strongswan.org zone 
Also copy generated keys to DNSSEC test cases.
 2019-05-08 14:56:48 +02:00
Tobias Brunner
1e059c837b testing: Rename public keys in DNSSEC scenarios 
We will generate PEM-encoded public keys with the script.
 2019-05-08 14:56:48 +02:00
Tobias Brunner
326bb5f2c5 testing: Convert keys and certificates for all TKM scenarios 2019-05-08 14:56:48 +02:00
Tobias Brunner
0136852f19 testing: Disable leak detective in build-certs script 2019-05-08 14:56:48 +02:00
Andreas Steffen
8db01c6a3f testing: Script building fresh certificates 2019-05-08 14:56:48 +02:00
Tobias Brunner
3ee352a691 smp: Use correct printf specifier to print SPIs 2019-05-08 14:48:54 +02:00
Tobias Brunner
e6e4113e9f fast: Use correct printf specifier to print content length 2019-05-08 14:48:54 +02:00
Tobias Brunner
12e64e5cf4 libimcv: Use proper printf specifier for unsigned issuer and responder IDs 2019-05-08 14:48:54 +02:00
Tobias Brunner
994cff3fac swima-collector: Use proper type for field precision 2019-05-08 14:48:54 +02:00
Tobias Brunner
a4abb263c9 openssl: Fix build with OpenSSL 1.1.1 without compatibility layer 
If OpenSSL is built with --api, defines for deprecated functions in
OpenSSL's header files are not visible anymore.

Fixes #3045.
 2019-05-08 14:28:18 +02:00
Tobias Brunner
91dce6e876 travis: Build OpenSSL 1.1.1 without compatibility layer for older versions 
Configuring 1.1.1 is not actually possible with 1.1.1b, not sure if
that's on purpose.
 2019-05-08 14:27:19 +02:00
Tobias Brunner
885c05b0da travis: Make sure crypto plugins are actually loaded 2019-05-08 14:27:13 +02:00
Tobias Brunner
ba817d2917 starter: Remove IPsec stack detection 
Checking specifically for /proc/net/pfkey is not ideal as af_key will
eventually be removed in Linux kernels.  Support for KLIPS is long gone.
The detection also wasn't used for anything anymore (failures were just
ignored since the ports to BSD-based systems).  And modprobing doesn't seem
to be necessary either (charon-systemd doesn't do that, for instance).
 2019-05-07 11:13:03 +02:00
Tobias Brunner
c7a0b39bd6 vici: Add Python command wrappers to tarball 
Fixes: e0f7da864481 ("vici: Extract command wrappers in Python bindings")
 2019-05-06 15:51:05 +02:00
Tobias Brunner
c88030807e pki: Fix memory leaks in --signcrl if signature scheme is not found 
Fixes: dd4bd21c5a22 ("pki: Query private key for supported signature schemes")
 2019-04-30 10:25:56 +02:00
Tobias Brunner
bc0a01ff2e testing: Update documentation in headers of all updown scripts 2019-04-29 17:43:04 +02:00
Tobias Brunner
b31bff125c swanctl: Move documentation of if_id_in/out after all mark-related options 
Also fix a typo.
 2019-04-29 17:38:28 +02:00
Tobias Brunner
02b348403a Fixed some typos, courtesy of codespell 2019-04-29 15:09:20 +02:00
Tobias Brunner
c546c1ba71 nonce: Allow overriding the RNG quality used to generate nonces 
Usually, changing this won't be necessary (actually, some plugins
specifically use different DRGBs for RNG_WEAK in order to separate
the public nonces from random data used for e.g. DH).
But for experts with special plugin configurations this might be
more flexible and avoids code changes.
 2019-04-29 10:49:35 +02:00
SophieK
75d9dc40d4 unit-tests: Fix skipping of some ECDSA signature schemes 
Closes strongswan/strongswan#137.
 2019-04-29 09:56:49 +02:00
Tobias Brunner
23ff10551f NEWS: Added some news for 5.8.0 2019-04-26 18:54:58 +02:00
Tobias Brunner
6b952f6921 Merge branch 'update-vici-bindings' 
Updates the command wrappers in all the bindings and simplifies calling
new commands (i.e. not yet wrapped) with the Python and Ruby bindings.

Fixes #3028.
 2019-04-26 10:19:21 +02:00
Tobias Brunner
eefa81120c vici: Update command wrappers in the Perl bindings 
Note that load_key() now returns the complete response (to get the key
identifier).
 2019-04-26 10:15:48 +02:00
Tobias Brunner
968866afc6 vici: Update some data in the Ruby gemspec 2019-04-26 10:15:48 +02:00
Tobias Brunner
cc2ef8f8a7 vici: Some code style fixes in the Ruby bindings 
As reported by rubocop (some issues were not fixed, in particular
related to class/method length metrics).
 2019-04-26 10:15:43 +02:00
Tobias Brunner
1fef01af58 vici: Update command wrappers of the Ruby bindings 
Also reorder them to match README.md.
 2019-04-26 09:35:37 +02:00
Tobias Brunner
3b39444556 vici: Refactor how commands are called in the Ruby bindings 
Also expose a method to call arbitrary commands, which allows calling not
yet wrapped commands. Exceptions are raised for all commands if the response
includes a negative "success" key (similar to how it's done in the Python
bindings).
 2019-04-26 09:35:11 +02:00
Tobias Brunner
42fe703a95 vici: Fix formatting of return values for load-conn and load-authority commands 2019-04-26 09:35:10 +02:00
Tobias Brunner
c5113c8105 vici: Add missing command wrappers for Python bindings 
Also change some for which the return value became relevant.
 2019-04-26 09:35:10 +02:00
Tobias Brunner
e0f7da8644 vici: Extract command wrappers in Python bindings 
This simplifies the interface and allows calling not yet wrapped
commands more easily.
 2019-04-26 09:18:54 +02:00
Tobias Brunner
89c8ba525b eap-aka-3gpp2: Increase SQN after each authentication 2019-04-25 15:58:17 +02:00
Tobias Brunner
f9e8f5a623 Merge branch 'childless' 
Adds support for childless initiation of IKE_SAs (RFC 6023) e.g. to
force a separate DH exchange for all CHILD_SAs including the first one.

Also allows the initiation of only the IKE_SA via swanctl --initiate if
the peer supports this extension.

Closes strongswan/strongswan#99.
 2019-04-25 15:32:02 +02:00
Tobias Brunner
012221a867 testing: Add swanctl/net2net-childless scenario 2019-04-25 15:23:19 +02:00
Tobias Brunner
fbb0feeea9 unit-tests: Add unit tests for childless IKE_SA initiation 2019-04-25 15:23:19 +02:00
Tobias Brunner
1b19469c67 unit-tests: Make childless initiation configurable 2019-04-25 15:23:19 +02:00
Tobias Brunner
e0678a8cc6 unit-tests: Add helper to create but not yet establish two IKE_SAs 2019-04-25 15:23:19 +02:00
Tobias Brunner
202fb101b8 unit-tests: Add macros to assert certain payloads are (not) in a message 2019-04-25 15:23:19 +02:00
Tobias Brunner
c863960eb1 vici: Support initiation of IKE_SAs 
The configuration must allow the initiation of a childless IKE_SA (which
is already the case with the default of 'accept').
 2019-04-25 15:23:19 +02:00
Tobias Brunner
2889b77da2 vici: Make childless initiation of IKE_SAs configurable 2019-04-25 15:23:19 +02:00
Tobias Brunner
6b00d34b42 controller: Make child config optional for initiate() 2019-04-25 15:23:19 +02:00