sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-12-05 00:01:49 -05:00
Code Issues Projects Releases Wiki Activity
10,526 Commits 104 Branches 331 Tags
Commit Graph

10526 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andreas Steffen
37c589f0e0 Configure winnetou as a DNSSEC enabled nameserver for the strongswan.org, org, and root zones 2013-02-19 12:25:01 +01:00
Andreas Steffen
3fbc328d14 Build unbound and ipseckey plugins on KVM image 2013-02-19 12:25:01 +01:00
Andreas Steffen
65cdda5cf8 Streamlined log messages in ipseckey plugin 2013-02-19 12:25:00 +01:00
Andreas Steffen
a4ddc0bb26 Encode RSA public keys in RFC 3110 DNSKEY format 2013-02-19 12:25:00 +01:00
Andreas Steffen
f2145c8d3a Moved configuration from resolver manager to unbound plugin 
Also streamlined log messages in unbound plugin.
 2013-02-19 12:25:00 +01:00
Reto Guadagnini
95650c0836 ipseckey: Report IPSECKEYs with invalid DNSSEC security state 2013-02-19 12:25:00 +01:00
Reto Guadagnini
932717fbde ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.conf 2013-02-19 12:25:00 +01:00
Reto Guadagnini
a77bbc3b8c Added ipseckey plugin, which provides support for public keys in IPSECKEY RRs 2013-02-19 12:25:00 +01:00
Reto Guadagnini
d786cbda5c Implemented the resolver test script "dnssec" 2013-02-19 11:57:21 +01:00
Reto Guadagnini
cfd07978d0 unbound: Implementation of query method of unbound_resolver_t 2013-02-19 11:57:21 +01:00
Reto Guadagnini
5a4126b490 unbound: Implemented resolver_response_t as unbound_response_t 2013-02-19 11:57:21 +01:00
Reto Guadagnini
62ea67e700 Implemented rr_set_t interface 2013-02-19 11:57:21 +01:00
Reto Guadagnini
4a335a2164 unbound: Implemented rr_t as unbound_rr_t 2013-02-19 11:57:21 +01:00
Reto Guadagnini
9f963a7cfc Added unbound plugin implementing the resolver interface using libunbound 2013-02-19 11:57:21 +01:00
Reto Guadagnini
b1505b345b Added manager for DNS resolvers 2013-02-19 11:57:21 +01:00
Reto Guadagnini
ffdeeb6609 Added interface for DNS resolvers 2013-02-19 11:57:21 +01:00
Andreas Steffen
c381e46855 added missing return statement 2013-02-19 10:24:23 +01:00
Martin Willi
69faf63528 Fix encoding of issuerAndSubject while handling SCEP pending state 2013-02-19 09:53:47 +01:00
Andreas Steffen
0f7cb0caf4 reject PB-Experimental messages with NOSKIP flag set 2013-02-19 09:31:34 +01:00
Andreas Steffen
9b4a8e1ced added parameter descriptions 2013-02-19 07:44:57 +01:00
Andreas Steffen
2c1219c217 removed superfluous debug output 2013-02-15 15:19:16 +01:00
Martin Willi
b5b76df012 Add a timeout to clean up PDP RADIUS connections 2013-02-14 17:20:09 +01:00
Martin Willi
dadd9744b6 Keep the PDP connections lock while accessing its objects 
When we introduce connection timeouts, the state may disappear at any time.
This change prevents that, but is not very clear. We probably have to refactor
connection handling.
 2013-02-14 17:19:56 +01:00
Martin Willi
37884ab10f Add locking to TNC-PDP connections 2013-02-14 17:19:49 +01:00
Martin Willi
d20a2cc5f3 Add IF-M message subtype getter to IMC/IMV messages 2013-02-14 17:18:24 +01:00
Martin Willi
bbe9261bbf Use a generic constructor to create PA-TNC error attributes 2013-02-14 17:18:00 +01:00
Martin Willi
4755ab505d Add a global return_success() method implementation 2013-02-14 17:17:45 +01:00
Martin Willi
de32b8aed6 Add a convenience method to check pen_type_t for vendor and type 2013-02-14 17:17:30 +01:00
Martin Willi
d03b338487 Add a comparison function for pen_type_t 2013-02-14 17:17:22 +01:00
Martin Willi
9db54bbcd4 Whitespace and comment cleanups in pen.[ch] 2013-02-14 17:17:07 +01:00
Andreas Steffen
f838f457a8 resolve dependency on libtls 2013-02-14 17:15:33 +01:00
Martin Willi
e212033ef2 Merge branch 'ike-dscp' 2013-02-14 17:11:35 +01:00
Martin Willi
285668b6e3 Check if recommendations is set before applying language preference 2013-02-14 17:09:28 +01:00
Martin Willi
a9df87bf89 PT-TLS dispatcher TNCCS constructor takes peer identities to pass to factory 2013-02-14 17:09:28 +01:00
Martin Willi
8b56943222 Merge branch 'pt-tls' 2013-02-14 17:06:07 +01:00
Martin Willi
46ae05dd17 Remove leading zeros in SCEP certificate serialNumbers 2013-02-14 16:56:32 +01:00
Tobias Brunner
96a2d2077b Fix 'stroke loglevel any' 
Before b46a5cd4 this worked if debug_t was unsigned.  In that case -1,
as returned by enum_from_name(), would result in a large positive number.
So any unknown debug group (including 'any') had the same effect that
was only intended for 'any'.
 2013-02-13 12:18:20 +01:00
Andreas Steffen
5374fe3a09 added ikev1/net2net-fragmentation scenario 5.0.3dr1 2013-02-12 23:01:48 +01:00
Andreas Steffen
bac1052dea treat EAP identities as user IDs 2013-02-12 21:58:03 +01:00
Andreas Steffen
7d355f853d use EAP identity in tnc/tnccs-20-pdp scenario 2013-02-12 20:41:37 +01:00
Andreas Steffen
2a421163bf make TNC client authentication type available to IMVs 2013-02-12 20:38:05 +01:00
Andreas Steffen
3e56352815 determine underlying IF-T transport protocol 2013-02-12 12:25:39 +01:00
Andreas Steffen
bd1ee5bdc4 make AR identities available to IMVs via IF-IMV 1.4 draft 2013-02-11 15:30:44 +01:00
Andreas Steffen
ebb87f08f7 Make IKE/EAP IDs available to TNC server/client 2013-02-11 15:30:44 +01:00
Tobias Brunner
98063d8187 Don't use a time_t variable with fscanf when parsing uptime 
Because "%u" is used as format string in the fscanf call that parses the
uptime and because the length of time_t varies on different platforms
and architectures the value was not written properly if time_t was longer
than an unsigned int and depending on how the target variable was aligned
on the stack.  Since there is no conversion specifier to properly parse a
time_t value we use the appropriate integer type instead.
 2013-02-08 11:33:13 +01:00
Tobias Brunner
af5452ba76 Allow more than one CERTREQ payload for IKEv2 
There is no reason not to do so (RFC 5996 explicitly mentions multiple
CERTREQ payloads) and some implementations seem to use the same behavior
as had to be used with IKEv1 (i.e. each CA in its own CERTREQ payload).
 2013-02-08 11:28:56 +01:00
Martin Willi
f476ff84f3 Add a --httptimeout option to scepclient 2013-02-08 11:09:33 +01:00
Martin Willi
763e86c093 Use CURL_TIMEOUT and not CURL_CONNECTTIMEOUT for FETCHER_TIMEOUT in curl 
This allows us to use this timeout beyond DNS resolution. For the initial
connect, we use a hardcoded timeout of 10s for now.
 2013-02-08 11:08:06 +01:00
Martin Willi
88f4cd3988 Add ikedscp documentation to ipsec.conf.5 2013-02-06 15:42:14 +01:00
Martin Willi
7fbe516f88 Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets 2013-02-06 15:36:36 +01:00