strongswan

mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00

Author	SHA1	Message	Date
Tobias Brunner	5d227c79a9	Doxygen fix in PKCS#7 wrapper	2012-06-19 13:32:59 +02:00
Andreas Steffen	87f8ff168b	sleep one second more	2012-06-19 06:18:05 +02:00
Andreas Steffen	e4012ae386	use socket-default in scenario	2012-06-19 06:17:37 +02:00
Andreas Steffen	bc60bb8bf4	added ikev1/xauth-id-rsa-hybrid scenario	2012-06-18 22:51:50 +02:00
Andreas Steffen	771a66c6a0	added ikev1/xauth-id-rsa-aggressive scenario	2012-06-18 22:30:26 +02:00
Andreas Steffen	2045a9d36d	added secret as valid authby argument	2012-06-18 22:11:18 +02:00
Andreas Steffen	8b8f5c6141	rsasig is not recognized as authentication method	2012-06-18 22:03:36 +02:00
Andreas Steffen	49d18a8e06	enable potentially unsafe aggressive mode	2012-06-18 21:34:48 +02:00
Andreas Steffen	7a892288fb	change ikev1/xauth scenarios to modern notation	2012-06-18 21:22:01 +02:00
Tobias Brunner	6d3702ed61	testing: List IPv6 routing table in IPv6 test cases.	2012-06-15 16:46:27 +02:00
Tobias Brunner	5c1332bf7c	NLM_F_DUMP includes NLM_F_ROOT.	2012-06-15 16:46:27 +02:00
Tobias Brunner	8ec51f83e5	Don't create roam jobs based on cached/cloned routes.	2012-06-15 16:44:18 +02:00
Tobias Brunner	9896b6bd58	Don't compare ports when comparing cached routes. At least src_ip has a port set sometimes.	2012-06-15 16:44:07 +02:00
Tobias Brunner	31bcaf604a	starter: Fixed parsing of %defaultroute.	2012-06-15 10:46:56 +02:00
Martin Willi	af518b450e	Adopt children as XAuth initiator (which is IKE responder)	2012-06-14 14:49:19 +02:00
Martin Willi	794cdbc53f	Added 5.0 NEWS about IKEv1 in charon	2012-06-14 10:57:29 +02:00
Martin Willi	e36497700c	Print the kind of *Swan during starter startup	2012-06-14 10:25:48 +02:00
Martin Willi	137035cc78	Show what kind of *Swan we run in "ipsec status"	2012-06-14 10:25:48 +02:00
Martin Willi	b31a56f128	Require a scary option to respond to Aggressive Mode PSK requests While Aggressive Mode PSK is widely used, it is known to be subject to dictionary attacks by passive attackers. We don't complain as initiator to be compatible with existing (insecure) setups, but require a scary strongswan.conf option if someone wants to use it as responder.	2012-06-14 10:25:48 +02:00
Andreas Steffen	e49f18f74d	thanks to narrowing treat right\|leftsubnetwithin as synonyms for right\|leftsubnet	2012-06-14 07:55:12 +02:00
Andreas Steffen	daa857029f	removed plutostart parameter	2012-06-13 21:19:05 +02:00
Tobias Brunner	dd38e9fc83	scepclient: Fixed Makefile after removing enable-smartcard configure option.	2012-06-13 15:08:14 +02:00
Tobias Brunner	f7cbc0fafe	Use proper defines for IPV6_PKTINFO on Mac OS X Lion and newer.	2012-06-13 15:02:10 +02:00
Tobias Brunner	2015c46985	Some updates to the INSTALL document.	2012-06-13 12:24:23 +02:00
Tobias Brunner	6d599fb964	Removed remaining pluto related configure options.	2012-06-13 11:33:32 +02:00
Tobias Brunner	25fb9d3f4a	starter: Print additional help texts for selected deprecated keywords.	2012-06-12 16:15:03 +02:00
Tobias Brunner	9707d9db79	starter: Improved how deprecated keywords are handled. We only throw a warning now instead of rejecting the config.	2012-06-12 16:15:03 +02:00
Tobias Brunner	5c7a219804	Revert "starter: Don't treat unsupported keywords as fatal errors just report them." This reverts commit e55876a657ae9d4bbf14320e5a14f86cc5c31c7f.	2012-06-12 16:15:03 +02:00
Martin Willi	5a6e5e0d2d	NEWS about specifying trustchain HASH algorithm requirements	2012-06-12 15:01:39 +02:00
Martin Willi	7c4214bd38	Add documentation for signature hash algorithm enforcing to man ipsec.conf	2012-06-12 15:01:39 +02:00
Martin Willi	e35bbb9740	Added signature scheme options left/rightauth	2012-06-12 15:01:39 +02:00
Martin Willi	918e92c4c9	Support multiple different public key strength types in constraints	2012-06-12 14:24:49 +02:00
Martin Willi	fd4ff11858	Add signature schemes to auth_cfg during trustchain validation	2012-06-12 14:24:49 +02:00
Martin Willi	a37f2d2006	certificate_t->issued_by takes an argument to receive signature scheme	2012-06-12 14:24:49 +02:00
Martin Willi	439d0742e9	Define auth_cfg rules for signature schemes	2012-06-12 14:24:49 +02:00
Tobias Brunner	e7c01bed49	starter: Fixed parsing of left\|right=%any.	2012-06-12 10:16:51 +02:00
Andreas Steffen	4745fce666	deleted IKEv1 charon-pluto interoperability scenarios	2012-06-12 10:00:21 +02:00
Tobias Brunner	4d21846912	starter: Fix comparison of connections.	2012-06-11 17:33:32 +02:00
Tobias Brunner	3e2ff81e5d	starter: Removed all unsupported keywords.	2012-06-11 17:33:32 +02:00
Tobias Brunner	e55876a657	starter: Don't treat unsupported keywords as fatal errors just report them.	2012-06-11 17:33:32 +02:00
Tobias Brunner	fff4b74db2	Bye bye Pluto! Charon will take over IKEv1 duties from here. This also removes libfreeswan and whack.	2012-06-11 17:33:32 +02:00
Tobias Brunner	4a54860986	_copyright: Replicate copyright text here instead of calling libfreeswan.	2012-06-11 17:33:32 +02:00
Tobias Brunner	ee3026a1e2	starter: Remove all ties to pluto/libfreeswan. Moved some types/constants in the process.	2012-06-11 17:33:32 +02:00
Tobias Brunner	5b09310e67	starter: Use custom type for SA specific options (flags).	2012-06-11 17:33:31 +02:00
Tobias Brunner	29906e0eab	starter: Parse left\|rightprotoport directly in confread.c.	2012-06-11 17:33:31 +02:00
Tobias Brunner	eca839b0a7	starter: No special handling for left\|rightsubnet, just pass it on as string.	2012-06-11 17:33:31 +02:00
Tobias Brunner	6ce841b213	starter: Use host_t to parse left\|rightsourceip. Also for the yet unused natip option.	2012-06-11 17:33:31 +02:00
Tobias Brunner	0ac29be793	starter: Remove left\|rightsubnetwithin option (charon narrows left\|rightsubnet down accordingly).	2012-06-11 17:33:31 +02:00
Tobias Brunner	8dd094e185	starter: Don't resolve any addresses in starter. Also removed remains of some unknown iface option.	2012-06-11 17:33:31 +02:00
Tobias Brunner	efc69e9f38	starter: Removed pfs and pfsgroup options (handled via esp option).	2012-06-11 17:33:31 +02:00

1 2 3 4 5 ...

9090 Commits