sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
13,463 Commits 101 Branches 327 Tags
Commit Graph

13463 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Brunner
e0b35142c1 message: Make packet argument optional in generate() 2014-10-10 09:30:26 +02:00
Tobias Brunner
127a98dc90 ikev1: Move fragment generation to message_t 2014-10-10 09:30:26 +02:00
Tobias Brunner
147fe503af ike: Rename encryption_payload to encrypted_payload 2014-10-10 09:30:25 +02:00
Tobias Brunner
7fb363c8f7 ipsec: Remove unsupported listcards and rereadgroups commands 2014-10-08 18:44:23 +02:00
Tobias Brunner
5bc6947738 ipsec: Document missing commands 2014-10-08 18:44:23 +02:00
Tobias Brunner
92cea9c368 ipsec: Update usage output 2014-10-08 18:44:23 +02:00
Tobias Brunner
4279bfdb40 ipsec: Remove duplicate check for internal commands 2014-10-08 18:44:23 +02:00
Tobias Brunner
249aa67f87 ipsec: Only set PATH if it is not already set 
The comment indicated this but it was always set anyway.  All internal
commands are called via their absolute paths, so the script only uses PATH for
the uname command, but if that is not located in one of the configured
directories the script will fail.

Also, since the internal commands are called via their absolute paths there is
no need to add the directories to PATH.
 2014-10-08 18:44:23 +02:00
Tobias Brunner
d52b8738b5 ikev1: Fix handling of UNITY_LOAD_BALANCE 
The re-authentication is now handled within the original IKE_SA if it has not
yet been established, so we don't want to destroy it.
 2014-10-07 13:46:18 +02:00
Tobias Brunner
d4828f51e0 ikev1: Don't queue more than one mode config or XAuth task 
At the time we reset an IKE_SA (e.g. when re-authenticating a not yet
established SA due to a roaming event) such tasks might already be queued
by one of the phase 1 tasks.  If the SA is initiated again another task will
get queued by the phase 1 task.  This results in e.g. multiple mode config
requests, which most gateways will have problems with.
 2014-10-07 13:45:01 +02:00
Tobias Brunner
89e953797d testing: Don't check for the actual number of SWID tags in PDP scenarios 
The number of SWID tags varies depending on the base image, but lets
assume the number is in the hundreds.
 2014-10-07 12:18:36 +02:00
Tobias Brunner
8f9016b1e2 testing: Make TNC scenarios agnostic to the actual Debian version 
The scenarios will work with new or old base images as long as the version
in use is included as product in the master data (src/libimcv/imv/data.sql).
 2014-10-07 12:18:25 +02:00
Tobias Brunner
93fac61da5 testing: Make TKM related build recipes future-proof 
The tkm scenarios recently failed due to a segmentation fault on my host
because I had an old build of the tkm library already built in the build
directory.  Because the stamp file was not versioned the new release was
never checked out or built and charon-tkm was linked against the old
version causing a segmentation fault during key derivation.
 2014-10-07 10:47:06 +02:00
Andreas Steffen
f83215bbdb version bump to 5.2.1rc1 2014-10-06 23:14:13 +02:00
Martin Willi
7d3c58a511 Merge branch 'ext-auth' 
Integrates the ext-auth plugin by Vyronas Tsingaras. The new child process
abstraction simplifies implementation in both the new ext-auth and the existing
updown plugin, and makes them available on the Windows platform.
5.2.1dr1 		2014-10-06 18:31:14 +02:00
Martin Willi
9180c921e8 NEWS: Mention new ext-auth plugin 2014-10-06 18:30:46 +02:00
Martin Willi
b2c1973ffb ext-auth: Add an ext-auth plugin invoking an external authorization script 
Original patch courtesy of Vyronas Tsingaras.
 2014-10-06 18:30:46 +02:00
Martin Willi
6890bdc7a0 updown: Use process abstraction to invoke updown script 2014-10-06 18:24:39 +02:00
Martin Willi
7dd06d274d process: Add a wrapper to invoke a command under the system default shell 2014-10-06 18:24:39 +02:00
Martin Willi
02e4dedce5 process: Port child process spawning to the Windows platform 2014-10-06 18:24:39 +02:00
Martin Willi
1fea589c1f process: Provide an abstraction to spawn child processes with redirected I/O 2014-10-06 18:24:39 +02:00
Andreas Steffen
100c1a4bf1 testing: Updated certificates and keys in sql scenarios 2014-10-06 09:42:58 +02:00
Andreas Steffen
e9a93cb772 Added IF-M Segmentation support to NEWS 2014-10-05 23:00:19 +02:00
Andreas Steffen
b95b664644 Incremental parsing fixes 2014-10-05 22:52:59 +02:00
Andreas Steffen
73af3a1b04 Updated revoked certificate in ikev2/ocsp-revoked scenario 2014-10-05 21:33:35 +02:00
Andreas Steffen
006518e859 The critical-extension scenarios need the old private keys 2014-10-05 20:58:03 +02:00
Andreas Steffen
1bea00651d Added add_segment() method to TCG/PTS attributes 2014-10-05 19:43:27 +02:00
Andreas Steffen
01be87d086 Added add_segment() method to TCG/SEG attributes 2014-10-05 19:14:38 +02:00
Andreas Steffen
a5dfe7a29a OS IMV proposes IF-M segmentation contract 
The OS IMV sends a TCG IF-M Segmentation contract request.
All IETF standard attributes support segmentation. Additionally
the IETF Installed Packages standard attributes supports
incremental processing while segments are received.
 2014-10-05 18:43:55 +02:00
Andreas Steffen
fc47211740 SWID IMC proposes IF-M segmentation contracts 2014-10-05 18:43:55 +02:00
Andreas Steffen
30774ee5d6 unit-tests: Updated libimcv test suite 2014-10-05 18:43:54 +02:00
Andreas Steffen
9a515a8856 Added add_segment() method to IETF attributes 2014-10-05 18:43:54 +02:00
Andreas Steffen
97ec4cb055 Added add_segment() method to ITA attributes 2014-10-05 18:43:54 +02:00
Andreas Steffen
903a427008 Implemented incremental processing of SWID tag [ID] inventory attribute 2014-10-05 18:43:54 +02:00
Andreas Steffen
eba0cbcee3 Implemented add_segment method for PA-TNC attributes 2014-10-05 12:55:38 +02:00
Andreas Steffen
e77df5a1f6 Added total length parameter in PA-TNC attribute constructor 2014-10-05 12:55:38 +02:00
Andreas Steffen
ebfd8278f9 Assignment of flags starts with bit 0 2014-10-05 12:55:38 +02:00
Andreas Steffen
95e1524a64 Register the reception of the AIK attribute 2014-10-05 12:55:38 +02:00
Andreas Steffen
4f5b435fe9 Unit tests for libimcv 2014-10-05 12:55:38 +02:00
Andreas Steffen
e23cad3564 Compacted chunk creation in ita_attr_command constructor 2014-10-05 12:55:38 +02:00
Andreas Steffen
d6fb2cc6e3 Merged libpts into libimcv 2014-10-05 12:55:37 +02:00
Andreas Steffen
c4d0987609 Added out message queue for imv_msg receive method 2014-10-05 12:55:37 +02:00
Andreas Steffen
e911ac9a5f Implemented IF-M segmentation 2014-10-05 12:55:37 +02:00
Andreas Steffen
89d12654b3 Added request variable to get_info_string method 2014-10-03 22:25:09 +02:00
Andreas Steffen
f50968976b Implemented IF-M segmentation contracts 2014-10-03 22:25:09 +02:00
Andreas Steffen
38b5f527e2 Allow to treat specified Attribute-Type-Not-Supported errors as non-fatal 2014-10-03 22:25:09 +02:00
Tobias Brunner
030295dd44 testing: Updated swanctl certificates and keys 2014-10-03 12:50:08 +02:00
Tobias Brunner
12e9ed12ec testing: Wait a bit in swanctl scenarios before interacting with the daemon 2014-10-03 12:44:14 +02:00
Tobias Brunner
e9028462c8 testing: Actually build swanctl 2014-10-03 12:44:14 +02:00
Tobias Brunner
722a8a177e testing: Make sure the whitelist plugin is ready before configuring it 2014-10-03 12:44:14 +02:00