sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-15 00:00:16 -04:00
Code Issues Projects Releases Wiki Activity
10,977 Commits 101 Branches 327 Tags
Commit Graph

10977 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Brunner
18dab76bfa android: Repurpose android-net to simply handle connectivity events 
Using the events by NetworkManager/ConnectivityManager to trigger roam events
instead of the events generated by the kernel-netlink plugin the noise level
is much lower.
 2013-05-03 15:11:20 +02:00
Tobias Brunner
37873f9994 kernel-netlink: Add an option to disable roam events 2013-05-03 15:11:19 +02:00
Tobias Brunner
3b7f25906e android: Replace android-net plugin with kernel-netlink 
Virtual IPs are not handled by the kernel-netlink plugin and tun devices are
ignored.
 2013-05-03 15:11:19 +02:00
Tobias Brunner
67332b4e22 android: Set strongswan.conf options before initializing other libraries 2013-05-03 15:11:19 +02:00
Tobias Brunner
0b9ce21b5e kernel-netlink: Define defaults for routing table and prio 2013-05-03 15:11:19 +02:00
Tobias Brunner
2d7b55bf9b openssl: Define a default for FIPS_MODE 2013-05-03 15:11:19 +02:00
Martin Willi
9312fbc73d In memwipe_check(), don't put magic on stack when calling do_magic() 
Otherwise the magic might be on the stack while checking it.
 2013-05-03 14:17:37 +02:00
Martin Willi
1657b4ef26 Dump stack if memwipe() check fails 2013-05-03 11:41:51 +02:00
Andreas Steffen
0f499f41dc Use attest database in tnc/tnccs-20-os scenario 5.0.4 2013-04-21 16:31:23 +02:00
Andreas Steffen
9fab0a58d3 fixed a 64bit time_t issue 2013-04-21 16:07:13 +02:00
Andreas Steffen
70a7917e72 destroy SQL query 2013-04-21 16:00:23 +02:00
Andreas Steffen
6c998b8b9e Keep last AR ID 2013-04-21 08:19:30 +02:00
Andreas Steffen
bec5bf02ac Added use of openssl-fips library to NEWS 2013-04-19 18:49:43 +02:00
Andreas Steffen
1b912ad384 check for successful activation of FIPS mode 2013-04-19 18:46:52 +02:00
Andreas Steffen
b97dd59ba8 install FIPS-aware OpenSSL Debian packages 2013-04-19 18:36:38 +02:00
Andreas Steffen
545df30c18 Added openssl-ikev2/rw-cpa scenario 2013-04-19 18:34:35 +02:00
Andreas Steffen
70312e6596 build openssl-fips in KVM root-image 2013-04-19 18:34:35 +02:00
Andreas Steffen
2d902d7e7c fixed typo 2013-04-19 18:33:41 +02:00
Martin Willi
e6ba688a35 During libstrongswan initialization, check if memwipe() works as expected 2013-04-18 13:05:37 +02:00
Andreas Steffen
6b99da026c added libstrongswan.plugins.openssl.fips_mode to man page 2013-04-16 13:44:06 +02:00
Andreas Steffen
f4de6496a2 support of OpenSSL FIPS-140-2 library 2013-04-16 12:37:04 +02:00
Andreas Steffen
ef934caba8 build soup plugin in KVM test environment 2013-04-15 20:23:41 +02:00
Andreas Steffen
8d384fb7df disable reauth, too 2013-04-15 20:21:27 +02:00
Tobias Brunner
73da6c88a4 Fix checksum calculation with DESTDIR installations 2013-04-15 16:48:46 +02:00
Andreas Steffen
2e12fc4b0a version bump to 5.0.4 2013-04-14 19:58:17 +02:00
Andreas Steffen
654c88bca8 Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers 2013-04-14 19:57:49 +02:00
Martin Willi
cf1696cab9 Allow SHA1_Init()/SHA1_Update() to fail if OpenSSL version >= 1.0 2013-04-10 18:10:30 +02:00
Martin Willi
b52771fbb2 Check RSA_public_decrypt() length before constructing and comparing a chunk 
If decryption fails, it returns -1. chunk_equals() should catch that error,
but be more explicit in error checking.
 2013-04-10 18:10:30 +02:00
Martin Willi
97d975b7bb RSA_check_key() may return -1 if it fails 2013-04-10 18:10:30 +02:00
Martin Willi
96a09ce226 RAND_bytes/RAND_pseudo_bytes returns -1 if it is not supported by RAND method 2013-04-10 18:10:30 +02:00
Martin Willi
0faaab20cd Check return value of ECDSA_Verify() correctly 2013-04-10 18:10:30 +02:00
Martin Willi
b2b99e61c8 eap-radius: Add an option to exclude ports from Called/Calling-Station-Id 2013-04-10 13:48:03 +02:00
Andreas Steffen
022df06e1a version bump to 5.0.4dr1 2013-04-09 15:20:49 +02:00
Andreas Steffen
676e862487 fixed another printf statement 2013-04-09 15:16:49 +02:00
Andreas Steffen
1a185ae14b fixed printf statements 2013-04-08 22:21:14 +02:00
Andreas Steffen
12fa1784d0 emit a single assig_vips bus message for all VIPs 2013-04-06 14:16:30 +02:00
Andreas Steffen
ba2880d569 ifmap plugin subscribes to assing_vip bus signal 2013-04-06 11:09:41 +02:00
Tobias Brunner
5cb4f5519b Added missing sasl Doxygen group 2013-04-05 16:03:39 +02:00
Tobias Brunner
14edee56bf unity: Check IKE_SA in only after enumerating virtual IPs 2013-04-05 16:03:10 +02:00
Andreas Steffen
8dade2d146 fixed configure options 5.0.3 2013-04-04 21:09:07 +02:00
Andreas Steffen
2a4915e87a cleaned up XML code in tnccs-11 plugin 2013-04-04 17:12:07 +02:00
Martin Willi
9c84bbcbc0 duplicheck: track multiple IKE_SAs in checking state to avoid any races 
When two consequent duplicates have been detected, track state of each checking
IKE_SA separately, avoiding potential race conditions between the active SA
and the different SAs in checking state.
 2013-04-04 15:51:48 +02:00
Andreas Steffen
93f53a78b5 fixed memory leak 2013-04-03 21:38:04 +02:00
Andreas Steffen
3ea6fcb593 properly handle orphaned renewSession jobs 2013-04-03 21:38:04 +02:00
Andreas Steffen
91503c2112 support chunked HTTP responses 2013-04-03 21:38:04 +02:00
Andreas Steffen
1044710b04 implemented periodic IF-MAP RenewSession request 2013-04-03 21:38:04 +02:00
Martin Willi
bee8b5e385 Refactor check_for_rekeyed_child() in quick_mode task 2013-04-03 17:08:00 +02:00
Martin Willi
ac48d9e458 Reuse reqid of an existing Quick Mode, even if it has been rekeyed 
If two peers rekey Quick Modes at the same time, the original Quick Mode is
in REKEYING state and hence the requid is not reused. This is required though,
as two identical policies won't work if they have different requids.
 2013-04-03 15:56:26 +02:00
Martin Willi
7f4f1e8249 List all stroke counters when "all" is given, and report if connection not known 2013-04-03 14:58:08 +02:00
Martin Willi
bee6515a28 Defer CHILD_SA rekeying if allocating an SPI fails 2013-04-03 12:25:27 +02:00