sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
8,855 Commits 101 Branches 327 Tags
Commit Graph

8855 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Brunner
f9f867899a Use a separate list and mutex for loggers. 
This avoids deadlocks caused by extensive listener_t implementations
which might want to acquire a lock which is currently held by another
thread wanting to log messages. Since the latter requires that thread
to acquire the same lock the initial thread currently holds this
previously resulted in a deadlock.

With this change logging messages does not require threads to acquire
the main lock in bus_t and thus avoids the deadlock.
 2012-05-02 14:45:38 +02:00
Tobias Brunner
ecb5abd7fa Fixed return value of controller_t functions if callback returns FALSE. 2012-05-02 14:45:38 +02:00
Tobias Brunner
052e0a17b8 Use wrapped semaphore in callback_job_t. 2012-05-02 14:45:38 +02:00
Tobias Brunner
aac20ec784 Removed remaining parts of controller_t.listen() implementation. 2012-05-02 14:45:38 +02:00
Tobias Brunner
a629513961 Remove obsolete bus_t.listen() method. 2012-05-02 14:45:38 +02:00
Tobias Brunner
5a073784e2 Implement wait_for_listener in controller_t with semaphores. 
This eliminates even the slightest chance of a deadlock.
 2012-05-02 14:45:37 +02:00
Tobias Brunner
8f6c13271c Added a wrapper class around POSIX semaphores. 2012-05-02 14:45:37 +02:00
Tobias Brunner
b6e9c41861 Implement bus_t.listen() directly in controller_t (the only user). 
This will hopefully allow us to later simplify bus_t.
 2012-05-02 14:45:37 +02:00
Martin Willi
daab152afa Add plugin features support to stroke plugin 2012-05-02 14:05:52 +02:00
Martin Willi
0c7af2ce27 Certificate decoding soft-depends on public key decoding of specific types 2012-05-02 14:05:52 +02:00
Martin Willi
4b5e637472 PEM loading plugin features depend on the same feature, they are helpers only 2012-05-02 14:05:52 +02:00
Martin Willi
f14bf6345f Don't depend on a feature that has a dependency to the same feauture during unload 2012-05-02 14:05:52 +02:00
Martin Willi
b24be29646 Merge branch 'ikev1' 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/encoding/generator.c
	src/libcharon/encoding/payloads/notify_payload.c
	src/libcharon/encoding/payloads/notify_payload.h
	src/libcharon/encoding/payloads/payload.c
	src/libcharon/network/receiver.c
	src/libcharon/sa/authenticator.c
	src/libcharon/sa/authenticator.h
	src/libcharon/sa/ikev2/tasks/ike_init.c
	src/libcharon/sa/task_manager.c
	src/libstrongswan/credentials/auth_cfg.c
 2012-05-02 11:12:31 +02:00
Martin Willi
f99d8b10c9 Added a dedicated sender flush method, delay sender destruction until users gone 2012-05-02 10:22:59 +02:00
Tobias Brunner
13de38e354 Documented strongswan.conf options for radattr plugin. 2012-05-01 13:32:43 +02:00
Andreas Steffen
552557a65d add AUTH_RULE_SUBJECT_CERT for raw public keys 4.6.3 2012-04-30 13:40:48 +02:00
Andreas Steffen
6704d69f91 added missing whitespace 2012-04-30 11:42:09 +02:00
Tobias Brunner
88206458ce Properly initialize optional subject in PEM builder. 2012-04-30 10:48:57 +02:00
Tobias Brunner
00d79edc20 Typo fixed. 2012-04-30 10:47:42 +02:00
Andreas Steffen
501c163859 version bump to 4.6.3 2012-04-30 09:48:21 +02:00
Andreas Steffen
3577ec76a5 output validity of raw public key if available 2012-04-30 09:47:34 +02:00
Andreas Steffen
fe23d9aaa4 ikev2/net2net-pubkey scenario does not need dnskey plugin 2012-04-30 07:02:08 +02:00
Andreas Steffen
86b79a5f6d added ikev2/net2net-pubkey scenario 2012-04-30 00:33:18 +02:00
Andreas Steffen
7ea31a17ea added ikev2/net2net-rsa scenario 2012-04-30 00:32:58 +02:00
Andreas Steffen
5f1931ada1 added support for raw RSA public keys to stroke 2012-04-30 00:31:42 +02:00
Andreas Steffen
2338b9f019 added ikev2/rw-eap-md5-id-prompt scenario 2012-04-29 19:10:25 +02:00
Martin Willi
8c35f5d460 Fixed Android null terminated password fixup in xauth-eap 2012-04-26 14:35:27 +02:00
Tobias Brunner
23cb8ba72b Fixed null-pointer dereference in smp plugin. 2012-04-26 08:54:04 +02:00
Andreas Steffen
d2976167af CERT_TRUSTED_PUBKEY stores notBefore, notAfter and subject information 2012-04-25 20:53:08 +02:00
Tobias Brunner
7d85bebc49 pluto: Fix for null-terminated XAuth secrets (as sent by Android 4). 2012-04-24 09:25:38 +02:00
Andreas Steffen
5ff8fe5d48 activated cmac plugin in UML test suites 2012-04-22 22:22:25 +02:00
Andreas Steffen
86e50bd614 isolate a TNC client if an error occurs 2012-04-22 20:24:59 +02:00
Andreas Steffen
6c97b16333 version bump to 4.6.3rc2 2012-04-22 17:41:20 +02:00
Andreas Steffen
3092bf1090 exit if TBOOT dummy measurements are not defined 2012-04-22 17:40:59 +02:00
Tobias Brunner
5895c2e948 Option added to set identifier for syslog(3) logging. 
This identifier is added to each log message by syslog.
 2012-04-20 09:26:12 +02:00
Tobias Brunner
7e84c4275c Removed auth_cfg_t.replace_value() and replaced usages with add(). 
replace_value() was used to replace identities. Since for these the latest is
now returned by get(), adding the new identity with add() is sufficient.
 2012-04-18 18:50:14 +02:00
Tobias Brunner
ebc1ffe451 Changed the order and semantics of rules we expect only once in auth_cfg_t. 
These rules are now inserted at the front of the internal list, this
allows to retrieve the rule added last with get(). For other rules the
order in which they are added is maintained (this allows to properly
enumerate them).
 2012-04-18 18:50:14 +02:00
Tobias Brunner
80067cf9e6 Store password with remote ID to tie it stronger to a specific connection. 2012-04-18 13:32:49 +02:00
Tobias Brunner
9f1b303afc Added stroke user-creds command, to set username/password for a connection. 2012-04-17 14:20:58 +02:00
Tobias Brunner
7b00fdeb84 Added method to add additional shared secrets to stroke_cred_t. 2012-04-17 14:20:58 +02:00
Tobias Brunner
ff5cb888f6 Additional prompt keyword added to stroke. 2012-04-17 14:20:58 +02:00
Tobias Brunner
4c31657d2c Typo fixed. 2012-04-17 14:20:58 +02:00
Martin Willi
1b7debcc04 Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a few secs 
Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as
initiator, we can't know if the completing IKE_SA_INIT message is to our first
request or the one with the COOKIE. If the responder just enabled/disabled
COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE
behavior toggling improves the situation, but does not solve the problem during
the initial COOKIE activation.
 2012-04-17 10:02:21 +02:00
Martin Willi
d0d600e1ef Added a note about DH/keymat lifecycle for custom implementations 2012-04-17 10:02:21 +02:00
Martin Willi
a59a03670b Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE 2012-04-17 10:02:21 +02:00
Martin Willi
4837d2a981 Fix iteration through half-open IKE_SA table 2012-04-16 16:47:17 +02:00
Tobias Brunner
7fd6c078b6 Use IP address as ID as responder if not configured or no IDr received. 2012-04-16 14:09:51 +02:00
Tobias Brunner
b241a37411 Fall back on IP address as IDi if none is configured at all. 2012-04-16 13:44:27 +02:00
Tobias Brunner
b447af658c Use auth_cfg_t.replace_value where appropriate. 2012-04-16 13:44:27 +02:00
Tobias Brunner
68cca941cf Added a simple method to replace the value of a rule in auth_cfg_t. 2012-04-16 13:44:27 +02:00