tteras/strongswan/src/libcharon/config, branch master

Fixed some typos, courtesy of codespell

2017-11-15T09:21:13+00:00

proposal: Remove MODP-1024 from default IKE proposal

2017-11-08T15:47:16+00:00

RFC 8247 demoted it to SHOULD NOT. This might break connections with
Windows clients unless they are configured to use a stronger group or
matching weak proposals are configured explicitly on the server.

References #2427.

proposal: Remove MD5 from default IKE proposal

2017-11-08T15:47:04+00:00

RFC 8247 demoted MD5 to MUST NOT.

References #2427.

proposal: Remove deprecated algorithms from default ESP and AH proposals

2017-11-08T15:46:51+00:00

This removes algorithms that were deprecated by RFC 8221 (3DES, BF, MD5)
from the default proposals for ESP and AH.

References #8247.

child-cfg: Optionally set mark on inbound SA

2017-11-02T08:59:38+00:00

ike-cfg: Fix memory leak when checking for configured address

2017-08-29T14:25:42+00:00

peer-cfg: Use an rwlock instead of a mutex to safely access child-cfgs

2017-07-27T11:34:40+00:00

If multiple threads want to enumerate child-cfgs and potentially lock
other locks (e.g. check out IKE_SAs) while doing so a deadlock could
be caused (as was the case with VICI configs with start_action=start).
It should also improve performance for roadwarrior connections and lots
of clients connecting concurrently.

Fixes #2374.

ike-cfg: Fix memory leak when matching against ranges

2017-05-29T08:50:58+00:00

traffic_selector_t::to_subnet() always sets the net/host (unless the
address family was invalid).

Fixes: 3070697f9f7c ("ike: support multiple addresses, ranges and subnets in IKE address config")

linked-list: Change return value of find_first() and signature of its callback

2017-05-26T11:56:44+00:00

This avoids the unportable five pointer hack.

Change interface for enumerator_create_filter() callback

2017-05-26T11:56:44+00:00

This avoids the unportable 5 pointer hack, but requires enumerating in
the callback.