aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Added IFOM_CAPABILITY notify message typeAndreas Steffen2013-11-012-6/+10
|
* Updated copyright statementAndreas Steffen2013-11-011-5/+7
|
* charon-xpc: Set AUTH_RULE_IDENTITY_LOOSE on responder configMartin Willi2013-11-011-0/+4
| | | | | This allows the server to use a different IKE identity as long as the configured hostname is contained in the certificate.
* ike: Don't immediately DPD after deferred DELETEs following IKE_SA rekeyingMartin Willi2013-11-011-0/+8
| | | | | | | Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, which is perfectly valid. For short(er) DPD delays, this leads to the situation where we send a DPD request during set_state(), but the IKE_SA has no hosts set yet. Avoid that DPD by resetting the INBOUND timestamp during set_state().
* Added security info on CVE-2013-6075 and CVE-2013-60765.1.1Andreas Steffen2013-10-311-0/+9
|
* ikev1: Properly initialize list of fragments in case fragment ID is 0Volker Rümelin2013-10-311-1/+1
| | | | Fixes CVE-2013-6076.
* identification: Properly check length before comparing for binary DN equalityMartin Willi2013-10-311-1/+1
| | | | Fixes CVE-2013-6075.
* unit-tests: Additionally do reverse match checking with empty identitiesMartin Willi2013-10-311-0/+55
|
* unit-tests: Test matching against some empty data identitiesMartin Willi2013-10-311-0/+44
|
* unit-tests: Test for equality against some empty data identitiesMartin Willi2013-10-311-0/+43
|
* unit-tests: Let identity equality test fail if a->equals(b) != b->equals(a)Martin Willi2013-10-311-1/+1
|
* PB-TNC PDP_REFERRAL message doesn't have to be in RESULT batchAndreas Steffen2013-10-311-1/+1
|
* Version bump to 5.1.1Andreas Steffen2013-10-313-5/+2010
|
* Added test-driver to .gitignoreAndreas Steffen2013-10-301-1/+2
|
* Encrypt carol's PKCS#8 private key in openssl-ikve2/rw-suite-b-128|192 scenariosAndreas Steffen2013-10-304-13/+16
|
* updown: fix segfault when interface name can't be resolvedAnsis Atteka2013-10-301-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The child_updown() function sets up environment variables to the updown script. Sometimes call to hydra->kernel_interface->get_interface() could fail and iface variable could be left uninitialized. This patch fixes this issue by passing "unknown" as interface name. Here is the stacktrace: 0 0x00007fa90791f445 in raise () from /lib/x86_64-linux-gnu/libc.so.6 1 0x00007fa907922bab in abort () from /lib/x86_64-linux-gnu/libc.so.6 2 0x0000000000401ed7 in segv_handler (signal=11) at charon.c:183 3 <signal handler called> 4 0x00007fa90793221f in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6 5 0x00007fa9079f0580 in __vsnprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6 6 0x00007fa9079f04c8 in __snprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6 7 0x00007fa8f9b95b86 in snprintf ( __fmt=0x7fa8f9b961b8 "2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='%s%s%s' PLUTO_CONNECTION='%s' PLUTO_INTERFACE='%s' PLUTO_REQID='%u' PLUTO_ME='%H' PLUTO_MY_ID='%Y' PLUTO_MY_CLIENT='%H/%u' PLUTO_MY_PORT='%u' PLUTO_MY_PROTOCOL='%u"..., __n=1024, __s=0x7fa8f7923440 "2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-host' PLUTO_CONNECTION='remote-40.0.0.40' PLUTO_INTERFACE='\367\250\177") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:65 8 child_updown (this=0x8486b0, ike_sa=0x7fa8e4005f80, child_sa=0x7fa8d4008290, up=true) at updown_listener.c:308 9 0x00007fa907ecc11c in ?? () from /usr/lib/strongswan/libcharon.so.0 10 0x00007fa907ef89bf in ?? () from /usr/lib/strongswan/libcharon.so.0 11 0x00007fa907ef2fc8 in ?? () from /usr/lib/strongswan/libcharon.so.0 12 0x00007fa907ee84ff in ?? () from /usr/lib/strongswan/libcharon.so.0 13 0x00007fa907ee3067 in ?? () from /usr/lib/strongswan/libcharon.so.0 14 0x00007fa90835e8fb in ?? () from /usr/lib/strongswan/libstrongswan.so.0 15 0x00007fa908360d30 in ?? () from /usr/lib/strongswan/libstrongswan.so.0 16 0x00007fa907cade9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 17 0x00007fa9079db4bd in clone () from /lib/x86_64-linux-gnu/libc.so.6 18 0x0000000000000000 in ?? () Signed-Off-By: Ansis Atteka <aatteka@nicira.com>
* debian: build debug symbol packageAnsis Atteka2013-10-302-1/+13
| | | | | | | | | | | | | Before this patch all debug symbols were stripped off and simply discarded. GDB without debug symbols is barely usable, but at the same time distributing binaries with debug symbols would drastically increase strongswan/libstrongswan package size. Instead of discarding debug symbols, it would be better to strip them off into a dedicated debian package. So that, if needed, one could still install them and use GDB. Signed-off-by: Ansis Atteka <aatteka@nicira.com>
* ipsec: Updated ipsec(8)Tobias Brunner2013-10-292-97/+126
|
* ipsec: Remove unused distro.txtTobias Brunner2013-10-291-2/+0
|
* utils: Include stdio.h for fmemopen() replacementTobias Brunner2013-10-291-0/+1
| | | | | This might now be required because Vstr is not necessarily required anymore, which means stdio.h might not be pulled in by prinf_hook.h.
* Use exact mask when calling umask(2)Tobias Brunner2013-10-293-3/+3
| | | | | | Due to the previous negation the high bits of the mask were set, which at least some versions of the Android build system prevent with a compile-time check.
* whitelist: Read multiple commands until client closes connectionMartin Willi2013-10-291-30/+28
| | | | | This restores the same behavior we had before e11c02c8, and fixes the whitelist add/remove-from command.
* libtnccs: Add dummy entry to pb_tnc_tcg_msg_infosTobias Brunner2013-10-291-1/+2
| | | | | That's required because the first message type in pb_tnc_tcg_msg_type_t is 1 not 0.
* swid: Properly clean up after reading SWID tagTobias Brunner2013-10-291-2/+3
|
* man: strongswan.conf(5) updatedTobias Brunner2013-10-291-5/+35
|
* Fixed some typosTobias Brunner2013-10-294-4/+4
|
* charon-xpc: Load missing eap-md5 plugin after enabling itMartin Willi2013-10-281-1/+1
|
* charon-xpc: Disable warnings about deprecated functionsMartin Willi2013-10-281-1/+1
| | | | This avoids all the deprecated warnings when using OpenSSL functins.
* charon-xpc: Avoid -all_load linker flagMartin Willi2013-10-281-1/+0
| | | | This seems to be not required anymore with the LLVM 5 toolchain.
* charon-xpc: Properly xpc_retain() connections we xpc_release()Martin Willi2013-10-282-0/+2
|
* charon-xpc: Properly cast SA identifier to uintptr representationMartin Willi2013-10-281-1/+1
|
* charon-xpc: Don’t build against libvstr anymoreMartin Willi2013-10-282-14/+4
| | | | We now have our own printf backend and use it instead of Vstr.
* charon-xpc: Build with EAP-MD5 supportMartin Willi2013-10-281-2/+2
|
* utils: Fix check for fmemopen() fallback implementationMartin Willi2013-10-242-2/+3
|
* unit-tests: Set sa_len in sockaddr template data, if requiredMartin Willi2013-10-241-0/+6
|
* printf-hook-builtin: Don't rely on isinf() return value signednessMartin Willi2013-10-241-8/+9
| | | | | Many systems don't return a negative value for negative infinities; so do a separate check.
* watcher: Rebuild fdset when select() failsMartin Willi2013-10-241-1/+12
| | | | | | This should make sure we refresh the fdset if a user closes an FD it just removed. Some selects() seem to complain about the bad FD before signaling the notification pipe.
* rwlock: Disable thread cancelability while waiting in (fallback) rwlockMartin Willi2013-10-241-0/+7
| | | | | | An rwlock wait is not a thread cancellation point. As a canceled thread would not have released the mutex, the rwlock would have been left in unusable state.
* rwlock: Don't use buggy pthread_rwlock on OS XMartin Willi2013-10-241-0/+7
| | | | Recursive read locks don't seem to work properly, at least on 10.9.
* utils: Provide a fmemopen(3) fallback using BSD funopen()Martin Willi2013-10-243-0/+62
|
* Fixed sql/net2net-route-pem scenario evaluation5.1.1rc1Andreas Steffen2013-10-231-2/+2
|
* Added some example Debian SWID tagsAndreas Steffen2013-10-238-1/+211
|
* Added Brainpool ECP support to NEWSAndreas Steffen2013-10-231-0/+4
|
* Added two Brainpool IKEv2 scenariosAndreas Steffen2013-10-2322-0/+298
|
* pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOBTobias Brunner2013-10-2311-74/+54
| | | | This allows more than one builder to try parsing the data read from STDIN.
* chunk: Add helper function to create a chunk from data read from a file ↵Tobias Brunner2013-10-232-0/+40
| | | | descriptor
* semaphore: Support cancellation in wait functions of semaphore fallbackMartin Willi2013-10-231-4/+6
| | | | | Semaphore wait functions should be a thread cancellation point, but did not properly release the mutex in the fallback implementation.
* rwlock: Re-acquire rwlock even if condvar wait times outMartin Willi2013-10-231-1/+1
| | | | | A caller expects that the associated rwlock is held, whether the condvar gets signaled or the wait times out.
* Updated and split data.sqlAndreas Steffen2013-10-2318-4565/+392
|
* Adapted recipe and patches to freeradius-2.2.1Andreas Steffen2013-10-223-23/+4
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 09:28:49 +0000