aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * leak-detective: Call {gm,local}time_r() to allocate static bufferMartin Willi2013-11-061-0/+5
| | | | | | | | | | On OS X Mavericks, these functions use a static allocation and are hard to whitelist using other means.
| * leak-detective: Register OS X specific hooks just onceMartin Willi2013-11-061-0/+7
| | | | | | | | | | If we initialize libstrongswan more than once in the same process, we may not register the hooks twice.
| * leak-detective: Reset leak list during cleanupMartin Willi2013-11-061-0/+1
| | | | | | | | This resets leak detective state should it get created/destroyed more than once.
| * leak-detective: Use callback functions to report leaks and usage informationMartin Willi2013-11-065-46/+157
| | | | | | | | This is more flexible than printing reports to a FILE.
| * unit-tests: Move test suites to its own subfolderMartin Willi2013-11-0620-8/+22
|/
* ikev2: Properly free DH secret in case of errors during IKE key derivationTobias Brunner2013-11-061-0/+3
| | | | Fixes #437.
* unit-tests: completed asn1_suiteAndreas Steffen2013-11-041-33/+55
|
* Updated test_runner.h with new suitesAndreas Steffen2013-11-031-0/+2
|
* unit-tests: 100% function coverage for asn1.cAndreas Steffen2013-11-032-6/+286
|
* unit-tests: 12 asn1 functions testedAndreas Steffen2013-11-023-1/+541
|
* Some minor refactoring in asn1.cAndreas Steffen2013-11-021-11/+17
|
* Do not free zero-length integerAndreas Steffen2013-11-021-5/+10
|
* unit-tests: Added tests for pen_type_tAndreas Steffen2013-11-013-1/+89
|
* Added IFOM_CAPABILITY notify message typeAndreas Steffen2013-11-012-6/+10
|
* Updated copyright statementAndreas Steffen2013-11-011-5/+7
|
* charon-xpc: Set AUTH_RULE_IDENTITY_LOOSE on responder configMartin Willi2013-11-011-0/+4
| | | | | This allows the server to use a different IKE identity as long as the configured hostname is contained in the certificate.
* ike: Don't immediately DPD after deferred DELETEs following IKE_SA rekeyingMartin Willi2013-11-011-0/+8
| | | | | | | Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, which is perfectly valid. For short(er) DPD delays, this leads to the situation where we send a DPD request during set_state(), but the IKE_SA has no hosts set yet. Avoid that DPD by resetting the INBOUND timestamp during set_state().
* Added security info on CVE-2013-6075 and CVE-2013-60765.1.1Andreas Steffen2013-10-311-0/+9
|
* ikev1: Properly initialize list of fragments in case fragment ID is 0Volker Rümelin2013-10-311-1/+1
| | | | Fixes CVE-2013-6076.
* identification: Properly check length before comparing for binary DN equalityMartin Willi2013-10-311-1/+1
| | | | Fixes CVE-2013-6075.
* unit-tests: Additionally do reverse match checking with empty identitiesMartin Willi2013-10-311-0/+55
|
* unit-tests: Test matching against some empty data identitiesMartin Willi2013-10-311-0/+44
|
* unit-tests: Test for equality against some empty data identitiesMartin Willi2013-10-311-0/+43
|
* unit-tests: Let identity equality test fail if a->equals(b) != b->equals(a)Martin Willi2013-10-311-1/+1
|
* PB-TNC PDP_REFERRAL message doesn't have to be in RESULT batchAndreas Steffen2013-10-311-1/+1
|
* Version bump to 5.1.1Andreas Steffen2013-10-313-5/+2010
|
* Added test-driver to .gitignoreAndreas Steffen2013-10-301-1/+2
|
* Encrypt carol's PKCS#8 private key in openssl-ikve2/rw-suite-b-128|192 scenariosAndreas Steffen2013-10-304-13/+16
|
* updown: fix segfault when interface name can't be resolvedAnsis Atteka2013-10-301-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The child_updown() function sets up environment variables to the updown script. Sometimes call to hydra->kernel_interface->get_interface() could fail and iface variable could be left uninitialized. This patch fixes this issue by passing "unknown" as interface name. Here is the stacktrace: 0 0x00007fa90791f445 in raise () from /lib/x86_64-linux-gnu/libc.so.6 1 0x00007fa907922bab in abort () from /lib/x86_64-linux-gnu/libc.so.6 2 0x0000000000401ed7 in segv_handler (signal=11) at charon.c:183 3 <signal handler called> 4 0x00007fa90793221f in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6 5 0x00007fa9079f0580 in __vsnprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6 6 0x00007fa9079f04c8 in __snprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6 7 0x00007fa8f9b95b86 in snprintf ( __fmt=0x7fa8f9b961b8 "2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='%s%s%s' PLUTO_CONNECTION='%s' PLUTO_INTERFACE='%s' PLUTO_REQID='%u' PLUTO_ME='%H' PLUTO_MY_ID='%Y' PLUTO_MY_CLIENT='%H/%u' PLUTO_MY_PORT='%u' PLUTO_MY_PROTOCOL='%u"..., __n=1024, __s=0x7fa8f7923440 "2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-host' PLUTO_CONNECTION='remote-40.0.0.40' PLUTO_INTERFACE='\367\250\177") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:65 8 child_updown (this=0x8486b0, ike_sa=0x7fa8e4005f80, child_sa=0x7fa8d4008290, up=true) at updown_listener.c:308 9 0x00007fa907ecc11c in ?? () from /usr/lib/strongswan/libcharon.so.0 10 0x00007fa907ef89bf in ?? () from /usr/lib/strongswan/libcharon.so.0 11 0x00007fa907ef2fc8 in ?? () from /usr/lib/strongswan/libcharon.so.0 12 0x00007fa907ee84ff in ?? () from /usr/lib/strongswan/libcharon.so.0 13 0x00007fa907ee3067 in ?? () from /usr/lib/strongswan/libcharon.so.0 14 0x00007fa90835e8fb in ?? () from /usr/lib/strongswan/libstrongswan.so.0 15 0x00007fa908360d30 in ?? () from /usr/lib/strongswan/libstrongswan.so.0 16 0x00007fa907cade9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 17 0x00007fa9079db4bd in clone () from /lib/x86_64-linux-gnu/libc.so.6 18 0x0000000000000000 in ?? () Signed-Off-By: Ansis Atteka <aatteka@nicira.com>
* debian: build debug symbol packageAnsis Atteka2013-10-302-1/+13
| | | | | | | | | | | | | Before this patch all debug symbols were stripped off and simply discarded. GDB without debug symbols is barely usable, but at the same time distributing binaries with debug symbols would drastically increase strongswan/libstrongswan package size. Instead of discarding debug symbols, it would be better to strip them off into a dedicated debian package. So that, if needed, one could still install them and use GDB. Signed-off-by: Ansis Atteka <aatteka@nicira.com>
* ipsec: Updated ipsec(8)Tobias Brunner2013-10-292-97/+126
|
* ipsec: Remove unused distro.txtTobias Brunner2013-10-291-2/+0
|
* utils: Include stdio.h for fmemopen() replacementTobias Brunner2013-10-291-0/+1
| | | | | This might now be required because Vstr is not necessarily required anymore, which means stdio.h might not be pulled in by prinf_hook.h.
* Use exact mask when calling umask(2)Tobias Brunner2013-10-293-3/+3
| | | | | | Due to the previous negation the high bits of the mask were set, which at least some versions of the Android build system prevent with a compile-time check.
* whitelist: Read multiple commands until client closes connectionMartin Willi2013-10-291-30/+28
| | | | | This restores the same behavior we had before e11c02c8, and fixes the whitelist add/remove-from command.
* libtnccs: Add dummy entry to pb_tnc_tcg_msg_infosTobias Brunner2013-10-291-1/+2
| | | | | That's required because the first message type in pb_tnc_tcg_msg_type_t is 1 not 0.
* swid: Properly clean up after reading SWID tagTobias Brunner2013-10-291-2/+3
|
* man: strongswan.conf(5) updatedTobias Brunner2013-10-291-5/+35
|
* Fixed some typosTobias Brunner2013-10-294-4/+4
|
* charon-xpc: Load missing eap-md5 plugin after enabling itMartin Willi2013-10-281-1/+1
|
* charon-xpc: Disable warnings about deprecated functionsMartin Willi2013-10-281-1/+1
| | | | This avoids all the deprecated warnings when using OpenSSL functins.
* charon-xpc: Avoid -all_load linker flagMartin Willi2013-10-281-1/+0
| | | | This seems to be not required anymore with the LLVM 5 toolchain.
* charon-xpc: Properly xpc_retain() connections we xpc_release()Martin Willi2013-10-282-0/+2
|
* charon-xpc: Properly cast SA identifier to uintptr representationMartin Willi2013-10-281-1/+1
|
* charon-xpc: Don’t build against libvstr anymoreMartin Willi2013-10-282-14/+4
| | | | We now have our own printf backend and use it instead of Vstr.
* charon-xpc: Build with EAP-MD5 supportMartin Willi2013-10-281-2/+2
|
* utils: Fix check for fmemopen() fallback implementationMartin Willi2013-10-242-2/+3
|
* unit-tests: Set sa_len in sockaddr template data, if requiredMartin Willi2013-10-241-0/+6
|
* printf-hook-builtin: Don't rely on isinf() return value signednessMartin Willi2013-10-241-8/+9
| | | | | Many systems don't return a negative value for negative infinities; so do a separate check.
* watcher: Rebuild fdset when select() failsMartin Willi2013-10-241-1/+12
| | | | | | This should make sure we refresh the fdset if a user closes an FD it just removed. Some selects() seem to complain about the bad FD before signaling the notification pipe.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 03:59:06 +0000