aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* testing: Update public keys and certificates in DNS zoneTobias Brunner2014-10-031-64/+60
|
* testing: Update carols certificate in several test casesTobias Brunner2014-10-036-129/+129
|
* testing: Add some notes about how to reissue attribute certificatesMartin Willi2014-10-033-0/+61
|
* testing: Reissue attribute certificates for the new holder certificatesMartin Willi2014-10-038-72/+72
| | | | | | Due to the expired and reissued holder certificates of carol and dave, new attribute certificates are required to match the holder certificates serial in the ikev2/acert-{cached,fallback,inline} tests.
* starter: Allow specifying the ipsec.conf location in strongswan.confShea Levy2014-10-022-1/+5
|
* stroke: Allow specifying the ipsec.secrets location in strongswan.confShea Levy2014-10-023-5/+20
|
* library: Allow specifying the path to strongswan.conf in the STRONGSWAN_CONF ↵Shea Levy2014-10-021-1/+1
| | | | env var
* Don't fail to install if sysconfdir isn't writableShea Levy2014-09-262-4/+4
|
* ikev1: Be more verbose if a peer config would match, but is unusable for ModeMartin Willi2014-09-251-0/+12
|
* ikev2: Reorder task activation for established IKE SAsTobias Brunner2014-09-251-11/+11
| | | | We now prefer MOBIKE tasks over delete tasks then the rest.
* Revert "ikev2: Insert MOBIKE tasks at the front of the queue"Tobias Brunner2014-09-251-6/+1
| | | | | | | | This reverts commit 3293d146289d7c05e6c6089ae1f7cdbcea378e63. The position of tasks in the queue does not actually determine the order in which they are activated. Instead this is determined by the statements in task_manager_v2_t.initiate().
* Merge branch 'curl-features'Martin Willi2014-09-24675-696/+802
|\ | | | | | | | | | | | | | | | | | | Enable missing https:// support in the curl plugin by initializing libcurl appropriately. To initialize the SSL backend properly as required, we rely on our specific crypto backends (openssl, gcrypt) that already provide this functionality. Fixes #692.
| * travis: Disable soup in "all" testMartin Willi2014-09-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | On Ubuntu 12.04, there seems to be a resource leak related to pthread keys when initializing glib or related libraries more than once. With our repeated initialization for libstrongswan tests, we hit the following error: Lib (gthread-posix.c): Unexpected error from C library during 'pthread_key_create': Resource temporarily unavailable. The problem is not reproducible on a newer Gnome stack, hence we disable the glib based soup plugin until we have a more recent Ubuntu on Travis.
| * curl: For SSL features, depend on thread-safety provided by our crypto pluginsMartin Willi2014-09-243-7/+57
| | | | | | | | | | | | | | | | | | To use SSL in curl, we need to initialize the SSL library in a thread-safe manner and provide the appropriate callbacks. As we already do that in our crypto plugins using these libraries, we depend on these features. This implies that we need the same plugin enabled (openssl, gcrypt) as the curl backend is configured to use to fetch from HTTPS URIs.
| * configure: Load fetcher plugins after crypto base pluginsMartin Willi2014-09-24670-684/+679
| | | | | | | | | | | | | | | | | | | | Some fetcher plugins (such as curl) might build upon OpenSSL to implement HTTPS fetching. As we set (and can't unset) threading callbacks in our openssl plugin, we must ensure that OpenSSL functions don't get called after openssl plugin unloading. We achieve that by loading curl and all other fetcher plugins after the base crypto plugins, including openssl.
| * curl: Dynamically query supported protocols and register appropriate featuresMartin Willi2014-09-241-10/+64
| |
| * leak-detective: Whitelist libssl SSL_COMP_get_compression_methods()Martin Willi2014-09-241-0/+2
| | | | | | | | | | This function is called by libcurl initialization with SSL, and uses a static allocation of compression algorithms not freed.
| * curl: Try to initialize with SSL support to handle https:// URIsMartin Willi2014-09-241-1/+6
|/ | | | If initialization fails, we fall back to the old behavior.
* NEWS: Introduce charon-systemdMartin Willi2014-09-241-0/+9
|
* Merge branch 'netlink-cleanups'Martin Willi2014-09-247-106/+150
|\ | | | | | | | | In preparation for larger parallelization changes in kernel-netlink, this merge does some general code cleanup in that plugin.
| * watcher: Add a method to query the watcher stateMartin Willi2014-09-242-7/+45
| | | | | | | | | | This allows a user to check if the watcher is actually running, and potentially perform read operations directly instead of relying on watcher.
| * kernel-netlink: Define and use rtnetlink message typesMartin Willi2014-09-241-1/+22
| |
| * kernel-netlink: Pass protocol specific enum names to socket constructorMartin Willi2014-09-244-12/+13
| | | | | | | | | | This avoid the hard dependency on enum names, and makes kernel_netlink_shared independent of kernel_netlink_ipsec.
| * kernel-netlink: Clean up socket initialization, handle 0 as valid socket fdMartin Willi2014-09-241-9/+6
| |
| * kernel-netlink: Clean up response buffer managementMartin Willi2014-09-241-24/+16
| |
| * kernel-netlink: Use recv() instead of recvfrom()Martin Willi2014-09-241-11/+3
| | | | | | | | | | As we are not interested in the returned address, there is really no need in passing that argument.
| * kernel-netlink: Avoid casting the NLMSG_DATA() return valueMartin Willi2014-09-243-26/+26
| | | | | | | | There is really no need for doing so, and it makes the code just unreadable.
| * kernel-netlink: Define netlink buffer as an union having a netlink headerMartin Willi2014-09-244-21/+24
|/ | | | | This allows us to streamline the netlink buffers, and avoid extensive casting.
* Merge branch 'systemd'Martin Willi2014-09-2437-119/+981
|\ | | | | | | | | | | Introduces a systemd specific charon-systemd IKE daemon based on libcharon. Uses systemd APIs for startup control and journal logging and a new systemd service unit using swanctl as configuration backend.
| * travis: Disable build of native systemd IKE daemonMartin Willi2014-09-221-0/+1
| | | | | | | | | | Travis still uses Ubuntu 12.04, where no systemd libraries are available. Skip systemd support on Travis until we have a more recent Ubuntu distribution.
| * man: Skip installation of ipsec.conf/secrets manpages when not building starterMartin Willi2014-09-221-1/+5
| |
| * init: Update starter systemd service to distinguish it from strongswan-swanctlMartin Willi2014-09-222-1/+2
| |
| * init: Provide a service file for charon-systemd using swanctlMartin Willi2014-09-225-0/+28
| |
| * systemd: Check if ./configure detected a systemd system unit directoryMartin Willi2014-09-221-0/+7
| |
| * systemd: Discover and check systemd libraries with pkg-config during configureMartin Willi2014-09-222-1/+12
| |
| * systemd: Add a native systemd journal loggerMartin Willi2014-09-224-2/+200
| |
| * plugin-loader: Support a reload() callback for static featuresMartin Willi2014-09-229-12/+44
| |
| * systemd: Provide a charon-systemd daemon targeting full systemd integrationMartin Willi2014-09-226-5/+250
| |
| * swanctl: Complete --load-creds command summaryMartin Willi2014-09-221-1/+1
| |
| * swanctl: Fix description of load-pools command summaryMartin Willi2014-09-221-1/+1
| |
| * swanctl: Add a --load-all command, performing --load-{creds,pools,conns}Martin Willi2014-09-2210-97/+329
| |
| * swanctl: Add a --reload-settings commandMartin Willi2014-09-225-2/+93
| |
| * vici: Add a command to reload strongswan.confMartin Willi2014-09-221-0/+12
|/
* encoding: Accept all exchange types for non IKEv1/IKEv2 major versionsMartin Willi2014-09-221-5/+11
|
* settings: Make loading a NULL or empty pattern a (nop-)successMartin Willi2014-09-221-1/+1
|
* settings: Use strongswan.conf used during library initialization for reloadMartin Willi2014-09-224-14/+4
| | | | | | | | Since 4b670a20 we require an explicit strongswan.conf to re-load configurations. However, the define was missing in the build, breaking SIGHUP based config reloading. Fixes #651.
* library: Store the used root strongswan.conf configurationMartin Willi2014-09-222-7/+12
|
* testing: Use multiple jobs to install strongSwanTobias Brunner2014-09-191-1/+1
|
* testing: Add a script to build the current (or an arbitrary) source treeTobias Brunner2014-09-191-0/+65
| | | | | | | | | | | | | | This allows to (relatively) quickly (re-)build and install the current or an arbitrary strongSwan source tree within the root image. bindfs is used to bind mount the source directory using the regular user and group (only works if sudo is used to run the script) so that newly created files are not owned by root. As with building the root image in general the guests must not be running while executing this script. The guest images are automatically rebuilt after the root image has been updated so configuration files and other modifications in guests will be lost.
* testing: Add packages to rebuild strongSwan from the repositoryTobias Brunner2014-09-191-1/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 21:28:37 +0000