aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * unit-tests: Add a simple thread join() testMartin Willi2013-11-061-0/+27
| |
| * unit-tests: Add test suite for streams and servicesMartin Willi2013-11-064-0/+270
| |
| * unit-tests: Add a few test cases for watcherMartin Willi2013-11-064-0/+217
| |
| * unit-tests: Support testing multi-threaded codeMartin Willi2013-11-062-7/+49
| |
| * unit-tests: Use a home-brew thread barrier to remove pthread dependencyMartin Willi2013-11-061-15/+86
| |
| * unit-tests: Show how many test vectors have failed on test failureMartin Willi2013-11-061-1/+2
| |
| * unit-tests: Skip fmemopen() based printf() tests if not availableMartin Willi2013-11-061-7/+12
| |
| * unit-tests: Avoid name clash with clone() from <sched.h>Martin Willi2013-11-061-6/+6
| |
| * unit-tests: Fix a compiler warning in identification testsMartin Willi2013-11-061-1/+1
| |
| * unit-tests: Clean up memory in new asn1 unit testsMartin Willi2013-11-061-1/+3
| | | | | | | | Test runner checks for leaks when leak detective is enabled.
| * unit-tests: Pass linked_list->invoke* varargs as uintptr_tMartin Willi2013-11-061-6/+10
| | | | | | | | | | | | Passing integers of unspecified length may result in passing an integer shorter than uintptr_t. When reading them back, we might get more data than passed, resulting in a failure.
| * unit-tests: Initialize backtracing before printing any backtracesMartin Willi2013-11-061-0/+4
| |
| * thread: Note that tread_cancellation_point temporarily activates cancelabilityMartin Willi2013-11-061-5/+4
| |
| * backtrace: Support backtracing even if library is not initializedMartin Willi2013-11-061-2/+2
| | | | | | | | But of course backtracing must be initialized anyway using backtrace_init().
| * unit-tests: Enable libstrongswan tests even if --enable-unit-tests not setMartin Willi2013-11-061-3/+1
| | | | | | | | | | | | As we don't depend on the check framework anymore, we can enable the unit tests by default. These are built/executed with "make check" only, so it makes no sense to disable them.
| * automake: Don't use parallel test harness being the default with automake 1.13Martin Willi2013-11-061-1/+11
| | | | | | | | | | We have no need for the parallel test harness, and we prefer to have the output of make check on the console
| * unit-tests: Implement testing framework without "check"Martin Willi2013-11-065-113/+956
| |
| * leak-detective: Call {gm,local}time_r() to allocate static bufferMartin Willi2013-11-061-0/+5
| | | | | | | | | | On OS X Mavericks, these functions use a static allocation and are hard to whitelist using other means.
| * leak-detective: Register OS X specific hooks just onceMartin Willi2013-11-061-0/+7
| | | | | | | | | | If we initialize libstrongswan more than once in the same process, we may not register the hooks twice.
| * leak-detective: Reset leak list during cleanupMartin Willi2013-11-061-0/+1
| | | | | | | | This resets leak detective state should it get created/destroyed more than once.
| * leak-detective: Use callback functions to report leaks and usage informationMartin Willi2013-11-065-46/+157
| | | | | | | | This is more flexible than printing reports to a FILE.
| * unit-tests: Move test suites to its own subfolderMartin Willi2013-11-0620-8/+22
|/
* ikev2: Properly free DH secret in case of errors during IKE key derivationTobias Brunner2013-11-061-0/+3
| | | | Fixes #437.
* unit-tests: completed asn1_suiteAndreas Steffen2013-11-041-33/+55
|
* Updated test_runner.h with new suitesAndreas Steffen2013-11-031-0/+2
|
* unit-tests: 100% function coverage for asn1.cAndreas Steffen2013-11-032-6/+286
|
* unit-tests: 12 asn1 functions testedAndreas Steffen2013-11-023-1/+541
|
* Some minor refactoring in asn1.cAndreas Steffen2013-11-021-11/+17
|
* Do not free zero-length integerAndreas Steffen2013-11-021-5/+10
|
* unit-tests: Added tests for pen_type_tAndreas Steffen2013-11-013-1/+89
|
* Added IFOM_CAPABILITY notify message typeAndreas Steffen2013-11-012-6/+10
|
* Updated copyright statementAndreas Steffen2013-11-011-5/+7
|
* charon-xpc: Set AUTH_RULE_IDENTITY_LOOSE on responder configMartin Willi2013-11-011-0/+4
| | | | | This allows the server to use a different IKE identity as long as the configured hostname is contained in the certificate.
* ike: Don't immediately DPD after deferred DELETEs following IKE_SA rekeyingMartin Willi2013-11-011-0/+8
| | | | | | | Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, which is perfectly valid. For short(er) DPD delays, this leads to the situation where we send a DPD request during set_state(), but the IKE_SA has no hosts set yet. Avoid that DPD by resetting the INBOUND timestamp during set_state().
* Added security info on CVE-2013-6075 and CVE-2013-60765.1.1Andreas Steffen2013-10-311-0/+9
|
* ikev1: Properly initialize list of fragments in case fragment ID is 0Volker RĂ¼melin2013-10-311-1/+1
| | | | Fixes CVE-2013-6076.
* identification: Properly check length before comparing for binary DN equalityMartin Willi2013-10-311-1/+1
| | | | Fixes CVE-2013-6075.
* unit-tests: Additionally do reverse match checking with empty identitiesMartin Willi2013-10-311-0/+55
|
* unit-tests: Test matching against some empty data identitiesMartin Willi2013-10-311-0/+44
|
* unit-tests: Test for equality against some empty data identitiesMartin Willi2013-10-311-0/+43
|
* unit-tests: Let identity equality test fail if a->equals(b) != b->equals(a)Martin Willi2013-10-311-1/+1
|
* PB-TNC PDP_REFERRAL message doesn't have to be in RESULT batchAndreas Steffen2013-10-311-1/+1
|
* Version bump to 5.1.1Andreas Steffen2013-10-313-5/+2010
|
* Added test-driver to .gitignoreAndreas Steffen2013-10-301-1/+2
|
* Encrypt carol's PKCS#8 private key in openssl-ikve2/rw-suite-b-128|192 scenariosAndreas Steffen2013-10-304-13/+16
|
* updown: fix segfault when interface name can't be resolvedAnsis Atteka2013-10-301-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The child_updown() function sets up environment variables to the updown script. Sometimes call to hydra->kernel_interface->get_interface() could fail and iface variable could be left uninitialized. This patch fixes this issue by passing "unknown" as interface name. Here is the stacktrace: 0 0x00007fa90791f445 in raise () from /lib/x86_64-linux-gnu/libc.so.6 1 0x00007fa907922bab in abort () from /lib/x86_64-linux-gnu/libc.so.6 2 0x0000000000401ed7 in segv_handler (signal=11) at charon.c:183 3 <signal handler called> 4 0x00007fa90793221f in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6 5 0x00007fa9079f0580 in __vsnprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6 6 0x00007fa9079f04c8 in __snprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6 7 0x00007fa8f9b95b86 in snprintf ( __fmt=0x7fa8f9b961b8 "2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='%s%s%s' PLUTO_CONNECTION='%s' PLUTO_INTERFACE='%s' PLUTO_REQID='%u' PLUTO_ME='%H' PLUTO_MY_ID='%Y' PLUTO_MY_CLIENT='%H/%u' PLUTO_MY_PORT='%u' PLUTO_MY_PROTOCOL='%u"..., __n=1024, __s=0x7fa8f7923440 "2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-host' PLUTO_CONNECTION='remote-40.0.0.40' PLUTO_INTERFACE='\367\250\177") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:65 8 child_updown (this=0x8486b0, ike_sa=0x7fa8e4005f80, child_sa=0x7fa8d4008290, up=true) at updown_listener.c:308 9 0x00007fa907ecc11c in ?? () from /usr/lib/strongswan/libcharon.so.0 10 0x00007fa907ef89bf in ?? () from /usr/lib/strongswan/libcharon.so.0 11 0x00007fa907ef2fc8 in ?? () from /usr/lib/strongswan/libcharon.so.0 12 0x00007fa907ee84ff in ?? () from /usr/lib/strongswan/libcharon.so.0 13 0x00007fa907ee3067 in ?? () from /usr/lib/strongswan/libcharon.so.0 14 0x00007fa90835e8fb in ?? () from /usr/lib/strongswan/libstrongswan.so.0 15 0x00007fa908360d30 in ?? () from /usr/lib/strongswan/libstrongswan.so.0 16 0x00007fa907cade9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 17 0x00007fa9079db4bd in clone () from /lib/x86_64-linux-gnu/libc.so.6 18 0x0000000000000000 in ?? () Signed-Off-By: Ansis Atteka <aatteka@nicira.com>
* debian: build debug symbol packageAnsis Atteka2013-10-302-1/+13
| | | | | | | | | | | | | Before this patch all debug symbols were stripped off and simply discarded. GDB without debug symbols is barely usable, but at the same time distributing binaries with debug symbols would drastically increase strongswan/libstrongswan package size. Instead of discarding debug symbols, it would be better to strip them off into a dedicated debian package. So that, if needed, one could still install them and use GDB. Signed-off-by: Ansis Atteka <aatteka@nicira.com>
* ipsec: Updated ipsec(8)Tobias Brunner2013-10-292-97/+126
|
* ipsec: Remove unused distro.txtTobias Brunner2013-10-291-2/+0
|
* utils: Include stdio.h for fmemopen() replacementTobias Brunner2013-10-291-0/+1
| | | | | This might now be required because Vstr is not necessarily required anymore, which means stdio.h might not be pulled in by prinf_hook.h.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-14 10:59:42 +0000