aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* configure: Link against potential -ldl when checking for OpenSSL libcryptoMartin Willi2015-12-041-1/+2
|
* watcher: Check for cancellation if poll() fails with EINTRMartin Willi2015-12-041-0/+7
| | | | | | | With LinuxThreads, poll() is unfortunately no cancellation point. It seems that poll gets woken up after cancellation, but we actively must check for cancellation before re-entering poll to properly shut down the watcher thread.
* Version bump to 5.4.0dr1Andreas Steffen2015-12-011-1/+1
|
* Added Vici:Session Perl CPAN module to NEWSAndreas Steffen2015-12-011-0/+8
|
* Extended and refactored vici perl implementationAndreas Steffen2015-12-013-80/+121
|
* Built the CPAN file structure for the Vici::Session perl moduleAndreas Steffen2015-12-0116-72/+1044
|
* Implement vici Perl bindingAndreas Steffen2015-12-019-0/+563
|
* testing: Some more timing fixesAndreas Steffen2015-12-012-2/+2
|
* swanctl: Add --list-algs command to query loaded algorithmsTobias Brunner2015-11-304-2/+110
|
* vici: Add get-algorithms command to query loaded algorithms and implementationsTobias Brunner2015-11-302-0/+116
|
* NEWS: Added changes since 5.3.45.3.5Tobias Brunner2015-11-261-0/+9
|
* Version bump to 5.3.5Andreas Steffen2015-11-261-1/+1
|
* testing: Updated expired mars.strongswan.org certificateAndreas Steffen2015-11-2613-168/+195
|
* travis: Enable OS X buildTobias Brunner2015-11-232-5/+43
|
* sigwaitinfo() may fail with EINTR if interrupted by an unblocked signal not ↵Tobias Brunner2015-11-239-32/+35
| | | | | | in the set Fixes #1213.
* kernel-pfkey: Enable ENCR_CAMELLIA_CBC when it's availableTobias Brunner2015-11-231-0/+3
| | | | Fixes #1214.
* man: Update description of the actions performed for different dpdaction valuesTobias Brunner2015-11-181-7/+8
| | | | | For instance, charon does not unroute `auto=route` connections with `dpdaction=clear`.
* utils: Use the more low-level __NR_ prefix to refer to the syscall numberTobias Brunner2015-11-171-1/+1
| | | | The __NR_ constants are also defined in the Android headers.
* eap-radius: Add ability to configure RADIUS retransmission behaviorThom Troy2015-11-177-18/+205
| | | | Closes strongswan/strongswan#19.
* Version bump to 5.4.0dr1Andreas Steffen2015-11-161-1/+1
|
* Version bump to 5.3.45.3.4Andreas Steffen2015-11-161-1/+1
|
* NEWS: Add info about CVE-2015-8023Tobias Brunner2015-11-161-1/+6
|
* eap-mschapv2: Keep internal state to prevent authentication from succeeding ↵Tobias Brunner2015-11-161-24/+67
| | | | | | | | | prematurely We can't allow a client to send us MSCHAPV2_SUCCESS messages before it was authenticated successfully. Fixes CVE-2015-8023.
* android: Suppress compiler warnings about missing field initializersTobias Brunner2015-11-131-0/+1
| | | | | Triggered by -Wextra for many INIT usages where we only partially initialize a struct.
* utils: Provide a fallback for sigwaitinfo() if neededTobias Brunner2015-11-134-31/+37
| | | | | Apparently, not available on Mac OS X 10.10 Yosemite. We don't provide this on Windows.
* testing: Error messages of curl plugin have changed5.3.4rc1Andreas Steffen2015-11-133-4/+4
|
* testing: Fixed another timing issueAndreas Steffen2015-11-131-1/+1
|
* Version bump to 5.3.4rc1Andreas Steffen2015-11-131-1/+1
|
* init: Make sure basic networking is up in systemd unitTobias Brunner2015-11-131-1/+1
| | | | | | Connections with auto=route might otherwise not work. References #1188.
* vici: Attribute certificates are not trustedTobias Brunner2015-11-121-1/+3
|
* vici: Properly add CRLs to the credential setTobias Brunner2015-11-121-2/+8
| | | | add_crl() ensures that old CLRs are not stored in the credential set.
* mode-config: Reassign migrated virtual IP if client requests %anyTobias Brunner2015-11-121-1/+3
| | | | | | | | | If we mistakenly detect a new IKE_SA as a reauthentication the client won't request the previous virtual IP, but since we already migrated it we already triggered the assign_vips() hook, so we should reassign the migrated virtual IP. Fixes #1152.
* revocation: Allow CRLs to be encoded in PEM formatTobias Brunner2015-11-121-1/+1
| | | | | | | | | | Since the textual representation for a CRL is now standardized in RFC 7468 one could argue that we should accept that too, even though RFC 5280 explicitly demands CRLs fetched via HTTP/FTP to be in DER format. But in particular for file URIs enforcing that seems inconvenient. Fixes #1203.
* curl: Be less strict when considering status codes as errorsTobias Brunner2015-11-121-3/+3
| | | | | | | For file:// URIs the code is 0 on success. We now do the same libcurl would do with CURLOPT_FAILONERROR enabled. Fixes #1203.
* eap-radius: Compare address family when handing out virtual IPsTobias Brunner2015-11-121-6/+26
| | | | | | | This also ensures that the actually released virtual IP is removed from the list of claimed IPs. Fixes #1199.
* Merge branch 'eap-mschapv2-eap-identity'Tobias Brunner2015-11-122-6/+24
|\ | | | | | | | | | | | | | | | | | | | | | | This replaces the EAP-Identity with the EAP-MSCHAPv2 username, which ensures the client is known with an authenticated identity. Previously a client with a valid username could use a different identity (e.g. the name of a different user) in the EAP-Identity exchange. Since we use the EAP-Identity for uniqueness checks etc. this could be problematic. The EAP-MSCHAPv2 username is now explicitly logged if it is different from the EAP-Identity (or IKE identity). Fixes #1182.
| * eap-mschapv2: Report username if different from EAP-Identity (or IKE identity)Tobias Brunner2015-11-121-1/+4
| |
| * eap-mschapv2: Provide EAP-MSCHAPv2 username as EAP-IdentityTobias Brunner2015-11-121-2/+17
| |
| * auth-cfg: Prefer merged rules over existing ones when moving themTobias Brunner2015-11-121-3/+3
|/ | | | | | This is particularly important for single valued rules (e.g. identities). When copying values this is already handled correctly by the enumerator and add().
* android: Add some (older) unit testsTobias Brunner2015-11-123-0/+381
|
* android: Properly handle shorter types in BufferedByteWriterTobias Brunner2015-11-121-0/+86
| | | | | | | | In Java all integer types are signed, when a negative integer is casted to a larger type (e.g. int to long) then due to sign extension the upper bytes are not 0. So writing that value to a byte array does not produce the expected result. By overloading the putX() methods we make sure to upcast the values correctly.
* android: Migrate to the Gradle build systemTobias Brunner2015-11-12139-71/+327
| | | | | This uses a manual way to trigger the NDK build (the default with on-the-fly Android.mk files does not work for us).
* android: Provide a fallback for sigwaitinfo()Tobias Brunner2015-11-121-1/+29
|
* android: Replace AndroidConfigLocal.h with a header in utils/compatTobias Brunner2015-11-124-5/+16
|
* android: Fix build after updating Linux headersTobias Brunner2015-11-123-3/+0
| | | | | | | | Since we don't use the kernel-netlink plugin anymore and the headers in the NDK are reasonably recent, we don't need this anymore (at least when building the app). Fixes #1172.
* Merge branch 'tkm-spi-label'Tobias Brunner2015-11-119-22/+279
|\ | | | | | | | | Adds the charon-tkm.spi_label and charon-tkm.spi_mask options to encode a specific value/label in otherwise randomly generated IKE SPIs.
| * charon-tkm: Register SPI generator callbackAdrian-Ken Rueegsegger2015-11-111-0/+4
| | | | | | | | Set get_spi callback of IKE SA manager to TKM-specific implementation.
| * charon-tkm: Implement SPI generatorAdrian-Ken Rueegsegger2015-11-112-0/+134
| | | | | | | | | | The get_spi callback returns a random SPI with a label encoded according to the spi_label and spi_mask parameters read from the strongswan.conf.
| * settings: Add settings_value_as_uint64() helper functionTobias Brunner2015-11-113-0/+58
| |
| * ike-sa-manager: Allow plugins to provide IKE SPIs via a callbackTobias Brunner2015-11-112-11/+54
| | | | | | | | | | Plugins must depend on `libcharon-sa-managers` to ensure the manager exists.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-11 13:37:51 +0000