aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * vici: Support completely asynchronous initiating and terminationMartin Willi2015-12-072-5/+23
| | | | | | | | | | | | In some situations the vici client is not interested in waiting for a timeout at all, so don't register a logging callback if the timeout argument is negative.
| * vici: Use an empty local auth round if none givenMartin Willi2015-12-071-3/+2
| | | | | | | | | | While it hardly makes sense to use none for negotiated SAs, it actually does when installing shunt policies.
| * vici: Limit start action undoing to IKE_SAs using the base peer config nameMartin Willi2015-12-071-3/+7
| | | | | | | | | | If two peer configs use the same child config names, potentailly delete the wrong CHILD_SA. Check the peer config name as well to avoid that.
| * vici: Close empty IKE_SAs after undoing CHILD_SA start actionsMartin Willi2015-12-071-6/+44
| |
| * vici: Use value based array to store CHILD_SA ids during restartMartin Willi2015-12-071-5/+6
| | | | | | | | | | The previous approach stored a pointer to a volatile stack variable, which works for a single ID, but not for multiple.
| * array: Add an insert/create function for value based arraysMartin Willi2015-12-073-0/+68
| |
| * vici: Undo start actions when unloading configsMartin Willi2015-12-071-0/+1
|/
* conf: Add support for escaping dots in section/option namesTobias Brunner2015-12-041-15/+27
|
* vici: Fix clean-local target for Perl bindings if they were not builtTobias Brunner2015-12-041-1/+1
| | | | | This is called when running `make distclean` (or indirectly via `make distcheck`).
* byteorder: Provide a fallback for le32toh/htole32()Martin Willi2015-12-041-0/+20
| | | | | Some older toolchains don't provide these macros, so implement them using the gcc builtins. We also provide 64-bit variants as used by chapoly.
* byteorder: Add 32-bit unaligned little-endian conversion functionsMartin Willi2015-12-042-21/+27
|
* swanctl: Explicitly link against -lpthread and -ldl if requiredMartin Willi2015-12-041-1/+2
| | | | | We already do this for charon, as some toolchains require an explicit link even if libstrongswan already depends on it.
* pki: Explicitly link against -lpthread and -ldl if requiredMartin Willi2015-12-041-1/+4
| | | | | We already do this for charon, as some toolchains require an explicit link even if libstrongswan already depends on it.
* configure: Link against potential -ldl when checking for OpenSSL libcryptoMartin Willi2015-12-041-1/+2
|
* watcher: Check for cancellation if poll() fails with EINTRMartin Willi2015-12-041-0/+7
| | | | | | | With LinuxThreads, poll() is unfortunately no cancellation point. It seems that poll gets woken up after cancellation, but we actively must check for cancellation before re-entering poll to properly shut down the watcher thread.
* Version bump to 5.4.0dr1Andreas Steffen2015-12-011-1/+1
|
* Added Vici:Session Perl CPAN module to NEWSAndreas Steffen2015-12-011-0/+8
|
* Extended and refactored vici perl implementationAndreas Steffen2015-12-013-80/+121
|
* Built the CPAN file structure for the Vici::Session perl moduleAndreas Steffen2015-12-0116-72/+1044
|
* Implement vici Perl bindingAndreas Steffen2015-12-019-0/+563
|
* testing: Some more timing fixesAndreas Steffen2015-12-012-2/+2
|
* swanctl: Add --list-algs command to query loaded algorithmsTobias Brunner2015-11-304-2/+110
|
* vici: Add get-algorithms command to query loaded algorithms and implementationsTobias Brunner2015-11-302-0/+116
|
* NEWS: Added changes since 5.3.45.3.5Tobias Brunner2015-11-261-0/+9
|
* Version bump to 5.3.5Andreas Steffen2015-11-261-1/+1
|
* testing: Updated expired mars.strongswan.org certificateAndreas Steffen2015-11-2613-168/+195
|
* travis: Enable OS X buildTobias Brunner2015-11-232-5/+43
|
* sigwaitinfo() may fail with EINTR if interrupted by an unblocked signal not ↵Tobias Brunner2015-11-239-32/+35
| | | | | | in the set Fixes #1213.
* kernel-pfkey: Enable ENCR_CAMELLIA_CBC when it's availableTobias Brunner2015-11-231-0/+3
| | | | Fixes #1214.
* man: Update description of the actions performed for different dpdaction valuesTobias Brunner2015-11-181-7/+8
| | | | | For instance, charon does not unroute `auto=route` connections with `dpdaction=clear`.
* utils: Use the more low-level __NR_ prefix to refer to the syscall numberTobias Brunner2015-11-171-1/+1
| | | | The __NR_ constants are also defined in the Android headers.
* eap-radius: Add ability to configure RADIUS retransmission behaviorThom Troy2015-11-177-18/+205
| | | | Closes strongswan/strongswan#19.
* Version bump to 5.4.0dr1Andreas Steffen2015-11-161-1/+1
|
* Version bump to 5.3.45.3.4Andreas Steffen2015-11-161-1/+1
|
* NEWS: Add info about CVE-2015-8023Tobias Brunner2015-11-161-1/+6
|
* eap-mschapv2: Keep internal state to prevent authentication from succeeding ↵Tobias Brunner2015-11-161-24/+67
| | | | | | | | | prematurely We can't allow a client to send us MSCHAPV2_SUCCESS messages before it was authenticated successfully. Fixes CVE-2015-8023.
* android: Suppress compiler warnings about missing field initializersTobias Brunner2015-11-131-0/+1
| | | | | Triggered by -Wextra for many INIT usages where we only partially initialize a struct.
* utils: Provide a fallback for sigwaitinfo() if neededTobias Brunner2015-11-134-31/+37
| | | | | Apparently, not available on Mac OS X 10.10 Yosemite. We don't provide this on Windows.
* testing: Error messages of curl plugin have changed5.3.4rc1Andreas Steffen2015-11-133-4/+4
|
* testing: Fixed another timing issueAndreas Steffen2015-11-131-1/+1
|
* Version bump to 5.3.4rc1Andreas Steffen2015-11-131-1/+1
|
* init: Make sure basic networking is up in systemd unitTobias Brunner2015-11-131-1/+1
| | | | | | Connections with auto=route might otherwise not work. References #1188.
* vici: Attribute certificates are not trustedTobias Brunner2015-11-121-1/+3
|
* vici: Properly add CRLs to the credential setTobias Brunner2015-11-121-2/+8
| | | | add_crl() ensures that old CLRs are not stored in the credential set.
* mode-config: Reassign migrated virtual IP if client requests %anyTobias Brunner2015-11-121-1/+3
| | | | | | | | | If we mistakenly detect a new IKE_SA as a reauthentication the client won't request the previous virtual IP, but since we already migrated it we already triggered the assign_vips() hook, so we should reassign the migrated virtual IP. Fixes #1152.
* revocation: Allow CRLs to be encoded in PEM formatTobias Brunner2015-11-121-1/+1
| | | | | | | | | | Since the textual representation for a CRL is now standardized in RFC 7468 one could argue that we should accept that too, even though RFC 5280 explicitly demands CRLs fetched via HTTP/FTP to be in DER format. But in particular for file URIs enforcing that seems inconvenient. Fixes #1203.
* curl: Be less strict when considering status codes as errorsTobias Brunner2015-11-121-3/+3
| | | | | | | For file:// URIs the code is 0 on success. We now do the same libcurl would do with CURLOPT_FAILONERROR enabled. Fixes #1203.
* eap-radius: Compare address family when handing out virtual IPsTobias Brunner2015-11-121-6/+26
| | | | | | | This also ensures that the actually released virtual IP is removed from the list of claimed IPs. Fixes #1199.
* Merge branch 'eap-mschapv2-eap-identity'Tobias Brunner2015-11-122-6/+24
|\ | | | | | | | | | | | | | | | | | | | | | | This replaces the EAP-Identity with the EAP-MSCHAPv2 username, which ensures the client is known with an authenticated identity. Previously a client with a valid username could use a different identity (e.g. the name of a different user) in the EAP-Identity exchange. Since we use the EAP-Identity for uniqueness checks etc. this could be problematic. The EAP-MSCHAPv2 username is now explicitly logged if it is different from the EAP-Identity (or IKE identity). Fixes #1182.
| * eap-mschapv2: Report username if different from EAP-Identity (or IKE identity)Tobias Brunner2015-11-121-1/+4
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 05:28:54 +0000