aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Version bump to 5.5.1dr45.5.1dr4Andreas Steffen2016-09-213-4/+10
|
* mgf1: Refactored MGF1 as an XOFAndreas Steffen2016-09-2160-644/+966
|
* leak-detective: Fix compile warning due to unused variable if LD is disabledTobias Brunner2016-09-201-1/+1
|
* Merge branch 'testing-leak-detective'Tobias Brunner2016-09-2016-75/+179
|\ | | | | | | | | Test scenarios now fail if any leaks are detected by the leak detective. Several leaks found this way have been fixed.
| * leak-detective: Whitelist thread ID getterTobias Brunner2016-09-201-1/+3
| | | | | | | | | | | | | | | | In case an external thread calls into our code and logs messages, a thread object is allocated that will never be released. Even if we try to clean up the object via thread value destructor there is no guarantee that the thread actually terminates before we check for leaks, which seems to be the case for the Ada Tasking threads.
| * charon-tkm: Build C code with debug informationTobias Brunner2016-09-201-1/+2
| |
| * leak-detective: Whitelist functions of the Ada runtime related to TaskingTobias Brunner2016-09-201-0/+4
| |
| * charon-tkm: Free name of the PID fileTobias Brunner2016-09-201-0/+1
| |
| * charon-tkm: Deinitialize tkm before libstrongswanTobias Brunner2016-09-201-1/+1
| | | | | | | | In particular because of leak-detective.
| * leak-detective: Whitelist some glib/libsoup functionsTobias Brunner2016-09-201-1/+13
| | | | | | | | | | | | Some of these are pretty broad, so maybe an alternative option is to not use the soup plugin in the openssl-ikev2/rw-suite-b* scenarios. But the plugin is not tested anywhere else so lets go with this for now.
| * testing: Use curl instead of soup plugin in libipsec/rw-suite-b scenarioTobias Brunner2016-09-203-3/+3
| | | | | | | | | | The soup plugin is already used in the openssl-ikev2/rw-suite-b* scenarios.
| * eap-peap: Fix memory leaks when handling tunneled methodsTobias Brunner2016-09-201-1/+3
| |
| * ipseckey: Properly free enumerated certificatesTobias Brunner2016-09-201-12/+14
| |
| * ipseckey: Properly free public key after creating certificateTobias Brunner2016-09-201-1/+1
| |
| * dnscert: Properly free enumerated certificatesTobias Brunner2016-09-201-8/+11
| |
| * unbound: Avoid unnecessary cloning of RR list that caused a memory leakTobias Brunner2016-09-201-2/+1
| |
| * unbound: Fix memory leakTobias Brunner2016-09-201-0/+2
| |
| * pool: Fix (known) memory leak when querying leasesTobias Brunner2016-09-201-21/+38
| |
| * leak-detective: Whitelist leak in libldapTobias Brunner2016-09-201-0/+2
| |
| * testing: Fix totals if post test checks failTobias Brunner2016-09-201-12/+12
| |
| * testing: Log leaks and fail tests if any are detectedTobias Brunner2016-09-203-1/+32
| |
| * leak-detective: Optionally write report to a log fileTobias Brunner2016-09-201-10/+36
|/
* vici: Fix indention of flush_certs() method in Python bindingsTobias Brunner2016-09-201-1/+1
|
* travis: Run 32-bit Windows build on precise (12.04) imageTobias Brunner2016-09-202-1/+5
| | | | That's required due to a bug in MinGW 3.1.0 that's shipped with trusty.
* travis: Properly pass back result of makeTobias Brunner2016-09-201-1/+1
| | | | Fixes: 4e8f5a189cce ("travis: Add apidoc check")
* travis: Don't disable connmark and forecast plugins anymoreTobias Brunner2016-09-201-5/+1
| | | | They build fine on Ubuntu 14.04.
* Merge branch 'maemo-bye-bye'Tobias Brunner2016-09-1555-3375/+1
|\ | | | | | | | | Removes the code and helper files related to the unused and unmaintained Maemo port.
| * packages: Remove obsolete Maemo packaging filesTobias Brunner2016-09-1523-764/+0
| |
| * maemo: Remove unused pluginTobias Brunner2016-09-159-761/+1
| |
| * maemo: Remove obsolete status/settings appletTobias Brunner2016-09-1523-1850/+0
|/
* swanctl: Add man page entry for flush-certs command5.5.1dr3Tobias Brunner2016-09-151-3/+4
|
* Version bump to 5.5.1dr3Andreas Steffen2016-09-152-1/+16
|
* Merge branch 'flush-certs'Andreas Steffen2016-09-159-1/+160
|\
| * vici: flush-certs command flushes certificate cacheAndreas Steffen2016-09-139-1/+160
|/ | | | | | | | | | When fresh CRLs are released with a high update frequency (e.g. every 24 hours) or OCSP is used then the certificate cache gets quickly filled with stale CRLs or OCSP responses. The new VICI flush-certs command allows to flush e.g. cached CRLs or OCSP responses only. Without the type argument all kind of certificates (e.g. also received end entity and intermediate CA certificates) are purged.
* auth-cfg-wrapper: Fix memory leak with hash-and-URL certificatesTobias Brunner2016-09-121-1/+1
| | | | | | | We wrap the auth-cfg object and its contents, so there is no need to get an additional reference for the enumerated certificate. Fixes a44bb9345f04 ("merged multi-auth branch back into trunk")
* testing: Add output of iptables-saveTobias Brunner2016-09-121-1/+11
| | | | | | | | | This might be helpful to get the complete picture of the installed rules. `-c` is currently not used as the counters that are added in front of every rule make the output quite hard to read and the counters are already provided in the accompanying `iptables -v -L` output. Fixes #2111.
* testing: List `nat` and `mangle` tables in addition to the `filter` tableTobias Brunner2016-09-121-3/+6
| | | | | | This is useful in scenarios that e.g. use NAT and/or marks. References #2111.
* testing: Ignore comments (lines starting with #) in pre-/eval-/posttest.datTobias Brunner2016-09-091-3/+3
|
* ikev2: (Re-)Queue tasks used to establish an IKE_SA in reset()Tobias Brunner2016-09-061-2/+1
| | | | | | | | | Some tasks might get removed immediately once the IKE_SA_INIT response has been handled even if there were notifies that require a restart of the IKE_SA (e.g. COOKIE or INVALID_KE_PAYLOAD). Such a task is ike_vendor, which caused vendor IDs not to get sent in a retry. This change ensures all required tasks are queued after the reset, which some callers did already anyway.
* ikev2: Store proposal on IKE_SA before creating DH objectTobias Brunner2016-09-061-2/+5
| | | | This might be useful for custom implementations of keymat_t.
* travis: Add apidoc checkTobias Brunner2016-09-052-2/+31
| | | | | This requires at least Ubuntu 14.04 (the Doxygen version in 12.04 has some issues with our Doxyfile and prints lots of warnings).
* travis: Use Trusty beta imageTobias Brunner2016-09-052-4/+7
|
* nm: Updated NEWSTobias Brunner2016-09-051-1/+15
|
* Merge branch 'nm-1.2'Tobias Brunner2016-09-0510-260/+619
|\ | | | | | | | | | | | | Provides fixes and changes for compatibility with current NM releases. Closes strongswan/strongswan#15. Fixes #797.
| * nm: Pass external gateway to NMTobias Brunner2016-09-051-1/+8
| | | | | | | | This seems to be required by newer versions.
| * nm: Update auth-dialogTobias Brunner2016-09-052-106/+251
| | | | | | | | | | | | This updates the auth dialog so that passwords are properly retrieved (e.g. for the nm-applet). It also adds support for external UI mode and properly handles secret flags.
| * nm: Enforce min. length for PSKs in backendTobias Brunner2016-09-051-0/+10
| |
| * nm: Add minimum length constraint for PSK passwords in connection editorTobias Brunner2016-09-051-0/+16
| | | | | | | | We already have this restriction in the auth-dialog.
| * nm: Bump minor version to 1.4.0Lubomir Rintel2016-09-051-1/+1
| | | | | | | | | | | | This is probably a good idea to do to signal there's significant changes in dependencies to the distro package maintainers with libnm port and associated changes.
| * nm: Bump to GTK+ 3.0Lubomir Rintel2016-09-051-1/+1
| | | | | | | | It's been released years ago; we depend on newer stuff than that now.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 15:23:18 +0000