aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* libimcv: Corrected captionAndreas Steffen2017-09-091-1/+1
|
* pt-tls-client: Introduced --options as a synonym for --optionsfromAndreas Steffen2017-09-092-3/+4
|
* sec-updater: Write to log only if at least one update is found.Andreas Steffen2017-09-072-19/+98
|
* android: New release after adding OCSP, CRL cache and some other stuffTobias Brunner2017-09-041-2/+2
|
* testing: Reduce log level of SSH clientTobias Brunner2017-09-041-0/+1
| | | | | This should suppress the "Permanently added ... to the list of known hosts" warnings that occasionally come up for no apparent reason.
* ike: Reset local SPI if retrying to connect in state IKE_CONNECTINGTobias Brunner2017-09-043-11/+19
| | | | | | | | | | | | | | In case we send retransmits for an IKE_SA_INIT where we propose a DH group the responder will reject we might later receive delayed responses that either contain INVALID_KE_PAYLOAD notifies with the group we already use or, if we retransmitted an IKE_SA_INIT with the requested group but then had to restart again, a KE payload with a group different from the one we proposed. So far we didn't change the initiator SPI when restarting the connection, i.e. these delayed responses were processed and might have caused fatal errors due to a failed DH negotiation or because of the internal retry counter in the ike-init task. Changing the initiator SPI avoids that as we won't process the delayed responses anymore that caused this confusion.
* ike-sa-manager: Add method to change the initiator SPI of an IKE_SATobias Brunner2017-09-042-4/+99
|
* ike-init: Fail if DH group in KE payload does not match proposed groupTobias Brunner2017-09-041-1/+5
|
* Merge branch 'android-updates'Tobias Brunner2017-09-0420-73/+457
|\ | | | | | | | | | | | | Caches CRLs in the app directory, adds support for OCSP, adds a button to reconnect to the "already connected" dialog, only apply/configure app selection on Android >= 5 (older versions don't support the API), and catches some random exceptions.
| * android: Add disconnect button to dialog if already connected to profileTobias Brunner2017-09-041-31/+54
| |
| * android: Load x509 plugin to generate OCSP requests and parse responsesTobias Brunner2017-09-041-1/+1
| | | | | | | | BoringSSL does not support OpenSSL's OCSP API.
| * android: Add support to POST data via SimpleFetcherTobias Brunner2017-09-042-6/+62
| | | | | | | | That's required for OCSP verification.
| * android: Add option to clear cached CRLsTobias Brunner2017-09-049-1/+146
| |
| * android: Cache CRLs in app directoryTobias Brunner2017-09-043-10/+132
| | | | | | | | Fixes #2405.
| * android: Pass absolute path to the app's data directory via JNITobias Brunner2017-09-042-6/+11
| |
| * android: Hide app selection in profile editor on Android < 5Tobias Brunner2017-09-042-0/+9
| |
| * android: Only apply app filter on Android 5 and newerTobias Brunner2017-09-041-1/+2
| |
| * android: Catch OutOfMemoryError when importing profilesTobias Brunner2017-09-041-1/+9
| | | | | | | | | | Not sure if this is actually caused because e.g. the file is too large or due to some encoding issue.
| * android: Catch NullPointerException when parsing invalid certificatesTobias Brunner2017-09-041-16/+25
| |
| * android: Catch NullPointerException when calling VpnService.prepare()Tobias Brunner2017-09-041-0/+6
|/ | | | According to the Play Console this occurs occasionally.
* Version bump to 5.6.1dr15.6.1dr1Andreas Steffen2017-09-013-2/+15
|
* imv-os: Updated security update evaluationAndreas Steffen2017-09-017-38/+39
|
* libimcv: Updated database schemeAndreas Steffen2017-09-011-5/+11
|
* sec-updater: Checks for security updatesAndreas Steffen2017-09-0110-362/+269
| | | | | | sec-updater checks for security updates and backports in Debian/ Ubuntu repositories and sets the security flags in the strongTNC policy database accordingly.
* imv-attestation: Fixed file hash measurementsAndreas Steffen2017-09-019-49/+131
| | | | | | The introduction of file versions broke file hash measurements. This has been fixed by using a generic product versions having an empty package name.
* ike-cfg: Fix memory leak when checking for configured addressTobias Brunner2017-08-291-0/+1
|
* sw-collector.8: Some cleanupsAndreas Steffen2017-08-251-9/+9
|
* kernel-netlink: Set usable state whenever an interface appearsTobias Brunner2017-08-231-2/+2
| | | | | | | | If an interface is renamed we already have an entry (based on the ifindex) allocated but previously only set the usable state once based on the original name. Fixes #2403.
* libimcv: Updated Android.mk after move of swid-gen(-info)Tobias Brunner2017-08-211-0/+2
|
* coverage: Use absolute path when removing paths with lcovTobias Brunner2017-08-211-1/+1
| | | | | | There is a bug in some versions of lcov that causes it to fail writing to files via relative paths after it issued warnings (e.g. due to negative counts in the tracefile).
* traffic-selector: Use single buffer for both address familiesTobias Brunner2017-08-172-159/+102
| | | | | | | | The generic field of size 0 in the union that was used previously triggered index-out-of-bounds errors with the UBSAN sanitizer that's used on OSS-Fuzz. Since the two family specific union members don't really provide any advantage, we can just use a single buffer for both families to avoid the errors.
* testing: Make removal of SWID tags work with different releasesTobias Brunner2017-08-161-2/+1
| | | | The regid.2004-03.org.strongswan directory might not exist in new images.
* fuzzing: Also run input that previously caused crashesTobias Brunner2017-08-151-0/+2
|
* configure: Detect mpz_powm_sec() when built with -WerrorTobias Brunner2017-08-151-2/+2
|
* travis: Use the same ASAN_OPTIONS as used by OSS-FuzzTobias Brunner2017-08-151-0/+8
|
* plugin-loader: Move indent variables into !USE_FUZZING blockTobias Brunner2017-08-151-2/+2
| | | | This avoids compile errors on Travis.
* travis: Run fuzz targetsTobias Brunner2017-08-152-0/+15
|
* fuzzing: Run local fuzz targets on given corpora during `make check`Tobias Brunner2017-08-151-0/+7
| | | | The base directory of the corpora must be set in FUZZING_CORPORA.
* fuzzing: Add driver to run fuzz targets on a given list of filesTobias Brunner2017-08-153-5/+80
| | | | | This is enabled if the path to libFuzzer.a is not specified when running the configure script.
* charon-tkm: Build fix for kernel SAD testsAdrian-Ken Rueegsegger2017-08-141-2/+2
| | | | | Commit 7729577... added a flag to the get_esa_id function but the unit tests were not adjusted.
* Version bump to 5.6.05.6.0Andreas Steffen2017-08-142-2/+2
|
* NEWS: Add info about CVE-2017-11185Tobias Brunner2017-08-141-0/+9
|
* gmp: Fix RSA signature verification for m >= nTobias Brunner2017-08-141-3/+9
| | | | | | | | By definition, m must be <= n-1, we didn't enforce that and because mpz_export() returns NULL if the passed value is zero a crash could have been triggered with m == n. Fixes CVE-2017-11185.
* Version bump to 5.6.0rc25.6.0rc2Andreas Steffen2017-08-092-2/+2
|
* sw-collector: Moved info class to libimcvAndreas Steffen2017-08-098-77/+72
|
* NEWS: Added some newsTobias Brunner2017-08-081-1/+13
|
* conf: Descriptions of several settings updatedTobias Brunner2017-08-083-12/+25
|
* libimcv: Cast chunk length to int when printing as stringTobias Brunner2017-08-082-2/+4
|
* sw-collector: Cast chunk length to int when printing as stringTobias Brunner2017-08-081-7/+7
|
* sw-collector: Fix memory leak after failing to open DBTobias Brunner2017-08-081-0/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 18:19:28 +0000