Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | 128 bit default security strength requires 3072 bit prime DH group | Andreas Steffen | 2015-12-14 | 35 | -83/+83 |
| | |||||
* | swanctl --stats lists loaded plugins | Andreas Steffen | 2015-12-13 | 1 | -0/+12 |
| | |||||
* | testing: swanctl/rw-cert scenario tests password-protected RSA key | Andreas Steffen | 2015-12-12 | 2 | -0/+38 |
| | |||||
* | Upgraded IKE and ESP proposals in swanctl scenarios to consistent 128 bit ↵ | Andreas Steffen | 2015-12-12 | 46 | -237/+83 |
| | | | | security | ||||
* | Refactored certificate management for the vici and stroke interfaces5.4.0dr1 | Andreas Steffen | 2015-12-12 | 12 | -307/+286 |
| | |||||
* | Modified vici_cert_info class for use with load_creds and vici_cred | Andreas Steffen | 2015-12-11 | 2 | -59/+31 |
| | |||||
* | Changed some certificate_type_names and added x509_flag_names | Andreas Steffen | 2015-12-11 | 4 | -5/+37 |
| | |||||
* | Removed VICI protocol versioning | Andreas Steffen | 2015-12-11 | 6 | -102/+7 |
| | |||||
* | Use of certificate_printer by swanctl --list-certs command | Andreas Steffen | 2015-12-11 | 2 | -496/+25 |
| | |||||
* | Share vici_cert_info.c with vici_cred.c | Andreas Steffen | 2015-12-11 | 6 | -43/+73 |
| | |||||
* | Allow msSmartcardLogon EKU to be built | Andreas Steffen | 2015-12-11 | 1 | -2/+2 |
| | |||||
* | Use VICI 2.0 protocol version for certificate queries | Andreas Steffen | 2015-12-11 | 7 | -137/+288 |
| | |||||
* | Sort certificate types during enumeration | Andreas Steffen | 2015-12-11 | 1 | -39/+205 |
| | |||||
* | Define VICI protocol versions | Andreas Steffen | 2015-12-11 | 5 | -0/+88 |
| | |||||
* | testing: Added swanctl --list-algs output | Andreas Steffen | 2015-12-11 | 1 | -2/+5 |
| | |||||
* | testing: Converted tnc scenarios to swanctl | Andreas Steffen | 2015-12-11 | 386 | -2383/+5091 |
| | |||||
* | vici: Don't report memory usage via leak-detective | Tobias Brunner | 2015-12-11 | 2 | -18/+0 |
| | | | | | This slowed down the `swanctl --stats` calls in the test scenarios significantly, with not much added value. | ||||
* | testing: Use expect-connection in swanctl scenarios | Tobias Brunner | 2015-12-11 | 13 | -15/+37 |
| | | | | | Only in net2net-start do we have to use `sleep` to ensure the SA is up when the tests are running. | ||||
* | testing: The expect-connection helper may use swanctl to check for connections | Tobias Brunner | 2015-12-11 | 1 | -1/+7 |
| | | | | | | Depending on the plugin configuration in the test scenario either `ipsec statusall` or `swanctl --list-conns` is used to check for a named connection. | ||||
* | Print OCSP single responses | Andreas Steffen | 2015-12-11 | 3 | -5/+122 |
| | |||||
* | Standardized printing of certificate information | Andreas Steffen | 2015-12-11 | 5 | -968/+741 |
| | | | | | | | The certificate_printer class allows the printing of certificate information to a text file (usually stdout). This class is used by the pki --print and swanctl --list-certs commands as well as by the stroke plugin. | ||||
* | imv-attestation: Fix memory leaks when creating functional components | Tobias Brunner | 2015-12-11 | 3 | -6/+6 |
| | |||||
* | ipsec: Fix stop command on systems where sleep(1) only supports integers | Tobias Brunner | 2015-12-10 | 1 | -2/+7 |
| | | | | Fixes #1231. | ||||
* | Merge branch 'vici-undo-on-unload' | Martin Willi | 2015-12-07 | 6 | -26/+163 |
|\ | | | | | | | | | Undo start actions when unloading connections, and add some misc fixes and extensions to vici connection handling. | ||||
| * | vici: Fix documentation about the initiate/terminate timeout | Martin Willi | 2015-12-07 | 1 | -2/+2 |
| | | |||||
| * | vici: Honor an optionally passed IKE configuration name in initiate/install | Martin Willi | 2015-12-07 | 2 | -5/+13 |
| | | | | | | | | | | | | | | If two IKE configurations have CHILD configurations with the same name, we have no control about the CHILD_SA that actually gets controlled. The new "ike" parameter specifies the peer config name to find the "child" config under. | ||||
| * | vici: Support completely asynchronous initiating and termination | Martin Willi | 2015-12-07 | 2 | -5/+23 |
| | | | | | | | | | | | | In some situations the vici client is not interested in waiting for a timeout at all, so don't register a logging callback if the timeout argument is negative. | ||||
| * | vici: Use an empty local auth round if none given | Martin Willi | 2015-12-07 | 1 | -3/+2 |
| | | | | | | | | | | While it hardly makes sense to use none for negotiated SAs, it actually does when installing shunt policies. | ||||
| * | vici: Limit start action undoing to IKE_SAs using the base peer config name | Martin Willi | 2015-12-07 | 1 | -3/+7 |
| | | | | | | | | | | If two peer configs use the same child config names, potentailly delete the wrong CHILD_SA. Check the peer config name as well to avoid that. | ||||
| * | vici: Close empty IKE_SAs after undoing CHILD_SA start actions | Martin Willi | 2015-12-07 | 1 | -6/+44 |
| | | |||||
| * | vici: Use value based array to store CHILD_SA ids during restart | Martin Willi | 2015-12-07 | 1 | -5/+6 |
| | | | | | | | | | | The previous approach stored a pointer to a volatile stack variable, which works for a single ID, but not for multiple. | ||||
| * | array: Add an insert/create function for value based arrays | Martin Willi | 2015-12-07 | 3 | -0/+68 |
| | | |||||
| * | vici: Undo start actions when unloading configs | Martin Willi | 2015-12-07 | 1 | -0/+1 |
|/ | |||||
* | conf: Add support for escaping dots in section/option names | Tobias Brunner | 2015-12-04 | 1 | -15/+27 |
| | |||||
* | vici: Fix clean-local target for Perl bindings if they were not built | Tobias Brunner | 2015-12-04 | 1 | -1/+1 |
| | | | | | This is called when running `make distclean` (or indirectly via `make distcheck`). | ||||
* | byteorder: Provide a fallback for le32toh/htole32() | Martin Willi | 2015-12-04 | 1 | -0/+20 |
| | | | | | Some older toolchains don't provide these macros, so implement them using the gcc builtins. We also provide 64-bit variants as used by chapoly. | ||||
* | byteorder: Add 32-bit unaligned little-endian conversion functions | Martin Willi | 2015-12-04 | 2 | -21/+27 |
| | |||||
* | swanctl: Explicitly link against -lpthread and -ldl if required | Martin Willi | 2015-12-04 | 1 | -1/+2 |
| | | | | | We already do this for charon, as some toolchains require an explicit link even if libstrongswan already depends on it. | ||||
* | pki: Explicitly link against -lpthread and -ldl if required | Martin Willi | 2015-12-04 | 1 | -1/+4 |
| | | | | | We already do this for charon, as some toolchains require an explicit link even if libstrongswan already depends on it. | ||||
* | configure: Link against potential -ldl when checking for OpenSSL libcrypto | Martin Willi | 2015-12-04 | 1 | -1/+2 |
| | |||||
* | watcher: Check for cancellation if poll() fails with EINTR | Martin Willi | 2015-12-04 | 1 | -0/+7 |
| | | | | | | | With LinuxThreads, poll() is unfortunately no cancellation point. It seems that poll gets woken up after cancellation, but we actively must check for cancellation before re-entering poll to properly shut down the watcher thread. | ||||
* | Version bump to 5.4.0dr1 | Andreas Steffen | 2015-12-01 | 1 | -1/+1 |
| | |||||
* | Added Vici:Session Perl CPAN module to NEWS | Andreas Steffen | 2015-12-01 | 1 | -0/+8 |
| | |||||
* | Extended and refactored vici perl implementation | Andreas Steffen | 2015-12-01 | 3 | -80/+121 |
| | |||||
* | Built the CPAN file structure for the Vici::Session perl module | Andreas Steffen | 2015-12-01 | 16 | -72/+1044 |
| | |||||
* | Implement vici Perl binding | Andreas Steffen | 2015-12-01 | 9 | -0/+563 |
| | |||||
* | testing: Some more timing fixes | Andreas Steffen | 2015-12-01 | 2 | -2/+2 |
| | |||||
* | swanctl: Add --list-algs command to query loaded algorithms | Tobias Brunner | 2015-11-30 | 4 | -2/+110 |
| | |||||
* | vici: Add get-algorithms command to query loaded algorithms and implementations | Tobias Brunner | 2015-11-30 | 2 | -0/+116 |
| | |||||
* | NEWS: Added changes since 5.3.45.3.5 | Tobias Brunner | 2015-11-26 | 1 | -0/+9 |
| |