aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* 128 bit default security strength requires 3072 bit prime DH groupAndreas Steffen2015-12-1435-83/+83
|
* swanctl --stats lists loaded pluginsAndreas Steffen2015-12-131-0/+12
|
* testing: swanctl/rw-cert scenario tests password-protected RSA keyAndreas Steffen2015-12-122-0/+38
|
* Upgraded IKE and ESP proposals in swanctl scenarios to consistent 128 bit ↵Andreas Steffen2015-12-1246-237/+83
| | | | security
* Refactored certificate management for the vici and stroke interfaces5.4.0dr1Andreas Steffen2015-12-1212-307/+286
|
* Modified vici_cert_info class for use with load_creds and vici_credAndreas Steffen2015-12-112-59/+31
|
* Changed some certificate_type_names and added x509_flag_namesAndreas Steffen2015-12-114-5/+37
|
* Removed VICI protocol versioningAndreas Steffen2015-12-116-102/+7
|
* Use of certificate_printer by swanctl --list-certs commandAndreas Steffen2015-12-112-496/+25
|
* Share vici_cert_info.c with vici_cred.cAndreas Steffen2015-12-116-43/+73
|
* Allow msSmartcardLogon EKU to be builtAndreas Steffen2015-12-111-2/+2
|
* Use VICI 2.0 protocol version for certificate queriesAndreas Steffen2015-12-117-137/+288
|
* Sort certificate types during enumerationAndreas Steffen2015-12-111-39/+205
|
* Define VICI protocol versionsAndreas Steffen2015-12-115-0/+88
|
* testing: Added swanctl --list-algs outputAndreas Steffen2015-12-111-2/+5
|
* testing: Converted tnc scenarios to swanctlAndreas Steffen2015-12-11386-2383/+5091
|
* vici: Don't report memory usage via leak-detectiveTobias Brunner2015-12-112-18/+0
| | | | | This slowed down the `swanctl --stats` calls in the test scenarios significantly, with not much added value.
* testing: Use expect-connection in swanctl scenariosTobias Brunner2015-12-1113-15/+37
| | | | | Only in net2net-start do we have to use `sleep` to ensure the SA is up when the tests are running.
* testing: The expect-connection helper may use swanctl to check for connectionsTobias Brunner2015-12-111-1/+7
| | | | | | Depending on the plugin configuration in the test scenario either `ipsec statusall` or `swanctl --list-conns` is used to check for a named connection.
* Print OCSP single responsesAndreas Steffen2015-12-113-5/+122
|
* Standardized printing of certificate informationAndreas Steffen2015-12-115-968/+741
| | | | | | | The certificate_printer class allows the printing of certificate information to a text file (usually stdout). This class is used by the pki --print and swanctl --list-certs commands as well as by the stroke plugin.
* imv-attestation: Fix memory leaks when creating functional componentsTobias Brunner2015-12-113-6/+6
|
* ipsec: Fix stop command on systems where sleep(1) only supports integersTobias Brunner2015-12-101-2/+7
| | | | Fixes #1231.
* Merge branch 'vici-undo-on-unload'Martin Willi2015-12-076-26/+163
|\ | | | | | | | | Undo start actions when unloading connections, and add some misc fixes and extensions to vici connection handling.
| * vici: Fix documentation about the initiate/terminate timeoutMartin Willi2015-12-071-2/+2
| |
| * vici: Honor an optionally passed IKE configuration name in initiate/installMartin Willi2015-12-072-5/+13
| | | | | | | | | | | | | | If two IKE configurations have CHILD configurations with the same name, we have no control about the CHILD_SA that actually gets controlled. The new "ike" parameter specifies the peer config name to find the "child" config under.
| * vici: Support completely asynchronous initiating and terminationMartin Willi2015-12-072-5/+23
| | | | | | | | | | | | In some situations the vici client is not interested in waiting for a timeout at all, so don't register a logging callback if the timeout argument is negative.
| * vici: Use an empty local auth round if none givenMartin Willi2015-12-071-3/+2
| | | | | | | | | | While it hardly makes sense to use none for negotiated SAs, it actually does when installing shunt policies.
| * vici: Limit start action undoing to IKE_SAs using the base peer config nameMartin Willi2015-12-071-3/+7
| | | | | | | | | | If two peer configs use the same child config names, potentailly delete the wrong CHILD_SA. Check the peer config name as well to avoid that.
| * vici: Close empty IKE_SAs after undoing CHILD_SA start actionsMartin Willi2015-12-071-6/+44
| |
| * vici: Use value based array to store CHILD_SA ids during restartMartin Willi2015-12-071-5/+6
| | | | | | | | | | The previous approach stored a pointer to a volatile stack variable, which works for a single ID, but not for multiple.
| * array: Add an insert/create function for value based arraysMartin Willi2015-12-073-0/+68
| |
| * vici: Undo start actions when unloading configsMartin Willi2015-12-071-0/+1
|/
* conf: Add support for escaping dots in section/option namesTobias Brunner2015-12-041-15/+27
|
* vici: Fix clean-local target for Perl bindings if they were not builtTobias Brunner2015-12-041-1/+1
| | | | | This is called when running `make distclean` (or indirectly via `make distcheck`).
* byteorder: Provide a fallback for le32toh/htole32()Martin Willi2015-12-041-0/+20
| | | | | Some older toolchains don't provide these macros, so implement them using the gcc builtins. We also provide 64-bit variants as used by chapoly.
* byteorder: Add 32-bit unaligned little-endian conversion functionsMartin Willi2015-12-042-21/+27
|
* swanctl: Explicitly link against -lpthread and -ldl if requiredMartin Willi2015-12-041-1/+2
| | | | | We already do this for charon, as some toolchains require an explicit link even if libstrongswan already depends on it.
* pki: Explicitly link against -lpthread and -ldl if requiredMartin Willi2015-12-041-1/+4
| | | | | We already do this for charon, as some toolchains require an explicit link even if libstrongswan already depends on it.
* configure: Link against potential -ldl when checking for OpenSSL libcryptoMartin Willi2015-12-041-1/+2
|
* watcher: Check for cancellation if poll() fails with EINTRMartin Willi2015-12-041-0/+7
| | | | | | | With LinuxThreads, poll() is unfortunately no cancellation point. It seems that poll gets woken up after cancellation, but we actively must check for cancellation before re-entering poll to properly shut down the watcher thread.
* Version bump to 5.4.0dr1Andreas Steffen2015-12-011-1/+1
|
* Added Vici:Session Perl CPAN module to NEWSAndreas Steffen2015-12-011-0/+8
|
* Extended and refactored vici perl implementationAndreas Steffen2015-12-013-80/+121
|
* Built the CPAN file structure for the Vici::Session perl moduleAndreas Steffen2015-12-0116-72/+1044
|
* Implement vici Perl bindingAndreas Steffen2015-12-019-0/+563
|
* testing: Some more timing fixesAndreas Steffen2015-12-012-2/+2
|
* swanctl: Add --list-algs command to query loaded algorithmsTobias Brunner2015-11-304-2/+110
|
* vici: Add get-algorithms command to query loaded algorithms and implementationsTobias Brunner2015-11-302-0/+116
|
* NEWS: Added changes since 5.3.45.3.5Tobias Brunner2015-11-261-0/+9
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-30 12:54:28 +0000