Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | vici: add (deprecated) async parameter | Timo Teräs | 2017-11-20 | 1 | -2/+3 |
| | | | | | | | This is obsoleted by the new "timeout=-1" option that achieves the same. Only for compatibility with old versions of quagga-nhrp. Signed-off-by: Timo Teräs <timo.teras@iki.fi> | ||||
* | vici: add support for individual sa state changes | Timo Teräs | 2017-11-20 | 1 | -0/+105 |
| | | | | | | Useful for monitoring and tracking full SA. Signed-off-by: Timo Teräs <timo.teras@iki.fi> | ||||
* | vici: send certificates for ike-sa events | Timo Teräs | 2017-11-20 | 1 | -7/+41 |
| | | | | Signed-off-by: Timo Teräs <timo.teras@iki.fi> | ||||
* | charon: add optional source and remote overrides for initiate | Timo Teräs | 2017-11-20 | 12 | -48/+218 |
| | | | | | | | | | | | This introduces support for specifying optional IKE SA specific source and remote address for child sa initiation. This allows to initiate wildcard connection for known address via vici. In addition this allows impler implementation of trap-any patches and is a prerequisite for dmvpn support. Signed-off-by: Timo Teräs <timo.teras@iki.fi> | ||||
* | ike: Adhere to IKE_SA limit when checking out by config | Tobias Brunner | 2017-11-20 | 1 | -34/+37 |
| | | | | | This prevents new SAs from getting created if we hit the global IKE_SA limit (we still allow checkout_new(), which is used for rekeying). | ||||
* | Version bump to 5.6.1HEAD5.6.1master | Andreas Steffen | 2017-11-17 | 2 | -2/+2 |
| | |||||
* | testing: Added swanctl/rw-cert-pss scenario | Andreas Steffen | 2017-11-17 | 12 | -0/+239 |
| | |||||
* | NEWS: Added some news for 5.6.1 | Tobias Brunner | 2017-11-17 | 1 | -1/+29 |
| | |||||
* | hashers: Change names of SHA2 hash algorithms | Tobias Brunner | 2017-11-17 | 1 | -8/+8 |
| | | | | | Keep the lower case names as they are as we use them internally (parsing and e.g. in OpenSSL as identifier). | ||||
* | ikev2: Add hash algorithm used for RSASSA-PSS signature to log message | Tobias Brunner | 2017-11-17 | 1 | -11/+41 |
| | |||||
* | hasher: Add uppercase short names for hash algorithms | Tobias Brunner | 2017-11-17 | 2 | -0/+23 |
| | |||||
* | testing: Configure logging via syslog in strongswan.conf | Tobias Brunner | 2017-11-15 | 98 | -167/+269 |
| | | | | | Globally configure logging in strongswan.conf.testing and replace all charondebug statements with strongswan.conf settings. | ||||
* | testing: Disable logging via journal in charon-systemd | Tobias Brunner | 2017-11-15 | 1 | -0/+3 |
| | | | | | This avoids duplicate log messages as we already log via syslog to get daemon.log. | ||||
* | testing: Globally define logging via syslog for charon-systemd | Tobias Brunner | 2017-11-15 | 291 | -2196/+43 |
| | | | | | | | We could make the same change for charon (actually setting it for charon in strongswan.conf.testing would work for charon-systemd too), however, there are dozens of test cases that currently set charondebug in ipsec.conf. | ||||
* | x509: Initialize signature params when parsing attribute certificates | Tobias Brunner | 2017-11-15 | 1 | -1/+1 |
| | |||||
* | sw-collector: Unmap history file on failure to instantiate extractor | Tobias Brunner | 2017-11-15 | 1 | -0/+1 |
| | |||||
* | charon: Explicitly check return value of fileno() | Tobias Brunner | 2017-11-15 | 2 | -2/+12 |
| | | | | | This is mainly for Coverity because fchown() can't take a negative value, which the -1 check implies is possible. | ||||
* | pkcs8: Add explicit comment for RSASSA-PSS fall-through | Tobias Brunner | 2017-11-15 | 1 | -0/+1 |
| | |||||
* | The pacman tool got replaced by the sec-updater tool | Tobias Brunner | 2017-11-15 | 5 | -11/+2 |
| | |||||
* | sec-updater: Fix typo in documentation | Tobias Brunner | 2017-11-15 | 1 | -1/+1 |
| | |||||
* | Fixed some typos, courtesy of codespell | Tobias Brunner | 2017-11-15 | 15 | -19/+19 |
| | |||||
* | swanctl: Add check for conflicting short options | Tobias Brunner | 2017-11-13 | 1 | -0/+9 |
| | |||||
* | swanctl: Properly register --counters commmand | Tobias Brunner | 2017-11-13 | 1 | -1/+1 |
| | | | | Use C instead of c, which is already used for --load-conns. | ||||
* | testing: Do not remove all swanctl subdirectories | Andreas Steffen | 2017-11-11 | 1 | -3/+3 |
| | |||||
* | Version bump to 5.6.1rc15.6.1rc1 | Andreas Steffen | 2017-11-11 | 3 | -2/+2615 |
| | |||||
* | Merge branch 'swanctl-testing' | Andreas Steffen | 2017-11-11 | 889 | -4915/+6964 |
|\ | |||||
| * | libimcv: Updated imv database | Andreas Steffen | 2017-11-11 | 1 | -4/+88 |
| | | |||||
| * | testing: Converterd tnc to systemd | Andreas Steffen | 2017-11-11 | 124 | -558/+338 |
| | | |||||
| * | testing: Converted sql to systemd | Andreas Steffen | 2017-11-11 | 85 | -101/+542 |
| | | |||||
| * | testing: Converted swanctl to systemd | Andreas Steffen | 2017-11-11 | 181 | -849/+1170 |
| | | |||||
| * | testing: Added legacy ipv6-stroke scenarios | Andreas Steffen | 2017-11-11 | 172 | -0/+2418 |
| | | |||||
| * | testing: Converted ipv6/rw-ip6-in-ip4-ikev2 to swanctl | Andreas Steffen | 2017-11-10 | 14 | -96/+158 |
| | | |||||
| * | testing: Converted ipv6/rw-ip6-in-ip4-ikev1 to swanctl | Andreas Steffen | 2017-11-10 | 14 | -96/+158 |
| | | |||||
| * | testing: Converted ipv6/net2net-ip6-in-ip4-ikev2 to swanctl | Andreas Steffen | 2017-11-10 | 11 | -66/+113 |
| | | |||||
| * | testing: Converted ipv6/net2net-ip6-in-ip4-ikev1 to swanctl | Andreas Steffen | 2017-11-10 | 11 | -63/+112 |
| | | |||||
| * | testing: Converted ipv6/rw-rfc3779-ikev2 to swanctl | Andreas Steffen | 2017-11-10 | 22 | -103/+161 |
| | | |||||
| * | testing: Converted ipv6/rw-compress-ikev2 to swanctl | Andreas Steffen | 2017-11-10 | 10 | -64/+109 |
| | | |||||
| * | testing: Converted ipv6/rw-psk-ikev2 to swanctl | Andreas Steffen | 2017-11-10 | 17 | -96/+174 |
| | | |||||
| * | testing: Converted ipv6/rw-psk-ikev1 to swanctl | Andreas Steffen | 2017-11-10 | 17 | -96/+175 |
| | | |||||
| * | testing: Converted ipv6/rw-ikev2 to swanctl | Andreas Steffen | 2017-11-10 | 14 | -104/+163 |
| | | |||||
| * | testing: Converted ipv6/rw-ikev1 to swanctl | Andreas Steffen | 2017-11-10 | 14 | -107/+160 |
| | | |||||
| * | testing: Converted ipv6/net2net-rfc3779-ikev2 to swanctl | Andreas Steffen | 2017-11-10 | 17 | -88/+128 |
| | | |||||
| * | testing: Converted ipv6/net2net-ip4-in-ip6-ikev2 to swanctl | Andreas Steffen | 2017-11-10 | 10 | -78/+117 |
| | | |||||
| * | testing: Converted ipv6/net2net-ip4-in-ip6-ikev1 to swanctl | Andreas Steffen | 2017-11-10 | 10 | -78/+113 |
| | | |||||
| * | testing: Converted ipv6/transport-ikev2 to swanctl | Andreas Steffen | 2017-11-10 | 11 | -76/+116 |
| | | |||||
| * | testing: Converted ipv6/transport-ikev1 to swanctl | Andreas Steffen | 2017-11-10 | 11 | -75/+112 |
| | | |||||
| * | testing: Converted ipv6/net2net-ikev2 to swanctl | Andreas Steffen | 2017-11-10 | 11 | -84/+119 |
| | | |||||
| * | testing: Converted ipv6/net2net-ikev1 to swanctl | Andreas Steffen | 2017-11-10 | 11 | -82/+118 |
| | | |||||
| * | testing: Converted ipv6/host2host-ikev2 to swanctl | Andreas Steffen | 2017-11-10 | 11 | -83/+115 |
| | | |||||
| * | testing: Converted ipv6/host2host-ikev1 to swanctl | Andreas Steffen | 2017-11-10 | 11 | -86/+111 |
| | |