| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
cause a crash of the charon daemon if the verbose debug level 3 (raw hex dump) for the asn subsystem is enabled.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Is a bit more memory efficient (also due to lazy instantiation) and
lookups for sections with lots of subsections/keys (e.g. charon.plugins) are
faster.
|
| |
|
|
| |
Cygwin for example does not support qsort_r.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This now works because all plugins use the same config namespace.
If <ns>.load_modular is true, the list of plugins to load is determined
via the value of the <ns>.plugins.<name>.load options.
Using includes the following is possible:
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}
charon-cmd {
load_modular = yes
plugins {
include strongswan.d/charon-cmd/*.conf
}
}
Where each .conf file would contain something like:
<name> {
load = yes
<option> = <value>
}
To increase the priority of individual plugins load = <priority> can be
used (the default is 1). For instance, to use openssl instead of the
built-in crypto plugins set in strongswan.d/charon/openssl.conf:
openssl {
load = 10
}
If two plugins have the same priority their order in the default plugin
list is preserved. Plugins not found in that list are ordered
alphabetically before other plugins with the same priority.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
All settings in the configured global namespace fall back to libstrongswan.
|
| | |
|
| |
|
|
|
| |
The fallbacks are currently only used for single value lookups.
Enumerators are not affected by them.
|
| |
|
|
|
| |
The key to print (e.g. until the next .) still has to be
null-terminated.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
On x86 we allow "overflows" around 1969/1970 but not for other dates.
Fixes #509.
|
| | |
|
| |
|
|
| |
On FreeBSD (null) is printed for NULL even if the precision is 0.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
If realloc return a pointer value different from the value to be
reallocated, a double free can occur in this context.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
|
| |
|
|
|
| |
As having no get_features() raises a deprecated warning, we return no features
instead.
|
| |
|
|
|
| |
When having RDRAND support, these log messages might be confusing when using
pki or other tools.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This avoids passing that arbitrary label just for error messages, and gives
greater flexibility in handling errors.
|
| | |
|
| |
|
|
|
|
|
|
| |
When acting on files, we can use fstat() to estimate the buffer size. On
non-file FDs, we dynamically increase an allocated buffer.
Additionally we slightly change the function signature to properly handle
zero-length files and add appropriate unit tests.
|
| | |
|
| |
|
|
|
|
|
| |
cURL requires the URIs to be URL-encoded. Apparently, some CAs encode CRL
URIs with spaces in them.
Fixes #454.
|
| | |
|
| |
|
|
| |
This is also required if charon-cmd is used with capability dropping.
|
| |
|
|
|
| |
As we except to get more and more test runners for the different components,
we add a name to easily identify them on the test output.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
When changing async callbacks on streams, we have to make sure the watcher
callback is not currently active and has temporarily disabled callbacks. This
could have been the case, as we didn't explicitly removed any pending
watcher registration if both callbacks are NULL.
By enforcing the watcher unregistration, we are sure the watcher callback is
not active and currently is not mangling the callback hooks. This should make
sure we avoid any races for the callback variables.
|
| |
|
|
|
|
|
|
|
| |
If a proposal string cannot be matched to a token using strcmp (e.g. if
you want to register a whole class of algorithms containing their ID,
like my_alg_2342), you can use the provided function to register a
parser that transforms the given string into a proposal token.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
|
| |
|
|
|
|
|
| |
If TESTS_REDUCED_KEYLENGTHS is set RSA and ECDSA keys are only generated
for the lowest configured key length.
Fixes #474.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The hook data counts remaining buffer bytes, not used ones. Counting them
correctly fixes a crash for long hexdumps.
Further, print_in_hook() must return the number of bytes that would have been
written, not the actually written bytes. This is important, as we allocate a
dynamic buffer in bus that relies on the exact byte count. Fixes long hexdumps
that got truncated.
|
| |
|
|
|
|
|
|
| |
The two constants overflow time_t on i386 (they also produced a compiler
warning without type suffix) so the comparison with TIME_32_BIT_SIGNED_MAX
did not work as intended.
Fixes #477.
|
| |
|
|
|
|
|
|
| |
Our SipHash-2-4 implementation returns the result in host order, while
the test vectors are little-endian. Use a custom comparison function to
account for this.
Fixes #478.
|
