aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* thread: Note that tread_cancellation_point temporarily activates cancelabilityMartin Willi2013-11-061-5/+4
|
* backtrace: Support backtracing even if library is not initializedMartin Willi2013-11-061-2/+2
| | | | But of course backtracing must be initialized anyway using backtrace_init().
* unit-tests: Enable libstrongswan tests even if --enable-unit-tests not setMartin Willi2013-11-061-3/+1
| | | | | | As we don't depend on the check framework anymore, we can enable the unit tests by default. These are built/executed with "make check" only, so it makes no sense to disable them.
* unit-tests: Implement testing framework without "check"Martin Willi2013-11-065-113/+956
|
* leak-detective: Call {gm,local}time_r() to allocate static bufferMartin Willi2013-11-061-0/+5
| | | | | On OS X Mavericks, these functions use a static allocation and are hard to whitelist using other means.
* leak-detective: Register OS X specific hooks just onceMartin Willi2013-11-061-0/+7
| | | | | If we initialize libstrongswan more than once in the same process, we may not register the hooks twice.
* leak-detective: Reset leak list during cleanupMartin Willi2013-11-061-0/+1
| | | | This resets leak detective state should it get created/destroyed more than once.
* leak-detective: Use callback functions to report leaks and usage informationMartin Willi2013-11-065-46/+157
| | | | This is more flexible than printing reports to a FILE.
* unit-tests: Move test suites to its own subfolderMartin Willi2013-11-0620-8/+22
|
* ikev2: Properly free DH secret in case of errors during IKE key derivationTobias Brunner2013-11-061-0/+3
| | | | Fixes #437.
* unit-tests: completed asn1_suiteAndreas Steffen2013-11-041-33/+55
|
* Updated test_runner.h with new suitesAndreas Steffen2013-11-031-0/+2
|
* unit-tests: 100% function coverage for asn1.cAndreas Steffen2013-11-032-6/+286
|
* unit-tests: 12 asn1 functions testedAndreas Steffen2013-11-023-1/+541
|
* Some minor refactoring in asn1.cAndreas Steffen2013-11-021-11/+17
|
* Do not free zero-length integerAndreas Steffen2013-11-021-5/+10
|
* unit-tests: Added tests for pen_type_tAndreas Steffen2013-11-013-1/+89
|
* Added IFOM_CAPABILITY notify message typeAndreas Steffen2013-11-012-6/+10
|
* Updated copyright statementAndreas Steffen2013-11-011-5/+7
|
* charon-xpc: Set AUTH_RULE_IDENTITY_LOOSE on responder configMartin Willi2013-11-011-0/+4
| | | | | This allows the server to use a different IKE identity as long as the configured hostname is contained in the certificate.
* ike: Don't immediately DPD after deferred DELETEs following IKE_SA rekeyingMartin Willi2013-11-011-0/+8
| | | | | | | Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, which is perfectly valid. For short(er) DPD delays, this leads to the situation where we send a DPD request during set_state(), but the IKE_SA has no hosts set yet. Avoid that DPD by resetting the INBOUND timestamp during set_state().
* ikev1: Properly initialize list of fragments in case fragment ID is 0Volker Rümelin2013-10-311-1/+1
| | | | Fixes CVE-2013-6076.
* identification: Properly check length before comparing for binary DN equalityMartin Willi2013-10-311-1/+1
| | | | Fixes CVE-2013-6075.
* unit-tests: Additionally do reverse match checking with empty identitiesMartin Willi2013-10-311-0/+55
|
* unit-tests: Test matching against some empty data identitiesMartin Willi2013-10-311-0/+44
|
* unit-tests: Test for equality against some empty data identitiesMartin Willi2013-10-311-0/+43
|
* unit-tests: Let identity equality test fail if a->equals(b) != b->equals(a)Martin Willi2013-10-311-1/+1
|
* PB-TNC PDP_REFERRAL message doesn't have to be in RESULT batchAndreas Steffen2013-10-311-1/+1
|
* updown: fix segfault when interface name can't be resolvedAnsis Atteka2013-10-301-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The child_updown() function sets up environment variables to the updown script. Sometimes call to hydra->kernel_interface->get_interface() could fail and iface variable could be left uninitialized. This patch fixes this issue by passing "unknown" as interface name. Here is the stacktrace: 0 0x00007fa90791f445 in raise () from /lib/x86_64-linux-gnu/libc.so.6 1 0x00007fa907922bab in abort () from /lib/x86_64-linux-gnu/libc.so.6 2 0x0000000000401ed7 in segv_handler (signal=11) at charon.c:183 3 <signal handler called> 4 0x00007fa90793221f in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6 5 0x00007fa9079f0580 in __vsnprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6 6 0x00007fa9079f04c8 in __snprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6 7 0x00007fa8f9b95b86 in snprintf ( __fmt=0x7fa8f9b961b8 "2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='%s%s%s' PLUTO_CONNECTION='%s' PLUTO_INTERFACE='%s' PLUTO_REQID='%u' PLUTO_ME='%H' PLUTO_MY_ID='%Y' PLUTO_MY_CLIENT='%H/%u' PLUTO_MY_PORT='%u' PLUTO_MY_PROTOCOL='%u"..., __n=1024, __s=0x7fa8f7923440 "2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-host' PLUTO_CONNECTION='remote-40.0.0.40' PLUTO_INTERFACE='\367\250\177") at /usr/include/x86_64-linux-gnu/bits/stdio2.h:65 8 child_updown (this=0x8486b0, ike_sa=0x7fa8e4005f80, child_sa=0x7fa8d4008290, up=true) at updown_listener.c:308 9 0x00007fa907ecc11c in ?? () from /usr/lib/strongswan/libcharon.so.0 10 0x00007fa907ef89bf in ?? () from /usr/lib/strongswan/libcharon.so.0 11 0x00007fa907ef2fc8 in ?? () from /usr/lib/strongswan/libcharon.so.0 12 0x00007fa907ee84ff in ?? () from /usr/lib/strongswan/libcharon.so.0 13 0x00007fa907ee3067 in ?? () from /usr/lib/strongswan/libcharon.so.0 14 0x00007fa90835e8fb in ?? () from /usr/lib/strongswan/libstrongswan.so.0 15 0x00007fa908360d30 in ?? () from /usr/lib/strongswan/libstrongswan.so.0 16 0x00007fa907cade9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 17 0x00007fa9079db4bd in clone () from /lib/x86_64-linux-gnu/libc.so.6 18 0x0000000000000000 in ?? () Signed-Off-By: Ansis Atteka <aatteka@nicira.com>
* ipsec: Updated ipsec(8)Tobias Brunner2013-10-292-97/+126
|
* ipsec: Remove unused distro.txtTobias Brunner2013-10-291-2/+0
|
* utils: Include stdio.h for fmemopen() replacementTobias Brunner2013-10-291-0/+1
| | | | | This might now be required because Vstr is not necessarily required anymore, which means stdio.h might not be pulled in by prinf_hook.h.
* Use exact mask when calling umask(2)Tobias Brunner2013-10-293-3/+3
| | | | | | Due to the previous negation the high bits of the mask were set, which at least some versions of the Android build system prevent with a compile-time check.
* whitelist: Read multiple commands until client closes connectionMartin Willi2013-10-291-30/+28
| | | | | This restores the same behavior we had before e11c02c8, and fixes the whitelist add/remove-from command.
* libtnccs: Add dummy entry to pb_tnc_tcg_msg_infosTobias Brunner2013-10-291-1/+2
| | | | | That's required because the first message type in pb_tnc_tcg_msg_type_t is 1 not 0.
* swid: Properly clean up after reading SWID tagTobias Brunner2013-10-291-2/+3
|
* Fixed some typosTobias Brunner2013-10-294-4/+4
|
* charon-xpc: Load missing eap-md5 plugin after enabling itMartin Willi2013-10-281-1/+1
|
* charon-xpc: Disable warnings about deprecated functionsMartin Willi2013-10-281-1/+1
| | | | This avoids all the deprecated warnings when using OpenSSL functins.
* charon-xpc: Avoid -all_load linker flagMartin Willi2013-10-281-1/+0
| | | | This seems to be not required anymore with the LLVM 5 toolchain.
* charon-xpc: Properly xpc_retain() connections we xpc_release()Martin Willi2013-10-282-0/+2
|
* charon-xpc: Properly cast SA identifier to uintptr representationMartin Willi2013-10-281-1/+1
|
* charon-xpc: Don’t build against libvstr anymoreMartin Willi2013-10-282-14/+4
| | | | We now have our own printf backend and use it instead of Vstr.
* charon-xpc: Build with EAP-MD5 supportMartin Willi2013-10-281-2/+2
|
* utils: Fix check for fmemopen() fallback implementationMartin Willi2013-10-242-2/+3
|
* unit-tests: Set sa_len in sockaddr template data, if requiredMartin Willi2013-10-241-0/+6
|
* printf-hook-builtin: Don't rely on isinf() return value signednessMartin Willi2013-10-241-8/+9
| | | | | Many systems don't return a negative value for negative infinities; so do a separate check.
* watcher: Rebuild fdset when select() failsMartin Willi2013-10-241-1/+12
| | | | | | This should make sure we refresh the fdset if a user closes an FD it just removed. Some selects() seem to complain about the bad FD before signaling the notification pipe.
* rwlock: Disable thread cancelability while waiting in (fallback) rwlockMartin Willi2013-10-241-0/+7
| | | | | | An rwlock wait is not a thread cancellation point. As a canceled thread would not have released the mutex, the rwlock would have been left in unusable state.
* rwlock: Don't use buggy pthread_rwlock on OS XMartin Willi2013-10-241-0/+7
| | | | Recursive read locks don't seem to work properly, at least on 10.9.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-10 02:56:45 +0000