| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
We could make the same change for charon (actually setting it for charon
in strongswan.conf.testing would work for charon-systemd too), however,
there are dozens of test cases that currently set charondebug in
ipsec.conf.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This took a while as in the OpenSSL package shipped with Debian and on which
our FIPS-enabled package is based, the function SSL_export_keying_material(),
which is used by FreeRADIUS to derive the MSK, did not use the correct digest
to calculate the result when TLS 1.2 was used. This caused IKE to fail with
"verification of AUTH payload with EAP MSK failed". The fix was only
backported to jessie recently.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.
We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
