[Swan-commit] Changes to ref refs/heads/ikev2-feature
mrogers at vault.libreswan.fi
mrogers at vault.libreswan.fi
Sun Sep 29 06:57:32 EEST 2013
New commits:
commit 17c6f287158e2333ed829dd734034964a50e7174
Merge: 294ae0f 30bdea6
Author: Matt Rogers <mrogers at redhat.com>
Date: Thu Sep 26 23:29:16 2013 -0400
Merge branch 'master' into ikev2-feature
Conflicts:
programs/pluto/ikev2.c
commit 294ae0fb0b069e0bf4f241a896f2c287d627fcb0
Author: Matt Rogers <mrogers at redhat.com>
Date: Thu Sep 26 23:22:41 2013 -0400
ikev2 - coding style cleanups
commit 30bdea6b736458d98cf3d685939487b65e81391c
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 26 19:17:05 2013 -0400
testing: added dnssec-pluto-01
This test shows there is no problem with /etc/hosts lookup when
we use libunbound
commit 0ecdde349c631a4e1582c24459cc07625803cba1
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 26 16:38:55 2013 -0400
confwrite: its left/rightrsasigkey, not left/rightrsakey
commit b3576c6a9370f38c68edb5ec908d49ecc97b383b
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 25 12:34:06 2013 -0400
Remove some remnants of blowfish defines in Makefiles
commit 9a367cf70e7b121b639be139f430830fcc4a4499
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 26 13:45:45 2013 -0400
updated changes
commit d8dd4ae236182144aa69ebc54cb4fbd15be12ee8
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 26 13:38:46 2013 -0400
XFRM/NETKEY and KAME/BSD: Added support for setting IPsec SA reqid
The reqid is exposed in _updown as PLUTO_SA_REQID. It can be used with tools
such as iptables.
It was required to put IPSEC_MANUAL_REQID_MAX in the platform specific sysdep.h
files for linux, freebsd and darwin.
commit 9f3cfc5cd315f855f34c3d49592e18fed7e292ca
Merge: 325c081 e4a4c38
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 26 11:37:20 2013 -0400
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
commit 325c0816f4b12aee2313fba27c38e472eb4d51a2
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 26 11:21:22 2013 -0400
clarify message is a warning, not error when include file not found
commit e4a4c38d9c6713648f4fa9fbcaef41355beecf8d
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Sep 25 23:49:33 2013 -0400
Reduce scope of some xauth declarations.
Get rid of GCC __attribute__ that was unnecessary.
commit 70d9bd865691ec8f5840cecba54c58d6484d1d2b
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 25 23:11:35 2013 -0400
updated changes
commit 4a4d90f4bba776fcfe198a37d99583dbd2fdfd3a
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 25 18:29:05 2013 -0400
updated changes
commit 481b7579bced18208e907afa639c61a153658719
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Sep 26 00:19:55 2013 +0300
programs/Makefile.programs: remove unused Makefile.depend generation
commit 320dac3f75ce11316f67ab43644c9abcc4656251
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Sep 26 00:01:55 2013 +0300
certload.c: fix merge conflict
commit f7bb47790588e407807c7bb5d2bdef8ede7f425a
Merge: 583c827 ceba89a
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Sep 25 23:55:02 2013 +0300
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 583c827b09de09da7c632fff0ee5f34e6dd1f5d0
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Sep 25 23:40:28 2013 +0300
Makefiles: add dynamic creation of Makefile.depends during build
commit ceba89adf80facff69e966038bb616dee2dc84f8
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 25 15:01:59 2013 -0400
Improved certificate loading/sharing error messages
When cert.type is CERT_NONE, quietly ignore it like we did before,
as some routines call it even without confirming certificates are
involved. Log the type number and name of the unexpected cert if
type is neither NONE or X.509
commit 46f8d3acea526f4128ad756a3cdc6ca774a2e64a
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 25 15:01:29 2013 -0400
reluctantly re-introduced vid_struct_init
commit cad2a8b622e602b7005c6c1f47da8165785ba88e
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 25 14:01:04 2013 -0400
distinguish two identical error messages
commit f9167a0925217231b89161e57e9ffc98b9121dea
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Sep 25 13:43:58 2013 -0400
remove some extern declarations from .c files
commit 8c841ff95dbc5971a703c8a4b29960dc2988e444
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Sep 25 13:19:54 2013 -0400
de-uncrustify odd initializer
clarify vendorid hashing code
commit 2d90981ba5c4390021ac9013289bfe3e511d12f1
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Sep 25 10:38:01 2013 -0400
suppress over-eager diagnostic
commit 4c7457fcd5af2474165edeef51e438b73f88005f
Author: Tuomo Soini <tis at foobar.fi>
Date: Wed Sep 25 10:39:11 2013 +0300
testing/crypto: fix Makefile.depends after removal of PGP code
commit 68689070505dc591e5231ef56269fcea0a11082a
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Sep 24 15:14:00 2013 -0400
suppress over-eager diagnostic
commit b2a3a80764e06fc6681c694db723d32a14fb0344
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Sep 24 14:02:45 2013 -0400
Mode Config messages can contain only one MODE_ATTR payload: no need to loop
commit d0057d33bcee28b7e896b59a2627f268aecf6b70
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Tue Sep 24 13:06:31 2013 -0400
add missing semicolon
commit 7590bb72a4fbdbb3a5cd5ba1b84d24f9e5b09a87
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 24 11:19:20 2013 -0400
updated changes
commit 70566d65065aabd9fc968edd7d0c94e0d6c29902
Author: Mattias Walström <lazzer at gmail.com>
Date: Tue Sep 24 11:17:03 2013 -0400
NETLINK: Change Update SA to Add SA when existing SA is not found
What my patch actually does is handle the error codes from the kernel,
when libreswan fails to update an SA that (for some reason) does not
exist in the kernel, handle the error code and insert the SA in the
kernel as a new SA.
Signed-off-by: Paul Wouters <pwouters at redhat.com>
commit fb0cfac412b98e075246d462c6e4c48dac1f4cd5
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Sep 24 14:10:20 2013 +0300
ikev1_main.c: manual whitespace cleanup
commit 4a2c691f10b4f9b4881977ece002ad2998f8a944
Author: Tuomo Soini <tis at foobar.fi>
Date: Tue Sep 24 13:59:19 2013 +0300
connections.c: manual cleanup
Cleaning up after uncrustify mess
commit baca49ff7569d34b4a0b1cbc0812b319e95ea4a5
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Sep 23 19:49:40 2013 -0400
testing: ensure output for status regarding LABELED_IPSEC is consistent
Compiled in but not used shows up the same as not compiled in
commit 4cc2191551087ed435c0b099b3f37e43507ce29e
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Sep 23 23:56:56 2013 +0300
ikev1_main.c: cleanup whitespace problems
commit e98eb3ca3ac7947140a469421d09220c59eea288
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Sep 23 23:38:55 2013 +0300
ikev1_main.c: manual cleanup
Cleaned up comments and tried to get comments and coding
style more readable after automatic formatting.
commit eaa922b5b46d9dc869ce8198f8a6a3c71cede5f0
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Sep 23 10:31:09 2013 -0400
fixup two comments related to PGP
commit 43620a0e93c1df9d33c439324561ae1e18121a19
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Sep 23 11:35:54 2013 +0300
initial_contact logging fix
Fixes da32a9eed2f0e9d9faab4aac708f8a78d3fc96ef
commit da32a9eed2f0e9d9faab4aac708f8a78d3fc96ef
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 23:16:23 2013 -0400
change logging for initial_contact to regular debug log message
commit 217ff11d5d0807a9da670d81d3a6eb82891fe9a0
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 20:58:57 2013 -0400
fix format string (%d vs %lu)
commit 309d76a2e05a76de88c0e49a2febf6ad6bda5df3
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 20:55:44 2013 -0400
remove 1des from ipsec_ocf.c
commit b593d3ebaea8c72f1eebc194b30c3fa22cbc55f0
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 20:50:57 2013 -0400
updated changes
commit aef27f710ef509f964b3722d7d83d6e7ae57ee1d
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 20:49:48 2013 -0400
CRYPTO: Remove blowfish (use twofish instead)
Bruce Scheier himself doesn't recommend using it anymore
commit 9f38947162522bde7ecbd7ed472555e6644d6119
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 20:25:10 2013 -0400
updated changes
commit 89bf46b065aa9708ef5e31470153ca3f4425e7f9
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 20:24:12 2013 -0400
Remove USE_MODP_RFC5114 flag. Support is always compiled in
commit 2772285cb77be8b09189b544eb9f7264c7b088ab
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 20:23:53 2013 -0400
manpage: fix xml typo
commit a13279c1497235af74aadd05edfc6490824b1c03
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 18:48:19 2013 -0400
updated changes
commit 31e9971325415f7b030161d82684d3cf6ad209a0
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 18:45:12 2013 -0400
pluto: Support for priority= option to set IPsec SA kernel priority
Currently only implemented for NETKEY. This allows setting the priority in
the kernel when matching a packet against a policy. This has been added to
allow setting a lower priority for "anonymous IPsec" and "Opportunistic
IPsec". These type of connections should always be picked last - making
them "better then cleartext, worse then authenticated encryption"
commit 620a5401d8e54f8cf07736d97bb9c2ca2510bde1
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 14:21:10 2013 -0400
set md->dpd to TRUE (not 1)
commit 939410ab2d81a2b26520e5b66a50a5cc17ec9f2e
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 14:18:53 2013 -0400
vendor.c: no need to set vid_useful to TRUE - that's the default
commit 1a767cb6238791252386e98c92c1ac675a180ee9
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 13:59:23 2013 -0400
docs: removed obsoleted USE_TAPROOM docs
commit 0eb4fe93418994628bd56848d3d2ab6c39f21d3e
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 13:58:16 2013 -0400
nortel: Remove unused st_seen_vendorid and fix the nortel interop check
commit 9ea10f4dfabdfa0258b2a146c758049815f898e8
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 13:55:49 2013 -0400
testing: deleted USE_TAPROOM testcases
commit b07ce6043bd3475cba1b2a088b74d03f2f4d0778
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 13:55:39 2013 -0400
testing: fixup x509-pluto-02
commit f65c5afd4c233a5fa7a83e2d0be512c6b1174b5c
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 13:54:23 2013 -0400
testing: add plutolog, remove oe= option
commit b512b62b9616c2661eef2dcd32948f22e6fd5360
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 13:52:51 2013 -0400
testing: set md5 in interop-ikev2-strongswan-05-psk-md5
commit 4c7467f98865fbaf11b4a65661c317116cf10af9
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 22 13:09:40 2013 -0400
install: Fix rhel[56] service file.
We installed the generic init.d/ipsec file instead of the rhel[56] version
when using the rhel spec file from packaging/rhel/
Also renamed init.rhel.in to init.rhel because it requires no postprocessing
to replace @VALUES@ as it is tailored already for rhel specifically.
commit bfcc10b1bc6c1d3601d384b1fb66d11cee472c2c
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 20 21:14:38 2013 -0400
Removed very questionable use of PB_STREAM_UNDEFINED
It was defined in programs/pluto/keys.c but would only affect
nat_traversal.[ch]. It never had any effect.
commit cc86ba1d5dfdf0d96017ea74430ebd16a78ce32d
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 20 21:10:47 2013 -0400
nat_traversal_insert_vid() no longer needs to pass the state
It was needed to check remote_peer_type=cisco which was used to
suppress sending the NATT draft 02/02n/03 versions. That check was
removed.
commit b022571fe26327f7acb4c786d63539b36a1645aa
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 20 20:58:43 2013 -0400
add const modifier to the myvid char
commit 936095a362103095666a54730f239ac074db97b4
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 20 20:44:12 2013 -0400
updated changes
commit 53e2fb1d5c4b83a04f71a30f547ba53340c13880
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 20 20:42:53 2013 -0400
Removed USE_TAPROOM functionality
It has been unmaintained and untested for years
commit 1b506af41d324a3aa41ff37276dae85dfefd5d3f
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 20 20:40:44 2013 -0400
reran make depend
commit f5bc6fcfd575098ce26a324f132977ba5cf4932a
Merge: 04d5fef 66f0479
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 20 19:53:19 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 04d5fefa555ed082ac20ede692d344c16f5f4787
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 20 19:43:02 2013 -0400
testing: updated ikev2-allow-narrow-05
commit 311ed21c1f3fd3ef99b99430e2aa47abdfd5a9f1
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 20 19:41:04 2013 -0400
updated some comments in rnd*.c
commit 66f0479ee494b56ef9f1bb128a2a568539bf51a1
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 17 21:53:18 2013 -0400
XAUTH code cleanup
commit 2a82a654285b299b3b544d053688a223f97a6749
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 17 16:42:47 2013 -0400
vendorid cleanup
commit 4fc9a998dba566363982860e42c41e88f112d09d
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 19 12:26:45 2013 -0400
verify: remove TCP checks - IETF picked IKEv2 fragementationt over TCP
commit a6daec91401004a2ca3ed0b2f8e5da90886ffb50
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Sep 19 09:34:18 2013 -0400
remove obsoleted references to copyright.c
commit 1fbb4c1443177e075678cf0e3c6d9125288bb002
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Sep 19 14:37:17 2013 +0300
ietf_constants.h: coding style cleanup
commit 908e8ecdc7bebd00b7cf8059113524a982f699e7
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Sep 19 14:33:41 2013 +0300
biglset: add missing includes caused by removal of biglset
commit 6460b862e4d7931caca1684e5ff4f4a18eb49804
Author: Tuomo Soini <tis at foobar.fi>
Date: Thu Sep 19 10:23:48 2013 +0300
biglset: get rid of rest of it
this is rest of the work commit 083759bb558bc5a4aae91f14fb61afb35a483ed1
started
commit 083759bb558bc5a4aae91f14fb61afb35a483ed1
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Sep 18 23:22:48 2013 -0400
get rid of unused bitlset mechanism
commit 668d5eedb38ec60805531438c3c06c1f2b298637
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Sep 18 23:16:48 2013 -0400
xauth.c tidying
commit cf986083aaf8532f51a7ae7e4997ca0c190b3488
Merge: 3535dd7 c7d6bef
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Sep 18 21:45:20 2013 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 3535dd701ee7a0d15870c83d379453e7dbeda04f
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Sep 18 21:43:57 2013 -0400
Another step to make lelem_t capacity more symbolic
commit c7d6beff4461ebe4e2389d7ccc6f649b0f3ce90c
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 18 17:23:17 2013 -0400
FIPS: remove generating and installing ot .hmac files in make install
This can never work because package managers will strip the binaries
into debug packages and only then should the .hmac files be created.
So all .hmac handling, apart from the plutomain.c check itself, has
to happen in the spec file.
commit 23a359a46fb8266ff7780bb47bed901d2045221a
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Sep 18 16:02:22 2013 -0400
Be a bit more symbolic about the capactity of lelem_t
commit de1c281a36e9a6a1cefc7d01fe717817a284520b
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Sep 18 16:00:25 2013 -0400
get type right in format string
commit 5af9053c54d753dca3f608ed8ad4a27a24bcb268
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Sep 18 15:26:51 2013 -0400
one magic number is bad enough, but two that have to be equal is dangerous
commit 5adfc4aeb833ab5de835392efbefd39caffbcb72
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Sep 18 14:57:28 2013 -0400
Tidy xauth code
- better exploit the packet parsing machinery
- simplify control flow
- fix a few bugs: missing break, looping over wrong datastructure, bad set operations
There are still some mysteries!
commit bb5fc6b81c77e456eb2c6945a5c5a8df339fa5fa
Merge: fdaccf7 5415168
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Sep 18 14:32:34 2013 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit fdaccf7b3e916e228c296204ca7e8d131d0418de
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Wed Sep 18 14:19:19 2013 -0400
fix uncrustify indentation
commit 5415168933d7198f96b29ae6741a106efc30df0a
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 17 23:02:28 2013 -0400
minor cleanup for restart_by_peer removal
commit 997d5f50e824bfc83935e4b3330853d9550eab3c
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 17 22:53:28 2013 -0400
ietf_constants.h: minor update of some added modecfg attributes
commit 90d6a3698feaaf0c9e75b6f92f4873d6e30a809c
Author: Matt Rogers <mrogers at redhat.com>
Date: Tue Sep 17 17:41:14 2013 -0400
whack - remove DPD_ACTION_RESTART_BY_PEER references
commit f1be849fc84e8d22d9ded83454e06a6d9d69a7fa
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 17 16:21:03 2013 -0400
update dpdaction= XML file
commit ea83163a757095f1ae494104fbb37e2d60926b8c
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 17 16:18:47 2013 -0400
updated changes
commit a20231739783204aaea96cd706082585c315bb3c
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 17 16:09:16 2013 -0400
IKEv1: DPD action "restart" always restarts all SA's by peer.
dpdaction=restart_by_peer renamed into dpdaction=restart.
The value restart_by_peer can still be specifief for backwards compatibility.
commit 0d8fa39d6ba5d967f332a42d84478c5c7cef856c
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 17 16:07:59 2013 -0400
updated changes
commit 614357de4193ac6b36e5f0f011c1a5455c6df04a
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 17 16:05:56 2013 -0400
INTEROP: Fix compatibility with NAT-T and remote_peer_type=cisco
Seems there are still plenty of old Cisco's around that don't have
RFC3974 NAT-T vendorid support. For those we need to send the old
nat-t draft VIDs. We did not send those when remote_peer_type=cisco
commit e45e32d2ef71ca9dab0fdf3d4f98df2321daa8c5
Author: Matt Rogers <mrogers at redhat.com>
Date: Tue Sep 17 15:47:28 2013 -0400
pluto - fix dpdaction=restart to always perform restart_by_peer
commit a89171496044ce2bf328db2179b178eb29883157
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Sep 15 21:19:40 2013 -0400
pluto: resolve remote_peer_type=cisco crasher
This crasher could happen when the remote cisco was not properly configured
as XAUTH/ModeConfig server giving back an IP+route. The crashes happens after
IKEv1 authentication, so cannot be used maliciously.
commit 3a1de9ebc5d13347b3d997f197ed922915dc96e2
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Sep 14 20:55:53 2013 -0400
updated changes
commit cfdc12836d7583f8262b85ad46930d8d9b40ac93
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Sep 14 20:52:59 2013 -0400
updated changes
commit b3b3100e384a60f96415b06f46b6c49a196b0499
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Sep 14 20:32:00 2013 -0400
IKEv1: Add support for cisco_unity=yes
This per-connection option will enable sending the Cisco UNITY vendor id.
It modifies no local behaviour. It might modify the peer's behaviour.
This is an experimental option and might be removed again in the future.
commit 33a45dfb2b3b775662f856980bfa04f9d8e62ce9
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Sep 14 20:23:40 2013 -0400
IKEv1: fixup Aggressive Mode vendor id sending
Use the same numvidtosend construction that is used for Main Mode and
IKEv2.
Added sending fragmentation VID when fragmentation=yes
commit 5415077baa7d663de3bdef69c663bab473b64e75
Merge: 83f3bf3 96bf459
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Sep 14 19:14:18 2013 -0400
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
commit 83f3bf35b777cc44b8608481c2f8c29e6fc2a967
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Sep 14 19:12:57 2013 -0400
updated TESTLIST
commit 661686a87dc3945e1a342acf27190de27b2b3312
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Sep 14 19:11:15 2013 -0400
testing: loopback-pluto-05 tests the XFRM/NETKEY priority fix
See rhbz#742126
commit aea91afae1269822d7f7ef74d7e1107a57882514
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Sep 14 19:10:54 2013 -0400
testing: loopback-pluto-06 shows problem of %any causing mismatch
commit 74ea75c7658fb6947348c140dcfedb51c83da22d
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Sep 14 15:37:40 2013 -0400
NETKEY: rhbz#742126 Use protocol and ports for priority
(fixes most of the need for lsbz#83 as well)
For XFRM/NETKEY we calculate a priority and match on longest prefix
first. This match did not take into consideration ports or protocols,
so a two conns with the only difference of leftprotoport=17/1701 would
not get priority. This caused passthrough routines that were only more
narrowed by protoport to not get priority. With the same priority as
the routed tunnel, order of loading would determine which one was picked.
commit 96bf459c62a618c44e42e2498bd0b8039f8a773f
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Sep 14 01:26:36 2013 -0400
xauth: make logging more consistent
Now when you run ipsec auto --up xauthconn you will see what you received
for dynamic IP, DNS servers, DOMAIN, routes and you get to see the xauth
login banner.
commit 9d0b2a0e72ad9a905b23e9a493b2d8d7dd82eafa
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 13 14:11:10 2013 -0400
updated changes
commit 87aeb22e922f277bde1bafbfbca382d556ffa94f
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 13 13:54:38 2013 -0400
FIPS: Support for updated FIPS requirements
- Add libreswan-prelink.conf to blacklist libreswan files for prelink
- Use versioned .hmac files via FIPSHMACSUFFIX in Makefile.inc
When USE_FIPSCHECK is enabled:
- 'make install' will generate hmac files
- Package hmac files in libreswan-fips sub-package
- If hmac files (or libreswan-fips sub-package) is installed, run FIPS test
even when kernel is not in FIPS mode
- If hmac files (or libreswan-fips sub-package) is not installed, skip
tests when kernel is not in FIPS mode
- Detection of "installed hmac files" is based on the pluto hmac file
(see: man FIPSCHECK_verify_files_ex)
- Log FIPS test (failed,passed,skipped). Failure still terminates pluto
commit 9711ae9cdb34589766729df68ae44fd641e6c293
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 13 13:52:44 2013 -0400
build: Support for: make release FORCE=1 (for dirty temp releases)
commit 9bd6b085b3b8e14ef1ac92dfcc772704df6f3d01
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Sep 6 21:52:45 2013 -0400
rsasigkey/newhostkey cleanup - increased minimum raw RSA key size
Updated newhostkey and rsasigkey with some default values for key
sizes and nss configdir.
Minimum keysize for raw RSA keys updated from 2192 to a spread of
3072 to 4096 (in blocks of 16) to fight keysize monoculture
Updated man pages.
commit 3aaf3f197113238640a1b0236a0cd3f37c18381b
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 4 14:44:54 2013 -0400
update changes
commit 5701e34f857075841755870a67a638fcd20f14ca
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 4 14:44:26 2013 -0400
PAM: update pluto pam config and add google-authenticator example
commit 7419414e521eed14e199009ca754ef098eac1abe
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Sep 4 14:35:54 2013 -0400
pluto: Add CAPNG capabilities required for google-authenticator
This adds CAP_SETGID and CAP_SETUID for the main process, and
CAP_DAC_READ_SEARCH for the children. The latter should not be
needed, but strangely is (even if we turn ~/.google-authenticator
mode 0600 instead of 0400)
commit aa30188f11bed540b3b155142f8bc7ff68389002
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Sep 2 20:50:32 2013 +0300
update CHANGES
commit cafd3594681388c1c6689b84e326245058b52eba
Author: Tuomo Soini <tis at foobar.fi>
Date: Mon Sep 2 20:48:43 2013 +0300
kernel.c: fix typo in outgoing
commit d2f694dadd14239b574eb56484c33c8e77d2435e
Author: Antony Antony <antony at phenome.org>
Date: Sun Sep 1 22:42:36 2013 +0000
testing: working on bug 143. updated testcase ikev2-08-delete-notify
commit 0f3ddd95dedc35d8bd02aa0ef639ab23dd67b93e
Author: Antony Antony <antony at phenome.org>
Date: Sun Sep 1 20:17:49 2013 +0000
testing: cleaned up ikev2-05-basic-psk. removed extra ipsec look
commit 57508b008ce768689cd9cadddc7323e097aa371a
Author: Antony Antony <antony at phenome.org>
Date: Sun Sep 1 20:09:34 2013 +0000
testing: fix typo indentation error
commit f5e497a341d1ee59c5211a8d3380fd95833cbc12
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Aug 31 15:53:50 2013 -0400
xauth: XAUTH_MESSAGE is not necessarily "bad".
commit b8a89772753d2b6876f2b96720b6866a58380849
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Aug 28 15:35:26 2013 -0400
clarify changelog entry
commit e431b2423f269c6b5d00f9edef447366801d5363
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Aug 27 19:25:23 2013 -0400
Added a comment
The v2prf_stuff struct has an array of length 1. Why is this an array?
commit 645466269f646b88a1f85a9d097440b2bca816e9
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Aug 27 19:24:59 2013 -0400
updated changes
commit 6a355445ce1a551e828e8c5ae19bdaca3bf4a274
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Aug 27 19:17:20 2013 -0400
pluto: fix for using uninitialised tkey11 variable in crypt_dh.c
The lifetime of the tkey11 variable must be longer then one iteration
of the for loop. However, the tkey11 variable was declared within the
for loop. By accident, the compiler re-used the same memory and things
worked (as long as there was no initialiser).
commit 9bd72de3d5911bb662b7bacaedd750544960c9b2
Merge: fc7e64b a311a82
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Aug 27 19:09:22 2013 -0400
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
commit a311a82fd9908372221a222fb9f2fd50c2a03806
Merge: 739ee5a b918a51
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Aug 27 12:38:07 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 739ee5ab0bb097e8fff78c00dd653f0f5fe7c5a1
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Aug 27 12:36:04 2013 -0400
pluto: IKEv2 interop fix via a band-aid
This re-introduced an uninitialised PK11SymKey *tkey11 required for
calc_skeyseed_v2() to work. This is a bug and must be addressed.
commit b918a5176a09b558af50518f19f39e69e9b54c19
Author: Matt Rogers <mrogers at redhat.com>
Date: Mon Aug 26 16:07:50 2013 -0400
Update atodn() and generalized remove_comma() to allow escaping
a '/' in a leftid= string with "//". Verified with the 'unwisechar'
testing cert.
commit 0a700f1e9cdf40570381a95e280797eab478b54f
Author: Matt Rogers <mrogers at redhat.com>
Date: Sun Aug 25 16:10:08 2013 -0400
Change left/rightid=%fromcert to use the ID of the peer's sent
certificate if set for the peer end. If set for the local end,
it will use the ID from the local certificate.
commit fc7e64bf1a3a7360966f6e12ecb481bab94d16b3
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Aug 21 21:31:00 2013 -0400
added missing header for programs/pluto/ike_alg_sha2.c
commit a755278bf2f0d2ffdcef3edb8a545ed830041ff9
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Aug 21 16:48:41 2013 -0400
testing: sync up interop-ikev2-strongswan-02-psk-responder/west.conf
commit 4d8b592bd168c8819ed7a57e1662a3ae39fe4a55
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Aug 21 16:47:06 2013 -0400
testing: added interop-ikev2-strongswan-05-psk-md5
commit dac8c40e63c42c3eb281b002614bd4b2573c9df9
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Aug 21 16:46:21 2013 -0400
testing: added output of ikev2-algo-01-modp2048-initiator, ikev2-algo-02-modp2048-responder and ipv6-v6-through-v6-klips-klips
commit 4c5808f54ab6dcae3fdc62ea41d34c511be1d49e
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Aug 20 15:27:11 2013 -0400
testing: added xauth-pluto-18
This test case tries to uncover some remote_peer_type=cisco specifics.
It is clear that we're currently not emulating a Cisco peer correctly.
commit d82dda41109d69c6d937b431e509be865f90d074
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 23:30:37 2013 -0400
testing: fixup two rsa keys in ipsec.conf.common
commit 388c0c999ace349df6e8a1277c04b2d1910c4e99
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 23:30:18 2013 -0400
testing: updated xauth-pluto-08
commit 2929a37536699a313e5d8840849674050882a9f5
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 23:10:12 2013 -0400
testing: updated xauth-pluto-07
commit 6e28fb39e922bc3594a51d3e208dede84f4f77a7
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 22:30:34 2013 -0400
testing: fixup xauth-pluto-06
The only difference between xauth-pluto-06 and xauth-pluto-05 is pfs=yes
is explicitely mentioned. but since our default for not mentioning pfs
means pfs=yes, this test is pretty useless (and identical to xauth-pluto-05)
commit 5ef3b3913aa7746bb7dce259b7b7063d9d98652d
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 20:46:29 2013 -0400
testing: fixed xauth-pluto-05
There is one error still that Tuomo should look at:
002 "modecfg-road-eastnet-psk" #2: up-client output: /usr/local/libexec/ipsec/_updown.klips: changesource "ip route change 192.0.2.0/24 dev ipsec0 src 192.0.2.209" failed (RTNETLINK answers: No such file or directory)
commit c2ff97eaed765d9992de7b2c1c963532b198be6a
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 19:44:54 2013 -0400
testing: fixup xauth-pluto-04
commit b507aeda7374defda14ac36c6680ed4a0c9ce765
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 18:03:06 2013 -0400
testing: fixed xauth-pluto-03
note due to the changed conn name, I had to fixup east's passwd
file (baseconfigs/east/etc/ipsec.d/passwd) so the other tests will
also have to rename their conns, basically any "--" becomes "-" in
a conn name.
commit 0cb9f1f876cc4b42f532d4a401fb0fcd800c0209
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 17:41:48 2013 -0400
testing: added guestbin's fipson/fipsoff to for userland into fips mode
commit 4737880d47163935b00760303f52d7e035836578
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 16:54:46 2013 -0400
testing: for strongswan interop tests, use "strongswan status{all} cmd
commit 96986fa0824b1e145c647b01be58c044f5176617
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 16:51:59 2013 -0400
testing: fixup ipv6-v6-through-v6-netkey-netkey/westinit.sh
commit acd85d6eff487c423a4cdf589cd812ad97d3590c
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 16:51:34 2013 -0400
testing: enable --6 option
commit dcff887efaffeae69c80aa2510bbe017dff953e3
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 16:51:13 2013 -0400
testing: enable new --6 option in test case
commit c8b3ad3fd4664a7a0b415c78ca3851c1b9ae5e1b
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 16:50:48 2013 -0400
testing: fixup ipv6-tunnel-mode-03-klips-netkey/east.conf
commit 80473289999673d031094ce5448cfdab50524e00
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 16:10:29 2013 -0400
update changes
commit ef5d670f1edc281acd01dca892ca4f1d1ddbdc57
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 19 16:08:30 2013 -0400
lsbz#145: support old location of /selinux/enforce still in use by CentOS6
commit afc2a8ba8b1b1e9fc9ec30e9e4a6dd2ec14749b7
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Aug 18 15:58:08 2013 -0400
addconn: fix signed/unsigned warnings, sprinkle some static's
commit 5dfed1117efea9472069f3604a5e4403c3175a4e
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Aug 18 14:19:30 2013 -0400
libsha2: fix signed vs unsigned warnings
confirmed with testcases to not break ikev1 or ikev2 sha2
commit 75c82a9b7a2748e01a04400e41ffc7520dc5fcd5
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Aug 18 13:53:37 2013 -0400
pluto: add const modifier to whack_process in whack.h remove duplicate extern
commit 31ff3287b216861da9f76318b7722bf3e4983bdd
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Aug 18 13:52:51 2013 -0400
testing: fixed delete-sa-01
commit 0d226dfaeb6607b6655f6f40a5ae83adc31b368e
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Aug 18 12:54:00 2013 -0400
confread.c: remove unused variables
commit 6e70d434d7a10fbbc14fb6a720ffdcad39c35733
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Aug 18 12:30:50 2013 -0400
pluto: added const modifier to some functions
delete_states_by_peer, replace_states_by_peer and whack_process
commit 9e209123fe619857815bfc60e883773da117b863
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Aug 17 22:03:52 2013 -0400
testing: updated all the dpd test cases
commit 0c67fcab7ecb4510852463714c798aa8d1c4cbd3
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Aug 17 14:45:56 2013 -0400
testing: removed partial strange bad-updown-01 test
commit 5b8ad37e469debf11d1d05c1a54649eb4f596c11
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Aug 16 18:45:05 2013 -0400
testing: converted pluto-ipcmp-01
commit 64fc358096c4d81aec074e170776e943e64f5c6e
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Aug 16 18:36:02 2013 -0400
testing: fixup TESTLIST
removed renamed test ikev2-12-no-nhelpers
added new test ikev2-12-x509-ikev1
commit 525210de60756647dfeb0224390de4b1a3333af7
Merge: 59041b2 49ea4f6
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Aug 16 13:15:05 2013 -0400
Merge branch 'master' of vault.libreswan.org:/srv/src/libreswan
commit 59041b29cd3aa61aa72449c604eacd7dbccfc944
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Aug 16 13:14:42 2013 -0400
ipsec barf: Add dumping of /proc/net/xfrm_stat
commit 49ea4f6059704160ab087aee4c67bc144332c10f
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Aug 16 09:34:04 2013 -0400
pluto: fix (harmless) off-by-one in vendorid creation
This was harmless as we overwrote the last \0, but then
immediately put it back to \0 explicitely.
Patch by "bjb"
commit 3e4f61e344e5380a0aa30e15d577a7e63349345f
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Aug 13 16:19:43 2013 -0400
testing: added two psk ikev1 sha2 test cases
commit 7190b7f3038d84d6fdeb2907a3db213a4b69505f
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Aug 13 16:05:30 2013 -0400
testing: ensure swan-prep aborts when two swan installs are found
eg one from rpm (/sbin/ipsec or /usr/sbin/ipsec) and one from a local
install (/usr/local/sbin/ipsec)
Otherwise, it is not always obvious that you accidentally tested something
other then what was installed from rpm
commit d6e8f2819b0606eaea6803e913a06b87517827ad
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Aug 13 15:48:51 2013 -0400
testing: Added ikev2-algo-ike-sha2-0[123]
commit 17305d768fdb9aa8c74268c9f506a15f97de7632
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 12 16:50:54 2013 -0400
testing: fix interop-ikev1-strongswan* to use conn name with ikev1, not ikev2
commit 528eb978f9f997ab5b0542aa47d25f8415ca787a
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 12 15:00:27 2013 -0400
testing: Added interop-ikev2-strongswan-07-strongswan
This is a strongswan to strongswan PSK tunnel between west and east
commit bf59b008d71b53d7b1ce1d0deb7b67a02407c3f5
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 12 13:37:51 2013 -0400
testing: added missing eaststrongswan.conf
commit 83096e64da0400b8e12c4b23185d374b3537dea7
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 12 12:31:55 2013 -0400
testing: converted interop-ikev2-strongswan-04-x509-responder to kvm
commit ffd14f809ce7ef72ae3865744e4132606d8288f1
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Aug 12 12:28:56 2013 -0400
testing: swan-prep x509 support for strongswan (non-nss)
commit ef3c3677441023c157382f93249111127e5c9570
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Aug 10 19:20:44 2013 -0400
testing: dotest.sh if "good output" files are missing, call FAILED
commit 3b204409f1033b31f2f794aa46747992192b70d5
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Aug 10 19:20:22 2013 -0400
testing: updated ikev2-05-basic-psk
commit 1bab17b9fce8272b5e311419e88cea6098d517cc
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Aug 10 19:04:18 2013 -0400
testing: swan-prep additions for racoon interop tests
commit 9413da464606dfca5493d0ef7900e5b870664a9a
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Aug 10 19:02:15 2013 -0400
testing: updated interop-ikev2-racoon-02-psk-responder
This also shows an IKE problem with PSK:
2013-08-10 18:48:38 [PROTO_ERR]: ikev2.c:363:ikev2_input(): 1:192.1.2.23[500] - 192.1.2.45[500]:0x8f7fa0:ICV check failure
commit 2bf198e670cac5f4a8b177c2f63ee85740ace6ef
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Aug 10 14:26:36 2013 -0400
testing: honour --ipv* flags for all userlands (including racoon)
commit e93b30e4a3b2984079f43ee6a4bb75f6fde7ee93
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Aug 9 17:55:01 2013 -0400
updated changes
commit 4c630a453f7465e6098dc54bb2392c0b4eee0deb
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Aug 9 17:53:07 2013 -0400
testing: make pluto.log check conditional for interop tests
these were racoon tests that still assumed there was a pluto.log
in final.sh
commit 9f236cb823696473b6bb236be6325611574e6d8b
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Aug 9 17:50:45 2013 -0400
pluto: Remove 2005 stubs for DSA/ElGamal taken from GnuPG
This was not used at all, and if we will supoprt dsa, we will do
so via NSS. Found during cryto review
commit f9d97aba35b5ae1c770a366c0e08e9a2bcaf48bc
Merge: 44b9d47 a30a537
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Aug 8 18:35:08 2013 -0400
Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan
commit 44b9d4765304d58edcd2cae89f5d5cb780b5bf1c
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Aug 8 18:25:09 2013 -0400
testing: swan-prep changes to support strongswan
commit a30a53754a6793f4ce550838bc08982810522367
Author: Antony Antony <antony at phenome.org>
Date: Thu Aug 8 20:22:22 2013 +0000
testing: add strongswan in fedorabase.ks
commit b3eecca5c97fa12f1505447b54da5a8357f3cee9
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Aug 8 16:03:51 2013 +0200
testing: converted IKEv2 strongswan interop PSK test cases.
These tests currently cause a failed authentication and the IPsec SA
does not establish
commit a5bc6c6b3c71a11df48c2a37fd95a26923b85690
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Aug 8 15:57:20 2013 +0200
testing: Added two IKEv1 PSK interop test cases with strongswan
commit f1821a06a48c54fe97dd879be3b0228994ed860a
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Aug 6 14:17:08 2013 +0200
testing: updated output for nat-t
with nat_traversal=no we no longer display the virtual private information
commit 0f8c3ccfa4ac9cdf568a09ed884b91e0f476e1f3
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Jul 31 13:52:21 2013 +0200
testing: update description of x509-pluto-01
More information about the Swan-commit
mailing list