[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Fri Jul 3 18:43:14 EEST 2015
New commits:
commit 3222c9d1f5449ab1cb9d55c0a071f66d24aa46e3
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jul 3 12:40:16 2015 -0300
update CHANGES
commit d9c7365f5e20e3efac7c0698f91c5496e4a4c973
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jul 3 12:40:04 2015 -0300
ipsec: add checknflog to help message
commit 82b398a3247ed35040ef6594882ff838595ff6f1
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jul 2 18:11:41 2015 -0300
pluto: support for pluto --impair-force-fips
This options sets kernel and system mode to fips and skips the hmac
check files to allows pass. This allows pluto running in fips mode
without needing the .hmac files or fips=1 on the command line.
Care should be taken that the NSS library needs to be put in FIPS
mode seperately if fips=1 is not used on the kernel command line.
This option is not supported for whack, because the FIPS mode
decision is made at startup before pluto acecpts any whack commands,
and cannot be changed later after boot. (A comment is left in whack.c
so I don't add this later on by mistake :)
commit f9f3d738a2ea54db34307866574f853ca13e5e55
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jul 2 18:11:08 2015 -0300
testing: fips-03-ikev1-md5/eastinit.sh to run east in fips mode
commit 80220e5dfb6ce11e12eaf8ad068455b67627b89a
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jul 2 18:10:17 2015 -0300
testing: swan-prep needs more fips support to set passwd on nss db
commit 4939890bb20d732d1fa53a768d3e1f55ef85085e
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jul 2 18:09:21 2015 -0300
ipsec cmd: do not try to convert cacerts/crls dir if non-existant
More information about the Swan-commit
mailing list