lp:strongswan

Created by VCS imports on 2011-06-17 and last modified on 2021-01-22
Get this branch:
bzr branch lp:strongswan

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
VCS imports
Project:
strongSwan
Status:
Development

Import details

Import Status: Reviewed

This branch is an import of the HEAD branch of the Git repository at git://git.strongswan.org/strongswan.git.

The next import is scheduled to run in 3 hours.

Last successful import was 2 hours ago.

Import started 2 hours ago on alnitak and finished 2 hours ago taking 15 seconds — see the log
Import started 8 hours ago on izar and finished 8 hours ago taking 15 seconds — see the log
Import started 14 hours ago on izar and finished 14 hours ago taking 15 seconds — see the log
Import started 20 hours ago on izar and finished 20 hours ago taking 15 seconds — see the log
Import started on 2021-01-24 on alnitak and finished on 2021-01-24 taking 15 seconds — see the log
Import started on 2021-01-23 on alnitak and finished on 2021-01-23 taking 15 seconds — see the log
Import started on 2021-01-23 on izar and finished on 2021-01-23 taking 15 seconds — see the log
Import started on 2021-01-23 on alnitak and finished on 2021-01-23 taking 15 seconds — see the log
Import started on 2021-01-23 on alnitak and finished on 2021-01-23 taking 15 seconds — see the log
Import started on 2021-01-22 on izar and finished on 2021-01-22 taking 15 seconds — see the log

Recent revisions

13341. By Tobias Brunner on 2021-01-22

github: Enable farp plugin on macOS

13340. By Tobias Brunner on 2021-01-22

cirrus: Build farp plugin on FreeBSD

13339. By Dan James <email address hidden> on 2021-01-22

farp: Add support for macOS and FreeBSD

Co-authored-by: Tobias Brunner <email address hidden>

Closes strongswan/strongswan#189.
References #3498.

13338. By Tobias Brunner on 2021-01-20

Merge branch 'openssl-ecp'

Uses the EVP interface for ECDH with newer OpenSSL versions, which,
compared to the previous low-level use of EC_POINT_mul() supports
hardware offloading. We used this because of the ecp_x_coordinate_only
option, which is now removed as it's been obsolete for a long time and
complicated the code. There is still some legacy code for OpenSSL 1.0
and the old BoringSSL version we currently use for the Android app.

Closes strongswan/strongswan#186.

13337. By Tobias Brunner on 2021-01-19

Revert "nm: Remove dummy TUN device"

This reverts commit a28c6269a4aeb5369fed8933fa1baf0cd8847622.

We add a dummy TUN device again because systemd-resolved insists on
managing DNS servers per interface.

Fixes #3615.

13336. By Tobias Brunner on 2021-01-18

load-tester: Correctly encode serial of generated client certificates

The previous approach would lead to additional zero prefixes in the
encoding of the serial (which is a positive integer, not an arbitrary
blob).

Fixes #3667.

13335. By Коренберг Марк on 2021-01-18

identification: Change abbreviation for surname/serialNumber RDNs

To align with RFC 4519, section 2.31/32, the abbreviation for surname
is changed to "SN" that was previously used for serialNumber, which does
not have an abbreviation.

This mapping had its origins in the X.509 patch for FreeS/WAN that was
started in 2000. It was aligned with how OpenSSL did this in earlier
versions. However, there it was changed already in March 2002 (commit
ffbe98b7630d604263cfb1118c67ca2617a8e222) to make it compatible with
RFC 2256 (predecessor of RFC 4519).

Co-authored-by: Tobias Brunner <email address hidden>

Closes strongswan/strongswan#179.

13334. By Tobias Brunner on 2021-01-18

vici: Decode error messages in Python bindings

Otherwise we might end up with b'<errmsg>' in the output.

13333. By Tobias Brunner on 2021-01-18

mem-pool: Be less strict when reassigning existing online leases

Also assign online leases to a peer connecting from the same endpoint
when it requests any virtual IP. This is mainly a workaround for
Windows clients that remember the virtual IPv6 address and re-request it
the next time the connection is initiated (even if it is not a
reauthentication) but don't do the same for virtual IPv4 addresses.
This can result in duplicate policies with different reqids because
these are allocated for unique sets of traffic selectors.

Fixes #3541.

13332. By Tobias Brunner on 2021-01-18

Merge branch 'ike-update-event'

This modifies the signature of the listener_t::ike_update() callback so
that both addresses are passed and it's only called once if both
addresses change (e.g. for an address family switch).

The callback is now also triggered for MOBIKE updates and the event is
exposed via vici.

Fixes #3602.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers

No subscribers.