diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-12-05 16:15:54 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-12-05 16:15:54 +0000 |
commit | c7f1b0530b85bc7654e68992f25ed8ced5d0a80d (patch) | |
tree | 861798cd7da646014ed6919766b053099646710d /src/pluto | |
parent | 8b80ab5a6950ce6515f477624794defd7531642a (diff) | |
download | vyos-strongswan-c7f1b0530b85bc7654e68992f25ed8ced5d0a80d.tar.gz vyos-strongswan-c7f1b0530b85bc7654e68992f25ed8ced5d0a80d.zip |
[svn-upgrade] Integrating new upstream version, strongswan (4.2.9)
Diffstat (limited to 'src/pluto')
-rw-r--r-- | src/pluto/ac.c | 4 | ||||
-rw-r--r-- | src/pluto/ca.c | 4 | ||||
-rw-r--r-- | src/pluto/constants.c | 4 | ||||
-rw-r--r-- | src/pluto/constants.h | 7 | ||||
-rw-r--r-- | src/pluto/crl.c | 4 | ||||
-rw-r--r-- | src/pluto/defs.c | 11 | ||||
-rw-r--r-- | src/pluto/fetch.c | 8 | ||||
-rw-r--r-- | src/pluto/vendor.c | 5 | ||||
-rw-r--r-- | src/pluto/vendor.h | 3 |
9 files changed, 31 insertions, 19 deletions
diff --git a/src/pluto/ac.c b/src/pluto/ac.c index 77e0b40bb..6745ff484 100644 --- a/src/pluto/ac.c +++ b/src/pluto/ac.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: ac.c 3686 2008-03-28 11:48:14Z martin $ + * RCSID $Id: ac.c 4632 2008-11-11 18:37:19Z martin $ */ #include <stdlib.h> @@ -860,7 +860,7 @@ load_acerts(void) } } /* restore directory path */ - chdir(save_dir); + ignore_result(chdir(save_dir)); } /* diff --git a/src/pluto/ca.c b/src/pluto/ca.c index 099699056..70b26c32c 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: ca.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: ca.c 4632 2008-11-11 18:37:19Z martin $ */ #include <stdlib.h> @@ -295,7 +295,7 @@ load_authcerts(const char *type, const char *path, u_char auth_flags) } } /* restore directory path */ - chdir(save_dir); + ignore_result(chdir(save_dir)); } /* diff --git a/src/pluto/constants.c b/src/pluto/constants.c index ca548afab..50a75c0aa 100644 --- a/src/pluto/constants.c +++ b/src/pluto/constants.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: constants.c 3839 2008-04-18 11:25:37Z andreas $ + * RCSID $Id: constants.c 4612 2008-11-11 06:37:37Z andreas $ */ /* @@ -517,6 +517,8 @@ const char *const sa_policy_bit_names[] = { "DONTREAUTH", "BEET", "MOBIKE", + "ECDSA", + "PROXY", NULL }; diff --git a/src/pluto/constants.h b/src/pluto/constants.h index e6357164f..409dd1d61 100644 --- a/src/pluto/constants.h +++ b/src/pluto/constants.h @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: constants.h 4051 2008-06-10 09:08:27Z tobias $ + * RCSID $Id: constants.h 4612 2008-11-11 06:37:37Z andreas $ */ #ifndef _CONSTANTS_H @@ -279,7 +279,7 @@ extern const char sparse_end[]; "4009438B 481C6CD7 889A002E D5EE382B C9190DA6 FC026E47" \ "9558E447 5677E9AA 9E3050E2 765694DF C81F56E8 80B96E71" \ "60C980DD 98EDD3DF FFFFFFFF FFFFFFFF" -#define LOCALSECRETSIZE (256 / BITS_PER_BYTE) +#define LOCALSECRETSIZE (512 / BITS_PER_BYTE) /* limits on nonce sizes. See RFC2409 "The internet key exchange (IKE)" 5 */ #define MINIMUM_NONCE_SIZE 8 /* bytes */ @@ -877,7 +877,8 @@ extern const char *prettypolicy(lset_t policy); #define POLICY_BEET LELEM(22) /* bound end2end tunnel, IKEv2 */ #define POLICY_MOBIKE LELEM(23) /* enable MOBIKE for IKEv2 */ #define POLICY_FORCE_ENCAP LELEM(24) /* force UDP encapsulation (IKEv2) */ -#define POLICY_ECDSASIG LELEM(25) /* ecdsa signature (IKEv2) */ +#define POLICY_ECDSASIG LELEM(25) /* ECDSA signature (IKEv2) */ +#define POLICY_PROXY LELEM(26) /* proxy transport mode (MIPv6) */ /* Any IPsec policy? If not, a connection description * is only for ISAKMP SA, not IPSEC SA. (A pun, I admit.) diff --git a/src/pluto/crl.c b/src/pluto/crl.c index 6e1093661..c891d19e6 100644 --- a/src/pluto/crl.c +++ b/src/pluto/crl.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: crl.c 3686 2008-03-28 11:48:14Z martin $ + * RCSID $Id: crl.c 4632 2008-11-11 18:37:19Z martin $ */ #include <stdlib.h> @@ -373,7 +373,7 @@ load_crls(void) } } /* restore directory path */ - chdir(save_dir); + ignore_result(chdir(save_dir)); } /* diff --git a/src/pluto/defs.c b/src/pluto/defs.c index 5b9defb60..f2c1eab48 100644 --- a/src/pluto/defs.c +++ b/src/pluto/defs.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: defs.c 3252 2007-10-06 21:24:50Z andreas $ + * RCSID $Id: defs.c 4632 2008-11-11 18:37:19Z martin $ */ #include <stdlib.h> @@ -249,6 +249,7 @@ write_chunk(const char *filename, const char *label, chunk_t ch { mode_t oldmask; FILE *fd; + size_t written; if (!force) { @@ -268,8 +269,14 @@ write_chunk(const char *filename, const char *label, chunk_t ch if (fd) { - fwrite(ch.ptr, sizeof(u_char), ch.len, fd); + written = fwrite(ch.ptr, sizeof(u_char), ch.len, fd); fclose(fd); + if (written != ch.len) + { + plog(" writing to %s file '%s' failed", label, filename); + umask(oldmask); + return FALSE; + } plog(" written %s file '%s' (%d bytes)", label, filename, (int)ch.len); umask(oldmask); return TRUE; diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c index cd8b58df2..c8a98cd9b 100644 --- a/src/pluto/fetch.c +++ b/src/pluto/fetch.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: fetch.c 3686 2008-03-28 11:48:14Z martin $ + * RCSID $Id: fetch.c 4632 2008-11-11 18:37:19Z martin $ */ #include <stdlib.h> @@ -324,7 +324,7 @@ fetch_curl(char *url, chunk_t *blob) curl_easy_setopt(curl, CURLOPT_URL, url); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_buffer); curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&response); - curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, &errorbuffer); + curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer); curl_easy_setopt(curl, CURLOPT_FAILONERROR, TRUE); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, FETCH_CMD_TIMEOUT); @@ -705,9 +705,9 @@ fetch_ocsp_status(ocsp_location_t* location) curl_easy_setopt(curl, CURLOPT_URL, uri); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_buffer); curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&response); - curl_easy_setopt(curl, CURLOPT_POSTFIELDS, request.ptr); + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, (void*)request.ptr); curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, request.len); - curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, &errorbuffer); + curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer); curl_easy_setopt(curl, CURLOPT_FAILONERROR, TRUE); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, FETCH_CMD_TIMEOUT); diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c index 1db4027d1..e4fda0f1f 100644 --- a/src/pluto/vendor.c +++ b/src/pluto/vendor.c @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: vendor.c 4348 2008-09-18 00:42:22Z andreas $ + * RCSID $Id: vendor.c 4426 2008-10-14 01:53:37Z andreas $ */ #include <stdlib.h> @@ -206,7 +206,8 @@ static struct vid_struct _vid_tab[] = { /* * strongSwan */ - DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.8") + DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.9") + DEC_MD5_VID(STRONGSWAN_4_2_8, "strongSwan 4.2.8") DEC_MD5_VID(STRONGSWAN_4_2_7, "strongSwan 4.2.7") DEC_MD5_VID(STRONGSWAN_4_2_6, "strongSwan 4.2.6") DEC_MD5_VID(STRONGSWAN_4_2_5, "strongSwan 4.2.5") diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h index cf6b68e51..819dbd99d 100644 --- a/src/pluto/vendor.h +++ b/src/pluto/vendor.h @@ -11,7 +11,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: vendor.h 4348 2008-09-18 00:42:22Z andreas $ + * RCSID $Id: vendor.h 4426 2008-10-14 01:53:37Z andreas $ */ #ifndef _VENDOR_H_ @@ -124,6 +124,7 @@ enum known_vendorid { VID_STRONGSWAN_4_2_5 =105, VID_STRONGSWAN_4_2_6 =106, VID_STRONGSWAN_4_2_7 =107, + VID_STRONGSWAN_4_2_8 =108, /* 101 - 200 : NAT-Traversal */ VID_NATT_STENBERG_01 =151, |