summaryrefslogtreecommitdiff
path: root/src/pluto
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2008-12-05 16:15:54 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2008-12-05 16:15:54 +0000
commitc7f1b0530b85bc7654e68992f25ed8ced5d0a80d (patch)
tree861798cd7da646014ed6919766b053099646710d /src/pluto
parent8b80ab5a6950ce6515f477624794defd7531642a (diff)
downloadvyos-strongswan-c7f1b0530b85bc7654e68992f25ed8ced5d0a80d.tar.gz
vyos-strongswan-c7f1b0530b85bc7654e68992f25ed8ced5d0a80d.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.2.9)
Diffstat (limited to 'src/pluto')
-rw-r--r--src/pluto/ac.c4
-rw-r--r--src/pluto/ca.c4
-rw-r--r--src/pluto/constants.c4
-rw-r--r--src/pluto/constants.h7
-rw-r--r--src/pluto/crl.c4
-rw-r--r--src/pluto/defs.c11
-rw-r--r--src/pluto/fetch.c8
-rw-r--r--src/pluto/vendor.c5
-rw-r--r--src/pluto/vendor.h3
9 files changed, 31 insertions, 19 deletions
diff --git a/src/pluto/ac.c b/src/pluto/ac.c
index 77e0b40bb..6745ff484 100644
--- a/src/pluto/ac.c
+++ b/src/pluto/ac.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: ac.c 3686 2008-03-28 11:48:14Z martin $
+ * RCSID $Id: ac.c 4632 2008-11-11 18:37:19Z martin $
*/
#include <stdlib.h>
@@ -860,7 +860,7 @@ load_acerts(void)
}
}
/* restore directory path */
- chdir(save_dir);
+ ignore_result(chdir(save_dir));
}
/*
diff --git a/src/pluto/ca.c b/src/pluto/ca.c
index 099699056..70b26c32c 100644
--- a/src/pluto/ca.c
+++ b/src/pluto/ca.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: ca.c 3252 2007-10-06 21:24:50Z andreas $
+ * RCSID $Id: ca.c 4632 2008-11-11 18:37:19Z martin $
*/
#include <stdlib.h>
@@ -295,7 +295,7 @@ load_authcerts(const char *type, const char *path, u_char auth_flags)
}
}
/* restore directory path */
- chdir(save_dir);
+ ignore_result(chdir(save_dir));
}
/*
diff --git a/src/pluto/constants.c b/src/pluto/constants.c
index ca548afab..50a75c0aa 100644
--- a/src/pluto/constants.c
+++ b/src/pluto/constants.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: constants.c 3839 2008-04-18 11:25:37Z andreas $
+ * RCSID $Id: constants.c 4612 2008-11-11 06:37:37Z andreas $
*/
/*
@@ -517,6 +517,8 @@ const char *const sa_policy_bit_names[] = {
"DONTREAUTH",
"BEET",
"MOBIKE",
+ "ECDSA",
+ "PROXY",
NULL
};
diff --git a/src/pluto/constants.h b/src/pluto/constants.h
index e6357164f..409dd1d61 100644
--- a/src/pluto/constants.h
+++ b/src/pluto/constants.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: constants.h 4051 2008-06-10 09:08:27Z tobias $
+ * RCSID $Id: constants.h 4612 2008-11-11 06:37:37Z andreas $
*/
#ifndef _CONSTANTS_H
@@ -279,7 +279,7 @@ extern const char sparse_end[];
"4009438B 481C6CD7 889A002E D5EE382B C9190DA6 FC026E47" \
"9558E447 5677E9AA 9E3050E2 765694DF C81F56E8 80B96E71" \
"60C980DD 98EDD3DF FFFFFFFF FFFFFFFF"
-#define LOCALSECRETSIZE (256 / BITS_PER_BYTE)
+#define LOCALSECRETSIZE (512 / BITS_PER_BYTE)
/* limits on nonce sizes. See RFC2409 "The internet key exchange (IKE)" 5 */
#define MINIMUM_NONCE_SIZE 8 /* bytes */
@@ -877,7 +877,8 @@ extern const char *prettypolicy(lset_t policy);
#define POLICY_BEET LELEM(22) /* bound end2end tunnel, IKEv2 */
#define POLICY_MOBIKE LELEM(23) /* enable MOBIKE for IKEv2 */
#define POLICY_FORCE_ENCAP LELEM(24) /* force UDP encapsulation (IKEv2) */
-#define POLICY_ECDSASIG LELEM(25) /* ecdsa signature (IKEv2) */
+#define POLICY_ECDSASIG LELEM(25) /* ECDSA signature (IKEv2) */
+#define POLICY_PROXY LELEM(26) /* proxy transport mode (MIPv6) */
/* Any IPsec policy? If not, a connection description
* is only for ISAKMP SA, not IPSEC SA. (A pun, I admit.)
diff --git a/src/pluto/crl.c b/src/pluto/crl.c
index 6e1093661..c891d19e6 100644
--- a/src/pluto/crl.c
+++ b/src/pluto/crl.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: crl.c 3686 2008-03-28 11:48:14Z martin $
+ * RCSID $Id: crl.c 4632 2008-11-11 18:37:19Z martin $
*/
#include <stdlib.h>
@@ -373,7 +373,7 @@ load_crls(void)
}
}
/* restore directory path */
- chdir(save_dir);
+ ignore_result(chdir(save_dir));
}
/*
diff --git a/src/pluto/defs.c b/src/pluto/defs.c
index 5b9defb60..f2c1eab48 100644
--- a/src/pluto/defs.c
+++ b/src/pluto/defs.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: defs.c 3252 2007-10-06 21:24:50Z andreas $
+ * RCSID $Id: defs.c 4632 2008-11-11 18:37:19Z martin $
*/
#include <stdlib.h>
@@ -249,6 +249,7 @@ write_chunk(const char *filename, const char *label, chunk_t ch
{
mode_t oldmask;
FILE *fd;
+ size_t written;
if (!force)
{
@@ -268,8 +269,14 @@ write_chunk(const char *filename, const char *label, chunk_t ch
if (fd)
{
- fwrite(ch.ptr, sizeof(u_char), ch.len, fd);
+ written = fwrite(ch.ptr, sizeof(u_char), ch.len, fd);
fclose(fd);
+ if (written != ch.len)
+ {
+ plog(" writing to %s file '%s' failed", label, filename);
+ umask(oldmask);
+ return FALSE;
+ }
plog(" written %s file '%s' (%d bytes)", label, filename, (int)ch.len);
umask(oldmask);
return TRUE;
diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c
index cd8b58df2..c8a98cd9b 100644
--- a/src/pluto/fetch.c
+++ b/src/pluto/fetch.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: fetch.c 3686 2008-03-28 11:48:14Z martin $
+ * RCSID $Id: fetch.c 4632 2008-11-11 18:37:19Z martin $
*/
#include <stdlib.h>
@@ -324,7 +324,7 @@ fetch_curl(char *url, chunk_t *blob)
curl_easy_setopt(curl, CURLOPT_URL, url);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_buffer);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&response);
- curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, &errorbuffer);
+ curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer);
curl_easy_setopt(curl, CURLOPT_FAILONERROR, TRUE);
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, FETCH_CMD_TIMEOUT);
@@ -705,9 +705,9 @@ fetch_ocsp_status(ocsp_location_t* location)
curl_easy_setopt(curl, CURLOPT_URL, uri);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_buffer);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&response);
- curl_easy_setopt(curl, CURLOPT_POSTFIELDS, request.ptr);
+ curl_easy_setopt(curl, CURLOPT_POSTFIELDS, (void*)request.ptr);
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, request.len);
- curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, &errorbuffer);
+ curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer);
curl_easy_setopt(curl, CURLOPT_FAILONERROR, TRUE);
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, FETCH_CMD_TIMEOUT);
diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c
index 1db4027d1..e4fda0f1f 100644
--- a/src/pluto/vendor.c
+++ b/src/pluto/vendor.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: vendor.c 4348 2008-09-18 00:42:22Z andreas $
+ * RCSID $Id: vendor.c 4426 2008-10-14 01:53:37Z andreas $
*/
#include <stdlib.h>
@@ -206,7 +206,8 @@ static struct vid_struct _vid_tab[] = {
/*
* strongSwan
*/
- DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.8")
+ DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.9")
+ DEC_MD5_VID(STRONGSWAN_4_2_8, "strongSwan 4.2.8")
DEC_MD5_VID(STRONGSWAN_4_2_7, "strongSwan 4.2.7")
DEC_MD5_VID(STRONGSWAN_4_2_6, "strongSwan 4.2.6")
DEC_MD5_VID(STRONGSWAN_4_2_5, "strongSwan 4.2.5")
diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h
index cf6b68e51..819dbd99d 100644
--- a/src/pluto/vendor.h
+++ b/src/pluto/vendor.h
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: vendor.h 4348 2008-09-18 00:42:22Z andreas $
+ * RCSID $Id: vendor.h 4426 2008-10-14 01:53:37Z andreas $
*/
#ifndef _VENDOR_H_
@@ -124,6 +124,7 @@ enum known_vendorid {
VID_STRONGSWAN_4_2_5 =105,
VID_STRONGSWAN_4_2_6 =106,
VID_STRONGSWAN_4_2_7 =107,
+ VID_STRONGSWAN_4_2_8 =108,
/* 101 - 200 : NAT-Traversal */
VID_NATT_STENBERG_01 =151,