aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Fixed some typos, courtesy of codespellTobias Brunner2013-03-255-6/+6
|
* Added hostapd package to base imageAndreas Steffen2013-03-221-1/+1
|
* Added Framed-IP-Address information to RADIUS accounting recordsAndreas Steffen2013-03-222-0/+2
|
* enforce singular of packetsAndreas Steffen2013-03-221-4/+6
|
* asprintf(3) requires _GNU_SOURCE to be defined5.0.3rc1Tobias Brunner2013-03-221-0/+2
|
* Added ikev2/rw-eap-framed-ip-radius scenarioAndreas Steffen2013-03-2219-0/+266
|
* Store debug output from standalone IMC/IMVsAndreas Steffen2013-03-221-2/+2
|
* Added ikev2/ip-two-pools-v4v6-db scenarioAndreas Steffen2013-03-229-0/+110
|
* Use proper integer types when handling TLS exchangesTobias Brunner2013-03-221-5/+6
| | | | tls_t.build takes a size_t argument not a ssize_t.
* Check return value of asprintf(3) when converting AR identityTobias Brunner2013-03-221-2/+4
| | | | | Using chunk_t.ptr as target was also not optimal as it resulted in a compiler warning.
* version bump to 5.0.3rc1Andreas Steffen2013-03-221-1/+1
|
* Switch encoding of AR Identity Value from binary to UTF-8Andreas Steffen2013-03-2214-118/+123
|
* Fixed TKM buildReto Buerki2013-03-227-9/+17
|
* Build TNC-enabled wpa_supplicantAndreas Steffen2013-03-222-0/+74
|
* activate logging before loading pluginsAndreas Steffen2013-03-211-7/+7
|
* Add a load-tester option to keep allocated external address until shutdownMartin Willi2013-03-212-1/+50
|
* android: No need to disable CMS explicitlyTobias Brunner2013-03-202-2/+0
| | | | The version check introduced with 0d237763 should take care of it.
* Allow up to 10 NAT-D payloads in IKEv1 messagesTobias Brunner2013-03-201-1/+1
|
* Avoid a race condition when reloading secrets from ipsec.secretsTobias Brunner2013-03-201-18/+25
| | | | | | | With the previous implementation that cleared the secrets in the active credential set and then loaded the secrets, IKE SA establishment would fail (as initiator or responder) if secrets are concurrently reloaded and the required secret was not yet loaded.
* Add a method to replace all secrets in a mem_cred_t objectTobias Brunner2013-03-202-5/+68
|
* android: Build native libraries also for x86Tobias Brunner2013-03-203-2/+5
| | | | Requires an updated build script for Vstr.
* android: libtnccs requires headers from libtlsTobias Brunner2013-03-201-0/+1
|
* android: Fix Android.mk for ipsec scriptTobias Brunner2013-03-201-1/+2
|
* android: Remove/filter header files from LOCAL_SRC_FILESTobias Brunner2013-03-209-20/+36
| | | | This avoids huge warnings when building the native code.
* android: Request and install an IPv6 DNS serverTobias Brunner2013-03-202-9/+17
|
* android: Also request a virtual IPv6 address and propose IPv6 TSTobias Brunner2013-03-203-23/+25
| | | | | This allows IPv6 over IPv4 but falls back nicely if we don't get a virtual IPv6 (or IPv4) address.
* ipsec: Increased log level for message in case no outbound policy is foundTobias Brunner2013-03-201-1/+1
| | | | | | | This might happen on Android if sockets are bound to the physical IP address but packets are still routed via TUN device. Since it seems to happen quite often (or for stuff that requires regular traffic) this hides these messages from the default log.
* Add an option to autobalance a HA cluster automaticallyMartin Willi2013-03-191-0/+59
|
* Check if for some reason we handle a HA segment on both nodesMartin Willi2013-03-191-1/+15
|
* Acquire HA segment lock while sending heartbeatMartin Willi2013-03-191-0/+2
|
* Removed unused variable 'id'Tobias Brunner2013-03-191-2/+1
|
* Properly cleanup libmysqlTobias Brunner2013-03-191-1/+1
| | | | Seems to work correctly with recent MySQL versions.
* Use proper address family when adding multiple addresses to SQL poolTobias Brunner2013-03-191-0/+15
|
* Ignore SQL-based IP address pools if their address family does not matchTobias Brunner2013-03-191-10/+21
|
* charon-nm: Add dependencies to CERT_DECODE and PRIVKEY plugin featuresTobias Brunner2013-03-191-0/+4
| | | | | | This ensures the NM-specific credential set is unloaded before any implementation of certificate/key objects, which causes a segmentation fault during shutdown.
* charon-nm: Prevent NM from changing the default routeTobias Brunner2013-03-191-0/+8
| | | | | | This is not required as we install our own (narrow) route(s) in our own routing table. This should allow split tunneling if configured on the gateway.
* charon-nm: Use VIP (if any) as local addressTobias Brunner2013-03-191-1/+10
| | | | NM will install this address on the provided device.
* charon-nm: Pass a dummy TUN device to NetworkManagerTobias Brunner2013-03-191-5/+37
| | | | | | NetworkManager modifies the addresses etc. on this interface so using "lo" is not optimal. With the dummy interface NM is free to do its thing.
* charon-nm: Fix NM plugin utility macrosTobias Brunner2013-03-191-3/+3
|
* Ignore 'compile' script which is generated by AM_PROG_CC_C_OTobias Brunner2013-03-191-0/+1
|
* Avoid returning COOKIEs right after system bootTobias Brunner2013-03-191-1/+1
| | | | | | | | | | | When the monotonic timer is initialized to 0 right after the system is booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s). Since the COOKIE verification code actually produces an overflow for COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs. Checking for last_cookie makes sense anyway as that condition must only apply if we actually sent a COOKIE before.
* Fix scheduling of heartbeat sending in HA pluginMartin Willi2013-03-191-2/+11
| | | | | | e0efd7c1 switches to automated job rescheduling for HA heartbeat. However, send_status() is initially called directly, which will not reschedule the job as required.
* Fix compiler warning in HA pluginMartin Willi2013-03-191-1/+1
|
* Merge branch 'tkm'Tobias Brunner2013-03-19136-42/+6567
|\ | | | | | | | | This adds charon-tkm a special build of the charon IKEv2 daemon that delegates security critical operations to a separate process (TKM = Trusted Key Manager).
| * Various stylistic fixesAdrian-Ken Rueegsegger2013-03-1912-123/+155
| |
| * Add NEWS about TKM separationReto Buerki2013-03-191-0/+8
| |
| * Use network byte order for ESA SPIsAdrian-Ken Rueegsegger2013-03-191-6/+5
| |
| * Provide MODP-2048 through TKM DH pluginAdrian-Ken Rueegsegger2013-03-191-0/+1
| |
| * Add charon-tkm API documentationAdrian-Ken Rueegsegger2013-03-1917-16/+158
| |
| * Do not hardwire keys to KEY_RSAReto Buerki2013-03-193-12/+51
| | | | | | | | | | Make the TKM private and public keys more easily extendable by determining the associated key type dynamically.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 05:56:10 +0000