aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | Doxygen fixTobias Brunner2012-08-111-1/+1
| |
* | Avoid problems with Doxygen by adding warn_unused_result attribute at the ↵Tobias Brunner2012-08-119-61/+57
| | | | | | | | end of method signatures
* | Add warn_unused_result attributes to rng_(get|allocate)_bytes_not_zeroTobias Brunner2012-08-111-5/+6
| | | | | | | | Also fixed Doxygen comments.
* | Documentation fixes regarding xauth-pam/eap-gtc pluginsTobias Brunner2012-08-112-4/+6
| |
* | If _POSIX_SPIN_LOCKS is defined as -1, it is not availableMartin Willi2012-08-101-0/+4
| |
* | If vstr printf functions are #defined, undef them before redefinitionMartin Willi2012-08-101-0/+31
| | | | | | | | | | At least Mountain Lion seems to have them #defined to secure _chk variants.
* | Use actual daemon name to enable XAuth/PSK with aggressive modeMartin Willi2012-08-101-2/+3
| |
* | Add xauth-pam/eap-gtc NEWSMartin Willi2012-08-101-0/+5
| |
* | EAP-GTC can use any XAuth backend, including xauth-pamMartin Willi2012-08-102-88/+45
| | | | | | | | | | | | | | This makes EAP-GTC a generic plain password authentication method, as it is used with XAuth. Instead of verifying credentials with PAM, any backend can be configured. The default is xauth-pam, providing the same functionality as EAP-GTC in strongSwan 4.x.
* | Add xauth-pam, an XAuth backend verifying credentials with PAMMartin Willi2012-08-107-1/+395
| |
* | Add getspnam_r() to leak detective whitelistMartin Willi2012-08-101-0/+1
| |
* | make max_message_size parameter consistent with similar optionsAndreas Steffen2012-08-093-4/+4
| |
* | Check if TLS handshake received Finished before processing application dataMartin Willi2012-08-091-0/+6
|/
* Remove queued IKEv1 message before processing itMartin Willi2012-08-081-3/+5
| | | | | Avoids destruction or processing of a queued message in recursive process_message() call.
* Include src address in hash of initial message for Main ModeTobias Brunner2012-08-081-5/+31
| | | | | | | If two initiators use the same SPI and also use the same SA proposal the hash for the initial message would be exactly the same. For IKEv2 and Aggressive Mode that's not a problem as these messages include random data (Ni, KEi payloads).
* implemented deletion of product_file database entriesAndreas Steffen2012-08-071-15/+13
|
* Add DH group 15 (MODP-3072) to IKE proposalAdrian-Ken Rueegsegger2012-08-061-0/+1
|
* PEM loading soft-depends on MD5 only, as unencrypted files don't need MD5Martin Willi2012-08-031-4/+4
| | | | Fixes #211.
* Rebuild charon after running ./configure to reflect plugin changesMartin Willi2012-08-031-0/+2
|
* Block XAuth transaction on established IKE_SAs, but allow Mode ConfigMartin Willi2012-08-032-2/+1
|
* Implemented recursive mutex without thread-specific counterTobias Brunner2012-08-031-23/+17
|
* Use a single thread-specific value for our custom rwlock_t implementationTobias Brunner2012-08-031-50/+67
| | | | | | The pthread implementation on Android currently only supports 64 different thread-specific values per process, which we hit easily when every rwlock_t requires one.
* Fix linking of addrblock plugin when building monolithicMartin Willi2012-08-031-1/+1
| | | | Fixes #212.
* Reject initial exchange messages early once IKE_SA is establishedMartin Willi2012-08-021-0/+18
|
* Add some more NEWS about 5.0.1Martin Willi2012-08-021-0/+10
|
* Move MODP_CUSTOM va_arg fetching out of loopMartin Willi2012-08-021-15/+11
| | | | It seems problematic at least on PPC with gcc 4.3, fixes #208.
* updated NEWSAndreas Steffen2012-07-311-0/+14
|
* libimcv requires nonce pluginAndreas Steffen2012-07-311-1/+1
|
* Lookup IKEv1 PSK even if the peer identity is not knownMartin Willi2012-07-311-1/+1
|
* update state before handling statusAndreas Steffen2012-07-301-16/+20
|
* implemented support if functional sub-componentsAndreas Steffen2012-07-3019-285/+630
|
* extended and documented ipsec attestAndreas Steffen2012-07-304-46/+107
|
* Proper fallback if capability dropping is not availableTobias Brunner2012-07-274-2/+9
|
* The use of $< in Makefiles is not portableTobias Brunner2012-07-273-5/+5
| | | | | | It requires GNU make which is not what most people use on e.g. FreeBSD. Fixes #205.
* Include stdint.h for UINTxx_MAX definesTobias Brunner2012-07-271-2/+3
| | | | Fixes #205.
* measure all kernel modules and optimize firefox and thunderbird measurementsAndreas Steffen2012-07-271-34/+14
|
* with --relative --file do not insert absolute filenames into databaseAndreas Steffen2012-07-271-3/+5
|
* Don't include acquiring packet traffic selectors in IKEv1Martin Willi2012-07-261-0/+5
| | | | | | | | As we only can negotiate a single TS in IKEv1, don't prepend the triggering packet TS, as we do in IKEv2. Otherwise we don't establish the TS of the configuration, but only that of the triggering packet. Fixes #207.
* Implement late peer config switching after XAuth authenticationMartin Willi2012-07-261-15/+80
| | | | | | | If additional authentication constraints, such as group membership, is not fulfilled by an XAuth backend, we search for another peer configuration that fulfills all constraints, including those from phase1.
* Check if XAuth round complies to configured authentication roundMartin Willi2012-07-261-7/+18
|
* Show which group would be required when failing in constraint checkMartin Willi2012-07-261-8/+10
|
* Don't add ANY identity constraint to auth config, as XAuth rounds don't use oneMartin Willi2012-07-262-3/+15
|
* Merge auth config items added from XAuth backends to IKE_SAMartin Willi2012-07-261-0/+1
|
* Add an ipsec.conf leftgroups2 parameter for the second authentication roundMartin Willi2012-07-269-3/+21
|
* IMA SHA1 file measurement is not needed any moreAndreas Steffen2012-07-231-9/+1
|
* fixed typoAndreas Steffen2012-07-231-1/+1
|
* Release leaking child config after uninstalling shunt policyMartin Willi2012-07-231-0/+1
|
* moved PA-TNC message logging to level 1Andreas Steffen2012-07-231-2/+2
|
* transport IMA file info via PTS Component Evidence Policy URIAndreas Steffen2012-07-2311-119/+156
|
* ipsec attest now deletes file hashesAndreas Steffen2012-07-222-2/+25
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-11 18:50:11 +0000