aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* starter: Migrated logging to libstrongswan.Tobias Brunner2012-06-1114-550/+285
|
* starter: Remove unneeded starter_exec function.Tobias Brunner2012-06-115-78/+4
|
* scepclient: Option added to read PKCS#10 certificate request from a file.Tobias Brunner2012-06-112-11/+30
|
* scepclient: Option added to read self-signed certificate from a file.Tobias Brunner2012-06-112-21/+53
|
* scepclient: Generate uppercase transaction ID.Tobias Brunner2012-06-111-1/+1
|
* scepclient: Use HTTP 1.0 for all requests.Tobias Brunner2012-06-111-0/+2
|
* scepclient: Options added to specify digest/signature algorithms.Tobias Brunner2012-06-112-27/+92
| | | | | Also changed the defaults to DES/MD5 as that's what should be used if GetCACaps is not used to learn the issuers capabilities.
* Added function to convert integrity algorithms to hash algorithms (if based ↵Tobias Brunner2012-06-112-4/+50
| | | | on one).
* Properly encode 0 in ASN.1.Tobias Brunner2012-06-111-10/+7
| | | | | According to X.690 an INTEGER object always has at least one content octet.
* Don't use chunk_skip() in asn1_length().Tobias Brunner2012-06-111-1/+2
| | | | | | | | chunk_skip() returns chunk_empty if the length of the chunk is equal to the number of bytes to skip, this is problematic as asn1_length() modifies the original chunk. asn1_parser_t for instance uses the modified chunk to later calculate the length of the resulting ASN.1 object which produces incorrect results if it is based on chunk_empty.
* Changed memory management and call logic in PKCS#7 parser/generator.Tobias Brunner2012-06-112-85/+86
|
* Changed memory management and attribute handling in PKCS#9 wrapper.Tobias Brunner2012-06-113-112/+40
|
* scepclient: Also number CA certificates in case there is more than one.Tobias Brunner2012-06-112-14/+51
| | | | Also, only number them if there are multiple certificates.
* scepclient: Store received RA certificates, using CA cert name as base.Tobias Brunner2012-06-111-5/+67
|
* scepclient: Use pkcs7_t and pkcs9_t, remove all dependencies to ↵Tobias Brunner2012-06-114-289/+119
| | | | pluto/libfreeswan.
* Added get_attributes() method to pkcs7_t.Tobias Brunner2012-06-112-1/+15
|
* scepclient: Local generation of file names.Tobias Brunner2012-06-111-10/+48
|
* scepclient: Replaced usages of datatot().Tobias Brunner2012-06-111-6/+6
|
* scepclient: Migrated logging to libstrongswan.Tobias Brunner2012-06-115-513/+147
|
* Log group added for applications other than daemons.Tobias Brunner2012-06-112-0/+4
|
* scepclient: Some code cleanup.Tobias Brunner2012-06-113-335/+319
|
* Updated PKCS#7 parser/generator in libstrongswan.Tobias Brunner2012-06-114-201/+226
| | | | | Added some functionality from pluto's version, updated usage of asn1 and crypto primitives. It does compile but is not really tested yet.
* added missing parameter in get_my_addr() and get_other_addr() callsAndreas Steffen2012-06-091-2/+4
|
* version bump to 5.0.0rc1Andreas Steffen2012-06-091-1/+1
|
* added ikev1/dynamic scenarios using allow-anyAndreas Steffen2012-06-0840-0/+676
|
* removed whitespaceAndreas Steffen2012-06-082-2/+2
|
* added ikev2/dynamic-two-peers scenarioAndreas Steffen2012-06-0812-0/+239
|
* added ikev2/dynamic-responder scenarioAndreas Steffen2012-06-0814-0/+219
|
* added ikev2/dynamic-initiator scenarioAndreas Steffen2012-06-0814-0/+218
|
* implemented the right|leftallowany featureAndreas Steffen2012-06-0819-77/+137
|
* Enforce uniqueness policy in IKEv1 main and aggressive modesMartin Willi2012-06-082-0/+29
|
* starter: Go back to single threaded mode.Tobias Brunner2012-06-082-22/+7
| | | | | Mixing multiple threads and fork(2) wasn't a very good idea it seems. At least in some environments this caused strange side-effects.
* Disabled listening for kernel events in starter.Tobias Brunner2012-06-084-74/+110
|
* Try to rekey without KE exchange if peer returns INVALID_KE_PAYLOAD(NONE)Martin Willi2012-06-081-1/+8
| | | | | | According to RFC5996, implementations should just ignore the KE payload if they select a non-PFS proposals. Some implementations don't, but return MODP_NONE in INVALID_KE_PAYLOAD, hence we accept that, too.
* While checking for redundant quick modes, compare traffic selectorsMartin Willi2012-06-081-0/+22
| | | | | If a configuration is instanced more than once using narrowing, we should keep all unique quick modes up during rekeying.
* Store shorter soft lifetime of in- and outbound SAs onlyMartin Willi2012-06-081-1/+8
|
* Initiate quick mode rekeying with narrowed traffic selectorsMartin Willi2012-06-081-1/+18
|
* Use traffic selectors passed to quick mode constructor as initiatorMartin Willi2012-06-081-2/+10
|
* Instead of rekeying, delete a quick mode if we have a fresher instanceMartin Willi2012-06-081-6/+42
| | | | | | | | If both peers initiate quick mode rekeying simultaneously, we end up with duplicate SAs for a configuration. This can't be avoided, nor do the standards provide an appropriate solution. Instead of closing one SA immediately, we keep both. But once rekeying triggers, we don't refresh the SA with the shorter soft lifetime, but delete it.
* Properly handle empty RDN values in DN strings.Tobias Brunner2012-06-071-3/+11
|
* Properly install policies with ports in PF_KEY kernel interface.Tobias Brunner2012-06-071-27/+28
|
* As responder, enforce the same configuration while rekeying CHILD_SAsMartin Willi2012-06-063-1/+19
|
* starter: Only handle SIGCHLD asynchronously and the rest in pselect(2).Tobias Brunner2012-06-061-8/+17
|
* Show expiration time of rekeyed CHILD_SAs in statusallMartin Willi2012-06-051-1/+6
|
* starter: (De-)Initialize logging when forking.Tobias Brunner2012-06-051-0/+2
|
* starter: Close open file descriptors when forking daemons.Tobias Brunner2012-06-042-0/+2
|
* starter: Changed signal handling now that starter is multi-threaded.Tobias Brunner2012-06-042-15/+57
|
* Mark CHILD_SAs used for trap policies to uninstall them properly.Tobias Brunner2012-06-041-6/+13
| | | | | | | If the installation failed the state is not CHILD_ROUTED which means the wrong priority is used to uninstall the policies. This is a problem for kernel interfaces that keep track of installed policies as now the proper policy is not found (if the priority is considered).
* NEWS for 4.6.4 added.Tobias Brunner2012-05-311-0/+10
|
* Fixed return values of several functions (e.g. return FALSE for pointer types).Tobias Brunner2012-05-318-10/+10
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 19:42:22 +0000