aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | Pass a constructor callback to create TNCCS server instances while dispatchingMartin Willi2013-01-174-15/+31
| | |
| * | Create pt_tls_client with separate server address and identityMartin Willi2013-01-162-28/+19
| | |
| * | Create pt_tls_dispatcher with separate server address and identityMartin Willi2013-01-162-17/+13
| | |
| * | Add a libpttls providing NEA PT-TLS / TNC IF-T for TLS transport layerMartin Willi2013-01-1611-0/+1171
| | |
| * | Send TLS close notify during tls_socket_t destructionMartin Willi2013-01-151-2/+25
| | |
| * | Send TLS close notify if application returns SUCCESSMartin Willi2013-01-151-2/+6
| | |
| * | Block TLS read when sending data, but have to wait for the handshake data firstMartin Willi2013-01-151-4/+11
| | |
| * | TNCCS plugins don't depend on EAP-TNC, but can be used by other transports, tooMartin Willi2013-01-153-9/+0
| | |
| * | Add a bio_reader_t constructor variant freeing passed data during destructionMartin Willi2013-01-152-1/+32
| | |
| * | Use a more POSIXy tls_socket interface with more flexibility.Martin Willi2013-01-152-81/+165
| | | | | | | | | | | | | | | If an unsufficient read buffer is provided, application data gets cached for subsequent read() calls.
| * | Add a chunk_from_str() initializer that does not include 0-terminatorMartin Willi2013-01-151-0/+5
| | |
* | | Remove leading zeros in SCEP certificate serialNumbersMartin Willi2013-02-141-13/+19
| | |
* | | Fix 'stroke loglevel any'Tobias Brunner2013-02-131-4/+11
| | | | | | | | | | | | | | | | | | | | | Before b46a5cd4 this worked if debug_t was unsigned. In that case -1, as returned by enum_from_name(), would result in a large positive number. So any unknown debug group (including 'any') had the same effect that was only intended for 'any'.
* | | added ikev1/net2net-fragmentation scenario5.0.3dr1Andreas Steffen2013-02-129-0/+122
| | |
* | | treat EAP identities as user IDsAndreas Steffen2013-02-121-3/+3
| | |
* | | use EAP identity in tnc/tnccs-20-pdp scenarioAndreas Steffen2013-02-128-10/+12
| | |
* | | make TNC client authentication type available to IMVsAndreas Steffen2013-02-1210-27/+215
| | |
* | | determine underlying IF-T transport protocolAndreas Steffen2013-02-1213-65/+231
| | |
* | | make AR identities available to IMVs via IF-IMV 1.4 draftAndreas Steffen2013-02-1114-0/+645
| | |
* | | Make IKE/EAP IDs available to TNC server/clientAndreas Steffen2013-02-1110-28/+92
| | |
* | | Don't use a time_t variable with fscanf when parsing uptimeTobias Brunner2013-02-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Because "%u" is used as format string in the fscanf call that parses the uptime and because the length of time_t varies on different platforms and architectures the value was not written properly if time_t was longer than an unsigned int and depending on how the target variable was aligned on the stack. Since there is no conversion specifier to properly parse a time_t value we use the appropriate integer type instead.
* | | Allow more than one CERTREQ payload for IKEv2Tobias Brunner2013-02-081-2/+2
| | | | | | | | | | | | | | | | | | There is no reason not to do so (RFC 5996 explicitly mentions multiple CERTREQ payloads) and some implementations seem to use the same behavior as had to be used with IKEv1 (i.e. each CA in its own CERTREQ payload).
* | | Add a --httptimeout option to scepclientMartin Willi2013-02-083-7/+22
| | |
* | | Use CURL_TIMEOUT and not CURL_CONNECTTIMEOUT for FETCHER_TIMEOUT in curlMartin Willi2013-02-081-5/+12
| | | | | | | | | | | | | | | This allows us to use this timeout beyond DNS resolution. For the initial connect, we use a hardcoded timeout of 10s for now.
* | | Report enabled plugins at the end of configureTobias Brunner2013-02-041-0/+13
| | |
* | | Streamlined comments in configure.inTobias Brunner2013-02-041-80/+83
| | | | | | | | | | | | dnl should only be used in rare cases (like escaping newlines)
* | | Updated configure.in to newer autoconfTobias Brunner2013-02-041-145/+161
| | | | | | | | | | | | | | | | | | AC_TRY_COMPILE and AC_TRY_RUN are deprecated. The new construct with AC_*_IFELSE and AC_LANG_PROGRAM requires double quoting the source code of these test programs.
* | | Add a configure option to disable all default pluginsTobias Brunner2013-02-042-2/+16
| | | | | | | | | | | | | | | | | | The --disable-defaults option disables all plugins that would be enabled by default. This allows to selectively enable specific plugins without issues when new default options get added in future releases.
* | | time is a time_t pointerAndreas Steffen2013-02-041-1/+1
| | |
* | | version bump to 5.0.3dr1Andreas Steffen2013-02-041-1/+1
| | |
* | | improved control when an attribute request is sentAndreas Steffen2013-02-033-2/+54
| | |
* | | print PEN value 0xfffffe as UnassignedAndreas Steffen2013-02-032-15/+17
| | |
* | | send an error attribute if vendor ID or type of received attribute is reservedAndreas Steffen2013-02-031-0/+12
| | |
* | | openssl: Properly honor OPENSSL_NO_* definesTobias Brunner2013-01-317-5/+31
| | |
* | | Fix Doxygen comment for rdrand pluginTobias Brunner2013-01-311-1/+1
| | |
* | | Typo in strongswan.conf(5) man page fixedTobias Brunner2013-01-311-1/+1
| |/ |/|
* | version bump to 5.0.25.0.2Andreas Steffen2013-01-301-1/+1
| |
* | Documented new options in strongswan.conf(5) man pageTobias Brunner2013-01-251-3/+60
| |
* | Don't use pointer to a union member in host_create_from_string_and_family()Tobias Brunner2013-01-251-5/+4
| |
* | Properly check MSB in openssl plugin's PKCS#7 implementationTobias Brunner2013-01-241-1/+1
| |
* | Use proper buffer sizes for parse_smartcard()Tobias Brunner2013-01-241-7/+10
| |
* | Cast first argument for %.*s to intTobias Brunner2013-01-245-18/+18
| |
* | Removed unused command name when printing usage info for lookipTobias Brunner2013-01-241-1/+1
| |
* | Removed unused argumentTobias Brunner2013-01-241-1/+1
| |
* | Properly read data from stream in pki --pkcs7Tobias Brunner2013-01-241-6/+9
| |
* | Properly destroy mem_cred object on pki --pkcs7 --helpTobias Brunner2013-01-241-0/+1
| |
* | Try to determine OS type if name and version are configuredTobias Brunner2013-01-241-0/+2
| |
* | Add missing va_end() callTobias Brunner2013-01-241-1/+2
| |
* | g_thread_init() is deprecated since Glib 2.23Tobias Brunner2013-01-242-0/+6
| |
* | Fix check-in of IKE_SA when IKE_SA_INIT fails and hash table is enabledTobias Brunner2013-01-241-2/+13
| | | | | | | | | | | | | | Setting the responder SPI to 0 can only be done while generating the response, otherwise we'd fail to check in the IKE_SA again in case the hash table is enabled. That's because we use the responder SPI as hash value since 5.0.0.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-29 04:44:44 +0000