aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | | | Merge branch 'tfc-notify'Martin Willi2013-03-016-2/+68
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduces kernel backend features, sends ESP_TFC_PADDING_NOT_SUPPORTED if kernel does not support it.
| * | | | | | Send ESP_TFC_PADDING_NOT_SUPPORTED if the used kernel doesn't support itMartin Willi2013-03-011-0/+9
| | | | | | |
| * | | | | | Indicate support for processing ESPv3 TFC padding in Netlink IPsec backendMartin Willi2013-03-011-1/+7
| | | | | | |
| * | | | | | Introduce "features" for the kernel backends returning kernel capabilitiesMartin Willi2013-03-014-1/+52
| | |/ / / / | |/| | | |
* | | | | | testing: Add a script to easily connect to a host via SSHTobias Brunner2013-02-281-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This doesn't require any entries in /etc/hosts and the correct SSH config is used to allow password-less access.
* | | | | | openssl: Provide AES-GCM implementationTobias Brunner2013-02-284-1/+312
| | | | | |
* | | | | | Fix cleanup in crypto_tester if AEAD implementation failsTobias Brunner2013-02-281-1/+4
| | | | | |
* | | | | | Order of arguments in Doxygen comment fixedTobias Brunner2013-02-282-2/+2
| | | | | |
* | | | | | Fix auth_cfg_t.clone() for single-valued auth rulesTobias Brunner2013-02-281-10/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By using the default list enumerator and adding the rules with the public add() method, clones of auth_cfg_t objects would return the values for single-valued auth rules in the wrong order (i.e. the oldest instead of the newest value was returned). Using the internal enumerator (which the comment already suggested) fixes this, but the clone will not be a full clone as it does not contain any old values for single-valued auth rules. Since these will never be used anyway, this should be fine.
* | | | | | Trigger an updown event when destroying an IKE_SA based on INITIAL_CONTACTTobias Brunner2013-02-281-0/+1
| |_|_|_|/ |/| | | | | | | | | | | | | | | | | | | In other cases (i.e. when functions return DESTROY_ME) the event should already be triggered, but not in this forced situation.
* | | | | Use SIGUSR2 for SIG_CANCEL on AndroidTobias Brunner2013-02-261-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SIGRTMIN is defined as 32 while sigset_t is defined as unsigned long (i.e. holds 32 signals). Hence, the signal could never be blocked. Sending the signal still canceled threads, but sometimes in situations where they shouldn't have been canceled (e.g. while holding a lock). Fixes #298.
* | | | | Android.mk updated to latest MakefilesTobias Brunner2013-02-263-1/+3
| |/ / / |/| | | | | | | | | | | Fixes #300.
* | | | Check kvm command existence in start-testingReto Buerki2013-02-221-1/+1
| | | |
* | | | openssl: Disable PKCS#7/CMS when building against OpenSSL < 0.9.8gTobias Brunner2013-02-202-1/+5
| |/ / |/| | | | | | | | Fixes #292.
* | | version bump to 5.0.3dr25.0.3dr2Andreas Steffen2013-02-192-1/+5
| | |
* | | treat IF-M and IF-TNCCS remediation instructions/parameters in an equal wayAndreas Steffen2013-02-194-107/+204
| | |
* | | Merge branch 'dnssec'Tobias Brunner2013-02-19103-7/+3723
|\ \ \
| * | | NEWS about ipseckey and unbound plugins addedTobias Brunner2013-02-191-0/+9
| | | |
| * | | Added ikev2/rw-dnssec scenarioAndreas Steffen2013-02-1921-0/+301
| | | |
| * | | Added ikev2/net2net-dnssec scenarioAndreas Steffen2013-02-1917-0/+220
| | | |
| * | | Configure winnetou as a DNSSEC enabled nameserver for the strongswan.org, ↵Andreas Steffen2013-02-1923-2/+378
| | | | | | | | | | | | | | | | org, and root zones
| * | | Build unbound and ipseckey plugins on KVM imageAndreas Steffen2013-02-192-2/+4
| | | |
| * | | Streamlined log messages in ipseckey pluginAndreas Steffen2013-02-192-58/+30
| | | |
| * | | Encode RSA public keys in RFC 3110 DNSKEY formatAndreas Steffen2013-02-198-3/+155
| | | |
| * | | Moved configuration from resolver manager to unbound pluginAndreas Steffen2013-02-197-52/+47
| | | | | | | | | | | | | | | | Also streamlined log messages in unbound plugin.
| * | | ipseckey: Report IPSECKEYs with invalid DNSSEC security stateReto Guadagnini2013-02-191-2/+12
| | | |
| * | | ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.confReto Guadagnini2013-02-192-3/+19
| | | |
| * | | Added ipseckey plugin, which provides support for public keys in IPSECKEY RRsReto Guadagnini2013-02-199-0/+863
| | | |
| * | | Implemented the resolver test script "dnssec"Reto Guadagnini2013-02-193-1/+130
| | | |
| * | | unbound: Implementation of query method of unbound_resolver_tReto Guadagnini2013-02-192-7/+64
| | | |
| * | | unbound: Implemented resolver_response_t as unbound_response_tReto Guadagnini2013-02-193-1/+316
| | | |
| * | | Implemented rr_set_t interfaceReto Guadagnini2013-02-193-1/+113
| | | |
| * | | unbound: Implemented rr_t as unbound_rr_tReto Guadagnini2013-02-193-1/+215
| | | |
| * | | Added unbound plugin implementing the resolver interface using libunboundReto Guadagnini2013-02-197-0/+245
| | | |
| * | | Added manager for DNS resolversReto Guadagnini2013-02-195-1/+181
| | | |
| * | | Added interface for DNS resolversReto Guadagnini2013-02-196-0/+548
|/ / /
* | | added missing return statementAndreas Steffen2013-02-191-0/+1
| | |
* | | Fix encoding of issuerAndSubject while handling SCEP pending stateMartin Willi2013-02-191-1/+1
| | |
* | | reject PB-Experimental messages with NOSKIP flag setAndreas Steffen2013-02-191-0/+7
| | |
* | | added parameter descriptionsAndreas Steffen2013-02-191-1/+8
| | |
* | | removed superfluous debug outputAndreas Steffen2013-02-152-4/+0
| | |
* | | Add a timeout to clean up PDP RADIUS connectionsMartin Willi2013-02-141-0/+51
| | |
* | | Keep the PDP connections lock while accessing its objectsMartin Willi2013-02-143-7/+34
| | | | | | | | | | | | | | | | | | When we introduce connection timeouts, the state may disappear at any time. This change prevents that, but is not very clear. We probably have to refactor connection handling.
* | | Add locking to TNC-PDP connectionsMartin Willi2013-02-141-7/+23
| | |
* | | Add IF-M message subtype getter to IMC/IMV messagesMartin Willi2013-02-144-1/+28
| | |
* | | Use a generic constructor to create PA-TNC error attributesMartin Willi2013-02-141-62/+32
| | |
* | | Add a global return_success() method implementationMartin Willi2013-02-143-8/+15
| | |
* | | Add a convenience method to check pen_type_t for vendor and typeMartin Willi2013-02-141-0/+14
| | |
* | | Add a comparison function for pen_type_tMartin Willi2013-02-141-0/+12
| | |
* | | Whitespace and comment cleanups in pen.[ch]Martin Willi2013-02-142-20/+28
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-10 11:25:52 +0000