aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * Use ref_get() to make sure IKE_SA unique IDs are uniqueMartin Willi2013-06-111-2/+2
| |
| * Use ref_get() to make sure CHILD_SA reqids are uniqueMartin Willi2013-06-111-2/+9
| |
| * utils: ref_get() returns the new value of the reference counterMartin Willi2013-06-112-4/+9
|/ | | | This allows us to use ref_get() for getting unique values.
* ikev1: keep vendor ID task alive during full Main/Aggressive ModeMartin Willi2013-06-111-8/+75
| | | | Fixes DPD with Cisco IOS sending the DPD vendor ID not in the first message.
* Merge branch 'init-auth-fail'Martin Willi2013-06-114-2/+79
|\ | | | | | | | | Properly notifies the responder if authentication of an IKE_SA or installation of a CHILD_SA fails as initiator, keeping SA state on peers consistent.
| * ikev2: if installing a CHILD_SA as initiator fails, notify the responderMartin Willi2013-06-111-2/+36
| |
| * ikev2: raise LOCAL_AUTH_FAILED when receiving INFORMATIONAL with AUTH_FAILEDMartin Willi2013-06-111-0/+8
| |
| * ikev2: close an established IKE_SA when receiving AUTHENTICATION_FAILEDMartin Willi2013-06-111-0/+6
| | | | | | | | | | | | RFC 5996 compatible implementations MAY send an INFORMATIONAL message with an AUTHENTICATION_FAILED if the initiator failed to authenticate us. Handle such a message like a DELETE for an IKE_SA.
| * ikev2: if responder authentication fails, send AUTHENTICATION_FAILEDMartin Willi2013-06-111-0/+29
|/ | | | | | | According to RFC 5996, we MAY send an INFORMATIONAL message having an AUTHENTICATION_FAILED. We don't do any retransmits, though, but just close the IKE_SA after one message has been sent, avoiding the danger that an unauthenticated IKE_SA stays alive.
* Merge branch 'scep-bind'Martin Willi2013-06-116-7/+51
|\ | | | | | | | | Extend fetcher interface by an option to specify a source IP, implement it in the curl plugin and provide a --bind option in scepclient.
| * scepclient: support a --bind option to fetch from a specific source IPMartin Willi2013-06-113-6/+27
| |
| * curl: add an option to fetch bound to a local source addressMartin Willi2013-06-113-0/+23
| |
| * fetcher: add missing "continue" when handling FETCH_CALLBACKMartin Willi2013-06-111-1/+1
|/
* Allow IPComp on NATed connections, both for IKEv1 and IKEv2Martin Willi2013-06-112-33/+10
| | | | | | While this was problematic in earlier releases, it seems that it works just fine the way we handle compression now. So there is no need to disable it over NATed connections or when using forceencaps.
* leak-detective: Resolve hooked functions during initializationTobias Brunner2013-06-111-1/+4
| | | | | | | | | If uses of dlopen(), e.g. when loading plugins, produce errors an error string could get allocated dynamically. At this point realloc() might not yet be resolved and when dlsym() is later called by leak detective to do so the error string might get freed while leak detective is disabled and real_free() will be called with a pointer into one of leak detective's memory blocks instead of a pointer to the block itself, causing a SIGSEGV.
* Properly compare CHILD_SAs during rekey collisionTobias Brunner2013-06-111-5/+12
| | | | | | | The previous code did not properly check for the situation when the DELETE for a redundant CHILD_SA created by a responder during a CHILD_SA rekey collision arrives before the responder's answer to the initiator's winning CREATE_CHILD_SA request.
* Merge branch 'plugin-loader'Tobias Brunner2013-06-1147-669/+1794
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Improves how plugin loader resolves dependencies between plugins. The old loader had problems if plugins had dependencies on features provided by plugins listed later in the plugin list. For instance, it was not possible to use the X.509 implementation provided by the x509 plugin while using all the crypto primitives provided by the openssl plugin. Because the x509 plugin has a dependency on SHA1, the old loader skipped that plugin until it loaded a SHA1 implementation. Because the loader also loaded all features with resolved dependencies provided by a specific plugin it would, while loading the openssl plugin's SHA1 implementation, also load its X.509 implementation. So to use the x509 plugin it was necessary to load the sha1 plugin before it so that its dependencies could be properly resolved. With the new implementation the plugins don't have to be in a specific order to resolve dependencies. But the order still matters if two plugins provide the same feature. Also, support for the get_features() interface was added to all plugins.
| * Removed stray *_plugin_create() declarations from header filesTobias Brunner2013-06-113-15/+0
| |
| * eap-radius: Do initialization in a plugin feature callbackTobias Brunner2013-06-111-28/+47
| |
| * Refactored plugin-loader with improved dependency resolutionTobias Brunner2013-06-113-238/+480
| | | | | | | | | | | | With the new implementation the plugins don't have to be listed in any special order, dependencies are properly resolved. The order only matters if two plugins provide the same feature.
| * android-log: Use plugin featuresTobias Brunner2013-06-111-2/+12
| |
| * android-dns: Use plugin features to register attribute handlerTobias Brunner2013-06-111-5/+31
| |
| * maemo: Use plugin featuresTobias Brunner2013-06-111-2/+12
| |
| * medsrv: Use plugin features with dependency on database implementationTobias Brunner2013-06-111-31/+56
| |
| * medcli: Use plugin features with dependency on database implementationTobias Brunner2013-06-111-35/+60
| |
| * whitelist: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
| |
| * updown: Use plugin features to register listener and attribute handlerTobias Brunner2013-06-111-20/+44
| |
| * unity: Use plugin features to register listener and attribute handler/providerTobias Brunner2013-06-111-10/+39
| |
| * unit-tester: Use plugin featuresTobias Brunner2013-06-111-4/+28
| |
| * uci: Use plugin features to register backend and credential setTobias Brunner2013-06-111-7/+32
| |
| * systime-fix: Use plugin features to register validatorTobias Brunner2013-06-111-24/+51
| |
| * smp: Use plugin featuresTobias Brunner2013-06-111-2/+12
| |
| * radattr: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
| |
| * lookip: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
| |
| * led: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
| |
| * test-vectors: Use plugin featuresTobias Brunner2013-06-111-1/+12
| |
| * revocation: Use plugin features with soft dependencies on fetcher and ↵Tobias Brunner2013-06-111-3/+35
| | | | | | | | en-/decoding
| * padlock: Use plugin features to properly register algorithmsTobias Brunner2013-06-111-39/+43
| |
| * pkcs11: Use plugin_features_add() in get_features()Tobias Brunner2013-06-111-21/+8
| |
| * plugin-feature: Added helper function to extend arrays of plugin featuresTobias Brunner2013-06-111-0/+21
| |
| * constraints: Use plugin features with soft dependency on X.509 decodingTobias Brunner2013-06-111-3/+31
| |
| * blowfish: Use plugin features to properly register crypterTobias Brunner2013-06-111-8/+13
| |
| * resolve: Use plugin features to register attribute handlerTobias Brunner2013-06-112-4/+31
| |
| * attr: Use plugin features to register attribute providerTobias Brunner2013-06-111-2/+31
| |
| * ipseckey: Allow en-/disabling at runtime using plugin reload featureTobias Brunner2013-06-111-12/+26
| |
| * ipseckey: Use plugin features and depend on RESOLVERTobias Brunner2013-06-112-28/+53
| | | | | | | | Also fixed a double-free of the resolver instance.
| * unbound: Use plugin features and provide RESOLVERTobias Brunner2013-06-111-3/+12
| |
| * plugin-feature: Add feature for DNSSEC-enabled resolversTobias Brunner2013-06-112-0/+15
| |
| * ha: Use plugin features to register listeners and attribute providerTobias Brunner2013-06-111-9/+37
| |
| * farp: Use plugin features to register listenerTobias Brunner2013-06-111-5/+29
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 08:20:43 +0000