aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Fixed TKM buildReto Buerki2013-03-227-9/+17
|
* Build TNC-enabled wpa_supplicantAndreas Steffen2013-03-222-0/+74
|
* activate logging before loading pluginsAndreas Steffen2013-03-211-7/+7
|
* Add a load-tester option to keep allocated external address until shutdownMartin Willi2013-03-212-1/+50
|
* android: No need to disable CMS explicitlyTobias Brunner2013-03-202-2/+0
| | | | The version check introduced with 0d237763 should take care of it.
* Allow up to 10 NAT-D payloads in IKEv1 messagesTobias Brunner2013-03-201-1/+1
|
* Avoid a race condition when reloading secrets from ipsec.secretsTobias Brunner2013-03-201-18/+25
| | | | | | | With the previous implementation that cleared the secrets in the active credential set and then loaded the secrets, IKE SA establishment would fail (as initiator or responder) if secrets are concurrently reloaded and the required secret was not yet loaded.
* Add a method to replace all secrets in a mem_cred_t objectTobias Brunner2013-03-202-5/+68
|
* android: Build native libraries also for x86Tobias Brunner2013-03-203-2/+5
| | | | Requires an updated build script for Vstr.
* android: libtnccs requires headers from libtlsTobias Brunner2013-03-201-0/+1
|
* android: Fix Android.mk for ipsec scriptTobias Brunner2013-03-201-1/+2
|
* android: Remove/filter header files from LOCAL_SRC_FILESTobias Brunner2013-03-209-20/+36
| | | | This avoids huge warnings when building the native code.
* android: Request and install an IPv6 DNS serverTobias Brunner2013-03-202-9/+17
|
* android: Also request a virtual IPv6 address and propose IPv6 TSTobias Brunner2013-03-203-23/+25
| | | | | This allows IPv6 over IPv4 but falls back nicely if we don't get a virtual IPv6 (or IPv4) address.
* ipsec: Increased log level for message in case no outbound policy is foundTobias Brunner2013-03-201-1/+1
| | | | | | | This might happen on Android if sockets are bound to the physical IP address but packets are still routed via TUN device. Since it seems to happen quite often (or for stuff that requires regular traffic) this hides these messages from the default log.
* Add an option to autobalance a HA cluster automaticallyMartin Willi2013-03-191-0/+59
|
* Check if for some reason we handle a HA segment on both nodesMartin Willi2013-03-191-1/+15
|
* Acquire HA segment lock while sending heartbeatMartin Willi2013-03-191-0/+2
|
* Removed unused variable 'id'Tobias Brunner2013-03-191-2/+1
|
* Properly cleanup libmysqlTobias Brunner2013-03-191-1/+1
| | | | Seems to work correctly with recent MySQL versions.
* Use proper address family when adding multiple addresses to SQL poolTobias Brunner2013-03-191-0/+15
|
* Ignore SQL-based IP address pools if their address family does not matchTobias Brunner2013-03-191-10/+21
|
* charon-nm: Add dependencies to CERT_DECODE and PRIVKEY plugin featuresTobias Brunner2013-03-191-0/+4
| | | | | | This ensures the NM-specific credential set is unloaded before any implementation of certificate/key objects, which causes a segmentation fault during shutdown.
* charon-nm: Prevent NM from changing the default routeTobias Brunner2013-03-191-0/+8
| | | | | | This is not required as we install our own (narrow) route(s) in our own routing table. This should allow split tunneling if configured on the gateway.
* charon-nm: Use VIP (if any) as local addressTobias Brunner2013-03-191-1/+10
| | | | NM will install this address on the provided device.
* charon-nm: Pass a dummy TUN device to NetworkManagerTobias Brunner2013-03-191-5/+37
| | | | | | NetworkManager modifies the addresses etc. on this interface so using "lo" is not optimal. With the dummy interface NM is free to do its thing.
* charon-nm: Fix NM plugin utility macrosTobias Brunner2013-03-191-3/+3
|
* Ignore 'compile' script which is generated by AM_PROG_CC_C_OTobias Brunner2013-03-191-0/+1
|
* Avoid returning COOKIEs right after system bootTobias Brunner2013-03-191-1/+1
| | | | | | | | | | | When the monotonic timer is initialized to 0 right after the system is booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s). Since the COOKIE verification code actually produces an overflow for COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs. Checking for last_cookie makes sense anyway as that condition must only apply if we actually sent a COOKIE before.
* Fix scheduling of heartbeat sending in HA pluginMartin Willi2013-03-191-2/+11
| | | | | | e0efd7c1 switches to automated job rescheduling for HA heartbeat. However, send_status() is initially called directly, which will not reschedule the job as required.
* Fix compiler warning in HA pluginMartin Willi2013-03-191-1/+1
|
* Merge branch 'tkm'Tobias Brunner2013-03-19136-42/+6567
|\ | | | | | | | | This adds charon-tkm a special build of the charon IKEv2 daemon that delegates security critical operations to a separate process (TKM = Trusted Key Manager).
| * Various stylistic fixesAdrian-Ken Rueegsegger2013-03-1912-123/+155
| |
| * Add NEWS about TKM separationReto Buerki2013-03-191-0/+8
| |
| * Use network byte order for ESA SPIsAdrian-Ken Rueegsegger2013-03-191-6/+5
| |
| * Provide MODP-2048 through TKM DH pluginAdrian-Ken Rueegsegger2013-03-191-0/+1
| |
| * Add charon-tkm API documentationAdrian-Ken Rueegsegger2013-03-1917-16/+158
| |
| * Do not hardwire keys to KEY_RSAReto Buerki2013-03-193-12/+51
| | | | | | | | | | Make the TKM private and public keys more easily extendable by determining the associated key type dynamically.
| * Provide TKM credential encoderReto Buerki2013-03-195-26/+150
| | | | | | | | | | | | | | | | The TKM credential encoder creates fingerprints of type KEYID_PUBKEY_INFO_SHA1 and KEYID_PUBKEY_SHA1 using CRED_PART_RSA_PUB_ASN1_DER. This makes the pkcs1 plugin unnecessary.
| * Switch to openssl pluginReto Buerki2013-03-191-8/+1
| |
| * Implement multiple-clients integration testReto Buerki2013-03-1912-0/+158
| | | | | | | | | | | | | | | | Two transport connections to gateway sun are set up, one from client carol and the other from client dave. The gateway sun uses the Trusted Key Manager (TKM) and is the responder for both connections. The authentication is based on X.509 certificates. In order to test the connections, both carol and dave ping gateway sun.
| * Implement net2net-xfrmproxy integration testReto Buerki2013-03-1910-0/+108
| |
| * Implement net2net-initiator integration testReto Buerki2013-03-199-0/+104
| |
| * Add xfrm_proxy integration testReto Buerki2013-03-1910-0/+102
| |
| * Provide script to build Ada XFRM proxyReto Buerki2013-03-191-0/+21
| |
| * Add TKM responder integration testReto Buerki2013-03-1910-0/+97
| |
| * Add initial TKM integration testReto Buerki2013-03-1910-0/+96
| | | | | | | | | | | | A connection between the hosts moon and sun is set up. The host moon uses the Trusted Key Manager (TKM) and is the initiator of the transport connection. The authentication is based on X.509 certificates.
| * Add expect-file guest image scriptReto Buerki2013-03-191-0/+29
| | | | | | | | | | This script can be used in pretest.dat files to wait until a given file appears.
| * Add /usr/local/lib/ipsec to linker cacheReto Buerki2013-03-192-0/+3
| |
| * Provide recipes to build tkm and required librariesReto Buerki2013-03-196-1/+105
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 19:10:32 +0000