aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | Support different authentication schemes for PT-TLSMartin Willi2013-02-285-6/+71
| | |
| * | Request a TLS client certificate even if no peer identity is givenMartin Willi2013-02-281-5/+1
| | | | | | | | | | | | | | | This allows a peer to perform client authentication if it wants, but skip it if not.
| * | Wrap tls_t.get_{server,peer}_id methods in tls_socket_tMartin Willi2013-02-282-0/+28
| | |
| * | Delegate tls_t.get_{peer,server}_id to handshake layerMartin Willi2013-02-287-29/+78
| | | | | | | | | | | | | | | This allows to get updated peer identities if the peer can't authenticate, or does when it is optional.
| * | Implement a SASL PLAIN mechanism using shared secretsMartin Willi2013-02-284-0/+224
| | |
| * | Implement SASL authentication in PT-TLS clientMartin Willi2013-02-281-11/+191
| | |
| * | Implement SASL authentication in PT-TLS serverMartin Willi2013-02-281-5/+236
| | |
| * | Define PT-TLS SASL result codesMartin Willi2013-02-281-0/+11
| | |
| * | Define an interface for SASL mechanisms and provide a static factoryMartin Willi2013-02-283-1/+193
| | |
| * | Pass a client identity to pt_tls_client, usable for TLS or SASL authenticationMartin Willi2013-02-282-7/+21
| | |
| * | Don't close underlying file descriptor before destroying a tls_socketMartin Willi2013-02-281-1/+4
| | | | | | | | | | | | | | | tls_socket cleanup usually sends a TLS close notify, for which it uses a valid socket.
* | | As Quick Mode initiator, select a subset of the proposed and the returned TSMartin Willi2013-03-071-4/+11
| | | | | | | | | | | | | | | | | | | | | | | | Cisco 5505 firewalls don't return the port if we send a specific one, letting the is_contained_in() checks fail. Using get_subset() selection builds the Quick Mode correctly with the common subset of selectors. Based on an initial patch from Paul Stewart.
* | | added some otherNames OIDsAndreas Steffen2013-03-061-0/+6
| | |
* | | Fix some apidoc in mem_pool.hMartin Willi2013-03-061-3/+3
| | |
* | | testing: Add screen package to base imageTobias Brunner2013-03-051-1/+1
| | | | | | | | | | | | Makes working in a single SSH session easier.
* | | testing: Enable ssh connection to second IP by name (e.g. moon1)Tobias Brunner2013-03-051-1/+9
| | |
* | | testing: ssh script accepts IP addresses instead of host namesTobias Brunner2013-03-051-4/+11
| | |
* | | testing: ssh script forwards arguments to ssh commandTobias Brunner2013-03-051-1/+2
| | | | | | | | | | | | This allows to execute commands on a virtual host.
* | | removed unneeded DS filesAndreas Steffen2013-03-053-6/+0
| | |
* | | instead of cloning use extract_buf() methodAndreas Steffen2013-03-0434-35/+35
| | |
* | | Don't invoke addr2line if dladdr() did not yield a filenameMartin Willi2013-03-041-1/+1
| | |
* | | When receiving critical signals, additionally log backtraces to syslog/filesMartin Willi2013-03-041-0/+1
| | |
* | | backtrace_t.log() takes a NULL file pointer to log to registered dbg() hookMartin Willi2013-03-042-33/+71
| | |
* | | Don't use color escapes when printing backtraces to a non-TTY fileMartin Willi2013-03-041-11/+20
| | |
* | | Add a utility function to resolve TTY color escape codes dynamicallyMartin Willi2013-03-042-0/+103
| | |
* | | make TNC Access Requestor ID available to IMVsAndreas Steffen2013-03-039-42/+130
| | |
* | | updated NEWSAndreas Steffen2013-03-031-2/+8
| | |
* | | upgraded KVM test suite to Linux 3.8 kernelAndreas Steffen2013-03-032-4/+1867
| | |
* | | added openssl-ikev2/alg-aes-gcm scenarioAndreas Steffen2013-03-0311-0/+158
| | |
* | | use DNs in tnc/tnccs-20-tls scenarioAndreas Steffen2013-03-034-5/+3
| | |
* | | added getpwuid_r and initgroups to whitelistAndreas Steffen2013-03-031-0/+2
| | |
* | | third parameter was not copiedAndreas Steffen2013-03-021-1/+1
| | |
* | | Fixed Doxygen comments after scanning complete src directoryTobias Brunner2013-03-0296-183/+221
| | |
* | | Include the whole src directory in apidoc and make source files browsableTobias Brunner2013-03-021-17/+7
| | | | | | | | | | | | | | | But still only scan header files as Doxygen can't figure out how they are related to source files (at least not for class methods).
* | | Prevent Doxygen from processing __attribute__(...)Tobias Brunner2013-03-021-1/+1
| | | | | | | | | | | | Doxygen produces additional members/classes from these attributes.
* | | Updated Doxyfile.in with a recent version of DoxygenTobias Brunner2013-03-021-127/+509
| | |
* | | Removed backend for old Android frontend patchTobias Brunner2013-03-0214-929/+88
| | | | | | | | | | | | Moved the remaining DNS handler to a new plugin.
* | | added ERX_SUPPORTED IKEv2 NotifyAndreas Steffen2013-03-022-7/+11
| | |
* | | added some new TCG IF-M message subtypes and attributesAndreas Steffen2013-03-024-4/+36
| | |
* | | version bump to 5.0.3dr3Andreas Steffen2013-03-021-1/+1
| | |
* | | android: Mitigate race condition on reauthenticationTobias Brunner2013-03-011-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | If the TUN device gets recreated while another thread in handle_plain() has not yet called select(2) but already stored the file descriptor of the old TUN device in its FD set, select() will fail with EBADF. Fixes #301.
* | | openssl: The EVP GCM interface requires at least OpenSSL 1.0.1Tobias Brunner2013-03-012-0/+8
| | |
* | | Merge branch 'multi-eap'Martin Willi2013-03-012-28/+50
|\ \ \ | | | | | | | | | | | | | | | | | | | | Fixes the use of EAP methods in the non-first authentication round if the initiator demands mutual EAP. Also mutual EAP can now be enforced when the initiator sets rightauth=eap, not only with rightauth=any.
| * | | Apply a mutual EAP auth_cfg not before the EAP method completesMartin Willi2013-02-262-1/+18
| | | |
| * | | Be a little more verbose why a peer_cfg is inacceptableMartin Willi2013-02-261-8/+16
| | | |
| * | | Refactor auth_cfg applying to a common functionMartin Willi2013-02-261-20/+17
| |/ /
* | | Merge branch 'multi-cert'Martin Willi2013-03-014-27/+113
|\ \ \ | | | | | | | | | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * | | After merging the used trustchain with config, move used certificate to frontMartin Willi2013-01-181-0/+24
| | | |
| * | | Add ipsec.conf.5 updates regarding multiple certificates in leftcertMartin Willi2013-01-181-0/+4
| | | |
| * | | Try to build a trustchain for all configured certificates before enforcing oneMartin Willi2013-01-181-1/+29
| | | | | | | | | | | | | | | | | | | | This enables the daemon to select from multiple configured certificates by building trustchains against the received certificate requests.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-09 17:59:37 +0000