aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | | Add a timeout to clean up PDP RADIUS connectionsMartin Willi2013-02-141-0/+51
| | |
* | | Keep the PDP connections lock while accessing its objectsMartin Willi2013-02-143-7/+34
| | | | | | | | | | | | | | | | | | When we introduce connection timeouts, the state may disappear at any time. This change prevents that, but is not very clear. We probably have to refactor connection handling.
* | | Add locking to TNC-PDP connectionsMartin Willi2013-02-141-7/+23
| | |
* | | Add IF-M message subtype getter to IMC/IMV messagesMartin Willi2013-02-144-1/+28
| | |
* | | Use a generic constructor to create PA-TNC error attributesMartin Willi2013-02-141-62/+32
| | |
* | | Add a global return_success() method implementationMartin Willi2013-02-143-8/+15
| | |
* | | Add a convenience method to check pen_type_t for vendor and typeMartin Willi2013-02-141-0/+14
| | |
* | | Add a comparison function for pen_type_tMartin Willi2013-02-141-0/+12
| | |
* | | Whitespace and comment cleanups in pen.[ch]Martin Willi2013-02-142-20/+28
| | |
* | | resolve dependency on libtlsAndreas Steffen2013-02-141-0/+1
| | |
* | | Merge branch 'ike-dscp'Martin Willi2013-02-1427-68/+242
|\ \ \
| * | | Add ikedscp documentation to ipsec.conf.5Martin Willi2013-02-061-0/+5
| | | |
| * | | Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packetsMartin Willi2013-02-067-4/+23
| | | |
| * | | Set configured DSCP value while generating IKE packetsMartin Willi2013-02-061-1/+26
| | | |
| * | | Add a DSCP configuration value to IKE configsMartin Willi2013-02-0614-25/+41
| | | |
| * | | Set DSCP values when sending IP packets in socket-defaultMartin Willi2013-02-061-1/+65
| | | |
| * | | Don't send a packet in default socket if family is not IPv4 nor IPv6Martin Willi2013-02-061-12/+18
| | | |
| * | | Add a DSCP value with getter/setter on packet_tMartin Willi2013-02-063-0/+47
| | | |
| * | | Avoid extensive casting of sockaddr types in socket-default by using a unionMartin Willi2013-02-061-24/+16
| | | | | | | | | | | | | | | | Additionally fixes a strict-aliasing rule compiler warning with older gcc.
| * | | Set sockaddr family on ifreq instead of casted familiy specific sockaddrMartin Willi2013-02-061-2/+2
| |/ / | | | | | | | | | Fixes a strict-aliasing rule compiler warning with older gcc.
* | | Check if recommendations is set before applying language preferenceMartin Willi2013-02-141-3/+6
| | |
* | | PT-TLS dispatcher TNCCS constructor takes peer identities to pass to factoryMartin Willi2013-02-142-4/+23
| | |
* | | Merge branch 'pt-tls'Martin Willi2013-02-1420-94/+1413
|\ \ \
| * | | Pass a constructor callback to create TNCCS server instances while dispatchingMartin Willi2013-01-174-15/+31
| | | |
| * | | Create pt_tls_client with separate server address and identityMartin Willi2013-01-162-28/+19
| | | |
| * | | Create pt_tls_dispatcher with separate server address and identityMartin Willi2013-01-162-17/+13
| | | |
| * | | Add a libpttls providing NEA PT-TLS / TNC IF-T for TLS transport layerMartin Willi2013-01-1611-0/+1171
| | | |
| * | | Send TLS close notify during tls_socket_t destructionMartin Willi2013-01-151-2/+25
| | | |
| * | | Send TLS close notify if application returns SUCCESSMartin Willi2013-01-151-2/+6
| | | |
| * | | Block TLS read when sending data, but have to wait for the handshake data firstMartin Willi2013-01-151-4/+11
| | | |
| * | | TNCCS plugins don't depend on EAP-TNC, but can be used by other transports, tooMartin Willi2013-01-153-9/+0
| | | |
| * | | Add a bio_reader_t constructor variant freeing passed data during destructionMartin Willi2013-01-152-1/+32
| | | |
| * | | Use a more POSIXy tls_socket interface with more flexibility.Martin Willi2013-01-152-81/+165
| | | | | | | | | | | | | | | | | | | | If an unsufficient read buffer is provided, application data gets cached for subsequent read() calls.
| * | | Add a chunk_from_str() initializer that does not include 0-terminatorMartin Willi2013-01-151-0/+5
| | | |
* | | | Remove leading zeros in SCEP certificate serialNumbersMartin Willi2013-02-141-13/+19
| | | |
* | | | Fix 'stroke loglevel any'Tobias Brunner2013-02-131-4/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Before b46a5cd4 this worked if debug_t was unsigned. In that case -1, as returned by enum_from_name(), would result in a large positive number. So any unknown debug group (including 'any') had the same effect that was only intended for 'any'.
* | | | added ikev1/net2net-fragmentation scenario5.0.3dr1Andreas Steffen2013-02-129-0/+122
| | | |
* | | | treat EAP identities as user IDsAndreas Steffen2013-02-121-3/+3
| | | |
* | | | use EAP identity in tnc/tnccs-20-pdp scenarioAndreas Steffen2013-02-128-10/+12
| | | |
* | | | make TNC client authentication type available to IMVsAndreas Steffen2013-02-1210-27/+215
| | | |
* | | | determine underlying IF-T transport protocolAndreas Steffen2013-02-1213-65/+231
| | | |
* | | | make AR identities available to IMVs via IF-IMV 1.4 draftAndreas Steffen2013-02-1114-0/+645
| | | |
* | | | Make IKE/EAP IDs available to TNC server/clientAndreas Steffen2013-02-1110-28/+92
| | | |
* | | | Don't use a time_t variable with fscanf when parsing uptimeTobias Brunner2013-02-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because "%u" is used as format string in the fscanf call that parses the uptime and because the length of time_t varies on different platforms and architectures the value was not written properly if time_t was longer than an unsigned int and depending on how the target variable was aligned on the stack. Since there is no conversion specifier to properly parse a time_t value we use the appropriate integer type instead.
* | | | Allow more than one CERTREQ payload for IKEv2Tobias Brunner2013-02-081-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | There is no reason not to do so (RFC 5996 explicitly mentions multiple CERTREQ payloads) and some implementations seem to use the same behavior as had to be used with IKEv1 (i.e. each CA in its own CERTREQ payload).
* | | | Add a --httptimeout option to scepclientMartin Willi2013-02-083-7/+22
| | | |
* | | | Use CURL_TIMEOUT and not CURL_CONNECTTIMEOUT for FETCHER_TIMEOUT in curlMartin Willi2013-02-081-5/+12
| | | | | | | | | | | | | | | | | | | | This allows us to use this timeout beyond DNS resolution. For the initial connect, we use a hardcoded timeout of 10s for now.
* | | | Report enabled plugins at the end of configureTobias Brunner2013-02-041-0/+13
| | | |
* | | | Streamlined comments in configure.inTobias Brunner2013-02-041-80/+83
| | | | | | | | | | | | | | | | dnl should only be used in rare cases (like escaping newlines)
* | | | Updated configure.in to newer autoconfTobias Brunner2013-02-041-145/+161
| | | | | | | | | | | | | | | | | | | | | | | | AC_TRY_COMPILE and AC_TRY_RUN are deprecated. The new construct with AC_*_IFELSE and AC_LANG_PROGRAM requires double quoting the source code of these test programs.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 22:47:22 +0000