aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Completed NEWS for 5.1.1dr3Andreas Steffen2013-09-061-0/+4
|
* Implemented targeted SWID requestAndreas Steffen2013-09-065-29/+86
|
* Store object files in the same directory as the source filesTobias Brunner2013-09-051-1/+1
| | | | | Future automake releases will apparently do that implicitly, but current releases spit out nasty warning messages.
* Make SWID directory where tags are stored configurableAndreas Steffen2013-09-055-7/+14
|
* Added tags table and some tag samplesAndreas Steffen2013-09-055-3/+267
|
* swid_inventory object has a get_count methodAndreas Steffen2013-09-042-16/+6
|
* Count collected SWID tags or tag IDsAndreas Steffen2013-09-041-3/+17
|
* Proceed with attestation only if Attestation IMC returns a discovery responseAndreas Steffen2013-09-044-7/+20
|
* libipsec: Properly initialize variables when creating AEAD wrapperTobias Brunner2013-09-041-2/+2
|
* android: Fix compilation after PTS header files were movedTobias Brunner2013-09-041-4/+4
|
* libpts: Android.mk updatedTobias Brunner2013-09-041-17/+24
|
* Version bump to 5.1.1dr3Andreas Steffen2013-09-041-1/+1
|
* NEWS: 5.1.1 update for merged branchesMartin Willi2013-09-041-0/+17
|
* load-tester: support extended traffic selector syntax, as in leftsubnetMartin Willi2013-09-041-13/+168
| | | | | In addition the initiator may use %unique as port, using a distinct port for each connection, starting from 1025.
* load-tester: add an option to test transport/beet connectionsMartin Willi2013-09-041-1/+21
|
* Merge branch 'ike-address-ranges'Martin Willi2013-09-0421-170/+413
|\ | | | | | | | | | | | | Adds support for multiple subnets and address ranges in left/right ipsec.conf options. As responder the connection is acceptable if the address is in one of the ranges/subnets. To initiate connections, at least one single IP or hostname is required for the peer address.
| * man: add support for multiple addresses/ranges/subnets in ipsec.conf left=Martin Willi2013-09-041-3/+10
| |
| * ike: support multiple addresses, ranges and subnets in IKE address configMartin Willi2013-09-0416-110/+306
| | | | | | | | | | | | | | Replace the allowany semantic by a more powerful subnet and IP range matching. Multiple addresses, DNS names, subnets and ranges can be specified in a comma separated list. Initiators ignore the ranges/subnets, responders match configurations against all addresses, ranges and subnets.
| * ike-cfg: remove the to be obsoleted allow any parameter in get_my/other_addrMartin Willi2013-09-047-33/+18
| |
| * backends: use ike_cfg host matching functionsMartin Willi2013-09-041-38/+7
| |
| * ike-cfg: add methods to match a host against configured local/remote addressesMartin Willi2013-09-042-0/+62
| |
| * trap-manager: use ike_cfg resolver functionsMartin Willi2013-09-041-4/+2
| |
| * ike-sa: use ike_cfg resolver functionsMartin Willi2013-09-041-16/+12
| |
| * ike-cfg: add a method to resolve local/remote hosts with portMartin Willi2013-09-042-0/+30
|/
* Merge branch 'ikev1-pushmode'Martin Willi2013-09-0423-99/+416
|\ | | | | | | | | Implements Mode Config Push mode in IKEv1 using the existing modeconfig=push ipsec.conf option.
| * stroke: ignore a leftsourceip if a rightsourceip is given as wellMartin Willi2013-09-041-1/+7
| | | | | | | | | | | | As we always negotiate virtual IPs in charon, having both left- and rightsourceip is not allowed. Both in IKEv1 and IKEv2 we support a single configuration payload exchange only.
| * man: update ipsec.conf modeconfig keywordMartin Willi2013-09-041-2/+1
| |
| * ikev1: implement mode config push modeMartin Willi2013-09-045-76/+363
| |
| * stroke: re-enable modeconfig keywordMartin Willi2013-09-043-1/+3
| |
| * peer-cfg: add a pull/push mode option to use with mode configMartin Willi2013-09-0415-20/+43
|/
* pubkey_speed: Add missing pluginsTobias Brunner2013-09-041-4/+4
| | | | | | | The pkcs1 plugin is required to test the gmp/gcrypt plugins. Likewise, the pem plugin is required when testing the openssl plugin. Fixes #401.
* pubkey_speed: sudo is not requiredTobias Brunner2013-09-041-4/+6
| | | | | Also, refer to pubkey_speed properly when not being called from the same directory.
* pubkey_speed: Add header and fix usageTobias Brunner2013-09-041-2/+15
|
* Merge branch 'xauth-radius-multi'Martin Willi2013-09-0318-76/+306
|\ | | | | | | | | | | | | | | | | | | Introduces multiple rounds in the eap-radius XAuth backend, concatenating answers to a single password to verify using a RADIUS User-Password attribute. This is known to work fine with iOS and OS X clients, allowing two-factor authentication with proper dialogs. Different XAuth "profiles" for each backend can be selected using a generic colon sperated suffix for the XAuth string.
| * charon-cmd: support prompting for a PINMartin Willi2013-09-031-4/+8
| | | | | | | | | | To support a Password and PIN XAuth combo, additionally support multiple prompts for different credential types.
| * xauth-generic: honor requested XAuth credential types as a clientMartin Willi2013-09-031-16/+51
| | | | | | | | Support requesting of XAuth PINs and print XAuth messages.
| * attributes: shorten some Unity and XAuth attribute short namesMartin Willi2013-09-031-15/+15
| |
| * message: print type of configuration payloadMartin Willi2013-09-031-1/+21
| |
| * message: print attributes for IKEv1 configuration payloads as wellMartin Willi2013-09-031-1/+2
| |
| * eap-radius: support XAuth configuration profiles, defining multiple XAuth roundsMartin Willi2013-09-031-22/+157
| |
| * xauth: add a configuration string option to be passed to XAuth instancesMartin Willi2013-09-0315-17/+52
|/ | | | | | The configuration string is appended to the XAuth backend name, separated by a colon. The configuration string is passed untouched to the backend, where it can change the behavior of the XAuth module.
* Use ipsec_DATA destination5.1.1dr2Andreas Steffen2013-09-021-7/+1
|
* Install SWID tag also in /share/Andreas Steffen2013-09-021-2/+3
|
* Generate strongSwan SWID tagAndreas Steffen2013-09-023-0/+55
|
* Added regids table and some sample reqid dataAndreas Steffen2013-09-025-0/+169
|
* Pull dave for OS infoAndreas Steffen2013-09-021-1/+1
|
* Corrected debug class to DBG_IMCAndreas Steffen2013-09-021-9/+9
|
* autoconf: Split PACKAGE_VERSION in four partsTobias Brunner2013-09-022-0/+20
| | | | | | | | | | | The parts can be accessed with the variables: PACKAGE_VERSION_MAJOR PACKAGE_VERSION_MINOR PACKAGE_VERSION_BUILD PACKAGE_VERSION_REVIEW The last part will be empty for regular releases.
* conftest: Fix hook constructor resolution via dlsym()Tobias Brunner2013-08-301-1/+3
| | | | | | | | AM_CPPFLAGS only takes preprocessor flags like -I or -D, so it did not forward -rdynamic to the linker (--export-dynamic), which meant that the symbols defined in the executable itself were not resolvable via dlsym(). Fixes #394.
* SWID IMC implements recursive tag collection in /usr/shareAndreas Steffen2013-08-309-123/+385
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 23:09:57 +0000