aboutsummaryrefslogtreecommitdiffstats
Commit message (Expand)AuthorAgeFilesLines
...
* Test TLS AEAD cipher suitesAndreas Steffen2014-04-0110-10/+17
* Added Ubuntu 14.04 to IMV databaseAndreas Steffen2014-03-311-0/+24
* Slightly edited evaltest of ikev2/ocsp-untrusted-cert scenarioAndreas Steffen2014-03-311-1/+1
* unit-tests: Always load address of testable functionsTobias Brunner2014-03-311-1/+1
* settings: Reduce log verbosity if strongswan.conf does not existTobias Brunner2014-03-311-1/+10
* test-vectors: Renumber AES-GCM test vectors according to original sourceTobias Brunner2014-03-312-16/+100
* Merge branch 'tls-aead'Martin Willi2014-03-3129-479/+1435
|\
| * NEWS: Note TLS AEAD modeMartin Willi2014-03-311-0/+3
| * tls: Fix some TLS cipher suite enum namesMartin Willi2014-03-311-3/+3
| * tls: Include TLS version announced in Client Hello in encrypted premasterMartin Willi2014-03-311-1/+7
| * tls: Check for minimal TLS record length before each record iterationMartin Willi2014-03-311-8/+8
| * tls: Fix AEAD algorithm filtering, avoid filtering all suites if no AEAD foundMartin Willi2014-03-311-19/+52
| * tls: Offer TLS signature schemes in ClientHello in order of preferenceMartin Willi2014-03-311-90/+59
| * tls: Define AES-GCM cipher suites from RFC 5288/5289Martin Willi2014-03-311-0/+54
| * tls: Implement the TLS AEAD abstraction for real AEAD modesMartin Willi2014-03-314-8/+262
| * tls: Separate TLS protection to abstracted AEAD modesMartin Willi2014-03-318-325/+874
| * aead: Support custom AEAD salt sizesMartin Willi2014-03-3117-43/+131
|/
* ikev2: Recreate a CHILD_SA that got a hard lifetime expire without rekeyingMartin Willi2014-03-311-0/+12
* revocation: Log error if no OCSP signer candidate foundMartin Willi2014-03-311-1/+1
* Merge branch 'ocsp-constraints'Martin Willi2014-03-313-46/+86
|\
| * revocation: Restrict OCSP signing to specific certificatesMartin Willi2014-03-313-10/+65
| * revocation: Don't merge auth config of CLR/OCSP trustchain validationMartin Willi2014-03-311-39/+24
|/
* hashtable: Make key arguments constTobias Brunner2014-03-312-22/+23
* Properly hash pointers for hash tables where appropriateTobias Brunner2014-03-314-71/+7
* kernel-pfroute: Let get_nexthop() default to destination addressTobias Brunner2014-03-311-3/+7
* x509: CERT_DECODE actually requires KEY_ANYTobias Brunner2014-03-311-3/+1
* pkcs1: KEY_ANY public key decoder soft depends on specific decodersTobias Brunner2014-03-311-0/+3
* eap-radius: Add option to not close IKE_SAs on timeouts during interim accout...Tobias Brunner2014-03-312-1/+10
* ikev1: Accept SPI size of any length <= 16 in ISAKMP proposalTobias Brunner2014-03-311-4/+12
* proposal: Don't fail DH proposal matching if peer includes NONETobias Brunner2014-03-311-4/+19
* conf: Order settings in man page alphabeticallyTobias Brunner2014-03-311-5/+4
* Merge branch 'acerts'Martin Willi2014-03-3196-1587/+2394
|\
| * NEWS: Add acert and pki changes for 5.1.3Martin Willi2014-03-311-0/+13
| * openac: Remove obsolete openac utilityMartin Willi2014-03-3110-772/+21
| * pki: Document --not-before/after and --dateform options in manpagesMartin Willi2014-03-314-7/+99
| * pki: Support absolute --this/next-update CRL lifetimesMartin Willi2014-03-311-6/+22
| * pki: Support absolute --not-before/after issued certificate lifetimesMartin Willi2014-03-312-7/+22
| * pki: Support absolute --not-before/after self-signed certificate lifetimesMartin Willi2014-03-311-5/+22
| * pki: Support absolute --not-before/after acert lifetimesMartin Willi2014-03-311-7/+26
| * pki: Add a certificate lifetime calculation helper functionMartin Willi2014-03-312-1/+69
| * testing: Add an acert test that forces a fallback connection based on groupsMartin Willi2014-03-3113-0/+199
| * testing: Add an acert test case sending attribute certificates inlineMartin Willi2014-03-3118-0/+291
| * testing: Add an acert test using locally cached attribute certificatesMartin Willi2014-03-3116-0/+239
| * testing: build strongSwan with acert pluginMartin Willi2014-03-311-0/+1
| * ikev2: Cache all received attribute certificates to auth configMartin Willi2014-03-311-1/+27
| * ikev2: Send all known and valid attribute certificates for subject certMartin Willi2014-03-311-0/+46
| * ikev2: Slightly refactor certificate payload construction to separate functionsMartin Willi2014-03-311-37/+56
| * ike: Support encoding of attribute certificates in CERT payloadsMartin Willi2014-03-311-1/+6
| * auth-cfg: Declare an attribute certificate helper type to exchange acertsMartin Willi2014-03-313-2/+15
| * acert: Implement a plugin finding, validating and evaluating attribute certsMartin Willi2014-03-317-0/+367
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-09 08:20:44 +0000