aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Check for libjsonAndreas Steffen2014-05-311-0/+5
|
* Added Debian 7.5 product and all Debian armv6l productsAndreas Steffen2014-05-311-6/+102
|
* Fixed typo in tables.sqlAndreas Steffen2014-05-311-1/+1
|
* Additional index to improve performanceAndreas Steffen2014-05-311-0/+4
|
* Support targeted retrieval of SWID tagsAndreas Steffen2014-05-311-93/+164
|
* curl: Don't set CURLOPT_FAILONERRORTobias Brunner2014-05-311-14/+5
| | | | | With the strongTNC REST API some errors will actually be accompanied by a response we want to receive completely.
* Implemented SWID REST APIAndreas Steffen2014-05-316-103/+508
|
* Set entity_name to strongSwan ProjectAndreas Steffen2014-05-311-5/+7
|
* Updated strongSwan SWID Tag from ISO 2009 to 2014 formatAndreas Steffen2014-05-311-29/+19
|
* Version bump to 5.2.0dr5Andreas Steffen2014-05-311-1/+1
|
* Make sure getpass() is availableTobias Brunner2014-05-293-3/+9
| | | | It's not on Android for example.
* starter: Fix build on AndroidTobias Brunner2014-05-281-0/+1
| | | | | While the (default) ipsec script does not work on Android starter still passes the script's name to charon if leftfirewall is configured.
* Some more files to measureAndreas Steffen2014-05-211-0/+7
|
* Added all SWID tables and example regidsAndreas Steffen2014-05-212-122/+105
|
* scripts: Ignore settings-test scriptTobias Brunner2014-05-201-7/+8
|
* peer-cfg: Add missing UNIQUE_NEVER to unique_policy_namesMartin Willi2014-05-191-1/+2
|
* unit-tests: Sync threads with main thread in test_cleanup_cancel()Tobias Brunner2014-05-191-0/+5
| | | | | Without synchronization threads could get canceled before they could disable their cancelability.
* pfkey: Always include stdint.hTobias Brunner2014-05-191-1/+1
| | | | | | On some systems (e.g. on Debian/kFreeBSD) that header is required when including ipsec.h, on Linux we require it too when including pfkeyv2.h, so to simplify things we just always include it.
* Merge branch 'fetcher-response-code'Tobias Brunner2014-05-199-25/+158
|\ | | | | | | Extends the fetcher API to retrieve the response status code for a request.
| * soup: Add support to retrieve the response codeTobias Brunner2014-05-191-2/+14
| |
| * unit-tests: Allow some HTTP write operations to failTobias Brunner2014-05-191-7/+12
| | | | | | | | | | | | Because CURLOPT_FAILONERROR is enabled in the curl plugin an error code will often (not always) cause the client to close the TCP connection before the server has written the complete response.
| * curl: Add support to return the response codeTobias Brunner2014-05-191-1/+27
| |
| * unit-tests: Add a test case for HTTP response codesTobias Brunner2014-05-191-8/+57
| |
| * fetcher: Add option to retrieve response code from a fetcherTobias Brunner2014-05-192-0/+10
| |
| * unit-tests: Defer failures by worker threadsTobias Brunner2014-05-192-5/+36
| | | | | | | | | | | | | | | | | | | | | | In some cases the main thread is not ready to immediately call siglongjmp(), e.g. if it currently holds a mutex that is later required during shutdown. Therefore, we delay handling errors in worker threads until the main thread performs the next check itself (or the test function ends). The same issue remains with SIGALRM.
| * unit-tests: Make sure plugins in the builddir are loadedTobias Brunner2014-05-192-2/+2
|/ | | | | | When running the tests in GDB the working directory apparently is different. With the relative path used previously the plugins would not be found and those installed on the system would get used.
* unit-tests: Don't assert failures for unreadable settings files as rootTobias Brunner2014-05-161-5/+8
| | | | The file can still be read by root even if nobody has read privileges.
* Merge branch 'aead-proposal'Martin Willi2014-05-1618-80/+190
|\ | | | | | | | | | | | | | | | | Encode default AEAD encryption algorithms to a proposal separate from non-AEAD algorithms. RFC 4306 and 5282 where less explicit, but RFC 5996 requires separate proposals for AEAD and non-AEAD algorithms. As responder we still accept both encoding variants. Fixes #573.
| * proposal: Don't return a default IKE proposal without encryption/AEAD algsMartin Willi2014-05-161-3/+23
| |
| * ike: Add an additional but separate AEAD proposal to CHILD configMartin Willi2014-05-1610-2/+22
| | | | | | | | | | | | | | This currently has no effect: We don't include AEAD algorithms in the default ESP proposal, as we don't know if it is supported by the backend. But as we hopefully get an algorithm query mechanism on kernel interfaces some day, we add the appropriate functionality nonetheless.
| * ike: Add an additional but separate AEAD proposal to IKE config, if supportedMartin Willi2014-05-1612-10/+37
| |
| * child-cfg: Allow passing NULL as proposal to add_proposal()Martin Willi2014-05-162-4/+7
| | | | | | | | Making the API consistent to the one of ike_cfg.
| * ike-cfg: Allow passing NULL to add_proposal()Martin Willi2014-05-162-3/+7
| | | | | | | | | | This simplifies adding default proposals with constructors potentially returning NULL.
| * proposal: Use an additional "default" constructor specific to AEAD algorithmsMartin Willi2014-05-162-0/+31
| | | | | | | | | | This allows a caller to create a separated proposal for supported AEAD algorithms, as required by RFC 5996.
| * proposal: Don't include AEAD algorithms in the default proposalMartin Willi2014-05-161-61/+66
|/ | | | | | According to RFC 5996 3.3 we should use a separate proposal for AEAD algorithms. This was not clear in RFC 5282, hence we previously included both AEAD and non-AEAD algorithms in a single proposal.
* Merge branch 'clang-fixes'Martin Willi2014-05-1647-771/+190
|\ | | | | | | | | | | | | | | Fixes some warnings raised when compiling with clang. Some are cosmetically, others are worth to fix. This prepares the Travis build for -Werror, which will force us to fix all warnings raised by all compilers.
| * enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-1628-85/+102
| | | | | | | | | | | | | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
| * enum: Don't directly include enum.hMartin Willi2014-05-169-11/+10
| | | | | | | | | | To allow enum.h to depend on utils.h definitions, avoid its direct inclusion. Instead include utils.h, which includes enum.h as well.
| * libtps: Silence GCC set-but-unused warning in incomplete codeMartin Willi2014-05-161-2/+2
| |
| * scepclient: Cast OID_UNKNOWN before comparing it to unsigned hash_algorithm_tMartin Willi2014-05-161-1/+1
| | | | | | | | clang uses unsigned enums and complains about the always-false -1 check.
| * swanctl: Properly initialize return value of --install commandMartin Willi2014-05-161-1/+1
| |
| * xauth-pam: Fix header include guardMartin Willi2014-05-161-1/+1
| |
| * eap-peap: Remove dead SoH code from PEAPMartin Willi2014-05-161-15/+0
| | | | | | | | clang complains about the unused variables.
| * tls: Move variable sized tls_record_t struct to end of tls_t dataMartin Willi2014-05-161-4/+4
| | | | | | | | clang complains about the the non-last variable length member.
| * kernel-klips: Pass a pointer to a properly sized integer for algorithm lookupMartin Willi2014-05-161-1/+1
| |
| * auth-cfg: Cast literal default value to pointer typeMartin Willi2014-05-161-1/+1
| | | | | | | | Fixes a clang warning.
| * unbound: Explicitly cast from ldns RR type/class to our typesMartin Willi2014-05-161-2/+2
| | | | | | | | | | | | These definitions are directly derived from the RFC, so it should be safe to cast them. clang complains about the different types, so cast them explicitly.
| * x509: Remove some unused ASN1 OID constantsMartin Willi2014-05-162-25/+0
| |
| * aes: Remove unused build variantsMartin Willi2014-05-161-622/+65
|/ | | | | | The AES code historically has different build options for various size/speed trade-offs. We never made use of them, so just drop the obsolete code. The code now has four hard-coded fixed tables, both inverse and original.
* Minor changes in the test environment5.2.0dr4Andreas Steffen2014-05-153-1/+11
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 22:33:33 +0000