aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Count collected SWID tags or tag IDsAndreas Steffen2013-09-041-3/+17
|
* Proceed with attestation only if Attestation IMC returns a discovery responseAndreas Steffen2013-09-044-7/+20
|
* libipsec: Properly initialize variables when creating AEAD wrapperTobias Brunner2013-09-041-2/+2
|
* android: Fix compilation after PTS header files were movedTobias Brunner2013-09-041-4/+4
|
* libpts: Android.mk updatedTobias Brunner2013-09-041-17/+24
|
* Version bump to 5.1.1dr3Andreas Steffen2013-09-041-1/+1
|
* NEWS: 5.1.1 update for merged branchesMartin Willi2013-09-041-0/+17
|
* load-tester: support extended traffic selector syntax, as in leftsubnetMartin Willi2013-09-041-13/+168
| | | | | In addition the initiator may use %unique as port, using a distinct port for each connection, starting from 1025.
* load-tester: add an option to test transport/beet connectionsMartin Willi2013-09-041-1/+21
|
* Merge branch 'ike-address-ranges'Martin Willi2013-09-0421-170/+413
|\ | | | | | | | | | | | | Adds support for multiple subnets and address ranges in left/right ipsec.conf options. As responder the connection is acceptable if the address is in one of the ranges/subnets. To initiate connections, at least one single IP or hostname is required for the peer address.
| * man: add support for multiple addresses/ranges/subnets in ipsec.conf left=Martin Willi2013-09-041-3/+10
| |
| * ike: support multiple addresses, ranges and subnets in IKE address configMartin Willi2013-09-0416-110/+306
| | | | | | | | | | | | | | Replace the allowany semantic by a more powerful subnet and IP range matching. Multiple addresses, DNS names, subnets and ranges can be specified in a comma separated list. Initiators ignore the ranges/subnets, responders match configurations against all addresses, ranges and subnets.
| * ike-cfg: remove the to be obsoleted allow any parameter in get_my/other_addrMartin Willi2013-09-047-33/+18
| |
| * backends: use ike_cfg host matching functionsMartin Willi2013-09-041-38/+7
| |
| * ike-cfg: add methods to match a host against configured local/remote addressesMartin Willi2013-09-042-0/+62
| |
| * trap-manager: use ike_cfg resolver functionsMartin Willi2013-09-041-4/+2
| |
| * ike-sa: use ike_cfg resolver functionsMartin Willi2013-09-041-16/+12
| |
| * ike-cfg: add a method to resolve local/remote hosts with portMartin Willi2013-09-042-0/+30
|/
* Merge branch 'ikev1-pushmode'Martin Willi2013-09-0423-99/+416
|\ | | | | | | | | Implements Mode Config Push mode in IKEv1 using the existing modeconfig=push ipsec.conf option.
| * stroke: ignore a leftsourceip if a rightsourceip is given as wellMartin Willi2013-09-041-1/+7
| | | | | | | | | | | | As we always negotiate virtual IPs in charon, having both left- and rightsourceip is not allowed. Both in IKEv1 and IKEv2 we support a single configuration payload exchange only.
| * man: update ipsec.conf modeconfig keywordMartin Willi2013-09-041-2/+1
| |
| * ikev1: implement mode config push modeMartin Willi2013-09-045-76/+363
| |
| * stroke: re-enable modeconfig keywordMartin Willi2013-09-043-1/+3
| |
| * peer-cfg: add a pull/push mode option to use with mode configMartin Willi2013-09-0415-20/+43
|/
* pubkey_speed: Add missing pluginsTobias Brunner2013-09-041-4/+4
| | | | | | | The pkcs1 plugin is required to test the gmp/gcrypt plugins. Likewise, the pem plugin is required when testing the openssl plugin. Fixes #401.
* pubkey_speed: sudo is not requiredTobias Brunner2013-09-041-4/+6
| | | | | Also, refer to pubkey_speed properly when not being called from the same directory.
* pubkey_speed: Add header and fix usageTobias Brunner2013-09-041-2/+15
|
* Merge branch 'xauth-radius-multi'Martin Willi2013-09-0318-76/+306
|\ | | | | | | | | | | | | | | | | | | Introduces multiple rounds in the eap-radius XAuth backend, concatenating answers to a single password to verify using a RADIUS User-Password attribute. This is known to work fine with iOS and OS X clients, allowing two-factor authentication with proper dialogs. Different XAuth "profiles" for each backend can be selected using a generic colon sperated suffix for the XAuth string.
| * charon-cmd: support prompting for a PINMartin Willi2013-09-031-4/+8
| | | | | | | | | | To support a Password and PIN XAuth combo, additionally support multiple prompts for different credential types.
| * xauth-generic: honor requested XAuth credential types as a clientMartin Willi2013-09-031-16/+51
| | | | | | | | Support requesting of XAuth PINs and print XAuth messages.
| * attributes: shorten some Unity and XAuth attribute short namesMartin Willi2013-09-031-15/+15
| |
| * message: print type of configuration payloadMartin Willi2013-09-031-1/+21
| |
| * message: print attributes for IKEv1 configuration payloads as wellMartin Willi2013-09-031-1/+2
| |
| * eap-radius: support XAuth configuration profiles, defining multiple XAuth roundsMartin Willi2013-09-031-22/+157
| |
| * xauth: add a configuration string option to be passed to XAuth instancesMartin Willi2013-09-0315-17/+52
|/ | | | | | The configuration string is appended to the XAuth backend name, separated by a colon. The configuration string is passed untouched to the backend, where it can change the behavior of the XAuth module.
* Use ipsec_DATA destination5.1.1dr2Andreas Steffen2013-09-021-7/+1
|
* Install SWID tag also in /share/Andreas Steffen2013-09-021-2/+3
|
* Generate strongSwan SWID tagAndreas Steffen2013-09-023-0/+55
|
* Added regids table and some sample reqid dataAndreas Steffen2013-09-025-0/+169
|
* Pull dave for OS infoAndreas Steffen2013-09-021-1/+1
|
* Corrected debug class to DBG_IMCAndreas Steffen2013-09-021-9/+9
|
* autoconf: Split PACKAGE_VERSION in four partsTobias Brunner2013-09-022-0/+20
| | | | | | | | | | | The parts can be accessed with the variables: PACKAGE_VERSION_MAJOR PACKAGE_VERSION_MINOR PACKAGE_VERSION_BUILD PACKAGE_VERSION_REVIEW The last part will be empty for regular releases.
* conftest: Fix hook constructor resolution via dlsym()Tobias Brunner2013-08-301-1/+3
| | | | | | | | AM_CPPFLAGS only takes preprocessor flags like -I or -D, so it did not forward -rdynamic to the linker (--export-dynamic), which meant that the symbols defined in the executable itself were not resolvable via dlsym(). Fixes #394.
* SWID IMC implements recursive tag collection in /usr/shareAndreas Steffen2013-08-309-123/+385
|
* aes-test: Rename crypt() as it conflicts with a library function on Mac OS XTobias Brunner2013-08-301-3/+3
| | | | unistd.h on Linux defines this only if _XOPEN_SOURCE is defined.
* kernel-pfroute: Fix mixed up memset() call in get_route()Mathias Krause2013-08-291-1/+1
| | | | | | | | | | The retry code introduced in dc8b083 got the memset() arguments wrong. Fix this to ensure the buffer gets zeroed, for real. It probably doesn't matter as we do reset the message length on retry, so the stale data shouldn't be seen by anyone. Found-by: git grep 'memset\s*\([^,]*,\s*[^,]*,\s*0\s*\)'
* testing: support a .gitignored testing.conf.local for site-local configurationsMartin Willi2013-08-292-34/+40
|
* charon-xpc: add a note how to build the source tarballMartin Willi2013-08-291-0/+7
|
* charon-xpc: include and prefer AES-GCM algorithms in ESP proposalMartin Willi2013-08-291-0/+3
|
* Version bump to 5.1.1dr2Andreas Steffen2013-08-281-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-16 02:52:37 +0000