index
:
tteras/strongswan
master
tteras
tteras-release
tteras' strongSwan tree
gitolite
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
Commit message (
Expand
)
Author
Age
Files
Lines
...
|
*
tls: Check for minimal TLS record length before each record iteration
Martin Willi
2014-03-31
1
-8
/
+8
|
*
tls: Fix AEAD algorithm filtering, avoid filtering all suites if no AEAD found
Martin Willi
2014-03-31
1
-19
/
+52
|
*
tls: Offer TLS signature schemes in ClientHello in order of preference
Martin Willi
2014-03-31
1
-90
/
+59
|
*
tls: Define AES-GCM cipher suites from RFC 5288/5289
Martin Willi
2014-03-31
1
-0
/
+54
|
*
tls: Implement the TLS AEAD abstraction for real AEAD modes
Martin Willi
2014-03-31
4
-8
/
+262
|
*
tls: Separate TLS protection to abstracted AEAD modes
Martin Willi
2014-03-31
8
-325
/
+874
|
*
aead: Support custom AEAD salt sizes
Martin Willi
2014-03-31
17
-43
/
+131
|
/
*
ikev2: Recreate a CHILD_SA that got a hard lifetime expire without rekeying
Martin Willi
2014-03-31
1
-0
/
+12
*
revocation: Log error if no OCSP signer candidate found
Martin Willi
2014-03-31
1
-1
/
+1
*
Merge branch 'ocsp-constraints'
Martin Willi
2014-03-31
3
-46
/
+86
|
\
|
*
revocation: Restrict OCSP signing to specific certificates
Martin Willi
2014-03-31
3
-10
/
+65
|
*
revocation: Don't merge auth config of CLR/OCSP trustchain validation
Martin Willi
2014-03-31
1
-39
/
+24
|
/
*
hashtable: Make key arguments const
Tobias Brunner
2014-03-31
2
-22
/
+23
*
Properly hash pointers for hash tables where appropriate
Tobias Brunner
2014-03-31
4
-71
/
+7
*
kernel-pfroute: Let get_nexthop() default to destination address
Tobias Brunner
2014-03-31
1
-3
/
+7
*
x509: CERT_DECODE actually requires KEY_ANY
Tobias Brunner
2014-03-31
1
-3
/
+1
*
pkcs1: KEY_ANY public key decoder soft depends on specific decoders
Tobias Brunner
2014-03-31
1
-0
/
+3
*
eap-radius: Add option to not close IKE_SAs on timeouts during interim accout...
Tobias Brunner
2014-03-31
2
-1
/
+10
*
ikev1: Accept SPI size of any length <= 16 in ISAKMP proposal
Tobias Brunner
2014-03-31
1
-4
/
+12
*
proposal: Don't fail DH proposal matching if peer includes NONE
Tobias Brunner
2014-03-31
1
-4
/
+19
*
conf: Order settings in man page alphabetically
Tobias Brunner
2014-03-31
1
-5
/
+4
*
Merge branch 'acerts'
Martin Willi
2014-03-31
96
-1587
/
+2394
|
\
|
*
NEWS: Add acert and pki changes for 5.1.3
Martin Willi
2014-03-31
1
-0
/
+13
|
*
openac: Remove obsolete openac utility
Martin Willi
2014-03-31
10
-772
/
+21
|
*
pki: Document --not-before/after and --dateform options in manpages
Martin Willi
2014-03-31
4
-7
/
+99
|
*
pki: Support absolute --this/next-update CRL lifetimes
Martin Willi
2014-03-31
1
-6
/
+22
|
*
pki: Support absolute --not-before/after issued certificate lifetimes
Martin Willi
2014-03-31
2
-7
/
+22
|
*
pki: Support absolute --not-before/after self-signed certificate lifetimes
Martin Willi
2014-03-31
1
-5
/
+22
|
*
pki: Support absolute --not-before/after acert lifetimes
Martin Willi
2014-03-31
1
-7
/
+26
|
*
pki: Add a certificate lifetime calculation helper function
Martin Willi
2014-03-31
2
-1
/
+69
|
*
testing: Add an acert test that forces a fallback connection based on groups
Martin Willi
2014-03-31
13
-0
/
+199
|
*
testing: Add an acert test case sending attribute certificates inline
Martin Willi
2014-03-31
18
-0
/
+291
|
*
testing: Add an acert test using locally cached attribute certificates
Martin Willi
2014-03-31
16
-0
/
+239
|
*
testing: build strongSwan with acert plugin
Martin Willi
2014-03-31
1
-0
/
+1
|
*
ikev2: Cache all received attribute certificates to auth config
Martin Willi
2014-03-31
1
-1
/
+27
|
*
ikev2: Send all known and valid attribute certificates for subject cert
Martin Willi
2014-03-31
1
-0
/
+46
|
*
ikev2: Slightly refactor certificate payload construction to separate functions
Martin Willi
2014-03-31
1
-37
/
+56
|
*
ike: Support encoding of attribute certificates in CERT payloads
Martin Willi
2014-03-31
1
-1
/
+6
|
*
auth-cfg: Declare an attribute certificate helper type to exchange acerts
Martin Willi
2014-03-31
3
-2
/
+15
|
*
acert: Implement a plugin finding, validating and evaluating attribute certs
Martin Willi
2014-03-31
7
-0
/
+367
|
*
x509: Match acert has_subject() against entityName or holder serial
Martin Willi
2014-03-31
1
-5
/
+25
|
*
pki: Add acert and extend pki/print manpages
Martin Willi
2014-03-31
5
-2
/
+116
|
*
pki: Implement an acert command to issue attribute certificates
Martin Willi
2014-03-31
3
-1
/
+275
|
*
pki: Support printing attribute certificates
Martin Willi
2014-03-31
1
-1
/
+89
|
*
pki: Don't generate negative random serial numbers in X.509 certificates
Martin Willi
2014-03-31
2
-0
/
+2
|
*
pem: Support encoding of attribute certificates
Martin Willi
2014-03-31
1
-1
/
+6
|
*
x509: Replace the comma separated string AC group builder with a list based one
Martin Willi
2014-03-31
4
-10
/
+22
|
*
x509: Integrate IETF attribute handling, and obsolete ietf_attributes_t
Martin Willi
2014-03-31
6
-639
/
+186
|
*
x509: Replace fixed acert group string getter by a more dynamic group enumerator
Martin Willi
2014-03-31
5
-69
/
+131
|
*
x509: Skip parsing of acert chargingIdentity, as we don't use it anyway
Martin Willi
2014-03-31
1
-9
/
+1
[prev]
[next]
