aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* testing: Delete accidentally committed test casesTobias Brunner2014-06-1857-920/+0
|
* ikev1: Allow late connection switching based on XAuth usernameTobias Brunner2014-06-181-6/+0
|
* identification: Only use either , or / to separate RDNsTobias Brunner2014-06-182-7/+17
| | | | | If a DN starts with a slash (or whitespace and a slash) slashes will be used, otherwise commas.
* sshkey: Fix loading of ECDSA keys from filesTobias Brunner2014-06-182-3/+3
|
* sshkey: Add support to parse SSH public keys from files with left|rightsigkeyTobias Brunner2014-06-183-3/+59
|
* Merge branch 'vici-stats'Martin Willi2014-06-174-1/+277
|\ | | | | | | | | Add a vici/swanctl "stats" command to print daemon info, similar to the header shown in "ipsec statusall".
| * vici: Support memory stats without leak-detective on WindowsMartin Willi2014-06-171-0/+53
| |
| * swanctl: Add a --stats command to print daemon infos and statisticsMartin Willi2014-06-173-1/+120
| |
| * vici: Add a stats command returning various daemon infos and statisticsMartin Willi2014-06-171-0/+104
|/
* swanctl: Support private key decryption passhprases in swanctl.confMartin Willi2014-06-172-23/+145
| | | | | | | While there is no real security benefit of storing private keys encrypted if the passphrase is stored along with it, there still seems to be demand for this functionality. We add it for compatibility with ipsec.secrets, even if it is not really recommended.
* Merge branch 'conn-specific-replay'Martin Willi2014-06-1725-65/+137
|\ | | | | | | | | | | Introduces a connection specific replay_window option, overriding the global charon.replay_window strongswan.conf option. Original patch courtesy of Zheng Zhong and Christophe Gouault from 6Wind.
| * NEWS: Mention replay_window ipsec.conf optionMartin Willi2014-06-171-0/+4
| |
| * swanctl: Document replay_window optionMartin Willi2014-06-171-0/+7
| |
| * vici: Support a replay_window CHILD_SA optionMartin Willi2014-06-171-0/+16
| |
| * starter: Add a replay_window connection optionMartin Willi2014-06-178-0/+12
| |
| * kernel-pfkey: Support connection specific replay window sizes up to 32 packetsMartin Willi2014-06-171-1/+1
| |
| * kernel-netlink: Support connection specific replay window sizesMartin Willi2014-06-171-39/+16
| |
| * kernel-interface: Add a replay_window parameter to add_sa()Martin Willi2014-06-1712-25/+43
| |
| * child-cfg: Store connection specific replay window on CHILD_SA configMartin Willi2014-06-172-0/+38
|/
* Merge branch 'win-errno'Martin Willi2014-06-172-65/+278
|\ | | | | | | Improves errno handling for Winsock2 compatibility functions.
| * windows: Declare strerror_s()Martin Willi2014-06-171-0/+5
| | | | | | | | | | Older MinGW versions seem to miss this function declaration. Fixes build on Travis using Ubuntu 12.04.
| * windows: Extend strerror_r/s by extended POSIX errno stringsMartin Willi2014-06-172-0/+66
| |
| * windows: Implement strerror_r using strerror_sMartin Willi2014-06-171-0/+9
| |
| * windows: Wrap most Winsock2 Posix functions to set errnoMartin Willi2014-06-172-65/+198
|/ | | | | | While Winsock provides many Posix compatibility functions, they do not set errno, but use WSAGetLastError() for error reporting. The wrapped functions derive an errno from WSAGetLastError() on failure.
* watcher: Prevent race condition spawning multiple watcher threadsMartin Willi2014-06-171-1/+3
| | | | | | | | If file descriptors get added and removed in rapid succession, the active watcher thread might not take notice of it and continues running. However, add() spawns a watcher thread whenever a file descriptor is added to an empty set. This could result in multiple watcher threads, which is fixed by a proper check for running watchers.
* thread-value: Defer cleanup handling to thread termination on WindowsMartin Willi2014-06-173-40/+51
| | | | | | | | | | | Instead of cleaning up all thread-values during destruction, cleanup handler is invoked when a thread detaches. Thread detaching is cough using the Windows DllMain() entry point, and allows us to basically revert 204098a7. Using this mechanism, we make sure that the cleanup handler is invoked by the the correct thread. Further, this mechanism works for externally-spawned threads which run outside of our thread_cb() routine, and works more efficiently with short-running threads.
* socket-win: Use non-overlapped I/O and socket event selectionMartin Willi2014-06-171-31/+13
| | | | | | | | The use of overlapped I/O was incorrect, as we passed stack based buffers, but did not cancel/wait for pending completion on all sockets. Our receive-from-all socket interface is actually tricky to implement using overlapped I/O. Switch to WSAEventSelect() event management, which can be canceled properly while working in a select()-like way.
* Merge branch 'attr-enum'Martin Willi2014-06-177-15/+104
|\ | | | | | | | | | | Introduces a handle_vips() hook very similar to assign_vips(), but for clients handling virtual IPs and other configuration attributes. Non-handled attributes are stored on the IKE_SA as well and can be enumerated.
| * bus: Add a handle_vips() hook invoked after handling configuration attributesMartin Willi2014-06-176-0/+53
| | | | | | | | | | | | | | | | | | Similar to assign_vips() used by a peer assigning virtual IPs to the other peer, the handle_vips() hook gets invoked on a peers after receiving attributes. On release of the same attributes the hook gets invoked again. This is useful to inspect handled attributes, as the ike_updown() hook is invoked after authentication, when attributes have not been handled yet.
| * ikev1: Invoke the assign_vips() bus hook for IKEv1 as wellMartin Willi2014-06-162-3/+7
| |
| * ike: Create an enumerator for (un-)handled configuration attributes on IKE_SAMartin Willi2014-06-162-0/+32
| |
| * ike: Store unhandled attributes on IKE_SA as wellMartin Willi2014-06-164-12/+12
|/
* Version bump to 5.2.0rc1Andreas Steffen2014-06-151-1/+1
|
* Mentioned first six swanctl scenarios in NEWS5.2.0dr6Andreas Steffen2014-06-141-0/+1
|
* Added swanctl/rw-psk-fqdn and swanctl/rw-psk-ipv4 scenariosAndreas Steffen2014-06-1422-0/+441
|
* Single-line --raw mode simplifies evaltest of swanctl scenariosAndreas Steffen2014-06-145-92/+16
|
* Split swanctl --raw mode into single-line and --pretty modeAndreas Steffen2014-06-1418-185/+310
|
* Added swanctl/ip-pool-db scenarioAndreas Steffen2014-06-1111-0/+246
|
* Updated strongTNC configurationAndreas Steffen2014-06-118-12/+15
|
* Added swanctl/ip-pool scenarioAndreas Steffen2014-06-1011-0/+231
|
* Allow multiple hash values in the file reference databaseAndreas Steffen2014-06-102-32/+60
|
* Added swanctl/rw-cert scenarioAndreas Steffen2014-06-1011-0/+216
|
* Added Android 4.3 and 4.4.3 to imv databaseAndreas Steffen2014-06-101-0/+24
|
* Define default swanctl credentials in hosts directoryAndreas Steffen2014-06-1030-4/+383
|
* Added missing units (s = seconds)Andreas Steffen2014-06-101-1/+1
|
* Fixes in SWID entity supportAndreas Steffen2014-06-082-19/+7
|
* Merge branch 'win-32bit'Martin Willi2014-06-0613-38/+68
|\ | | | | | | | | Fixes some issues when building 32-bit Windows binaries. Mostly related to the call API. Introduces a Travis 32-bit Windows build variant.
| * travis: Add a Windows 32-bit variant build testMartin Willi2014-06-062-6/+18
| |
| * windows: Link against psapi32Martin Willi2014-06-061-1/+1
| | | | | | | | | | On some version GetModuleFileNameEx/GetModuleInformation is in psapi32 instead of kernel32. We link to both libraries to make sure we have it.
| * backtrace: Use GetModuleInformation/GetModuleFileNameEx directly on Win32Martin Willi2014-06-061-2/+10
| | | | | | | | The K32 variants are actually needed on 64-bit only.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 11:33:43 +0000