aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * identification: Support custom types in string constructor prefixesMartin Willi2014-10-303-0/+48
| |
| * identification: Support prefixes in string constructors for an explicit typeMartin Willi2014-10-303-0/+58
| |
| * unit-tests: Re-align identification_create_from_string() unit test table dataMartin Willi2014-10-301-52/+52
|/
* threading: Support rwlock try_write_lock() on WindowsMartin Willi2014-10-301-2/+0
| | | | | | | | | | | We explicitly avoided TryAcquireSRWLockExclusive() because of crashes. This issue was caused by a MinGW-w64 bug (mingw-w64 fix 46f77afc). Using a newer toolchain works fine. While try_write_lock() obviously can fail, not supporting it is not really an option, as some algorithms depend on occasionally successful calls. Certificate caching in the certificate manager and the cred_set cache rely on successful try_write_lock()ing.
* threading: Add a more explicit rwlock try_write_lock() testingMartin Willi2014-10-301-0/+44
|
* message: Include encrypted fragment payload in payload (order) rulesTobias Brunner2014-10-291-0/+12
| | | | | | | | | Otherwise fragmented CREATE_CHILD_SA exchanges won't get accepted because they don't contain an SA payload. It also prevents a warning when ordering payloads. Fixes #752.
* cert-cache: Prevent that a cached issuer is freed too earlyTobias Brunner2014-10-241-7/+10
| | | | | | | | Previously we got no reference to the cached issuer certificate before releasing the lock of the cache line, this allowed other threads, or even the same thread if it replaces a cache line, to destroy that issuer certificate in cache() (or flush()) before get_ref() for the issuer certificate is finally called.
* unit-tests: Fix internet checksum tests on big-endian systemsTobias Brunner2014-10-231-4/+9
| | | | | | | We actually need to do a byte-swap, which ntohs() only does on little-endian systems. Fixes #747.
* chunk: Fix internet checksum calculation on big-endian systemsTobias Brunner2014-10-231-1/+1
| | | | | | | ntohs() might be defined as noop (#define ntohs(x) (x)) so we have to manually shorten the negated value (gets promoted to an int). Fixes #747.
* updown: Explicitly pass caller PATH to updown scriptMartin Willi2014-10-221-0/+1
| | | | | | | | | When invoking /bin/sh, its default PATH is used. On some systems, that does not include the PATH where the ipsec script is installed, as charon is invoked with a custom PATH. Explicitly setting the PATH of charon should fix this case, properly invoking the (default) updown script. Fixes #745.
* ip-packet: Fix length in IPv6 header of generated packetsTobias Brunner2014-10-201-1/+1
|
* Increased fragment size to 1400 in ipv6/net2net-ikev1 scenario5.2.1Andreas Steffen2014-10-182-2/+2
|
* Enabled IKEv2 fragmentation in ipv6/net2net-ikev2 scenarioAndreas Steffen2014-10-184-2/+6
|
* Version bump to 5.2.1Andreas Steffen2014-10-181-3/+3
|
* Remove unneeded get_count() methodAndreas Steffen2014-10-171-1/+0
|
* Process TCG/PTS File Measurement attribute incrementallyAndreas Steffen2014-10-171-37/+77
|
* Exempt TCG/SEG attributes from unsupported case statementAndreas Steffen2014-10-162-4/+11
|
* Request IF-M segmentation contract for TCG/PTS subtypeAndreas Steffen2014-10-161-0/+27
|
* tls: Fix an invalid free on CBC encryption failureMartin Willi2014-10-151-1/+0
|
* tls: Fix a memory leak if AEAD encryption failsMartin Willi2014-10-151-0/+1
|
* tls: Check all bytes of the padding if they equal the padding lengthMartin Willi2014-10-152-0/+16
|
* android: Fix PA-TNC construction based on data passed via JNITobias Brunner2014-10-151-3/+2
|
* libimcv: Add generic constructor for PA-TNC attributesTobias Brunner2014-10-152-0/+51
|
* backtrace: Fix symbol lookup in dynamic symtab via libbfdTobias Brunner2014-10-141-0/+1
|
* swid-inventory: Remove unused variable end_of_tagTobias Brunner2014-10-141-6/+2
|
* swanctl: Fix man page build on FreeBSDTobias Brunner2014-10-141-1/+1
| | | | | BSD make seems to only evaluate $< for certain rules (like the suffix rule used to generate the config template).
* thread: Test for pending cancellation requests before select()ing on OS XMartin Willi2014-10-141-0/+28
| | | | | | This fixes some vici test cases on OS X, where the test thread tries to cancel the watcher thread during cleanup, but fails as select() does not honor the pre-issued cancellation request.
* vici: Return default value for get_int() if message value is empty stringMartin Willi2014-10-142-1/+5
| | | | | This is the behavior of some strtol() implementations, and it makes sense, so force it.
* process: Don't use the shells built-in echo in testsMartin Willi2014-10-141-1/+1
| | | | On OS X, the /bin/sh built-in echo does not support -n.
* process: Don't use absolute path names for true/false/cat in unit testsMartin Willi2014-10-141-4/+10
| | | | | But use the (builtin) shell commands instead, as on OS X true/false are under /usr/bin.
* kernel-pfroute: Check for RTM_IFANNOUNCE availabilityMartin Willi2014-10-142-0/+22
| | | | This message is not available on OS X.
* process: Include missing <signal.h> for raise(3)Martin Willi2014-10-141-0/+1
| | | | Fixes OS X build.
* ike: Add IKEv2 in description of fragment_size option in strongswan.confTobias Brunner2014-10-141-3/+4
|
* ip-packet: Fix removal of TFC padding for IPv6Tobias Brunner2014-10-141-1/+1
| | | | | | The IPv6 length field denotes the payload length after the 40 bytes header. Fixes: 293515f95cf5 ("libipsec: remove extra RFC4303 TFC padding appended to inner payload")
* vici: Add vici.gemspec.in and vici.rb to distributionTobias Brunner2014-10-141-0/+2
|
* travis: Build-test updown and ext-auth plugins for WindowsMartin Willi2014-10-141-0/+1
|
* android: Implement get_contracts() method in IMC state objectTobias Brunner2014-10-141-0/+14
|
* android: libpts does not exist anymore, don't attempt to load itTobias Brunner2014-10-141-1/+0
|
* android: Update receive_message() to new imc_msg_t.receive() signatureTobias Brunner2014-10-131-2/+4
|
* libimcv: Add fallback if IPSEC_SCRIPT is not definedTobias Brunner2014-10-131-0/+4
| | | | This is the case on Android.
* libimcv: Updated Android.mk to latest Makefile.amTobias Brunner2014-10-132-0/+4
|
* android: Remove references to libptsTobias Brunner2014-10-133-8/+2
|
* libimcv: Remove reference to libptsTobias Brunner2014-10-131-1/+0
|
* libimcv: Fix Doxygen comments after merging libpts into libimcvTobias Brunner2014-10-1313-14/+20
|
* watcher: Doxygen comment fixedTobias Brunner2014-10-131-1/+1
|
* charon-systemd: Typo in log message fixedTobias Brunner2014-10-131-1/+1
|
* libimcv: Fix harcoded IMCV_DEFAULT_POLICY_SCRIPT nameAvesh Agarwal2014-10-132-2/+3
| | | | | | | | I came across an issue with src/libimcv/imcv.c where IMCV_DEFAULT_POLICY_SCRIPT is hardcoded. It fails where ipsec_script is renamed to, for example, strongswan from default ipsec.
* testing: Enable nat table for iptables on 3.17 kernelsTobias Brunner2014-10-131-2/+5
|
* ike: Do remote address updates also when behind static NATsTobias Brunner2014-10-131-4/+7
| | | | | | | | We assume that a responder is behind a static NAT (e.g. port forwarding) and allow remote address updates in such situations. The problem described in RFC 5996 is only an issue if the NAT mapping can expire.
* ike: Remove redundant check for local NAT when handling changed NAT mappingsTobias Brunner2014-10-131-6/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 07:52:52 +0000