aboutsummaryrefslogtreecommitdiffstats
Commit message (Expand)AuthorAgeFilesLines
...
| * stroke: Enable BLISS-based public key constraintsTobias Brunner2015-03-041-4/+19
| * credential-manager: Store BLISS key strength in auth configTobias Brunner2015-03-041-0/+3
| * auth-cfg: Add BLISS key strength constraintTobias Brunner2015-03-042-21/+43
| * testing: Don't check for exact IKEv2 fragment sizeTobias Brunner2015-03-041-2/+2
| * testing: Update test conditions because signature schemes are now loggedTobias Brunner2015-03-0433-58/+58
| * testing: Add ikev2/rw-sig-auth scenarioTobias Brunner2015-03-0412-0/+180
| * testing: Add ikev2/net2net-cert-sha2 scenarioTobias Brunner2015-03-049-0/+104
| * ikev2: Fall back to SHA-1 signatures for RSATobias Brunner2015-03-041-0/+7
| * ikev2: Select a signature scheme appropriate for the given keyTobias Brunner2015-03-041-18/+13
| * public-key: Add helper to determine acceptable signature schemes for keysTobias Brunner2015-03-043-1/+122
| * ikev2: Log the actual signature scheme used for RFC 7427 authenticationTobias Brunner2015-03-041-4/+6
| * ikev2: Store signature scheme used to verify peer in auth_cfgTobias Brunner2015-03-041-0/+1
| * ikev2: Add a global option to disable RFC 7427 signature authenticationTobias Brunner2015-03-042-2/+15
| * ikev2: Remove private AUTH_BLISS methodTobias Brunner2015-03-043-18/+1
| * ikev2: Handle RFC 7427 signature authentication in pubkey authenticatorTobias Brunner2015-03-042-49/+179
| * hasher: Add helper to determine hash algorithm from signature schemeTobias Brunner2015-03-042-0/+44
| * public-key: Add helper to map signature schemes to ASN.1 OIDsTobias Brunner2015-03-042-3/+54
| * public-key: Add helper to determine key type from signature schemeTobias Brunner2015-03-042-0/+43
| * ikev2: Enable signature authentication by transmitting supported hash algorithmsTobias Brunner2015-03-042-4/+88
| * keymat: Add facility to store supported hash algorithmsTobias Brunner2015-03-042-1/+70
| * hasher: Add filter function for algorithms permitted by RFC 7427Tobias Brunner2015-03-042-0/+30
| * hasher: Redefine hash algorithms to match values defined by RFC 7427Tobias Brunner2015-03-042-27/+29
| * ikev2: Add SIGNATURE_HASH_ALGORITHMS notify payloadTobias Brunner2015-03-042-6/+18
| * ikev2: Add new authentication method defined by RFC 7427Tobias Brunner2015-03-042-3/+9
|/
* ikev2: Only accept initial messages in specific statesTobias Brunner2015-03-041-10/+9
* ike-sa-manager: Make sure the message ID of initial messages is 0Tobias Brunner2015-03-041-1/+2
* ikev2: Don't destroy the SA if an IKE_SA_INIT with unexpected MID is receivedTobias Brunner2015-03-041-4/+0
* ikev2: Don't adopt any CHILD_SA during make-before-break reauthenticationMartin Willi2015-03-041-1/+2
* unit-tests: Base attributes get adopted by seg-env/seg-contractTobias Brunner2015-03-031-4/+4
* seg-env: Destroy base attribute if segmentation is not possibleTobias Brunner2015-03-031-0/+1
* Merge branch 'eap-constraints'Martin Willi2015-03-0314-2/+100
|\
| * NEWS: Introduce EAP constraints support for EAP-(T)TLSMartin Willi2015-03-031-0/+5
| * man: Describe trust chain constraints configuration for EAP methodsMartin Willi2015-03-031-1/+3
| * stroke: Support public key constraints for EAP methodsMartin Willi2015-03-031-1/+8
| * eap-ttls: Support EAP auth information getter in EAP-TTLSMartin Willi2015-03-031-0/+7
| * eap-tls: Support EAP auth information getter in EAP-TLSMartin Willi2015-03-031-0/+7
| * libtls: Add getters for TLS handshake authentication detailsMartin Willi2015-03-037-0/+49
| * libtls: Merge trustchain auth verification details done during TLS handhsakeMartin Willi2015-03-032-0/+2
| * ikev2: Merge EAP client authentication details if EAP methods provides themMartin Willi2015-03-031-0/+7
| * eap: Add an optional authentication details getter to the EAP method interfaceMartin Willi2015-03-031-0/+12
|/
* Merge branch 'stroke-purge-on-reread'Martin Willi2015-03-036-120/+306
|\
| * ipsec: Update rereadcacerts/aacerts command description in manpageMartin Willi2015-03-031-6/+9
| * stroke: Serve ca section CA certificates directly, not over central CA setMartin Willi2015-03-033-5/+85
| * mem-cred: Add a method to unify certificate references, without adding itMartin Willi2015-03-032-0/+31
| * stroke: Purge existing CA/AA certificates during rereadMartin Willi2015-03-031-0/+4
| * stroke: Use separate credential sets for CA/AA certificatesMartin Willi2015-03-031-3/+21
| * stroke: Refactor load_certdir functionMartin Willi2015-03-031-108/+158
|/
* vici: Don't use a default rand_time larger than half of rekey/reauth_timeMartin Willi2015-03-031-3/+11
* vici: If a IKE reauth_time is configured, disable the default rekey_timeMartin Willi2015-03-032-2/+19
* ikev2: Schedule a timeout for the delete message following passive IKE rekeyingMartin Willi2015-03-031-0/+6
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-10 20:19:01 +0000