aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * android: Use a specific action to disconnect from the VPNTobias Brunner2017-07-032-12/+21
| |
| * android: Try to load existing user cert when importing VPN profileTobias Brunner2017-07-031-1/+9
| |
| * android: Enable revocation pluginTobias Brunner2017-07-032-1/+3
| |
| * android: Add a simple HTTP(S) fetcher for CRLsTobias Brunner2017-07-037-2/+241
| |
| * android: Use LOCAL_LDLIBS to link libdlTobias Brunner2017-07-032-2/+2
| | | | | | | | Newer NDKs fail otherwise as there is no actual module anymore.
| * android: Make log view more efficientTobias Brunner2017-07-031-8/+29
| | | | | | | | | | | | This bunches several log messages together before posting Runnables. Fixes #2148.
| * android: Don't update state fragment if not attached to an ActivityTobias Brunner2017-06-301-0/+5
| | | | | | | | | | When the bound state service finally connects we might not actually be attached to an Activity.
| * android: Make sure every listener at the VPN state service is only ↵Tobias Brunner2017-06-301-11/+11
| | | | | | | | | | | | | | | | | | registered once We register when the service connects but also in onStart() (as we unregister in onStop() to avoid updates when not shown). So this could theoretically cause the listener to get registered twice if the service is connected before onStart() is called (it seems it usually isn't).
| * android: Add menu item to import VPN profile via Storage Access FrameworkTobias Brunner2017-06-303-14/+59
| | | | | | | | | | This is useful in case the proper MIME type was not set for a downloaded profile.
| * android: Add translation for Traditional ChineseTobias Brunner2017-06-302-0/+176
| | | | | | | | Courtesy of Chris Chiang.
| * android: Move Simplified Chinese translation to values-zg-rCN folderTobias Brunner2017-06-302-0/+0
| |
| * android: Update Gradle plugin and wrapperTobias Brunner2017-06-303-4/+4
|/
* configure: Install charon-systemd.confTobias Brunner2017-06-291-0/+1
| | | | Fixes #2370.
* ikev1: Only delete redundant CHILD_SAs if configuredTobias Brunner2017-06-261-1/+5
| | | | | | | | | If we find a redundant CHILD_SA (the peer probably rekeyed the SA before us) we might not want to delete the old SA because the peer might still use it (same applies to old CHILD_SAs after rekeyings). So only delete them if configured to do so. Fixes #2358.
* configure: Enable coverage for all plugins via PLUGIN_CFLAGSTobias Brunner2017-06-204-7/+6
|
* ipsec: Remove `starter` as valid command in --helpTobias Brunner2017-06-201-1/+1
| | | | | | `start` is basically the same thing. Fixes #2362.
* openssl: Properly handle flags in key usage extensionTobias Brunner2017-06-141-8/+6
|
* charon-tkm: Return cloned host from tkm_kernel_sad_t::get_dst_host()Tobias Brunner2017-06-143-2/+4
| | | | | When an expire is triggered while rekeying, the CHILD_SA might be deleted while the returned host is still used to queue a rekey job for the CHILD_SA.
* configure: Use pkg-config to determine Ruby CFLAGS/LIBSTobias Brunner2017-06-074-35/+10
|
* nm: Version bump to 1.4.2Tobias Brunner2017-05-302-1/+7
|
* Version bump to 5.5.35.5.3Andreas Steffen2017-05-292-4/+4
|
* NEWS: Add info about CVE-2017-9022/23Tobias Brunner2017-05-291-0/+12
|
* x509: nameConstraints sequence does not require a loopAndreas Steffen2017-05-291-2/+1
| | | | Fixes: CVE-2017-9023
* unit-tests: Updated asn1-parser testsAndreas Steffen2017-05-291-1/+105
|
* asn1-parser: Fix CHOICE parsingAndreas Steffen2017-05-293-75/+134
| | | | Fixes: CVE-2017-9023
* gmp: Make sure the modulus is odd and the exponent not zeroTobias Brunner2017-05-291-1/+6
| | | | | | | | | Unlike mpz_powm() its secure replacement mpz_powm_sec() has the additional requirement that the exponent must be > 0 and the modulus has to be odd. Otherwise, it will crash with a floating-point exception. Fixes: CVE-2017-9022 Fixes: 3e35a6e7a1b0 ("Use side-channel secured mpz_powm_sec of libgmp 5, if available")
* imv-swid: Fixed memory leak in http REST interfaceAndreas Steffen2017-05-291-17/+19
|
* leak-detective: Whitelisted memory leaks in FHH IMCs and IMVsAndreas Steffen2017-05-291-0/+3
|
* imv-test: Fixed memory leak in server retry use caseAndreas Steffen2017-05-291-0/+2
|
* libtnccs: Fixed memory leak of global variables in libxml2Andreas Steffen2017-05-291-1/+4
|
* ike-cfg: Fix memory leak when matching against rangesTobias Brunner2017-05-291-1/+1
| | | | | | | traffic_selector_t::to_subnet() always sets the net/host (unless the address family was invalid). Fixes: 3070697f9f7c ("ike: support multiple addresses, ranges and subnets in IKE address config")
* NEWS: Added some newsTobias Brunner2017-05-261-0/+40
|
* ike: Apply retransmission_limit before applying the jitterTobias Brunner2017-05-262-8/+8
|
* eap-sim-file: Remove redundant enumerator allocationTobias Brunner2017-05-261-1/+1
|
* sql: Remove redundant enumerator allocationTobias Brunner2017-05-261-1/+1
| | | | | | Interestingly, this doesn't show up in the regression tests because the compiler removes the first assignment (and thus the allocation) due to -O2 that's included in our default CFLAGS.
* testing: Add wrapper around service commandTobias Brunner2017-05-261-0/+22
| | | | | | | | When charon is started via service command LEAK_DETECTIVE_LOG is not set because the command strips the environment. Since we only want the variable to be set during the automated test runs we can't just set it in /etc/default/charon. Instead, we do so in this wrapper when charon is started and remove the variable again when it is stopped.
* Fixed some typos, courtesy of codespellTobias Brunner2017-05-2610-13/+13
|
* apidoc: Add legacy README so links get properly resolvedTobias Brunner2017-05-262-2/+2
| | | | | Also reorders the input files so the READMEs are listed first in the navigation menu on the left.
* testing: Added swanctl/rw-eap-md5-id-rsa scenarioAndreas Steffen2017-05-269-0/+160
|
* README: Converted to swanctl configuration schemeAndreas Steffen2017-05-262-1146/+1842
|
* Merge branch 'variadic-enumerators'Tobias Brunner2017-05-26128-1961/+2911
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds several changes to enumerator_t and linked_list_t to improve portability. In particular to Apple's ARM64 iOS platform, whose calling convention for variadic and regular functions are different. This means that assigning a non-variadic function to a variadic function pointer, as we did with our enumerator_t::enumerate() implementations and several callbacks, will result in crashes as the called function will access the arguments differently than the caller provided them. To avoid this issue the enumerator_t interface is now fully variadic. A new mandatory method is added, venumerate(), that takes a va_list with the arguments provided while enumerating. enumerate() is replaced with a generic implementation that prepares a va_list and calls the enumerator's venumerate() implementation. As this allows passing the arguments of one enumerator to another it avoids the five pointer hack used by enumerator_create_nested() and enumerator_create_cleaner(). To simplify the implementation of venumerate() a helper macro is provided that assigns values from a given va_list to local variables. The signature of the callback passed to enumerator_create_filter() has also changed significantly. It's now required to enumerate over the original enumerator in the callback as this avoids the previous in/out pointer hack. The arguments to the outer enumerator are provided in a va_list. Similar changes to avoid such five pointer hacks affect the signatures of the callbacks for linked_list_t's invoke_function() and find_first() methods. For the latter the return type also changed from status_t to bool, which is important as SUCCESS is defined as 0, so checks for == SUCCESS will now fail.
| * linked-list: Change return value of find_first() and signature of its callbackTobias Brunner2017-05-2629-397/+525
| | | | | | | | This avoids the unportable five pointer hack.
| * linked-list: Change interface of callback for invoke_function()Tobias Brunner2017-05-269-54/+98
| | | | | | | | This avoids the unportable five pointer hack.
| * linked-list: invoke_offset() doesn't take any additional arguments anymoreTobias Brunner2017-05-263-18/+16
| |
| * Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-2650-929/+1331
| | | | | | | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
| * Migrate all enumerators to venumerate() interface changeTobias Brunner2017-05-2668-560/+851
| |
| * enumerator: Add venumerate() method to enumerator_t that takes a va_listTobias Brunner2017-05-262-8/+51
| | | | | | | | | | | | | | | | | | | | This will allow us to implement e.g. enumerator_cleaner without having to use that unportable 5 pointer forwarding or having to define a callback for each instance. A generic implementation for enumerate() is provided so only venumerate() has to be implemented, which may be simplified by using the VA_ARGS_VGET() macro.
| * utils: Add helper macros to read variadic arguments into local variablesTobias Brunner2017-05-261-2/+46
|/
* testing: Fix ikev2/two-certs scenarioTobias Brunner2017-05-261-1/+1
| | | | | | | Since 6a8a44be88b0 the certificate received by the client is verified first, before checking the cached certificates for any with matching identities. So we usually don't have to attempt to verify the signature with wrong certificates first and can avoid this message.
* Merge branch 'sha-256-96'Tobias Brunner2017-05-2613-1/+48
|\ | | | | | | | | | | | | | | | | Adds an option to locally configure 96-bit truncation for HMAC-SHA256 when negotiated using the official algorithm identifier. This is for compatibility with peers that incorrectly use this shorter truncation (like Linux does by default). Fixes #1353.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 04:08:04 +0000