aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/config
Commit message (Collapse)AuthorAgeFilesLines
* implemented proper refcounting using atomic operationsMartin Willi2006-07-284-6/+12
|
* implemented IKE_SA rekeyingMartin Willi2006-07-274-10/+96
| | | | | | uses ikelifetime, rekeymargin and rekeyfuzz config settings no handling of simultaneus exchanges yet!
* added possibility to route CHILD_SAs, without to set them upMartin Willi2006-07-212-0/+33
| | | | | | | support for auto=route parameter support for ipsec route and ipsec unroute initiating of CHILD and/or IKE_SAs based on kernel acquires
* introduced refcounting on policy and connectionsMartin Willi2006-07-208-416/+314
| | | | | | | | | aren't stored in the IKE_SA anymore, they are queried on the fly are immutable now, allows it to share them policy selection based on traffic selectors, leads to valid lookup results rekeying queries the policy based on its traffic selectors
* cleanups in kernel interface codeMartin Willi2006-07-184-127/+223
| | | | | | added proper traffic selector to string conversion some cleanups here & there
* identification_t.matches() supports multiple wildcard countsAndreas Steffen2006-07-111-23/+9
|
* updated copyright informationMartin Willi2006-07-078-14/+21
|
* added support for leftprotoport and rightprotoportMartin Willi2006-07-052-7/+18
|
* redesigned IKE_SA using a transaction mechanism:Martin Willi2006-07-055-21/+18
| | | | | | | | | | | | removed old state machine reimplemented IKE_SA setup and delete implemented dead peer detection implemented keep-alives a lot of fixes no rekeying yet
* log entries start with lowcercase characterAndreas Steffen2006-07-041-2/+6
|
* support of cert payloadsAndreas Steffen2006-07-036-64/+205
|
* added X.509 trust chain verificationAndreas Steffen2006-06-272-4/+248
|
* applied new changes from NATT teamMartin Willi2006-06-233-27/+1
| | | | | DPD only done when no IPsec and IKE traffic processed minor changes here and there
* first merge of NATT codeMartin Willi2006-06-222-13/+89
|
* readded local_credential_storeMartin Willi2006-06-205-78/+242
| | | | | | added sendcert policy to connection some other cleanups
* implemented rereadcrls rereadcacertsAndreas Steffen2006-06-202-0/+669
|
* removed local_credential_storeAndreas Steffen2006-06-202-689/+0
|
* added crl supportAndreas Steffen2006-06-163-15/+188
|
* fixed aes code, we support now aes128, aes192, aes256 in IKEMartin Willi2006-06-151-2/+0
|
* added support for "ike" and "esp" keywordsMartin Willi2006-06-153-9/+192
| | | | | | | fixed bugs in proposal code algorithm selection for charon works now with ipsec.conf a lot of other fixes
* debug and logging improvementsMartin Willi2006-06-133-5/+9
|
* add_certificate() now returns pointer to added certAndreas Steffen2006-06-122-8/+8
|
* workaround for peers rekeying at the same timeMartin Willi2006-06-123-9/+42
| | | | | loading lifetime policies from ipsec.conf
* old child_sa gets deleted after rekeyingMartin Willi2006-06-091-3/+3
| | | | | | rekeying almost complete, but: IKE_SA get in an invalid state when both initiate rekeying at the same time,
* improved kernel interface loggingMartin Willi2006-06-091-3/+3
|
* fixed clone/destroy behavior when not using CAsMartin Willi2006-06-091-5/+17
|
* specifying keysize in bits, as it is required in IKEv2Martin Willi2006-06-091-1/+1
| | | | | | added generic kernel SA algorithm handling, which brings us: aes-128, aes-256, blowfish, des, 3des and null encryption for CHILD_SAs
* added support for leftsendcert= and left|rightca= parametersAndreas Steffen2006-06-092-2/+41
|
* discard cert if CA basic constraints flag is not set and warn if cert is not ↵Andreas Steffen2006-06-091-5/+16
| | | | valide
* fixed compile warnings when using -WallMartin Willi2006-06-085-8/+12
| | | | | | | | further CHILD_SA rekeying work done: creation of a new CHILD_SA on a expire from a kernel works delete of old CHILD_SA still missing some issues when both initiate rekeing
* further work for rekeying:Martin Willi2006-06-075-356/+182
| | | | | | | | | get liftimes from policy added new state initiation of rekeying done proposal redone: removed support for AH+ESP proposals
* - fixed some memleaks/freebugsMartin Willi2006-05-311-1/+0
| | | | | - leak detective works almost usable now (?!)
* - fixed host-host tunnel traffic selection, host-host works nowMartin Willi2006-05-311-6/+24
|
* full support of ikev1 and ikev2 connection flagsAndreas Steffen2006-05-301-6/+7
|
* new functions to add certificates and retrieve private and public keysAndreas Steffen2006-05-303-120/+182
|
* changed log levelAndreas Steffen2006-05-301-2/+2
|
* - policies contain a connections name nowMartin Willi2006-05-298-257/+340
| | | | | | | | - used for initiate and delete - connections won't get initiated twice anymore - deleting of connections is now possible, which allows us to use ipsec update and ipsec reload
* - show connection templates in status & statusallMartin Willi2006-05-232-0/+55
| | | | | - don't complain on termination of IKEv1 connections
* - changed config load strategy:Martin Willi2006-05-232-3/+33
| | | | | | | starter loads both connections in charon & pluto, charon ignores anything with keyexchange!=ikev2. pluto needs the same behavior.
* - applied patch from andreas, which allows certificate listing via strokeMartin Willi2006-05-193-5/+40
|
* - applied andreas's patchMartin Willi2006-05-181-41/+56
| | | | | | | - logger output improvements - testin gupdates - and a lot more
* - introduced autotoolsMartin Willi2006-05-164-100/+0
| | | | | | | | | | - first working version - make dist should work - things to do: - UML testing! - more cleanups
* (no commit message)Martin Willi2006-05-1023-0/+4423
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 15:44:01 +0000