aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/config
Commit message (Collapse)AuthorAgeFilesLines
* ignoring unkown crl/ocsp urisMartin Willi2007-07-041-2/+8
|
* proper update of IPsec SA when roaming a host-to-host tunnelMartin Willi2007-07-021-7/+13
| | | | roaming of IPsec SAs using virtual IPs
* moved assignment of CERT_UNKNOWN4.1.3Andreas Steffen2007-05-251-2/+2
|
* log trust pathlenAndreas Steffen2007-05-251-4/+6
|
* included a certificate label in the is_trusted() methodAndreas Steffen2007-05-251-8/+6
|
* DBG1 level now shows stepping up through the certifiate hierarchy up to the ↵Andreas Steffen2007-05-251-2/+2
| | | | trust anchor
* set certinfo status to CERT_UNKNOWN before crl and|or ocsp verificationAndreas Steffen2007-05-251-3/+7
|
* removed paranoid module checkingMartin Willi2007-05-251-13/+0
|
* added compatibility names (pluto) for sha2 algorithms (sha2_256, ...)Martin Willi2007-05-251-4/+11
|
* support for virtual IP definition on client side:Martin Willi2007-05-222-25/+41
| | | | | | | if leftsourceip is defined, it is requested. server may define rightsourceip=%config to accept any, or it may overwrite it using rightsourceip. if server does not return an IP, client enforces its configured leftsourceip.
* fixed nextUpdate and until behaviour in the non-strict caseAndreas Steffen2007-05-191-10/+8
|
* support of CA-based ipsec policiesAndreas Steffen2007-05-185-83/+130
|
* verification of locally loaded peer certificatesAndreas Steffen2007-05-151-87/+92
|
* support of multiple certificates with same peer idAndreas Steffen2007-05-151-36/+74
|
* changing UID/GID after startup of pluto/charonMartin Willi2007-05-071-1/+3
| | | | added --with-uid/--with-gid configure option
* extended interface_manager (more work needed here)Martin Willi2007-05-031-1/+1
|
* added more API documentation to backends/interfacesMartin Willi2007-04-304-11/+15
|
* restructuring of configuration backendsMartin Willi2007-04-277-279/+396
| | | | | | | | | added propotypes of new control interfaces (xml & dbus) introduced loadable: configuration backends control interfaces using pluggable modules as in EAP
* added support for AES-XCBC in kernel using e.g. esp=aes128-aesxcbc ↵Martin Willi2007-04-231-0/+10
| | | | (>=linux-2.6.20)
* fixed CHILD_SA proposal selection when not using DH exchangeMartin Willi2007-04-231-8/+3
|
* implementation of strictcrlpolicy=ifuriAndreas Steffen2007-04-202-46/+56
|
* added PDF support for CHILD_SAsMartin Willi2007-04-196-83/+129
| | | | support for INVALID_KE_PAYLOAD negotiation for rekeying
* started support of X.509 attribute certificatesAndreas Steffen2007-04-121-21/+93
|
* fixed DPD delay in peer_cfgMartin Willi2007-04-121-1/+1
|
* cleaned up apidocMartin Willi2007-04-119-298/+52
| | | | | | added some comments removed configuration.[ch], as it does not make sense like it is
* accepting stroke initiation by a name of a child_cfgMartin Willi2007-04-114-33/+33
|
* best must be initialized to 2*MAX_WILDCARDS+1Andreas Steffen2007-04-101-7/+13
|
* restructured file layoutMartin Willi2007-04-1022-2622/+2579
| | | | | | | | | new configuration structure: peer_cfg: configuration related to a peer (authenitcation, ...= ike_cfg: config to use for IKE setup (proposals) child_Cfg: config for CHILD_SA (proposals, traffic selectors) a peer_cfg has one ike_cfg and multiple child_cfg's stroke now uses fixed count of threads
* removed list_crls() and list_ocsp() methodsAndreas Steffen2007-04-061-57/+2
|
* support cachecrls=yesAndreas Steffen2007-04-051-5/+13
|
* implemented dynamic http-based CRL fetchingAndreas Steffen2007-04-031-8/+3
|
* merged changes from eap-aka trunkMartin Willi2007-03-281-15/+48
|
* is_trusted() adds cert_status to cert_to_be_trustedAndreas Steffen2007-03-281-3/+37
|
* implemented ipsec listocsp functionAndreas Steffen2007-03-271-5/+32
|
* adjusted rekey-retry delay and jitterMartin Willi2007-03-211-2/+2
|
* fixed some rekey collision issuesMartin Willi2007-03-212-2/+32
| | | | added retry with jitter when rekeying fails
* renamed keyingtries attributeMartin Willi2007-03-202-13/+10
|
* added AES-192/256 proposals to IKEMartin Willi2007-03-131-0/+2
|
* results from the single responses is stored in the corresponding certinfo_t ↵Andreas Steffen2007-03-121-2/+2
| | | | structs
* moved credential_store.h from charon/config/credentials to libstrongswanAndreas Steffen2007-03-092-286/+1
|
* fixed a certinfo_t memory leak in verify()Andreas Steffen2007-03-091-1/+4
|
* ocsp signer certificate and ocsp response signature can be verifiedAndreas Steffen2007-03-082-3/+69
|
* fixed call of add_auth_certificate()Andreas Steffen2007-03-082-7/+9
|
* generalized get_ca_certificate() to get_auth_certificate(auth_flags)Andreas Steffen2007-03-082-7/+9
|
* support if ocsp signing certificatesAndreas Steffen2007-03-082-61/+97
|
* removed SHA2 kernel proposals from default, the kernel doesn't support them yetMartin Willi2007-03-081-6/+0
|
* added more debugging output for policy lookupMartin Willi2007-03-081-3/+17
| | | | | returning a (dummy) policy even when TS does not match, so we can properly send a TS_UNACCEPTABLE
* added SHA2 MAC and PRF to default proposalMartin Willi2007-03-081-23/+58
|
* fixed traffic selector redundancy removal code (not completely tested)Martin Willi2007-03-062-7/+17
|
* add crl and ocsp uris to linked list after partial verificationAndreas Steffen2007-03-061-22/+35
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-18 22:10:11 +0000