aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/config
Commit message (Collapse)AuthorAgeFilesLines
...
* using dpd actions to enforce connection stateMartin Willi2008-04-114-75/+66
| | | | dpd actions a per child-, not peer ike-sa
* implementation of an CFG attribute framework, currently supporting virtual IPsMartin Willi2008-04-095-52/+316
| | | | | | updated ipsec.conf sourceip parameter to support CIDR notatation to serve from a pool %poolname to query a separate (database?) pool
* fixed two other memory leaksTobias Brunner2008-04-032-6/+2
|
* mediation extension adapted to the naming convention of the current version ↵Tobias Brunner2008-03-262-31/+31
| | | | of the draft. note: the external interface (config, autotools) has not yet been changed
* added equals() method to peer_cfg, ike_cfg, proposals, auth_infoMartin Willi2008-03-269-147/+349
| | | | | | allows easier merging of ipsec.conf connections replaced some iterators through enumerators made proposals algorithm_t private using enumerator
* fixed peer_cfg lookup when omitting IDrMartin Willi2008-03-191-0/+5
|
* merged the modularization branch (credentials) back to trunkMartin Willi2008-03-1321-3218/+577
|
* implemented Expanded EAP types to support vendor specific methodsMartin Willi2007-12-133-4/+19
|
* implemented RFC4478 (repeated authentication)Martin Willi2007-11-203-63/+90
| | | | | changed %V printf handler to take a time delta, %#V now takes two arguments
* search : delimiter in ipsec.secrets entries from the rearAndreas Steffen2007-11-161-1/+3
|
* fixed sqlite_backend compilation to respect changes from [3238]Martin Willi2007-10-041-1/+1
|
* experimental P2P-NAT-T for IKEv2 merged back from branchTobias Brunner2007-10-032-2/+104
|
* fixed sqlite database pathMartin Willi2007-10-021-2/+2
|
* improved debugging code for traffic selector processingMartin Willi2007-10-021-7/+15
|
* moved force_encap to ike_config, enables responder to enforce udp encapsulationMartin Willi2007-10-015-30/+32
| | | | fixed bugs in force_encap code
* implemented IKEv2 force_encap connection parameterMartin Willi2007-10-013-4/+29
| | | | | enforces UDP encapsulation by faking NAT detection payloads to hurdle restrictive firewalls
* return argument has type size_tAndreas Steffen2007-09-181-1/+1
|
* prototype implemementation of an sqlite configuration backendMartin Willi2007-09-186-0/+441
|
* peer_cfg now knows about group membershipsAndreas Steffen2007-09-133-11/+49
|
* check hash algorithms used in signaturesAndreas Steffen2007-09-111-1/+1
|
* removed rsa_private_key clone() functionAndreas Steffen2007-09-111-1/+1
|
* replaced get_rsa_private_key() by rsa_signature() in order restrict the ↵Andreas Steffen2007-09-111-28/+44
| | | | distribution of private key material
* overwrite storage used for shared secrets with pseudo-random bytes before ↵Andreas Steffen2007-09-101-27/+26
| | | | releasing it
* added mobike=yes|no connection optionMartin Willi2007-08-292-3/+27
| | | | | | | yes: include mobike support notifies as initiator no: only enable mobike as responder when initiator supports it default: yes
* append new attribute certs at the endAndreas Steffen2007-08-141-1/+7
|
* adding attribute certficates to a chained listAndreas Steffen2007-08-141-3/+25
|
* has_rsa_private_key() must also be protected by keys_mutexAndreas Steffen2007-08-101-1/+4
|
* support of ipsec rereadsecrets for strokeAndreas Steffen2007-08-101-9/+54
|
* bug fix in linked_list deletion - instead of acerts destroyed certs twice4.1.5Andreas Steffen2007-08-081-1/+1
|
* implemented listing of attribute certificatesAndreas Steffen2007-08-071-3/+31
|
* ignoring unkown crl/ocsp urisMartin Willi2007-07-041-2/+8
|
* proper update of IPsec SA when roaming a host-to-host tunnelMartin Willi2007-07-021-7/+13
| | | | roaming of IPsec SAs using virtual IPs
* moved assignment of CERT_UNKNOWN4.1.3Andreas Steffen2007-05-251-2/+2
|
* log trust pathlenAndreas Steffen2007-05-251-4/+6
|
* included a certificate label in the is_trusted() methodAndreas Steffen2007-05-251-8/+6
|
* DBG1 level now shows stepping up through the certifiate hierarchy up to the ↵Andreas Steffen2007-05-251-2/+2
| | | | trust anchor
* set certinfo status to CERT_UNKNOWN before crl and|or ocsp verificationAndreas Steffen2007-05-251-3/+7
|
* removed paranoid module checkingMartin Willi2007-05-251-13/+0
|
* added compatibility names (pluto) for sha2 algorithms (sha2_256, ...)Martin Willi2007-05-251-4/+11
|
* support for virtual IP definition on client side:Martin Willi2007-05-222-25/+41
| | | | | | | if leftsourceip is defined, it is requested. server may define rightsourceip=%config to accept any, or it may overwrite it using rightsourceip. if server does not return an IP, client enforces its configured leftsourceip.
* fixed nextUpdate and until behaviour in the non-strict caseAndreas Steffen2007-05-191-10/+8
|
* support of CA-based ipsec policiesAndreas Steffen2007-05-185-83/+130
|
* verification of locally loaded peer certificatesAndreas Steffen2007-05-151-87/+92
|
* support of multiple certificates with same peer idAndreas Steffen2007-05-151-36/+74
|
* changing UID/GID after startup of pluto/charonMartin Willi2007-05-071-1/+3
| | | | added --with-uid/--with-gid configure option
* extended interface_manager (more work needed here)Martin Willi2007-05-031-1/+1
|
* added more API documentation to backends/interfacesMartin Willi2007-04-304-11/+15
|
* restructuring of configuration backendsMartin Willi2007-04-277-279/+396
| | | | | | | | | added propotypes of new control interfaces (xml & dbus) introduced loadable: configuration backends control interfaces using pluggable modules as in EAP
* added support for AES-XCBC in kernel using e.g. esp=aes128-aesxcbc ↵Martin Willi2007-04-231-0/+10
| | | | (>=linux-2.6.20)
* fixed CHILD_SA proposal selection when not using DH exchangeMartin Willi2007-04-231-8/+3
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 21:03:12 +0000