aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/config
Commit message (Collapse)AuthorAgeFilesLines
...
* support for virtual IP definition on client side:Martin Willi2007-05-222-25/+41
| | | | | | | if leftsourceip is defined, it is requested. server may define rightsourceip=%config to accept any, or it may overwrite it using rightsourceip. if server does not return an IP, client enforces its configured leftsourceip.
* fixed nextUpdate and until behaviour in the non-strict caseAndreas Steffen2007-05-191-10/+8
|
* support of CA-based ipsec policiesAndreas Steffen2007-05-185-83/+130
|
* verification of locally loaded peer certificatesAndreas Steffen2007-05-151-87/+92
|
* support of multiple certificates with same peer idAndreas Steffen2007-05-151-36/+74
|
* changing UID/GID after startup of pluto/charonMartin Willi2007-05-071-1/+3
| | | | added --with-uid/--with-gid configure option
* extended interface_manager (more work needed here)Martin Willi2007-05-031-1/+1
|
* added more API documentation to backends/interfacesMartin Willi2007-04-304-11/+15
|
* restructuring of configuration backendsMartin Willi2007-04-277-279/+396
| | | | | | | | | added propotypes of new control interfaces (xml & dbus) introduced loadable: configuration backends control interfaces using pluggable modules as in EAP
* added support for AES-XCBC in kernel using e.g. esp=aes128-aesxcbc ↵Martin Willi2007-04-231-0/+10
| | | | (>=linux-2.6.20)
* fixed CHILD_SA proposal selection when not using DH exchangeMartin Willi2007-04-231-8/+3
|
* implementation of strictcrlpolicy=ifuriAndreas Steffen2007-04-202-46/+56
|
* added PDF support for CHILD_SAsMartin Willi2007-04-196-83/+129
| | | | support for INVALID_KE_PAYLOAD negotiation for rekeying
* started support of X.509 attribute certificatesAndreas Steffen2007-04-121-21/+93
|
* fixed DPD delay in peer_cfgMartin Willi2007-04-121-1/+1
|
* cleaned up apidocMartin Willi2007-04-119-298/+52
| | | | | | added some comments removed configuration.[ch], as it does not make sense like it is
* accepting stroke initiation by a name of a child_cfgMartin Willi2007-04-114-33/+33
|
* best must be initialized to 2*MAX_WILDCARDS+1Andreas Steffen2007-04-101-7/+13
|
* restructured file layoutMartin Willi2007-04-1022-2622/+2579
| | | | | | | | | new configuration structure: peer_cfg: configuration related to a peer (authenitcation, ...= ike_cfg: config to use for IKE setup (proposals) child_Cfg: config for CHILD_SA (proposals, traffic selectors) a peer_cfg has one ike_cfg and multiple child_cfg's stroke now uses fixed count of threads
* removed list_crls() and list_ocsp() methodsAndreas Steffen2007-04-061-57/+2
|
* support cachecrls=yesAndreas Steffen2007-04-051-5/+13
|
* implemented dynamic http-based CRL fetchingAndreas Steffen2007-04-031-8/+3
|
* merged changes from eap-aka trunkMartin Willi2007-03-281-15/+48
|
* is_trusted() adds cert_status to cert_to_be_trustedAndreas Steffen2007-03-281-3/+37
|
* implemented ipsec listocsp functionAndreas Steffen2007-03-271-5/+32
|
* adjusted rekey-retry delay and jitterMartin Willi2007-03-211-2/+2
|
* fixed some rekey collision issuesMartin Willi2007-03-212-2/+32
| | | | added retry with jitter when rekeying fails
* renamed keyingtries attributeMartin Willi2007-03-202-13/+10
|
* added AES-192/256 proposals to IKEMartin Willi2007-03-131-0/+2
|
* results from the single responses is stored in the corresponding certinfo_t ↵Andreas Steffen2007-03-121-2/+2
| | | | structs
* moved credential_store.h from charon/config/credentials to libstrongswanAndreas Steffen2007-03-092-286/+1
|
* fixed a certinfo_t memory leak in verify()Andreas Steffen2007-03-091-1/+4
|
* ocsp signer certificate and ocsp response signature can be verifiedAndreas Steffen2007-03-082-3/+69
|
* fixed call of add_auth_certificate()Andreas Steffen2007-03-082-7/+9
|
* generalized get_ca_certificate() to get_auth_certificate(auth_flags)Andreas Steffen2007-03-082-7/+9
|
* support if ocsp signing certificatesAndreas Steffen2007-03-082-61/+97
|
* removed SHA2 kernel proposals from default, the kernel doesn't support them yetMartin Willi2007-03-081-6/+0
|
* added more debugging output for policy lookupMartin Willi2007-03-081-3/+17
| | | | | returning a (dummy) policy even when TS does not match, so we can properly send a TS_UNACCEPTABLE
* added SHA2 MAC and PRF to default proposalMartin Willi2007-03-081-23/+58
|
* fixed traffic selector redundancy removal code (not completely tested)Martin Willi2007-03-062-7/+17
|
* add crl and ocsp uris to linked list after partial verificationAndreas Steffen2007-03-061-22/+35
|
* some cleanupsMartin Willi2007-03-051-5/+1
| | | | | | not assigning %any virtual IPs to peer anymore
* fixed double free bugMartin Willi2007-03-055-4/+77
|
* refactored ca_info_tAndreas Steffen2007-03-032-166/+115
|
* added support for 0.0.0.0/0 traffic selectorsMartin Willi2007-03-014-31/+86
| | | | fixed routing to make correct 0.0.0.0/0 routes
* merged tasking branch into trunkMartin Willi2007-02-286-68/+136
|
* added support of OCSP accessLocationsAndreas Steffen2007-02-251-5/+17
|
* full support of ca info recordsAndreas Steffen2007-02-242-22/+111
|
* support of ca info recordsAndreas Steffen2007-02-232-0/+45
|
* merged EAP framework from branch into trunkMartin Willi2007-02-124-15/+37
| | | | | includes a lot of other modifications
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-07 13:37:44 +0000