aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/config
Commit message (Collapse)AuthorAgeFilesLines
* list proposed ESP ENCRYPTION and INTEGRITY algorithms if no proposal is chosenAndreas Steffen2008-05-201-2/+23
|
* fixed a bug introduced in [3973]Tobias Brunner2008-05-191-2/+4
|
* ccm and gcm icv_sizes are accepted both in bits and octetsAndreas Steffen2008-05-171-7/+13
|
* Added support for AES-CCM and AES-GCM (authenticated encryption algorithms) ↵Tobias Brunner2008-05-161-9/+114
| | | | in charon.
* IPComp for IKEv2Tobias Brunner2008-05-082-3/+56
|
* renamed PRF_AES128_CBC to PRF_AES128_XCBCMartin Willi2008-05-081-2/+2
|
* returning reference pointer on get_ref()Martin Willi2008-05-066-29/+19
|
* implemented XCBC algorithms (signer, prf) for IKE on top of a crypterMartin Willi2008-04-301-1/+3
| | | | | | supporting ike=...-aesxcbc-... in ipsec.conf added AUTH_AES_XCBC_96 and PRF_AES128_CBC to default IKE proposal AES XCBC testcase
* fixed peer config equality checkMartin Willi2008-04-181-1/+2
|
* implemented IKE_SA uniqueness using ipsec.conf uniqueids paramaterMartin Willi2008-04-142-2/+44
| | | | additionally supports a "keep" value to keep the old IKE_SA
* added close_action as a seperate config option to dpd_actionMartin Willi2008-04-142-13/+36
|
* using dpd actions to enforce connection stateMartin Willi2008-04-114-75/+66
| | | | dpd actions a per child-, not peer ike-sa
* implementation of an CFG attribute framework, currently supporting virtual IPsMartin Willi2008-04-095-52/+316
| | | | | | updated ipsec.conf sourceip parameter to support CIDR notatation to serve from a pool %poolname to query a separate (database?) pool
* fixed two other memory leaksTobias Brunner2008-04-032-6/+2
|
* mediation extension adapted to the naming convention of the current version ↵Tobias Brunner2008-03-262-31/+31
| | | | of the draft. note: the external interface (config, autotools) has not yet been changed
* added equals() method to peer_cfg, ike_cfg, proposals, auth_infoMartin Willi2008-03-269-147/+349
| | | | | | allows easier merging of ipsec.conf connections replaced some iterators through enumerators made proposals algorithm_t private using enumerator
* fixed peer_cfg lookup when omitting IDrMartin Willi2008-03-191-0/+5
|
* merged the modularization branch (credentials) back to trunkMartin Willi2008-03-1321-3218/+577
|
* implemented Expanded EAP types to support vendor specific methodsMartin Willi2007-12-133-4/+19
|
* implemented RFC4478 (repeated authentication)Martin Willi2007-11-203-63/+90
| | | | | changed %V printf handler to take a time delta, %#V now takes two arguments
* search : delimiter in ipsec.secrets entries from the rearAndreas Steffen2007-11-161-1/+3
|
* fixed sqlite_backend compilation to respect changes from [3238]Martin Willi2007-10-041-1/+1
|
* experimental P2P-NAT-T for IKEv2 merged back from branchTobias Brunner2007-10-032-2/+104
|
* fixed sqlite database pathMartin Willi2007-10-021-2/+2
|
* improved debugging code for traffic selector processingMartin Willi2007-10-021-7/+15
|
* moved force_encap to ike_config, enables responder to enforce udp encapsulationMartin Willi2007-10-015-30/+32
| | | | fixed bugs in force_encap code
* implemented IKEv2 force_encap connection parameterMartin Willi2007-10-013-4/+29
| | | | | enforces UDP encapsulation by faking NAT detection payloads to hurdle restrictive firewalls
* return argument has type size_tAndreas Steffen2007-09-181-1/+1
|
* prototype implemementation of an sqlite configuration backendMartin Willi2007-09-186-0/+441
|
* peer_cfg now knows about group membershipsAndreas Steffen2007-09-133-11/+49
|
* check hash algorithms used in signaturesAndreas Steffen2007-09-111-1/+1
|
* removed rsa_private_key clone() functionAndreas Steffen2007-09-111-1/+1
|
* replaced get_rsa_private_key() by rsa_signature() in order restrict the ↵Andreas Steffen2007-09-111-28/+44
| | | | distribution of private key material
* overwrite storage used for shared secrets with pseudo-random bytes before ↵Andreas Steffen2007-09-101-27/+26
| | | | releasing it
* added mobike=yes|no connection optionMartin Willi2007-08-292-3/+27
| | | | | | | yes: include mobike support notifies as initiator no: only enable mobike as responder when initiator supports it default: yes
* append new attribute certs at the endAndreas Steffen2007-08-141-1/+7
|
* adding attribute certficates to a chained listAndreas Steffen2007-08-141-3/+25
|
* has_rsa_private_key() must also be protected by keys_mutexAndreas Steffen2007-08-101-1/+4
|
* support of ipsec rereadsecrets for strokeAndreas Steffen2007-08-101-9/+54
|
* bug fix in linked_list deletion - instead of acerts destroyed certs twice4.1.5Andreas Steffen2007-08-081-1/+1
|
* implemented listing of attribute certificatesAndreas Steffen2007-08-071-3/+31
|
* ignoring unkown crl/ocsp urisMartin Willi2007-07-041-2/+8
|
* proper update of IPsec SA when roaming a host-to-host tunnelMartin Willi2007-07-021-7/+13
| | | | roaming of IPsec SAs using virtual IPs
* moved assignment of CERT_UNKNOWN4.1.3Andreas Steffen2007-05-251-2/+2
|
* log trust pathlenAndreas Steffen2007-05-251-4/+6
|
* included a certificate label in the is_trusted() methodAndreas Steffen2007-05-251-8/+6
|
* DBG1 level now shows stepping up through the certifiate hierarchy up to the ↵Andreas Steffen2007-05-251-2/+2
| | | | trust anchor
* set certinfo status to CERT_UNKNOWN before crl and|or ocsp verificationAndreas Steffen2007-05-251-3/+7
|
* removed paranoid module checkingMartin Willi2007-05-251-13/+0
|
* added compatibility names (pluto) for sha2 algorithms (sha2_256, ...)Martin Willi2007-05-251-4/+11
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 19:09:02 +0000