aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon
Commit message (Collapse)AuthorAgeFilesLines
...
* changed external interface to the mediation extension.Tobias Brunner2008-03-271-3/+3
|
* corrected ME_ENDPOINT length checkTobias Brunner2008-03-271-1/+2
|
* reusing generic shared_key_t implementation in med_dbMartin Willi2008-03-271-55/+1
|
* checking the size of ME_* notify payloadsTobias Brunner2008-03-272-9/+22
|
* replaced the COOKIE notify payload in connectivity checks with a ↵Tobias Brunner2008-03-273-17/+21
| | | | ME_CONNECTAUTH notify payload
* implemented cert cache flushing, ipsec purgeocspMartin Willi2008-03-275-4/+54
|
* fixed plugin/stroke MakefileAndreas Steffen2008-03-261-1/+2
|
* mediation extension adapted to the naming convention of the current version ↵Tobias Brunner2008-03-2630-482/+482
| | | | of the draft. note: the external interface (config, autotools) has not yet been changed
* added uptime statistics to statusallMartin Willi2008-03-261-0/+10
|
* caching of ocsp responses (experimental), no crl caching yetMartin Willi2008-03-262-173/+149
|
* fixed compile error if --enable-p2p is setMartin Willi2008-03-262-2/+2
|
* fixed rightca= constraint checkingMartin Willi2008-03-261-21/+58
| | | | implemented rightca= for intermediate CAs we do not have the certificate at config load
* fixed auth_info_t.equals()Martin Willi2008-03-261-1/+1
|
* splitted stroke plugin to several files:Martin Willi2008-03-2618-3285/+4155
| | | | | | | | | | | socket: reads messages from socket, dispatching config: process add/del conn, serves configs through backend_t control: controlling of the daemon (up/down/route/...( cred: credential loading, serves creds through credential_set_t ca: ca sections from ipsec.conf, serves cdp's through credential_set_t list: log status information to stroke console (status/statusall/list*) shared_key: shared key implementation for keys read from ipsec.secrets plugin: registers stroke plugin and starts socket w/ thread
* added equals() method to peer_cfg, ike_cfg, proposals, auth_infoMartin Willi2008-03-2618-261/+569
| | | | | | allows easier merging of ipsec.conf connections replaced some iterators through enumerators made proposals algorithm_t private using enumerator
* certificate factory can load certs from fileAndreas Steffen2008-03-251-52/+54
|
* defined *_create_from_file() constructors in ↵Andreas Steffen2008-03-251-103/+60
| | | | libstrongswan/credentials/certificates
* shortened debug outputAndreas Steffen2008-03-211-2/+2
|
* detect trusted self-signed before trust chain verificationAndreas Steffen2008-03-211-4/+14
|
* optimized debug output of credential_manager.cAndreas Steffen2008-03-211-21/+21
|
* modified debug textAndreas Steffen2008-03-201-1/+1
|
* cert_cache_t caches subject-issuer relations and subject certificatesMartin Willi2008-03-204-3/+293
| | | | ocsp/crl do not benefit yet due missing lookup function
* fallback to random end entity certificate if trustchain building failsMartin Willi2008-03-201-3/+18
|
* (no commit message)Martin Willi2008-03-202-14/+86
|
* added support for certificate requests for not yet known CAsMartin Willi2008-03-204-5/+31
|
* fixed verification of preinstalled certificatesMartin Willi2008-03-201-1/+1
|
* more trustchain verification improvementsMartin Willi2008-03-201-99/+103
| | | | should fix crl-revoked and two-certs scenarios
* refactored trustchain verification, this should fix #33Martin Willi2008-03-197-329/+531
| | | | moved auth_info/ocsp_response credset wrapper to separate files
* increased debug level in trust chain verification for auditing purposesAndreas Steffen2008-03-191-31/+50
|
* The introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA, Martin Willi2008-03-192-38/+25
| | | | | | as it requires to XOR the key into the hashers state. A new SHA1 based keyed hash function, implemented as PRF, enables EAP-AKA and the FIPS-PRF function to properly use the existing SHA1 implementation.
* log nextUpdate of crls and ocsp responsesAndreas Steffen2008-03-191-12/+36
|
* fixed stupid bug in fetch_ocsp()Andreas Steffen2008-03-191-1/+1
|
* attempt to achieve consistent debugging outputAndreas Steffen2008-03-195-62/+72
|
* fixed shared key lookup in strokeMartin Willi2008-03-191-1/+1
|
* fixed peer_cfg lookup when omitting IDrMartin Willi2008-03-192-3/+18
|
* fixed CRL check return value on revoked certificatesMartin Willi2008-03-194-53/+19
| | | | | fixed possible refcounting bugs generic return_null() implementation
* fixed compiler warningMartin Willi2008-03-181-0/+1
|
* added generic payload order rules for notifiesMartin Willi2008-03-181-0/+6
|
* fixed ike_cfg lookup in strokeMartin Willi2008-03-181-1/+1
|
* added false positive signature check Martin Willi2008-03-181-0/+6
|
* added missing test case file ([3607])Martin Willi2008-03-181-0/+61
|
* creating public key from RSA private keyMartin Willi2008-03-182-2/+4
| | | | RSA key generation and signature test
* made is_newer() a certificate_t methodAndreas Steffen2008-03-182-78/+121
|
* better normalized tables for SQL plugin (IDs)Martin Willi2008-03-186-286/+453
|
* enforcing x509_flags on certificate constructionMartin Willi2008-03-171-23/+12
|
* logging to SQL databaseMartin Willi2008-03-156-1/+255
|
* correctly unregister IKE_SA at the bus Martin Willi2008-03-151-1/+1
|
* removed X509_PEER flag; flags are meant to read cert, not to store ↵Martin Willi2008-03-141-21/+12
| | | | | | | additional state in cert removed x509_t.set_flags for the reason above implemented a simple, generic shared_key_t
* credential lookup in mysql/sqlite databaseMartin Willi2008-03-147-2/+493
|
* refactored buggy trustchain building, fixed refcount bugMartin Willi2008-03-141-105/+91
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 16:52:02 +0000