| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | addrblock: Use dynamic TS narrowing instead of rejecting the whole CHILD_SA | Martin Willi | 2017-03-02 | 1 | -43/+28 |
| | | | | | | | | | Previously, the client had to propose no wider selectors than the certificate permits, otherwise the complete CHILD_SA was rejected. However, with IKEv2 we can dynamically narrow the selectors to what the certificate allows. This makes client and gateway configurations very simple by just proposing 0.0.0.0/0, narrowed to selectors the client is permitted to route into the network. | ||||
| * | addrblock: Support an optional non-strict mode accepting certs without addrblock | Martin Willi | 2017-03-02 | 1 | -3/+11 |
| | | | | | | | | This allows a gateway to enforce the addrblock policy on certificates that actually have the extension only. For (legacy) certificates not having the extension, traffic selectors are validated/narrowed by other means, most likely by the configuration. | ||||
| * | libhydra: Remove empty unused library | Tobias Brunner | 2016-03-03 | 1 | -1/+0 |
| | | |||||
| * | plugins: Don't link with -rdynamic on Windows | Martin Willi | 2014-06-04 | 1 | -1/+1 |
| | | |||||
| * | credmgr: introduce a hook function to catch trust chain validation errors | Martin Willi | 2013-07-18 | 1 | -1/+6 |
| | | |||||
| * | automake: replace INCLUDES by AM_CPPFLAGS | Martin Willi | 2013-07-18 | 1 | -3/+5 |
| | | | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only. | ||||
| * | addrblock: Use plugin features with soft dependency on X.509 decoding | Tobias Brunner | 2013-06-11 | 1 | -5/+34 |
| | | |||||
| * | Moved debug.[ch] to utils folder | Tobias Brunner | 2012-10-24 | 1 | -1/+1 |
| | | |||||
| * | Added a (not yet implemented) plugin_t method to reload plugin configuration | Martin Willi | 2011-04-15 | 1 | -0/+1 |
| | | |||||
| * | Added a get_name() function to plugin_t, create_plugin_enumerator enumerates ↵ | Martin Willi | 2011-04-15 | 2 | -2/+11 |
| | | | | | over plugin_t | ||||
| * | fixed cert_validator_t:validate interface | Andreas Steffen | 2011-01-07 | 1 | -5/+4 |
| | | |||||
| * | Use a seperate section for each nested struct member in INIT macro | Martin Willi | 2010-08-18 | 1 | -1/+5 |
| | | |||||
| * | Moved X509 ipAddrBlock checking to the addrblock plugin | Martin Willi | 2010-07-13 | 4 | -1/+216 |
| | | |||||
| * | Moved addrblock plugin to libcharon | Martin Willi | 2010-07-13 | 5 | -0/+293 |
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |