aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* stroke: Fail silently if another builder calls PW callback after giving upTobias Brunner2013-05-081-9/+14
| | | | Also reduced the number of tries to 3.
* stroke: Cache passwords so the user is not prompted multiple times for the ↵Tobias Brunner2013-05-081-1/+13
| | | | | | | | | | same password To verify/decrypt a PKCS#12 container a password might be needed multiple times. If it was entered correctly we don't want to bother the user again with another password prompt. The passwords for MAC creation and encryption could be different so the user might be prompted multiple times after all.
* stroke: Fix prompt and error messages in passphrase callbackTobias Brunner2013-05-081-11/+13
|
* stroke: Load credentials from PKCS#12 files (P12 token)Tobias Brunner2013-05-081-15/+92
|
* Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-073-17/+17
|
* left|rightrsasigkey accepts SSH keys but the key format has to be specified ↵Tobias Brunner2013-05-071-12/+22
| | | | | | | explicitly The default is now PKCS#1. With the dns: and ssh: prefixes other formats can be selected.
* Try to load raw keys from ipsec.conf as PKCS#1 blob firstTobias Brunner2013-05-071-5/+12
| | | | | The DNSKEY builder is quite eager and parses pretty much anything as RSA key, so this has to be done before.
* kernel-interface: query SAD for last use time if SPD query didn't yield oneMartin Willi2013-05-061-1/+1
|
* socket-default: to bind to one dynamic port on OS X, create v4 socket before v6Martin Willi2013-05-061-1/+7
| | | | | It seems that the order of binding sockets of different address families to the same dynamic port must be v6-before-v4 on Linux, but v4-before-v6 on OS X.
* socket-default: refactor socket pair opening to a functionMartin Willi2013-05-061-27/+23
|
* socket-default: Don't try to send packet if we haven't a socket for given familyMartin Willi2013-05-061-3/+4
|
* socket-default: Use -1 if socket is not available, as 0 is actually a valid fdMartin Willi2013-05-061-20/+23
|
* socket-dynamic: when sending from port zero, allocate a free port dynamicallyMartin Willi2013-05-061-26/+101
|
* Use the GEN silent rule when generating files with sedMartin Willi2013-05-061-1/+1
|
* eap-radius: add an option to disable accounting for tunnels without virtual IPMartin Willi2013-05-061-0/+30
|
* eap-radius: use IKE_SA unique id instead of peer identity to manage virtual IPsMartin Willi2013-05-063-34/+100
| | | | Fixes some corner cases if multiple tunnels use the same peer identity.
* fixed typoAndreas Steffen2013-04-191-1/+1
|
* eap-radius: Add an option to exclude ports from Called/Calling-Station-IdMartin Willi2013-04-102-9/+37
|
* emit a single assig_vips bus message for all VIPsAndreas Steffen2013-04-063-43/+38
|
* ifmap plugin subscribes to assing_vip bus signalAndreas Steffen2013-04-063-2/+76
|
* unity: Check IKE_SA in only after enumerating virtual IPsTobias Brunner2013-04-051-2/+1
|
* cleaned up XML code in tnccs-11 pluginAndreas Steffen2013-04-048-80/+82
|
* duplicheck: track multiple IKE_SAs in checking state to avoid any racesMartin Willi2013-04-041-63/+123
| | | | | | When two consequent duplicates have been detected, track state of each checking IKE_SA separately, avoiding potential race conditions between the active SA and the different SAs in checking state.
* fixed memory leakAndreas Steffen2013-04-031-1/+1
|
* properly handle orphaned renewSession jobsAndreas Steffen2013-04-035-24/+102
|
* support chunked HTTP responsesAndreas Steffen2013-04-034-140/+370
|
* implemented periodic IF-MAP RenewSession requestAndreas Steffen2013-04-036-1/+181
|
* List all stroke counters when "all" is given, and report if connection not knownMartin Willi2013-04-031-30/+88
|
* allow retrieval of private keys from other credential setsAndreas Steffen2013-04-022-9/+26
|
* improve checking of sent and received http messagesAndreas Steffen2013-04-021-3/+7
|
* Load raw keys before possibly destroying the identityTobias Brunner2013-04-011-12/+11
| | | | | | | | If no identity (or %any) is configured the identification_t object is destroyed and an invalid object was associated with the created pubkey certificate. Actually using %any does not work as the certificate would not match when the client later provides an identity.
* ipseckey: Use proper daemon name for enable optionTobias Brunner2013-04-011-1/+1
|
* Properly handle situation if no resolver plugins are loadedTobias Brunner2013-04-011-3/+2
|
* fixed capability metadataAndreas Steffen2013-03-311-1/+2
|
* renamed tnc_ifmap2 plugin to tnc_ifmapAndreas Steffen2013-03-3110-177/+177
|
* removed obsoleted tnc_ifmap pluginAndreas Steffen2013-03-317-1337/+0
|
* implemented http basic authenticationAndreas Steffen2013-03-313-46/+80
|
* parse IF-MAP server URIAndreas Steffen2013-03-313-41/+105
|
* implemented publish_enforcement_report and endSession methodsAndreas Steffen2013-03-301-6/+58
|
* implemented publish_ike_sa methodAndreas Steffen2013-03-301-6/+252
|
* ifmap message type is knownAndreas Steffen2013-03-303-12/+7
|
* implemented publish_device_ip methodAndreas Steffen2013-03-301-13/+132
|
* added IF-MAP SOAP error handlingAndreas Steffen2013-03-301-9/+32
|
* created tnc_ifmap2_soap_msg classAndreas Steffen2013-03-294-220/+343
|
* implement NewSession and PurgePublisher messages using the libxml2 libraryAndreas Steffen2013-03-293-79/+265
|
* set up a new IF-MAP sessionAndreas Steffen2013-03-298-0/+877
|
* Fixed Doxygen comment in eap_radius pluginTobias Brunner2013-03-271-2/+3
|
* error-notify: Close file descriptors in case clients are still connectedTobias Brunner2013-03-251-0/+6
|
* ipseckey: NULL pointer dereference fixed in error caseTobias Brunner2013-03-251-0/+1
|
* Fixed some typos, courtesy of codespellTobias Brunner2013-03-251-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 20:49:18 +0000