aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
| * | Load multiple comma seperarated certificates in the leftcert optionMartin Willi2013-01-181-15/+32
| | |
* | | Merge branch 'systime'Martin Willi2013-03-015-0/+445
|\ \ \ | | | | | | | | | | | | | | | | | | | | Add a systime-fix plugin allowing an embedded system to validate certificates if the system time has not been synchronized after boot. Certificates of established tunnels can be re-validated after the system time gets valid.
| * | | systime-fix disables certificate lifetime validation if system time not syncedMartin Willi2013-02-194-0/+326
| | | | | | | | | | | | | | | | | | | | | | | | The system time can be periodically checked. If it gets valid, certificates get rechecked with the current lifetime. If certificates are invalid, associated IKE_SAs can be closed or reauthenticated.
| * | | Add a stub for systime-fix, a plugin handling certificate lifetimes gracefullyMartin Willi2013-02-193-0/+119
| | |/ | |/|
* | | Merge branch 'vip-shunts'Martin Willi2013-03-011-11/+6
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Installs bypass policies for the physical address if a virtual address is assigned, and installs a proper source route to actually use the physical address for bypassed destinations. Conflicts: src/libcharon/plugins/unity/unity_handler.c
| * | | Include local address for Unity Split-Exclude shunt policiesMartin Willi2013-02-201-10/+5
| | | | | | | | | | | | | | | | | | | | If we use a virtual IP, having a shunt policy for just that wouldn't work, as we want a shunt bypass using the local address.
* | | | Merge branch 'opaque-ports'Martin Willi2013-03-015-9/+11
|\ \ \ \ | |/ / / |/| | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | | Pass complete port range over stroke interface for more flexibilityMartin Willi2013-02-211-14/+4
| | | |
| * | | Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-215-12/+22
| |/ /
* | | treat IF-M and IF-TNCCS remediation instructions/parameters in an equal wayAndreas Steffen2013-02-193-97/+198
| | |
* | | Streamlined log messages in ipseckey pluginAndreas Steffen2013-02-192-58/+30
| | |
* | | ipseckey: Report IPSECKEYs with invalid DNSSEC security stateReto Guadagnini2013-02-191-2/+12
| | |
* | | ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.confReto Guadagnini2013-02-191-3/+16
| | |
* | | Added ipseckey plugin, which provides support for public keys in IPSECKEY RRsReto Guadagnini2013-02-197-0/+852
| | |
* | | added missing return statementAndreas Steffen2013-02-191-0/+1
| | |
* | | reject PB-Experimental messages with NOSKIP flag setAndreas Steffen2013-02-191-0/+7
| | |
* | | Add a timeout to clean up PDP RADIUS connectionsMartin Willi2013-02-141-0/+51
| | |
* | | Keep the PDP connections lock while accessing its objectsMartin Willi2013-02-143-7/+34
| | | | | | | | | | | | | | | | | | When we introduce connection timeouts, the state may disappear at any time. This change prevents that, but is not very clear. We probably have to refactor connection handling.
* | | Add locking to TNC-PDP connectionsMartin Willi2013-02-141-7/+23
| | |
* | | Merge branch 'ike-dscp'Martin Willi2013-02-1410-56/+114
|\ \ \
| * | | Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packetsMartin Willi2013-02-061-1/+1
| | | |
| * | | Add a DSCP configuration value to IKE configsMartin Willi2013-02-069-19/+15
| | | |
| * | | Set DSCP values when sending IP packets in socket-defaultMartin Willi2013-02-061-1/+65
| | | |
| * | | Don't send a packet in default socket if family is not IPv4 nor IPv6Martin Willi2013-02-061-12/+18
| | | |
| * | | Avoid extensive casting of sockaddr types in socket-default by using a unionMartin Willi2013-02-061-24/+16
| |/ / | | | | | | | | | Additionally fixes a strict-aliasing rule compiler warning with older gcc.
* | | Check if recommendations is set before applying language preferenceMartin Willi2013-02-141-3/+6
| | |
* | | Merge branch 'pt-tls'Martin Willi2013-02-143-9/+0
|\ \ \
| * | | TNCCS plugins don't depend on EAP-TNC, but can be used by other transports, tooMartin Willi2013-01-153-9/+0
| | |/ | |/|
* | | Fix 'stroke loglevel any'Tobias Brunner2013-02-131-4/+11
| | | | | | | | | | | | | | | | | | | | | Before b46a5cd4 this worked if debug_t was unsigned. In that case -1, as returned by enum_from_name(), would result in a large positive number. So any unknown debug group (including 'any') had the same effect that was only intended for 'any'.
* | | treat EAP identities as user IDsAndreas Steffen2013-02-121-3/+3
| | |
* | | make TNC client authentication type available to IMVsAndreas Steffen2013-02-127-26/+146
| | |
* | | determine underlying IF-T transport protocolAndreas Steffen2013-02-1210-62/+184
| | |
* | | make AR identities available to IMVs via IF-IMV 1.4 draftAndreas Steffen2013-02-115-0/+146
| | |
* | | Make IKE/EAP IDs available to TNC server/clientAndreas Steffen2013-02-118-24/+81
| |/ |/|
* | Use proper buffer sizes for parse_smartcard()Tobias Brunner2013-01-241-7/+10
| |
* | Removed unused command name when printing usage info for lookipTobias Brunner2013-01-241-1/+1
| |
* | Filter TS list for Split-Includes before printing them to debug logMartin Willi2013-01-211-10/+34
|/
* Don't handle right=%any6 as "loose" identity, but as %anyMartin Willi2013-01-141-2/+1
|
* Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-129-12/+20
|\ | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-128-11/+18
| |
| * Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-249-12/+13
| |
* | Fixed some typos in commentsVolker RĂ¼melin2013-01-111-1/+1
|/
* Send empty CDATA batch if TNC client has no data to sendAndreas Steffen2012-12-231-16/+28
|
* Fixed some typos, courtesy of codespellTobias Brunner2012-12-202-2/+2
|
* Add missing error_notify_msg.h to distribution tarballMartin Willi2012-12-191-1/+2
|
* Add an error-notify sample application to listen to error notificationsMartin Willi2012-12-193-0/+66
|
* Add an error-notify plugin to send catched alerts to listening applicationsMartin Willi2012-12-198-0/+736
|
* Raise alerts when enforcing IKE_SA unique policyMartin Willi2012-12-191-0/+1
|
* Fix deadlock in IMC/IMV managersTobias Brunner2012-12-182-8/+36
| | | | | | | | | Since reserve_id() might be called from e.g. notify_connection_change() using a write lock will not work as this can't be acquired while holding the read lock. Also, with the previous code it was possible that two IMCs/IMVs added by two threads at the same time would get the same ID assigned.
* Properly select IMC/IMV according to given primary ID in reserve_id()Tobias Brunner2012-12-182-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 12:05:34 +0000