aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev1/phase1.c
Commit message (Collapse)AuthorAgeFilesLines
* ikev1: First do PSK lookups based on identities then fallback to IPsTobias Brunner2017-03-201-36/+34
| | | | | | | | This provides a solution for configs where there is e.g. a catch-all %any PSK, while more specific PSKs would be found by the identities of configs that e.g. use FQDNs as local/remote addresses. Fixes #2223.
* ikev1: Avoid modifying local auth config when detecting pubkey methodTobias Brunner2016-03-031-1/+1
| | | | | | | | | If it was necessary to pass the local certificates we could probably clone the config (but we don't do that either when later looking for the key to actually authenticate). Passing auth adds the same subject cert to the config over and over again (I guess we could also try to prevent that by searching for duplicates).
* ikev1: Pass current auth-cfg when looking for key to determine auth methodTobias Brunner2015-08-191-1/+1
| | | | | | | | | If multiple certificates use the same subjects we might choose the wrong one otherwise. This way we use the one referenced with leftcert and stored in the auth-cfg and we actually do the same thing later in the pubkey authenticator. Fixes #1077.
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-231-1/+5
|
* encoding: Allow ke_payload_create_from_diffie_hellman() to failMartin Willi2015-03-231-1/+7
|
* ikev1: Be more verbose if a peer config would match, but is unusable for ModeMartin Willi2014-09-251-0/+12
|
* payload: Use common prefixes for all payload type identifiersMartin Willi2014-06-041-5/+5
| | | | | The old identifiers did not use a proper namespace and often clashed with other defines.
* Fixed log message when no shared secret is found during IKEv1 Main ModeTobias Brunner2012-10-291-1/+1
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Merge branch 'multi-vip'Martin Willi2012-08-311-0/+30
|\ | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers.
| * Support multiple address pools configured on a peer_cfgMartin Willi2012-08-301-0/+15
| |
| * Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-301-0/+15
| |
* | Fall back to local address as IKEv1 identity if nothing else is configuredTobias Brunner2012-08-241-2/+14
|/
* Lookup IKEv1 PSK even if the peer identity is not knownMartin Willi2012-07-311-1/+1
|
* Nonce: Let get_nonce, allocate_nonce return booleanReto Buerki2012-07-161-1/+6
|
* Use received identity to look up PSK as aggressive responderMartin Willi2012-05-231-2/+9
|
* Switch to alternative peer config in IKEv1 Main and Aggressive Mode.Tobias Brunner2012-05-211-6/+47
|
* Use nonce_gen instead of rng to generate noncesAdrian-Ken Rueegsegger2012-05-181-6/+6
| | | | | Replace usage of rng plugin with nonce generator to create nonces in IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.
* Select public key auth method by checking what key we haveMartin Willi2012-03-201-4/+96
|
* Pass IKEv1 specific keymat to ike_keys hookMartin Willi2012-03-201-2/+2
|
* Set selected proposal on IKEv1 SA, don't pass it separately to Phase 1 helperMartin Willi2012-03-201-5/+6
|
* Select IKEv1 configurations by main/aggressive mode optionMartin Willi2012-03-201-2/+4
|
* Implemented a common Phase 1 helper class to use by main and aggressive modesMartin Willi2012-03-201-0/+605
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-11 12:50:46 +0000