| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Use standard unsigned integer types | Andreas Steffen | 2016-03-24 | 1 | -1/+1 |
| | | |||||
| * | ikev1: Make sure SPIs in an IKEv1 DELETE payload match the current SA | Tobias Brunner | 2015-03-23 | 1 | -0/+39 |
| | | | | | | | | | | | | | | | | | | | | | OpenBSD's isakmpd uses the latest ISAKMP SA to delete other expired SAs. This caused strongSwan to delete e.g. a rekeyed SA even though isakmpd meant to delete the old one. What isakmpd does might not be standard compliant. As RFC 2408 puts it: Deletion which is concerned with an ISAKMP SA will contain a Protocol-Id of ISAKMP and the SPIs are the initiator and responder cookies from the ISAKMP Header. This could either be interpreted as "copy the SPIs from the ISAKMP header of the current message to the DELETE payload" (which is what strongSwan assumed, and the direction IKEv2 took it, by not sending SPIs for IKE), or as clarification that ISAKMP "cookies" are actually the SPIs meant to be put in the payload (but that any ISAKMP SA may be deleted). | ||||
| * | payload: Use common prefixes for all payload type identifiers | Martin Willi | 2014-06-04 | 1 | -1/+1 |
| | | | | | | The old identifiers did not use a proper namespace and often clashed with other defines. | ||||
| * | ikev1: Reestablish IKE_SA/CHILD_SAs if it gets deleted by the peer | Tobias Brunner | 2013-07-17 | 1 | -0/+5 |
| | | | | | | We call ike_sa_t.reestablish() so the IKE_SA is only recreated if any CHILD_SA requires it. | ||||
| * | Separated libcharon/sa directory with ikev1 and ikev2 subfolders | Martin Willi | 2012-03-20 | 1 | -0/+147 |
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |