aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* Resolve hosts by DNS name in separate threads so we can cancel themTobias Brunner2012-10-181-1/+2
| | | | | | | | | | getaddrinfo(3) may block a long time so proper termination of the daemon may block if DNS servers are not reachable. getaddrinfo(3) is an optional cancellation point in posix threads so it might still block a shutdown but at least on Android (with the signal based pthread_cancel implementation) it works, on Linux starter will kill charon anyway after a while.
* Added a new alert that is raised if peer does not respond to initial IKE messageTobias Brunner2012-10-162-0/+4
|
* Remove unused this parameter to load_issuer_cert/key(), as it is uninitializedMartin Willi2012-10-161-4/+4
|
* Generate a load-tester certificate only for DN or subjectAltName identitiesMartin Willi2012-10-161-7/+17
|
* Add a load-tester initiator_match option to match custom initiator_idMartin Willi2012-10-161-2/+15
|
* Encode non-DN load-tester identities as subjectAltNamesMartin Willi2012-10-161-1/+16
|
* Add a load-tester digest option for issuing peer certificatesMartin Willi2012-10-161-1/+16
|
* Load a multiple load-tester CA certificates from a directoryMartin Willi2012-10-161-4/+63
|
* Added load-tester options to read issuing CA certificate and key from filesMartin Willi2012-10-161-7/+45
|
* Fixed compilation of android_handler_tTobias Brunner2012-10-111-0/+1
|
* Fix leak of PINs from ipsec.secretsMartin Willi2012-10-091-1/+2
|
* allow has_noskip_flag to contain TRUE_OR_FALSEAndreas Steffen2012-10-071-1/+1
|
* test first and up in the outer while loopAndreas Steffen2012-10-071-5/+1
|
* Ensure UNSUPPORTED_CRITICAL_PAYLOAD notify contains correct payload typeTobias Brunner2012-09-281-0/+1
|
* Missed one in 6c10ceceTobias Brunner2012-09-281-0/+2
|
* Request is never NULL when responding with an INFORMATIONAL messageTobias Brunner2012-09-281-1/+1
|
* Completed state handling in isakmp_cert_preTobias Brunner2012-09-281-0/+4
| | | | Should not be a problem, but makes static analyzers happy.
* Added missing continue statement in ha socket error handlingTobias Brunner2012-09-281-0/+1
|
* Fixed snprintf check in tnc-ifmap pluginTobias Brunner2012-09-281-1/+1
|
* Use %x to print uint32 as long ints are 64-bit long on x64 LinuxTobias Brunner2012-09-281-1/+1
|
* Make sure first argument is an int when using %.*s to print e.g. chunksTobias Brunner2012-09-286-21/+22
|
* Avoid memory leak when sending RADIUS accounting start message failedTobias Brunner2012-09-281-1/+1
|
* Correctly initialize payload length of encrypted payloadTobias Brunner2012-09-281-1/+1
|
* The eap argument of send_response is never NULLTobias Brunner2012-09-281-13/+11
|
* Properly initialize sockaddr_in struct in fast and dhcp pluginsTobias Brunner2012-09-281-4/+7
|
* Clarified error message if enabling UDP decapsulation failsTobias Brunner2012-09-272-2/+4
|
* IKE_AUTH_LIFETIME task is not defined if IKEv2 is disabledTobias Brunner2012-09-251-1/+4
| | | | Fixes #229.
* Don't check interface of inbound message if interfaces are not filteredTobias Brunner2012-09-241-2/+3
| | | | | We don't have a proper kernel-net interface on Android yet, so the check for a usable interface does not work there.
* Made IP address enumeration more flexibleTobias Brunner2012-09-215-5/+5
| | | | Also added an option to enumerate addresses on ignored interfaces.
* Drop packets received on ignored interfacesTobias Brunner2012-09-211-2/+12
|
* Make it easy to check if an address is locally usable via changed ↵Tobias Brunner2012-09-212-18/+9
| | | | get_interface() method
* Don't ignore loopback devices and allow addresses on them being enumeratedTobias Brunner2012-09-215-7/+7
|
* Make sure we propose a dynamic TS if we don't have hosts to derive a TS fromTobias Brunner2012-09-211-10/+8
| | | | 7ee37114 removed this behavior.
* As Unity responder, don't change the proposed TS at all, racoon doesn't like ↵Martin Willi2012-09-182-7/+8
| | | | that
* Don't complain about multiple TS in IKEv1, as it supported with UnityMartin Willi2012-09-181-5/+0
|
* As initiator, narrow received Unity attributes to configured TSMartin Willi2012-09-181-4/+11
|
* When using Unity, bump up remote TS as initiator to 0.0.0.0/0, tooMartin Willi2012-09-181-5/+8
|
* Enable Cisco Unity only if Unity vendor id receivedMartin Willi2012-09-183-2/+5
|
* Exchange 0.0.0.0/0 traffic selectors with Unity, narrowing after exchangeMartin Willi2012-09-181-22/+87
|
* Add a Unity attribute provider that adds Split-Includes for TSMartin Willi2012-09-184-1/+232
|
* Check if subset calculation actually yields a TS in Unity narrowingMartin Willi2012-09-181-1/+5
|
* Request Unity configuration attributes for IKEv1 onlyMartin Willi2012-09-181-0/+6
|
* Add Cisco Unity client support for Split-Include and Local-LANMartin Willi2012-09-188-0/+781
|
* Derive a dynamic TS to multiple virtual IPsMartin Willi2012-09-188-118/+160
|
* Use the vararg list constructor in quick mode taskMartin Willi2012-09-181-16/+8
|
* Make stroke user-creds work with XAuth configsTobias Brunner2012-09-181-9/+18
|
* Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity>Tobias Brunner2012-09-181-0/+10
|
* Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiatorTobias Brunner2012-09-181-1/+2
| | | | | | If it is set on an auth config IDr will not be sent, and later the configured identity will not only be checked against the returned IDr, but also against other identities contained in the responder's certificate.
* Removed the unneeded socket-raw pluginTobias Brunner2012-09-147-885/+0
|
* Change traffic selectors during Quick Mode in case of a NAT in transport modeTobias Brunner2012-09-141-9/+19
| | | | | | | | | Windows 7 sends its internal address as TSi. While we don't support the NAT-T drafts as used by Windows XP it is interesting to note that the client there omits the TSi payload which then would automatically get set to the public IP address of the client. Fixes #220.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-11 23:01:59 +0000