aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* duplicheck: Use plugin features to register listenerTobias Brunner2013-06-111-3/+29
|
* coupling: Use plugin features and soft depend on SHA1Tobias Brunner2013-06-111-12/+40
|
* certexpire: Use plugin features to register listenerTobias Brunner2013-06-111-4/+30
|
* addrblock: Use plugin features with soft dependency on X.509 decodingTobias Brunner2013-06-111-5/+34
|
* dhcp: Use plugin features with dependency to RNG implementationTobias Brunner2013-06-111-17/+45
|
* sql: Use plugin features with dependency to database backendTobias Brunner2013-06-111-33/+62
|
* Socket plugins soft depend on the kernel-ipsec plugin featureTobias Brunner2013-06-112-0/+2
| | | | | On most platforms calls to methods to bypass the IKE sockets and enabling UDP decapsulation are required.
* Converted test for recursive mutex_tTobias Brunner2013-06-113-102/+0
|
* Converted tests for chunk_tTobias Brunner2013-06-113-84/+0
|
* Converted and added tests for hashtable_tTobias Brunner2013-06-113-114/+1
|
* Converted tests for identification_tTobias Brunner2013-06-113-254/+0
|
* Remove obsolete enumerator/linked_list tests in unit_tester pluginTobias Brunner2013-06-113-312/+0
|
* updown: pass IKE_SA unique ID in PLUTO_UNIQUEIDEmanuil Hristov2013-05-161-1/+2
|
* Raise LOCAL_AUTH_FAILED alert after receiving AUTHENTICATION_FAILUREMartin Willi2013-05-152-1/+2
|
* stroke: Add second password if providedTobias Brunner2013-05-081-0/+13
|
* stroke: Fail silently if another builder calls PW callback after giving upTobias Brunner2013-05-081-9/+14
| | | | Also reduced the number of tries to 3.
* stroke: Cache passwords so the user is not prompted multiple times for the ↵Tobias Brunner2013-05-081-1/+13
| | | | | | | | | | same password To verify/decrypt a PKCS#12 container a password might be needed multiple times. If it was entered correctly we don't want to bother the user again with another password prompt. The passwords for MAC creation and encryption could be different so the user might be prompted multiple times after all.
* stroke: Fix prompt and error messages in passphrase callbackTobias Brunner2013-05-081-11/+13
|
* stroke: Load credentials from PKCS#12 files (P12 token)Tobias Brunner2013-05-081-15/+92
|
* Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-073-17/+17
|
* left|rightrsasigkey accepts SSH keys but the key format has to be specified ↵Tobias Brunner2013-05-071-12/+22
| | | | | | | explicitly The default is now PKCS#1. With the dns: and ssh: prefixes other formats can be selected.
* Try to load raw keys from ipsec.conf as PKCS#1 blob firstTobias Brunner2013-05-071-5/+12
| | | | | The DNSKEY builder is quite eager and parses pretty much anything as RSA key, so this has to be done before.
* kernel-interface: query SAD for last use time if SPD query didn't yield oneMartin Willi2013-05-062-6/+20
|
* child-sa: query SAD/SPD just for what we actually need to update statisticsMartin Willi2013-05-061-2/+5
|
* child-sa: pass traffic selector to add_sa() regardless of IPsec modeMartin Willi2013-05-061-14/+11
| | | | | This lets the kernel backend decide what to do with it, and in fact all kernel interfaces already handle this correctly.
* socket-default: to bind to one dynamic port on OS X, create v4 socket before v6Martin Willi2013-05-061-1/+7
| | | | | It seems that the order of binding sockets of different address families to the same dynamic port must be v6-before-v4 on Linux, but v4-before-v6 on OS X.
* socket-default: refactor socket pair opening to a functionMartin Willi2013-05-061-27/+23
|
* socket-default: Don't try to send packet if we haven't a socket for given familyMartin Willi2013-05-061-3/+4
|
* socket-default: Use -1 if socket is not available, as 0 is actually a valid fdMartin Willi2013-05-061-20/+23
|
* proposals: try next if IKEv2 algorithm could not be mapped to IKEv1Martin Willi2013-05-061-2/+4
|
* socket-dynamic: when sending from port zero, allocate a free port dynamicallyMartin Willi2013-05-061-26/+101
|
* controller: clean up job data if a thread gets cancelled waiting in a functionMartin Willi2013-05-061-3/+6
| | | | | Controller functions are thread cancellation points, so register a cancellation handler cleaning up job data.
* Use the GEN silent rule when generating files with sedMartin Willi2013-05-061-1/+1
|
* Introduce an optional logger_t.vlog() method with format string and argumentsMartin Willi2013-05-062-16/+85
| | | | | | | To have more flexibility in the logging backend, receiving the original format string and do printf() substitution in the logger may be preferable. An additional but optional logger method does not touch the behavior of existing loggers.
* Raise an ALERT_PROPOSAL_MISMATCH_CHILD also when receiving NO_PROPOSAL_CHOSENMartin Willi2013-05-061-0/+20
|
* Raise an ALERT_PROPOSAL_MISMATCH_IKE also when receiving NO_PROPOSAL_CHOSENMartin Willi2013-05-061-0/+20
|
* eap-radius: add an option to disable accounting for tunnels without virtual IPMartin Willi2013-05-061-0/+30
|
* eap-radius: use IKE_SA unique id instead of peer identity to manage virtual IPsMartin Willi2013-05-063-34/+100
| | | | Fixes some corner cases if multiple tunnels use the same peer identity.
* Don't unset IKE_SA on bus before we released virtual IPs and attributesMartin Willi2013-05-061-10/+8
|
* fixed typoAndreas Steffen2013-04-191-1/+1
|
* Added charon.initiator_only option which causes charon to ignore IKE ↵Andreas Steffen2013-04-141-2/+10
| | | | initiation requests by peers
* eap-radius: Add an option to exclude ports from Called/Calling-Station-IdMartin Willi2013-04-102-9/+37
|
* emit a single assig_vips bus message for all VIPsAndreas Steffen2013-04-068-62/+57
|
* ifmap plugin subscribes to assing_vip bus signalAndreas Steffen2013-04-067-2/+135
|
* unity: Check IKE_SA in only after enumerating virtual IPsTobias Brunner2013-04-051-2/+1
|
* cleaned up XML code in tnccs-11 pluginAndreas Steffen2013-04-048-80/+82
|
* duplicheck: track multiple IKE_SAs in checking state to avoid any racesMartin Willi2013-04-041-63/+123
| | | | | | When two consequent duplicates have been detected, track state of each checking IKE_SA separately, avoiding potential race conditions between the active SA and the different SAs in checking state.
* fixed memory leakAndreas Steffen2013-04-031-1/+1
|
* properly handle orphaned renewSession jobsAndreas Steffen2013-04-035-24/+102
|
* support chunked HTTP responsesAndreas Steffen2013-04-034-140/+370
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 06:47:37 +0000