aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* | Fixed additional typos in comments and log messages.Tobias Brunner2012-01-122-3/+3
| |
* | Implemented TLS session resumption both as client and as serverMartin Willi2011-12-313-5/+7
| |
* | Make number of concurrently handled stroke messages configurable.Tobias Brunner2011-12-291-2/+9
| |
* | Limit the number of concurrently handled stroke messages.Tobias Brunner2011-12-291-18/+104
| | | | | | | | This avoids clogging the thread pool with potentially blocking jobs.
* | Fix deadlock in trap_manager_t during acquire.Tobias Brunner2011-12-231-28/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also fixes a TOCTOU issue regarding the use of entry_t.pending. The deadlock was caused because the rwlock was being locked while waiting for an IKE_SA. Triggering the deadlock was a bit tricky, here is the description by Thomas Egerer (the reporter of this issue): " The deadlock occurs when the following happens (in the given order): a) an IKE_SA is built and a thread is processing the IKE_AUTH request, which can take a bit longer when a smartcard is involved. This causes the ike_sa_manager to lock a particular IKE_SA exclusively. b) an acquire is triggered which causes the rwlock in the trap_manager to be read-locked, the subsequent call to ike_sa_manager->checkout_by_config has to wait until a) unlocks it's ike_sa. c) a child_cfg contained in the peer_cfg belonging to the ike_sa a) has locked is routed causes the child_configs contained in the peer config to be locked by c) while the actual routing code within trap_manager tries to writelock it's rwlock. That's about it. As soon as a) finishes authentication of the peer and tries to find a matching child sa it will try to lock the child configs of the peer config which is not possible since it has been locked by c). Thread | Resource locked | Resource desired -------+--------------------------------+-------------------------------- (a) | ike_sa in ike_sa_manager | child_cfgs of peer_cfg | | (b) | rwlock in trap-manager (read) | ike_sa in ike_sa_manager | | (c) | child_cfgs of peer_cfg | rwlock in trap-manager (write) " With this patch thread (b) now does not hold the lock while waiting for the IKE_SA. Thus (c) can get the write lock, and (a) can subsequently lock the mutex in the peer_cfg which then finally allows (b) to checkout the IKE_SA.
* | Fixed flush() method of trap_manager_t.Tobias Brunner2011-12-231-3/+9
| | | | | | | | | | A segmentation fault could have happened during destruction of the trap manager after calling flush().
* | Make sure the certificate cache is flushed when plugins are unloaded.Tobias Brunner2011-12-151-0/+2
| | | | | | | | | | This avoids segmentation faults when plugins implementing cert_t are already unloaded when the cache is flushed during destruction.
* | Added missing libsimaka files to Android.mk.Tobias Brunner2011-12-141-0/+2
| |
* | Destroy mediation managers before unloading plugins.Tobias Brunner2011-12-141-4/+4
| |
* | implemented IMC/IMV ReceiveMessageLong functionsAndreas Steffen2011-12-091-0/+2
| |
* | added IMC/IMV support for send_message_long() and reserve_additional_id() ↵Andreas Steffen2011-12-093-10/+20
| | | | | | | | functions
* | implemented IF-IMC/IMV 1.3 attributesAndreas Steffen2011-12-083-20/+224
| |
* | added TNC_TNCC_GetAttribute() and TNC_TNCC_SetAttribute() functionsAndreas Steffen2011-12-083-8/+59
| |
* | added TNC_IMC_ReceiveMessageLong() and TNC_IMV_ReceiveMessageLong() supportAndreas Steffen2011-12-086-51/+100
| |
* | fixed typo in function nameAndreas Steffen2011-12-081-1/+1
| |
* | added TNC_TNCS_ReserveAdditionalIMVID() functionAndreas Steffen2011-12-073-4/+102
| |
* | return with TNC_RESULT_SUCCESSAndreas Steffen2011-12-071-4/+5
| |
* | added TNC_TNCC_ReserveAdditionalIMCID() functionAndreas Steffen2011-12-073-3/+99
| |
* | added TNC_TNCC_SendMessageLong() and TNC_TNCS_SendMessageLong() functionsAndreas Steffen2011-12-077-45/+102
| |
* | corrected function name in error messageAndreas Steffen2011-12-072-2/+2
| |
* | added TNC_TNCC_ReportMessageTypesLong() and ↵Andreas Steffen2011-12-067-47/+336
| | | | | | | | TNC_TNCS_ReportMessageTypesLong() messages
* | upgraded IF-IMC/IMV inteface definitions to version 1.3Andreas Steffen2011-12-042-4/+0
| |
* | Reversed unintended commitSansar Choinyambuu2011-11-282-2/+2
| |
* | Changed the static function name in openssl_rsa_public_key objectSansar Choinyambuu2011-11-282-2/+2
| | | | | | | | Removed unused chunk variable from PTS verify_quote_signature function
* | Reversed unintended commitSansar Choinyambuu2011-11-282-2/+2
| |
* | Changed the static function name in openssl_rsa_public_key objectSansar Choinyambuu2011-11-282-2/+2
| | | | | | | | Removed unused chunk variable from PTS verify_quote_signature function
* | Fixed check for log groups when debug_t is unsigned.Tobias Brunner2011-11-251-1/+1
| | | | | | | | The range and signedness of enum types is up to the compiler.
* | Fixed proposal numbering check in sa_payloadMartin Willi2011-11-211-10/+0
| |
* | Fix unaligned aliasing warning in raw socketMartin Willi2011-11-171-5/+4
|/
* Fixed monolithic build of libcharon with libtnccs enabled.Tobias Brunner2011-11-081-0/+7
|
* Correctly refer to tnc-tnccs plugin when building monolithically.Tobias Brunner2011-11-081-1/+1
|
* Revert "fixed integrity tests of plugins using libtls or libtnccs"Tobias Brunner2011-11-0810-6/+18
| | | | | This reverts commit b597ac4a4cbcd9197b886d743c75d58293264580 (not completely).
* Revert "fixed integrity tests of plugins using libsimaka"Tobias Brunner2011-11-088-0/+8
| | | | | | | | This reverts commit 8c42f16deeeffa1ae305b18306b0796f49c9922c. Conflicts: src/charon/Makefile.am
* Syntax error in sqlite.sql fixed.Tobias Brunner2011-11-041-1/+1
|
* fixed integrity tests of plugins using libsimakaAndreas Steffen2011-11-048-8/+0
|
* Change order of destroy/get_ref function callsThomas Egerer2011-11-041-1/+1
| | | | | Since DESTROY_IF might destroy the peer_cfg, a get_ref on a freed object is subject to fail.
* fixed integrity tests of plugins using libtls or libtnccsAndreas Steffen2011-11-0211-18/+23
|
* Some Doxygen fixes.Tobias Brunner2011-10-282-3/+2
|
* CosmeticsAndreas Steffen2011-10-261-1/+2
|
* Don't link to tnc libraries on Android as no tnc plugins are currently enabled.Tobias Brunner2011-10-251-1/+1
|
* Build libtnccs on Android.Tobias Brunner2011-10-251-6/+1
|
* share some code between IMC and IMV managersAndreas Steffen2011-10-252-224/+34
|
* removed unneeded includesAndreas Steffen2011-10-252-4/+0
|
* refactored TNC frameworkAndreas Steffen2011-10-2539-901/+663
|
* moved imv_manager to libtnccsAndreas Steffen2011-10-2511-508/+78
|
* moved imc_manager to libtnccsAndreas Steffen2011-10-2517-372/+145
|
* Log if charon failed to establish a CHILD_SA but keeps the IKE_SA up.Tobias Brunner2011-10-211-0/+4
|
* The load-tester plugin does not support SAD/SPD flushing.Tobias Brunner2011-10-211-0/+2
|
* Fixed indention in load-tester kernel interface.Tobias Brunner2011-10-211-28/+28
|
* Add features support to tnccs pluginsAndreas Steffen2011-10-205-23/+107
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-21 10:05:22 +0000