aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
| * Link android plugin against liblog in the NDK.Tobias Brunner2012-08-081-0/+1
| | | | | | | | Doesn't seem to hurt the build within the source tree.
| * Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-0816-47/+65
| | | | | | | | configurable.
* | Doxygen fixTobias Brunner2012-08-111-1/+1
| |
* | Use actual daemon name to enable XAuth/PSK with aggressive modeMartin Willi2012-08-101-2/+3
| |
* | EAP-GTC can use any XAuth backend, including xauth-pamMartin Willi2012-08-102-88/+45
| | | | | | | | | | | | | | This makes EAP-GTC a generic plain password authentication method, as it is used with XAuth. Instead of verifying credentials with PAM, any backend can be configured. The default is xauth-pam, providing the same functionality as EAP-GTC in strongSwan 4.x.
* | Add xauth-pam, an XAuth backend verifying credentials with PAMMartin Willi2012-08-106-0/+390
| |
* | make max_message_size parameter consistent with similar optionsAndreas Steffen2012-08-092-2/+2
|/
* Remove queued IKEv1 message before processing itMartin Willi2012-08-081-3/+5
| | | | | Avoids destruction or processing of a queued message in recursive process_message() call.
* Include src address in hash of initial message for Main ModeTobias Brunner2012-08-081-5/+31
| | | | | | | If two initiators use the same SPI and also use the same SA proposal the hash for the initial message would be exactly the same. For IKEv2 and Aggressive Mode that's not a problem as these messages include random data (Ni, KEi payloads).
* Add DH group 15 (MODP-3072) to IKE proposalAdrian-Ken Rueegsegger2012-08-061-0/+1
|
* Block XAuth transaction on established IKE_SAs, but allow Mode ConfigMartin Willi2012-08-032-2/+1
|
* Fix linking of addrblock plugin when building monolithicMartin Willi2012-08-031-1/+1
| | | | Fixes #212.
* Reject initial exchange messages early once IKE_SA is establishedMartin Willi2012-08-021-0/+18
|
* Lookup IKEv1 PSK even if the peer identity is not knownMartin Willi2012-07-311-1/+1
|
* Proper fallback if capability dropping is not availableTobias Brunner2012-07-272-1/+6
|
* Include stdint.h for UINTxx_MAX definesTobias Brunner2012-07-271-2/+3
| | | | Fixes #205.
* Don't include acquiring packet traffic selectors in IKEv1Martin Willi2012-07-261-0/+5
| | | | | | | | As we only can negotiate a single TS in IKEv1, don't prepend the triggering packet TS, as we do in IKEv2. Otherwise we don't establish the TS of the configuration, but only that of the triggering packet. Fixes #207.
* Implement late peer config switching after XAuth authenticationMartin Willi2012-07-261-15/+80
| | | | | | | If additional authentication constraints, such as group membership, is not fulfilled by an XAuth backend, we search for another peer configuration that fulfills all constraints, including those from phase1.
* Check if XAuth round complies to configured authentication roundMartin Willi2012-07-261-7/+18
|
* Don't add ANY identity constraint to auth config, as XAuth rounds don't use oneMartin Willi2012-07-262-3/+15
|
* Merge auth config items added from XAuth backends to IKE_SAMartin Willi2012-07-261-0/+1
|
* Add an ipsec.conf leftgroups2 parameter for the second authentication roundMartin Willi2012-07-262-3/+6
|
* Release leaking child config after uninstalling shunt policyMartin Willi2012-07-231-0/+1
|
* Don't print hexdumps on loglevel 1 if hash verification failsMartin Willi2012-07-201-3/+3
|
* Fix EAP-MSCHAPv2 master key derivation, broken with 87dd205bMartin Willi2012-07-181-4/+12
|
* Use centralized hasher names in coupling pluginMartin Willi2012-07-171-20/+2
|
* handled return values in tnc-pdpAndreas Steffen2012-07-161-8/+17
|
* Handle PRF failures in eap-aka-3gpp2Martin Willi2012-07-164-57/+124
|
* Refactored error handling in keymat_v1_tMartin Willi2012-07-161-25/+27
|
* Clean up error handling in keymat_v2_tMartin Willi2012-07-161-87/+65
|
* Cleaned up memory management and return values for encryption payloadMartin Willi2012-07-165-35/+35
|
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-169-44/+125
|
* Add a return value to keymat_v1_t.{get,update,confirm}_ivMartin Willi2012-07-165-31/+80
|
* Add a return value to hasher_t.get_hash()Martin Willi2012-07-163-10/+28
|
* Add a return value to crypter_t.set_key()Martin Willi2012-07-163-7/+24
|
* Add a return value to crypter_t.decrypt()Martin Willi2012-07-161-2/+1
|
* Add a return value to crypter_t.encryptMartin Willi2012-07-162-3/+8
|
* Check rng return value when generating identity in eap-simaka-reauth pluginTobias Brunner2012-07-161-4/+18
|
* Check rng return value when generating pseudonym in eap-simaka-pseudonym pluginTobias Brunner2012-07-161-1/+10
|
* Check rng return value when generating nonces in eap-aka pluginTobias Brunner2012-07-161-1/+4
|
* Check rng return value when generating nonces in eap-sim pluginTobias Brunner2012-07-162-2/+8
|
* Check rng return value when generating RAND in eap-aka-3gpp2 pluginTobias Brunner2012-07-161-2/+2
|
* Check rng return value when generating challenges in eap-md5 and mschapv2 ↵Tobias Brunner2012-07-162-12/+12
| | | | plugins
* Check rng return value when generating Transaction IDs in DHCP pluginTobias Brunner2012-07-161-1/+5
|
* Check rng return value when generating ME CONNECT_ID and KEYTobias Brunner2012-07-161-2/+14
|
* Check rng return value when generating IKEv1 message IDsTobias Brunner2012-07-161-8/+20
|
* Check rng return value when generating COOKIE2 during MOBIKETobias Brunner2012-07-161-6/+11
|
* Check rng return value when generating COOKIE secret in receiverTobias Brunner2012-07-161-8/+22
|
* Check rng return value when generating fake NAT detection payloadsTobias Brunner2012-07-162-4/+5
|
* Check rng return value when encrypting encryption payloadTobias Brunner2012-07-161-2/+8
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 05:00:43 +0000