aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* fixed typoAndreas Steffen2011-01-021-2/+2
|
* set tfcv3 flag TRUE in ha_dispatcherAndreas Steffen2010-12-261-4/+4
|
* implemented wrap around of registered IKEv1 algorithm namesAndreas Steffen2010-12-261-3/+1
|
* wrap list of IKEv2 algorithms after 120 characters per lineAndreas Steffen2010-12-241-20/+43
|
* Migrated stroke_list_t to INIT/METHOD macrosAndreas Steffen2010-12-241-25/+21
|
* eliminated whitespaceAndreas Steffen2010-12-211-1/+1
|
* Migrated child_create_t to INIT/METHOD macrosAndreas Steffen2010-12-211-83/+55
|
* Added a tfc ipsec.conf keyword to control Traffic Flow ConfidentialityMartin Willi2010-12-201-1/+1
|
* Do not use TFC padding if peer does not support ESPv3Martin Willi2010-12-203-11/+31
|
* Added a TFC padding option to child_cfgMartin Willi2010-12-2012-12/+36
|
* Implemented Traffic Flow Confidentiality padding in kernel_interfaceMartin Willi2010-12-202-2/+3
|
* trace back crypto algorithms to the plugins that registered themAndreas Steffen2010-12-183-17/+35
|
* Install selectors on transport mode IPsec SAs.Jiri Bohac2010-12-131-1/+1
| | | | | | | | | | | | | | | | This fixes several test cases in IKEv2_Self_Test (part of the IPv6 Ready Logo Program) which is required for USGv6 certification, namely: - IKEv2.EN.I.1.1.7.1, IKEv2.EN.I.1.1.7.1: Narrowing the range of members of the set of traffic selectors - IKEv2.EN.R.1.1.7.3: Narrowing multiple traffic selector When traffic selectors of a triggered SA are narrowed by the responder, the installed policy and the broader trap policy share the same reqid. Without selectors on the IPsec SA packets matching the trap policy, but not the narrowed policy, would incorrectly be handled by that IPsec SA. Since only one selector can be specified per IPsec SA, there is currently no solution for tunnel mode SAs.
* reverted Connection ID to capital lettersAndreas Steffen2010-12-121-2/+2
|
* some more cosmeticsAndreas Steffen2010-12-121-9/+9
|
* final cosmetics in PB-TNC debug outputAndreas Steffen2010-12-122-31/+30
|
* implemented PB-TNC message parsing checksAndreas Steffen2010-12-1225-605/+1195
|
* some code optimizationsAndreas Steffen2010-12-111-42/+67
|
* support handshake retry requestsAndreas Steffen2010-12-101-0/+15
|
* the PB-TNC protocol is workingAndreas Steffen2010-12-102-15/+50
|
* refactored message handlingAndreas Steffen2010-12-101-147/+194
|
* do not accept results and recommendation messages from clientsAndreas Steffen2010-12-101-10/+29
|
* defined some additional Private Enterprise NumbersAndreas Steffen2010-12-101-2/+6
|
* define pb_tnc_state_machine_t objectAndreas Steffen2010-12-106-229/+401
|
* debug cosmeticsAndreas Steffen2010-12-102-13/+21
|
* Renamed purgex509/crl to purgecerts/crls to be consistent with list commandsMartin Willi2010-12-101-2/+2
|
* implemented handling of received PB-TNC messagesAndreas Steffen2010-12-102-14/+179
|
* Added options to flush CRLs/X509 certs from the cert cacheMartin Willi2010-12-101-0/+8
|
* refactored PB-TNC state machine in receive directionAndreas Steffen2010-12-091-83/+90
|
* refactored PB-TNC state machine in send directionAndreas Steffen2010-12-091-91/+95
|
* pb_tnc_batch_t class implements parsing and building of PB-TNC batchesAndreas Steffen2010-12-0912-430/+1155
|
* fixed memory corruptionAndreas Steffen2010-12-081-1/+1
|
* Never register IKE_SA during checkout_new, as rekeying keeps it checked outMartin Willi2010-12-072-18/+2
|
* added newlineAndreas Steffen2010-12-071-0/+1
|
* re-introduced commentAndreas Steffen2010-12-071-1/+3
|
* Migrated stroke_control_t to INIT/METHOD macrosAndreas Steffen2010-12-071-46/+30
|
* Migrated stroke_plugin_t to INIT/METHOD macrosAndreas Steffen2010-12-071-7/+11
|
* Guarantee entry->other is set when calling put_connected_peersThomas Egerer2010-12-061-1/+7
| | | | | | | | | | | Given the original intent of entry->host, the check for DoS attacks, it can happen that this value remains NULL when an entry is created. This is particularly awkward if put_connected_peers is called to check if a connection to a given peer already exists, since it takes the address family into consideration (git commit b74219d0) which is gleaned from entry->host. This patch guarantees that entry->other is a clone of host before put_connected_peers is called.
* stupid typoAndreas Steffen2010-12-051-1/+1
|
* cosmeticsAndreas Steffen2010-12-051-2/+2
|
* cosmeticsAndreas Steffen2010-12-051-3/+3
|
* added parsing checksAndreas Steffen2010-12-051-6/+10
|
* support of reqid field in SQL databaseAndreas Steffen2010-12-053-6/+9
|
* fixed pb_reason_string_message_t classAndreas Steffen2010-12-052-51/+13
|
* CDP enumerator added to SQL plugin.Tobias Brunner2010-12-031-1/+108
|
* Tables added for CAs and CDPs.Tobias Brunner2010-12-032-0/+34
|
* Migrated sql_cred_t to INIT/METHOD macros.Tobias Brunner2010-12-031-78/+61
|
* Refactored stroke_cred_t to use mem_cred_t.Tobias Brunner2010-12-035-580/+32
|
* Avoid calling globfree twice on failure.Tobias Brunner2010-12-031-1/+0
|
* removed superfluous whitespaceAndreas Steffen2010-12-038-38/+38
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-22 01:41:20 +0000