aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* Use ref_get() to make sure CHILD_SA reqids are uniqueMartin Willi2013-06-111-2/+9
|
* ikev1: keep vendor ID task alive during full Main/Aggressive ModeMartin Willi2013-06-111-8/+75
| | | | Fixes DPD with Cisco IOS sending the DPD vendor ID not in the first message.
* ikev2: if installing a CHILD_SA as initiator fails, notify the responderMartin Willi2013-06-111-2/+36
|
* ikev2: raise LOCAL_AUTH_FAILED when receiving INFORMATIONAL with AUTH_FAILEDMartin Willi2013-06-111-0/+8
|
* ikev2: close an established IKE_SA when receiving AUTHENTICATION_FAILEDMartin Willi2013-06-111-0/+6
| | | | | | RFC 5996 compatible implementations MAY send an INFORMATIONAL message with an AUTHENTICATION_FAILED if the initiator failed to authenticate us. Handle such a message like a DELETE for an IKE_SA.
* ikev2: if responder authentication fails, send AUTHENTICATION_FAILEDMartin Willi2013-06-111-0/+29
| | | | | | | According to RFC 5996, we MAY send an INFORMATIONAL message having an AUTHENTICATION_FAILED. We don't do any retransmits, though, but just close the IKE_SA after one message has been sent, avoiding the danger that an unauthenticated IKE_SA stays alive.
* Allow IPComp on NATed connections, both for IKEv1 and IKEv2Martin Willi2013-06-112-33/+10
| | | | | | While this was problematic in earlier releases, it seems that it works just fine the way we handle compression now. So there is no need to disable it over NATed connections or when using forceencaps.
* Properly compare CHILD_SAs during rekey collisionTobias Brunner2013-06-111-5/+12
| | | | | | | The previous code did not properly check for the situation when the DELETE for a redundant CHILD_SA created by a responder during a CHILD_SA rekey collision arrives before the responder's answer to the initiator's winning CREATE_CHILD_SA request.
* Removed stray *_plugin_create() declarations from header filesTobias Brunner2013-06-113-15/+0
|
* eap-radius: Do initialization in a plugin feature callbackTobias Brunner2013-06-111-28/+47
|
* Refactored plugin-loader with improved dependency resolutionTobias Brunner2013-06-111-0/+1
| | | | | | With the new implementation the plugins don't have to be listed in any special order, dependencies are properly resolved. The order only matters if two plugins provide the same feature.
* android-log: Use plugin featuresTobias Brunner2013-06-111-2/+12
|
* android-dns: Use plugin features to register attribute handlerTobias Brunner2013-06-111-5/+31
|
* maemo: Use plugin featuresTobias Brunner2013-06-111-2/+12
|
* medsrv: Use plugin features with dependency on database implementationTobias Brunner2013-06-111-31/+56
|
* medcli: Use plugin features with dependency on database implementationTobias Brunner2013-06-111-35/+60
|
* whitelist: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
|
* updown: Use plugin features to register listener and attribute handlerTobias Brunner2013-06-111-20/+44
|
* unity: Use plugin features to register listener and attribute handler/providerTobias Brunner2013-06-111-10/+39
|
* unit-tester: Use plugin featuresTobias Brunner2013-06-111-4/+28
|
* uci: Use plugin features to register backend and credential setTobias Brunner2013-06-111-7/+32
|
* systime-fix: Use plugin features to register validatorTobias Brunner2013-06-111-24/+51
|
* smp: Use plugin featuresTobias Brunner2013-06-111-2/+12
|
* radattr: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
|
* lookip: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
|
* led: Use plugin features to register listenerTobias Brunner2013-06-111-4/+29
|
* ipseckey: Allow en-/disabling at runtime using plugin reload featureTobias Brunner2013-06-111-12/+26
|
* ipseckey: Use plugin features and depend on RESOLVERTobias Brunner2013-06-112-28/+53
| | | | Also fixed a double-free of the resolver instance.
* ha: Use plugin features to register listeners and attribute providerTobias Brunner2013-06-111-9/+37
|
* farp: Use plugin features to register listenerTobias Brunner2013-06-111-5/+29
|
* error-notify: Use plugin features to register listenerTobias Brunner2013-06-111-3/+29
|
* duplicheck: Use plugin features to register listenerTobias Brunner2013-06-111-3/+29
|
* coupling: Use plugin features and soft depend on SHA1Tobias Brunner2013-06-111-12/+40
|
* certexpire: Use plugin features to register listenerTobias Brunner2013-06-111-4/+30
|
* addrblock: Use plugin features with soft dependency on X.509 decodingTobias Brunner2013-06-111-5/+34
|
* dhcp: Use plugin features with dependency to RNG implementationTobias Brunner2013-06-111-17/+45
|
* sql: Use plugin features with dependency to database backendTobias Brunner2013-06-111-33/+62
|
* Socket plugins soft depend on the kernel-ipsec plugin featureTobias Brunner2013-06-112-0/+2
| | | | | On most platforms calls to methods to bypass the IKE sockets and enabling UDP decapsulation are required.
* Converted test for recursive mutex_tTobias Brunner2013-06-113-102/+0
|
* Converted tests for chunk_tTobias Brunner2013-06-113-84/+0
|
* Converted and added tests for hashtable_tTobias Brunner2013-06-113-114/+1
|
* Converted tests for identification_tTobias Brunner2013-06-113-254/+0
|
* Remove obsolete enumerator/linked_list tests in unit_tester pluginTobias Brunner2013-06-113-312/+0
|
* updown: pass IKE_SA unique ID in PLUTO_UNIQUEIDEmanuil Hristov2013-05-161-1/+2
|
* Raise LOCAL_AUTH_FAILED alert after receiving AUTHENTICATION_FAILUREMartin Willi2013-05-152-1/+2
|
* stroke: Add second password if providedTobias Brunner2013-05-081-0/+13
|
* stroke: Fail silently if another builder calls PW callback after giving upTobias Brunner2013-05-081-9/+14
| | | | Also reduced the number of tries to 3.
* stroke: Cache passwords so the user is not prompted multiple times for the ↵Tobias Brunner2013-05-081-1/+13
| | | | | | | | | | same password To verify/decrypt a PKCS#12 container a password might be needed multiple times. If it was entered correctly we don't want to bother the user again with another password prompt. The passwords for MAC creation and encryption could be different so the user might be prompted multiple times after all.
* stroke: Fix prompt and error messages in passphrase callbackTobias Brunner2013-05-081-11/+13
|
* stroke: Load credentials from PKCS#12 files (P12 token)Tobias Brunner2013-05-081-15/+92
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 06:02:01 +0000