aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* | | Removed auth_cfg_t.replace_value() and replaced usages with add().Tobias Brunner2012-04-183-17/+4
| | | | | | | | | | | | | | | replace_value() was used to replace identities. Since for these the latest is now returned by get(), adding the new identity with add() is sufficient.
* | | Store password with remote ID to tie it stronger to a specific connection.Tobias Brunner2012-04-181-12/+50
| | |
* | | Added stroke user-creds command, to set username/password for a connection.Tobias Brunner2012-04-173-1/+166
| | |
* | | Added method to add additional shared secrets to stroke_cred_t.Tobias Brunner2012-04-172-2/+20
| | |
* | | Typo fixed.Tobias Brunner2012-04-171-1/+1
| | |
* | | Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a ↵Martin Willi2012-04-171-5/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | few secs Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as initiator, we can't know if the completing IKE_SA_INIT message is to our first request or the one with the COOKIE. If the responder just enabled/disabled COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE behavior toggling improves the situation, but does not solve the problem during the initial COOKIE activation.
* | | Added a note about DH/keymat lifecycle for custom implementationsMartin Willi2012-04-171-1/+6
| | |
* | | Reuse existing DH value when retrying IKE_SA_INIT with a COOKIEMartin Willi2012-04-171-2/+5
| | |
* | | Use IP address as ID as responder if not configured or no IDr received.Tobias Brunner2012-04-161-3/+11
| | |
* | | Fall back on IP address as IDi if none is configured at all.Tobias Brunner2012-04-161-7/+7
| | |
* | | Use auth_cfg_t.replace_value where appropriate.Tobias Brunner2012-04-162-26/+5
| | |
* | | Fixed IDi in case neither left nor leftid is configured.Tobias Brunner2012-04-161-0/+21
| | |
* | | Don't invoke child_updown hook twice as responderMartin Willi2012-04-111-3/+8
| | |
* | | Accept zero-length certificate request payloadsMartin Willi2012-04-111-2/+1
| | |
* | | Properly initialize src in ike_sa_t.is_any_path_valid().Tobias Brunner2012-04-061-1/+1
| | |
* | | remove leading zero in ASN.1 encoded serial numbersAndreas Steffen2012-04-051-2/+2
| | |
* | | Make AES-CMAC actually usable for IKEv2.Tobias Brunner2012-04-041-0/+5
| | |
* | | moved chunk_skip_zero to chunk.hAndreas Steffen2012-04-031-2/+3
| | |
* | | added IKEv2 Generic Secure Password Authentication MethodAndreas Steffen2012-04-032-3/+10
| | |
* | | added IKEv2 Generic Secure Password Authentication MethodAndreas Steffen2012-04-032-6/+17
| | |
* | | added GSPM IKEv2 payloadAndreas Steffen2012-04-032-8/+20
| | |
* | | Doxygen fixes.Tobias Brunner2012-04-032-2/+2
| | |
* | | Don't cast second argument of mem_printf_hook (%b) to size_t.Tobias Brunner2012-03-275-12/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also treat the given number as unsigned int. Due to the printf hook registration the second argument of mem_printf_hook (if called via printf etc.) is always of type int*. Casting this to a size_t pointer and then dereferencing that as int does not work on big endian machines if int is smaller than size_t (e.g. on ppc64). In order to make this change work if the argument is of a type larger than int, size_t for instance, the second argument for %b has to be casted to (u_)int.
* | | smp: Use proper signed type to get return value of read(2).Tobias Brunner2012-03-271-1/+1
| | |
* | | Don't include individual glib headers in nm plugin.Tobias Brunner2012-03-261-1/+1
| | | | | | | | | | | | | | | Expections are glib/gi18n.h, glib/gi18n-lib.h, glib/gprintf.h and glib/gstdio.h.
* | | fixed parsing of IF-MAP SOAP responsesAndreas Steffen2012-03-211-35/+30
|/ /
* | added the strongswan.conf options of the tnc-pdp pluginAndreas Steffen2012-03-161-1/+1
| |
* | eliminate unneeded private variableAndreas Steffen2012-03-141-3/+3
| |
* | use MAX_RADIUS_ATTRIBUTE_SIZE constant from radius_message header fileAndreas Steffen2012-03-142-4/+3
| |
* | make the mppe salt uniqueAndreas Steffen2012-03-141-8/+18
| |
* | implemented MS_MPPE encryptionAndreas Steffen2012-03-131-14/+93
| |
* | use RADIUS_TUNNEL_TYPE_ESP defined in header fileAndreas Steffen2012-03-131-3/+1
| |
* | implemented RADIUS Filter-ID attributeAndreas Steffen2012-03-133-24/+87
| |
* | removed double library entryAndreas Steffen2012-03-131-2/+0
| |
* | adapted debug outputAndreas Steffen2012-03-131-1/+1
| |
* | keep a list of RADIUS connections with EAP method statesAndreas Steffen2012-03-134-12/+320
| |
* | apply maximum RADIUS attribute size to outbound EAP messagesAndreas Steffen2012-03-131-0/+9
| |
* | read PDP server name from strongswan.confAndreas Steffen2012-03-131-7/+29
| |
* | define MAX_RADIUS_ATTRIBUTE_SIZEAndreas Steffen2012-03-131-4/+5
| |
* | define peer and server identitiesAndreas Steffen2012-03-131-2/+9
| |
* | added EAP_SUCCESS/FAILURE message to RADIUS Accept/RejectAndreas Steffen2012-03-131-2/+7
| |
* | added msg_auth flag in radius_message_t sign() methodAndreas Steffen2012-03-132-2/+2
| |
* | simple RADIUS server example worksAndreas Steffen2012-03-131-14/+187
| |
* | first use of libradiusAndreas Steffen2012-03-131-2/+2
| |
* | created libradius shared by eap-radius and tnc-pdp pluginsAndreas Steffen2012-03-133-2/+19
| |
* | created tnc-pdp policy decision point pluginAndreas Steffen2012-03-136-0/+464
| |
* | Fixed crash and locking issues while unrouting connections via strokeMartin Willi2012-03-131-7/+8
| |
* | Clear peer addresses during HA update.Tobias Brunner2012-03-091-1/+6
| |
* | Simplified some route lookups now that we store all peer addresses in a list.Tobias Brunner2012-03-092-25/+9
| |
* | Renamed list of additional peer addresses as it now stores all known addresses.Tobias Brunner2012-03-097-43/+42
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 13:05:34 +0000