aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
| * | Refactor auth_cfg applying to a common functionMartin Willi2013-02-261-20/+17
| | |
* | | Merge branch 'multi-cert'Martin Willi2013-03-011-15/+32
|\ \ \ | | | | | | | | | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * | | Load multiple comma seperarated certificates in the leftcert optionMartin Willi2013-01-181-15/+32
| | | |
* | | | Merge branch 'systime'Martin Willi2013-03-016-0/+452
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | Add a systime-fix plugin allowing an embedded system to validate certificates if the system time has not been synchronized after boot. Certificates of established tunnels can be re-validated after the system time gets valid.
| * | | | systime-fix disables certificate lifetime validation if system time not syncedMartin Willi2013-02-194-0/+326
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The system time can be periodically checked. If it gets valid, certificates get rechecked with the current lifetime. If certificates are invalid, associated IKE_SAs can be closed or reauthenticated.
| * | | | Add a stub for systime-fix, a plugin handling certificate lifetimes gracefullyMartin Willi2013-02-194-0/+126
| | |_|/ | |/| |
* | | | Merge branch 'ikev1-rekeying'Martin Willi2013-03-011-0/+21
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Migrates Quick Modes to the new Main Mode if an IKEv1 reauthentication replaces the old Main Mode having a uniqueids=replace policy.
| * | | | When detecting a duplicate IKEv1 SA, adopt children, as it might be a rekeyingMartin Willi2013-02-201-0/+21
| | | | |
* | | | | Merge branch 'vip-shunts'Martin Willi2013-03-011-11/+6
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Installs bypass policies for the physical address if a virtual address is assigned, and installs a proper source route to actually use the physical address for bypassed destinations. Conflicts: src/libcharon/plugins/unity/unity_handler.c
| * | | | | Include local address for Unity Split-Exclude shunt policiesMartin Willi2013-02-201-10/+5
| |/ / / / | | | | | | | | | | | | | | | | | | | | If we use a virtual IP, having a shunt policy for just that wouldn't work, as we want a shunt bypass using the local address.
* | | | | Merge branch 'opaque-ports'Martin Willi2013-03-017-12/+18
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | | | | Don't reject OPAQUE ports while verifying traffic selector substructureMartin Willi2013-02-211-1/+5
| | | | | |
| * | | | | Pass complete port range over stroke interface for more flexibilityMartin Willi2013-02-211-14/+4
| | | | | |
| * | | | | Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-216-14/+24
| | |/ / / | |/| | |
* | | | | Without MOBIKE, update remote host only if it is behind NATMartin Willi2013-03-011-2/+3
| | | | |
* | | | | Merge branch 'ikev1-mm-retransmits'Martin Willi2013-03-014-45/+55
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes retransmit of the last Main Mode or IKE_AUTH message, and correctly queues Main Mode messages when processing of the last message is still in progress.
| * | | | | For IKEv1 Main Mode, use message hash to detect early retransmissionsMartin Willi2013-02-251-10/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As the message ID is zero in all Main Mode messages, it can't be used to detect if we are already processing a given message.
| * | | | | Move initial message dropping to task managerMartin Willi2013-02-253-19/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the last request message of the initial tunnel setup is retransmitted, we must retransmit the response instead of ignoring the request. Fixes #295.
| * | | | | Use INIT macro to initialize IKE_SA manager entriesMartin Willi2013-02-251-17/+6
| | |/ / / | |/| | |
* | | | | Merge branch 'tfc-notify'Martin Willi2013-03-011-0/+9
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Introduces kernel backend features, sends ESP_TFC_PADDING_NOT_SUPPORTED if kernel does not support it.
| * | | | | Send ESP_TFC_PADDING_NOT_SUPPORTED if the used kernel doesn't support itMartin Willi2013-03-011-0/+9
| | |/ / / | |/| | |
* | | | | Trigger an updown event when destroying an IKE_SA based on INITIAL_CONTACTTobias Brunner2013-02-281-0/+1
| |_|_|/ |/| | | | | | | | | | | | | | | In other cases (i.e. when functions return DESTROY_ME) the event should already be triggered, but not in this forced situation.
* | | | Android.mk updated to latest MakefilesTobias Brunner2013-02-261-1/+1
| |/ / |/| | | | | | | | Fixes #300.
* | | treat IF-M and IF-TNCCS remediation instructions/parameters in an equal wayAndreas Steffen2013-02-193-97/+198
| | |
* | | Streamlined log messages in ipseckey pluginAndreas Steffen2013-02-192-58/+30
| | |
* | | ipseckey: Report IPSECKEYs with invalid DNSSEC security stateReto Guadagnini2013-02-191-2/+12
| | |
* | | ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.confReto Guadagnini2013-02-191-3/+16
| | |
* | | Added ipseckey plugin, which provides support for public keys in IPSECKEY RRsReto Guadagnini2013-02-198-0/+859
| | |
* | | added missing return statementAndreas Steffen2013-02-191-0/+1
| | |
* | | reject PB-Experimental messages with NOSKIP flag setAndreas Steffen2013-02-191-0/+7
| | |
* | | Add a timeout to clean up PDP RADIUS connectionsMartin Willi2013-02-141-0/+51
| | |
* | | Keep the PDP connections lock while accessing its objectsMartin Willi2013-02-143-7/+34
| | | | | | | | | | | | | | | | | | When we introduce connection timeouts, the state may disappear at any time. This change prevents that, but is not very clear. We probably have to refactor connection handling.
* | | Add locking to TNC-PDP connectionsMartin Willi2013-02-141-7/+23
| | |
* | | Add a global return_success() method implementationMartin Willi2013-02-141-8/+2
| | |
* | | Merge branch 'ike-dscp'Martin Willi2013-02-1413-59/+163
|\ \ \
| * | | Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packetsMartin Willi2013-02-061-1/+1
| | | |
| * | | Set configured DSCP value while generating IKE packetsMartin Willi2013-02-061-1/+26
| | | |
| * | | Add a DSCP configuration value to IKE configsMartin Willi2013-02-0611-21/+38
| | | |
| * | | Set DSCP values when sending IP packets in socket-defaultMartin Willi2013-02-061-1/+65
| | | |
| * | | Don't send a packet in default socket if family is not IPv4 nor IPv6Martin Willi2013-02-061-12/+18
| | | |
| * | | Avoid extensive casting of sockaddr types in socket-default by using a unionMartin Willi2013-02-061-24/+16
| |/ / | | | | | | | | | Additionally fixes a strict-aliasing rule compiler warning with older gcc.
* | | Check if recommendations is set before applying language preferenceMartin Willi2013-02-141-3/+6
| | |
* | | Merge branch 'pt-tls'Martin Willi2013-02-143-9/+0
|\ \ \
| * | | TNCCS plugins don't depend on EAP-TNC, but can be used by other transports, tooMartin Willi2013-01-153-9/+0
| | |/ | |/|
* | | Fix 'stroke loglevel any'Tobias Brunner2013-02-131-4/+11
| | | | | | | | | | | | | | | | | | | | | Before b46a5cd4 this worked if debug_t was unsigned. In that case -1, as returned by enum_from_name(), would result in a large positive number. So any unknown debug group (including 'any') had the same effect that was only intended for 'any'.
* | | treat EAP identities as user IDsAndreas Steffen2013-02-121-3/+3
| | |
* | | make TNC client authentication type available to IMVsAndreas Steffen2013-02-129-27/+204
| | |
* | | determine underlying IF-T transport protocolAndreas Steffen2013-02-1210-62/+184
| | |
* | | make AR identities available to IMVs via IF-IMV 1.4 draftAndreas Steffen2013-02-115-0/+146
| | |
* | | Make IKE/EAP IDs available to TNC server/clientAndreas Steffen2013-02-118-24/+81
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-11 14:09:28 +0000