aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* ike: Add an additional but separate AEAD proposal to CHILD configMartin Willi2014-05-166-2/+16
| | | | | | | This currently has no effect: We don't include AEAD algorithms in the default ESP proposal, as we don't know if it is supported by the backend. But as we hopefully get an algorithm query mechanism on kernel interfaces some day, we add the appropriate functionality nonetheless.
* ike: Add an additional but separate AEAD proposal to IKE config, if supportedMartin Willi2014-05-167-10/+32
|
* child-cfg: Allow passing NULL as proposal to add_proposal()Martin Willi2014-05-162-4/+7
| | | | Making the API consistent to the one of ike_cfg.
* ike-cfg: Allow passing NULL to add_proposal()Martin Willi2014-05-162-3/+7
| | | | | This simplifies adding default proposals with constructors potentially returning NULL.
* proposal: Use an additional "default" constructor specific to AEAD algorithmsMartin Willi2014-05-162-0/+31
| | | | | This allows a caller to create a separated proposal for supported AEAD algorithms, as required by RFC 5996.
* proposal: Don't include AEAD algorithms in the default proposalMartin Willi2014-05-161-61/+66
| | | | | | According to RFC 5996 3.3 we should use a separate proposal for AEAD algorithms. This was not clear in RFC 5282, hence we previously included both AEAD and non-AEAD algorithms in a single proposal.
* enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-165-11/+12
| | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
* xauth-pam: Fix header include guardMartin Willi2014-05-161-1/+1
|
* eap-peap: Remove dead SoH code from PEAPMartin Willi2014-05-161-15/+0
| | | | clang complains about the unused variables.
* vici: Support the close_action keyword, as we have it documentedMartin Willi2014-05-141-1/+6
|
* ikev1: Fix debugging log when remote traffic selector selection failsMartin Willi2014-05-141-1/+1
|
* Implemented PT-EAP protocol (RFC 7171)Andreas Steffen2014-05-124-29/+91
|
* child-sa: Reclaim old state if SA updating is not supportedMartin Willi2014-05-091-0/+2
| | | | | If the state stays at UPDATING, the fallback using IKEv1 rekeying fails as the task manager refuses to rekey a CHILD_SA in non-INSTALLED state.
* libcharon: Execute scripts defined in strongswan.conf during startup/shutdownMartin Willi2014-05-071-0/+52
|
* vici: Check if header has been received before processing an empty messageMartin Willi2014-05-071-1/+2
| | | | | | If do_read() returns with EWOULDBLOCK, we must ensure that we actually have processed the full length header before checking the zero-initialized buffer length.
* vici: Properly filter by CHILD_SA name while undoing start actionsMartin Willi2014-05-071-2/+5
|
* vici: Fallback to socket listening port if no explicit local port specifiedMartin Willi2014-05-071-1/+4
|
* vici: Support a "mtu" value for the tfc_padding optionMartin Willi2014-05-071-2/+16
|
* vici: Handle the "trap" action as an alias for "route"Martin Willi2014-05-071-0/+1
|
* vici: Document errno values to expect from libvici APIMartin Willi2014-05-072-9/+24
|
* vici: Log owners of a just loaded shared-secretMartin Willi2014-05-071-2/+18
|
* vici: Handle "xauth" as an alias for "eap" secretsMartin Willi2014-05-071-1/+1
|
* vici: Return number of matching and closed SAs in terminate commandMartin Willi2014-05-071-9/+12
|
* vici: Complete libvici doxygen commentsMartin Willi2014-05-071-2/+17
|
* vici: Ensure we have no active users before mangling event client registrationsMartin Willi2014-05-071-13/+35
|
* vici: Properly skip raise_event() for unknown event namesMartin Willi2014-05-071-13/+13
|
* vici: Increase vici message length header from 16 to 32 bitsMartin Willi2014-05-075-24/+43
| | | | | | | | | While we currently have no need for messages larger than 65KB, we should design the protocol to be future-proof, as we plan to keep at least to lowest protocol layer stable. To avoid any allocation issues, we currently keep the message size limit at 512KB.
* vici: Have an explicit "relaxed" keyword for the default revocation policyMartin Willi2014-05-071-1/+5
|
* vici: Use a default child rekey time of 1 hourMartin Willi2014-05-071-0/+6
|
* vici: Use a default IKE rekey time of 4 hoursMartin Willi2014-05-071-0/+6
|
* vici: Add low-level IPC protocol descriptionMartin Willi2014-05-072-0/+179
|
* vici: Fix descending into non-matching sections during key findMartin Willi2014-05-071-1/+1
|
* vici: Add an IKE virtual IP and attribute backendMartin Willi2014-05-074-0/+781
|
* vici: Support referencing external named pools for peer configsMartin Willi2014-05-071-0/+14
|
* vici: Actually add configured virtual IPs to peer configMartin Willi2014-05-071-0/+5
|
* vici: Use a default rand_time of the difference between hard and soft lifetimesMartin Willi2014-05-071-0/+26
|
* vici: Use a default hard lifetime of 110% of the soft lifetimeMartin Willi2014-05-071-0/+37
|
* vici: Make unit-tests independent from libcharon and libhydraMartin Willi2014-05-073-11/+1
| | | | Fixes monolithic build, as we can't depend on the not yet built libcharon.
* vici: Don't compare unsigned certificate_type_t to -1Martin Willi2014-05-071-1/+1
|
* vici: Use non-blocking first read when receiving message during client on_read()Martin Willi2014-05-071-1/+15
| | | | | | As select() and finally the watcher may signal an FD even if it does not actually have data, we must make a non-block read to avoid hanging in the read callback.
* vici: Perform specified start_action on connection load, undo it on unloadMartin Willi2014-05-071-2/+185
|
* vici: Add a generic log event to raise events for log messagesMartin Willi2014-05-074-0/+195
|
* vici: Be less verbose about client connectionsMartin Willi2014-05-072-5/+31
| | | | Instead, log the explicit commands at a higher level.
* vici: Add a list-certs command to query different certificate typesMartin Willi2014-05-071-0/+102
|
* vici: Support pinning end entity and CA certificates to connectionsMartin Willi2014-05-072-0/+62
|
* vici: Support missing groups option in auth configMartin Willi2014-05-072-1/+36
|
* vici: Add a load-shared command to load shared IKE and EAP secretsMartin Willi2014-05-071-0/+68
|
* vici: Add a load-key command to load private keysMartin Willi2014-05-071-0/+50
|
* vici: Support loading of different certificate typesMartin Willi2014-05-071-0/+93
|
* vici: Add a credential backendMartin Willi2014-05-074-0/+159
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 09:57:07 +0000