| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | proposal: Use an additional "default" constructor specific to AEAD algorithms | Martin Willi | 2014-05-16 | 2 | -0/+31 | |
| | | | | | | This allows a caller to create a separated proposal for supported AEAD algorithms, as required by RFC 5996. | |||||
| * | proposal: Don't include AEAD algorithms in the default proposal | Martin Willi | 2014-05-16 | 1 | -61/+66 | |
| | | | | | | | According to RFC 5996 3.3 we should use a separate proposal for AEAD algorithms. This was not clear in RFC 5282, hence we previously included both AEAD and non-AEAD algorithms in a single proposal. | |||||
| * | enum: Return boolean result for enum_from_name() lookup | Martin Willi | 2014-05-16 | 5 | -11/+12 | |
| | | | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned. | |||||
| * | xauth-pam: Fix header include guard | Martin Willi | 2014-05-16 | 1 | -1/+1 | |
| | | ||||||
| * | eap-peap: Remove dead SoH code from PEAP | Martin Willi | 2014-05-16 | 1 | -15/+0 | |
| | | | | | clang complains about the unused variables. | |||||
| * | vici: Support the close_action keyword, as we have it documented | Martin Willi | 2014-05-14 | 1 | -1/+6 | |
| | | ||||||
| * | ikev1: Fix debugging log when remote traffic selector selection fails | Martin Willi | 2014-05-14 | 1 | -1/+1 | |
| | | ||||||
| * | Implemented PT-EAP protocol (RFC 7171) | Andreas Steffen | 2014-05-12 | 4 | -29/+91 | |
| | | ||||||
| * | child-sa: Reclaim old state if SA updating is not supported | Martin Willi | 2014-05-09 | 1 | -0/+2 | |
| | | | | | | If the state stays at UPDATING, the fallback using IKEv1 rekeying fails as the task manager refuses to rekey a CHILD_SA in non-INSTALLED state. | |||||
| * | libcharon: Execute scripts defined in strongswan.conf during startup/shutdown | Martin Willi | 2014-05-07 | 1 | -0/+52 | |
| | | ||||||
| * | vici: Check if header has been received before processing an empty message | Martin Willi | 2014-05-07 | 1 | -1/+2 | |
| | | | | | | | If do_read() returns with EWOULDBLOCK, we must ensure that we actually have processed the full length header before checking the zero-initialized buffer length. | |||||
| * | vici: Properly filter by CHILD_SA name while undoing start actions | Martin Willi | 2014-05-07 | 1 | -2/+5 | |
| | | ||||||
| * | vici: Fallback to socket listening port if no explicit local port specified | Martin Willi | 2014-05-07 | 1 | -1/+4 | |
| | | ||||||
| * | vici: Support a "mtu" value for the tfc_padding option | Martin Willi | 2014-05-07 | 1 | -2/+16 | |
| | | ||||||
| * | vici: Handle the "trap" action as an alias for "route" | Martin Willi | 2014-05-07 | 1 | -0/+1 | |
| | | ||||||
| * | vici: Document errno values to expect from libvici API | Martin Willi | 2014-05-07 | 2 | -9/+24 | |
| | | ||||||
| * | vici: Log owners of a just loaded shared-secret | Martin Willi | 2014-05-07 | 1 | -2/+18 | |
| | | ||||||
| * | vici: Handle "xauth" as an alias for "eap" secrets | Martin Willi | 2014-05-07 | 1 | -1/+1 | |
| | | ||||||
| * | vici: Return number of matching and closed SAs in terminate command | Martin Willi | 2014-05-07 | 1 | -9/+12 | |
| | | ||||||
| * | vici: Complete libvici doxygen comments | Martin Willi | 2014-05-07 | 1 | -2/+17 | |
| | | ||||||
| * | vici: Ensure we have no active users before mangling event client registrations | Martin Willi | 2014-05-07 | 1 | -13/+35 | |
| | | ||||||
| * | vici: Properly skip raise_event() for unknown event names | Martin Willi | 2014-05-07 | 1 | -13/+13 | |
| | | ||||||
| * | vici: Increase vici message length header from 16 to 32 bits | Martin Willi | 2014-05-07 | 5 | -24/+43 | |
| | | | | | | | | | | While we currently have no need for messages larger than 65KB, we should design the protocol to be future-proof, as we plan to keep at least to lowest protocol layer stable. To avoid any allocation issues, we currently keep the message size limit at 512KB. | |||||
| * | vici: Have an explicit "relaxed" keyword for the default revocation policy | Martin Willi | 2014-05-07 | 1 | -1/+5 | |
| | | ||||||
| * | vici: Use a default child rekey time of 1 hour | Martin Willi | 2014-05-07 | 1 | -0/+6 | |
| | | ||||||
| * | vici: Use a default IKE rekey time of 4 hours | Martin Willi | 2014-05-07 | 1 | -0/+6 | |
| | | ||||||
| * | vici: Add low-level IPC protocol description | Martin Willi | 2014-05-07 | 2 | -0/+179 | |
| | | ||||||
| * | vici: Fix descending into non-matching sections during key find | Martin Willi | 2014-05-07 | 1 | -1/+1 | |
| | | ||||||
| * | vici: Add an IKE virtual IP and attribute backend | Martin Willi | 2014-05-07 | 4 | -0/+781 | |
| | | ||||||
| * | vici: Support referencing external named pools for peer configs | Martin Willi | 2014-05-07 | 1 | -0/+14 | |
| | | ||||||
| * | vici: Actually add configured virtual IPs to peer config | Martin Willi | 2014-05-07 | 1 | -0/+5 | |
| | | ||||||
| * | vici: Use a default rand_time of the difference between hard and soft lifetimes | Martin Willi | 2014-05-07 | 1 | -0/+26 | |
| | | ||||||
| * | vici: Use a default hard lifetime of 110% of the soft lifetime | Martin Willi | 2014-05-07 | 1 | -0/+37 | |
| | | ||||||
| * | vici: Make unit-tests independent from libcharon and libhydra | Martin Willi | 2014-05-07 | 3 | -11/+1 | |
| | | | | | Fixes monolithic build, as we can't depend on the not yet built libcharon. | |||||
| * | vici: Don't compare unsigned certificate_type_t to -1 | Martin Willi | 2014-05-07 | 1 | -1/+1 | |
| | | ||||||
| * | vici: Use non-blocking first read when receiving message during client on_read() | Martin Willi | 2014-05-07 | 1 | -1/+15 | |
| | | | | | | | As select() and finally the watcher may signal an FD even if it does not actually have data, we must make a non-block read to avoid hanging in the read callback. | |||||
| * | vici: Perform specified start_action on connection load, undo it on unload | Martin Willi | 2014-05-07 | 1 | -2/+185 | |
| | | ||||||
| * | vici: Add a generic log event to raise events for log messages | Martin Willi | 2014-05-07 | 4 | -0/+195 | |
| | | ||||||
| * | vici: Be less verbose about client connections | Martin Willi | 2014-05-07 | 2 | -5/+31 | |
| | | | | | Instead, log the explicit commands at a higher level. | |||||
| * | vici: Add a list-certs command to query different certificate types | Martin Willi | 2014-05-07 | 1 | -0/+102 | |
| | | ||||||
| * | vici: Support pinning end entity and CA certificates to connections | Martin Willi | 2014-05-07 | 2 | -0/+62 | |
| | | ||||||
| * | vici: Support missing groups option in auth config | Martin Willi | 2014-05-07 | 2 | -1/+36 | |
| | | ||||||
| * | vici: Add a load-shared command to load shared IKE and EAP secrets | Martin Willi | 2014-05-07 | 1 | -0/+68 | |
| | | ||||||
| * | vici: Add a load-key command to load private keys | Martin Willi | 2014-05-07 | 1 | -0/+50 | |
| | | ||||||
| * | vici: Support loading of different certificate types | Martin Willi | 2014-05-07 | 1 | -0/+93 | |
| | | ||||||
| * | vici: Add a credential backend | Martin Willi | 2014-05-07 | 4 | -0/+159 | |
| | | ||||||
| * | vici: Add a command listing all or specific loaded connections using events | Martin Willi | 2014-05-07 | 1 | -0/+167 | |
| | | ||||||
| * | vici: Add unload-conn and get-conns commands to manage loaded connections | Martin Willi | 2014-05-07 | 1 | -0/+62 | |
| | | ||||||
| * | vici: Make dispatcher a little more verbose | Martin Willi | 2014-05-07 | 1 | -0/+10 | |
| | | ||||||
| * | vici: Add backend providing in-memory connections | Martin Willi | 2014-05-07 | 4 | -0/+1607 | |
| | | ||||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |