aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins
Commit message (Collapse)AuthorAgeFilesLines
* Adding DBG_LIB to all calls of libstrongswan's version of DBG*.Tobias Brunner2010-04-0641-283/+340
|
* PEM encoding for OpenSSL RSA and EC public and private keysAndreas Steffen2010-04-045-12/+72
|
* PEM encoding for GMP RSA public and private keysAndreas Steffen2010-04-046-3/+167
|
* fixed doxygen groupAndreas Steffen2010-04-031-1/+1
|
* change #define to PEM_BUILDER_H_Andreas Steffen2010-04-031-3/+3
|
* Moving attr-sql plugin from libstrongswan to libhydra.Tobias Brunner2010-03-247-1989/+0
|
* Fixed ipsec pool --batch commandHeiko Hund2010-03-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | --batch mode has shown to be buggy in very obscure ways in the first real life tests. For example a batch file --del pool1 --replace pool2 --addresses file1 returned the error "/usr/libexec/ipsec/pool: unrecognized option '--lace'" which was gone after moving the --del behind --replace. With the patch from below applied everything works like a charm. From the info on the man page it seem to be unrelated to this problem, though: A program that scans multiple argument vectors, or rescans the same vector more than once, and wants to make use of GNU extensions such as '+' and '-' at the start of optstring, or changes the value of POSIXLY_CORRECT between scans, must reinitialize getopt() by resetting optind to 0, rather than the traditional value of 1. (Resetting to 0 forces the invocation of an internal initialization routine that rechecks POSIXLY_CORRECT and checks for GNU exten- sions in optstring.) Signed-off-by: Heiko Hund <hhund@astaro.com>
* Removed strayed code fragmentMartin Willi2010-03-191-20/+4
|
* ipsec pool --batch commandHeiko Hund2010-03-191-60/+200
| | | | | | | | Introduce the --batch command which reads several ipsec pool commands and their arguments from a file or STDIN. Useful if you need to run serveral commands atomically from a configuration daemon or likewise. Signed-off-by: Heiko Hund <hhund@astaro.com>
* ipsec pool error return statusHeiko Hund2010-03-191-49/+51
| | | | | | | Fix the error return status of the ipsec pool command. Also make --del for attributes succeed if no --server option was given. Signed-off-by: Heiko Hund <hhund@astaro.com>
* ipsec pool --replace commandHeiko Hund2010-03-191-23/+61
| | | | | | | | | Introduce the pool --replace command as an alternative to --add. Also change the current behavior of allowing duplicate pool names so that, --add with an existing name fails and --replace removes the existing pool before adding the new one. Signed-off-by: Heiko Hund <hhund@astaro.com>
* --addresses option for ipsec pool --add commandHeiko Hund2010-03-191-5/+187
| | | | | | | | | Introduce the --addresses option for --add that can be used to add a pool containing non-contiguous addresses. Additionally it allows to preclaim certain addresses for certain roadwarrior IDs. See the second chunk of the patch for a more detailed description. Signed-off-by: Heiko Hund <hhund@astaro.com>
* setting the two most significant bits assures an RSA modulus of maximum bit sizeAndreas Steffen2010-03-151-2/+2
|
* fix 64bit issue with time_t from databaseAndreas Steffen2010-03-101-2/+8
|
* Provide the Diffie Hellman parameters from a central location, so that we do ↵Tobias Brunner2010-03-093-730/+34
| | | | | | | | not have to replicate them in every plugin that implements the DH interface. The main reason for this change is that Android's libcrypto does not include the get_rfcX_prime_Y functions by default. Therefore we would have had to replicate the primes a third time.
* Adding a helper function that translates single characters in a string.Tobias Brunner2010-03-081-19/+2
|
* Replaced the deprecated RSA_generate_key with RSA_generate_key_ex.Tobias Brunner2010-03-081-2/+25
|
* Implemented the PRF_KEYED_SHA1 algorithm in the openssl pluginMartin Willi2010-03-084-0/+195
|
* critical keyUsage extension must be parsedAndreas Steffen2010-03-071-0/+3
|
* set Certificate Sign and CRL Sign flags in keyUsage extension if CA is trueAndreas Steffen2010-03-071-4/+13
|
* Reverting eba28948a584b9d02474cf5d256b04b8d2adbe6a which was only necessary ↵Tobias Brunner2010-03-0228-42/+7
| | | | | | | when cross-compiling the plugins for Android 2.0. With the coming monolithic build using Android.mk files this won't be necessary anymore.
* Streamlined the source file list formatting in plugin makefiles.Tobias Brunner2010-03-0228-52/+96
|
* Link all enabled libstrongswan plugins into the library, link all enabled ↵Tobias Brunner2010-03-0228-50/+155
| | | | charon plugins into libcharon.
* Enabling the plugin loader to be able to load plugins without explicitly ↵Tobias Brunner2010-03-021-0/+37
| | | | loading a shared object file first.
* Changed plugin constructors from plugin_create to plugin_name_plugin_create.Tobias Brunner2010-03-0230-35/+60
|
* Removing the plugin constructor declarations from the header files.Tobias Brunner2010-03-0228-140/+0
|
* Link all plugins to libstrongswan.Tobias Brunner2010-02-2528-7/+28
|
* Use side-channel secured mpz_powm_sec of libgmp 5, if availableMartin Willi2010-02-183-0/+14
|
* initialize variables to avoid compiler warningAndreas Steffen2010-02-051-2/+2
|
* Support TLS client authentication Extended Key Usage in x509 generationMartin Willi2010-01-141-8/+16
|
* ipsec pki --self|issue supports --pathlen option setting a path length ↵Andreas Steffen2009-12-311-2/+18
| | | | constraint
* Using the thread wrapper in charon, libstrongswan and their plugins.Tobias Brunner2009-12-232-12/+9
|
* Separated the public interfaces of the threading primitives.Tobias Brunner2009-12-234-4/+4
|
* Moved mutex.c to a separate folder in order to cleanly wrap other threading ↵Tobias Brunner2009-12-234-4/+4
| | | | primitives (and utils/mutex.h is now threading.h).
* X509_IP_ADDR_BLOCKS flag signals the presence of an ipAddrBlock certificate ↵Andreas Steffen2009-12-221-1/+2
| | | | extension
* added create_ipAddrBlock_enumerator() method to x509_tAndreas Steffen2009-12-221-0/+9
|
* traffic_selector supports RFC 3779 address range formatAndreas Steffen2009-12-211-7/+75
|
* parse RFC 3779 addressFamilyAndreas Steffen2009-12-201-2/+16
|
* plugin name is x509Andreas Steffen2009-12-201-1/+1
|
* discard certificate with unknown critical extensionsAndreas Steffen2009-12-201-0/+8
|
* use traffic_selector_t object to represent ipAddrBlocksAndreas Steffen2009-12-201-1/+2
|
* parse ipAddrBlocksAndreas Steffen2009-12-171-1/+69
|
* Migrated curl_fetcher to INIT/METHOD macrosMartin Willi2009-12-171-22/+18
|
* ipsec pool manages dns and nbns serversAndreas Steffen2009-12-161-15/+298
|
* cosmeticsAndreas Steffen2009-12-161-1/+1
|
* provide attributes from SQL databaseAndreas Steffen2009-12-161-1/+21
|
* Removed obsolete curl interface specific destructorMartin Willi2009-12-081-5/+0
|
* Give plugins more control of which configuration attributes to request, and ↵Martin Willi2009-11-171-1/+1
| | | | pass received attributes back to the requesting handler
* Prefer MODP2048/1536 over ECP Diffie-Hellman groupsMartin Willi2009-11-121-11/+9
|
* added some debugging to pgp certificate parsingAndreas Steffen2009-11-102-8/+35
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 16:34:42 +0000