aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
...
* PKCS#11 library search using keyid uses a fallback to look for certificatesMartin Willi2012-10-241-4/+8
|
* Add a strongswan.conf option to disable loading of all certificates from a ↵Martin Willi2012-10-241-6/+11
| | | | pkcs11 module
* Explicit pkcs11 certificate loading can enforce a module and a slotMartin Willi2012-10-242-4/+21
|
* Be less verbose if loading PKCS#11 certificate failsMartin Willi2012-10-241-6/+1
|
* Add a builder to load specific pkcs11 certificates by keyidMartin Willi2012-10-243-0/+115
|
* If no pkcs11 public key for a private key found, search for a certificateMartin Willi2012-10-241-4/+53
|
* Move pkcs11 public key lookup function declaration to header fileMartin Willi2012-10-243-20/+18
|
* Add proposal keywords to explicitly specify PRF algorithmsMartin Willi2012-10-241-0/+8
|
* Support field with specifiers in %N printf hookMartin Willi2012-10-241-5/+7
|
* Added an option to reload certificates from PKCS#11 tokens on SIGHUPTobias Brunner2012-10-181-0/+16
|
* Copy the name of pkcs11_library_t objectsTobias Brunner2012-10-182-2/+3
| | | | | Strings returned by settings_t.create_section_enumerator will be freed when the config is reloaded.
* Use a shortcut to resolve numeric IP addresses (no need for separate threads)Tobias Brunner2012-10-181-0/+33
|
* Use native threads in host resolver so that it works even if processor has ↵Tobias Brunner2012-10-181-45/+77
| | | | no threads
* Terminate unused resolver threads after a timeoutTobias Brunner2012-10-183-9/+35
|
* Only create more threads if needed in host_resolver_tTobias Brunner2012-10-181-1/+9
|
* Use a helper function to add milliseconds to timeval structsTobias Brunner2012-10-183-13/+18
|
* Resolve hosts by DNS name in separate threads so we can cancel themTobias Brunner2012-10-187-49/+371
| | | | | | | | | | getaddrinfo(3) may block a long time so proper termination of the daemon may block if DNS servers are not reachable. getaddrinfo(3) is an optional cancellation point in posix threads so it might still block a shutdown but at least on Android (with the signal based pthread_cancel implementation) it works, on Linux starter will kill charon anyway after a while.
* check length of hex-encoded IVAndreas Steffen2012-10-071-2/+5
|
* added some new SHA-512 OIDsAndreas Steffen2012-10-031-0/+2
|
* Include all dev headers, even if they are configuration specificMartin Willi2012-10-021-5/+4
|
* Fixed RNG crypto testerTobias Brunner2012-09-281-11/+9
|
* Make static analyzers happy when parsing hosts from sockaddr_tTobias Brunner2012-09-281-2/+4
|
* Make sure first argument is an int when using %.*s to print e.g. chunksTobias Brunner2012-09-285-10/+12
|
* Initialize g and p in create_dh factory methodTobias Brunner2012-09-281-1/+1
|
* Properly initialize chunk for extension OID when parsing CRLsTobias Brunner2012-09-281-1/+1
|
* Properly cleanup varargs in LDAP fetcher's set_option()Tobias Brunner2012-09-281-3/+4
|
* Properly cleanup varargs in enumerators of both SQL backendsTobias Brunner2012-09-282-0/+2
|
* Documentation about some time values clarifiedTobias Brunner2012-09-241-1/+1
|
* Properly handle thread cancelation in rwlock_condvar_tTobias Brunner2012-09-211-15/+20
|
* Added a condvar implementation that works with rwlock_tTobias Brunner2012-09-213-4/+220
|
* Avoid calculating the hash if hashtable is emptyTobias Brunner2012-09-211-0/+5
|
* Avoid memset in is_anyaddr()Tobias Brunner2012-09-211-6/+2
|
* Make streq() and strcaseeq() static inline functions so they can be used as ↵Tobias Brunner2012-09-211-25/+31
| | | | callbacks
* Add a linked list constructor taking items from a vararg listMartin Willi2012-09-182-2/+33
|
* Fix Doxygen comment for proposal_keywords_tTobias Brunner2012-09-181-1/+1
| | | | Two dots seem to mark the end of a list.
* Fix equality comparison of auth_cfg_tTobias Brunner2012-09-181-2/+16
| | | | | | | We previously only confirmed that rules contained in the first config are also contained in the second, but since the number of rules does not have to be equal, it might be that the second config contains rules that the first one doesn't.
* Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiatorTobias Brunner2012-09-182-0/+26
| | | | | | If it is set on an auth config IDr will not be sent, and later the configured identity will not only be checked against the returned IDr, but also against other identities contained in the responder's certificate.
* Added algorithm lookup via kernel_interface_t to the various kernel interfacesTobias Brunner2012-09-132-3/+5
|
* Added possibility to register custom proposal keywordsTobias Brunner2012-09-135-12/+180
| | | | Keyword lookup and registration are handled via the new lib->proposal object.
* Removed len argument from proposal_get_token()Tobias Brunner2012-09-132-4/+3
| | | | Also use enumerators instead of lexparser.h to parse proposal strings.
* Make arguments for enumerator_create_token|directory constTobias Brunner2012-09-132-7/+10
|
* Moved proposal_keywords to proposal_keywords_staticFrancois ten Krooden2012-09-137-34/+131
| | | | Added new proposal keywords with function to reference the static keywords.
* Allow calls to set_address() for any host-sized TS, not only dynamic onesTobias Brunner2012-09-121-1/+1
| | | | | This fixes CHILD_SA updates (e.g. due to MOBIKE), which were broken since 4cb0783.
* Don't return a subset for a dynamic TS unless set_address has been calledMartin Willi2012-09-111-1/+5
|
* Add a linked list constructor initializing from an enumeratorMartin Willi2012-09-112-0/+27
|
* Add strongswan.conf runtime options for /dev/[u]random filesMartin Willi2012-09-101-2/+7
| | | | Fixes #221.
* Merge branch 'android-client-cert'Tobias Brunner2012-09-041-0/+2
|\ | | | | | | Introduces IKEv2 client certificate authentication for the Android App.
| * android: Enable pkcs8 pluginTobias Brunner2012-08-311-0/+2
| |
* | Merge branch 'eap-client-select'Tobias Brunner2012-08-312-14/+101
|\ \ | | | | | | | | | | | | | | | This brings support for EAP-Nak payloads on the client (to select a specific or supported method), and the server (via the eap-dynamic plugin which selects a method supported/requested by the client).
| * | Added eap-dynamic plugin which can proxy any other EAP methodTobias Brunner2012-08-312-1/+2
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 07:17:27 +0000