aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
* processor: force synchronous execute_job() if set_threads(0) has been calledMartin Willi2013-07-191-1/+1
| | | | | | During daemon shutdown, some idle threads might be lingering around even if set_threads(0) already has been called. To avoid any races, we enforce synchronous execution of the job.
* keychain: Use AM_CPPFLAGS instead of INCLUDESTobias Brunner2013-07-191-1/+1
|
* Fix various API doc issues and typosTobias Brunner2013-07-186-9/+10
| | | | Partially based on an old patch by Adrian-Ken Rueegsegger.
* identification: parse identities having a "@@" prefix as ID_RFC822_ADDRMartin Willi2013-07-181-11/+10
| | | | Original patch by Gerald Richter.
* stream-service: move CAP_CHOWN check from plugins to service constructorMartin Willi2013-07-181-0/+5
| | | | | A plugin service can be a TCP socket now, so it does not make much sense to strictly check for CAP_CHOWN.
* processor: remove the now unused get_threads() method againMartin Willi2013-07-182-17/+0
|
* watcher: use processors new execute_job() to notify FDsMartin Willi2013-07-181-9/+1
| | | | | Just queueing is problematic, as all threads might be busy waiting for events that the queued (but never executed) job delivers.
* processor: add an execute_job() method to directly execute an important jobMartin Willi2013-07-182-0/+36
| | | | | | | If all worker threads are busy and waiting for an event, we must ensure that a job delivering that event gets executed. This new method has this property for CRITICAL jobs, using a worker if we have one, but executing the job directly if not.
* watcher: properly support multiple watch callback types for the same FDMartin Willi2013-07-182-36/+45
|
* watcher: read multiple notifications if availableMartin Willi2013-07-181-2/+15
| | | | | Use non-blocking I/O on the read end of the notify pipe. This also makes sure the read does not block should select() signal data while there is none.
* credmgr: introduce a hook function to catch trust chain validation errorsMartin Willi2013-07-185-6/+110
|
* stream: allow async read/write callback to destroy the stream explicitlyMartin Willi2013-07-182-10/+15
|
* stream: don't close underlying socket when creating a stream from itMartin Willi2013-07-181-1/+6
|
* watcher: add some debugging statementsMartin Willi2013-07-181-0/+12
|
* watcher: if the processor has no threads, execute the job with watcher threadMartin Willi2013-07-181-11/+19
| | | | | This is important during shutdown, where we might need to signal some FDs while all idle threads are gone already.
* processor: add a getter for the threads passed to set_threads()Martin Willi2013-07-182-1/+17
|
* watcher: unregister a watcher FD if its thread gets cancelledMartin Willi2013-07-181-0/+13
|
* watcher: release threads waiting in remove() when watcher thread gets cancelledMartin Willi2013-07-181-0/+24
| | | | | | | During daemon shutdown, users might call remove() after processor.set_threads(0) has been called. This gets problematic, as a watch event might be unable to signal completion when no threads are available anymore. Work around this issue by cancelling waiters once processor.cancel() has been called.
* stream: support keeping the service alive outside of service callbackMartin Willi2013-07-182-4/+5
|
* stream: add read/write_all() methods to streamMartin Willi2013-07-182-2/+73
|
* stream: support cancellation of stream service callbackMartin Willi2013-07-181-2/+3
|
* stream: use a service constructor to create servicesMartin Willi2013-07-182-77/+8
| | | | | | It does not make much sense to reference running services in the manager, especially as unregistration would need the URI (which a user would have to store instead of the service reference).
* stream: replace print/vprint() convenience functions by a FILE* getterMartin Willi2013-07-182-51/+20
| | | | | While this will complicate the implementation of streams not based on a fd, it allows us to unleash the full power of FILE based convenience functions.
* stream: add a concurrency option to services, limiting parallel callbacksMartin Willi2013-07-184-7/+71
|
* stream: add a job priority option to stream servicesMartin Willi2013-07-184-7/+24
|
* stream: add backlog option to stream services, forward to listen()Martin Willi2013-07-184-11/+15
|
* stream: add support for TCP stream servicesMartin Willi2013-07-183-0/+53
|
* stream: add support for TCP streamsMartin Willi2013-07-183-2/+108
|
* stream: add support for UNIX stream servicesMartin Willi2013-07-183-0/+61
|
* stream: add support for UNIX streamsMartin Willi2013-07-183-0/+77
|
* stream: support async operation using watcherMartin Willi2013-07-182-0/+142
|
* stream: add printf()-style covenience functionsMartin Willi2013-07-182-1/+60
|
* stream: create library instance of stream-managerMartin Willi2013-07-185-5/+13
|
* stream: add a manager to dynamically register streams and servicesMartin Willi2013-07-184-3/+389
|
* stream: add a stream service class abstracting services using BSD socketsMartin Willi2013-07-184-0/+238
|
* stream: add a stream class abstracting BSD socketsMartin Willi2013-07-184-3/+205
| | | | | Currently only synchronous operation is supported, but this will be extended with asynchronous methods using the new watcher.
* watcher: add a centralized an generic facility to monitor file descriptorsMartin Willi2013-07-186-3/+504
|
* capabilities: Add function to check if a capability is held, without keeping itTobias Brunner2013-07-182-45/+75
| | | | | This can be useful if capabilities are not required anymore after dropping privileges.
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-1845-147/+194
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* soup: omit deprecated g_type_init() when using >= GLIB 2.36Martin Willi2013-07-181-0/+2
|
* keychain: flush certificate cache after reloading System keychainMartin Willi2013-07-181-0/+2
|
* keychain: monitor changes in the system keychain, reload when necessaryMartin Willi2013-07-181-0/+65
|
* keychain: use SearchCopyNext keychain enumeration for System certs as wellMartin Willi2013-07-181-71/+12
| | | | | | | SecItemCopyMatching seems to be problematic regarding memory management. And as there does not seem to be a good alternative to enumerate the System Roots keychain using the SecItemCopyMatching API, we stick to the deprecated enumeration functions for now.
* keychain: load certificates from System Roots KeychainMartin Willi2013-07-181-0/+65
|
* keychain: load certificates only once during startup, improving performanceMartin Willi2013-07-183-111/+78
|
* keychain: support on-the-fly enumeration of trusted/untrusted certificatesMartin Willi2013-07-182-1/+118
|
* keychain: add a stub for a credential plugin using OS X Keychain ServicesMartin Willi2013-07-186-0/+254
|
* credmgr: stop querying for secrets once we get a perfect matchMartin Willi2013-07-181-0/+4
|
* credmgr: don't use pointers for id_match_t enum valuesMartin Willi2013-07-181-2/+2
|
* openssl: parse X.509 extended key usage from extension parsing loopMartin Willi2013-07-181-33/+38
| | | | | Otherwise parsing gets aborted if unknown critical extensions are handled as error.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-17 14:06:33 +0000