aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
...
* Allow calls to set_address() for any host-sized TS, not only dynamic onesTobias Brunner2012-09-121-1/+1
| | | | | This fixes CHILD_SA updates (e.g. due to MOBIKE), which were broken since 4cb0783.
* Don't return a subset for a dynamic TS unless set_address has been calledMartin Willi2012-09-111-1/+5
|
* Add a linked list constructor initializing from an enumeratorMartin Willi2012-09-112-0/+27
|
* Add strongswan.conf runtime options for /dev/[u]random filesMartin Willi2012-09-101-2/+7
| | | | Fixes #221.
* Merge branch 'android-client-cert'Tobias Brunner2012-09-041-0/+2
|\ | | | | | | Introduces IKEv2 client certificate authentication for the Android App.
| * android: Enable pkcs8 pluginTobias Brunner2012-08-311-0/+2
| |
* | Merge branch 'eap-client-select'Tobias Brunner2012-08-312-14/+101
|\ \ | | | | | | | | | | | | | | | This brings support for EAP-Nak payloads on the client (to select a specific or supported method), and the server (via the eap-dynamic plugin which selects a method supported/requested by the client).
| * | Added eap-dynamic plugin which can proxy any other EAP methodTobias Brunner2012-08-312-1/+2
| | |
| * | Function added that parses EAP method strings ([eap-]type[-vendor])Tobias Brunner2012-08-312-0/+86
| | |
| * | Move our pseudo EAP types out of the range of valid EAP methodsTobias Brunner2012-08-312-14/+14
| |/
* | Ported tun_device de-/initialization to FreeBSDTobias Brunner2012-08-291-5/+47
| |
* | Ported tun_device initialization to OS X utunMartin Willi2012-08-281-19/+85
|/
* define pen_type_t as a vendor-specific typeAndreas Steffen2012-08-201-1/+19
|
* Don't use POSIX semaphores if a MONOTONIC clock is availableMartin Willi2012-08-201-0/+8
| | | | | | POSIX semaphores use CLOCK_REALTIME, but our semaphore_t abstraction expects CLOCK_MONOTONIC based times. Use the mutex/condvar based fallback if time_monotonic() actuall returns monotonic times.
* Add a mutex/condvar based semaphore implementation if sem_timedwait is ↵Martin Willi2012-08-201-2/+67
| | | | | | unavailable Fixes #214.
* added IBM and OpenPTS Private Enterprise NumbersAndreas Steffen2012-08-202-2/+8
|
* openssl: Fix registration of the PUBKEY builderTobias Brunner2012-08-181-1/+1
| | | | | libtls drops support for RSA suites if it does not find an RSA backend (final builder for RSA public keys).
* Add a wrapper around vstr_add_fmt() to avoid having to link libcharon ↵Tobias Brunner2012-08-172-2/+31
| | | | | | against libvstr At least on Android the latter would be required.
* fixed Makefile for libstrongswan dev headersAndreas Steffen2012-08-141-2/+2
|
* Validate netmask in traffic_selector_create_from_subnetTobias Brunner2012-08-131-0/+1
| | | | Fixes #216.
* Comment fixedTobias Brunner2012-08-131-1/+1
|
* Merge branch 'android-app'Tobias Brunner2012-08-1320-45/+1478
|\ | | | | | | | | | | | | | | This branch introduces a userland IPsec implementation (libipsec) and an Android App which targets the VpnService API that is provided by Android 4+. The implementation is based on the bachelor thesis 'Userland IPsec for Android 4' by Giuliano Grassi and Ralf Sager.
| * Ensure thread IDs always start with 1 even if the library is reusedTobias Brunner2012-08-131-2/+2
| | | | | | | | | | | | Within the Android App the library stays loaded in memory and is just initialized/deinitialized with each connection, the static thread counter would continuously increase without this patch.
| * Don't print hosts as %any if %+H is usedTobias Brunner2012-08-132-7/+8
| | | | | | | | | | | | That is, the plus sign can be used in the format string to force a numeric string representation of all host_t objects even 0.0.0.0 and :: which would otherwise be printed as %any and %any6.
| * Add support for '+' in custom format specifiersTobias Brunner2012-08-132-0/+7
| |
| * Added utility class to create TUN devicesTobias Brunner2012-08-084-3/+468
| | | | | | | | Currently works only on Linux.
| * Moved types used by kernel_ipsec_t interface (and libipsec) to libstrongswanTobias Brunner2012-08-085-4/+220
| | | | | | | | This avoids a dependency of libipsec to libhydra.
| * Added a simple blocking queue around linked_list_tTobias Brunner2012-08-084-6/+232
| |
| * Extended constructor for packet_t added (takes src, dst and data)Tobias Brunner2012-08-082-3/+24
| |
| * Moved packet_t to libstrongswanTobias Brunner2012-08-084-4/+268
| |
| * Added a method to bio_writer_t that allows to skip a number of bytesTobias Brunner2012-08-082-0/+24
| | | | | | | | | | A chunk pointing to the skipped bytes is returned, allowing users of bio_writer_t to write/copy data to the skipped bytes themselves.
| * Added a method to bio_writer_t that allows to extract the internal bufferTobias Brunner2012-08-082-0/+29
| |
| * Added methods to bio_reader_t to read data from end of bufferTobias Brunner2012-08-082-24/+204
| |
* | Merge branch 'android-ndk'Tobias Brunner2012-08-135-9/+29
|\| | | | | | | | | | | | | | | | | | | | | | | This branch comes with some preliminary changes for the user-land IPsec implementation and the Android App. One important change is that the UDP ports used by the socket-default plugin were made configurable (either via ./configure or strongswan.conf). Also, the plugin does randomly allocate a port if it is configured to 0, which is useful for client implementations. A consequence of these changes is that the local UDP port used when creating ike_cfg_t objects has to be fetched from the socket.
| * Added ESP log group for libipsec log messages.Tobias Brunner2012-08-082-0/+4
| |
| * Make path to Android OpenSSL headers configurable.Tobias Brunner2012-08-081-1/+1
| |
| * Don't require STRONGSWAN_CONF to be defined.Tobias Brunner2012-08-081-2/+9
| |
| * Don't require PLUGINDIR to be defined.Tobias Brunner2012-08-081-6/+15
| | | | | | | | If it is not available, we just load monolithically built plugins.
* | Avoid problems with Doxygen by adding warn_unused_result attribute at the ↵Tobias Brunner2012-08-119-61/+57
| | | | | | | | end of method signatures
* | Add warn_unused_result attributes to rng_(get|allocate)_bytes_not_zeroTobias Brunner2012-08-111-5/+6
| | | | | | | | Also fixed Doxygen comments.
* | If _POSIX_SPIN_LOCKS is defined as -1, it is not availableMartin Willi2012-08-101-0/+4
| |
* | If vstr printf functions are #defined, undef them before redefinitionMartin Willi2012-08-101-0/+31
| | | | | | | | | | At least Mountain Lion seems to have them #defined to secure _chk variants.
* | Add getspnam_r() to leak detective whitelistMartin Willi2012-08-101-0/+1
|/
* PEM loading soft-depends on MD5 only, as unencrypted files don't need MD5Martin Willi2012-08-031-4/+4
| | | | Fixes #211.
* Implemented recursive mutex without thread-specific counterTobias Brunner2012-08-031-23/+17
|
* Use a single thread-specific value for our custom rwlock_t implementationTobias Brunner2012-08-031-50/+67
| | | | | | The pthread implementation on Android currently only supports 64 different thread-specific values per process, which we hit easily when every rwlock_t requires one.
* Move MODP_CUSTOM va_arg fetching out of loopMartin Willi2012-08-021-15/+11
| | | | It seems problematic at least on PPC with gcc 4.3, fixes #208.
* Proper fallback if capability dropping is not availableTobias Brunner2012-07-271-1/+1
|
* Show which group would be required when failing in constraint checkMartin Willi2012-07-261-8/+10
|
* Add a SHA1 test vector forcing padding over block boundaryMartin Willi2012-07-182-0/+7
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 03:57:32 +0000