aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
* openssl: Properly log FIPS mode when enabled via openssl.confTobias Brunner2013-09-271-5/+13
| | | | | | | | | Enabling FIPS mode twice will fail, so if it is enabled in openssl.conf it should be disabled in strongswan.conf (or the other way around). Either way, we should log whether FIPS mode is enabled or not. References #412.
* printf-hook: Write to output stream instead of the FD directly when using VstrTobias Brunner2013-09-241-12/+12
| | | | | This avoids problems when other stdio functions are used (fputs, fwrite) as writes via Vstr/FD were always unbuffered.
* sshkey: Add support for parsing keys from filesTobias Brunner2013-09-131-1/+92
|
* sshkey: Add encoding for ECDSA keysTobias Brunner2013-09-131-0/+72
|
* openssl: Add support for generic encoding of EC public keysTobias Brunner2013-09-131-23/+13
|
* sshkey: Add encoder for RSA keysTobias Brunner2013-09-136-2/+93
|
* openssl: Add generic RSA public key encodingTobias Brunner2013-09-131-3/+17
|
* openssl: Add helper function to convert BIGNUMs to chunksTobias Brunner2013-09-132-0/+27
|
* Build all shared libraries with -no-undefined and link them properlyTobias Brunner2013-09-121-0/+3
| | | | | | | | | | The flag is required to convince libtool on Cygwin to build DLLs. But on Windows these shared libraries can not have undefined symbols, so we have to link them explicitly to the libraries they reference. For plugins this is currently not done, so only the monolithic build is supported. The plugin loader wouldn't be able to load DLLs anyway, as it tries to load files that don't exist on Cygwin.
* tun_device: Add warning if TUN devices are not supported by platformTobias Brunner2013-09-121-2/+16
|
* Added tzset memory leak to whitelistAndreas Steffen2013-08-281-0/+1
|
* chunk: Print chunks without separator if + modifier is usedTobias Brunner2013-08-243-6/+20
|
* utils: Add case-insensitive version of strpfx()Tobias Brunner2013-08-242-0/+44
|
* backtrace: rename clone() method clashing with system callMartin Willi2013-08-091-2/+2
| | | | Fixes #376.
* host: Properly initialize struct sockaddr_in[6] when parsing stringsTobias Brunner2013-07-311-0/+2
| | | | | Otherwise struct members like sin6_flowinfo or sin6_scope_id might be set to bogus values.
* asn1: Fix handling of invalid ASN.1 length in is_asn1()Tobias Brunner2013-07-311-0/+5
| | | | Fixes CVE-2013-5018.
* keychain: be less verbose when loading certificatesMartin Willi2013-07-311-2/+5
|
* utils: add round_up/down() helper functionsMartin Willi2013-07-292-0/+49
|
* watcher: Made notify array initialization compatible with older GCC versionsTobias Brunner2013-07-251-2/+1
|
* unit-tests: Add additional tests for host_tTobias Brunner2013-07-251-3/+551
|
* array: Number of items in get_size() is unsignedTobias Brunner2013-07-251-1/+1
| | | | | | Otherwise, array->esize is promoted to int and if array->esize * num results in a value > 0x7fffffff the return value would be incorrect due the implicit sign extension when getting cast to size_t.
* stream: Ensure UNIX socket path is null terminatedTobias Brunner2013-07-241-0/+1
|
* pkcs5: Add missing break statements when checking crypto primitivesTobias Brunner2013-07-241-0/+2
|
* unit-tests: Add test for host_create_netmask()Tobias Brunner2013-07-244-1/+100
|
* host: Prevent overflow in host_create_netmask() if mask is 0 or 32/128Tobias Brunner2013-07-241-5/+7
|
* capabilities: Proper error handling when reading groupsTobias Brunner2013-07-241-1/+8
|
* processor: force synchronous execute_job() if set_threads(0) has been calledMartin Willi2013-07-191-1/+1
| | | | | | During daemon shutdown, some idle threads might be lingering around even if set_threads(0) already has been called. To avoid any races, we enforce synchronous execution of the job.
* keychain: Use AM_CPPFLAGS instead of INCLUDESTobias Brunner2013-07-191-1/+1
|
* Fix various API doc issues and typosTobias Brunner2013-07-186-9/+10
| | | | Partially based on an old patch by Adrian-Ken Rueegsegger.
* identification: parse identities having a "@@" prefix as ID_RFC822_ADDRMartin Willi2013-07-181-11/+10
| | | | Original patch by Gerald Richter.
* stream-service: move CAP_CHOWN check from plugins to service constructorMartin Willi2013-07-181-0/+5
| | | | | A plugin service can be a TCP socket now, so it does not make much sense to strictly check for CAP_CHOWN.
* processor: remove the now unused get_threads() method againMartin Willi2013-07-182-17/+0
|
* watcher: use processors new execute_job() to notify FDsMartin Willi2013-07-181-9/+1
| | | | | Just queueing is problematic, as all threads might be busy waiting for events that the queued (but never executed) job delivers.
* processor: add an execute_job() method to directly execute an important jobMartin Willi2013-07-182-0/+36
| | | | | | | If all worker threads are busy and waiting for an event, we must ensure that a job delivering that event gets executed. This new method has this property for CRITICAL jobs, using a worker if we have one, but executing the job directly if not.
* watcher: properly support multiple watch callback types for the same FDMartin Willi2013-07-182-36/+45
|
* watcher: read multiple notifications if availableMartin Willi2013-07-181-2/+15
| | | | | Use non-blocking I/O on the read end of the notify pipe. This also makes sure the read does not block should select() signal data while there is none.
* credmgr: introduce a hook function to catch trust chain validation errorsMartin Willi2013-07-185-6/+110
|
* stream: allow async read/write callback to destroy the stream explicitlyMartin Willi2013-07-182-10/+15
|
* stream: don't close underlying socket when creating a stream from itMartin Willi2013-07-181-1/+6
|
* watcher: add some debugging statementsMartin Willi2013-07-181-0/+12
|
* watcher: if the processor has no threads, execute the job with watcher threadMartin Willi2013-07-181-11/+19
| | | | | This is important during shutdown, where we might need to signal some FDs while all idle threads are gone already.
* processor: add a getter for the threads passed to set_threads()Martin Willi2013-07-182-1/+17
|
* watcher: unregister a watcher FD if its thread gets cancelledMartin Willi2013-07-181-0/+13
|
* watcher: release threads waiting in remove() when watcher thread gets cancelledMartin Willi2013-07-181-0/+24
| | | | | | | During daemon shutdown, users might call remove() after processor.set_threads(0) has been called. This gets problematic, as a watch event might be unable to signal completion when no threads are available anymore. Work around this issue by cancelling waiters once processor.cancel() has been called.
* stream: support keeping the service alive outside of service callbackMartin Willi2013-07-182-4/+5
|
* stream: add read/write_all() methods to streamMartin Willi2013-07-182-2/+73
|
* stream: support cancellation of stream service callbackMartin Willi2013-07-181-2/+3
|
* stream: use a service constructor to create servicesMartin Willi2013-07-182-77/+8
| | | | | | It does not make much sense to reference running services in the manager, especially as unregistration would need the URI (which a user would have to store instead of the service reference).
* stream: replace print/vprint() convenience functions by a FILE* getterMartin Willi2013-07-182-51/+20
| | | | | While this will complicate the implementation of streams not based on a fd, it allows us to unleash the full power of FILE based convenience functions.
* stream: add a concurrency option to services, limiting parallel callbacksMartin Willi2013-07-184-7/+71
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 21:27:01 +0000