aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
...
* stream-service: move CAP_CHOWN check from plugins to service constructorMartin Willi2013-07-181-0/+5
| | | | | A plugin service can be a TCP socket now, so it does not make much sense to strictly check for CAP_CHOWN.
* processor: remove the now unused get_threads() method againMartin Willi2013-07-182-17/+0
|
* watcher: use processors new execute_job() to notify FDsMartin Willi2013-07-181-9/+1
| | | | | Just queueing is problematic, as all threads might be busy waiting for events that the queued (but never executed) job delivers.
* processor: add an execute_job() method to directly execute an important jobMartin Willi2013-07-182-0/+36
| | | | | | | If all worker threads are busy and waiting for an event, we must ensure that a job delivering that event gets executed. This new method has this property for CRITICAL jobs, using a worker if we have one, but executing the job directly if not.
* watcher: properly support multiple watch callback types for the same FDMartin Willi2013-07-182-36/+45
|
* watcher: read multiple notifications if availableMartin Willi2013-07-181-2/+15
| | | | | Use non-blocking I/O on the read end of the notify pipe. This also makes sure the read does not block should select() signal data while there is none.
* credmgr: introduce a hook function to catch trust chain validation errorsMartin Willi2013-07-185-6/+110
|
* stream: allow async read/write callback to destroy the stream explicitlyMartin Willi2013-07-182-10/+15
|
* stream: don't close underlying socket when creating a stream from itMartin Willi2013-07-181-1/+6
|
* watcher: add some debugging statementsMartin Willi2013-07-181-0/+12
|
* watcher: if the processor has no threads, execute the job with watcher threadMartin Willi2013-07-181-11/+19
| | | | | This is important during shutdown, where we might need to signal some FDs while all idle threads are gone already.
* processor: add a getter for the threads passed to set_threads()Martin Willi2013-07-182-1/+17
|
* watcher: unregister a watcher FD if its thread gets cancelledMartin Willi2013-07-181-0/+13
|
* watcher: release threads waiting in remove() when watcher thread gets cancelledMartin Willi2013-07-181-0/+24
| | | | | | | During daemon shutdown, users might call remove() after processor.set_threads(0) has been called. This gets problematic, as a watch event might be unable to signal completion when no threads are available anymore. Work around this issue by cancelling waiters once processor.cancel() has been called.
* stream: support keeping the service alive outside of service callbackMartin Willi2013-07-182-4/+5
|
* stream: add read/write_all() methods to streamMartin Willi2013-07-182-2/+73
|
* stream: support cancellation of stream service callbackMartin Willi2013-07-181-2/+3
|
* stream: use a service constructor to create servicesMartin Willi2013-07-182-77/+8
| | | | | | It does not make much sense to reference running services in the manager, especially as unregistration would need the URI (which a user would have to store instead of the service reference).
* stream: replace print/vprint() convenience functions by a FILE* getterMartin Willi2013-07-182-51/+20
| | | | | While this will complicate the implementation of streams not based on a fd, it allows us to unleash the full power of FILE based convenience functions.
* stream: add a concurrency option to services, limiting parallel callbacksMartin Willi2013-07-184-7/+71
|
* stream: add a job priority option to stream servicesMartin Willi2013-07-184-7/+24
|
* stream: add backlog option to stream services, forward to listen()Martin Willi2013-07-184-11/+15
|
* stream: add support for TCP stream servicesMartin Willi2013-07-183-0/+53
|
* stream: add support for TCP streamsMartin Willi2013-07-183-2/+108
|
* stream: add support for UNIX stream servicesMartin Willi2013-07-183-0/+61
|
* stream: add support for UNIX streamsMartin Willi2013-07-183-0/+77
|
* stream: support async operation using watcherMartin Willi2013-07-182-0/+142
|
* stream: add printf()-style covenience functionsMartin Willi2013-07-182-1/+60
|
* stream: create library instance of stream-managerMartin Willi2013-07-185-5/+13
|
* stream: add a manager to dynamically register streams and servicesMartin Willi2013-07-184-3/+389
|
* stream: add a stream service class abstracting services using BSD socketsMartin Willi2013-07-184-0/+238
|
* stream: add a stream class abstracting BSD socketsMartin Willi2013-07-184-3/+205
| | | | | Currently only synchronous operation is supported, but this will be extended with asynchronous methods using the new watcher.
* watcher: add a centralized an generic facility to monitor file descriptorsMartin Willi2013-07-186-3/+504
|
* capabilities: Add function to check if a capability is held, without keeping itTobias Brunner2013-07-182-45/+75
| | | | | This can be useful if capabilities are not required anymore after dropping privileges.
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-1845-147/+194
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* soup: omit deprecated g_type_init() when using >= GLIB 2.36Martin Willi2013-07-181-0/+2
|
* keychain: flush certificate cache after reloading System keychainMartin Willi2013-07-181-0/+2
|
* keychain: monitor changes in the system keychain, reload when necessaryMartin Willi2013-07-181-0/+65
|
* keychain: use SearchCopyNext keychain enumeration for System certs as wellMartin Willi2013-07-181-71/+12
| | | | | | | SecItemCopyMatching seems to be problematic regarding memory management. And as there does not seem to be a good alternative to enumerate the System Roots keychain using the SecItemCopyMatching API, we stick to the deprecated enumeration functions for now.
* keychain: load certificates from System Roots KeychainMartin Willi2013-07-181-0/+65
|
* keychain: load certificates only once during startup, improving performanceMartin Willi2013-07-183-111/+78
|
* keychain: support on-the-fly enumeration of trusted/untrusted certificatesMartin Willi2013-07-182-1/+118
|
* keychain: add a stub for a credential plugin using OS X Keychain ServicesMartin Willi2013-07-186-0/+254
|
* credmgr: stop querying for secrets once we get a perfect matchMartin Willi2013-07-181-0/+4
|
* credmgr: don't use pointers for id_match_t enum valuesMartin Willi2013-07-181-2/+2
|
* openssl: parse X.509 extended key usage from extension parsing loopMartin Willi2013-07-181-33/+38
| | | | | Otherwise parsing gets aborted if unknown critical extensions are handled as error.
* openssl: show which critical X.509 extension is not supportedMartin Willi2013-07-181-1/+6
|
* hashtable: add common hashtable hash/equals functions for pointer/string keysMartin Willi2013-07-182-3/+68
|
* thread: implicitly create thread_t if an external thread calls thread_current()Martin Willi2013-07-181-1/+14
|
* linked-list: Remove barely used has_more() methodTobias Brunner2013-07-173-69/+1
| | | | | | | | This required some refactoring when handling encrypted payloads. Also changed log messages so that "encrypted payload" is logged instead of "encryption payload" (even if we internally still call it that) as that's the name used in RFC 5996.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 09:34:01 +0000