aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
...
* backtrace_t.log() takes a NULL file pointer to log to registered dbg() hookMartin Willi2013-03-042-33/+71
|
* Don't use color escapes when printing backtraces to a non-TTY fileMartin Willi2013-03-041-11/+20
|
* Add a utility function to resolve TTY color escape codes dynamicallyMartin Willi2013-03-042-0/+103
|
* make TNC Access Requestor ID available to IMVsAndreas Steffen2013-03-032-12/+18
|
* added getpwuid_r and initgroups to whitelistAndreas Steffen2013-03-031-0/+2
|
* Fixed Doxygen comments after scanning complete src directoryTobias Brunner2013-03-022-5/+5
|
* openssl: The EVP GCM interface requires at least OpenSSL 1.0.1Tobias Brunner2013-03-012-0/+8
|
* Merge branch 'multi-cert'Martin Willi2013-03-012-12/+77
|\ | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * After merging the used trustchain with config, move used certificate to frontMartin Willi2013-01-181-0/+24
| |
| * Try to build a trustchain for all configured certificates before enforcing oneMartin Willi2013-01-181-1/+29
| | | | | | | | | | This enables the daemon to select from multiple configured certificates by building trustchains against the received certificate requests.
| * Make AUTH_RULE_SUBJECT cert multi-valuedMartin Willi2013-01-181-11/+24
| | | | | | | | | | Constraints having multiple subject certs defined are fulfilled if authentication used one of the listed certificates.
* | Merge branch 'systime'Martin Willi2013-03-012-10/+69
|\ \ | | | | | | | | | | | | | | | Add a systime-fix plugin allowing an embedded system to validate certificates if the system time has not been synchronized after boot. Certificates of established tunnels can be re-validated after the system time gets valid.
| * | Add a cert_validator hook allowing plugins to provide custom lifetime checkingMartin Willi2013-02-192-10/+64
| | |
| * | Make cert_validator_t.validate optional to implementMartin Willi2013-02-192-0/+5
| | |
* | | Merge branch 'opaque-ports'Martin Willi2013-03-012-90/+127
|\ \ \ | | | | | | | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | | Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-212-16/+17
| | | |
| * | | Print OPAQUE traffic selectors as what they are, not as port rangeMartin Willi2013-02-211-0/+4
| | | |
| * | | Support "opaque" ports in traffic selector subset calculationMartin Willi2013-02-211-6/+32
| | | |
| * | | Slightly refactor traffic_selector_t.get_subset()Martin Willi2013-02-211-61/+68
| | | |
| * | | Migrate remaining traffic selector methods to METHOD macroMartin Willi2013-02-211-19/+18
| |/ /
* | | When running with an unprivileged user, initialize supplementary groupsMartin Willi2013-03-011-1/+37
| | |
* | | openssl: Provide AES-GCM implementationTobias Brunner2013-02-284-1/+312
| | |
* | | Fix cleanup in crypto_tester if AEAD implementation failsTobias Brunner2013-02-281-1/+4
| | |
* | | Order of arguments in Doxygen comment fixedTobias Brunner2013-02-282-2/+2
| | |
* | | Fix auth_cfg_t.clone() for single-valued auth rulesTobias Brunner2013-02-281-10/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By using the default list enumerator and adding the rules with the public add() method, clones of auth_cfg_t objects would return the values for single-valued auth rules in the wrong order (i.e. the oldest instead of the newest value was returned). Using the internal enumerator (which the comment already suggested) fixes this, but the clone will not be a full clone as it does not contain any old values for single-valued auth rules. Since these will never be used anyway, this should be fine.
* | | Use SIGUSR2 for SIG_CANCEL on AndroidTobias Brunner2013-02-261-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SIGRTMIN is defined as 32 while sigset_t is defined as unsigned long (i.e. holds 32 signals). Hence, the signal could never be blocked. Sending the signal still canceled threads, but sometimes in situations where they shouldn't have been canceled (e.g. while holding a lock). Fixes #298.
* | | Android.mk updated to latest MakefilesTobias Brunner2013-02-261-0/+1
| | | | | | | | | | | | Fixes #300.
* | | openssl: Disable PKCS#7/CMS when building against OpenSSL < 0.9.8gTobias Brunner2013-02-202-1/+5
| | | | | | | | | | | | Fixes #292.
* | | Encode RSA public keys in RFC 3110 DNSKEY formatAndreas Steffen2013-02-196-2/+143
| | |
* | | Moved configuration from resolver manager to unbound pluginAndreas Steffen2013-02-196-52/+41
| | | | | | | | | | | | Also streamlined log messages in unbound plugin.
* | | unbound: Implementation of query method of unbound_resolver_tReto Guadagnini2013-02-192-7/+64
| | |
* | | unbound: Implemented resolver_response_t as unbound_response_tReto Guadagnini2013-02-193-1/+316
| | |
* | | Implemented rr_set_t interfaceReto Guadagnini2013-02-193-1/+113
| | |
* | | unbound: Implemented rr_t as unbound_rr_tReto Guadagnini2013-02-193-1/+215
| | |
* | | Added unbound plugin implementing the resolver interface using libunboundReto Guadagnini2013-02-196-0/+234
| | |
* | | Added manager for DNS resolversReto Guadagnini2013-02-195-1/+181
| | |
* | | Added interface for DNS resolversReto Guadagnini2013-02-196-0/+548
| | |
* | | Add a global return_success() method implementationMartin Willi2013-02-142-0/+13
| | |
* | | Add a convenience method to check pen_type_t for vendor and typeMartin Willi2013-02-141-0/+14
| | |
* | | Add a comparison function for pen_type_tMartin Willi2013-02-141-0/+12
| | |
* | | Whitespace and comment cleanups in pen.[ch]Martin Willi2013-02-142-20/+28
| | |
* | | Merge branch 'ike-dscp'Martin Willi2013-02-143-2/+35
|\ \ \
| * | | Add a DSCP value with getter/setter on packet_tMartin Willi2013-02-062-0/+33
| | | |
| * | | Set sockaddr family on ifreq instead of casted familiy specific sockaddrMartin Willi2013-02-061-2/+2
| |/ / | | | | | | | | | Fixes a strict-aliasing rule compiler warning with older gcc.
* | | Merge branch 'pt-tls'Martin Willi2013-02-143-1/+37
|\ \ \
| * | | Add a bio_reader_t constructor variant freeing passed data during destructionMartin Willi2013-01-152-1/+32
| | | |
| * | | Add a chunk_from_str() initializer that does not include 0-terminatorMartin Willi2013-01-151-0/+5
| | |/ | |/|
* | | Use CURL_TIMEOUT and not CURL_CONNECTTIMEOUT for FETCHER_TIMEOUT in curlMartin Willi2013-02-081-5/+12
| | | | | | | | | | | | | | | This allows us to use this timeout beyond DNS resolution. For the initial connect, we use a hardcoded timeout of 10s for now.
* | | time is a time_t pointerAndreas Steffen2013-02-041-1/+1
| | |
* | | print PEN value 0xfffffe as UnassignedAndreas Steffen2013-02-032-15/+17
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 21:03:14 +0000