aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
...
* backtrace: use atos instead of addr2line on OS X to resolve source linesMartin Willi2013-05-061-3/+11
|
* backtrace: add an alternative stack unwinding implementation using libunwindMartin Willi2013-05-062-6/+35
|
* leak-detective: add support for OS X by hooking default malloc zoneMartin Willi2013-05-061-5/+160
|
* leak-detective: remove unused malloc call countersMartin Willi2013-05-061-7/+0
|
* leak-detective: align allocations on both 32 and 64-bit systems to 32 bytesMartin Willi2013-05-061-0/+5
|
* leak-detective: call tzset() explicitly before enabling leak detectiveMartin Willi2013-05-061-6/+11
| | | | | tzset() is hard to whitelist on some systems, as there is no symbol involved. Call tzset() explicitly before initialization to avoid false positives.
* leak-detective: override malloc functions instead of using deprecated hooksMartin Willi2013-05-061-128/+206
| | | | | | | malloc hooks have become deprecated, and their use has always been problematic, especially in multi-threaded applications. Replace the functionality by overriding all malloc functions and query the system allocator functions using dlsym() with RTLD_NEXT.
* Use the GEN silent rule when generating oid database with perlMartin Willi2013-05-062-2/+2
|
* Use the GEN silent rule when generating gperf filesMartin Willi2013-05-061-0/+1
|
* openssl: Define a default for FIPS_MODETobias Brunner2013-05-031-0/+4
|
* In memwipe_check(), don't put magic on stack when calling do_magic()Martin Willi2013-05-031-3/+3
| | | | Otherwise the magic might be on the stack while checking it.
* Dump stack if memwipe() check failsMartin Willi2013-05-031-3/+19
|
* During libstrongswan initialization, check if memwipe() works as expectedMartin Willi2013-04-181-1/+51
|
* support of OpenSSL FIPS-140-2 libraryAndreas Steffen2013-04-162-1/+20
|
* Allow SHA1_Init()/SHA1_Update() to fail if OpenSSL version >= 1.0Martin Willi2013-04-101-0/+14
|
* Check RSA_public_decrypt() length before constructing and comparing a chunkMartin Willi2013-04-101-7/+10
| | | | | If decryption fails, it returns -1. chunk_equals() should catch that error, but be more explicit in error checking.
* RSA_check_key() may return -1 if it failsMartin Willi2013-04-101-2/+2
|
* RAND_bytes/RAND_pseudo_bytes returns -1 if it is not supported by RAND methodMartin Willi2013-04-101-1/+1
|
* Check return value of ECDSA_Verify() correctlyMartin Willi2013-04-101-1/+1
|
* Properly handle situation if no resolver plugins are loadedTobias Brunner2013-04-011-1/+5
|
* Make some private functions in plugins staticTobias Brunner2013-03-272-5/+5
| | | | Fixes monolithic build.
* Add a method to replace all secrets in a mem_cred_t objectTobias Brunner2013-03-202-5/+68
|
* Properly cleanup libmysqlTobias Brunner2013-03-191-1/+1
| | | | Seems to work correctly with recent MySQL versions.
* Add Altiga Private Enterprise Numbers that Cisco uses in VPN 3000Martin Willi2013-03-122-1/+4
|
* esc() is only used if dladdr(3) is available5.0.3dr3Tobias Brunner2013-03-081-12/+13
|
* added some otherNames OIDsAndreas Steffen2013-03-061-0/+6
|
* Don't invoke addr2line if dladdr() did not yield a filenameMartin Willi2013-03-041-1/+1
|
* backtrace_t.log() takes a NULL file pointer to log to registered dbg() hookMartin Willi2013-03-042-33/+71
|
* Don't use color escapes when printing backtraces to a non-TTY fileMartin Willi2013-03-041-11/+20
|
* Add a utility function to resolve TTY color escape codes dynamicallyMartin Willi2013-03-042-0/+103
|
* make TNC Access Requestor ID available to IMVsAndreas Steffen2013-03-032-12/+18
|
* added getpwuid_r and initgroups to whitelistAndreas Steffen2013-03-031-0/+2
|
* Fixed Doxygen comments after scanning complete src directoryTobias Brunner2013-03-022-5/+5
|
* openssl: The EVP GCM interface requires at least OpenSSL 1.0.1Tobias Brunner2013-03-012-0/+8
|
* Merge branch 'multi-cert'Martin Willi2013-03-012-12/+77
|\ | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * After merging the used trustchain with config, move used certificate to frontMartin Willi2013-01-181-0/+24
| |
| * Try to build a trustchain for all configured certificates before enforcing oneMartin Willi2013-01-181-1/+29
| | | | | | | | | | This enables the daemon to select from multiple configured certificates by building trustchains against the received certificate requests.
| * Make AUTH_RULE_SUBJECT cert multi-valuedMartin Willi2013-01-181-11/+24
| | | | | | | | | | Constraints having multiple subject certs defined are fulfilled if authentication used one of the listed certificates.
* | Merge branch 'systime'Martin Willi2013-03-012-10/+69
|\ \ | | | | | | | | | | | | | | | Add a systime-fix plugin allowing an embedded system to validate certificates if the system time has not been synchronized after boot. Certificates of established tunnels can be re-validated after the system time gets valid.
| * | Add a cert_validator hook allowing plugins to provide custom lifetime checkingMartin Willi2013-02-192-10/+64
| | |
| * | Make cert_validator_t.validate optional to implementMartin Willi2013-02-192-0/+5
| | |
* | | Merge branch 'opaque-ports'Martin Willi2013-03-012-90/+127
|\ \ \ | | | | | | | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | | Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-212-16/+17
| | | |
| * | | Print OPAQUE traffic selectors as what they are, not as port rangeMartin Willi2013-02-211-0/+4
| | | |
| * | | Support "opaque" ports in traffic selector subset calculationMartin Willi2013-02-211-6/+32
| | | |
| * | | Slightly refactor traffic_selector_t.get_subset()Martin Willi2013-02-211-61/+68
| | | |
| * | | Migrate remaining traffic selector methods to METHOD macroMartin Willi2013-02-211-19/+18
| |/ /
* | | When running with an unprivileged user, initialize supplementary groupsMartin Willi2013-03-011-1/+37
| | |
* | | openssl: Provide AES-GCM implementationTobias Brunner2013-02-284-1/+312
| | |
* | | Fix cleanup in crypto_tester if AEAD implementation failsTobias Brunner2013-02-281-1/+4
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-04 15:18:51 +0000