aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
* RSA_check_key() may return -1 if it failsMartin Willi2013-04-101-2/+2
|
* RAND_bytes/RAND_pseudo_bytes returns -1 if it is not supported by RAND methodMartin Willi2013-04-101-1/+1
|
* Check return value of ECDSA_Verify() correctlyMartin Willi2013-04-101-1/+1
|
* Properly handle situation if no resolver plugins are loadedTobias Brunner2013-04-011-1/+5
|
* Make some private functions in plugins staticTobias Brunner2013-03-272-5/+5
| | | | Fixes monolithic build.
* Add a method to replace all secrets in a mem_cred_t objectTobias Brunner2013-03-202-5/+68
|
* Properly cleanup libmysqlTobias Brunner2013-03-191-1/+1
| | | | Seems to work correctly with recent MySQL versions.
* Add Altiga Private Enterprise Numbers that Cisco uses in VPN 3000Martin Willi2013-03-122-1/+4
|
* esc() is only used if dladdr(3) is available5.0.3dr3Tobias Brunner2013-03-081-12/+13
|
* added some otherNames OIDsAndreas Steffen2013-03-061-0/+6
|
* Don't invoke addr2line if dladdr() did not yield a filenameMartin Willi2013-03-041-1/+1
|
* backtrace_t.log() takes a NULL file pointer to log to registered dbg() hookMartin Willi2013-03-042-33/+71
|
* Don't use color escapes when printing backtraces to a non-TTY fileMartin Willi2013-03-041-11/+20
|
* Add a utility function to resolve TTY color escape codes dynamicallyMartin Willi2013-03-042-0/+103
|
* make TNC Access Requestor ID available to IMVsAndreas Steffen2013-03-032-12/+18
|
* added getpwuid_r and initgroups to whitelistAndreas Steffen2013-03-031-0/+2
|
* Fixed Doxygen comments after scanning complete src directoryTobias Brunner2013-03-022-5/+5
|
* openssl: The EVP GCM interface requires at least OpenSSL 1.0.1Tobias Brunner2013-03-012-0/+8
|
* Merge branch 'multi-cert'Martin Willi2013-03-012-12/+77
|\ | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * After merging the used trustchain with config, move used certificate to frontMartin Willi2013-01-181-0/+24
| |
| * Try to build a trustchain for all configured certificates before enforcing oneMartin Willi2013-01-181-1/+29
| | | | | | | | | | This enables the daemon to select from multiple configured certificates by building trustchains against the received certificate requests.
| * Make AUTH_RULE_SUBJECT cert multi-valuedMartin Willi2013-01-181-11/+24
| | | | | | | | | | Constraints having multiple subject certs defined are fulfilled if authentication used one of the listed certificates.
* | Merge branch 'systime'Martin Willi2013-03-012-10/+69
|\ \ | | | | | | | | | | | | | | | Add a systime-fix plugin allowing an embedded system to validate certificates if the system time has not been synchronized after boot. Certificates of established tunnels can be re-validated after the system time gets valid.
| * | Add a cert_validator hook allowing plugins to provide custom lifetime checkingMartin Willi2013-02-192-10/+64
| | |
| * | Make cert_validator_t.validate optional to implementMartin Willi2013-02-192-0/+5
| | |
* | | Merge branch 'opaque-ports'Martin Willi2013-03-012-90/+127
|\ \ \ | | | | | | | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | | Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-212-16/+17
| | | |
| * | | Print OPAQUE traffic selectors as what they are, not as port rangeMartin Willi2013-02-211-0/+4
| | | |
| * | | Support "opaque" ports in traffic selector subset calculationMartin Willi2013-02-211-6/+32
| | | |
| * | | Slightly refactor traffic_selector_t.get_subset()Martin Willi2013-02-211-61/+68
| | | |
| * | | Migrate remaining traffic selector methods to METHOD macroMartin Willi2013-02-211-19/+18
| |/ /
* | | When running with an unprivileged user, initialize supplementary groupsMartin Willi2013-03-011-1/+37
| | |
* | | openssl: Provide AES-GCM implementationTobias Brunner2013-02-284-1/+312
| | |
* | | Fix cleanup in crypto_tester if AEAD implementation failsTobias Brunner2013-02-281-1/+4
| | |
* | | Order of arguments in Doxygen comment fixedTobias Brunner2013-02-282-2/+2
| | |
* | | Fix auth_cfg_t.clone() for single-valued auth rulesTobias Brunner2013-02-281-10/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By using the default list enumerator and adding the rules with the public add() method, clones of auth_cfg_t objects would return the values for single-valued auth rules in the wrong order (i.e. the oldest instead of the newest value was returned). Using the internal enumerator (which the comment already suggested) fixes this, but the clone will not be a full clone as it does not contain any old values for single-valued auth rules. Since these will never be used anyway, this should be fine.
* | | Use SIGUSR2 for SIG_CANCEL on AndroidTobias Brunner2013-02-261-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SIGRTMIN is defined as 32 while sigset_t is defined as unsigned long (i.e. holds 32 signals). Hence, the signal could never be blocked. Sending the signal still canceled threads, but sometimes in situations where they shouldn't have been canceled (e.g. while holding a lock). Fixes #298.
* | | Android.mk updated to latest MakefilesTobias Brunner2013-02-261-0/+1
| | | | | | | | | | | | Fixes #300.
* | | openssl: Disable PKCS#7/CMS when building against OpenSSL < 0.9.8gTobias Brunner2013-02-202-1/+5
| | | | | | | | | | | | Fixes #292.
* | | Encode RSA public keys in RFC 3110 DNSKEY formatAndreas Steffen2013-02-196-2/+143
| | |
* | | Moved configuration from resolver manager to unbound pluginAndreas Steffen2013-02-196-52/+41
| | | | | | | | | | | | Also streamlined log messages in unbound plugin.
* | | unbound: Implementation of query method of unbound_resolver_tReto Guadagnini2013-02-192-7/+64
| | |
* | | unbound: Implemented resolver_response_t as unbound_response_tReto Guadagnini2013-02-193-1/+316
| | |
* | | Implemented rr_set_t interfaceReto Guadagnini2013-02-193-1/+113
| | |
* | | unbound: Implemented rr_t as unbound_rr_tReto Guadagnini2013-02-193-1/+215
| | |
* | | Added unbound plugin implementing the resolver interface using libunboundReto Guadagnini2013-02-196-0/+234
| | |
* | | Added manager for DNS resolversReto Guadagnini2013-02-195-1/+181
| | |
* | | Added interface for DNS resolversReto Guadagnini2013-02-196-0/+548
| | |
* | | Add a global return_success() method implementationMartin Willi2013-02-142-0/+13
| | |
* | | Add a convenience method to check pen_type_t for vendor and typeMartin Willi2013-02-141-0/+14
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 02:28:07 +0000