Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | libtnccs: Correctly read dlopen_use_rtld_now option | Tobias Brunner | 2017-09-18 | 2 | -2/+2 |
| | | | | Fixes: 50e4aeb22f49 ("libtnccs: Optionally use RTLD_NOW to load IMC/IMVs with dlopen()") | ||||
* | libtnccs: Fixed memory leak of global variables in libxml2 | Andreas Steffen | 2017-05-29 | 1 | -1/+4 |
| | |||||
* | Change interface for enumerator_create_filter() callback | Tobias Brunner | 2017-05-26 | 1 | -16/+18 |
| | | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback. | ||||
* | Use standard unsigned integer types | Andreas Steffen | 2016-03-24 | 25 | -105/+105 |
| | |||||
* | Fix of the mutual TNC measurement use case | Andreas Steffen | 2016-02-16 | 1 | -19/+19 |
| | | | | | | | | | | | | | | | | | If the IKEv2 initiator acting as a TNC server receives invalid TNC measurements from the IKEv2 responder acting as a TNC clienti, the exchange of PB-TNC batches is continued until the IKEv2 responder acting as a TNC server has also finished its TNC measurements. In the past if these measurements in the other direction were correct the IKEv2 responder acting as EAP server declared the IKEv2 EAP authentication successful and the IPsec connection was established even though the TNC measurement verification on the EAP peer side failed. The fix adds an "allow" group membership on each endpoint if the corresponding TNC measurements of the peer are successful. By requiring a "allow" group membership in the IKEv2 connection definition the IPsec connection succeeds only if the TNC measurements on both sides are valid. | ||||
* | libtnccs: Optionally use RTLD_NOW to load IMC/IMVs with dlopen() | Tobias Brunner | 2015-11-09 | 2 | -2/+14 |
| | |||||
* | Fixed AR identities in mutual TNC measurements case | Andreas Steffen | 2015-08-15 | 1 | -2/+6 |
| | |||||
* | Fixed PB-TNC directionality debug message | Andreas Steffen | 2015-04-24 | 1 | -1/+1 |
| | |||||
* | Fix years in some copyright statements | Tobias Brunner | 2015-04-16 | 1 | -1/+1 |
| | |||||
* | Added tnc/tnccs-20-fail-init and tnc/tnccs-20-fail-resp scenarios | Andreas Steffen | 2015-03-27 | 8 | -8/+178 |
| | |||||
* | Fixed PB-TNC error handling | Andreas Steffen | 2015-03-27 | 4 | -35/+32 |
| | |||||
* | tnccs-20: Fix error handling in build() | Tobias Brunner | 2015-03-25 | 1 | -9/+5 |
| | |||||
* | libtnccs: Set apidoc category to libtnccs and move plugins | Tobias Brunner | 2015-03-25 | 6 | -6/+6 |
| | |||||
* | libtnccs: Fix apidoc category for split IF-TNCCS 2.0 header files | Tobias Brunner | 2015-03-25 | 3 | -5/+5 |
| | | | | | Fixes 80322d2cee75 ("Split IF-TNCCS 2.0 protocol processing into separate TNC client and server handlers"). | ||||
* | Fixed some typos, courtesy of codespell | Tobias Brunner | 2015-03-25 | 1 | -1/+1 |
| | |||||
* | Implemented PB-TNC mutual half-duplex protocol | Andreas Steffen | 2015-03-23 | 5 | -35/+139 |
| | |||||
* | Optionally announce PB-TNC mutual protocol capability | Andreas Steffen | 2015-03-23 | 9 | -13/+420 |
| | |||||
* | Split IF-TNCCS 2.0 protocol processing into separate TNC client and server ↵ | Andreas Steffen | 2015-03-23 | 9 | -799/+1746 |
| | | | | handlers | ||||
* | Make access requestor IP address available to TNC server | Andreas Steffen | 2015-03-08 | 7 | -71/+197 |
| | |||||
* | libnccs: Fix casts between integers and pointers | Martin Willi | 2014-06-04 | 1 | -2/+2 |
| | |||||
* | tnc-imc/imv: Don't include <dlfcn.h> on Windows | Martin Willi | 2014-06-04 | 2 | -0/+4 |
| | |||||
* | plugins: Don't link with -rdynamic on Windows | Martin Willi | 2014-06-04 | 6 | -6/+6 |
| | |||||
* | Increased maximum PT-TLS message size to 2MB | Andreas Steffen | 2014-05-31 | 1 | -2/+2 |
| | |||||
* | Automatic determination of maximum PB-TNC batch and PA-TNC message size | Andreas Steffen | 2014-05-31 | 5 | -12/+46 |
| | |||||
* | enum: Return boolean result for enum_from_name() lookup | Martin Willi | 2014-05-16 | 3 | -12/+12 |
| | | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned. | ||||
* | libtnccs: Move settings to <ns>.tnc and <ns>.plugins with fallback | Tobias Brunner | 2014-02-12 | 6 | -7/+8 |
| | |||||
* | tnccs: Use chunk_map() instead of non-portable mmap() | Martin Willi | 2014-01-23 | 1 | -1/+0 |
| | |||||
* | PB-TNC PDP_REFERRAL message doesn't have to be in RESULT batch | Andreas Steffen | 2013-10-31 | 1 | -1/+1 |
| | |||||
* | libtnccs: Add dummy entry to pb_tnc_tcg_msg_infos | Tobias Brunner | 2013-10-29 | 1 | -1/+2 |
| | | | | | That's required because the first message type in pb_tnc_tcg_msg_type_t is 1 not 0. | ||||
* | Doxygen fixes | Tobias Brunner | 2013-10-15 | 1 | -2/+1 |
| | |||||
* | Keep a copy of the tnccs instance for PT-TLS handover | Andreas Steffen | 2013-10-09 | 3 | -25/+113 |
| | |||||
* | Implemented TCG/PB-PDP_Referral message | Andreas Steffen | 2013-09-17 | 4 | -13/+141 |
| | |||||
* | Allow vendor-specific PB-TNC messages | Andreas Steffen | 2013-09-17 | 23 | -138/+583 |
| | |||||
* | Extract client identity and authentication type from SASL authentication | Andreas Steffen | 2013-08-15 | 3 | -0/+28 |
| | |||||
* | moved tnc_imv plugin to libtnccs thanks to recommendation callback function | Andreas Steffen | 2013-08-15 | 18 | -26/+1866 |
| | |||||
* | Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon ↵ | Andreas Steffen | 2013-08-15 | 66 | -0/+10619 |
plugins to libtnccs |