aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* fixed typoAndreas Steffen2010-08-311-1/+1
|
* Do not process any more TLS handshake messages on fatal alertsMartin Willi2010-08-311-0/+4
|
* Load a left/rightcert2 for EAP-TLS even if no left/rightauth2 is definedMartin Willi2010-08-311-1/+10
|
* Strictly check if the server certificate matches the TLS server identityMartin Willi2010-08-311-0/+44
|
* Use the AAA Identity for EAP authentication, if givenMartin Willi2010-08-312-1/+14
|
* Added support for the ipsec.conf aaa_identity keywordMartin Willi2010-08-319-0/+18
|
* Added an AAA identity authentication config optionMartin Willi2010-08-312-0/+10
|
* Added strongswan.conf options for EAP-TLS/TTLS fragment sizeMartin Willi2010-08-314-14/+30
|
* Support processing of partial TLS record headersMartin Willi2010-08-311-15/+39
|
* Migrated EAP-TTLS to the generic TLS helperMartin Willi2010-08-311-281/+21
|
* Migrated EAP-TLS to the generic TLS helperMartin Willi2010-08-311-272/+19
|
* Implemented a generic TLS EAP helper to implement EAP-TLS, TTLS and other ↵Martin Willi2010-08-313-0/+415
| | | | variants
* Support output fragmentation of TLS recordsMartin Willi2010-08-315-52/+123
|
* Moved EAP type/code definitions to a seprate header file in libstrongswanMartin Willi2010-08-319-179/+228
|
* Implemented buffering of partial records in TLS stackMartin Willi2010-08-311-15/+65
|
* Log TLS handshake subtypes as handshakesMartin Willi2010-08-311-5/+5
|
* Do not strdup() zero length strings in identification_create_from_string()Martin Willi2010-08-311-4/+20
|
* Enable the generation of unencrypted messages (e.g. ME connectivity checks).Tobias Brunner2010-08-301-9/+10
|
* fixed copy-and-paste errorsAndreas Steffen2010-08-302-2/+2
|
* created an eap-tnc method hullAndreas Steffen2010-08-306-0/+363
|
* for the time being assume a single request/response exchange for a given EAP ↵Andreas Steffen2010-08-301-2/+3
| | | | method
* Port floating patch partially reversed.Tobias Brunner2010-08-302-12/+8
| | | | | | If MOBIKE is enabled, we do have to switch to port 4500 with the IKE_AUTH request, that is, before we know whether the other peer actually supports MOBIKE or not.
* Slightly refactored port floating.Tobias Brunner2010-08-305-35/+39
| | | | In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE.
* defined EAP-TNCAndreas Steffen2010-08-302-2/+8
|
* Unwrap crlNumber INTEGER in openssl CRL parsingMartin Willi2010-08-301-4/+13
|
* Added crl support to pki --printMartin Willi2010-08-301-7/+52
|
* Typo in doxygen comment fixed.Tobias Brunner2010-08-301-1/+1
|
* Fixed ME after introduction of AEAD wrapper.Tobias Brunner2010-08-301-1/+1
|
* Fixed pluto smartcard support after introducing encryption schemesMartin Willi2010-08-301-2/+2
|
* Win7 might send up to 7k of certificate requestsAndreas Steffen2010-08-273-3/+3
|
* Fixed documentation of XAUTH in ipsec.secrets.Tobias Brunner2010-08-261-3/+3
|
* Prefer AES/Camellia suites over 3DES/NULL encryptionMartin Willi2010-08-251-16/+16
|
* Send TLS alerts for errors in TLS handshake buildingMartin Willi2010-08-253-0/+12
|
* Refactored fragment building, use correct TLS content type for non-first ↵Martin Willi2010-08-251-67/+82
| | | | fragments
* Update delete_payload length when adding SPIsMartin Willi2010-08-251-0/+1
|
* Migrated delete_payload to INIT/METHOD macros, replaced iteratorMartin Willi2010-08-253-130/+108
|
* Use different return values in payload decryption to distinguish between ↵Martin Willi2010-08-253-12/+16
| | | | integrity and syntax errors
* Added a simple high level TLS wrapper for socketsMartin Willi2010-08-254-0/+290
|
* Initialize output chunk before appending data to itMartin Willi2010-08-251-0/+1
|
* Added private key support to in-memory credential setMartin Willi2010-08-252-1/+77
|
* Added certificate support to in-memory credential setMartin Willi2010-08-252-2/+121
|
* Check if colliding rekey actually created an IKE_INITThomas Egerer2010-08-251-37/+42
| | | | | | In some cases (especially if a child is half-open) the colliding rekey-job might not have created the ike_init member. If so, the nonce check fails with SIGSEGV.
* Added a ike_name logger option to prefix the IKE_SA name on each lineMartin Willi2010-08-255-19/+69
|
* removed tls_record_t definitionAndreas Steffen2010-08-241-10/+0
|
* Pass NULL peer identity to omit TLS peer authentication, added ↵Martin Willi2010-08-247-49/+36
| | | | eap-ttls.request_peer_auth option
* Skip the close notify if application layer completes successfullyMartin Willi2010-08-242-4/+11
|
* support fragmentation in AVPsAndreas Steffen2010-08-243-21/+118
|
* removed some redundant debug outputAndreas Steffen2010-08-242-4/+0
|
* Added generic TLS purposesMartin Willi2010-08-243-6/+19
|
* Client sends empty EAP-TTLS packet on fatal alerts to properly shut down TLSMartin Willi2010-08-241-0/+6
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-22 21:31:13 +0000