aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* trace back crypto algorithms to the plugins that registered themAndreas Steffen2010-12-1830-406/+593
|
* Install selectors on transport mode IPsec SAs.Jiri Bohac2010-12-132-1/+2
| | | | | | | | | | | | | | | | This fixes several test cases in IKEv2_Self_Test (part of the IPv6 Ready Logo Program) which is required for USGv6 certification, namely: - IKEv2.EN.I.1.1.7.1, IKEv2.EN.I.1.1.7.1: Narrowing the range of members of the set of traffic selectors - IKEv2.EN.R.1.1.7.3: Narrowing multiple traffic selector When traffic selectors of a triggered SA are narrowed by the responder, the installed policy and the broader trap policy share the same reqid. Without selectors on the IPsec SA packets matching the trap policy, but not the narrowed policy, would incorrectly be handled by that IPsec SA. Since only one selector can be specified per IPsec SA, there is currently no solution for tunnel mode SAs.
* fixed bug in mem_cred.c:add_crl()Andreas Steffen2010-12-121-1/+1
|
* reverted Connection ID to capital lettersAndreas Steffen2010-12-121-2/+2
|
* fixed a bug in enum_from_name() functionAndreas Steffen2010-12-121-1/+1
|
* some more cosmeticsAndreas Steffen2010-12-121-9/+9
|
* final cosmetics in PB-TNC debug outputAndreas Steffen2010-12-122-31/+30
|
* implemented PB-TNC message parsing checksAndreas Steffen2010-12-1225-605/+1195
|
* some code optimizationsAndreas Steffen2010-12-111-42/+67
|
* support handshake retry requestsAndreas Steffen2010-12-101-0/+15
|
* the PB-TNC protocol is workingAndreas Steffen2010-12-102-15/+50
|
* refactored message handlingAndreas Steffen2010-12-101-147/+194
|
* do not accept results and recommendation messages from clientsAndreas Steffen2010-12-101-10/+29
|
* defined some additional Private Enterprise NumbersAndreas Steffen2010-12-101-2/+6
|
* define pb_tnc_state_machine_t objectAndreas Steffen2010-12-106-229/+401
|
* debug cosmeticsAndreas Steffen2010-12-102-13/+21
|
* Renamed purgex509/crl to purgecerts/crls to be consistent with list commandsMartin Willi2010-12-106-17/+17
|
* implemented handling of received PB-TNC messagesAndreas Steffen2010-12-102-14/+179
|
* Added options to flush CRLs/X509 certs from the cert cacheMartin Willi2010-12-106-2/+26
|
* refactored PB-TNC state machine in receive directionAndreas Steffen2010-12-091-83/+90
|
* refactored PB-TNC state machine in send directionAndreas Steffen2010-12-091-91/+95
|
* pb_tnc_batch_t class implements parsing and building of PB-TNC batchesAndreas Steffen2010-12-0912-430/+1155
|
* fixed memory corruptionAndreas Steffen2010-12-081-1/+1
|
* Never register IKE_SA during checkout_new, as rekeying keeps it checked outMartin Willi2010-12-072-18/+2
|
* Include the destination net in the policy priority calculation.Tobias Brunner2010-12-072-12/+20
| | | | | | | | | | | | | The resulting priorities are as follows: IPv6 IPv4 routed normal routed normal max 4096(+3) 2048(+3) 4096(+3) 2048(+3) min 3072 1024 3840 1792 Where min is for a policy between two single hosts and max is for /0 on both ends (lower priorities are preferred by the kernel). (+3) applies for cases where no protocol and no ports are defined.
* added newlineAndreas Steffen2010-12-071-0/+1
|
* re-introduced commentAndreas Steffen2010-12-071-1/+3
|
* Migrated stroke_control_t to INIT/METHOD macrosAndreas Steffen2010-12-071-46/+30
|
* Migrated stroke_plugin_t to INIT/METHOD macrosAndreas Steffen2010-12-071-7/+11
|
* Guarantee entry->other is set when calling put_connected_peersThomas Egerer2010-12-061-1/+7
| | | | | | | | | | | Given the original intent of entry->host, the check for DoS attacks, it can happen that this value remains NULL when an entry is created. This is particularly awkward if put_connected_peers is called to check if a connection to a given peer already exists, since it takes the address family into consideration (git commit b74219d0) which is gleaned from entry->host. This patch guarantees that entry->other is a clone of host before put_connected_peers is called.
* stupid typoAndreas Steffen2010-12-051-1/+1
|
* cosmeticsAndreas Steffen2010-12-051-2/+2
|
* cosmeticsAndreas Steffen2010-12-051-3/+3
|
* added parsing checksAndreas Steffen2010-12-051-6/+10
|
* output TLS-independent error messagesAndreas Steffen2010-12-051-9/+9
|
* support of reqid field in SQL databaseAndreas Steffen2010-12-053-6/+9
|
* fixed pb_reason_string_message_t classAndreas Steffen2010-12-052-51/+13
|
* Migrated fips_prf plugin to INIT/METHOD macrosAndreas Steffen2010-12-042-36/+37
|
* Migrated md4_plugin_t to INIT/METHOD macrosAndreas Steffen2010-12-041-7/+11
|
* Migrated md5_plugin_t to INIT/METHOD macrosAndreas Steffen2010-12-041-7/+11
|
* Migrated ldap plugin to INIT/METHOD macrosAndreas Steffen2010-12-042-23/+28
|
* Migrated pubkey_plugin_t to INIT/METHOD macrosAndreas Steffen2010-12-041-7/+11
|
* Migrated pkcs1_plugin_t to INIT/METHOD macrosAndreas Steffen2010-12-041-6/+10
|
* Migrated curl_plugin_t to INIT/METHOD macrosAndreas Steffen2010-12-041-6/+10
|
* Migrated random plugin to INIT/METHOD macrosAndreas Steffen2010-12-042-26/+27
|
* Migrated sha1_plugin_t to INIT/METHOD macrosAndreas Steffen2010-12-041-6/+10
|
* Migrated sha2_plugin_t to INIT/METHOD macrosAndreas Steffen2010-12-041-6/+10
|
* Migrated mysql plugin to INIT/METHOD macrosAndreas Steffen2010-12-042-28/+27
|
* use private destroy() functionAndreas Steffen2010-12-041-1/+1
|
* Migrated sqlite plugin to INIT/METHOD macrosAndreas Steffen2010-12-042-31/+30
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-21 12:16:41 +0000