aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* scepclient: Option added to read self-signed certificate from a file.Tobias Brunner2012-06-112-21/+53
|
* scepclient: Generate uppercase transaction ID.Tobias Brunner2012-06-111-1/+1
|
* scepclient: Use HTTP 1.0 for all requests.Tobias Brunner2012-06-111-0/+2
|
* scepclient: Options added to specify digest/signature algorithms.Tobias Brunner2012-06-112-27/+92
| | | | | Also changed the defaults to DES/MD5 as that's what should be used if GetCACaps is not used to learn the issuers capabilities.
* Added function to convert integrity algorithms to hash algorithms (if based ↵Tobias Brunner2012-06-112-4/+50
| | | | on one).
* Properly encode 0 in ASN.1.Tobias Brunner2012-06-111-10/+7
| | | | | According to X.690 an INTEGER object always has at least one content octet.
* Don't use chunk_skip() in asn1_length().Tobias Brunner2012-06-111-1/+2
| | | | | | | | chunk_skip() returns chunk_empty if the length of the chunk is equal to the number of bytes to skip, this is problematic as asn1_length() modifies the original chunk. asn1_parser_t for instance uses the modified chunk to later calculate the length of the resulting ASN.1 object which produces incorrect results if it is based on chunk_empty.
* Changed memory management and call logic in PKCS#7 parser/generator.Tobias Brunner2012-06-112-85/+86
|
* Changed memory management and attribute handling in PKCS#9 wrapper.Tobias Brunner2012-06-113-112/+40
|
* scepclient: Also number CA certificates in case there is more than one.Tobias Brunner2012-06-112-14/+51
| | | | Also, only number them if there are multiple certificates.
* scepclient: Store received RA certificates, using CA cert name as base.Tobias Brunner2012-06-111-5/+67
|
* scepclient: Use pkcs7_t and pkcs9_t, remove all dependencies to ↵Tobias Brunner2012-06-114-289/+119
| | | | pluto/libfreeswan.
* Added get_attributes() method to pkcs7_t.Tobias Brunner2012-06-112-1/+15
|
* scepclient: Local generation of file names.Tobias Brunner2012-06-111-10/+48
|
* scepclient: Replaced usages of datatot().Tobias Brunner2012-06-111-6/+6
|
* scepclient: Migrated logging to libstrongswan.Tobias Brunner2012-06-115-513/+147
|
* Log group added for applications other than daemons.Tobias Brunner2012-06-112-0/+4
|
* scepclient: Some code cleanup.Tobias Brunner2012-06-113-335/+319
|
* Updated PKCS#7 parser/generator in libstrongswan.Tobias Brunner2012-06-114-201/+226
| | | | | Added some functionality from pluto's version, updated usage of asn1 and crypto primitives. It does compile but is not really tested yet.
* added missing parameter in get_my_addr() and get_other_addr() callsAndreas Steffen2012-06-091-2/+4
|
* implemented the right|leftallowany featureAndreas Steffen2012-06-0819-77/+137
|
* Enforce uniqueness policy in IKEv1 main and aggressive modesMartin Willi2012-06-082-0/+29
|
* starter: Go back to single threaded mode.Tobias Brunner2012-06-082-22/+7
| | | | | Mixing multiple threads and fork(2) wasn't a very good idea it seems. At least in some environments this caused strange side-effects.
* Disabled listening for kernel events in starter.Tobias Brunner2012-06-084-74/+110
|
* Try to rekey without KE exchange if peer returns INVALID_KE_PAYLOAD(NONE)Martin Willi2012-06-081-1/+8
| | | | | | According to RFC5996, implementations should just ignore the KE payload if they select a non-PFS proposals. Some implementations don't, but return MODP_NONE in INVALID_KE_PAYLOAD, hence we accept that, too.
* While checking for redundant quick modes, compare traffic selectorsMartin Willi2012-06-081-0/+22
| | | | | If a configuration is instanced more than once using narrowing, we should keep all unique quick modes up during rekeying.
* Store shorter soft lifetime of in- and outbound SAs onlyMartin Willi2012-06-081-1/+8
|
* Initiate quick mode rekeying with narrowed traffic selectorsMartin Willi2012-06-081-1/+18
|
* Use traffic selectors passed to quick mode constructor as initiatorMartin Willi2012-06-081-2/+10
|
* Instead of rekeying, delete a quick mode if we have a fresher instanceMartin Willi2012-06-081-6/+42
| | | | | | | | If both peers initiate quick mode rekeying simultaneously, we end up with duplicate SAs for a configuration. This can't be avoided, nor do the standards provide an appropriate solution. Instead of closing one SA immediately, we keep both. But once rekeying triggers, we don't refresh the SA with the shorter soft lifetime, but delete it.
* Properly handle empty RDN values in DN strings.Tobias Brunner2012-06-071-3/+11
|
* Properly install policies with ports in PF_KEY kernel interface.Tobias Brunner2012-06-071-27/+28
|
* As responder, enforce the same configuration while rekeying CHILD_SAsMartin Willi2012-06-063-1/+19
|
* starter: Only handle SIGCHLD asynchronously and the rest in pselect(2).Tobias Brunner2012-06-061-8/+17
|
* Show expiration time of rekeyed CHILD_SAs in statusallMartin Willi2012-06-051-1/+6
|
* starter: (De-)Initialize logging when forking.Tobias Brunner2012-06-051-0/+2
|
* starter: Close open file descriptors when forking daemons.Tobias Brunner2012-06-042-0/+2
|
* starter: Changed signal handling now that starter is multi-threaded.Tobias Brunner2012-06-042-15/+57
|
* Mark CHILD_SAs used for trap policies to uninstall them properly.Tobias Brunner2012-06-041-6/+13
| | | | | | | If the installation failed the state is not CHILD_ROUTED which means the wrong priority is used to uninstall the policies. This is a problem for kernel interfaces that keep track of installed policies as now the proper policy is not found (if the priority is considered).
* Fixed return values of several functions (e.g. return FALSE for pointer types).Tobias Brunner2012-05-317-9/+9
|
* Fix boolean return value if an empty RSA signature is detected in gmp pluginMartin Willi2012-05-311-1/+1
| | | | Fixes CVE-2012-2388.
* Avoid queueing more than one retry initiate job.Tobias Brunner2012-05-303-4/+35
|
* Retry IKE_SA initiation if DNS resolution failed.Tobias Brunner2012-05-301-4/+39
| | | | | This is disabled by default and can be enabled with the charon.retry_initiate_interval option in strongswan.conf.
* Job added to re-initiate an IKE_SA.Tobias Brunner2012-05-303-0/+144
|
* Fix MOBIKE address update if responder address changed.Tobias Brunner2012-05-251-2/+2
| | | | | Use the source address of the current MOBIKE message as peer address instead of assuming the address cached on the IKE_SA is still valid.
* Resolve hosts before reauthenticating due to address change.Tobias Brunner2012-05-251-0/+2
|
* Don't queue delete_ike_sa job when setting IKE_DELETING.Tobias Brunner2012-05-252-9/+1
| | | | | This avoids deleting IKE_SAs during reauthentication (without trying to reestablish them).
* During reauthentication reestablish IKE_SA even if deleting the old one fails.Tobias Brunner2012-05-251-0/+6
|
* Integrated main parts of IKE_REAUTH task into ike_sa_t.reestablish.Tobias Brunner2012-05-252-115/+77
|
* Fixed route lookup in case MOBIKE is not enabled.Tobias Brunner2012-05-251-3/+9
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-13 17:55:32 +0000