aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* | handle case where subject = NULL but keyid is set4.6.2Andreas Steffen2012-02-201-1/+2
| |
* | fixed attest sql query in list_measurements()Andreas Steffen2012-02-151-1/+1
| |
* | Compiler warnings fixed.Tobias Brunner2012-02-142-2/+2
| |
* | pluto: Print expiry time more properly.Tobias Brunner2012-02-141-2/+3
| |
* | pluto: Drop support for legacy PSK format.Tobias Brunner2012-02-081-15/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Any line in ipsec.secrets starting with " or ' was treated as PSK without ID selectors by pluto. This prevented it from supporting DNs like "C=CH, O=Linux strongSwan, OU=Sales, CN=alice@strongswan.org" as ID selectors. PSKs defined in this legacy format can easily be updated by changing "thisIsASecret" into : PSK "thisIsASecret"
* | Double check if a cached suite is available, overwrite any old suite stateMartin Willi2012-02-071-2/+3
| |
* | Some Doxygen fixes.Tobias Brunner2012-02-073-11/+11
| |
* | Fix TLS EAP-MSK derivation, uses different order of randoms than key expansionMartin Willi2012-02-071-0/+1
| |
* | Filter TLS suite MAC by HMAC algorithm, as the hash is not necessarily the sameMartin Willi2012-02-071-4/+4
| |
* | Update usage for all children in RADIUS accounting just before sending StopMartin Willi2012-02-061-1/+12
| |
* | Check if ClusterIP directory could be opened before enumerating itMartin Willi2012-02-061-17/+26
| |
* | ipsec attest adds and deletes key/component pairsAndreas Steffen2012-02-051-4/+21
| |
* | check if TNC client has a valid and registered AIKAndreas Steffen2012-02-055-25/+62
| |
* | Trigger DPD not before IKE_SA state gets updatedMartin Willi2012-02-021-6/+8
| |
* | Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE stateMartin Willi2012-02-021-0/+26
| |
* | Moved log message for unexpected ASN.1 objects to level 2.Tobias Brunner2012-02-011-1/+1
| | | | | | | | This avoids error messages if later builders can successfully decode something.
* | Added support for PKCS#5 v2 schemes when decrypting PKCS#8 files.Tobias Brunner2012-02-013-61/+323
| |
* | Added support for encrypted PKCS#8 files (for some PKCS#5 v1.5 schemes).Tobias Brunner2012-02-013-4/+261
| |
* | Added support to parse PKCS#8 encoded ECDSA private keys.Tobias Brunner2012-02-013-12/+28
| |
* | OpenSSL plugin parses ECDSA private keys with explicitly specified EC ↵Tobias Brunner2012-02-011-9/+30
| | | | | | | | | | | | | | parameters. This is needed in case the key itself does not contain the parameters, which is the case for PKCS#8.
* | Add builder part for parameters from algorithmIdentifier.Tobias Brunner2012-02-012-1/+4
| |
* | Return parsed parameters from algorithmIdentifier if they are an OID (aka EC ↵Tobias Brunner2012-02-011-1/+1
| | | | | | | | | | | | | | named curve). Explicit EC parameters are not supported with this function, but before this change no parameters were actually ever returned.
* | Parse RSA private keys from PKCS#8 encoded blobs.Tobias Brunner2012-02-014-1/+151
| |
* | Added PKCS#8 stub plugin.Tobias Brunner2012-02-014-0/+139
| |
* | Added an option to load CA certificates without CA basic constraint.Tobias Brunner2012-02-011-4/+34
| | | | | | | | | | | | Enabling this option treats all certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA certificates even if they do not contain a CA basic constraint.
* | Support RADIUS accounting messages containing Framed-IP and ↵Martin Willi2012-01-304-0/+376
| | | | | | | | Inbound/Outbound-Octets
* | Open RADIUS accounting sockets to exchange accounting messagesMartin Willi2012-01-305-46/+91
| |
* | Support signing of RADIUS accounting messagesMartin Willi2012-01-303-10/+26
| |
* | RADIUS message constructor accepts a message code parameterMartin Willi2012-01-303-7/+8
| |
* | Disable crypto benchmarking if CLOCK_THREAD_CPUTIME_ID is not available.Tobias Brunner2012-01-301-0/+10
| |
* | Cache list of plugin names to further simplify its usage.Tobias Brunner2012-01-198-73/+62
| | | | | | | | Also helpful for ipsec statusall to avoid having to enumerate plugins.
* | Log list of loaded plugins in main PKI help output.Tobias Brunner2012-01-191-0/+8
| |
* | Simplified logging of list of loaded plugins.Tobias Brunner2012-01-195-59/+22
| |
* | Function added to plugin_loader to get a list of the names of loaded plugins.Tobias Brunner2012-01-192-1/+34
| |
* | Use correct time_t variables to store ARG_TIME optionsMartin Willi2012-01-182-4/+4
| |
* | Destroy active task list before queued tasksThomas Egerer2012-01-181-3/+3
| | | | | | | | | | | | | | Since active task's destruction might result in adopting tasks from a rekeyed ike sa it seems better to first destroy the active task list and then destroy all queued tasks. This way adoption is possible at all, while otherwise the queued task list would be empty.
* | Various style, typo and whitespace correctionsAdrian-Ken Rueegsegger2012-01-131-3/+2
| |
* | Starter depends on whack/stroke on Android.Tobias Brunner2012-01-121-0/+5
| | | | | | | | | | With this change whack and stroke get installed automatically if starter is enabled.
* | Android 4 requires LOCAL_MODULE_TAGS to be set for all modules.Tobias Brunner2012-01-1212-0/+24
| | | | | | | | | | | | | | Because all packages are now marked as optional executables that are to be installed on the final system have to be added to PRODUCT_PACKAGES in build/target/product/core.mk. Dependencies (such as libraries) are installed automatically.
* | Fixed additional typos in comments and log messages.Tobias Brunner2012-01-1214-19/+19
| |
* | Fix whitespacesAdrian-Ken Rueegsegger2012-01-122-16/+16
| |
* | Some documentation correctionsAdrian-Ken Rueegsegger2012-01-128-33/+32
| |
* | Fix gettid() on Android, which is defined in unistd.h there.Tobias Brunner2012-01-121-3/+4
| |
* | Use native gettid() if available (which is the case on Android).Tobias Brunner2012-01-101-3/+11
| |
* | pluto: Use srand() to initialize the C library PRNG.Tobias Brunner2012-01-041-0/+3
| | | | | | | | Otherwise rekey and DPD times would always be the same after a restart.
* | Added a tls_socket_t.splice method to wrap a file descriptor into TLSMartin Willi2011-12-312-5/+107
| |
* | Implemented TLS session resumption both as client and as serverMartin Willi2011-12-3114-105/+273
| |
* | Implemented a TLS session cacheMartin Willi2011-12-313-0/+316
| |
* | Check for cipherspec changes after each handshake messageMartin Willi2011-12-311-2/+6
| |
* | Separated cipherspec checking and switching, allowing us to defer the secondMartin Willi2011-12-314-33/+49
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-18 15:16:45 +0000