aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
| * | Use a more POSIXy tls_socket interface with more flexibility.Martin Willi2013-01-152-81/+165
| | | | | | | | | | | | | | | If an unsufficient read buffer is provided, application data gets cached for subsequent read() calls.
| * | Add a chunk_from_str() initializer that does not include 0-terminatorMartin Willi2013-01-151-0/+5
| | |
* | | Remove leading zeros in SCEP certificate serialNumbersMartin Willi2013-02-141-13/+19
| | |
* | | Fix 'stroke loglevel any'Tobias Brunner2013-02-131-4/+11
| | | | | | | | | | | | | | | | | | | | | Before b46a5cd4 this worked if debug_t was unsigned. In that case -1, as returned by enum_from_name(), would result in a large positive number. So any unknown debug group (including 'any') had the same effect that was only intended for 'any'.
* | | treat EAP identities as user IDsAndreas Steffen2013-02-121-3/+3
| | |
* | | make TNC client authentication type available to IMVsAndreas Steffen2013-02-1210-27/+215
| | |
* | | determine underlying IF-T transport protocolAndreas Steffen2013-02-1213-65/+231
| | |
* | | make AR identities available to IMVs via IF-IMV 1.4 draftAndreas Steffen2013-02-1114-0/+645
| | |
* | | Make IKE/EAP IDs available to TNC server/clientAndreas Steffen2013-02-1110-28/+92
| | |
* | | Don't use a time_t variable with fscanf when parsing uptimeTobias Brunner2013-02-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Because "%u" is used as format string in the fscanf call that parses the uptime and because the length of time_t varies on different platforms and architectures the value was not written properly if time_t was longer than an unsigned int and depending on how the target variable was aligned on the stack. Since there is no conversion specifier to properly parse a time_t value we use the appropriate integer type instead.
* | | Allow more than one CERTREQ payload for IKEv2Tobias Brunner2013-02-081-2/+2
| | | | | | | | | | | | | | | | | | There is no reason not to do so (RFC 5996 explicitly mentions multiple CERTREQ payloads) and some implementations seem to use the same behavior as had to be used with IKEv1 (i.e. each CA in its own CERTREQ payload).
* | | Add a --httptimeout option to scepclientMartin Willi2013-02-083-7/+22
| | |
* | | Use CURL_TIMEOUT and not CURL_CONNECTTIMEOUT for FETCHER_TIMEOUT in curlMartin Willi2013-02-081-5/+12
| | | | | | | | | | | | | | | This allows us to use this timeout beyond DNS resolution. For the initial connect, we use a hardcoded timeout of 10s for now.
* | | time is a time_t pointerAndreas Steffen2013-02-041-1/+1
| | |
* | | improved control when an attribute request is sentAndreas Steffen2013-02-033-2/+54
| | |
* | | print PEN value 0xfffffe as UnassignedAndreas Steffen2013-02-032-15/+17
| | |
* | | send an error attribute if vendor ID or type of received attribute is reservedAndreas Steffen2013-02-031-0/+12
| | |
* | | openssl: Properly honor OPENSSL_NO_* definesTobias Brunner2013-01-317-5/+31
| | |
* | | Fix Doxygen comment for rdrand pluginTobias Brunner2013-01-311-1/+1
| |/ |/|
* | Don't use pointer to a union member in host_create_from_string_and_family()Tobias Brunner2013-01-251-5/+4
| |
* | Properly check MSB in openssl plugin's PKCS#7 implementationTobias Brunner2013-01-241-1/+1
| |
* | Use proper buffer sizes for parse_smartcard()Tobias Brunner2013-01-241-7/+10
| |
* | Cast first argument for %.*s to intTobias Brunner2013-01-245-18/+18
| |
* | Removed unused command name when printing usage info for lookipTobias Brunner2013-01-241-1/+1
| |
* | Removed unused argumentTobias Brunner2013-01-241-1/+1
| |
* | Properly read data from stream in pki --pkcs7Tobias Brunner2013-01-241-6/+9
| |
* | Properly destroy mem_cred object on pki --pkcs7 --helpTobias Brunner2013-01-241-0/+1
| |
* | Try to determine OS type if name and version are configuredTobias Brunner2013-01-241-0/+2
| |
* | Add missing va_end() callTobias Brunner2013-01-241-1/+2
| |
* | g_thread_init() is deprecated since Glib 2.23Tobias Brunner2013-01-242-0/+6
| |
* | Fix check-in of IKE_SA when IKE_SA_INIT fails and hash table is enabledTobias Brunner2013-01-241-2/+13
| | | | | | | | | | | | | | Setting the responder SPI to 0 can only be done while generating the response, otherwise we'd fail to check in the IKE_SA again in case the hash table is enabled. That's because we use the responder SPI as hash value since 5.0.0.
* | Return SS_RC_INITIALIZATION_FAILED if pid file existsAdrian-Ken Rueegsegger2013-01-231-1/+0
| | | | | | | | | | | | Let charon return SS_RC_INITIALIZATION_FAILED if an existing pid file is found. Starter only terminates itself if the result code of the daemon is a valid SS_RC_* value.
* | Avoid a deadlock when installing a trap policy failedTobias Brunner2013-01-231-1/+5
| |
* | Encode IETF Numeric Version Service Pack Version with two byte wordsMartin Willi2013-01-221-3/+2
| |
* | starter: Add --attach-gdb option to usage textAdrian-Ken Rueegsegger2013-01-221-1/+2
| |
* | Fix IKE SA inherit API docAdrian-Ken Rueegsegger2013-01-221-2/+1
| |
* | Filter TS list for Split-Includes before printing them to debug logMartin Willi2013-01-211-10/+34
| |
* | Add the ability to use a named pool for conftest configsTobias Brunner2013-01-212-4/+10
|/
* Reseed rdrand after every 128bit sample onlyMartin Willi2013-01-151-2/+2
|
* android: Properly escape apostrophes in Ukrainian translation5.0.2dr4Tobias Brunner2013-01-141-8/+8
|
* android: Implement kernel_net_t.get_interface via JNITobias Brunner2013-01-144-6/+92
| | | | | | This is now required to properly accept/install a virtual IP address. Fixes #275.
* android: Moved chunk_from_byte_array and byte_array_from_chunk helper functionsTobias Brunner2013-01-142-24/+32
|
* android: Set OPENSSL_NO_CMS in Android.mk as it is not set in opensslconf.h ↵Tobias Brunner2013-01-141-0/+1
| | | | on Android
* Properly send IKEv1 packets if no ike_cfg is known yetTobias Brunner2013-01-141-2/+5
| | | | This applies for error notifies.
* Don't handle right=%any6 as "loose" identity, but as %anyMartin Willi2013-01-141-2/+1
|
* Respect given address family when resolving "%any"Martin Willi2013-01-141-1/+5
|
* Android.mk of libstrongswan updatedTobias Brunner2013-01-141-2/+2
|
* Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-1234-59/+859
|\ | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * Added an option to configure the maximum size of a fragmentTobias Brunner2013-01-121-3/+10
| |
| * Properly detect fragmentation capabilitiesTobias Brunner2013-01-121-3/+27
| | | | | | | | Cisco sends 0xc0000000 so we check that part of the VID separately.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 03:01:54 +0000