aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
| * Added android.net.VpnService wrapper around charon (loaded via JNI).Tobias Brunner2012-08-086-6/+228
| |
| * Added Android shell app created with Android SDK.Tobias Brunner2012-08-0811-0/+118
| |
| * Android.mk for NDK build added.Tobias Brunner2012-08-084-0/+96
| |
| * Moved Android specific logger to separate plugin.Tobias Brunner2012-08-089-33/+168
| | | | | | | | | | | | This is mainly because the other parts of the existing android plugin can not be built in the NDK (access to keystore and system properties are not part of the stable NDK libraries).
| * Link android plugin against liblog in the NDK.Tobias Brunner2012-08-081-0/+1
| | | | | | | | Doesn't seem to hurt the build within the source tree.
| * Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-0817-48/+66
| | | | | | | | configurable.
| * Make path to Android OpenSSL headers configurable.Tobias Brunner2012-08-081-1/+1
| |
| * Don't require STRONGSWAN_CONF to be defined.Tobias Brunner2012-08-081-2/+9
| |
| * Don't require PLUGINDIR to be defined.Tobias Brunner2012-08-081-6/+15
| | | | | | | | If it is not available, we just load monolithically built plugins.
* | Doxygen fixTobias Brunner2012-08-111-1/+1
| |
* | Avoid problems with Doxygen by adding warn_unused_result attribute at the ↵Tobias Brunner2012-08-119-61/+57
| | | | | | | | end of method signatures
* | Add warn_unused_result attributes to rng_(get|allocate)_bytes_not_zeroTobias Brunner2012-08-111-5/+6
| | | | | | | | Also fixed Doxygen comments.
* | If _POSIX_SPIN_LOCKS is defined as -1, it is not availableMartin Willi2012-08-101-0/+4
| |
* | If vstr printf functions are #defined, undef them before redefinitionMartin Willi2012-08-101-0/+31
| | | | | | | | | | At least Mountain Lion seems to have them #defined to secure _chk variants.
* | Use actual daemon name to enable XAuth/PSK with aggressive modeMartin Willi2012-08-101-2/+3
| |
* | EAP-GTC can use any XAuth backend, including xauth-pamMartin Willi2012-08-102-88/+45
| | | | | | | | | | | | | | This makes EAP-GTC a generic plain password authentication method, as it is used with XAuth. Instead of verifying credentials with PAM, any backend can be configured. The default is xauth-pam, providing the same functionality as EAP-GTC in strongSwan 4.x.
* | Add xauth-pam, an XAuth backend verifying credentials with PAMMartin Willi2012-08-106-0/+390
| |
* | Add getspnam_r() to leak detective whitelistMartin Willi2012-08-101-0/+1
| |
* | make max_message_size parameter consistent with similar optionsAndreas Steffen2012-08-092-2/+2
| |
* | Check if TLS handshake received Finished before processing application dataMartin Willi2012-08-091-0/+6
|/
* Remove queued IKEv1 message before processing itMartin Willi2012-08-081-3/+5
| | | | | Avoids destruction or processing of a queued message in recursive process_message() call.
* Include src address in hash of initial message for Main ModeTobias Brunner2012-08-081-5/+31
| | | | | | | If two initiators use the same SPI and also use the same SA proposal the hash for the initial message would be exactly the same. For IKEv2 and Aggressive Mode that's not a problem as these messages include random data (Ni, KEi payloads).
* implemented deletion of product_file database entriesAndreas Steffen2012-08-071-15/+13
|
* Add DH group 15 (MODP-3072) to IKE proposalAdrian-Ken Rueegsegger2012-08-061-0/+1
|
* PEM loading soft-depends on MD5 only, as unencrypted files don't need MD5Martin Willi2012-08-031-4/+4
| | | | Fixes #211.
* Rebuild charon after running ./configure to reflect plugin changesMartin Willi2012-08-031-0/+2
|
* Block XAuth transaction on established IKE_SAs, but allow Mode ConfigMartin Willi2012-08-032-2/+1
|
* Implemented recursive mutex without thread-specific counterTobias Brunner2012-08-031-23/+17
|
* Use a single thread-specific value for our custom rwlock_t implementationTobias Brunner2012-08-031-50/+67
| | | | | | The pthread implementation on Android currently only supports 64 different thread-specific values per process, which we hit easily when every rwlock_t requires one.
* Fix linking of addrblock plugin when building monolithicMartin Willi2012-08-031-1/+1
| | | | Fixes #212.
* Reject initial exchange messages early once IKE_SA is establishedMartin Willi2012-08-021-0/+18
|
* Move MODP_CUSTOM va_arg fetching out of loopMartin Willi2012-08-021-15/+11
| | | | It seems problematic at least on PPC with gcc 4.3, fixes #208.
* libimcv requires nonce pluginAndreas Steffen2012-07-311-1/+1
|
* Lookup IKEv1 PSK even if the peer identity is not knownMartin Willi2012-07-311-1/+1
|
* update state before handling statusAndreas Steffen2012-07-301-16/+20
|
* implemented support if functional sub-componentsAndreas Steffen2012-07-3019-285/+630
|
* extended and documented ipsec attestAndreas Steffen2012-07-304-46/+107
|
* Proper fallback if capability dropping is not availableTobias Brunner2012-07-274-2/+9
|
* The use of $< in Makefiles is not portableTobias Brunner2012-07-273-5/+5
| | | | | | It requires GNU make which is not what most people use on e.g. FreeBSD. Fixes #205.
* Include stdint.h for UINTxx_MAX definesTobias Brunner2012-07-271-2/+3
| | | | Fixes #205.
* measure all kernel modules and optimize firefox and thunderbird measurementsAndreas Steffen2012-07-271-34/+14
|
* with --relative --file do not insert absolute filenames into databaseAndreas Steffen2012-07-271-3/+5
|
* Don't include acquiring packet traffic selectors in IKEv1Martin Willi2012-07-261-0/+5
| | | | | | | | As we only can negotiate a single TS in IKEv1, don't prepend the triggering packet TS, as we do in IKEv2. Otherwise we don't establish the TS of the configuration, but only that of the triggering packet. Fixes #207.
* Implement late peer config switching after XAuth authenticationMartin Willi2012-07-261-15/+80
| | | | | | | If additional authentication constraints, such as group membership, is not fulfilled by an XAuth backend, we search for another peer configuration that fulfills all constraints, including those from phase1.
* Check if XAuth round complies to configured authentication roundMartin Willi2012-07-261-7/+18
|
* Show which group would be required when failing in constraint checkMartin Willi2012-07-261-8/+10
|
* Don't add ANY identity constraint to auth config, as XAuth rounds don't use oneMartin Willi2012-07-262-3/+15
|
* Merge auth config items added from XAuth backends to IKE_SAMartin Willi2012-07-261-0/+1
|
* Add an ipsec.conf leftgroups2 parameter for the second authentication roundMartin Willi2012-07-268-3/+15
|
* IMA SHA1 file measurement is not needed any moreAndreas Steffen2012-07-231-9/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-07 02:21:27 +0000