aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Make some private functions in plugins staticTobias Brunner2013-03-272-5/+5
| | | | Fixes monolithic build.
* libpts: Cast first argument for %.*s to intTobias Brunner2013-03-251-1/+1
|
* error-notify: Close file descriptors in case clients are still connectedTobias Brunner2013-03-251-0/+6
|
* libpttls: Destroy reader when handling errors during SASLTobias Brunner2013-03-251-0/+2
|
* pacman: Define gen_time out of the loopTobias Brunner2013-03-251-1/+2
| | | | It gets assigned if count==3 but only used later when count >= 7.
* ipseckey: NULL pointer dereference fixed in error caseTobias Brunner2013-03-251-0/+1
|
* Fixed some typos, courtesy of codespellTobias Brunner2013-03-254-5/+5
|
* enforce singular of packetsAndreas Steffen2013-03-221-4/+6
|
* asprintf(3) requires _GNU_SOURCE to be defined5.0.3rc1Tobias Brunner2013-03-221-0/+2
|
* Use proper integer types when handling TLS exchangesTobias Brunner2013-03-221-5/+6
| | | | tls_t.build takes a size_t argument not a ssize_t.
* Check return value of asprintf(3) when converting AR identityTobias Brunner2013-03-221-2/+4
| | | | | Using chunk_t.ptr as target was also not optimal as it resulted in a compiler warning.
* Switch encoding of AR Identity Value from binary to UTF-8Andreas Steffen2013-03-2214-118/+123
|
* activate logging before loading pluginsAndreas Steffen2013-03-211-7/+7
|
* Add a load-tester option to keep allocated external address until shutdownMartin Willi2013-03-212-1/+50
|
* android: No need to disable CMS explicitlyTobias Brunner2013-03-201-1/+0
| | | | The version check introduced with 0d237763 should take care of it.
* Allow up to 10 NAT-D payloads in IKEv1 messagesTobias Brunner2013-03-201-1/+1
|
* Avoid a race condition when reloading secrets from ipsec.secretsTobias Brunner2013-03-201-18/+25
| | | | | | | With the previous implementation that cleared the secrets in the active credential set and then loaded the secrets, IKE SA establishment would fail (as initiator or responder) if secrets are concurrently reloaded and the required secret was not yet loaded.
* Add a method to replace all secrets in a mem_cred_t objectTobias Brunner2013-03-202-5/+68
|
* android: Build native libraries also for x86Tobias Brunner2013-03-203-2/+5
| | | | Requires an updated build script for Vstr.
* android: libtnccs requires headers from libtlsTobias Brunner2013-03-201-0/+1
|
* android: Fix Android.mk for ipsec scriptTobias Brunner2013-03-201-1/+2
|
* android: Remove/filter header files from LOCAL_SRC_FILESTobias Brunner2013-03-209-20/+36
| | | | This avoids huge warnings when building the native code.
* android: Request and install an IPv6 DNS serverTobias Brunner2013-03-202-9/+17
|
* android: Also request a virtual IPv6 address and propose IPv6 TSTobias Brunner2013-03-203-23/+25
| | | | | This allows IPv6 over IPv4 but falls back nicely if we don't get a virtual IPv6 (or IPv4) address.
* ipsec: Increased log level for message in case no outbound policy is foundTobias Brunner2013-03-201-1/+1
| | | | | | | This might happen on Android if sockets are bound to the physical IP address but packets are still routed via TUN device. Since it seems to happen quite often (or for stuff that requires regular traffic) this hides these messages from the default log.
* Add an option to autobalance a HA cluster automaticallyMartin Willi2013-03-191-0/+59
|
* Check if for some reason we handle a HA segment on both nodesMartin Willi2013-03-191-1/+15
|
* Acquire HA segment lock while sending heartbeatMartin Willi2013-03-191-0/+2
|
* Removed unused variable 'id'Tobias Brunner2013-03-191-2/+1
|
* Properly cleanup libmysqlTobias Brunner2013-03-191-1/+1
| | | | Seems to work correctly with recent MySQL versions.
* Use proper address family when adding multiple addresses to SQL poolTobias Brunner2013-03-191-0/+15
|
* Ignore SQL-based IP address pools if their address family does not matchTobias Brunner2013-03-191-10/+21
|
* charon-nm: Add dependencies to CERT_DECODE and PRIVKEY plugin featuresTobias Brunner2013-03-191-0/+4
| | | | | | This ensures the NM-specific credential set is unloaded before any implementation of certificate/key objects, which causes a segmentation fault during shutdown.
* charon-nm: Prevent NM from changing the default routeTobias Brunner2013-03-191-0/+8
| | | | | | This is not required as we install our own (narrow) route(s) in our own routing table. This should allow split tunneling if configured on the gateway.
* charon-nm: Use VIP (if any) as local addressTobias Brunner2013-03-191-1/+10
| | | | NM will install this address on the provided device.
* charon-nm: Pass a dummy TUN device to NetworkManagerTobias Brunner2013-03-191-5/+37
| | | | | | NetworkManager modifies the addresses etc. on this interface so using "lo" is not optimal. With the dummy interface NM is free to do its thing.
* charon-nm: Fix NM plugin utility macrosTobias Brunner2013-03-191-3/+3
|
* Avoid returning COOKIEs right after system bootTobias Brunner2013-03-191-1/+1
| | | | | | | | | | | When the monotonic timer is initialized to 0 right after the system is booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s). Since the COOKIE verification code actually produces an overflow for COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs. Checking for last_cookie makes sense anyway as that condition must only apply if we actually sent a COOKIE before.
* Fix scheduling of heartbeat sending in HA pluginMartin Willi2013-03-191-2/+11
| | | | | | e0efd7c1 switches to automated job rescheduling for HA heartbeat. However, send_status() is initially called directly, which will not reschedule the job as required.
* Fix compiler warning in HA pluginMartin Willi2013-03-191-1/+1
|
* Various stylistic fixesAdrian-Ken Rueegsegger2013-03-1912-123/+155
|
* Use network byte order for ESA SPIsAdrian-Ken Rueegsegger2013-03-191-6/+5
|
* Provide MODP-2048 through TKM DH pluginAdrian-Ken Rueegsegger2013-03-191-0/+1
|
* Add charon-tkm API documentationAdrian-Ken Rueegsegger2013-03-1917-16/+158
|
* Do not hardwire keys to KEY_RSAReto Buerki2013-03-193-12/+51
| | | | | Make the TKM private and public keys more easily extendable by determining the associated key type dynamically.
* Provide TKM credential encoderReto Buerki2013-03-195-26/+150
| | | | | | | | The TKM credential encoder creates fingerprints of type KEYID_PUBKEY_INFO_SHA1 and KEYID_PUBKEY_SHA1 using CRED_PART_RSA_PUB_ASN1_DER. This makes the pkcs1 plugin unnecessary.
* Switch to openssl pluginReto Buerki2013-03-191-8/+1
|
* Don't manually register kernel_netlink_netReto Buerki2013-03-194-16/+11
| | | | | | | | | Load complete kernel_netlink plugin instead. Registering the TKM specific plugins first still ensures that the correct ipsec plugin is used. Lazy initialize the RNG_WEAK plugin to avoid the unsatisfiable soft dependency on startup.
* Move stroke plugin to the end of PLUGINS listReto Buerki2013-03-191-2/+2
| | | | | This fixes the problem of stroke being unable to load the ca certificates on startup.
* Make sure IP_XFRM_POLICY is definedReto Buerki2013-03-191-0/+5
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-07 03:46:15 +0000