aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* xpc: move XPC RPC reply creation to command dispatchingMartin Willi2013-07-181-24/+16
|
* xpc: terminate daemon when last XPC connection to App goneMartin Willi2013-07-181-0/+28
|
* xpc: fix some refcounting issues related to XPC connectionsMartin Willi2013-07-182-26/+15
|
* xpc: no need to clear channel table, they are bound to IKE_SA lifetimeMartin Willi2013-07-181-8/+0
|
* xpc: add support for logging over XPC channelsMartin Willi2013-07-184-1/+174
|
* xpc: don't warn about pointer signedness mismatch (-Wno-pointer-sign)Martin Willi2013-07-181-0/+2
|
* xpc: add a description of the basic XPC protocol to READMEMartin Willi2013-07-181-1/+48
|
* xpc: use the same XPC message "type" mechanism on Mach service as on channelsMartin Willi2013-07-181-11/+32
|
* xpc: ask App for passwords using connection specific channelMartin Willi2013-07-181-0/+90
|
* xpc: use IKE_SA specific XPC return channels for further communicationMartin Willi2013-07-184-12/+320
|
* xpc: don't send certificate requests, there are too many when using keychainMartin Willi2013-07-181-1/+1
|
* xpc: build with support for the keychain pluginMartin Willi2013-07-183-2/+4
|
* xpc: add support for initiate simple IKEv2 EAP connectionsMartin Willi2013-07-181-0/+126
|
* xpc: move dispatching to dedicated class, using dedicated threadMartin Willi2013-07-184-86/+304
|
* xpc: use non-inlining variant of vstr, compiler does not like itMartin Willi2013-07-181-0/+2
|
* xpc: add Xcode project for a charon controlled through XPCMartin Willi2013-07-186-0/+584
|
* syslog: setlogmask() to include LOG_INFOMartin Willi2013-07-181-0/+1
| | | | LOG_INFO seems to be excluded by default on some systems (OS X).
* keychain: flush certificate cache after reloading System keychainMartin Willi2013-07-181-0/+2
|
* keychain: monitor changes in the system keychain, reload when necessaryMartin Willi2013-07-181-0/+65
|
* keychain: use SearchCopyNext keychain enumeration for System certs as wellMartin Willi2013-07-181-71/+12
| | | | | | | SecItemCopyMatching seems to be problematic regarding memory management. And as there does not seem to be a good alternative to enumerate the System Roots keychain using the SecItemCopyMatching API, we stick to the deprecated enumeration functions for now.
* keychain: load certificates from System Roots KeychainMartin Willi2013-07-181-0/+65
|
* keychain: load certificates only once during startup, improving performanceMartin Willi2013-07-183-111/+78
|
* keychain: support on-the-fly enumeration of trusted/untrusted certificatesMartin Willi2013-07-182-1/+118
|
* keychain: add a stub for a credential plugin using OS X Keychain ServicesMartin Willi2013-07-186-0/+254
|
* credmgr: stop querying for secrets once we get a perfect matchMartin Willi2013-07-181-0/+4
|
* credmgr: don't use pointers for id_match_t enum valuesMartin Willi2013-07-181-2/+2
|
* openssl: parse X.509 extended key usage from extension parsing loopMartin Willi2013-07-181-33/+38
| | | | | Otherwise parsing gets aborted if unknown critical extensions are handled as error.
* openssl: show which critical X.509 extension is not supportedMartin Willi2013-07-181-1/+6
|
* hashtable: add common hashtable hash/equals functions for pointer/string keysMartin Willi2013-07-182-3/+68
|
* thread: implicitly create thread_t if an external thread calls thread_current()Martin Willi2013-07-181-1/+14
|
* ike: Fix reestablishing SAs if no child-creating tasks are queuedTobias Brunner2013-07-181-2/+5
|
* ike-sa: uninstall CHILD_SAs before removing virtual IPsMartin Willi2013-07-181-1/+8
| | | | | | a3854d83 changed cleanup order. But we should remove CHILD_SAs first, as routes for CHILD_SAs might get deleted while removing virtual IPs, resulting in an error when a CHILD_SA tries to uninstall its route.
* unity: Replicate default behavior if no UNITY_SPLIT_INCLUDE attributes were ↵Tobias Brunner2013-07-171-11/+32
| | | | received
* unity: Allow UNITY_LOCAL_LAN to be longer than 8 bytesTobias Brunner2013-07-171-1/+1
|
* unity: Fix memory leak in providerTobias Brunner2013-07-171-0/+1
|
* ikev1: Reestablish IKE_SA/CHILD_SAs if it gets deleted by the peerTobias Brunner2013-07-171-0/+5
| | | | | We call ike_sa_t.reestablish() so the IKE_SA is only recreated if any CHILD_SA requires it.
* ike: Migrate queued CHILD_SA-creating tasks when reestablishing an IKE_SATobias Brunner2013-07-174-2/+115
|
* ikev1: Support closeaction of CHILD_SA.Oliver Smith2013-07-171-7/+49
| | | | | | When a CHILD_SA is closed in IKEv1, if it is not being rekeyed and closeaction has been set, we can now perform a restart or hold as is currently done for IKEv2.
* kernel-pfroute: Ignore IP address changes if address is %anyTobias Brunner2013-07-171-1/+2
|
* kernel-pfroute: Properly enumerate sockaddrs in interface messagesTobias Brunner2013-07-171-9/+26
| | | | | The ifa_msghdr and rt_msghdr structs are not compatible (at least not on FreeBSD).
* kernel-pfroute: Provide name of interfaces on which virtual IPs are installedTobias Brunner2013-07-172-1/+23
|
* kernel-pfroute: Ignore virtual IPs in address mapTobias Brunner2013-07-171-13/+9
| | | | | As the virtual flag is set after the address has been added to the map, we make sure we ignore virtual IPs when doing lookups.
* kernel-pfroute: Make sure source addresses are not virtual and usableTobias Brunner2013-07-171-4/+20
| | | | | | | It seems we sometimes get the virtual IP as source (with rightsubnet=0.0.0.0/0) even if the exclude route is already installed. Might be a timing issue because shortly afterwards the lookup seems to succeed.
* kernel-pfroute: Don't report an error when trying to reinstall a routeTobias Brunner2013-07-171-0/+4
|
* kernel-pfkey: Provide interface name when installing exclude routeTobias Brunner2013-07-171-4/+15
|
* kernel-pfroute: Reinstall routes on interface/address changesTobias Brunner2013-07-171-7/+320
|
* kernel-pfroute: Trigger a roam event if a new interface appearsTobias Brunner2013-07-171-0/+4
|
* kernel-pfroute: Use ref_get() to allocate sequence numbersTobias Brunner2013-07-171-3/+3
|
* kernel-pfroute: Make time that is waited for VIPs to appear configurableTobias Brunner2013-07-171-2/+11
| | | | | One second might be too short for IPs to appear/disappear, especially on virtualized hosts.
* kernel-pfroute: Retry route lookup without source address on failureTobias Brunner2013-07-171-1/+16
| | | | | The known source address might be gone resulting in an error, making learning a new source address impossible.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 00:38:31 +0000