| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | Raise an ALERT_PROPOSAL_MISMATCH_IKE also when receiving NO_PROPOSAL_CHOSEN | Martin Willi | 2013-05-06 | 1 | -0/+20 | |
| | | ||||||
| * | eap-radius: add an option to disable accounting for tunnels without virtual IP | Martin Willi | 2013-05-06 | 1 | -0/+30 | |
| | | ||||||
| * | eap-radius: use IKE_SA unique id instead of peer identity to manage virtual IPs | Martin Willi | 2013-05-06 | 3 | -34/+100 | |
| | | | | | Fixes some corner cases if multiple tunnels use the same peer identity. | |||||
| * | Don't unset IKE_SA on bus before we released virtual IPs and attributes | Martin Willi | 2013-05-06 | 1 | -10/+8 | |
| | | ||||||
| * | New Android release after adding AES-GCM, IPv6-in-IPv4 and using kernel-netlink | Tobias Brunner | 2013-05-03 | 1 | -2/+2 | |
| | | | | | | | | | libipsec now supports AES-GCM, IPv6 tunnels over IPv4 are supported, native x86 libraries are built (requires a new Vstr build script). Also, the existing kernel-netlink plugin now provides the kernel-net implementation, which should be more stable in case multiple interfaces are up and have IP addresses installed on them. | |||||
| * | libipsec: Fix memory leak in event relay | Tobias Brunner | 2013-05-03 | 1 | -0/+1 | |
| | | ||||||
| * | android: Use stronger ESP proposal including AES-GCM | Tobias Brunner | 2013-05-03 | 1 | -0/+6 | |
| | | ||||||
| * | libipsec: Add support for AES-GCM | Tobias Brunner | 2013-05-03 | 1 | -3/+45 | |
| | | ||||||
| * | libipsec: Wrap traditional algorithms in AEAD wrapper | Tobias Brunner | 2013-05-03 | 3 | -110/+91 | |
| | | ||||||
| * | android: Remove unused methods on NetworkManager/network_manager_t | Tobias Brunner | 2013-05-03 | 3 | -177/+1 | |
| | | ||||||
| * | android: Ignore interface 'lo' | Tobias Brunner | 2013-05-03 | 1 | -2/+4 | |
| | | | | | | Android adds a default route via 'lo' if no connectivity is available causing charon to send packets via lo and triggering DPD. | |||||
| * | android: Repurpose android-net to simply handle connectivity events | Tobias Brunner | 2013-05-03 | 3 | -59/+34 | |
| | | | | | | | Using the events by NetworkManager/ConnectivityManager to trigger roam events instead of the events generated by the kernel-netlink plugin the noise level is much lower. | |||||
| * | kernel-netlink: Add an option to disable roam events | Tobias Brunner | 2013-05-03 | 1 | -1/+13 | |
| | | ||||||
| * | android: Replace android-net plugin with kernel-netlink | Tobias Brunner | 2013-05-03 | 2 | -3/+8 | |
| | | | | | | Virtual IPs are not handled by the kernel-netlink plugin and tun devices are ignored. | |||||
| * | android: Set strongswan.conf options before initializing other libraries | Tobias Brunner | 2013-05-03 | 1 | -36/+44 | |
| | | ||||||
| * | kernel-netlink: Define defaults for routing table and prio | Tobias Brunner | 2013-05-03 | 1 | -0/+8 | |
| | | ||||||
| * | openssl: Define a default for FIPS_MODE | Tobias Brunner | 2013-05-03 | 1 | -0/+4 | |
| | | ||||||
| * | In memwipe_check(), don't put magic on stack when calling do_magic() | Martin Willi | 2013-05-03 | 1 | -3/+3 | |
| | | | | | Otherwise the magic might be on the stack while checking it. | |||||
| * | Dump stack if memwipe() check fails | Martin Willi | 2013-05-03 | 1 | -3/+19 | |
| | | ||||||
| * | fixed a 64bit time_t issue | Andreas Steffen | 2013-04-21 | 1 | -3/+4 | |
| | | ||||||
| * | destroy SQL query | Andreas Steffen | 2013-04-21 | 1 | -0/+1 | |
| | | ||||||
| * | Keep last AR ID | Andreas Steffen | 2013-04-21 | 1 | -0/+2 | |
| | | ||||||
| * | fixed typo | Andreas Steffen | 2013-04-19 | 1 | -1/+1 | |
| | | ||||||
| * | During libstrongswan initialization, check if memwipe() works as expected | Martin Willi | 2013-04-18 | 1 | -1/+51 | |
| | | ||||||
| * | support of OpenSSL FIPS-140-2 library | Andreas Steffen | 2013-04-16 | 2 | -1/+20 | |
| | | ||||||
| * | Fix checksum calculation with DESTDIR installations | Tobias Brunner | 2013-04-15 | 1 | -1/+1 | |
| | | ||||||
| * | Added charon.initiator_only option which causes charon to ignore IKE ↵ | Andreas Steffen | 2013-04-14 | 1 | -2/+10 | |
| | | | | | initiation requests by peers | |||||
| * | Allow SHA1_Init()/SHA1_Update() to fail if OpenSSL version >= 1.0 | Martin Willi | 2013-04-10 | 1 | -0/+14 | |
| | | ||||||
| * | Check RSA_public_decrypt() length before constructing and comparing a chunk | Martin Willi | 2013-04-10 | 1 | -7/+10 | |
| | | | | | | If decryption fails, it returns -1. chunk_equals() should catch that error, but be more explicit in error checking. | |||||
| * | RSA_check_key() may return -1 if it fails | Martin Willi | 2013-04-10 | 1 | -2/+2 | |
| | | ||||||
| * | RAND_bytes/RAND_pseudo_bytes returns -1 if it is not supported by RAND method | Martin Willi | 2013-04-10 | 1 | -1/+1 | |
| | | ||||||
| * | Check return value of ECDSA_Verify() correctly | Martin Willi | 2013-04-10 | 1 | -1/+1 | |
| | | ||||||
| * | eap-radius: Add an option to exclude ports from Called/Calling-Station-Id | Martin Willi | 2013-04-10 | 2 | -9/+37 | |
| | | ||||||
| * | emit a single assig_vips bus message for all VIPs | Andreas Steffen | 2013-04-06 | 8 | -62/+57 | |
| | | ||||||
| * | ifmap plugin subscribes to assing_vip bus signal | Andreas Steffen | 2013-04-06 | 7 | -2/+135 | |
| | | ||||||
| * | Added missing sasl Doxygen group | Tobias Brunner | 2013-04-05 | 1 | -0/+3 | |
| | | ||||||
| * | unity: Check IKE_SA in only after enumerating virtual IPs | Tobias Brunner | 2013-04-05 | 1 | -2/+1 | |
| | | ||||||
| * | cleaned up XML code in tnccs-11 plugin | Andreas Steffen | 2013-04-04 | 8 | -80/+82 | |
| | | ||||||
| * | duplicheck: track multiple IKE_SAs in checking state to avoid any races | Martin Willi | 2013-04-04 | 1 | -63/+123 | |
| | | | | | | | When two consequent duplicates have been detected, track state of each checking IKE_SA separately, avoiding potential race conditions between the active SA and the different SAs in checking state. | |||||
| * | fixed memory leak | Andreas Steffen | 2013-04-03 | 1 | -1/+1 | |
| | | ||||||
| * | properly handle orphaned renewSession jobs | Andreas Steffen | 2013-04-03 | 5 | -24/+102 | |
| | | ||||||
| * | support chunked HTTP responses | Andreas Steffen | 2013-04-03 | 4 | -140/+370 | |
| | | ||||||
| * | implemented periodic IF-MAP RenewSession request | Andreas Steffen | 2013-04-03 | 6 | -1/+181 | |
| | | ||||||
| * | Refactor check_for_rekeyed_child() in quick_mode task | Martin Willi | 2013-04-03 | 1 | -18/+24 | |
| | | ||||||
| * | Reuse reqid of an existing Quick Mode, even if it has been rekeyed | Martin Willi | 2013-04-03 | 1 | -1/+2 | |
| | | | | | | | If two peers rekey Quick Modes at the same time, the original Quick Mode is in REKEYING state and hence the requid is not reused. This is required though, as two identical policies won't work if they have different requids. | |||||
| * | List all stroke counters when "all" is given, and report if connection not known | Martin Willi | 2013-04-03 | 1 | -30/+88 | |
| | | ||||||
| * | Defer CHILD_SA rekeying if allocating an SPI fails | Martin Willi | 2013-04-03 | 2 | -12/+26 | |
| | | ||||||
| * | allow retrieval of private keys from other credential sets | Andreas Steffen | 2013-04-02 | 2 | -9/+26 | |
| | | ||||||
| * | improve checking of sent and received http messages | Andreas Steffen | 2013-04-02 | 1 | -3/+7 | |
| | | ||||||
| * | Load raw keys before possibly destroying the identity | Tobias Brunner | 2013-04-01 | 1 | -12/+11 | |
| | | | | | | | | | If no identity (or %any) is configured the identification_t object is destroyed and an invalid object was associated with the created pubkey certificate. Actually using %any does not work as the certificate would not match when the client later provides an identity. | |||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |