aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* kernel-netlink: Fix calculation of ESN bitmap lengthTobias Brunner2013-08-211-4/+12
| | | | | While bmp_len stores the number of u_int32_t the allocated bitmap actually consists of those integers.
* Version bump to 5.1.1dr1Andreas Steffen2013-08-191-5/+5
|
* Process PB-TNC batches received via PT-TLS asynchronouslyAndreas Steffen2013-08-192-64/+57
|
* Optimize TLS socket buffer for TLS_MAX_FRAGMENT_LENAndreas Steffen2013-08-191-2/+2
|
* Output handler of a given workitemAndreas Steffen2013-08-161-0/+3
|
* Implemented SWID Tag Inventory attributeAndreas Steffen2013-08-169-42/+692
|
* deleted moved filesAndreas Steffen2013-08-1534-5996/+0
|
* Implemented SWID prototype IMC/IMV pairAndreas Steffen2013-08-1560-76/+8562
|
* Updated the SWID attributesAndreas Steffen2013-08-152-11/+15
|
* Optimized PT-TLS data transferAndreas Steffen2013-08-154-127/+107
|
* Show host address of peer connecting to PT-TLS socketAndreas Steffen2013-08-151-1/+7
|
* Set client identity with TLS certificate authenticationAndreas Steffen2013-08-151-7/+18
|
* Fixed memory leak in SASL PLAINAndreas Steffen2013-08-151-0/+3
|
* added --optionsfrom capabilityAndreas Steffen2013-08-151-3/+20
|
* Use client identities from successful authentications, onlyAndreas Steffen2013-08-151-18/+12
|
* Add pt-tls-client to .gitignoreAndreas Steffen2013-08-152-228/+1
|
* Extract client identity and authentication type from SASL authenticationAndreas Steffen2013-08-157-9/+76
|
* Added some debug statementsAndreas Steffen2013-08-154-4/+47
|
* enabled SASL PLAIN authenticationAndreas Steffen2013-08-151-2/+2
|
* PT-TLS connection is properly terminatedAndreas Steffen2013-08-151-3/+2
|
* moved tnc_imv plugin to libtnccs thanks to recommendation callback functionAndreas Steffen2013-08-1526-120/+154
|
* Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon ↵Andreas Steffen2013-08-1572-52/+78
| | | | plugins to libtnccs
* rapid PT-TLS AR/PDP prototypeAndreas Steffen2013-08-1513-65/+768
|
* Add PT-TLS interface to strongSwan PDPAndreas Steffen2013-08-154-39/+68
|
* ikev1: Fix calculation of the number of fragmentsTobias Brunner2013-08-151-1/+1
| | | | The old code resulted in too few fragments in some cases.
* ikev1: When sending fragments, use ports to decide if a non-ESP marker is addedTobias Brunner2013-08-151-6/+8
| | | | | This is same same logic used by sender and might apply in some cases (e.g. when initiating to port 4500).
* ikev2: Fix segfault when reestablishing CHILD_SAs due to ↵Tobias Brunner2013-08-131-3/+4
| | | | | | closeaction=restart|hold This regression was introduced with c949a4d5.
* libipsec: Don't limit traditional algorithms to AES and SHA1/2Tobias Brunner2013-08-121-25/+7
| | | | Closes #377.
* kernel-netlink,pfroute: Properly update address flag within ROAM_DELAYTobias Brunner2013-08-122-2/+2
| | | | | | | 77d4a02 and 55da01f only updated the address flag when a job was created, which obviously had the same limitation as the old code. Fixes #374.
* kernel-pfroute: Implement roam event handling like in the kernel-netlink pluginTobias Brunner2013-08-121-13/+36
| | | | | There was no proper locking and the issue regarding the address flag also existed.
* kernel-netlink: Ensure address changes are not missed in roam eventsTobias Brunner2013-08-121-4/+15
| | | | | | | | | | | | | | | | If multiple roam events are triggered within ROAM_DELAY, only one job is created. The old code set the address flag to the value of the last triggering call. So if a route change followed an address change within ROAM_DELAY the address change was missed by the upper layers, e.g. causing it not to update the list of addresses via MOBIKE. The new code now keeps the state of the address flag until the job is actually executed, which still has some issues. For instance, if an address disappears and reappears within ROAM_RELAY, the flag would not have to be set to TRUE. So address updates might occasionally get triggered where none would actually be required. Fixes #374.
* backtrace: rename clone() method clashing with system callMartin Willi2013-08-091-2/+2
| | | | Fixes #376.
* updown: remove description of unsupported PLUTO_ variablesMartin Willi2013-08-083-59/+6
| | | | These have been set by pluto, but are not by charons updown plugin.
* tnc-pdp: Initialize struct msghdr properly when reading RADIUS messages5.1.0Tobias Brunner2013-07-311-10/+10
| | | | | Before this e.g. msg_controllen was not initialized properly which could cause invalid reads.
* whitelist: Fix compilation on FreeBSDTobias Brunner2013-07-311-0/+2
|
* host: Properly initialize struct sockaddr_in[6] when parsing stringsTobias Brunner2013-07-311-0/+2
| | | | | Otherwise struct members like sin6_flowinfo or sin6_scope_id might be set to bogus values.
* asn1: Fix handling of invalid ASN.1 length in is_asn1()Tobias Brunner2013-07-311-0/+5
| | | | Fixes CVE-2013-5018.
* Callback job is not needed any moreAndreas Steffen2013-07-311-4/+0
|
* charon-xpc: load missing ctr/ccm/gcm pluginsMartin Willi2013-07-311-2/+3
|
* charon-xpc: use kernel-libipsec instead of kernel-pfkeyMartin Willi2013-07-313-4/+9
|
* charon-xpc: fix TS getting after changing CHILD_SA APIMartin Willi2013-07-311-2/+6
|
* keychain: be less verbose when loading certificatesMartin Willi2013-07-311-2/+5
|
* receiver: Avoid cloning packet data when verifying COOKIE payloadsTobias Brunner2013-07-291-5/+1
| | | | | | | Besides being more efficient this removes a memory leak that occurred when a COOKIE payload was successfully verified. Fixes #369.
* unity: Handle multi-valued UNITY_SPLIT_INCLUDE/UNITY_LOCAL_LAN attributesTobias Brunner2013-07-291-50/+97
| | | | | | | Cisco devices seem to add 6 bytes of padding between each address/mask pair. Fixes #366.
* tnc-pdp now uses watcher_tAndreas Steffen2013-07-291-92/+63
|
* ikev2: Only schedule half-open-timeout delete job after successfully ↵Tobias Brunner2013-07-291-8/+16
| | | | | | | handling IKE_SA_INIT We want to avoid this allocation if the initial message is invalid (e.g. if the message ID is != 0).
* charon-cmd: add --eap-identity and --xauth-username optionsMartin Willi2013-07-294-0/+37
|
* eap-radius: do RADIUS/IKE attribute forwarding in XAuth backendMartin Willi2013-07-292-1/+5
|
* eap-radius: support plain XAuth RADIUS authentication using User-PasswordMartin Willi2013-07-294-0/+253
|
* libradius: support encryption of User-Password attributesMartin Willi2013-07-291-0/+27
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-12 21:22:10 +0000