aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* swanctl: Slightly change usage summary for --list-certsTobias Brunner2015-12-161-4/+3
|
* swanctl: Never print more than MAX_LINES of usage summaryTobias Brunner2015-12-161-1/+10
| | | | Print a warning if a registered command exceeds that limit.
* pki: Increase MAX_LINESTobias Brunner2015-12-161-1/+1
| | | | | The --issue and --self commands both define 10 lines of usage summary text.
* pki: Never print more than MAX_LINES of usage summaryTobias Brunner2015-12-161-1/+10
| | | | Print a warning if a registered command exceeds that limit.
* libstrongswan: Updated Android.mk to current Makefile.amTobias Brunner2015-12-141-1/+2
|
* 128 bit default security strength requires 3072 bit prime DH groupAndreas Steffen2015-12-144-18/+18
|
* swanctl --stats lists loaded pluginsAndreas Steffen2015-12-131-0/+12
|
* Refactored certificate management for the vici and stroke interfaces5.4.0dr1Andreas Steffen2015-12-1212-307/+286
|
* Modified vici_cert_info class for use with load_creds and vici_credAndreas Steffen2015-12-112-59/+31
|
* Changed some certificate_type_names and added x509_flag_namesAndreas Steffen2015-12-114-5/+37
|
* Removed VICI protocol versioningAndreas Steffen2015-12-116-102/+7
|
* Use of certificate_printer by swanctl --list-certs commandAndreas Steffen2015-12-112-496/+25
|
* Share vici_cert_info.c with vici_cred.cAndreas Steffen2015-12-116-43/+73
|
* Allow msSmartcardLogon EKU to be builtAndreas Steffen2015-12-111-2/+2
|
* Use VICI 2.0 protocol version for certificate queriesAndreas Steffen2015-12-116-132/+283
|
* Sort certificate types during enumerationAndreas Steffen2015-12-111-39/+205
|
* Define VICI protocol versionsAndreas Steffen2015-12-115-0/+88
|
* vici: Don't report memory usage via leak-detectiveTobias Brunner2015-12-111-17/+0
| | | | | This slowed down the `swanctl --stats` calls in the test scenarios significantly, with not much added value.
* Print OCSP single responsesAndreas Steffen2015-12-113-5/+122
|
* Standardized printing of certificate informationAndreas Steffen2015-12-115-968/+741
| | | | | | | The certificate_printer class allows the printing of certificate information to a text file (usually stdout). This class is used by the pki --print and swanctl --list-certs commands as well as by the stroke plugin.
* imv-attestation: Fix memory leaks when creating functional componentsTobias Brunner2015-12-113-6/+6
|
* ipsec: Fix stop command on systems where sleep(1) only supports integersTobias Brunner2015-12-101-2/+7
| | | | Fixes #1231.
* vici: Fix documentation about the initiate/terminate timeoutMartin Willi2015-12-071-2/+2
|
* vici: Honor an optionally passed IKE configuration name in initiate/installMartin Willi2015-12-072-5/+13
| | | | | | | If two IKE configurations have CHILD configurations with the same name, we have no control about the CHILD_SA that actually gets controlled. The new "ike" parameter specifies the peer config name to find the "child" config under.
* vici: Support completely asynchronous initiating and terminationMartin Willi2015-12-072-5/+23
| | | | | | In some situations the vici client is not interested in waiting for a timeout at all, so don't register a logging callback if the timeout argument is negative.
* vici: Use an empty local auth round if none givenMartin Willi2015-12-071-3/+2
| | | | | While it hardly makes sense to use none for negotiated SAs, it actually does when installing shunt policies.
* vici: Limit start action undoing to IKE_SAs using the base peer config nameMartin Willi2015-12-071-3/+7
| | | | | If two peer configs use the same child config names, potentailly delete the wrong CHILD_SA. Check the peer config name as well to avoid that.
* vici: Close empty IKE_SAs after undoing CHILD_SA start actionsMartin Willi2015-12-071-6/+44
|
* vici: Use value based array to store CHILD_SA ids during restartMartin Willi2015-12-071-5/+6
| | | | | The previous approach stored a pointer to a volatile stack variable, which works for a single ID, but not for multiple.
* array: Add an insert/create function for value based arraysMartin Willi2015-12-073-0/+68
|
* vici: Undo start actions when unloading configsMartin Willi2015-12-071-0/+1
|
* vici: Fix clean-local target for Perl bindings if they were not builtTobias Brunner2015-12-041-1/+1
| | | | | This is called when running `make distclean` (or indirectly via `make distcheck`).
* byteorder: Provide a fallback for le32toh/htole32()Martin Willi2015-12-041-0/+20
| | | | | Some older toolchains don't provide these macros, so implement them using the gcc builtins. We also provide 64-bit variants as used by chapoly.
* byteorder: Add 32-bit unaligned little-endian conversion functionsMartin Willi2015-12-042-21/+27
|
* swanctl: Explicitly link against -lpthread and -ldl if requiredMartin Willi2015-12-041-1/+2
| | | | | We already do this for charon, as some toolchains require an explicit link even if libstrongswan already depends on it.
* pki: Explicitly link against -lpthread and -ldl if requiredMartin Willi2015-12-041-1/+4
| | | | | We already do this for charon, as some toolchains require an explicit link even if libstrongswan already depends on it.
* watcher: Check for cancellation if poll() fails with EINTRMartin Willi2015-12-041-0/+7
| | | | | | | With LinuxThreads, poll() is unfortunately no cancellation point. It seems that poll gets woken up after cancellation, but we actively must check for cancellation before re-entering poll to properly shut down the watcher thread.
* Extended and refactored vici perl implementationAndreas Steffen2015-12-013-80/+121
|
* Built the CPAN file structure for the Vici::Session perl moduleAndreas Steffen2015-12-0115-72/+1038
|
* Implement vici Perl bindingAndreas Steffen2015-12-018-0/+559
|
* swanctl: Add --list-algs command to query loaded algorithmsTobias Brunner2015-11-304-2/+110
|
* vici: Add get-algorithms command to query loaded algorithms and implementationsTobias Brunner2015-11-302-0/+116
|
* sigwaitinfo() may fail with EINTR if interrupted by an unblocked signal not ↵Tobias Brunner2015-11-239-32/+35
| | | | | | in the set Fixes #1213.
* kernel-pfkey: Enable ENCR_CAMELLIA_CBC when it's availableTobias Brunner2015-11-231-0/+3
| | | | Fixes #1214.
* utils: Use the more low-level __NR_ prefix to refer to the syscall numberTobias Brunner2015-11-171-1/+1
| | | | The __NR_ constants are also defined in the Android headers.
* eap-radius: Add ability to configure RADIUS retransmission behaviorThom Troy2015-11-176-17/+193
| | | | Closes strongswan/strongswan#19.
* eap-mschapv2: Keep internal state to prevent authentication from succeeding ↵Tobias Brunner2015-11-161-24/+67
| | | | | | | | | prematurely We can't allow a client to send us MSCHAPV2_SUCCESS messages before it was authenticated successfully. Fixes CVE-2015-8023.
* android: Suppress compiler warnings about missing field initializersTobias Brunner2015-11-131-0/+1
| | | | | Triggered by -Wextra for many INIT usages where we only partially initialize a struct.
* utils: Provide a fallback for sigwaitinfo() if neededTobias Brunner2015-11-133-30/+36
| | | | | Apparently, not available on Mac OS X 10.10 Yosemite. We don't provide this on Windows.
* vici: Attribute certificates are not trustedTobias Brunner2015-11-121-1/+3
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 04:28:44 +0000