aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* kernel-netlink: Add support for AES-CMAC-96 (RFC 4494)Tobias Brunner2016-12-121-0/+1
| | | | The kernel apparently supports this since 3.10.
* android: New release after re-adding support for ECC Brainpool curvesTobias Brunner2016-12-101-2/+2
|
* openssl: BoringSSL doesn't provide curve data for ECC Brainpool curvesTobias Brunner2016-12-101-1/+4
|
* android: New release after fixing libtpmtss issueTobias Brunner2016-12-091-2/+2
|
* android: Make sure libtpmtss is loaded on older systemsTobias Brunner2016-12-093-1/+3
| | | | | On newer Android systems this seems to happen automatically (or does at least not cause crashes if the library is not loaded).
* android: New release after adding notificationTobias Brunner2016-12-081-2/+2
|
* android: Ensure that the certificates are loaded when accessing them via JNITobias Brunner2016-12-081-1/+1
|
* android: Add a public notificationTobias Brunner2016-12-081-6/+10
|
* android: Display a permanent notification while connectedTobias Brunner2016-12-089-27/+120
| | | | | This forces the service to run in the foreground, meaning the system won't kill it when low on memory.
* android: Log any installed DNS serversTobias Brunner2016-12-081-1/+1
|
* android: Unregister listener in case of error alertsTobias Brunner2016-12-081-3/+9
| | | | | | | | This avoids triggering additional errors via e.g. ike_updown() that might cause the error message displayed in the GUI to change if the status fragment is recreated. References #2134.
* android: Report an error for invalid integer valuesTobias Brunner2016-12-081-4/+27
| | | | | Previously we'd just ignore the invalid values without notifying the user.
* android: Propose curve25519 in the ESP proposalsTobias Brunner2016-12-081-3/+3
|
* android: Enable curve25519 plugin in the appTobias Brunner2016-12-081-1/+1
|
* android: Optionally build the curve25519 pluginTobias Brunner2016-12-081-0/+2
|
* android: Propose ChaCha20/Poly1305 in the ESP AEAD proposalsTobias Brunner2016-12-081-2/+3
|
* android: Enable chapoly plugin in the appTobias Brunner2016-12-081-1/+1
|
* android: Optionally build the chapoly pluginTobias Brunner2016-12-081-0/+2
|
* android: Update Gradle plugin and wrapperTobias Brunner2016-12-082-3/+3
|
* ikev1: Minor code optimization in task managerThomas Egerer2016-12-071-11/+5
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* plugin-loader: Strip '!' from critical plugin names when setting pathsTobias Brunner2016-11-181-1/+1
|
* child-sa: Use single return statement in update_usebytes()Thomas Egerer2016-11-181-4/+8
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* proposal: Remove RFC 5114 MODP DH groups from default proposalMartin Willi2016-11-151-2/+4
| | | | | | | | | | | | | | Recent research demonstrates that at least for 1024-bit DH groups, it is possible to create specially crafted primes having a backdoor. From the prime itself this is not detectable, creating a perfect NOBUS attack. http://eprint.iacr.org/2016/961 For the primes defined in RFC 5114 no information is provided on how these have been selected. In the default proposal we included one of the 2048-bit primes only, where it is questionable if constructing a backdoored prime is feasible. Nevertheless, this patch removes the group from the set of default proposals as well.
* testing: make curve25519 the default DH groupAndreas Steffen2016-11-141-1/+1
|
* proposal: Add curve25519 and curve448 to default proposalTobias Brunner2016-11-141-0/+2
|
* curve22519: Add a portable backend implemented in plain CMartin Willi2016-11-144-0/+647
|
* curve25519: Add a plugin providing Curve25519 DH using backend driversMartin Willi2016-11-148-0/+469
|
* test-vectors: Add a Curve25519 DH test vectorMartin Willi2016-11-143-0/+36
|
* proposal: Add a curve25519 proposal keywordMartin Willi2016-11-141-0/+1
|
* diffie-hellman: Add DH group identifiers for Curve25519 and Curve448Martin Willi2016-11-142-3/+14
|
* bus: Re-add ampersand that got lost in refactoringTobias Brunner2016-11-141-1/+1
| | | | | Fixes: 4af02c6c61cf ("bus: Fix maximum log level for different groups after removal of a logger")
* peer-cfg: Fix memory leak when replacing child configsTobias Brunner2016-11-111-0/+1
| | | | | Fixes: 622c2b2c3386 ("peer-cfg: Add method to atomically replace child configs")
* bus: Fix maximum log level for different groups after removal of a loggerTobias Brunner2016-11-111-5/+5
| | | | | | | The log level was incorrectly set to the same value for all groups. Fixes: dac15e03c828 ("bus: Fix maximum log levels when mixing log/vlog implementing loggers")
* farp: Fix BPF jump false offsetVolker RĂ¼melin2016-10-311-1/+1
| | | | Jump to BPF_STMT(BPF_RET+BPF_K, 0) if protocol_size != 4
* Fixed in-place update of cached base and delta CRLsAndreas Steffen2016-10-301-4/+4
|
* Newer CRLs replace older versions of the CRL in the cacheAndreas Steffen2016-10-261-0/+39
|
* connmark: Add CAP_NET_RAW to capabilities keep listTim Kent2016-10-251-0/+6
| | | | | | | | | Fix for "Permission denied (you must be root)" error when calling iptc_init(), which opens a RAW socket to communicate with the kernel, when built with "--with-capabilities=libcap". Closes strongswan/strongswan#53. Fixes #2157.
* nm: Enable IKE fragmentationTobias Brunner2016-10-201-1/+1
|
* added XOF dependencies of bliss and ntru pluginsAndreas Steffen2016-10-182-4/+26
|
* newhope: Fix Doxygen group nameTobias Brunner2016-10-141-1/+1
|
* libnttfft: Fix Doxygen groupTobias Brunner2016-10-141-1/+3
|
* Fixed some typos, courtesy of codespellTobias Brunner2016-10-142-3/+3
|
* newhope: Properly release allocated arrays if RNG can't be createdTobias Brunner2016-10-141-8/+8
|
* nm: Add D-Bus policy to the distributionTobias Brunner2016-10-141-0/+2
|
* nm: Version bump to 1.4.1Tobias Brunner2016-10-142-1/+6
|
* kernel-netlink: Fix get_route() interface determinationChristophe Gouault2016-10-121-2/+2
| | | | | | | | | | | | A wrong variable is used (route instead of best), so much that the returned interface belongs to the last seen route instead of the best choice route. get_route() may therefore return mismatching interface and gateway. Fixes: 66e9165bc686 ("kernel-netlink: Return outbound interface in get_nexthop()") Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
* Save both base and delta CRLs to diskAndreas Steffen2016-10-112-2/+9
|
* vici: strongswan.conf cache_crls = yes saves fetched CRLs to diskAndreas Steffen2016-10-116-4/+83
|
* mem-cred: Support storing a delta CRL together with its baseTobias Brunner2016-10-111-8/+30
| | | | | | | | | | | | So far every "newer" CRL (higher serial or by date) replaced an existing "older" CRL. This meant that delta CRLs replaced an existing base CRL and that base CRLs weren't added if a delta CRL was already stored. So the base had to be re-fetched every time after a delta CRL was added. With this change one delta CRL to the latest base may be stored. A newer delta CRL will replace an existing delta CRL (but not its base, older base CRLs are removed, though). And a newer base will replace the existing base and optional delta CRL.
* revocation: Cache valid CRL also if certificate is revokedTobias Brunner2016-10-111-10/+25
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-12 10:09:26 +0000