aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Pass a constructor callback to create TNCCS server instances while dispatchingMartin Willi2013-01-174-15/+31
|
* Create pt_tls_client with separate server address and identityMartin Willi2013-01-162-28/+19
|
* Create pt_tls_dispatcher with separate server address and identityMartin Willi2013-01-162-17/+13
|
* Add a libpttls providing NEA PT-TLS / TNC IF-T for TLS transport layerMartin Willi2013-01-1610-0/+1169
|
* Send TLS close notify during tls_socket_t destructionMartin Willi2013-01-151-2/+25
|
* Send TLS close notify if application returns SUCCESSMartin Willi2013-01-151-2/+6
|
* Block TLS read when sending data, but have to wait for the handshake data firstMartin Willi2013-01-151-4/+11
|
* TNCCS plugins don't depend on EAP-TNC, but can be used by other transports, tooMartin Willi2013-01-153-9/+0
|
* Add a bio_reader_t constructor variant freeing passed data during destructionMartin Willi2013-01-152-1/+32
|
* Use a more POSIXy tls_socket interface with more flexibility.Martin Willi2013-01-152-81/+165
| | | | | If an unsufficient read buffer is provided, application data gets cached for subsequent read() calls.
* Add a chunk_from_str() initializer that does not include 0-terminatorMartin Willi2013-01-151-0/+5
|
* Reseed rdrand after every 128bit sample onlyMartin Willi2013-01-151-2/+2
|
* android: Properly escape apostrophes in Ukrainian translation5.0.2dr4Tobias Brunner2013-01-141-8/+8
|
* android: Implement kernel_net_t.get_interface via JNITobias Brunner2013-01-144-6/+92
| | | | | | This is now required to properly accept/install a virtual IP address. Fixes #275.
* android: Moved chunk_from_byte_array and byte_array_from_chunk helper functionsTobias Brunner2013-01-142-24/+32
|
* android: Set OPENSSL_NO_CMS in Android.mk as it is not set in opensslconf.h ↵Tobias Brunner2013-01-141-0/+1
| | | | on Android
* Properly send IKEv1 packets if no ike_cfg is known yetTobias Brunner2013-01-141-2/+5
| | | | This applies for error notifies.
* Don't handle right=%any6 as "loose" identity, but as %anyMartin Willi2013-01-141-2/+1
|
* Respect given address family when resolving "%any"Martin Willi2013-01-141-1/+5
|
* Android.mk of libstrongswan updatedTobias Brunner2013-01-141-2/+2
|
* Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-1234-59/+859
|\ | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * Added an option to configure the maximum size of a fragmentTobias Brunner2013-01-121-3/+10
| |
| * Properly detect fragmentation capabilitiesTobias Brunner2013-01-121-3/+27
| | | | | | | | Cisco sends 0xc0000000 so we check that part of the VID separately.
| * Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-1219-29/+67
| |
| * Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-2423-28/+59
| |
| * Include source port in init hash for fragmented messagesTobias Brunner2012-12-241-1/+8
| |
| * Add an option to en-/disable IKE fragmentationTobias Brunner2012-12-242-5/+20
| | | | | | | | | | Fragments are always accepted but will not be sent if disabled. The vendor ID is only sent if the option is enabled.
| * Split larger messages into fragments if IKE fragmentation is supported by peerTobias Brunner2012-12-241-14/+114
| |
| * Log message size for in- and outbound IKE messagesTobias Brunner2012-12-242-4/+7
| |
| * Add support to create IKE fragmentsTobias Brunner2012-12-242-0/+30
| | | | | | | | | | All fragments currently use the same fragment ID (1) as that's what other implementations are doing.
| * Log added NAT-T vendor IDsTobias Brunner2012-12-241-0/+1
| |
| * Detect a peer's support for IKE fragmentationTobias Brunner2012-12-242-0/+9
| | | | | | | | Fragments are accepted even if this vendor ID is not seen.
| * Map fragmented initial initial Main or Aggressive Mode messages to the same ↵Tobias Brunner2012-12-241-1/+17
| | | | | | | | IKE_SA
| * Allow ID_PROT/AGGRESSIVE messages for established IKE_SAs if they contain ↵Tobias Brunner2012-12-241-1/+2
| | | | | | | | | | | | | | fragments Other implementations send fragments always in an initial message type even for transaction or quick mode exchanges.
| * Don't handle fragmented messages larger than charon.max_packetTobias Brunner2012-12-241-4/+39
| |
| * Don't update an IKE_SA-entry's cached message ID when handling fragmentsTobias Brunner2012-12-241-1/+4
| |
| * Store inbound IKE fragments and reassemble the message when all fragments ↵Tobias Brunner2012-12-241-3/+166
| | | | | | | | are received
| * Add message rules to properly handle IKE fragmentsTobias Brunner2012-12-241-0/+8
| | | | | | | | | | These are sent in unencrypted messages and are the only payload contained in such messages.
| * Reset the encrypted flag when handling IKE messages that contain a fragmentTobias Brunner2012-12-241-0/+6
| | | | | | | | | | Racoon sets the encrypted bit for messages containing a fragment, but these messages are not really encrypted (the fragmented message is though).
| * Payload added to handle IKE fragmentsTobias Brunner2012-12-246-11/+314
| |
* | Don't use bio_writer_t.skip() to write length field when appending more dataMartin Willi2013-01-112-6/+9
| | | | | | | | | | If the writer reallocates its buffer, the length pointer might not be valid anymore, or even worse, point to an arbitrary allocation.
* | Use raw opcodes for rdrand to build with older binutilsMartin Willi2013-01-111-6/+6
| |
* | Provide RNG_TRUE quality in rdrand by mixing reseeded outputs using AESMartin Willi2013-01-112-8/+108
| |
* | Provide RNG_STRONG quality in rdrand by forcing PRNG reseed after every sampleMartin Willi2013-01-112-1/+69
| |
* | Provide RNG_WEAK quality random generator in rdrandMartin Willi2013-01-114-2/+342
| |
* | Add a rdrand plugin stub detecting availability of RDRAND instructionsMartin Willi2013-01-114-0/+183
| |
* | Streamline debug output when receiving intermediate CA certificates in IKEv1Martin Willi2013-01-111-1/+1
| |
* | Refactored IKEv2 cert/certreq payload processing to multiple functionsMartin Willi2013-01-111-112/+141
| |
* | Refactored IKEv1 cert payload processing to multiple functionsMartin Willi2013-01-111-73/+102
| |
* | IKEv1 support for PKCS#7 wrapped certificatesVolker Rümelin2013-01-113-0/+96
| |
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-24 00:30:39 +0000