aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Process RADIUS DAE CoA updates, updating lifetimesMartin Willi2012-03-051-2/+91
|
* Send an AUTH_LIFETIME update after updating the lifetime, but can not reauth ↵Martin Willi2012-03-053-9/+43
| | | | actively
* Use faster ike_sa_id and a delete job to handle RADIUS DAE Delete-RequestMartin Willi2012-03-051-6/+8
|
* Refactored RADIUS DAE IKE_SA lookupMartin Willi2012-03-051-17/+41
|
* Pass RADIUS DAE client address a host_t instead of sockaddr structMartin Willi2012-03-051-22/+25
|
* Send RADIUS DAE Disconnect-ACK/NAK on Disconnect-RequestMartin Willi2012-03-051-5/+45
|
* Support signing of RADIUS response messagesMartin Willi2012-03-053-15/+26
|
* Act on RADIUS DAE Disconnect requestsMartin Willi2012-03-051-1/+56
|
* Verify received RADIUS DAE requestsMartin Willi2012-03-051-9/+51
|
* Support verification of RADIUS request messagesMartin Willi2012-03-052-3/+10
|
* Rename RADIUS message constructors to handle both, requests and responsesMartin Willi2012-03-056-15/+15
|
* Enable RADIUS DAE listening if configuredMartin Willi2012-03-051-0/+13
|
* Added infrastructure to listen to RADIUS Dynamic Authorization Extension ↵Martin Willi2012-03-053-0/+228
| | | | requests
* Added Dynamic Authorization Extension RADIUS message codesMartin Willi2012-03-052-1/+14
|
* Set IKE_SA lifetime based on RADIUS Session-Timeout attributeMartin Willi2012-03-051-0/+26
|
* Set hard timeouts when setting a lifetimeMartin Willi2012-03-051-7/+14
|
* Fix IKE_SA timeout debug output on 64bit platformsMartin Willi2012-03-051-3/+4
|
* Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.Tobias Brunner2012-02-273-3/+25
| | | | This requires a Linux kernel >= 2.6.33.
* Encode IPv6 virtual IPs in a Framed-IPv6-Prefix attributeMartin Willi2012-02-241-1/+9
|
* Refactored construction of RADIUS accounting messagesMartin Willi2012-02-241-23/+21
|
* Include port numbers in Calling-Station-Id, tooMartin Willi2012-02-241-2/+2
|
* Use large enough buffers for IPv6 addresses in Calling-Station-IdMartin Willi2012-02-241-2/+2
|
* Send client external address as Calling-Station-Id in RADIUS accountingMartin Willi2012-02-241-6/+11
|
* handle case where subject = NULL but keyid is set4.6.2Andreas Steffen2012-02-201-1/+2
|
* fixed attest sql query in list_measurements()Andreas Steffen2012-02-151-1/+1
|
* Compiler warnings fixed.Tobias Brunner2012-02-142-2/+2
|
* pluto: Print expiry time more properly.Tobias Brunner2012-02-141-2/+3
|
* pluto: Drop support for legacy PSK format.Tobias Brunner2012-02-081-15/+2
| | | | | | | | | | | | | | | Any line in ipsec.secrets starting with " or ' was treated as PSK without ID selectors by pluto. This prevented it from supporting DNs like "C=CH, O=Linux strongSwan, OU=Sales, CN=alice@strongswan.org" as ID selectors. PSKs defined in this legacy format can easily be updated by changing "thisIsASecret" into : PSK "thisIsASecret"
* Double check if a cached suite is available, overwrite any old suite stateMartin Willi2012-02-071-2/+3
|
* Some Doxygen fixes.Tobias Brunner2012-02-073-11/+11
|
* Fix TLS EAP-MSK derivation, uses different order of randoms than key expansionMartin Willi2012-02-071-0/+1
|
* Filter TLS suite MAC by HMAC algorithm, as the hash is not necessarily the sameMartin Willi2012-02-071-4/+4
|
* Update usage for all children in RADIUS accounting just before sending StopMartin Willi2012-02-061-1/+12
|
* Check if ClusterIP directory could be opened before enumerating itMartin Willi2012-02-061-17/+26
|
* ipsec attest adds and deletes key/component pairsAndreas Steffen2012-02-051-4/+21
|
* check if TNC client has a valid and registered AIKAndreas Steffen2012-02-055-25/+62
|
* Trigger DPD not before IKE_SA state gets updatedMartin Willi2012-02-021-6/+8
|
* Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE stateMartin Willi2012-02-021-0/+26
|
* Moved log message for unexpected ASN.1 objects to level 2.Tobias Brunner2012-02-011-1/+1
| | | | This avoids error messages if later builders can successfully decode something.
* Added support for PKCS#5 v2 schemes when decrypting PKCS#8 files.Tobias Brunner2012-02-013-61/+323
|
* Added support for encrypted PKCS#8 files (for some PKCS#5 v1.5 schemes).Tobias Brunner2012-02-013-4/+261
|
* Added support to parse PKCS#8 encoded ECDSA private keys.Tobias Brunner2012-02-013-12/+28
|
* OpenSSL plugin parses ECDSA private keys with explicitly specified EC ↵Tobias Brunner2012-02-011-9/+30
| | | | | | | parameters. This is needed in case the key itself does not contain the parameters, which is the case for PKCS#8.
* Add builder part for parameters from algorithmIdentifier.Tobias Brunner2012-02-012-1/+4
|
* Return parsed parameters from algorithmIdentifier if they are an OID (aka EC ↵Tobias Brunner2012-02-011-1/+1
| | | | | | | named curve). Explicit EC parameters are not supported with this function, but before this change no parameters were actually ever returned.
* Parse RSA private keys from PKCS#8 encoded blobs.Tobias Brunner2012-02-014-1/+151
|
* Added PKCS#8 stub plugin.Tobias Brunner2012-02-014-0/+139
|
* Added an option to load CA certificates without CA basic constraint.Tobias Brunner2012-02-011-4/+34
| | | | | | Enabling this option treats all certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA certificates even if they do not contain a CA basic constraint.
* Support RADIUS accounting messages containing Framed-IP and ↵Martin Willi2012-01-304-0/+376
| | | | Inbound/Outbound-Octets
* Open RADIUS accounting sockets to exchange accounting messagesMartin Willi2012-01-305-46/+91
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 23:05:16 +0000