aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Added a dedicated sender flush method, delay sender destruction until users goneMartin Willi2012-05-023-3/+20
|
* add AUTH_RULE_SUBJECT_CERT for raw public keys4.6.3Andreas Steffen2012-04-301-0/+4
|
* added missing whitespaceAndreas Steffen2012-04-302-1/+2
|
* Properly initialize optional subject in PEM builder.Tobias Brunner2012-04-301-1/+1
|
* Typo fixed.Tobias Brunner2012-04-301-1/+1
|
* output validity of raw public key if availableAndreas Steffen2012-04-301-2/+34
|
* added support for raw RSA public keys to strokeAndreas Steffen2012-04-308-10/+126
|
* Fixed null-pointer dereference in smp plugin.Tobias Brunner2012-04-261-3/+7
|
* CERT_TRUSTED_PUBKEY stores notBefore, notAfter and subject informationAndreas Steffen2012-04-251-7/+41
|
* pluto: Fix for null-terminated XAuth secrets (as sent by Android 4).Tobias Brunner2012-04-241-0/+7
|
* isolate a TNC client if an error occursAndreas Steffen2012-04-221-1/+1
|
* exit if TBOOT dummy measurements are not definedAndreas Steffen2012-04-221-0/+5
|
* Option added to set identifier for syslog(3) logging.Tobias Brunner2012-04-201-1/+7
| | | | This identifier is added to each log message by syslog.
* Removed auth_cfg_t.replace_value() and replaced usages with add().Tobias Brunner2012-04-185-93/+39
| | | | | replace_value() was used to replace identities. Since for these the latest is now returned by get(), adding the new identity with add() is sufficient.
* Changed the order and semantics of rules we expect only once in auth_cfg_t.Tobias Brunner2012-04-182-114/+212
| | | | | | | These rules are now inserted at the front of the internal list, this allows to retrieve the rule added last with get(). For other rules the order in which they are added is maintained (this allows to properly enumerate them).
* Store password with remote ID to tie it stronger to a specific connection.Tobias Brunner2012-04-181-12/+50
|
* Added stroke user-creds command, to set username/password for a connection.Tobias Brunner2012-04-177-2/+204
|
* Added method to add additional shared secrets to stroke_cred_t.Tobias Brunner2012-04-172-2/+20
|
* Additional prompt keyword added to stroke.Tobias Brunner2012-04-171-1/+3
|
* Typo fixed.Tobias Brunner2012-04-171-1/+1
|
* Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a ↵Martin Willi2012-04-171-5/+43
| | | | | | | | | | | few secs Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as initiator, we can't know if the completing IKE_SA_INIT message is to our first request or the one with the COOKIE. If the responder just enabled/disabled COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE behavior toggling improves the situation, but does not solve the problem during the initial COOKIE activation.
* Added a note about DH/keymat lifecycle for custom implementationsMartin Willi2012-04-171-1/+6
|
* Reuse existing DH value when retrying IKE_SA_INIT with a COOKIEMartin Willi2012-04-171-2/+5
|
* Use IP address as ID as responder if not configured or no IDr received.Tobias Brunner2012-04-161-3/+11
|
* Fall back on IP address as IDi if none is configured at all.Tobias Brunner2012-04-161-7/+7
|
* Use auth_cfg_t.replace_value where appropriate.Tobias Brunner2012-04-162-26/+5
|
* Added a simple method to replace the value of a rule in auth_cfg_t.Tobias Brunner2012-04-162-32/+74
|
* Fixed IDi in case neither left nor leftid is configured.Tobias Brunner2012-04-161-0/+21
|
* fixed parsing of port ranges in Scanner IMVAndreas Steffen2012-04-151-4/+4
|
* Don't invoke child_updown hook twice as responderMartin Willi2012-04-111-3/+8
|
* Accept zero-length certificate request payloadsMartin Willi2012-04-111-2/+1
|
* Properly initialize src in ike_sa_t.is_any_path_valid().Tobias Brunner2012-04-061-1/+1
|
* checksum need a libradius_init() symbolAndreas Steffen2012-04-052-0/+13
|
* remove leading zero in ASN.1 encoded serial numbersAndreas Steffen2012-04-056-12/+14
|
* ASN.1 two's complement encoding prevents overflow in CRL serial numberAndreas Steffen2012-04-041-10/+18
|
* Make AES-CMAC actually usable for IKEv2.Tobias Brunner2012-04-042-0/+6
|
* represent 0 as a single byteAndreas Steffen2012-04-031-5/+1
|
* moved chunk_skip_zero to chunk.hAndreas Steffen2012-04-033-19/+21
|
* added IKEv2 Generic Secure Password Authentication MethodAndreas Steffen2012-04-032-3/+10
|
* added IKEv2 Generic Secure Password Authentication MethodAndreas Steffen2012-04-032-6/+17
|
* added GSPM IKEv2 payloadAndreas Steffen2012-04-032-8/+20
|
* fixed typoAndreas Steffen2012-04-031-2/+2
|
* Doxygen fixes.Tobias Brunner2012-04-032-2/+2
|
* Added test vectors for AES-CMAC.Tobias Brunner2012-04-033-0/+153
|
* Implemented AES-CMAC based PRF and signer.Tobias Brunner2012-04-0310-0/+922
| | | | | | The cmac plugin implements AES-CMAC as defined in RFC 4493 and the signer and PRF based on it as defined in RFC 4494 and RFC 4615, respectively.
* Fixed GNU license header in hmac and xcbc plugins.Tobias Brunner2012-04-032-4/+4
|
* Add support for dnQualifier in DNs.Tobias Brunner2012-03-293-1/+6
|
* remove leading zeros in ASN.1 encoded serial numbersAndreas Steffen2012-03-271-2/+22
|
* Make resolvconf interface prefix configurable.Tobias Brunner2012-03-271-2/+10
|
* Added support for the resolvconf framework in resolve plugin.Tobias Brunner2012-03-271-52/+149
| | | | | If /sbin/resolvconf is found nameservers are not written directly to /etc/resolv.conf but instead resolvconf is invoked.