Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Added a dedicated sender flush method, delay sender destruction until users gone | Martin Willi | 2012-05-02 | 3 | -3/+20 |
| | |||||
* | add AUTH_RULE_SUBJECT_CERT for raw public keys4.6.3 | Andreas Steffen | 2012-04-30 | 1 | -0/+4 |
| | |||||
* | added missing whitespace | Andreas Steffen | 2012-04-30 | 2 | -1/+2 |
| | |||||
* | Properly initialize optional subject in PEM builder. | Tobias Brunner | 2012-04-30 | 1 | -1/+1 |
| | |||||
* | Typo fixed. | Tobias Brunner | 2012-04-30 | 1 | -1/+1 |
| | |||||
* | output validity of raw public key if available | Andreas Steffen | 2012-04-30 | 1 | -2/+34 |
| | |||||
* | added support for raw RSA public keys to stroke | Andreas Steffen | 2012-04-30 | 8 | -10/+126 |
| | |||||
* | Fixed null-pointer dereference in smp plugin. | Tobias Brunner | 2012-04-26 | 1 | -3/+7 |
| | |||||
* | CERT_TRUSTED_PUBKEY stores notBefore, notAfter and subject information | Andreas Steffen | 2012-04-25 | 1 | -7/+41 |
| | |||||
* | pluto: Fix for null-terminated XAuth secrets (as sent by Android 4). | Tobias Brunner | 2012-04-24 | 1 | -0/+7 |
| | |||||
* | isolate a TNC client if an error occurs | Andreas Steffen | 2012-04-22 | 1 | -1/+1 |
| | |||||
* | exit if TBOOT dummy measurements are not defined | Andreas Steffen | 2012-04-22 | 1 | -0/+5 |
| | |||||
* | Option added to set identifier for syslog(3) logging. | Tobias Brunner | 2012-04-20 | 1 | -1/+7 |
| | | | | This identifier is added to each log message by syslog. | ||||
* | Removed auth_cfg_t.replace_value() and replaced usages with add(). | Tobias Brunner | 2012-04-18 | 5 | -93/+39 |
| | | | | | replace_value() was used to replace identities. Since for these the latest is now returned by get(), adding the new identity with add() is sufficient. | ||||
* | Changed the order and semantics of rules we expect only once in auth_cfg_t. | Tobias Brunner | 2012-04-18 | 2 | -114/+212 |
| | | | | | | | These rules are now inserted at the front of the internal list, this allows to retrieve the rule added last with get(). For other rules the order in which they are added is maintained (this allows to properly enumerate them). | ||||
* | Store password with remote ID to tie it stronger to a specific connection. | Tobias Brunner | 2012-04-18 | 1 | -12/+50 |
| | |||||
* | Added stroke user-creds command, to set username/password for a connection. | Tobias Brunner | 2012-04-17 | 7 | -2/+204 |
| | |||||
* | Added method to add additional shared secrets to stroke_cred_t. | Tobias Brunner | 2012-04-17 | 2 | -2/+20 |
| | |||||
* | Additional prompt keyword added to stroke. | Tobias Brunner | 2012-04-17 | 1 | -1/+3 |
| | |||||
* | Typo fixed. | Tobias Brunner | 2012-04-17 | 1 | -1/+1 |
| | |||||
* | Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a ↵ | Martin Willi | 2012-04-17 | 1 | -5/+43 |
| | | | | | | | | | | | few secs Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as initiator, we can't know if the completing IKE_SA_INIT message is to our first request or the one with the COOKIE. If the responder just enabled/disabled COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE behavior toggling improves the situation, but does not solve the problem during the initial COOKIE activation. | ||||
* | Added a note about DH/keymat lifecycle for custom implementations | Martin Willi | 2012-04-17 | 1 | -1/+6 |
| | |||||
* | Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE | Martin Willi | 2012-04-17 | 1 | -2/+5 |
| | |||||
* | Use IP address as ID as responder if not configured or no IDr received. | Tobias Brunner | 2012-04-16 | 1 | -3/+11 |
| | |||||
* | Fall back on IP address as IDi if none is configured at all. | Tobias Brunner | 2012-04-16 | 1 | -7/+7 |
| | |||||
* | Use auth_cfg_t.replace_value where appropriate. | Tobias Brunner | 2012-04-16 | 2 | -26/+5 |
| | |||||
* | Added a simple method to replace the value of a rule in auth_cfg_t. | Tobias Brunner | 2012-04-16 | 2 | -32/+74 |
| | |||||
* | Fixed IDi in case neither left nor leftid is configured. | Tobias Brunner | 2012-04-16 | 1 | -0/+21 |
| | |||||
* | fixed parsing of port ranges in Scanner IMV | Andreas Steffen | 2012-04-15 | 1 | -4/+4 |
| | |||||
* | Don't invoke child_updown hook twice as responder | Martin Willi | 2012-04-11 | 1 | -3/+8 |
| | |||||
* | Accept zero-length certificate request payloads | Martin Willi | 2012-04-11 | 1 | -2/+1 |
| | |||||
* | Properly initialize src in ike_sa_t.is_any_path_valid(). | Tobias Brunner | 2012-04-06 | 1 | -1/+1 |
| | |||||
* | checksum need a libradius_init() symbol | Andreas Steffen | 2012-04-05 | 2 | -0/+13 |
| | |||||
* | remove leading zero in ASN.1 encoded serial numbers | Andreas Steffen | 2012-04-05 | 6 | -12/+14 |
| | |||||
* | ASN.1 two's complement encoding prevents overflow in CRL serial number | Andreas Steffen | 2012-04-04 | 1 | -10/+18 |
| | |||||
* | Make AES-CMAC actually usable for IKEv2. | Tobias Brunner | 2012-04-04 | 2 | -0/+6 |
| | |||||
* | represent 0 as a single byte | Andreas Steffen | 2012-04-03 | 1 | -5/+1 |
| | |||||
* | moved chunk_skip_zero to chunk.h | Andreas Steffen | 2012-04-03 | 3 | -19/+21 |
| | |||||
* | added IKEv2 Generic Secure Password Authentication Method | Andreas Steffen | 2012-04-03 | 2 | -3/+10 |
| | |||||
* | added IKEv2 Generic Secure Password Authentication Method | Andreas Steffen | 2012-04-03 | 2 | -6/+17 |
| | |||||
* | added GSPM IKEv2 payload | Andreas Steffen | 2012-04-03 | 2 | -8/+20 |
| | |||||
* | fixed typo | Andreas Steffen | 2012-04-03 | 1 | -2/+2 |
| | |||||
* | Doxygen fixes. | Tobias Brunner | 2012-04-03 | 2 | -2/+2 |
| | |||||
* | Added test vectors for AES-CMAC. | Tobias Brunner | 2012-04-03 | 3 | -0/+153 |
| | |||||
* | Implemented AES-CMAC based PRF and signer. | Tobias Brunner | 2012-04-03 | 10 | -0/+922 |
| | | | | | | The cmac plugin implements AES-CMAC as defined in RFC 4493 and the signer and PRF based on it as defined in RFC 4494 and RFC 4615, respectively. | ||||
* | Fixed GNU license header in hmac and xcbc plugins. | Tobias Brunner | 2012-04-03 | 2 | -4/+4 |
| | |||||
* | Add support for dnQualifier in DNs. | Tobias Brunner | 2012-03-29 | 3 | -1/+6 |
| | |||||
* | remove leading zeros in ASN.1 encoded serial numbers | Andreas Steffen | 2012-03-27 | 1 | -2/+22 |
| | |||||
* | Make resolvconf interface prefix configurable. | Tobias Brunner | 2012-03-27 | 1 | -2/+10 |
| | |||||
* | Added support for the resolvconf framework in resolve plugin. | Tobias Brunner | 2012-03-27 | 1 | -52/+149 |
| | | | | | If /sbin/resolvconf is found nameservers are not written directly to /etc/resolv.conf but instead resolvconf is invoked. |