restrict PA-TNC messages to maximum size
[strongswan.git] / src / libcharon /
2012-07-12 Andreas Steffenrestrict PA-TNC messages to maximum size
2012-07-12 Tobias BrunnerAvoid that any % characters (e.g. in %any) are evaluate...
2012-07-11 Andreas Steffenremoved unused variables
2012-07-11 Andreas Steffenfixed logging of unsupported TNCCS version
2012-07-11 Andreas SteffenPB-TNC Client sends empty CLOSE batch only in DECIDED...
2012-07-11 Andreas Steffenhave_recommendation() accepts NULL arguments
2012-07-11 Andreas Steffensend empty SDATA batch if no recommendation is availabl...
2012-07-11 Andreas Steffenmoved batch size calculation into pb_tnc_batch_t
2012-07-11 Andreas Steffenmake maximum PB-TNC batch size configurable
2012-07-11 Andreas Steffenlimit the size of a PB-TNC batch to the maximum EAP...
2012-07-11 Andreas Steffeneliminate message length field in EAP-TNC
2012-07-11 Andreas Steffendue to single fragment, total length does not have...
2012-07-11 Andreas SteffenEAP-TNC does not support fragmentation
2012-07-10 Martin WilliSend cert request based on peers configured authenticat...
2012-07-09 Martin WilliDon't send CERTREQs when initiating aggressive mode PSK
2012-07-04 Martin WilliRefactored heavily #ifdefd capability code to its own...
2012-07-04 Tobias BrunnerUse spin locks to update IKE_SAs in controller_t
2012-07-04 Tobias BrunnerFixed job handling in controller_t
2012-06-29 Martin WilliAs a responder, don't start a TRANSACTION request if...
2012-06-28 Andreas SteffenIMCs and IMVs might depend on X.509 certificates or...
2012-06-28 Martin WilliShow some uname() info in "ipsec statusall"
2012-06-27 Tobias Brunnerlibcharon also requires kernel interfaces and a socket...
2012-06-27 Martin WilliDefer quick mode initiation if we expect a mode config...
2012-06-27 Martin WilliQueue a mode config task as responder if we need a...
2012-06-27 Martin WilliAdd basic support for XAuth responder authentication
2012-06-27 Martin WilliMap XAuth responder authentication methods between...
2012-06-27 Martin WilliShow remote EAP/XAuth identity in "statusall" on a...
2012-06-27 Tobias BrunnerUse static plugin features in libcharon to define essen...
2012-06-26 Martin WilliIgnore a received %any virtual IP for installation
2012-06-26 Tobias BrunnerAlso build charon's IKEv1 implementation on Android
2012-06-26 Tobias BrunnerMissing source file added to libcharon's Android.mk
2012-06-25 Tobias BrunnerMake rescheduling a job more predictable
2012-06-25 Tobias BrunnerCentralized thread cancellation in processor_t
2012-06-25 Tobias BrunnerGive processor_t more control over the lifecycle of...
2012-06-25 Andreas Steffensupport Cisco Unity VID
2012-06-25 Martin WilliEnforce uniqueids=keep based on XAuth identity
2012-06-25 Martin WilliDon't send XAUTH_OK if a hook prevents SA to establish
2012-06-25 Martin WilliEnforce uniqueids=keep only for non-XAuth Main/Agressiv...
2012-06-25 Martin WilliShow EAP/XAuth identity in "ipsec status", if available
2012-06-25 Martin WilliUse XAuth/EAP remote identity for uniqueness check
2012-06-25 Martin WilliAdd missing XAuth name variable when complaining about...
2012-06-22 Tobias BrunnerFix SIGSEGV if kernel install fails during Quick Mode...
2012-06-21 Tobias BrunnerFixed compile error because of charon->name in certexpi...
2012-06-20 Martin WilliSelect requested virtual IP family based on remote...
2012-06-14 Martin WilliAdopt children as XAuth initiator (which is IKE responder)
2012-06-14 Martin WilliShow what kind of *Swan we run in "ipsec status"
2012-06-14 Martin WilliRequire a scary option to respond to Aggressive Mode...
2012-06-13 Tobias BrunnerUse proper defines for IPV6_PKTINFO on Mac OS X Lion...
2012-06-12 Martin WilliAdded signature scheme options left/rightauth
2012-06-12 Martin Willicertificate_t->issued_by takes an argument to receive...
2012-06-09 Andreas Steffenadded missing parameter in get_my_addr() and get_other_...
2012-06-08 Andreas Steffenimplemented the right|leftallowany feature
2012-06-08 Martin WilliEnforce uniqueness policy in IKEv1 main and aggressive...
2012-06-08 Martin WilliTry to rekey without KE exchange if peer returns INVALI...
2012-06-08 Martin WilliWhile checking for redundant quick modes, compare traff...
2012-06-08 Martin WilliStore shorter soft lifetime of in- and outbound SAs...
2012-06-08 Martin WilliInitiate quick mode rekeying with narrowed traffic...
2012-06-08 Martin WilliUse traffic selectors passed to quick mode constructor...
2012-06-08 Martin WilliInstead of rekeying, delete a quick mode if we have...
2012-06-06 Martin WilliAs responder, enforce the same configuration while...
2012-06-05 Martin WilliShow expiration time of rekeyed CHILD_SAs in statusall
2012-06-04 Tobias BrunnerMark CHILD_SAs used for trap policies to uninstall...
2012-05-30 Tobias BrunnerAvoid queueing more than one retry initiate job.
2012-05-30 Tobias BrunnerRetry IKE_SA initiation if DNS resolution failed.
2012-05-30 Tobias BrunnerJob added to re-initiate an IKE_SA.
2012-05-25 Tobias BrunnerFix MOBIKE address update if responder address changed.
2012-05-25 Tobias BrunnerResolve hosts before reauthenticating due to address...
2012-05-25 Tobias BrunnerDon't queue delete_ike_sa job when setting IKE_DELETING.
2012-05-25 Tobias BrunnerDuring reauthentication reestablish IKE_SA even if...
2012-05-25 Tobias BrunnerIntegrated main parts of IKE_REAUTH task into ike_sa_t...
2012-05-25 Tobias BrunnerFixed route lookup in case MOBIKE is not enabled.
2012-05-25 Tobias BrunnerAdded encapsulation mode transform attribute to IPComp...
2012-05-24 Tobias BrunnerAdd an additional proposal without IPComp to SA payload.
2012-05-24 Tobias BrunnerAdded log message if peer does not accept/provide IPCom...
2012-05-24 Tobias BrunnerAdded support to negotiate IPComp during Quick Mode.
2012-05-24 Tobias BrunnerAdded support for IKEv1 IPComp proposals in SA payload.
2012-05-24 Tobias BrunnerAdded support for IKEv1 IPComp proposals in proposal...
2012-05-24 Tobias BrunnerFix memleak during Quick Mode in case no SPI can be...
2012-05-24 Tobias BrunnerProperly filter IKEv1 proposals consisting of multiple...
2012-05-23 Martin WilliApply IDir before deriving keys as aggressive initiator
2012-05-23 Martin WilliUse received identity to look up PSK as aggressive...
2012-05-23 Martin WilliCheck if we actually have an initiating packet to free...
2012-05-23 Andreas Steffenlist IKEv1 Aggressive Mode in ipsec statusall
2012-05-21 Tobias BrunnerSwitch to alternative peer config in IKEv1 Main and...
2012-05-21 Martin WilliCancel pending retransmits when flushing active task...
2012-05-21 Martin WilliCancel active quick mode task when receiving INFORMATIO...
2012-05-21 Martin WilliFlush task queues explicitly, not implicitly if task...
2012-05-21 Martin WilliWrap task managers flush_queue() in IKE_SA
2012-05-21 Martin WilliMake task managers flush_queue() method public
2012-05-21 Martin WilliFix IKEv1 DPD clear, destroying IKE_SA even if reestabl...
2012-05-18 Tobias BrunnerRemove executable flag from source files.
2012-05-18 Tobias BrunnerUse separate Doxygen groups for IKEv1 and IKEv2 entitie...
2012-05-18 Tobias BrunnerRemoved superfluous @param in bus.h.
2012-05-18 Tobias Brunnerwhitelist: Make sure listed IDs are null-terminated.
2012-05-18 Tobias BrunnerList registered nonce generators in statusall output.
2012-05-18 Adrian-Ken RueegseggerUse nonce_gen instead of rng to generate nonces
2012-05-18 Adrian-Ken RueegseggerAdd create_nonce_gen function to keymat interface
2012-05-17 Andreas Steffenmake IKEv1 DPD timeout configurable in charon
2012-05-15 Martin WilliMoved IKEv1 DPD processing to task manager, fix sequenc...
2012-05-15 Martin WilliConsider inbound ESP as a sign of liveness for DPD...
next