9 years agoxpc: build with support for the keychain plugin
Martin Willi [Fri, 3 May 2013 14:51:29 +0000 (16:51 +0200)]
xpc: build with support for the keychain plugin

9 years agoxpc: add support for initiate simple IKEv2 EAP connections
Martin Willi [Fri, 26 Apr 2013 13:17:36 +0000 (15:17 +0200)]
xpc: add support for initiate simple IKEv2 EAP connections

9 years agoxpc: move dispatching to dedicated class, using dedicated thread
Martin Willi [Fri, 3 May 2013 14:24:05 +0000 (16:24 +0200)]
xpc: move dispatching to dedicated class, using dedicated thread

9 years agoxpc: use non-inlining variant of vstr, compiler does not like it
Martin Willi [Fri, 26 Apr 2013 12:32:32 +0000 (14:32 +0200)]
xpc: use non-inlining variant of vstr, compiler does not like it

9 years agoxpc: add Xcode project for a charon controlled through XPC
Martin Willi [Wed, 24 Apr 2013 08:38:19 +0000 (10:38 +0200)]
xpc: add Xcode project for a charon controlled through XPC

9 years agosyslog: setlogmask() to include LOG_INFO
Martin Willi [Wed, 15 May 2013 08:36:08 +0000 (10:36 +0200)]
syslog: setlogmask() to include LOG_INFO

LOG_INFO seems to be excluded by default on some systems (OS X).

9 years agokeychain: flush certificate cache after reloading System keychain
Martin Willi [Wed, 1 May 2013 09:14:16 +0000 (11:14 +0200)]
keychain: flush certificate cache after reloading System keychain

9 years agokeychain: monitor changes in the system keychain, reload when necessary
Martin Willi [Wed, 1 May 2013 08:38:46 +0000 (10:38 +0200)]
keychain: monitor changes in the system keychain, reload when necessary

9 years agokeychain: use SearchCopyNext keychain enumeration for System certs as well
Martin Willi [Wed, 1 May 2013 08:37:49 +0000 (10:37 +0200)]
keychain: use SearchCopyNext keychain enumeration for System certs as well

SecItemCopyMatching seems to be problematic regarding memory management. And
as there does not seem to be a good alternative to enumerate the System Roots
keychain using the SecItemCopyMatching API, we stick to the deprecated
enumeration functions for now.

9 years agokeychain: load certificates from System Roots Keychain
Martin Willi [Tue, 30 Apr 2013 13:33:42 +0000 (15:33 +0200)]
keychain: load certificates from System Roots Keychain

9 years agokeychain: load certificates only once during startup, improving performance
Martin Willi [Tue, 30 Apr 2013 12:50:48 +0000 (14:50 +0200)]
keychain: load certificates only once during startup, improving performance

9 years agokeychain: support on-the-fly enumeration of trusted/untrusted certificates
Martin Willi [Tue, 30 Apr 2013 09:59:01 +0000 (11:59 +0200)]
keychain: support on-the-fly enumeration of trusted/untrusted certificates

9 years agokeychain: add a stub for a credential plugin using OS X Keychain Services
Martin Willi [Mon, 29 Apr 2013 09:19:57 +0000 (11:19 +0200)]
keychain: add a stub for a credential plugin using OS X Keychain Services

9 years agocredmgr: stop querying for secrets once we get a perfect match
Martin Willi [Thu, 2 May 2013 08:07:36 +0000 (10:07 +0200)]
credmgr: stop querying for secrets once we get a perfect match

9 years agocredmgr: don't use pointers for id_match_t enum values
Martin Willi [Thu, 2 May 2013 08:03:57 +0000 (10:03 +0200)]
credmgr: don't use pointers for id_match_t enum values

9 years agoopenssl: parse X.509 extended key usage from extension parsing loop
Martin Willi [Tue, 30 Apr 2013 09:55:38 +0000 (11:55 +0200)]
openssl: parse X.509 extended key usage from extension parsing loop

Otherwise parsing gets aborted if unknown critical extensions are handled as

9 years agoopenssl: show which critical X.509 extension is not supported
Martin Willi [Tue, 30 Apr 2013 09:46:11 +0000 (11:46 +0200)]
openssl: show which critical X.509 extension is not supported

9 years agohashtable: add common hashtable hash/equals functions for pointer/string keys
Martin Willi [Wed, 1 May 2013 10:13:28 +0000 (12:13 +0200)]
hashtable: add common hashtable hash/equals functions for pointer/string keys

9 years agothread: implicitly create thread_t if an external thread calls thread_current()
Martin Willi [Fri, 26 Apr 2013 14:59:34 +0000 (16:59 +0200)]
thread: implicitly create thread_t if an external thread calls thread_current()

9 years agoike: Fix reestablishing SAs if no child-creating tasks are queued
Tobias Brunner [Thu, 18 Jul 2013 08:12:20 +0000 (10:12 +0200)]
ike: Fix reestablishing SAs if no child-creating tasks are queued

9 years agoike-sa: uninstall CHILD_SAs before removing virtual IPs
Martin Willi [Thu, 18 Jul 2013 08:31:52 +0000 (10:31 +0200)]
ike-sa: uninstall CHILD_SAs before removing virtual IPs

a3854d83 changed cleanup order. But we should remove CHILD_SAs first, as routes
for CHILD_SAs might get deleted while removing virtual IPs, resulting in
an error when a CHILD_SA tries to uninstall its route.

9 years agounity: Replicate default behavior if no UNITY_SPLIT_INCLUDE attributes were received
Tobias Brunner [Mon, 15 Jul 2013 13:17:06 +0000 (15:17 +0200)]
unity: Replicate default behavior if no UNITY_SPLIT_INCLUDE attributes were received

9 years agounity: Allow UNITY_LOCAL_LAN to be longer than 8 bytes
Tobias Brunner [Mon, 15 Jul 2013 13:15:59 +0000 (15:15 +0200)]
unity: Allow UNITY_LOCAL_LAN to be longer than 8 bytes

9 years agounity: Fix memory leak in provider
Tobias Brunner [Mon, 15 Jul 2013 13:12:35 +0000 (15:12 +0200)]
unity: Fix memory leak in provider

9 years agoipsec.conf.5: closeaction is now supported for IKEv1
Tobias Brunner [Wed, 17 Jul 2013 16:18:57 +0000 (18:18 +0200)]
ipsec.conf.5: closeaction is now supported for IKEv1

9 years agoikev1: Reestablish IKE_SA/CHILD_SAs if it gets deleted by the peer
Tobias Brunner [Thu, 4 Jul 2013 17:14:44 +0000 (19:14 +0200)]
ikev1: Reestablish IKE_SA/CHILD_SAs if it gets deleted by the peer

We call ike_sa_t.reestablish() so the IKE_SA is only recreated if any
CHILD_SA requires it.

9 years agoike: Migrate queued CHILD_SA-creating tasks when reestablishing an IKE_SA
Tobias Brunner [Wed, 3 Jul 2013 16:28:37 +0000 (18:28 +0200)]
ike: Migrate queued CHILD_SA-creating tasks when reestablishing an IKE_SA

9 years agoikev1: Support closeaction of CHILD_SA.
Oliver Smith [Fri, 28 Jun 2013 16:41:19 +0000 (09:41 -0700)]
ikev1: Support closeaction of CHILD_SA.

When a CHILD_SA is closed in IKEv1, if it is not being rekeyed and
closeaction has been set, we can now perform a restart or hold as is
currently done for IKEv2.

9 years agoMerge branch 'kernel-pfroute-mobility'
Tobias Brunner [Wed, 17 Jul 2013 15:49:26 +0000 (17:49 +0200)]
Merge branch 'kernel-pfroute-mobility'

This improves the behavior of the kernel-pfroute plugin (and sometimes
the kernel-pfkey plugin) in case of mobility, mostly when used as as
client but also as gateway, if clients are mobile.

9 years agokernel-pfroute: Ignore IP address changes if address is %any
Tobias Brunner [Wed, 10 Jul 2013 14:28:55 +0000 (16:28 +0200)]
kernel-pfroute: Ignore IP address changes if address is %any

9 years agokernel-pfroute: Properly enumerate sockaddrs in interface messages
Tobias Brunner [Wed, 10 Jul 2013 14:08:56 +0000 (16:08 +0200)]
kernel-pfroute: Properly enumerate sockaddrs in interface messages

The ifa_msghdr and rt_msghdr structs are not compatible (at least not on

9 years agokernel-pfroute: Provide name of interfaces on which virtual IPs are installed
Tobias Brunner [Wed, 10 Jul 2013 13:37:35 +0000 (15:37 +0200)]
kernel-pfroute: Provide name of interfaces on which virtual IPs are installed

9 years agokernel-pfroute: Ignore virtual IPs in address map
Tobias Brunner [Wed, 10 Jul 2013 13:29:38 +0000 (15:29 +0200)]
kernel-pfroute: Ignore virtual IPs in address map

As the virtual flag is set after the address has been added to the map,
we make sure we ignore virtual IPs when doing lookups.

9 years agokernel-pfroute: Make sure source addresses are not virtual and usable
Tobias Brunner [Wed, 10 Jul 2013 13:02:48 +0000 (15:02 +0200)]
kernel-pfroute: Make sure source addresses are not virtual and usable

It seems we sometimes get the virtual IP as source (with
rightsubnet= even if the exclude route is already
installed.  Might be a timing issue because shortly afterwards the
lookup seems to succeed.

9 years agokernel-pfroute: Don't report an error when trying to reinstall a route
Tobias Brunner [Wed, 10 Jul 2013 10:38:21 +0000 (12:38 +0200)]
kernel-pfroute: Don't report an error when trying to reinstall a route

9 years agokernel-pfkey: Provide interface name when installing exclude route
Tobias Brunner [Wed, 10 Jul 2013 10:21:58 +0000 (12:21 +0200)]
kernel-pfkey: Provide interface name when installing exclude route

9 years agokernel-pfroute: Reinstall routes on interface/address changes
Tobias Brunner [Wed, 10 Jul 2013 10:14:19 +0000 (12:14 +0200)]
kernel-pfroute: Reinstall routes on interface/address changes

9 years agokernel-pfroute: Trigger a roam event if a new interface appears
Tobias Brunner [Wed, 10 Jul 2013 09:57:31 +0000 (11:57 +0200)]
kernel-pfroute: Trigger a roam event if a new interface appears

9 years agokernel-pfroute: Use ref_get() to allocate sequence numbers
Tobias Brunner [Wed, 10 Jul 2013 09:42:00 +0000 (11:42 +0200)]
kernel-pfroute: Use ref_get() to allocate sequence numbers

9 years agokernel-pfroute: Make time that is waited for VIPs to appear configurable
Tobias Brunner [Wed, 10 Jul 2013 09:31:56 +0000 (11:31 +0200)]
kernel-pfroute: Make time that is waited for VIPs to appear configurable

One second might be too short for IPs to appear/disappear, especially on
virtualized hosts.

9 years agokernel-pfroute: Retry route lookup without source address on failure
Tobias Brunner [Wed, 10 Jul 2013 09:22:57 +0000 (11:22 +0200)]
kernel-pfroute: Retry route lookup without source address on failure

The known source address might be gone resulting in an error, making
learning a new source address impossible.

9 years agokernel-pfkey: Remove latest IPsec SA mapping when deleting a policy
Tobias Brunner [Wed, 10 Jul 2013 09:08:01 +0000 (11:08 +0200)]
kernel-pfkey: Remove latest IPsec SA mapping when deleting a policy

If IPsec SAs are rekeyed due to an address change (e.g. because
update_sa is not supported) the exact same policy with the same reqid
will be installed, but with different addresses.  After the rekeying the
old SA and its policies are removed, using the first matching mapping
breaks the mapping between the policies and the new SA (at least on
FreeBSD, the Linux kernel might only use the reqid for this).  Using the
oldest matching SA is still an approximation but it solves the above

9 years agokernel-pfkey: Correctly handle IPSEC_PROTO_ANY in an acquire
Tobias Brunner [Wed, 10 Jul 2013 08:56:08 +0000 (10:56 +0200)]
kernel-pfkey: Correctly handle IPSEC_PROTO_ANY in an acquire

9 years agolinked-list: Remove barely used has_more() method
Tobias Brunner [Tue, 16 Jul 2013 13:25:51 +0000 (15:25 +0200)]
linked-list: Remove barely used has_more() method

This required some refactoring when handling encrypted payloads.

Also changed log messages so that "encrypted payload" is logged instead
of "encryption payload" (even if we internally still call it that) as
that's the name used in RFC 5996.

9 years agolinked-list: Don't require an argument for the item when enumerating
Tobias Brunner [Tue, 16 Jul 2013 12:46:43 +0000 (14:46 +0200)]
linked-list: Don't require an argument for the item when enumerating

9 years agolinked-list: Remove unused clone_function() method
Tobias Brunner [Tue, 16 Jul 2013 10:07:00 +0000 (12:07 +0200)]
linked-list: Remove unused clone_function() method

9 years agolinked-list: Remove barely used find_last() method
Tobias Brunner [Tue, 16 Jul 2013 10:00:57 +0000 (12:00 +0200)]
linked-list: Remove barely used find_last() method

9 years agolinked-list: Remove unused replace() method
Tobias Brunner [Tue, 16 Jul 2013 09:53:30 +0000 (11:53 +0200)]
linked-list: Remove unused replace() method

Its functionality can be replicated by calling insert_before() followed
by remove_at().  Not the other way around, though, because remove_at()
changes the enumerator position.

9 years agoMerge branch 'array'
Martin Willi [Wed, 17 Jul 2013 15:28:18 +0000 (17:28 +0200)]
Merge branch 'array'

Introduces a new lightweight array collection having minimal memory overhead.
The new class replaces various linked lists that are used during the full
lifetime of an SA, reducing memory requirements by about 5KB or more per tunnel.

9 years agochild-sa: refactor proxy transport mode address lookup
Martin Willi [Wed, 17 Jul 2013 08:28:45 +0000 (10:28 +0200)]
child-sa: refactor proxy transport mode address lookup

9 years agochild-sa: replace traffic selector lists by arrays
Martin Willi [Wed, 17 Jul 2013 08:08:19 +0000 (10:08 +0200)]
child-sa: replace traffic selector lists by arrays

Saves up to another 0.5KB of memory per CHILD_SA.

9 years agochild-sa: replace get_traffic_selectors() with create_ts_enumerator()
Martin Willi [Wed, 17 Jul 2013 08:01:22 +0000 (10:01 +0200)]
child-sa: replace get_traffic_selectors() with create_ts_enumerator()

Not directly returning a linked list allows us to change the internals of
the CHILD_SA transparently.

9 years agoikev2: replace linked lists by arrays in task manager
Martin Willi [Thu, 11 Jul 2013 15:20:48 +0000 (17:20 +0200)]
ikev2: replace linked lists by arrays in task manager

Eliminates another three lists, 0.5KB per IKE_SA.

9 years agoauth-cfg: use array instead of linked list
Martin Willi [Thu, 11 Jul 2013 14:54:15 +0000 (16:54 +0200)]
auth-cfg: use array instead of linked list

Saves another 4 linked lists (1KB) per IKE_SA

9 years agoproposal: use array to store proposal list
Martin Willi [Thu, 11 Jul 2013 14:36:10 +0000 (16:36 +0200)]
proposal: use array to store proposal list

Removes another two linked lists (0.5KB) of memory per IKE/CHILD_SA pair.

9 years agoproposal: use a single list to store all transforms
Martin Willi [Wed, 10 Jul 2013 12:16:46 +0000 (14:16 +0200)]
proposal: use a single list to store all transforms

Beside that it makes the code actually simpler, it reduces the number of lists
stored by each IKE_SA and each CHILD_SA by 4, which can be up to 1KB per SA.

9 years agoike-sa: use arrays instead of linked lists in long lived collections
Martin Willi [Thu, 11 Jul 2013 13:58:15 +0000 (15:58 +0200)]
ike-sa: use arrays instead of linked lists in long lived collections

This saves about 1.5KB of memory per IKE_SA.

9 years agounit-tests: implement tests for array collection
Martin Willi [Thu, 11 Jul 2013 13:09:30 +0000 (15:09 +0200)]
unit-tests: implement tests for array collection

9 years agoarray: introduce an array collection storing elements very efficiently
Martin Willi [Thu, 11 Jul 2013 09:44:33 +0000 (11:44 +0200)]
array: introduce an array collection storing elements very efficiently

Currently we use the very versatile linked-list collection to store elements
with variable count. This is fine, but very inefficient: Due to the many
methods in the linked list, on 64-bit platforms an empty list alone is more
than 200 bytes. As we currently have about 50 lists per IKE_SA/CHILD_SA pair,
this takes up to 10KB just for managing the empty lists. This is about the
half of memory used by an IKE_SA/CHILD_SA pair, and obviously way too much.

The new array type is not an object, but a collection of functions on an
abstract type.

The following lists are per IKE_SA and should be considered for a replacement
with more efficient arrays (this uses load-testers on-demand created dynamic
configurations, other scenarios have different lists):

14 -> ike_sa_create() @ src/libcharon/sa/ike_sa.c:2198
10 -> auth_cfg_create() @ src/libstrongswan/credentials/auth_cfg.c:1088
 6 -> task_manager_v2_create() @ src/libcharon/sa/ikev2/task_manager_v2.c:1505
 6 -> proposal_create() @ src/libcharon/config/proposal.c:592
 5 -> peer_cfg_create() @ src/libcharon/config/peer_cfg.c:657
 4 -> child_sa_create() @ src/libcharon/sa/child_sa.c:1090
 2 -> child_cfg_create() @ src/libcharon/config/child_cfg.c:536
 1 -> ike_cfg_create() @ src/libcharon/config/ike_cfg.c:330
 1 -> put_connected_peers() @ src/libcharon/sa/ike_sa_manager.c:854

9 years agokernel-libipsec: Log error if no local address is found when installing routes
Tobias Brunner [Mon, 15 Jul 2013 12:37:31 +0000 (14:37 +0200)]
kernel-libipsec: Log error if no local address is found when installing routes

9 years agodumm: Sort templates by name
Tobias Brunner [Mon, 15 Jul 2013 12:37:05 +0000 (14:37 +0200)]
dumm: Sort templates by name

9 years agotesting: Don't load certificates explicitly and delete CA certificates in PKCS#12...
Tobias Brunner [Mon, 15 Jul 2013 09:19:27 +0000 (11:19 +0200)]
testing: Don't load certificates explicitly and delete CA certificates in PKCS#12 scenarios

Certificates are now properly extracted from PKCS#12 files.

9 years agostroke: Add certificates extracted from PKCS#12 files to correct credential set
Tobias Brunner [Mon, 15 Jul 2013 08:59:13 +0000 (10:59 +0200)]
stroke: Add certificates extracted from PKCS#12 files to correct credential set

Only keys and shared secrets are moved from the temporary credential set after
loading all secrets.

9 years agopkcs12: Add plugin dependencies with soft dependencies on the most common algorithms
Tobias Brunner [Mon, 15 Jul 2013 08:48:19 +0000 (10:48 +0200)]
pkcs12: Add plugin dependencies with soft dependencies on the most common algorithms

9 years agoleak-detective: remove hdr entry when reallocating zero bytes
Martin Willi [Fri, 12 Jul 2013 17:58:02 +0000 (19:58 +0200)]
leak-detective: remove hdr entry when reallocating zero bytes

9 years agoleak-detective: print total of allocated/leaked bytes in usage/report
Martin Willi [Fri, 12 Jul 2013 17:57:17 +0000 (19:57 +0200)]
leak-detective: print total of allocated/leaked bytes in usage/report

9 years agodumm: add include for in.h, if_bridge.h now uses struct in6_addr
Martin Willi [Fri, 12 Jul 2013 16:19:32 +0000 (18:19 +0200)]
dumm: add include for in.h, if_bridge.h now uses struct in6_addr

9 years agoRecognize critical IssuingDistributionPoint CRL extension
Andreas Steffen [Fri, 12 Jul 2013 07:00:47 +0000 (09:00 +0200)]
Recognize critical IssuingDistributionPoint CRL extension

9 years agoOverride policy recommendation in enforcement
Andreas Steffen [Thu, 11 Jul 2013 08:34:00 +0000 (10:34 +0200)]
Override policy recommendation in enforcement

9 years agoopenssl plugin can replace random, hmac, and gcm plugins
Andreas Steffen [Wed, 10 Jul 2013 18:38:07 +0000 (20:38 +0200)]
openssl plugin can replace random, hmac, and gcm plugins

9 years agoAdded openssl-ikev2/net2net-pkcs12 scenario
Andreas Steffen [Wed, 10 Jul 2013 18:25:49 +0000 (20:25 +0200)]
Added openssl-ikev2/net2net-pkcs12 scenario

9 years agoAdded ikev2/net2net-pkcs12 scenario
Andreas Steffen [Wed, 10 Jul 2013 18:17:44 +0000 (20:17 +0200)]
Added ikev2/net2net-pkcs12 scenario

9 years agoVersion bump to 5.1.0dr3
Andreas Steffen [Wed, 10 Jul 2013 15:50:20 +0000 (17:50 +0200)]
Version bump to 5.1.0dr3

9 years agoconntrack -F makes ikev2/nat-rw scenario to work always
Andreas Steffen [Wed, 10 Jul 2013 15:07:56 +0000 (17:07 +0200)]
conntrack -F makes ikev2/nat-rw scenario to work always

9 years agoleak-detective: add a usage threshold option based on the number of allocations
Martin Willi [Wed, 10 Jul 2013 15:27:31 +0000 (17:27 +0200)]
leak-detective: add a usage threshold option based on the number of allocations

9 years agoleak-detective: set_state() only affects the calling thread
Martin Willi [Wed, 10 Jul 2013 15:16:49 +0000 (17:16 +0200)]
leak-detective: set_state() only affects the calling thread

The only user (bfd backtraces) is fine with that, and we really should not
mess the enable flag while doing allocations with other threads.

9 years agoleak-detective: take a copy of backtrace while printing traces
Martin Willi [Wed, 10 Jul 2013 15:15:00 +0000 (17:15 +0200)]
leak-detective: take a copy of backtrace while printing traces

As we don't want to hold the lock, we must make sure backtraces keep valid
while printing them.

9 years agobacktrace: add a clone() method
Martin Willi [Wed, 10 Jul 2013 15:14:20 +0000 (17:14 +0200)]
backtrace: add a clone() method

9 years agoleak-detective: remove hdr from the allocation list during realloc()
Martin Willi [Wed, 10 Jul 2013 14:29:18 +0000 (16:29 +0200)]
leak-detective: remove hdr from the allocation list during realloc()

If realloc moves an allocation, the original allocation gets freed. We
therefore must remove the hdr from the list, as it is invalid. We can add it
afterwards once it has been updated, allowing us to unlock the list during

9 years agoFixed alignment of device ID column 5.1.0dr2
Andreas Steffen [Wed, 10 Jul 2013 09:37:22 +0000 (11:37 +0200)]
Fixed alignment of device ID column

9 years agoandroid: New release after adding support for EAP-TNC
Tobias Brunner [Mon, 8 Jul 2013 16:45:46 +0000 (18:45 +0200)]
android: New release after adding support for EAP-TNC

Also disabled listening on IPv6 because the Linux kernel currently does
not support UDP encapsulation for IPv6.

9 years agoMerge branch 'android-byod'
Tobias Brunner [Mon, 8 Jul 2013 16:50:09 +0000 (18:50 +0200)]
Merge branch 'android-byod'

Adds support for EAP-TNC with a custom Android-specific IMC that
collects data such as installed packages, file hashes or system

Some parts of the implementation are based on the bachelor semester
project 'strongSwan Android 4 Client with Endpoint Assessment' by
Christoph Bühler and Patrick Lötscher.

9 years agoandroid: Properly handle dotted-quad notation of IPv6 addresses
Tobias Brunner [Mon, 8 Jul 2013 13:38:47 +0000 (15:38 +0200)]
android: Properly handle dotted-quad notation of IPv6 addresses

For nestat output like ::ffff: we shall not treat 127 as
port but 9876 instead.

9 years agoandroid: Allow IMC state to be dismissed with a swipe gesture
Tobias Brunner [Fri, 5 Jul 2013 15:20:21 +0000 (17:20 +0200)]
android: Allow IMC state to be dismissed with a swipe gesture

9 years agoandroid: Use explicit locale when converting settings names
Tobias Brunner [Wed, 3 Jul 2013 14:30:44 +0000 (16:30 +0200)]
android: Use explicit locale when converting settings names

Apparently, these functions use the user's default locale which might not
yield the expected result (e.g. lowercase I is not i in the Turkish
locale but ı instead).

9 years agoandroid: Add information about transmitted data if EAP-TNC is selected
Tobias Brunner [Wed, 3 Jul 2013 14:27:36 +0000 (16:27 +0200)]
android: Add information about transmitted data if EAP-TNC is selected

9 years agoandroid: Reuse certificate selector as generic two line button
Tobias Brunner [Wed, 3 Jul 2013 08:58:25 +0000 (10:58 +0200)]
android: Reuse certificate selector as generic two line button

9 years agoandroid: Add device ID in BeginHandshake
Tobias Brunner [Mon, 24 Jun 2013 13:58:34 +0000 (15:58 +0200)]
android: Add device ID in BeginHandshake

9 years agoandroid: Add new VpnType to enable BYOD features
Tobias Brunner [Wed, 19 Jun 2013 10:41:09 +0000 (12:41 +0200)]
android: Add new VpnType to enable BYOD features

9 years agoUse strpfx() helper where appropriate
Tobias Brunner [Wed, 19 Jun 2013 10:39:12 +0000 (12:39 +0200)]
Use strpfx() helper where appropriate

9 years agoutils: Add helper function to check a string for a given prefix
Tobias Brunner [Wed, 19 Jun 2013 10:24:40 +0000 (12:24 +0200)]
utils: Add helper function to check a string for a given prefix

9 years agoutils: Convert string helper macros to static inline functions
Tobias Brunner [Wed, 19 Jun 2013 10:22:29 +0000 (12:22 +0200)]
utils: Convert string helper macros to static inline functions

9 years agoandroid: Use a different set of plugins if BYOD features are enabled
Tobias Brunner [Wed, 19 Jun 2013 10:00:04 +0000 (12:00 +0200)]
android: Use a different set of plugins if BYOD features are enabled

9 years agoandroid: IMC state fragment is a button that shows remediation instructions or log
Tobias Brunner [Thu, 30 May 2013 10:16:30 +0000 (12:16 +0200)]
android: IMC state fragment is a button that shows remediation instructions or log

9 years agoandroid: Show remediation instructions instead of log on failure
Tobias Brunner [Thu, 30 May 2013 10:04:59 +0000 (12:04 +0200)]
android: Show remediation instructions instead of log on failure

9 years agoandroid: Properly hide the IMC state fragment initially
Tobias Brunner [Thu, 30 May 2013 09:57:39 +0000 (11:57 +0200)]
android: Properly hide the IMC state fragment initially

9 years agoandroid: Add activity that displays a list of remediation instructions
Tobias Brunner [Thu, 30 May 2013 09:55:44 +0000 (11:55 +0200)]
android: Add activity that displays a list of remediation instructions

On large displays a two-pane layout is used that displays the list next
to the actual instructions.

9 years agoandroid: Add fragment for a list of remediation instructions
Tobias Brunner [Thu, 30 May 2013 09:47:01 +0000 (11:47 +0200)]
android: Add fragment for a list of remediation instructions

This fragment can later be used in one- or two-pane layouts.

9 years agoandroid: Add adapter for remediation instructions
Tobias Brunner [Thu, 30 May 2013 09:38:05 +0000 (11:38 +0200)]
android: Add adapter for remediation instructions

9 years agoandroid: Add fragment that displays a single remediation instruction
Tobias Brunner [Thu, 30 May 2013 09:18:24 +0000 (11:18 +0200)]
android: Add fragment that displays a single remediation instruction