ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
5,866 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

4151 Commits

Author SHA1 Message Date
Andreas Steffen 4e8e74fcfa moved TNCCS layer out of eap_tnc plugin 2010-09-28 23:34:04 +02:00
Andreas Steffen 2b3124c76d fixed release of virtual IP for XAUTH identities 2010-09-26 10:17:01 +02:00
Tobias Brunner f22ba072e8 draft-ietf-ipsecme-eap-mutual will be released as RFC 5998. 2010-09-16 10:27:49 +02:00
Andreas Steffen 004de55235 added notify messages defined in RFC 5996 2010-09-15 12:48:58 +02:00
Andreas Steffen 80f86acccb show validity of OCSP responses 2010-09-10 22:26:03 +02:00
Tobias Brunner 0a1233e642 Moved man pages for config files to a separate directory. 2010-09-10 12:01:19 +02:00
Andreas Steffen f3051ebf53 fixed memory leak 2010-09-09 21:38:41 +02:00
Martin Willi 663e735553 Compare subject against all key identifiers in has_subject() 2010-09-09 17:46:20 +02:00
Andreas Steffen f85f0c2795 has_subject() now resolves ID_KEY_IDs 2010-09-09 17:15:46 +02:00
Martin Willi 89821331e0 Do not change cipherspec while we have buffered handshake fragments pending 2010-09-09 14:27:41 +02:00
Andreas Steffen 3f58022679 debug output of inbound and outbound TNCCS batches 2010-09-09 11:15:08 +02:00
Andreas Steffen 20ad62026e support non EAP-TTLS conformant RADIUS-type attribute segmentation 2010-09-09 11:15:08 +02:00
Tobias Brunner b1baa90846 Fixed copy/paste error. 2010-09-09 10:10:43 +02:00
Andreas Steffen 3b7eb3a9f4 added explanatory comments 2010-09-09 08:57:13 +02:00
Andreas Steffen 48b8cbb206 send well-formed TNCCS-Batch 2010-09-08 13:44:34 +02:00
Andreas Steffen de29e3a683 max max_message_count configurable and move it into tls_eap_t 2010-09-08 12:58:45 +02:00
Andreas Steffen 99b0f633c2 handle TLS_PURPOSE_EAP_TNC 2010-09-08 12:58:45 +02:00
Martin Willi 30cd31fb69 Added a simple led plugin to control Linux LEDs based on IKE activity 2010-09-08 12:00:57 +02:00
Andreas Steffen 51b385d44d moved tls_t existance test into tls_eap_create() again 2010-09-08 11:09:11 +02:00
Andreas Steffen d2b1d4378e generalized tls_eap_t to support EAP_TNC wrapping the TNC_IF_TNCCS protocol 2010-09-08 11:01:53 +02:00
Martin Willi 7b3c01845f Read the compression type byte for EC groups, only 2010-09-08 10:35:29 +02:00
Andreas Steffen 91a0825c39 added non-standard SERPENT and TWOFISH support to kernel_netlink plugin 2010-09-08 07:22:31 +02:00
Andreas Steffen 52d4dc7fe2 added qcStatements OID 2010-09-07 11:17:51 +02:00
Martin Willi 31c65eb362 Include ec_point_format extension in ClientHello 2010-09-06 18:51:38 +02:00
Martin Willi 02281c87a4 Added TLS specific EC point formats 2010-09-06 18:42:43 +02:00
Martin Willi ec7d4e70d3 Renamed ecp_format to ansi_format, as point formats in TLS use different identifiers 2010-09-06 18:37:24 +02:00
Martin Willi fe559b5156 Accept TLS records with zero-length plaintext 2010-09-06 17:04:59 +02:00
Martin Willi adb913adeb Added strongswan.conf option to filter for specific TLS suites 2010-09-06 16:51:11 +02:00
Martin Willi 24a5b935e7 Added strongswan.conf options to filter cipher suites by specific algorithms 2010-09-06 16:51:04 +02:00
Martin Willi a92a348092 Register missing AUTH_HMAC_SHA384 algorithm without truncation 2010-09-06 16:50:58 +02:00
Martin Willi a03eebdf93 Fixed key type in TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 2010-09-06 16:50:54 +02:00
Martin Willi e6cce7ff0d Prepend point format to ECDH public key 2010-09-06 15:37:51 +02:00
Martin Willi e4fd2bb428 Log the selected (EC)DH group 2010-09-06 15:37:51 +02:00
Martin Willi 0f89143b84 Parse unsupported TLS Hello extensions properly 2010-09-06 15:37:51 +02:00
Martin Willi 6cf85b35a4 Added TLS extension identifiers from RFC 3546 2010-09-06 15:37:51 +02:00
Tobias Brunner 3255e489be Of course, mark is also supported by pluto. 2010-09-06 12:04:26 +02:00
Tobias Brunner a674c79a37 mark_in and mark_out are also supported by pluto. 2010-09-06 11:53:59 +02:00
Martin Willi 4e68c1cfdc Do not propose (EC)DHE suites if we do not support them 2010-09-03 18:24:03 +02:00
Martin Willi 4254257f9d Offer only algorithms/suites we have a registered public key backend for 2010-09-03 18:11:03 +02:00
Martin Willi d987946e80 Added a final flag to builder registration to enumerate the actually supported algorithms 2010-09-03 18:09:48 +02:00
Martin Willi f9c0cf862c Fixed key type of ECDHE_RSA groups 2010-09-03 17:24:39 +02:00
Martin Willi 3f7bb88ba3 Use a dynamic curve enumerator to list/convert TLS named curves 2010-09-03 17:24:23 +02:00
Martin Willi f4c98ae664 Use ECDH group check where appropriate 2010-09-03 16:53:36 +02:00
Martin Willi 7d7711aba4 Added a generic function to check if a DH group is an EC group 2010-09-03 16:22:10 +02:00
Martin Willi 2066918da2 Add ECDHE enabled cipher suites, including ECDSA variants 2010-09-03 14:54:43 +02:00
Martin Willi 033fe95f0b Added support for a non-truncated SHA384 HMAC variant, as used by TLS 2010-09-03 14:54:43 +02:00
Martin Willi 4cdade5aae Select private key based on received cipher suites 2010-09-03 14:54:43 +02:00
Martin Willi 37a59a8fbf Support for EC curve Hello extension, EC curve fallback 2010-09-03 14:54:43 +02:00
Martin Willi 141d7f7abd Added server support for ECDHE key exchange 2010-09-03 14:54:43 +02:00
Martin Willi 5fc7297e38 Added client support for ECDHE key exchange 2010-09-03 14:54:43 +02:00