Martin Willi
8d74ec9e80
ike: Add an additional but separate AEAD proposal to CHILD config
...
This currently has no effect: We don't include AEAD algorithms in the default
ESP proposal, as we don't know if it is supported by the backend. But as we
hopefully get an algorithm query mechanism on kernel interfaces some day, we
add the appropriate functionality nonetheless.
2014-05-16 16:51:19 +02:00
Martin Willi
879e3d12ca
ike: Add an additional but separate AEAD proposal to IKE config, if supported
2014-05-16 16:51:19 +02:00
Tobias Brunner
1c306c0ee9
libcharon: Remove unused charon->name
2014-02-12 14:34:33 +01:00
Tobias Brunner
10c4f4e1fd
libhydra: Remove unused hydra->daemon
2014-02-12 14:34:32 +01:00
Tobias Brunner
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
Martin Willi
10900ed7e7
charon-xpc: Set AUTH_RULE_IDENTITY_LOOSE on responder config
...
This allows the server to use a different IKE identity as long as the
configured hostname is contained in the certificate.
2013-11-01 12:05:48 +01:00
Martin Willi
1ba47fa565
charon-xpc: Load missing eap-md5 plugin after enabling it
2013-10-28 15:18:11 +01:00
Martin Willi
9f2a4d3315
charon-xpc: Disable warnings about deprecated functions
...
This avoids all the deprecated warnings when using OpenSSL functins.
2013-10-28 14:51:59 +01:00
Martin Willi
f5ea7d781f
charon-xpc: Avoid -all_load linker flag
...
This seems to be not required anymore with the LLVM 5 toolchain.
2013-10-28 14:51:51 +01:00
Martin Willi
a1c2ed8820
charon-xpc: Properly xpc_retain() connections we xpc_release()
2013-10-28 14:51:40 +01:00
Martin Willi
888d8d73ab
charon-xpc: Properly cast SA identifier to uintptr representation
2013-10-28 14:51:28 +01:00
Martin Willi
3e40dbb128
charon-xpc: Don’t build against libvstr anymore
...
We now have our own printf backend and use it instead of Vstr.
2013-10-28 14:51:03 +01:00
Martin Willi
6a3cfbdc0d
charon-xpc: Build with EAP-MD5 support
2013-10-28 14:49:19 +01:00
Martin Willi
3070697f9f
ike: support multiple addresses, ranges and subnets in IKE address config
...
Replace the allowany semantic by a more powerful subnet and IP range matching.
Multiple addresses, DNS names, subnets and ranges can be specified in a comma
separated list. Initiators ignore the ranges/subnets, responders match
configurations against all addresses, ranges and subnets.
2013-09-04 10:38:37 +02:00
Martin Willi
9aeaa7396e
peer-cfg: add a pull/push mode option to use with mode config
2013-09-04 10:33:37 +02:00
Martin Willi
a0cd955f42
charon-xpc: add a note how to build the source tarball
2013-08-29 12:28:54 +02:00
Martin Willi
74ee1120d7
charon-xpc: include and prefer AES-GCM algorithms in ESP proposal
2013-08-29 11:37:07 +02:00
Martin Willi
8fa7c5c191
charon-xpc: load missing ctr/ccm/gcm plugins
2013-07-31 16:28:11 +02:00
Martin Willi
aafb6fa6c2
charon-xpc: use kernel-libipsec instead of kernel-pfkey
2013-07-31 11:41:37 +02:00
Martin Willi
546235d34c
charon-xpc: fix TS getting after changing CHILD_SA API
2013-07-31 11:41:31 +02:00
Tobias Brunner
146fa8b2d3
charon-xpc: Use correct namespace when setting default settings
2013-07-22 17:44:37 +02:00
Tobias Brunner
0ceb288815
Fix various API doc issues and typos
...
Partially based on an old patch by Adrian-Ken Rueegsegger.
2013-07-18 18:30:36 +02:00
Martin Willi
b9c47eae06
xpc: allow easy copy & pase of ./configure instructions
2013-07-18 12:17:56 +02:00
Martin Willi
7f1adbe94e
xpc: use -idirafter to build against openssl headers from /usr/include
2013-07-18 12:17:56 +02:00
Martin Willi
06e8712cb3
xpc: forward some risen alerts over XPC to App
2013-07-18 12:17:56 +02:00
Martin Willi
e7ee45ef38
xpc: enable close_ike_on_child_failure
2013-07-18 12:17:56 +02:00
Martin Willi
e37c5d46d3
xpc: send a "connecting" event when establishing a connection starts
2013-07-18 12:17:56 +02:00
Martin Willi
3ffa310c44
xpc: use osx-attr plugin to install configuration attributes
2013-07-18 12:17:56 +02:00
Martin Willi
c7ac7f92e9
xpc: update README with new events, markdown style fixes
2013-07-18 12:17:55 +02:00
Martin Willi
4edcc86149
xpc: send child_updown events over XPC channel
2013-07-18 12:17:55 +02:00
Martin Willi
d60c8d2c74
xpc: support termination of IKE_SAs using XPC RPC on connection channel
2013-07-18 12:17:55 +02:00
Martin Willi
790ad9e677
xpc: move XPC RPC reply creation to command dispatching
2013-07-18 12:17:55 +02:00
Martin Willi
a0c125eacb
xpc: terminate daemon when last XPC connection to App gone
2013-07-18 12:17:55 +02:00
Martin Willi
6aae6268d7
xpc: fix some refcounting issues related to XPC connections
2013-07-18 12:17:55 +02:00
Martin Willi
22bffc647d
xpc: no need to clear channel table, they are bound to IKE_SA lifetime
2013-07-18 12:17:55 +02:00
Martin Willi
1a3f71d97a
xpc: add support for logging over XPC channels
2013-07-18 12:17:55 +02:00
Martin Willi
fbc89786b5
xpc: don't warn about pointer signedness mismatch (-Wno-pointer-sign)
2013-07-18 12:17:55 +02:00
Martin Willi
dcf8a3c78b
xpc: add a description of the basic XPC protocol to README
2013-07-18 12:17:55 +02:00
Martin Willi
d5966e71e9
xpc: use the same XPC message "type" mechanism on Mach service as on channels
2013-07-18 12:17:55 +02:00
Martin Willi
39d15dde67
xpc: ask App for passwords using connection specific channel
2013-07-18 12:17:55 +02:00
Martin Willi
8279ce99c4
xpc: use IKE_SA specific XPC return channels for further communication
2013-07-18 12:17:55 +02:00
Martin Willi
bc74e18223
xpc: don't send certificate requests, there are too many when using keychain
2013-07-18 12:17:55 +02:00
Martin Willi
5016370390
xpc: build with support for the keychain plugin
2013-07-18 12:17:55 +02:00
Martin Willi
e73a653451
xpc: add support for initiate simple IKEv2 EAP connections
2013-07-18 12:17:54 +02:00
Martin Willi
3dcc9d7aa7
xpc: move dispatching to dedicated class, using dedicated thread
2013-07-18 12:17:54 +02:00
Martin Willi
4204d1d71a
xpc: use non-inlining variant of vstr, compiler does not like it
2013-07-18 12:17:54 +02:00
Martin Willi
6f8c626b81
xpc: add Xcode project for a charon controlled through XPC
2013-07-18 12:17:54 +02:00