28649f6d91
libhydra: Remove empty unused library
2016-03-03 17:36:11 +01:00
4d83c5b4a6
Fix of the mutual TNC measurement use case
...
If the IKEv2 initiator acting as a TNC server receives invalid TNC measurements
from the IKEv2 responder acting as a TNC clienti, the exchange of PB-TNC batches
is continued until the IKEv2 responder acting as a TNC server has also finished
its TNC measurements.
In the past if these measurements in the other direction were correct
the IKEv2 responder acting as EAP server declared the IKEv2 EAP authentication
successful and the IPsec connection was established even though the TNC
measurement verification on the EAP peer side failed.
The fix adds an "allow" group membership on each endpoint if the corresponding
TNC measurements of the peer are successful. By requiring a "allow" group
membership in the IKEv2 connection definition the IPsec connection succeeds
only if the TNC measurements on both sides are valid.
2016-02-16 18:00:27 +01:00
a330f72ecf
Fixed AR identities in mutual TNC measurements case
2015-08-15 22:46:21 +02:00
328db935bb
eap-tnc: Free eap-tnc object if IKE_SA not found to get IPs
2015-03-25 13:24:37 +01:00
00cd79b678
Make access requestor IP address available to TNC server
2015-03-08 17:17:11 +01:00
4163421f91
plugins: Don't link with -rdynamic on Windows
2014-06-04 15:53:02 +02:00
8d59090349
Implemented PT-EAP protocol (RFC 7171)
2014-05-12 06:59:21 +02:00
d223fe807a
libcharon: Use lib->ns instead of charon->name
2014-02-12 14:34:32 +01:00
27bf5c06dc
check it specified IF-TNCCS protocol is enabled
2013-10-21 21:03:53 +02:00
3588299fb8
Keep a copy of the tnccs instance for PT-TLS handover
2013-10-09 19:03:07 +02:00
12b3db5006
moved tnc_imv plugin to libtnccs thanks to recommendation callback function
2013-08-15 23:34:22 +02:00
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
7867c1a315
Aligned AR Identity types to IF-IMV 1.4 R5 draft
2013-06-24 00:23:50 +02:00
2a421163bf
make TNC client authentication type available to IMVs
2013-02-12 20:38:05 +01:00
3e56352815
determine underlying IF-T transport protocol
2013-02-12 12:25:39 +01:00
ebb87f08f7
Make IKE/EAP IDs available to TNC server/client
2013-02-11 15:30:44 +01:00
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
22e97e4f1f
updated Copyright info
2012-07-13 10:42:40 +02:00
c9c3da66a8
removed unused variables
2012-07-11 23:15:44 +02:00
a04c51aea9
due to single fragment, total length does not have to be included
2012-07-11 17:09:04 +02:00
4492ffc907
EAP-TNC does not support fragmentation
2012-07-11 17:09:04 +02:00
5f540fd39c
missing references to daemon.h
2012-05-05 11:36:38 +02:00
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
326a94232d
Moved eap/xauth classes out of protocol specific subdirectories
2012-03-20 17:31:27 +01:00
15a682f4c2
Separated libcharon/sa directory with ikev1 and ikev2 subfolders
2012-03-20 17:31:26 +01:00
48e87e12ab
Revert "fixed integrity tests of plugins using libtls or libtnccs"
...
This reverts commit b597ac4a4c
2011-11-08 18:35:11 +01:00
b597ac4a4c
fixed integrity tests of plugins using libtls or libtnccs
2011-11-02 06:42:08 +01:00
f0a8bf47f7
refactored TNC framework
2011-10-25 01:10:16 +02:00
f21398fa84
Add features support to eap-tnc plugin
2011-10-14 21:14:49 +02:00
328b377efa
explicitly activate use of TNC headers
2011-06-07 12:19:32 +02:00
2778b6644b
do not include length field in non-fragmented EAP-PEAP packets
2011-04-21 19:52:49 +02:00
5b0bcfb1fc
Revert alloc_str changes
...
This reverts commit fdead26ffe3e2419ebe317ce69b47a
2011-04-21 13:35:31 +02:00
3e2419ebe3
Use thread save settings alloc_str function where appropriate
2011-04-21 10:48:16 +02:00
c55818ebb0
Added a (not yet implemented) plugin_t method to reload plugin configuration
2011-04-15 10:07:13 +02:00
787b5884aa
Added a get_name() function to plugin_t, create_plugin_enumerator enumerates over plugin_t
2011-04-15 10:07:12 +02:00
0e83847088
added get|set_identifier() methods to eap_tnc_t
2011-04-06 07:50:42 +02:00
f652995b21
implemented dynamic detection of TNCCS protocol
2011-01-31 00:59:17 +01:00
fe5ce8f3a2
select TNCCS protocol via charon.plugins.eap-tnc.protocol
2010-11-09 20:43:50 +01:00
8dcc56dcc0
created tnc-imc and tnc-imv plugins
2010-10-07 23:31:23 +02:00
4e8e74fcfa
moved TNCCS layer out of eap_tnc plugin
2010-09-28 23:34:04 +02:00
3f58022679
debug output of inbound and outbound TNCCS batches
2010-09-09 11:15:08 +02:00
48b8cbb206
send well-formed TNCCS-Batch
2010-09-08 13:44:34 +02:00
de29e3a683
max max_message_count configurable and move it into tls_eap_t
2010-09-08 12:58:45 +02:00
51b385d44d
moved tls_t existance test into tls_eap_create() again
2010-09-08 11:09:11 +02:00
d2b1d4378e
generalized tls_eap_t to support EAP_TNC wrapping the TNC_IF_TNCCS protocol
2010-09-08 11:01:53 +02:00
6ade82d5b7
fixed copy-and-paste errors
2010-08-30 15:42:44 +02:00
d93e2e5409
created an eap-tnc method hull
2010-08-30 15:36:34 +02:00
Tobias Brunner