{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":1031235,"defaultBranch":"master","name":"strongswan","ownerLogin":"strongswan","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2010-10-28T08:57:10.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/457671?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1717689687.0","currentOid":""},"activityList":{"items":[{"before":null,"after":"c245ad242eddb8277af66c8bba921a65d5227a69","ref":"refs/heads/multi-ke","pushedAt":"2024-06-06T16:01:27.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"testing: Add ikev2/rw-cert-multi-ke scenario","shortMessageHtmlLink":"testing: Add ikev2/rw-cert-multi-ke scenario"}},{"before":"8e88d562064821bbb30e831906e1feed11016389","after":"59587783ff493804d26148046f78a489e88881f9","ref":"refs/heads/master","pushedAt":"2024-05-28T13:17:26.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"cirrus: Explicitly install tpm2-tss-sys package on Alpine\n\nThe libraries were previously shipped with the -dev package.","shortMessageHtmlLink":"cirrus: Explicitly install tpm2-tss-sys package on Alpine"}},{"before":"59587783ff493804d26148046f78a489e88881f9","after":null,"ref":"refs/heads/aws-lc-update","pushedAt":"2024-05-28T13:17:21.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"}},{"before":null,"after":"cc53a5c10f9e5e333a1833b75d0784dcd4010593","ref":"refs/heads/2263-mem-pool-base","pushedAt":"2024-05-28T07:55:51.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"mem-pool: Adjust the base address if it's the network ID\n\nInstead of just adding the offset internally, this way the reported\nbase address is always the first assignable address (e.g. for\n192.168.0.0/24 vs. 192.168.0.1/24).","shortMessageHtmlLink":"mem-pool: Adjust the base address if it's the network ID"}},{"before":"fc6556fd18933deeb015343c34a2c80fd2c76383","after":"59587783ff493804d26148046f78a489e88881f9","ref":"refs/heads/aws-lc-update","pushedAt":"2024-05-27T12:09:17.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"cirrus: Explicitly install tpm2-tss-sys package on Alpine\n\nThe libraries were previously shipped with the -dev package.","shortMessageHtmlLink":"cirrus: Explicitly install tpm2-tss-sys package on Alpine"}},{"before":null,"after":"fc6556fd18933deeb015343c34a2c80fd2c76383","ref":"refs/heads/aws-lc-update","pushedAt":"2024-05-27T08:42:56.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"github: Use AWS-LC 1.28.0 for tests","shortMessageHtmlLink":"github: Use AWS-LC 1.28.0 for tests"}},{"before":"cd21f40554285fcb4d8726298c07aee3edd2a57e","after":"a8c9f08a6085b259461fb323525e746137d75d78","ref":"refs/heads/sa-dir","pushedAt":"2024-05-17T12:24:24.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"kernel-netlink: Set replay window 0 if kernel supports SA direction attribute\n\nThe kernel now allows a 0 replay window with ESN for SAs that are\nexplicitly tagged as outbound SAs.  But not just that, it actually\nrejects outbound SAs with replay windows > 0.  So we add a version check\nto control the replay window size.  Note that adding the attribute\nunconditionally would be fine even for older kernels, but if somebody\nbackports the direction patches, the installation of outbound SAs might\nfail if the replay window is not adjusted accordingly.","shortMessageHtmlLink":"kernel-netlink: Set replay window 0 if kernel supports SA direction a…"}},{"before":"287ef047a9f4213f377302e6cb70d52a6427878a","after":"8e88d562064821bbb30e831906e1feed11016389","ref":"refs/heads/master","pushedAt":"2024-05-17T12:05:28.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"x509: Encode challenge passwords as PrintableString if possible\n\nAs recommended by RFC 2985, section 5.4.1:\n\n  ChallengePassword attribute values generated in accordance with this\n  version of this document SHOULD use the PrintableString encoding\n  whenever possible.  If internationalization issues make this\n  impossible, the UTF8String alternative SHOULD be used.\n\nEven though the RFC continues with\n\n  PKCS #9-attribute processing systems MUST be able to recognize and\n  process all string types in DirectoryString values.\n\nthere might be older SCEP server implementations that don't accept\nUTF8String-encoded passwords.  In particular because previous versions of\nPKCS#9 defined this attribute's type as a CHOICE between PrintableString\nand T61String.\n\nReferences strongswan/strongswan#1831","shortMessageHtmlLink":"x509: Encode challenge passwords as PrintableString if possible"}},{"before":"52899840530fc8f689f105ac541aad20efa8f59b","after":null,"ref":"refs/heads/1831-scep-pw-encoding","pushedAt":"2024-05-17T12:04:52.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"}},{"before":"5c796e4c782476af1dcefb1bc813839fed4d0eae","after":null,"ref":"refs/heads/vsock-stream","pushedAt":"2024-05-17T12:01:09.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"}},{"before":"cdc2656a6ba544acba6fc959caca099df80d1e9b","after":null,"ref":"refs/heads/ike-cfg-port-match","pushedAt":"2024-05-17T11:59:29.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"}},{"before":null,"after":"e29fc178484ecd3ac671d29065ec0a59c6e464d1","ref":"refs/heads/2222-json-filelog","pushedAt":"2024-05-17T11:38:16.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"file-logger: Add option to log messages as JSON objects","shortMessageHtmlLink":"file-logger: Add option to log messages as JSON objects"}},{"before":null,"after":"259188e8f1897c5eac94792e93865f68c33fb8b7","ref":"refs/heads/eap-identities","pushedAt":"2024-05-16T14:51:27.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"testing: Make RADIUS server enforce client identity in certificate's CN","shortMessageHtmlLink":"testing: Make RADIUS server enforce client identity in certificate's CN"}},{"before":"0dfe3097ac456a8f5cb26946b9380f33ebfaf888","after":"d80b0ca104e66c3e192d59d2c5f404957a031bba","ref":"refs/heads/per-cpu-sas-poc","pushedAt":"2024-05-07T10:01:11.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"Revert \"wip: tests adapted for different SA cache\"\n\nThis reverts commit 942c696a9214d3a4442ed5b7151f62485e6d1bce.","shortMessageHtmlLink":"Revert \"wip: tests adapted for different SA cache\""}},{"before":"8a2a6eae11accd8c0609c3b7a6e85fa63b7567f5","after":"cd21f40554285fcb4d8726298c07aee3edd2a57e","ref":"refs/heads/sa-dir","pushedAt":"2024-05-07T10:00:58.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"wip: kernel-netlink: Set replay window 0 if kernel supports SA direction attribute\n\nThe kernel now allows a 0 replay window for outbound SAs with ESN, however,\nit also rejects such SAs with replay windows > 0.\n\nwip: kernel version check","shortMessageHtmlLink":"wip: kernel-netlink: Set replay window 0 if kernel supports SA direct…"}},{"before":null,"after":"f737e2a1ae157c2e82c03ac5f9a3f8b870dd7b83","ref":"refs/heads/2230-nm-routing-table","pushedAt":"2024-05-03T13:35:44.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"charon-nm: Use a different routing table than the regular IKE daemon\n\nIf the regular daemon is running, it creates an unconditional routing\nrule for the routing table.  The rule created by charon-nm, which\nexcludes marked IKE/ESP traffic to avoid a routing loop, won't have any\neffect.","shortMessageHtmlLink":"charon-nm: Use a different routing table than the regular IKE daemon"}},{"before":null,"after":"5c796e4c782476af1dcefb1bc813839fed4d0eae","ref":"refs/heads/vsock-stream","pushedAt":"2024-05-01T15:09:25.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"streams: Add ability to listen on any VSOCK CID\n\nCan be useful if the CID inside the VM is not known.\n\nThe \\htmlonly\\endhtmlonly hack is used to avoid compiler warnings due\nto /* inside a block comment.","shortMessageHtmlLink":"streams: Add ability to listen on any VSOCK CID"}},{"before":null,"after":"52899840530fc8f689f105ac541aad20efa8f59b","ref":"refs/heads/1831-scep-pw-encoding","pushedAt":"2024-04-30T14:53:50.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"x509: Encode challenge passwords as PrintableString if possible\n\nAs recommended by RFC 2985, section 5.4.1:\n\n  ChallengePassword attribute values generated in accordance with this\n  version of this document SHOULD use the PrintableString encoding\n  whenever possible.  If internationalization issues make this\n  impossible, the UTF8String alternative SHOULD be used.\n\nEven though the RFC continues with\n\n  PKCS #9-attribute processing systems MUST be able to recognize and\n  process all string types in DirectoryString values.\n\nthere might be older SCEP server implementations that don't accept\nUTF8String-encoded passwords.  In particular because previous versions of\nPKCS#9 defined this attribute's type as a CHOICE between PrintableString\nand T61String.","shortMessageHtmlLink":"x509: Encode challenge passwords as PrintableString if possible"}},{"before":null,"after":"8a2a6eae11accd8c0609c3b7a6e85fa63b7567f5","ref":"refs/heads/sa-dir","pushedAt":"2024-04-30T13:56:20.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"wip: kernel-netlink: Set replay window 0 if kernel supports SA direction attribute\n\nThe kernel now allows a 0 replay window for outbound SAs with ESN, however,\nit also rejects such SAs with replay windows > 0.\n\nwip: kernel version check","shortMessageHtmlLink":"wip: kernel-netlink: Set replay window 0 if kernel supports SA direct…"}},{"before":"f8e6fd30de25fa350f55bf1dc1e0c02b1c50460b","after":"287ef047a9f4213f377302e6cb70d52a6427878a","ref":"refs/heads/master","pushedAt":"2024-04-29T15:40:57.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"github: Use tpm2-tss 3.2.3 for tests","shortMessageHtmlLink":"github: Use tpm2-tss 3.2.3 for tests"}},{"before":"287ef047a9f4213f377302e6cb70d52a6427878a","after":null,"ref":"refs/heads/tss2-update","pushedAt":"2024-04-29T15:40:50.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"}},{"before":null,"after":"287ef047a9f4213f377302e6cb70d52a6427878a","ref":"refs/heads/tss2-update","pushedAt":"2024-04-29T14:11:16.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"github: Use tpm2-tss 3.2.3 for tests","shortMessageHtmlLink":"github: Use tpm2-tss 3.2.3 for tests"}},{"before":"8646664ddefab3bdd9338c231aa0cda50355ff2f","after":"429e27c55148b8a4f009c07651ab3435fa5e2efe","ref":"refs/heads/openssl-update","pushedAt":"2024-04-17T13:54:56.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"wip: github: Use OpenSSL 3.3.0 for tests\n\nwip: Android's static build fails because of a symbol issue (there is an\nissue and an open PR)","shortMessageHtmlLink":"wip: github: Use OpenSSL 3.3.0 for tests"}},{"before":"5f99a28381735cdc040e6092311062b4a88d67f2","after":"f8e6fd30de25fa350f55bf1dc1e0c02b1c50460b","ref":"refs/heads/master","pushedAt":"2024-04-15T16:32:16.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"gitignore: Don't ignore proposal_keywords.c\n\nIf somebody copies our .gitignore and tries to import the source code,\nthe proposal_keywords.c file will not be added as it's ignored by the\n`*keywords.c` pattern we use to ignore gperf-generated source files.\n\nCloses strongswan/strongswan#2014","shortMessageHtmlLink":"gitignore: Don't ignore proposal_keywords.c"}},{"before":null,"after":"cdc2656a6ba544acba6fc959caca099df80d1e9b","ref":"refs/heads/ike-cfg-port-match","pushedAt":"2024-04-15T08:40:15.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"ike-cfg: Consider port information in IKE config match\n\nSigned-off-by: Thomas Egerer <thomas.egerer@secunet.com>","shortMessageHtmlLink":"ike-cfg: Consider port information in IKE config match"}},{"before":"3a2017032451aecb2921d19684f8fde8e8893428","after":"5f99a28381735cdc040e6092311062b4a88d67f2","ref":"refs/heads/master","pushedAt":"2024-04-15T07:51:10.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"mem-pool: Reject the creation of unintentionally empty pools\n\nIf a base address is configured, we don't expect the pool to be empty,\nso reject the creation (e.g. with the broadcast address as base).\n\nReferences strongswan/strongswan#2205","shortMessageHtmlLink":"mem-pool: Reject the creation of unintentionally empty pools"}},{"before":"eb1cc12cb95a8cf8484d8b12903ef8321e59d468","after":null,"ref":"refs/heads/2205-mem-pool","pushedAt":"2024-04-15T07:50:59.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"}},{"before":"907079bd135a8167d541363ef3ab2f2c3b6860d8","after":null,"ref":"refs/heads/aws-lc-update","pushedAt":"2024-04-15T07:40:18.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"}},{"before":null,"after":"907079bd135a8167d541363ef3ab2f2c3b6860d8","ref":"refs/heads/aws-lc-update","pushedAt":"2024-04-12T12:59:46.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"Use AWS-LC 1.24.0 for tests","shortMessageHtmlLink":"Use AWS-LC 1.24.0 for tests"}},{"before":null,"after":"eb1cc12cb95a8cf8484d8b12903ef8321e59d468","ref":"refs/heads/2205-mem-pool","pushedAt":"2024-04-12T12:19:45.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"tobiasbrunner","name":"Tobias Brunner","path":"/tobiasbrunner","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/457648?s=80&v=4"},"commit":{"message":"mem-pool: Reject the creation of unintentionally empty pools\n\nIf a base address is configured, we don't expect the pool to be empty,\nso reject the creation (e.g. with the broadcast address as base).","shortMessageHtmlLink":"mem-pool: Reject the creation of unintentionally empty pools"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEXmKIwgA","startCursor":null,"endCursor":null}},"title":"Activity · strongswan/strongswan"}