48f4f9f667
pt-tls-server: Make TLS client authentication optional as appropriate
2021-02-18 15:41:52 +01:00
11a4687930
libtls: Add control flags and replace GENERIC_NULLOK purpose with one
2021-02-18 15:10:29 +01:00
602947d48a
pt-tls-server: Explicitly request client authentication if necessary
...
The PT_TLS_AUTH_TLS_OR_SASL case currently can't be implemented properly
as TLS authentication will be enforced if a client identity is configured
on the TLS server socket.
2021-02-18 12:49:54 +01:00
663969ddf7
libtls: Make min/max TLS version configurable
...
Except for the tls_test tool, the versions now default to those
configured in strongswan.conf.
2021-02-12 14:35:23 +01:00
a7f2818832
tls-socket: Allow configuring both minimum and maximum TLS versions
2021-02-12 11:45:44 +01:00
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
02b348403a
Fixed some typos, courtesy of codespell
2019-04-29 15:09:20 +02:00
de80946f6a
Remove useless break statements
2018-11-12 17:36:22 +01:00
784d96e031
Fixed some typos, courtesy of codespell
2018-09-17 18:51:44 +02:00
2ad1df9571
Replace 'inacceptable' with the more common 'unacceptable'
2018-06-28 18:46:42 +02:00
2db6d5b8b3
Fixed some typos, courtesy of codespell
2018-02-13 12:19:54 +01:00
95a63bf281
Migrate all enumerators to venumerate() interface change
2017-05-26 13:56:44 +02:00
b031593641
libtpmtss: Added to integrity checks
2016-06-26 18:19:05 +02:00
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
a330f72ecf
Fixed AR identities in mutual TNC measurements case
2015-08-15 22:46:21 +02:00
161a015782
utils: Use chunk_equals_const() for all cryptographic purposes
2015-04-14 12:02:51 +02:00
17c17665cb
libpttls: Link against ws_w32 on Windows
2014-06-04 15:53:05 +02:00
3a726816a2
Increased maximum PT-TLS message size to 2MB
2014-05-31 20:37:56 +02:00
e15f64cc81
tls: Support a maximum TLS version to negotiate using TLS socket abstraction
2014-04-01 14:28:55 +02:00
5313880261
tls: Support a null encryption flag on TLS socket abstraction
2014-04-01 14:28:55 +02:00
dd438ee22c
Doxygen fixes
2013-10-15 11:25:55 +02:00
9af44ef5d9
Build all shared libraries with -no-undefined and link them properly
...
The flag is required to convince libtool on Cygwin to build DLLs. But on
Windows these shared libraries can not have undefined symbols, so we have to
link them explicitly to the libraries they reference.
For plugins this is currently not done, so only the monolithic build is
supported. The plugin loader wouldn't be able to load DLLs anyway, as
it tries to load files that don't exist on Cygwin.
2013-09-12 01:44:49 +02:00
1e92d5f114
Process PB-TNC batches received via PT-TLS asynchronously
2013-08-19 09:52:12 +02:00
e689de6b8c
Optimized PT-TLS data transfer
2013-08-15 23:34:23 +02:00
0a09b02dcf
Set client identity with TLS certificate authentication
2013-08-15 23:34:23 +02:00
9cc606d22a
Fixed memory leak in SASL PLAIN
2013-08-15 23:34:23 +02:00
7c027f7983
Use client identities from successful authentications, only
2013-08-15 23:34:23 +02:00
97b1d39de5
Extract client identity and authentication type from SASL authentication
2013-08-15 23:34:22 +02:00
6d6100c2bc
Added some debug statements
2013-08-15 23:34:22 +02:00
e8f65c5cde
Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon plugins to libtnccs
2013-08-15 23:34:22 +02:00
180a2f2642
rapid PT-TLS AR/PDP prototype
2013-08-15 23:34:22 +02:00
0ceb288815
Fix various API doc issues and typos
...
Partially based on an old patch by Adrian-Ken Rueegsegger.
2013-07-18 18:30:36 +02:00
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
5cb4f5519b
Added missing sasl Doxygen group
2013-04-05 16:03:39 +02:00
2467c46856
libpttls: Destroy reader when handling errors during SASL
2013-03-25 18:33:57 +01:00
7d70a14779
Merge branch 'pt-tls'
2013-03-07 14:10:50 +01:00
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
61f1693df1
Support different authentication schemes for PT-TLS
2013-02-28 16:46:08 +01:00
2ae0c9e618
Implement a SASL PLAIN mechanism using shared secrets
2013-02-28 16:46:07 +01:00
66d8fd690c
Implement SASL authentication in PT-TLS client
2013-02-28 16:46:07 +01:00
3542c4f18a
Implement SASL authentication in PT-TLS server
2013-02-28 16:46:07 +01:00
5b1a10836c
Define PT-TLS SASL result codes
2013-02-28 16:46:07 +01:00
4a801beb3e
Define an interface for SASL mechanisms and provide a static factory
2013-02-28 16:46:07 +01:00
806126eab2
Pass a client identity to pt_tls_client, usable for TLS or SASL authentication
2013-02-28 16:46:07 +01:00
55854ecc25
Don't close underlying file descriptor before destroying a tls_socket
...
tls_socket cleanup usually sends a TLS close notify, for which it uses a valid
socket.
2013-02-28 16:46:07 +01:00
f838f457a8
resolve dependency on libtls
2013-02-14 17:15:33 +01:00
a9df87bf89
PT-TLS dispatcher TNCCS constructor takes peer identities to pass to factory
2013-02-14 17:09:28 +01:00
16ef69d70a
Pass a constructor callback to create TNCCS server instances while dispatching
2013-01-17 16:34:34 +01:00
04a9a99bc1
Create pt_tls_client with separate server address and identity
2013-01-16 16:36:57 +01:00
bb5037a5e5
Create pt_tls_dispatcher with separate server address and identity
2013-01-16 15:02:14 +01:00
Tobias Brunner