Tobias Brunner
48f4f9f667
pt-tls-server: Make TLS client authentication optional as appropriate
2021-02-18 15:41:52 +01:00
Tobias Brunner
11a4687930
libtls: Add control flags and replace GENERIC_NULLOK purpose with one
2021-02-18 15:10:29 +01:00
Tobias Brunner
602947d48a
pt-tls-server: Explicitly request client authentication if necessary
...
The PT_TLS_AUTH_TLS_OR_SASL case currently can't be implemented properly
as TLS authentication will be enforced if a client identity is configured
on the TLS server socket.
2021-02-18 12:49:54 +01:00
Tobias Brunner
663969ddf7
libtls: Make min/max TLS version configurable
...
Except for the tls_test tool, the versions now default to those
configured in strongswan.conf.
2021-02-12 14:35:23 +01:00
Tobias Brunner
a7f2818832
tls-socket: Allow configuring both minimum and maximum TLS versions
2021-02-12 11:45:44 +01:00
Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Tobias Brunner
02b348403a
Fixed some typos, courtesy of codespell
2019-04-29 15:09:20 +02:00
Tobias Brunner
de80946f6a
Remove useless break statements
2018-11-12 17:36:22 +01:00
Tobias Brunner
784d96e031
Fixed some typos, courtesy of codespell
2018-09-17 18:51:44 +02:00
Tobias Brunner
2ad1df9571
Replace 'inacceptable' with the more common 'unacceptable'
2018-06-28 18:46:42 +02:00
Tobias Brunner
2db6d5b8b3
Fixed some typos, courtesy of codespell
2018-02-13 12:19:54 +01:00
Tobias Brunner
95a63bf281
Migrate all enumerators to venumerate() interface change
2017-05-26 13:56:44 +02:00
Andreas Steffen
b031593641
libtpmtss: Added to integrity checks
2016-06-26 18:19:05 +02:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Andreas Steffen
a330f72ecf
Fixed AR identities in mutual TNC measurements case
2015-08-15 22:46:21 +02:00
Martin Willi
161a015782
utils: Use chunk_equals_const() for all cryptographic purposes
2015-04-14 12:02:51 +02:00
Martin Willi
17c17665cb
libpttls: Link against ws_w32 on Windows
2014-06-04 15:53:05 +02:00
Andreas Steffen
3a726816a2
Increased maximum PT-TLS message size to 2MB
2014-05-31 20:37:56 +02:00
Martin Willi
e15f64cc81
tls: Support a maximum TLS version to negotiate using TLS socket abstraction
2014-04-01 14:28:55 +02:00
Martin Willi
5313880261
tls: Support a null encryption flag on TLS socket abstraction
2014-04-01 14:28:55 +02:00
Tobias Brunner
dd438ee22c
Doxygen fixes
2013-10-15 11:25:55 +02:00
Tobias Brunner
9af44ef5d9
Build all shared libraries with -no-undefined and link them properly
...
The flag is required to convince libtool on Cygwin to build DLLs. But on
Windows these shared libraries can not have undefined symbols, so we have to
link them explicitly to the libraries they reference.
For plugins this is currently not done, so only the monolithic build is
supported. The plugin loader wouldn't be able to load DLLs anyway, as
it tries to load files that don't exist on Cygwin.
2013-09-12 01:44:49 +02:00
Andreas Steffen
1e92d5f114
Process PB-TNC batches received via PT-TLS asynchronously
2013-08-19 09:52:12 +02:00
Andreas Steffen
e689de6b8c
Optimized PT-TLS data transfer
2013-08-15 23:34:23 +02:00
Andreas Steffen
0a09b02dcf
Set client identity with TLS certificate authentication
2013-08-15 23:34:23 +02:00
Andreas Steffen
9cc606d22a
Fixed memory leak in SASL PLAIN
2013-08-15 23:34:23 +02:00
Andreas Steffen
7c027f7983
Use client identities from successful authentications, only
2013-08-15 23:34:23 +02:00
Andreas Steffen
97b1d39de5
Extract client identity and authentication type from SASL authentication
2013-08-15 23:34:22 +02:00
Andreas Steffen
6d6100c2bc
Added some debug statements
2013-08-15 23:34:22 +02:00
Andreas Steffen
e8f65c5cde
Moved tnc-tnccs, tnc-imc, tnccs-11, tnccs-20 and tnccs-dynamic libcharon plugins to libtnccs
2013-08-15 23:34:22 +02:00
Andreas Steffen
180a2f2642
rapid PT-TLS AR/PDP prototype
2013-08-15 23:34:22 +02:00
Tobias Brunner
0ceb288815
Fix various API doc issues and typos
...
Partially based on an old patch by Adrian-Ken Rueegsegger.
2013-07-18 18:30:36 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Tobias Brunner
5cb4f5519b
Added missing sasl Doxygen group
2013-04-05 16:03:39 +02:00
Tobias Brunner
2467c46856
libpttls: Destroy reader when handling errors during SASL
2013-03-25 18:33:57 +01:00
Martin Willi
7d70a14779
Merge branch 'pt-tls'
2013-03-07 14:10:50 +01:00
Tobias Brunner
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
Martin Willi
61f1693df1
Support different authentication schemes for PT-TLS
2013-02-28 16:46:08 +01:00
Martin Willi
2ae0c9e618
Implement a SASL PLAIN mechanism using shared secrets
2013-02-28 16:46:07 +01:00
Martin Willi
66d8fd690c
Implement SASL authentication in PT-TLS client
2013-02-28 16:46:07 +01:00
Martin Willi
3542c4f18a
Implement SASL authentication in PT-TLS server
2013-02-28 16:46:07 +01:00
Martin Willi
5b1a10836c
Define PT-TLS SASL result codes
2013-02-28 16:46:07 +01:00
Martin Willi
4a801beb3e
Define an interface for SASL mechanisms and provide a static factory
2013-02-28 16:46:07 +01:00
Martin Willi
806126eab2
Pass a client identity to pt_tls_client, usable for TLS or SASL authentication
2013-02-28 16:46:07 +01:00
Martin Willi
55854ecc25
Don't close underlying file descriptor before destroying a tls_socket
...
tls_socket cleanup usually sends a TLS close notify, for which it uses a valid
socket.
2013-02-28 16:46:07 +01:00
Andreas Steffen
f838f457a8
resolve dependency on libtls
2013-02-14 17:15:33 +01:00
Martin Willi
a9df87bf89
PT-TLS dispatcher TNCCS constructor takes peer identities to pass to factory
2013-02-14 17:09:28 +01:00
Martin Willi
16ef69d70a
Pass a constructor callback to create TNCCS server instances while dispatching
2013-01-17 16:34:34 +01:00
Martin Willi
04a9a99bc1
Create pt_tls_client with separate server address and identity
2013-01-16 16:36:57 +01:00
Martin Willi
bb5037a5e5
Create pt_tls_dispatcher with separate server address and identity
2013-01-16 15:02:14 +01:00