Andreas Steffen
|
7ea87db00d
|
added some more TLS debug output
|
2010-08-05 09:51:05 +02:00 |
Andreas Steffen
|
7030e3950a
|
fixed type in cipher suite list build
|
2010-08-05 01:26:10 +02:00 |
Andreas Steffen
|
4657b3a42a
|
log selected TLS version and cipher suite
|
2010-08-05 01:21:59 +02:00 |
Andreas Steffen
|
289c9ac3d7
|
log TLS handshake messages in debug level 2
|
2010-08-04 16:55:55 +02:00 |
Tobias Brunner
|
744b83c7c9
|
Fixed loading of secrets with IDs.
Since the ID string is manually terminated by a null character, write
permission is required for the mmapped ipsec.secrets.
|
2010-08-04 16:03:46 +02:00 |
Tobias Brunner
|
dca2d89209
|
Fixed loading of private keys without password.
The chunk storing the password was not correctly initialized, resulting
in a segmentation fault when no password was specified in ipsec.secrets.
|
2010-08-04 14:22:48 +02:00 |
Tobias Brunner
|
83628fd600
|
Accept EAP_ONLY_AUTHENTICATION notifies from any client, now that IANA allocated an ID.
|
2010-08-04 12:58:53 +02:00 |
Andreas Steffen
|
8e7920eea1
|
generated aaa certificate
|
2010-08-04 12:44:47 +02:00 |
Tobias Brunner
|
12549bedea
|
IKEv2 notification types updated.
|
2010-08-04 10:06:00 +02:00 |
Martin Willi
|
e82186fb5a
|
Reimplemented mem pool to support multiple leases for a single identity
|
2010-08-04 09:49:59 +02:00 |
Martin Willi
|
6e4f4d2fdf
|
Save/Load state of PKCS#11 hasher
|
2010-08-04 09:26:22 +02:00 |
Martin Willi
|
83e52fd12d
|
Register hmac/xcbc algorithms after potentially underlying PKCS#11
|
2010-08-04 09:26:22 +02:00 |
Martin Willi
|
a3aeb89227
|
Do initial slot enumeration manually
|
2010-08-04 09:26:22 +02:00 |
Martin Willi
|
0f0fc891d8
|
Implemented hasher_t using PKCS#11
|
2010-08-04 09:26:22 +02:00 |
Martin Willi
|
66267ea515
|
Defer certificate loading until all PKCS#11 modules are loaded
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
65858b83f8
|
Destroy IKE_SA Managers crypto primitives during flush, the plugins are gone in destroy
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
5a27bf8ad8
|
Provide a public PKCS#11 mechanism enumerator
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
efab731338
|
Added PKCS#11 private key support to the pki tool
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
089d554a01
|
The pki tool uses a callback credential set to read in passphrase/PIN
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
0d08ebe7ac
|
Pass type of requested key in the callback credential set
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
af007ed68a
|
Support PKCS#11 keys requiring reauthentication for each operation
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
199b17122d
|
Do not try to log in if we already have a user session
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
15177f5785
|
Obseleted BUILD_PASSPHRASE(_CALLBACK) for private key loading, use credential sets
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
3429be9514
|
Use a dedicated build part for challenge passwords, BUILD_PASSPHRASE gets obsolete
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
0556667dca
|
Use credential sets to load smartcard keys
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
70789d28a1
|
Handle PIN: as a magic keyword for prompt, use getpass() to silently read credentials
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
62be923683
|
Implemented a callback based credential set, currently for shared keys only
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
0749e91bec
|
Implemented a generic in-memory credential set, currently for shared keys only
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
9587ece534
|
mmap() ipsec.secrets instead malloc(), proper error checking
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
947298b302
|
Splitted up the load_secrets() function
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
1e4e29076c
|
Updated ipsec.secrets.5 regarding IKEv2 smartcard support
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
57522106c4
|
%prompt support for smartcard PIN via "ipsec secrets"
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
a0bdd5d63e
|
Implemented callback PIN invocation for PKCS#11 login
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
7afc00d03c
|
Implemented keyid discovery on all modules/slots
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
0b8b664056
|
Pass the PKCS11 keyid as chunk, not as string
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
353d10d590
|
Reuse generic passphrase build part, not a dedicated PIN part
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
5f1e4438cb
|
Implemented private key on top of a PKCS#11 token
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
d007ce3206
|
Extended the PKCS#11 object enumerator by attribute retrieval
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
ddbac66028
|
Use the PKCS#11 object enumerator
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
9baa41c52d
|
Implemented a generic PKCS#11 object enumerator
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
cd251d9a21
|
Unload plugins in reverse order
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
3479c27931
|
Support module names in %smartcard specifier, streamlined smartcard building
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
36c852a08b
|
Added enumerator for PKCS#11 tokens
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
fe876b24d9
|
Handle NOT_SUPPORT return value from WaitForSlot
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
66033012c9
|
Reenabled dlclose
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
a6d2ec331b
|
Implemented a credential set on top of a PKCS#11 token
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
50a9e84540
|
Added NSPR PR_CallOnce to leak detective whitelist
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
044e0dd1b1
|
Added buffer checking variants of syslog functions to leak detective
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
c281a427e0
|
Moved gmp plugin before users of it
|
2010-08-04 09:26:19 +02:00 |
Martin Willi
|
fdd7e21225
|
Added a token add/remove callback function to the manager
|
2010-08-04 09:26:19 +02:00 |