Tobias Brunner
17c9972252
Fixed some typos, courtesy of codespell
2019-08-28 14:03:41 +02:00
Tobias Brunner
784d96e031
Fixed some typos, courtesy of codespell
2018-09-17 18:51:44 +02:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Tobias Brunner
9fcf4fdda1
x509: Add flag that marks compliance with RFC 4945
...
According to RFC 4945, section 5.1.3.2, a certificate for IKE must
either not contain the keyUsage extension, or, if it does, have at least
one of the digitalSignature or nonReputiation bits set.
2018-05-22 09:50:47 +02:00
Tobias Brunner
024b979522
certificate: Return signature scheme and parameters from issued_by() method
...
This also required some include restructuring (avoid including library.h
in headers) to avoid unresolvable circular dependencies.
2017-11-08 16:48:10 +01:00
Tobias Brunner
4e7b7db62f
certificates: Use shared destructor for x509_cdp_t
2017-09-18 10:54:19 +02:00
Tobias Brunner
755d076fec
Fix some Doxygen issues
2016-03-11 12:25:14 +01:00
Andreas Steffen
02d431022c
Refactored certificate management for the vici and stroke interfaces
2015-12-12 00:19:24 +01:00
Andreas Steffen
9dd8bfb2ce
Changed some certificate_type_names and added x509_flag_names
2015-12-11 18:26:55 +01:00
Andreas Steffen
fd90f0613c
Print OCSP single responses
2015-12-11 18:26:53 +01:00
Andreas Steffen
3317d0e77b
Standardized printing of certificate information
...
The certificate_printer class allows the printing of certificate
information to a text file (usually stdout). This class is used
by the pki --print and swanctl --list-certs commands as well as
by the stroke plugin.
2015-12-11 18:26:53 +01:00
Tobias Brunner
f809e485fb
Fixed some typos
2015-08-13 15:12:34 +02:00
Martin Willi
40a924090e
crl: Undefine <wincrypt.h>'s CRL_REASON_* and use our enum values instead
2014-06-03 12:24:34 +02:00
Andreas Steffen
98ae0492b6
Added support for msSmartcardLogon EKU
2014-04-08 13:09:03 +02:00
Martin Willi
a17598bc69
x509: Integrate IETF attribute handling, and obsolete ietf_attributes_t
...
The ietf_attributes_t class is used for attribute certificates only these days,
and integrating them to x509_ac_t simplifies things significantly.
2014-03-31 11:14:58 +02:00
Martin Willi
61b2d815b9
x509: Replace fixed acert group string getter by a more dynamic group enumerator
2014-03-31 11:14:58 +02:00
Martin Willi
883a63adc1
ac: Remove unimplemented equals_holder() method from ac_t
2014-03-31 11:14:57 +02:00
Tobias Brunner
abc04e6b3f
Remove pluto specific certificate types
2013-05-08 15:02:40 +02:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Martin Willi
a37f2d2006
certificate_t->issued_by takes an argument to receive signature scheme
2012-06-12 14:24:49 +02:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Tobias Brunner
f29a4f1c64
Added support for iKEIntermediate X.509 extended key usage flag.
...
Mac OS X requires server certificates to have this flag set.
2012-03-20 17:31:24 +01:00
Tobias Brunner
00cc2188d4
Some whitespace fixes.
2012-03-20 17:31:24 +01:00
Adrian-Ken Rueegsegger
d887b8e134
Fix whitespaces
2012-01-12 11:25:18 +01:00
Tobias Brunner
a660f1426e
Fixed missing initializer compiler warning.
2011-11-25 09:52:19 +01:00
Thomas Egerer
6e5e2762d3
Handle certificates being on hold in a CRL
...
Certificates which are set on hold in a CRL might be removed from any
subsequent CRL. Hence you cannot conclude that a certificate is revoked
for good in this case, you would try to retrieve an update CRL to see if
the certificate on hold is still on it or not.
2011-11-04 11:11:17 +01:00
Tobias Brunner
cbf5c2c61c
Readded docs for some arguments to global functions.
...
Those were overzealously removed in 28623fc538
.
2011-07-21 18:38:43 +02:00
Tobias Brunner
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
Tobias Brunner
28623fc538
"this" removed from comments.
2011-07-06 09:43:45 +02:00
Andreas Steffen
d390b3b901
[hopefully] fixed pathlen problem on ARM platforms
2011-02-10 15:51:18 +01:00
Martin Willi
07eee80401
Added support for inhibitAnyPolicy constraint to x509 plugin
2011-01-05 16:46:05 +01:00
Martin Willi
b3d359e58f
Use a generic getter for all numerical X.509 constraints
2011-01-05 16:46:05 +01:00
Martin Willi
55e4d8982f
Added support for delta CRLs to x509 plugin
2011-01-05 16:46:03 +01:00
Martin Willi
a6478a0402
Simplified format of x509 CRL URI parsing/enumerator
2011-01-05 16:46:03 +01:00
Martin Willi
a742d97fb8
Added support for policyConstraints to x509 plugin
2011-01-05 16:46:02 +01:00
Martin Willi
5dba5852fc
Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
2011-01-05 16:46:02 +01:00
Martin Willi
5a0caa4b3a
Added policyMappings support to x509 plugin
2011-01-05 16:46:02 +01:00
Martin Willi
20bd78106e
Added certificatePolicy support to x509 plugin
2011-01-05 16:46:02 +01:00
Martin Willi
dbfbbec368
Added name constraint enumerator to x509 interface
2011-01-05 16:46:00 +01:00
Martin Willi
6807c0ca2c
Added a flag for X509 CRLSign keyUsage
2011-01-05 16:45:56 +01:00
Martin Willi
e49bd37b5d
Remove x509_flag_names, flags do not work with ENUM()
2011-01-05 16:45:56 +01:00
Martin Willi
4e508517d7
Added support for CRL Issuers to x509 and OpenSSL plugins
2011-01-05 16:45:55 +01:00
Martin Willi
0406eeaacb
Support different encoding types in certificate.get_encoding()
2010-07-13 13:53:20 +02:00
Martin Willi
5db798c8e0
Charon uses a generic trunstchain length limit, not only for X509 certificates
2010-07-13 10:26:06 +02:00
Martin Willi
aab861608a
Removed is_newer() from certificate_t, obsoleting all implementations
2010-05-21 16:25:51 +02:00
Martin Willi
8029e5efd2
Added generic implementations for crl_is_newer/certificate_is_newer
2010-05-21 16:25:51 +02:00
Martin Willi
7eab4a1be6
Support TLS client authentication Extended Key Usage in x509 generation
2010-01-14 12:00:43 +01:00
Andreas Steffen
e16a01a5e6
X509_IP_ADDR_BLOCKS flag signals the presence of an ipAddrBlock certificate extension
2009-12-22 13:18:27 +01:00
Andreas Steffen
91e35b7c9e
added create_ipAddrBlock_enumerator() method to x509_t
2009-12-22 11:58:30 +01:00