b18a531715
plugin-loader: Removed unused path argument of load() method
...
Multiple additional search paths can be added with the add_path()
method.
2013-06-28 10:44:15 +02:00
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
a4ddc0bb26
Encode RSA public keys in RFC 3110 DNSKEY format
2013-02-19 12:25:00 +01:00
4cd3fb788d
Properly read data from stream in pki --pkcs7
2013-01-24 19:13:41 +01:00
27a814b527
Properly destroy mem_cred object on pki --pkcs7 --help
2013-01-24 19:13:41 +01:00
063ae4e52a
Allocate data returned by pkcs7_t.get_attribute()
2012-12-19 10:32:08 +01:00
24b2dae2b6
Add a --show option to pki --pkcs7 to print contained certificates
2012-12-19 10:32:08 +01:00
9afbe59953
pki --pkcs7 --verify shows prints the signing time, if available
2012-12-19 10:32:08 +01:00
5a50bec9d2
Fix leak in pki --pkcs7 --decrypt
2012-12-19 10:32:08 +01:00
47120d4977
Add a pki command to sign, verify, encrypt and decrypt PKCS#7 containers
2012-12-19 10:32:07 +01:00
48b23d06a8
allow the optional sharing if RSA private keys
2012-11-22 00:34:42 +01:00
168ee460c6
implemented generation of safe primes
2012-11-18 19:22:31 +01:00
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
8b0dce08f2
Avoid overrunning array when registering pki command line options
2012-09-28 18:22:54 +02:00
c63fb853e8
Use centralized hasher names in pki utility
2012-07-17 17:32:05 +02:00
e93bb353d5
Check rng return value when generating serial numbers in pki utility
2012-07-16 14:53:35 +02:00
a37f2d2006
certificate_t->issued_by takes an argument to receive signature scheme
2012-06-12 14:24:49 +02:00
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
5ff99529e6
ASN.1 two's complement encoding prevents overflow in CRL serial number
2012-04-04 11:29:12 +02:00
320fd5fe62
moved chunk_skip_zero to chunk.h
2012-04-03 14:12:50 +02:00
e464894e8b
remove leading zeros in ASN.1 encoded serial numbers
2012-03-27 15:05:36 +02:00
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
4bc4e8e17b
Added support for iKEIntermediate flag to ipsec pki.
2012-03-20 17:31:25 +01:00
f1ba06c1c6
Cache list of plugin names to further simplify its usage.
...
Also helpful for ipsec statusall to avoid having to enumerate plugins.
2012-01-19 12:37:42 +01:00
fdf1f239ef
Log list of loaded plugins in main PKI help output.
2012-01-19 11:56:43 +01:00
20d752b4ff
pki: Avoid integer overflow when calculating certificate lifetimes.
...
This only works properly if sizeof(time_t) > 4.
2011-12-23 16:33:24 +01:00
29388829fa
Do proper cleanup in error case in pki req.
2011-04-14 18:11:45 +02:00
3fe6c0b27e
Do proper cleanup in some error cases in pki signcrl.
2011-04-14 18:11:44 +02:00
eead71eb75
use DN from pkcs10 request if it exists
2011-02-07 23:41:54 +01:00
3fd3f8dea8
Added support for empty subjects DNs to pki --issue
2011-01-05 16:46:07 +01:00
0110c26a04
Use incremented serial of base CRL when signing delta CRL
2011-01-05 16:46:06 +01:00
b088fd4a76
Slightly renamed different policyConstraints to distinguish them better
2011-01-05 16:46:05 +01:00
6a339fffc7
Added inhibitAnyPolicy constraint support to pki tool
2011-01-05 16:46:05 +01:00
b3d359e58f
Use a generic getter for all numerical X.509 constraints
2011-01-05 16:46:05 +01:00
de8521f6f2
Added support for delta CRLs to pki tool
2011-01-05 16:46:04 +01:00
a6478a0402
Simplified format of x509 CRL URI parsing/enumerator
2011-01-05 16:46:03 +01:00
a864eb37b1
Added policyConstraints support to pki tool
2011-01-05 16:46:02 +01:00
5dba5852fc
Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
2011-01-05 16:46:02 +01:00
3ffc9d9a88
Added policyMappings support to pki tool
2011-01-05 16:46:02 +01:00
6c3ac04478
Added certificatePolicy options to pki tool
2011-01-05 16:46:02 +01:00
e6fbe5933b
pki --issue/self support permitted/excluded NameConstraints
2011-01-05 16:46:00 +01:00
64bcaae203
pki --print prints NameConstraints
2011-01-05 16:46:00 +01:00
dffb176f2b
CRLSign keyUsage or CA basicConstraint are sufficient for CRL validation
2011-01-05 16:45:56 +01:00
bb0cda2fa9
pki tool shows and builds crlSign keyUsage
2011-01-05 16:45:56 +01:00
630d58724a
Added --crlissuer option to pki --issue
2011-01-05 16:45:56 +01:00
4e508517d7
Added support for CRL Issuers to x509 and OpenSSL plugins
2011-01-05 16:45:55 +01:00
21f80e9dbc
Added crl support to pki --print
2010-08-30 11:23:45 +02:00
8f01815143
Build dedicated plugin lists for each strongSwan component
2010-08-12 14:46:57 +02:00
a944d2092b
Use bits instead of bytes for a private/public key
2010-08-10 18:46:30 +02:00
Tobias Brunner