ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
15,685 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

59 Commits

Author SHA1 Message Date
Andreas Steffen 2d41e1c51c pki: Edited keyid parameter use in various pki man pages and usage outputs 2017-03-06 18:54:09 +01:00
Martin Willi ead1dd3bcb pki: Support an --addrblock option for issued certificates 2017-02-27 09:36:48 +01:00
Andreas Steffen 35bc60cc68 Added support of EdDSA signatures 2016-12-14 11:15:47 +01:00
Tobias Brunner 05ccde0a8b pki: Add generic 'priv' key type that loads any type of private key 2016-10-05 11:32:52 +02:00
Andreas Steffen f6fede934b Support BLISS signatures with SHA-3 hash 2015-11-03 21:35:09 +01:00
Tobias Brunner 592f31f5af pki: Add new type options to --issue command usage output 2015-08-27 17:55:15 +02:00
Tobias Brunner 1bc2549914 pki: Optionally extract public key from given private key in --issue 
Fixes #618.
 2015-08-10 12:33:02 +02:00
Tobias Brunner 2872f77829 pki: Choose default digest based on the signature key 2015-03-23 17:22:31 +01:00
Tobias Brunner ae0604f583 pki: Use SHA-256 as default for signatures 
Since the BLISS private key supports this we don't do any special
handling anymore (if the user choses a digest that is not supported,
signing will simply fail later because no signature scheme will be found).
 2015-03-23 17:22:31 +01:00
Andreas Steffen 27bd0fed93 Allow SHA256 and SHA384 data hash for BLISS signatures. 
The default is SHA512 since this hash function is also
used for the c_indices random oracle.
 2015-02-26 08:56:12 +01:00
Andreas Steffen b6bb32e658 Implemented full BLISS support for IKEv2 public key authentication and the pki tool 2014-11-29 14:51:18 +01:00
Martin Willi 13298719e3 pki: Switch to binary mode on Windows when reading/writing DER to FDs 2014-06-04 15:53:11 +02:00
Martin Willi 064fe9c963 enum: Return boolean result for enum_from_name() lookup 
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.

Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.

This also fixes several clang warnings where enums are unsigned.
 2014-05-16 15:42:07 +02:00
Andreas Steffen 98ae0492b6 Added support for msSmartcardLogon EKU 2014-04-08 13:09:03 +02:00
Martin Willi d6e921181a pki: Support absolute --not-before/after issued certificate lifetimes 2014-03-31 11:14:59 +02:00
Martin Willi e49197f15e pki: Don't generate negative random serial numbers in X.509 certificates 
According to RFC 5280 4.1.2.2 we MUST force non-negative serial numbers.
 2014-03-31 11:14:58 +02:00
Martin Willi 1c4a3459f7 chunk: Use dynamically allocated buffer in chunk_from_fd() 
When acting on files, we can use fstat() to estimate the buffer size. On
non-file FDs, we dynamically increase an allocated buffer.

Additionally we slightly change the function signature to properly handle
zero-length files and add appropriate unit tests.
 2014-01-23 15:55:32 +01:00
Tobias Brunner 71c9565a3a pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOB 
This allows more than one builder to try parsing the data read from STDIN.
 2013-10-23 17:20:39 +02:00
Tobias Brunner 42e3a21e24 pki: Add pki --issue man page 2013-09-13 15:07:35 +02:00
Tobias Brunner f05b427265 Moved debug.[ch] to utils folder 2012-10-24 16:00:51 +02:00
Tobias Brunner 12642a6831 Moved data structures to new collections subfolder 2012-10-24 16:00:49 +02:00
Martin Willi c63fb853e8 Use centralized hasher names in pki utility 2012-07-17 17:32:05 +02:00
Tobias Brunner e93bb353d5 Check rng return value when generating serial numbers in pki utility 2012-07-16 14:53:35 +02:00
Martin Willi b1f2f05c92 Merge branch 'ikev1-clean' into ikev1-master 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/daemon.c
	src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
	src/libcharon/plugins/eap_radius/eap_radius_accounting.c
	src/libcharon/plugins/eap_radius/eap_radius_forward.c
	src/libcharon/plugins/farp/farp_listener.c
	src/libcharon/sa/ike_sa.c
	src/libcharon/sa/keymat.c
	src/libcharon/sa/task_manager.c
	src/libcharon/sa/trap_manager.c
	src/libstrongswan/plugins/x509/x509_cert.c
	src/libstrongswan/utils.h

Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
 2012-03-20 17:57:53 +01:00
Tobias Brunner 4bc4e8e17b Added support for iKEIntermediate flag to ipsec pki. 2012-03-20 17:31:25 +01:00
Tobias Brunner 20d752b4ff pki: Avoid integer overflow when calculating certificate lifetimes. 
This only works properly if sizeof(time_t) > 4.
 2011-12-23 16:33:24 +01:00
Andreas Steffen eead71eb75 use DN from pkcs10 request if it exists 2011-02-07 23:41:54 +01:00
Martin Willi 3fd3f8dea8 Added support for empty subjects DNs to pki --issue 2011-01-05 16:46:07 +01:00
Martin Willi b088fd4a76 Slightly renamed different policyConstraints to distinguish them better 2011-01-05 16:46:05 +01:00
Martin Willi 6a339fffc7 Added inhibitAnyPolicy constraint support to pki tool 2011-01-05 16:46:05 +01:00
Martin Willi de8521f6f2 Added support for delta CRLs to pki tool 2011-01-05 16:46:04 +01:00
Martin Willi a6478a0402 Simplified format of x509 CRL URI parsing/enumerator 2011-01-05 16:46:03 +01:00
Martin Willi a864eb37b1 Added policyConstraints support to pki tool 2011-01-05 16:46:02 +01:00
Martin Willi 5dba5852fc Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too 2011-01-05 16:46:02 +01:00
Martin Willi 3ffc9d9a88 Added policyMappings support to pki tool 2011-01-05 16:46:02 +01:00
Martin Willi 6c3ac04478 Added certificatePolicy options to pki tool 2011-01-05 16:46:02 +01:00
Martin Willi e6fbe5933b pki --issue/self support permitted/excluded NameConstraints 2011-01-05 16:46:00 +01:00
Martin Willi bb0cda2fa9 pki tool shows and builds crlSign keyUsage 2011-01-05 16:45:56 +01:00
Martin Willi 630d58724a Added --crlissuer option to pki --issue 2011-01-05 16:45:56 +01:00
Martin Willi efab731338 Added PKCS#11 private key support to the pki tool 2010-08-04 09:26:21 +02:00
Martin Willi b5b95c75de Added pki PEM encoding support for certificates, CRLs and PKCS10 requests 2010-07-13 14:14:39 +02:00
Martin Willi 0406eeaacb Support different encoding types in certificate.get_encoding() 2010-07-13 13:53:20 +02:00
Martin Willi a2cf26f1c1 Changed default lifetime of certificates to 3 years 2010-05-31 13:15:19 +02:00
Tobias Brunner 8b0e09103b Adding DBG_LIB to all calls of libstrongswan's version of DBG*. 2010-04-06 12:47:40 +02:00
Andreas Steffen c0df187cb4 we don't accept a serial number with leading zeroes 2010-03-14 19:41:40 +01:00
Martin Willi 7eab4a1be6 Support TLS client authentication Extended Key Usage in x509 generation 2010-01-14 12:00:43 +01:00
Andreas Steffen 3e33ae1004 ipsec pki --self|issue supports --pathlen option setting a path length constraint 2009-12-31 15:13:35 +01:00
Andreas Steffen 408e46a324 ipsec pki --issue suports --flag authServer option 2009-10-05 22:44:01 +02:00
Andreas Steffen ce40bf5def ipsec pki --issue supports --flag ocspSigning option 2009-10-05 21:20:42 +02:00
Martin Willi ae7452e87c Handle pki --debug and --options in a generic way for all command 2009-09-15 11:53:46 +02:00