Tobias Brunner
|
2e7cc07ecd
|
Moved host_t and host_resolver_t to a new networking subfolder
|
2012-10-24 15:06:18 +02:00 |
Martin Willi
|
c4894cc172
|
Send certificate requests in load-tester
|
2012-10-24 13:25:45 +02:00 |
Martin Willi
|
0f3c5f8502
|
Add load-tester traffic selector configuration options
|
2012-10-24 13:25:13 +02:00 |
Martin Willi
|
1efd6c6f2a
|
Make use of new CIDR string ts constructor where appropriate
|
2012-10-24 13:25:08 +02:00 |
Martin Willi
|
fd6c0c8fb4
|
Add a traffic selector constructor creating a TS directly from a CIDR string
|
2012-10-24 13:25:02 +02:00 |
Martin Willi
|
8fc7bbc6ba
|
Add NEWS about explicitly loaded pkcs11 certificates from ipsec.conf
|
2012-10-24 13:16:39 +02:00 |
Martin Willi
|
712e81306f
|
PKCS#11 library search using keyid uses a fallback to look for certificates
|
2012-10-24 13:07:54 +02:00 |
Martin Willi
|
aa51d5dd25
|
Increase the limit of acceptable IKEv1 CERTREQ payloads to 20
|
2012-10-24 13:07:53 +02:00 |
Martin Willi
|
4ce55ffb0b
|
Use explicit, larger buffer sizes for smartcard keyids and modules
|
2012-10-24 13:07:53 +02:00 |
Martin Willi
|
cd844e1c97
|
Remove obsolete pluto smartcard syntax in ipsec.secrets.5
|
2012-10-24 13:07:53 +02:00 |
Martin Willi
|
f6d8fb3687
|
Updated ipsec.conf.5 regarding (CA) certificates loaded from smartcards
|
2012-10-24 13:07:53 +02:00 |
Martin Willi
|
434902b302
|
Add a strongswan.conf option to disable loading of all certificates from a pkcs11 module
|
2012-10-24 13:07:53 +02:00 |
Martin Willi
|
794d713dca
|
Support loading cacert certificates in ipsec.conf ca sections from smartcard
|
2012-10-24 13:07:53 +02:00 |
Martin Willi
|
2abe404927
|
Refactored stroke smartcard token parsing, support module and slot in leftcert option
|
2012-10-24 13:07:53 +02:00 |
Martin Willi
|
36e47a409b
|
Explicit pkcs11 certificate loading can enforce a module and a slot
|
2012-10-24 13:07:53 +02:00 |
Martin Willi
|
5d4c27d077
|
Be less verbose if loading PKCS#11 certificate fails
|
2012-10-24 13:07:53 +02:00 |
Martin Willi
|
05e266ea9d
|
Add leftcert ipsec.conf.5 documentation about smartcard certificates
|
2012-10-24 13:07:53 +02:00 |
Martin Willi
|
9687cb5100
|
Load ipsec.conf %smartcard leftcerts with pkcs11 builder
|
2012-10-24 13:07:52 +02:00 |
Martin Willi
|
fbd3863571
|
Add a builder to load specific pkcs11 certificates by keyid
|
2012-10-24 13:07:52 +02:00 |
Martin Willi
|
ffe42fa405
|
If no pkcs11 public key for a private key found, search for a certificate
|
2012-10-24 13:07:52 +02:00 |
Martin Willi
|
44fdc62f82
|
Move pkcs11 public key lookup function declaration to header file
|
2012-10-24 13:07:52 +02:00 |
Martin Willi
|
6910e5c753
|
Add NEWS about proposals with PRFs different from integrity protection algorithms
|
2012-10-24 11:52:59 +02:00 |
Martin Willi
|
5b2e669ba2
|
Add ipsec.conf.5 documentation for explicit PRFs in IKE proposals
|
2012-10-24 11:49:37 +02:00 |
Martin Willi
|
7ee16e4b85
|
Only add an implicit PRF based on the MAC alg if no PRF given in proposal
|
2012-10-24 11:49:37 +02:00 |
Martin Willi
|
60e59b7e7f
|
Add proposal keywords to explicitly specify PRF algorithms
|
2012-10-24 11:49:36 +02:00 |
Martin Willi
|
343e998927
|
Added NEWS about lookip plugin
|
2012-10-24 11:47:18 +02:00 |
Martin Willi
|
a7f5eb1035
|
Add an interactive mode in lookip tool, demonstrate lasting connections
|
2012-10-24 11:43:34 +02:00 |
Martin Willi
|
9d422bb1b0
|
Send a lookip NOT_FOUND reply if a lookup yields no results
|
2012-10-24 11:43:34 +02:00 |
Martin Willi
|
f6fb2b98e9
|
lookup function of lookip listener returns the number of matches
|
2012-10-24 11:43:34 +02:00 |
Martin Willi
|
31576ceddf
|
Handle multiple lookip connections using a single FDSET
|
2012-10-24 11:43:34 +02:00 |
Martin Willi
|
28683ef137
|
Renamed list to store listening lookip clients
|
2012-10-24 11:43:34 +02:00 |
Martin Willi
|
bae50c7393
|
Handle client subscriptions in lookip plugin
|
2012-10-24 11:43:34 +02:00 |
Martin Willi
|
7650dd9a4f
|
Add a lookip server side UNIX socket processing LOOKUP and DUMP requests
|
2012-10-24 11:43:34 +02:00 |
Martin Willi
|
d59e6db614
|
Add a simple command line utility to query the lookip plugin
|
2012-10-24 11:43:34 +02:00 |
Martin Willi
|
7877c463ea
|
Defined on-the-wire format used on lookip socket
|
2012-10-24 11:43:34 +02:00 |
Martin Willi
|
1edaa79c06
|
Add a lookip function to register virtual IP notification listeners
|
2012-10-24 11:43:34 +02:00 |
Martin Willi
|
9c54b445e2
|
Add a lookup method to lookip plugin, using a callback to invoke
|
2012-10-24 11:43:34 +02:00 |
Martin Willi
|
2caa27d42e
|
Add a lookip listener that collects the information we are interested in
|
2012-10-24 11:43:34 +02:00 |
Martin Willi
|
e0d7c1eda7
|
Add a lookip plugin stub to lookup connections by virtual IP
|
2012-10-24 11:43:33 +02:00 |
Martin Willi
|
a19d591388
|
Add NEWS about stroke counters
|
2012-10-24 11:39:13 +02:00 |
Martin Willi
|
3202f4a381
|
Add "listcounters" command to ipsec.8 manpage
|
2012-10-24 11:34:31 +02:00 |
Martin Willi
|
0c4b9f7cda
|
Add a "ipsec listcounters" command to stroke
|
2012-10-24 11:34:31 +02:00 |
Martin Willi
|
f9332e0a8b
|
Add a print method for stroke counters
|
2012-10-24 11:34:31 +02:00 |
Martin Willi
|
2232d88569
|
Support field with specifiers in %N printf hook
|
2012-10-24 11:34:30 +02:00 |
Martin Willi
|
fc4d1568d1
|
Add stroke message type counters
|
2012-10-24 11:34:30 +02:00 |
Martin Willi
|
5715af7508
|
Add stroke counters for invalid IKE messages
|
2012-10-24 11:34:30 +02:00 |
Martin Willi
|
81e0e10344
|
Add stroke CHILD_SA rekeying counter
|
2012-10-24 11:34:30 +02:00 |
Martin Willi
|
a32a8d4a67
|
Add stroke IKE rekey counters
|
2012-10-24 11:34:30 +02:00 |
Martin Willi
|
418f4bc7a5
|
Raise a bus alert when IKE message body parsing fails
|
2012-10-24 11:34:30 +02:00 |
Martin Willi
|
2b95ab7620
|
Raise a bus alert when IKE message header parsing fails
|
2012-10-24 11:34:30 +02:00 |