Martin Willi
4720815774
Added a stub for the EAP-AKA backend implementing the 3GPP2 functions in software
2009-10-09 13:02:19 +02:00
Martin Willi
36a3bccfcf
Implemented a manager for USIM cards/providers very similar to the SIM manager
2009-10-09 13:02:19 +02:00
Andreas Steffen
c6b2b2aae2
corrected caption
2009-10-09 00:16:33 +02:00
Andreas Steffen
4b4f8bd732
created identification_create_from_sockaddr() function
2009-10-09 00:13:28 +02:00
Martin Willi
a4eb37eed0
Added medsrv.fcgi to gitignore
2009-10-08 13:10:02 +02:00
Andreas Steffen
5026519057
medsrv.fcgi is not part of the git tree
2009-10-08 13:05:27 +02:00
Andreas Steffen
878fc472e9
hex_str() isn't used externally any more
2009-10-08 13:04:07 +02:00
Andreas Steffen
e64b4e96c9
parsing of generalNames is not needed any more
2009-10-08 12:42:29 +02:00
Andreas Steffen
88212ee6e7
use of asn1_build_known_oid()
2009-10-08 12:35:36 +02:00
Andreas Steffen
0354d5703d
migrated public key IDs to identification_t
2009-10-08 11:25:43 +02:00
Martin Willi
4b1cd5a367
Reenabled acq_expires SA timer using rekey timeout
...
While not using a SA expiration for allocating SPIs works fine,
the situation is much more problematic for kernel-created temporary
SAs from acquires. If the negotiation of such a CHILD_SA fails,
the created temporary SA can not be deleted.
2009-10-07 13:09:59 +02:00
Martin Willi
991f7ccd6c
Catch CHILD_SA state changes during acquire
...
If an acquire fails due to a TS_UNACCEPTABLE or other CHILD_SA only errors,
we have to reset the pending state in the trap manager.
2009-10-07 13:09:59 +02:00
Andreas Steffen
84e390fdc4
list subjectAltNames
2009-10-06 23:50:26 +02:00
Andreas Steffen
20afe5e9f5
some ipsec listall finetuning
2009-10-06 23:19:46 +02:00
Andreas Steffen
ce2f2461e0
pluto and charon now have the same ipsec listall output format
2009-10-06 16:49:46 +02:00
Andreas Steffen
f3e9eae283
the ikev1 scenarios need the x509 plugin
2009-10-06 14:38:34 +02:00
Andreas Steffen
cf85e1319b
streamlined output from get_validity()
2009-10-06 14:22:27 +02:00
Andreas Steffen
afdaa9e5bf
fixed serial number conversion from hex
2009-10-05 23:52:35 +02:00
Andreas Steffen
0da0f3fc3f
delete group attributes after use
2009-10-05 23:17:36 +02:00
Andreas Steffen
a9fe23cf53
stroke_list outputs group attributes
2009-10-05 23:13:51 +02:00
Andreas Steffen
408e46a324
ipsec pki --issue suports --flag authServer option
2009-10-05 22:44:01 +02:00
Andreas Steffen
ce40bf5def
ipsec pki --issue supports --flag ocspSigning option
2009-10-05 21:20:42 +02:00
Martin Willi
6eacaffc72
Cleaned up EAP-AKA en/decoding, eliminated unaligned half-word reads
2009-10-05 14:06:32 +02:00
Martin Willi
3b836fc759
Cleaned up EAP-SIM en/decoding, eliminated unaligned half-word reads
2009-10-05 13:32:41 +02:00
Martin Willi
587ebae722
Distinguish invalid free()s between corrupted magic and invalid pointer
2009-10-05 11:02:54 +02:00
Andreas Steffen
fc12e3cd2e
pluto now uses x509 plugin for attribute certificate handling
2009-10-05 07:24:28 +02:00
Andreas Steffen
0ea9cbc6e9
fixed output of authKeyID
2009-10-02 21:20:45 +02:00
Andreas Steffen
0aa5cea248
mark embedded parsing in debug mode
2009-10-02 20:54:15 +02:00
Andreas Steffen
ec0abe4ab5
added some notBefore/notAfter debugging info
2009-10-02 20:14:09 +02:00
Andreas Steffen
daaedcb9c2
verify correctness of X.509 versions
2009-10-02 17:49:51 +02:00
Andreas Steffen
6f2f08fb8d
added all missing RFC 5280 OIDs
2009-10-02 14:10:27 +02:00
Andreas Steffen
03a52ce4e5
created ikev1/mode-config-multiple scenario
2009-10-01 09:42:35 +02:00
Andreas Steffen
eb4544f773
fixes multiple IPsec SAs with IKEv1 Mode Config
2009-10-01 09:41:35 +02:00
Andreas Steffen
70e81857f9
generate known OIDs dynamically
2009-09-30 11:49:32 +02:00
Andreas Steffen
0c8d08068e
pluto's crl handling now uses the x509 plugin
2009-09-30 09:29:15 +02:00
Andreas Steffen
5406c65702
scepclient uses pkcs10 from libstrongswan
2009-09-28 05:52:20 +02:00
Andreas Steffen
c72080cea8
abbreviated struct connection by connection_t
2009-09-27 23:49:37 +02:00
Andreas Steffen
0eff9f6539
pluto and scepclient now use the x509 plugin for certificates
2009-09-27 23:09:30 +02:00
Andreas Steffen
727b0f11e2
whitelist Curl_client_write
2009-09-27 23:07:21 +02:00
Andreas Steffen
8ad23ba346
added get_subjectKeyIdentifier() to x509_t
2009-09-26 22:10:36 +02:00
Martin Willi
f12d8cf719
Do not increase the invalid-KE/Cookie retry counter for additional keyingtry attempts
2009-09-24 14:49:41 +02:00
Martin Willi
cf76c42903
Do not create a replacement IKE_SA if we have CHILD_SAs to route only
2009-09-24 14:49:41 +02:00
Tobias Brunner
6e6975395e
Using the correct type for ME_ENDPOINT payloads in connectivity checks.
2009-09-24 11:29:34 +02:00
Martin Willi
17859fe6cf
Right-align short options in pki usage
2009-09-24 11:28:53 +02:00
Andreas Steffen
02bf410aa9
certificate subject DNs are in double quotes
2009-09-23 22:03:52 +02:00
Andreas Steffen
b362cc2382
streamlining of credential loading debug output
2009-09-23 21:55:48 +02:00
Andreas Steffen
1806024105
added fix of PKCS#7 wrapped certificates to NEWS
2009-09-23 21:50:56 +02:00
Andreas Steffen
45cc7ba403
added and fixed debug output of version information
2009-09-23 16:21:18 +02:00
Andreas Steffen
c0be0977e7
fixed PKCS#7 wrapped certificate parsing
2009-09-23 15:52:30 +02:00
Martin Willi
840743479a
Use mysql_config to query MySQL LIBS and CFLAGS
2009-09-23 12:45:03 +02:00