Martin Willi
|
6be68cc1c7
|
splitted PKI tool to a file per command
|
2009-09-10 12:31:40 +02:00 |
Martin Willi
|
e5e6c6f43c
|
use generic option parsing with usage information
|
2009-09-10 11:18:41 +02:00 |
Martin Willi
|
63ee88745a
|
fixed memleak
|
2009-09-09 17:16:00 +02:00 |
Martin Willi
|
1080a51fd2
|
evaluate arguments of chunk_clone/clonea/alloc/alloca only once
|
2009-09-09 16:24:21 +02:00 |
Andreas Steffen
|
1f45e32594
|
split usage information
|
2009-09-09 02:37:17 +02:00 |
Andreas Steffen
|
e666d45ddb
|
updated usage of ipsec pki --self
|
2009-09-08 22:22:09 +02:00 |
Andreas Steffen
|
a5fc71562a
|
support --options also in ipsec pki --self
|
2009-09-08 21:54:00 +02:00 |
Andreas Steffen
|
ddf8ee0f37
|
--options reads command line options from file
|
2009-09-08 21:36:35 +02:00 |
Martin Willi
|
b5d31b3e56
|
pki tool supports subjectAltNames in certificates
|
2009-09-08 13:27:35 +02:00 |
Martin Willi
|
7631aac20c
|
x509 certificates support encoding of email, DNS and IP subjectAltNames
|
2009-09-08 13:17:41 +02:00 |
Martin Willi
|
d7be290643
|
non self-signed x509 certificates are encoded with authorityKeyIdentifier
|
2009-09-08 11:26:05 +02:00 |
Martin Willi
|
5c92524449
|
x509 CA certificates are encoded with a subjectKeyIdentifier
|
2009-09-08 11:02:49 +02:00 |
Martin Willi
|
8871e59c11
|
pki tool --issue/--verify operations require a CA with CA basicConstraint
|
2009-09-08 10:44:08 +02:00 |
Martin Willi
|
e4a4589606
|
pki tool can set CA basicConstraint on --self/--issued certificates
|
2009-09-08 10:39:04 +02:00 |
Martin Willi
|
8ab900dee9
|
x509 plugin supports encoding of CA basicConstraint extension
|
2009-09-08 10:38:02 +02:00 |
Martin Willi
|
58f34613e0
|
pki tool can issue certificates
|
2009-09-07 16:04:30 +02:00 |
Martin Willi
|
faa4bd49fb
|
use sysconfdir, no need for an additional confdir variable
|
2009-09-07 15:10:30 +02:00 |
Martin Willi
|
c0e56a663e
|
only add generated m4 files to include path
|
2009-09-07 15:10:01 +02:00 |
Martin Willi
|
b7b5653386
|
Use macros to define --with options
|
2009-09-07 15:00:45 +02:00 |
Martin Willi
|
b803bc82f4
|
Use macros to define --enable/--disable options
|
2009-09-07 15:00:45 +02:00 |
Martin Willi
|
e5efb5a03b
|
Added a .gitignore for generated m4 scripts
|
2009-09-07 15:00:44 +02:00 |
Martin Willi
|
e455ae1343
|
use m4/ autoconf subdirectory
|
2009-09-07 15:00:32 +02:00 |
Martin Willi
|
8b3b4a244e
|
Removed trailing whitespaces in configure.in/Makefile.am
|
2009-09-07 11:48:03 +02:00 |
Tobias Brunner
|
0755e98e5c
|
Cleaned up some code of the mediation extension.
|
2009-09-04 15:48:30 +02:00 |
Tobias Brunner
|
f4b975a65d
|
Moved set_state after the DBG0 statement, so that the message gets logged also for mediation connections without CHILD_SA.
|
2009-09-04 15:13:12 +02:00 |
Martin Willi
|
7b3814f75d
|
remove spaces before tabs at the beginning of lines (^( )+\t)
|
2009-09-04 15:02:11 +02:00 |
Martin Willi
|
b9b8a98f47
|
remove spaces within tabs (\t( )+\t)
|
2009-09-04 15:00:19 +02:00 |
Martin Willi
|
323f9f990f
|
replaces four spaces by tabs, where appropriate
|
2009-09-04 14:50:23 +02:00 |
Martin Willi
|
7daf5226b7
|
removed trailing spaces ([[:space:]]+$)
|
2009-09-04 13:46:09 +02:00 |
Marius Tomaschewski
|
7d1b030446
|
fixed open failure debug message in load_secrets
|
2009-09-04 11:52:28 +02:00 |
Martin Willi
|
dd2b6f3073
|
fixed memleak in rekey collissions
|
2009-09-03 18:09:29 +02:00 |
Martin Willi
|
72e2faf291
|
Convert empty CREATE_CHILD_SA exchange to an INFORMATIONAL
|
2009-09-03 17:32:41 +02:00 |
Martin Willi
|
9beb83868f
|
Use get_notify() to look up single notifies
|
2009-09-03 17:32:01 +02:00 |
Martin Willi
|
3e15f99189
|
accept octet strings in is_asn1() check
|
2009-09-03 15:35:05 +02:00 |
Martin Willi
|
d176994235
|
Use recursive source address lookup if we get a gateway only
|
2009-09-03 14:46:39 +02:00 |
Marius Tomaschewski
|
dece3d8efc
|
Fixed load_secrets to acquire/release lock in level 0 only
The write_lock call fails with EDEADLK and unlocks in the
next recursion level.
|
2009-09-03 14:46:36 +02:00 |
Martin Willi
|
12a230ddb4
|
Complain about rw(un)lock errors
|
2009-09-03 14:46:28 +02:00 |
Tobias Brunner
|
a20e98749a
|
Simplified the search for ME_CONNECTID notifies.
|
2009-09-02 17:30:47 +02:00 |
Tobias Brunner
|
484a06bce7
|
Fixed some typos; whitespace cleanup.
|
2009-09-02 17:30:46 +02:00 |
Tobias Brunner
|
5293b02945
|
Missing commas added.
|
2009-09-02 17:29:44 +02:00 |
Martin Willi
|
8fb4edc4ff
|
handle plugin loading failures
|
2009-09-01 16:20:45 +02:00 |
Martin Willi
|
d6a45127dc
|
plugins marked with a '!' are handled as critical: cancel if loading fails
|
2009-09-01 16:08:28 +02:00 |
Martin Willi
|
9412bbfa7c
|
use subjectPublicKeyInfo hash for CA certificate lookup
|
2009-09-01 14:06:44 +02:00 |
Tobias Brunner
|
deddfde91b
|
Description of new lifetime limits added to manpage.
|
2009-09-01 12:54:33 +02:00 |
Tobias Brunner
|
686aba2589
|
Added lifetime/margintime keywords as alias for keylife/rekeymargin.
|
2009-09-01 12:54:33 +02:00 |
Tobias Brunner
|
e75f423753
|
Refactored the lifetime_cfg_t struct to be simpler and more expressive. Initialization is now static.
|
2009-09-01 12:54:33 +02:00 |
Tobias Brunner
|
abff49a7ff
|
Handling of new lifetime limits added to stroke.
|
2009-09-01 12:53:44 +02:00 |
Tobias Brunner
|
ca41aa0602
|
Added keywords for the new lifetime limits to starter.
|
2009-09-01 12:53:44 +02:00 |
Tobias Brunner
|
9c7faa8618
|
Added parser for unsigned long long ints to starter.
|
2009-09-01 12:53:44 +02:00 |
Tobias Brunner
|
f40c115531
|
If no inbound CHILD_SA is found, try to find an outbound SA.
Due to the new lifetime limits in- and outbound SAs may expire
individually.
|
2009-09-01 12:53:44 +02:00 |