Andreas Steffen
|
4e8e74fcfa
|
moved TNCCS layer out of eap_tnc plugin
|
2010-09-28 23:34:04 +02:00 |
Andreas Steffen
|
2b3124c76d
|
fixed release of virtual IP for XAUTH identities
|
2010-09-26 10:17:01 +02:00 |
Tobias Brunner
|
f22ba072e8
|
draft-ietf-ipsecme-eap-mutual will be released as RFC 5998.
|
2010-09-16 10:27:49 +02:00 |
Andreas Steffen
|
004de55235
|
added notify messages defined in RFC 5996
|
2010-09-15 12:48:58 +02:00 |
Andreas Steffen
|
80f86acccb
|
show validity of OCSP responses
|
2010-09-10 22:26:03 +02:00 |
Tobias Brunner
|
0a1233e642
|
Moved man pages for config files to a separate directory.
|
2010-09-10 12:01:19 +02:00 |
Andreas Steffen
|
f3051ebf53
|
fixed memory leak
|
2010-09-09 21:38:41 +02:00 |
Martin Willi
|
663e735553
|
Compare subject against all key identifiers in has_subject()
|
2010-09-09 17:46:20 +02:00 |
Andreas Steffen
|
f85f0c2795
|
has_subject() now resolves ID_KEY_IDs
|
2010-09-09 17:15:46 +02:00 |
Martin Willi
|
89821331e0
|
Do not change cipherspec while we have buffered handshake fragments pending
|
2010-09-09 14:27:41 +02:00 |
Andreas Steffen
|
3f58022679
|
debug output of inbound and outbound TNCCS batches
|
2010-09-09 11:15:08 +02:00 |
Andreas Steffen
|
20ad62026e
|
support non EAP-TTLS conformant RADIUS-type attribute segmentation
|
2010-09-09 11:15:08 +02:00 |
Tobias Brunner
|
b1baa90846
|
Fixed copy/paste error.
|
2010-09-09 10:10:43 +02:00 |
Andreas Steffen
|
3b7eb3a9f4
|
added explanatory comments
|
2010-09-09 08:57:13 +02:00 |
Andreas Steffen
|
48b8cbb206
|
send well-formed TNCCS-Batch
|
2010-09-08 13:44:34 +02:00 |
Andreas Steffen
|
de29e3a683
|
max max_message_count configurable and move it into tls_eap_t
|
2010-09-08 12:58:45 +02:00 |
Andreas Steffen
|
99b0f633c2
|
handle TLS_PURPOSE_EAP_TNC
|
2010-09-08 12:58:45 +02:00 |
Martin Willi
|
30cd31fb69
|
Added a simple led plugin to control Linux LEDs based on IKE activity
|
2010-09-08 12:00:57 +02:00 |
Andreas Steffen
|
51b385d44d
|
moved tls_t existance test into tls_eap_create() again
|
2010-09-08 11:09:11 +02:00 |
Andreas Steffen
|
d2b1d4378e
|
generalized tls_eap_t to support EAP_TNC wrapping the TNC_IF_TNCCS protocol
|
2010-09-08 11:01:53 +02:00 |
Martin Willi
|
7b3c01845f
|
Read the compression type byte for EC groups, only
|
2010-09-08 10:35:29 +02:00 |
Andreas Steffen
|
91a0825c39
|
added non-standard SERPENT and TWOFISH support to kernel_netlink plugin
|
2010-09-08 07:22:31 +02:00 |
Andreas Steffen
|
52d4dc7fe2
|
added qcStatements OID
|
2010-09-07 11:17:51 +02:00 |
Martin Willi
|
31c65eb362
|
Include ec_point_format extension in ClientHello
|
2010-09-06 18:51:38 +02:00 |
Martin Willi
|
02281c87a4
|
Added TLS specific EC point formats
|
2010-09-06 18:42:43 +02:00 |
Martin Willi
|
ec7d4e70d3
|
Renamed ecp_format to ansi_format, as point formats in TLS use different identifiers
|
2010-09-06 18:37:24 +02:00 |
Martin Willi
|
fe559b5156
|
Accept TLS records with zero-length plaintext
|
2010-09-06 17:04:59 +02:00 |
Martin Willi
|
adb913adeb
|
Added strongswan.conf option to filter for specific TLS suites
|
2010-09-06 16:51:11 +02:00 |
Martin Willi
|
24a5b935e7
|
Added strongswan.conf options to filter cipher suites by specific algorithms
|
2010-09-06 16:51:04 +02:00 |
Martin Willi
|
a92a348092
|
Register missing AUTH_HMAC_SHA384 algorithm without truncation
|
2010-09-06 16:50:58 +02:00 |
Martin Willi
|
a03eebdf93
|
Fixed key type in TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
|
2010-09-06 16:50:54 +02:00 |
Martin Willi
|
e6cce7ff0d
|
Prepend point format to ECDH public key
|
2010-09-06 15:37:51 +02:00 |
Martin Willi
|
e4fd2bb428
|
Log the selected (EC)DH group
|
2010-09-06 15:37:51 +02:00 |
Martin Willi
|
0f89143b84
|
Parse unsupported TLS Hello extensions properly
|
2010-09-06 15:37:51 +02:00 |
Martin Willi
|
6cf85b35a4
|
Added TLS extension identifiers from RFC 3546
|
2010-09-06 15:37:51 +02:00 |
Tobias Brunner
|
3255e489be
|
Of course, mark is also supported by pluto.
|
2010-09-06 12:04:26 +02:00 |
Tobias Brunner
|
a674c79a37
|
mark_in and mark_out are also supported by pluto.
|
2010-09-06 11:53:59 +02:00 |
Martin Willi
|
4e68c1cfdc
|
Do not propose (EC)DHE suites if we do not support them
|
2010-09-03 18:24:03 +02:00 |
Martin Willi
|
4254257f9d
|
Offer only algorithms/suites we have a registered public key backend for
|
2010-09-03 18:11:03 +02:00 |
Martin Willi
|
d987946e80
|
Added a final flag to builder registration to enumerate the actually supported algorithms
|
2010-09-03 18:09:48 +02:00 |
Martin Willi
|
f9c0cf862c
|
Fixed key type of ECDHE_RSA groups
|
2010-09-03 17:24:39 +02:00 |
Martin Willi
|
3f7bb88ba3
|
Use a dynamic curve enumerator to list/convert TLS named curves
|
2010-09-03 17:24:23 +02:00 |
Martin Willi
|
f4c98ae664
|
Use ECDH group check where appropriate
|
2010-09-03 16:53:36 +02:00 |
Martin Willi
|
7d7711aba4
|
Added a generic function to check if a DH group is an EC group
|
2010-09-03 16:22:10 +02:00 |
Martin Willi
|
2066918da2
|
Add ECDHE enabled cipher suites, including ECDSA variants
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
033fe95f0b
|
Added support for a non-truncated SHA384 HMAC variant, as used by TLS
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
4cdade5aae
|
Select private key based on received cipher suites
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
37a59a8fbf
|
Support for EC curve Hello extension, EC curve fallback
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
141d7f7abd
|
Added server support for ECDHE key exchange
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
5fc7297e38
|
Added client support for ECDHE key exchange
|
2010-09-03 14:54:43 +02:00 |