Commit Graph

2376 Commits

Author SHA1 Message Date
Martin Willi d20e5c6ab5 replaced get_public() by create_public_enumerator() to try multiple public keys for signature verification 2008-03-27 19:07:23 +00:00
Martin Willi 0d30ba3343 use trusted self-signed root CA certificates as trust anchor only 2008-03-27 13:38:02 +00:00
Tobias Brunner e74bc8e51d changed external interface to the mediation extension. 2008-03-27 12:31:35 +00:00
Tobias Brunner b42421a04c corrected ME_ENDPOINT length check 2008-03-27 12:29:51 +00:00
Martin Willi 52a61742e7 reusing generic shared_key_t implementation in med_db 2008-03-27 11:45:49 +00:00
Martin Willi cf4caefab1 whitelisted FCGX_Init
reporting count of leaks suppressed by whitelist
2008-03-27 11:42:35 +00:00
Martin Willi 4204db116b fixed memory leak in dispatcher 2008-03-27 10:24:37 +00:00
Tobias Brunner 54150b3f13 checking the size of ME_* notify payloads 2008-03-27 10:17:29 +00:00
Tobias Brunner b0dee635d2 replaced the COOKIE notify payload in connectivity checks with a ME_CONNECTAUTH notify payload 2008-03-27 09:54:09 +00:00
Martin Willi f957f7dfb3 implemented cert cache flushing, ipsec purgeocsp 2008-03-27 06:37:29 +00:00
Andreas Steffen d61bd27a9a fixed plugin/stroke Makefile 2008-03-26 20:24:55 +00:00
Andreas Steffen 1aad8bdfad makeshift fix of --enable-integrity-test option 2008-03-26 20:16:42 +00:00
Tobias Brunner dc04b7c743 mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed 2008-03-26 18:40:19 +00:00
Martin Willi 685232670a added uptime statistics to statusall 2008-03-26 16:13:14 +00:00
Martin Willi 7b88a983d8 caching of ocsp responses (experimental), no crl caching yet 2008-03-26 15:21:50 +00:00
Martin Willi 391abda082 fixed compile error if --enable-p2p is set 2008-03-26 14:45:24 +00:00
Andreas Steffen 5298777ad8 treat sig_alg and algorithm comparison in a consistent way over all certificate types 2008-03-26 13:10:36 +00:00
Martin Willi e37f7715bf fixed rightca= constraint checking
implemented rightca= for intermediate CAs we do not have the certificate at config load
2008-03-26 12:23:46 +00:00
Martin Willi 2d84da89b9 fixed auth_info_t.equals() 2008-03-26 10:58:19 +00:00
Martin Willi 0b14fdb92b splitted stroke plugin to several files:
socket: reads messages from socket, dispatching
  config: process add/del conn, serves configs through backend_t
  control: controlling of the daemon (up/down/route/...(
  cred: credential loading, serves creds through credential_set_t
  ca: ca sections from ipsec.conf, serves cdp's through credential_set_t
  list: log status information to stroke console (status/statusall/list*)
  shared_key: shared key implementation for keys read from ipsec.secrets
  plugin: registers stroke plugin and starts socket w/ thread
2008-03-26 10:10:40 +00:00
Martin Willi 3c7e72f5b0 added equals() method to peer_cfg, ike_cfg, proposals, auth_info
allows easier merging of ipsec.conf connections
replaced some iterators through enumerators
made proposals algorithm_t private using enumerator
2008-03-26 10:06:45 +00:00
Martin Willi a852928a6f fixed compiler warnings 2008-03-26 09:29:30 +00:00
Andreas Steffen 26930a8c3e certificate factory can load certs from file 2008-03-25 22:28:27 +00:00
Andreas Steffen ff98c85b57 added component BUILD_FROM_FILE 2008-03-25 13:26:33 +00:00
Andreas Steffen 13bec89740 renamed certificate field in x509_cert.c to encoding 2008-03-25 12:22:12 +00:00
Andreas Steffen 84a5c6a679 added ac.c 2008-03-25 10:13:57 +00:00
Andreas Steffen 3e6ee16478 defined *_create_from_file() constructors in libstrongswan/credentials/certificates 2008-03-25 10:12:45 +00:00
Andreas Steffen 63cb8a7fee fixed refence counts before calling attribute certificate factory 2008-03-25 09:39:23 +00:00
Andreas Steffen 9bb8d23e17 corrected some doxygen entries 2008-03-22 08:15:18 +00:00
Andreas Steffen 855606efd4 optimized self-signed certificate detection 2008-03-21 20:37:08 +00:00
Andreas Steffen 36617c1ad5 shortened debug output 2008-03-21 20:36:19 +00:00
Andreas Steffen 02fd225ea5 detect trusted self-signed before trust chain verification 2008-03-21 19:10:55 +00:00
Andreas Steffen ffce5db1b7 self-signed certificates were not marked by x509_cert.c 2008-03-21 19:07:12 +00:00
Andreas Steffen c081a9bfe6 added ietf group attribute support to attibute certificate factory 2008-03-21 16:59:21 +00:00
Andreas Steffen 93da2684b6 fixed memory allocation problem in openac 2008-03-21 15:58:48 +00:00
Andreas Steffen 104c96a63c added BUILD_SERIAL component and fixed several ac bugs 2008-03-21 12:44:15 +00:00
Andreas Steffen a2083c30d5 added VALIDATION_UNKNOWN to cert_validation_names 2008-03-21 11:54:12 +00:00
Andreas Steffen 6ac3a7acbb added credential factory support for BULD_NOT_BEFORE_TIME and BUILD_NOT_AFTER_TIME 2008-03-21 11:32:33 +00:00
Andreas Steffen b6377673e7 added x509_ac_builder plugin 2008-03-21 10:52:11 +00:00
Andreas Steffen 3d48f3301a initialize library in openac 2008-03-21 10:42:05 +00:00
Andreas Steffen 754c1c0ef7 suppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from Astaro. 2008-03-21 09:34:40 +00:00
Andreas Steffen 112482d3f4 optimized debug output of credential_manager.c 2008-03-21 09:28:25 +00:00
Andreas Steffen dd7924f033 removed build.h include 2008-03-20 15:25:02 +00:00
Andreas Steffen bdec2e4f52 refactored openac and its attribute certificate factory 2008-03-20 15:23:52 +00:00
Andreas Steffen 25c9637222 modified debug text 2008-03-20 15:22:26 +00:00
Martin Willi dfd5cdcb88 cert_cache_t caches subject-issuer relations and subject certificates
ocsp/crl do not benefit yet due missing lookup function
2008-03-20 14:31:36 +00:00
Martin Willi fe8f7626d1 fallback to random end entity certificate if trustchain building fails 2008-03-20 13:14:55 +00:00
Martin Willi 629e55434a 2008-03-20 11:38:51 +00:00
Martin Willi a86e3ab37a some C libraries need _GNU_SOURCE for rwlocks 2008-03-20 11:27:55 +00:00
Martin Willi 36524c4844 added support for certificate requests for not yet known CAs 2008-03-20 10:09:56 +00:00