Martin Willi
5d5e2853b6
SIM card interface takes IMSI as parameter (same as in USIM)
2009-10-09 13:02:20 +02:00
Martin Willi
31f5280cee
Fixed USIM parameter description
2009-10-09 13:02:20 +02:00
Martin Willi
424ddf801c
Do not use monotonic time for AKA sequence numbers, it has an undefined starting point
2009-10-09 13:02:20 +02:00
Martin Willi
655728621b
Use constants instead of sizeof(), sizeof() does not work for function arguments
2009-10-09 13:02:20 +02:00
Martin Willi
aba93dcc32
Calculate missing CK/IK values in USIM
2009-10-09 13:02:20 +02:00
Martin Willi
aca7ba0ffc
Link 3gpp2 EAP-AKA plugin to libgmp
2009-10-09 13:02:20 +02:00
Martin Willi
53a16b72ab
Separated 3gpp2 USIM card and provider functionality
2009-10-09 13:02:20 +02:00
Martin Willi
0030880c6b
Ported AKA functions to 3gpp2 plugin
2009-10-09 13:02:19 +02:00
Martin Willi
4720815774
Added a stub for the EAP-AKA backend implementing the 3GPP2 functions in software
2009-10-09 13:02:19 +02:00
Martin Willi
36a3bccfcf
Implemented a manager for USIM cards/providers very similar to the SIM manager
2009-10-09 13:02:19 +02:00
Andreas Steffen
c6b2b2aae2
corrected caption
2009-10-09 00:16:33 +02:00
Andreas Steffen
4b4f8bd732
created identification_create_from_sockaddr() function
2009-10-09 00:13:28 +02:00
Martin Willi
a4eb37eed0
Added medsrv.fcgi to gitignore
2009-10-08 13:10:02 +02:00
Andreas Steffen
5026519057
medsrv.fcgi is not part of the git tree
2009-10-08 13:05:27 +02:00
Andreas Steffen
878fc472e9
hex_str() isn't used externally any more
2009-10-08 13:04:07 +02:00
Andreas Steffen
e64b4e96c9
parsing of generalNames is not needed any more
2009-10-08 12:42:29 +02:00
Andreas Steffen
88212ee6e7
use of asn1_build_known_oid()
2009-10-08 12:35:36 +02:00
Andreas Steffen
0354d5703d
migrated public key IDs to identification_t
2009-10-08 11:25:43 +02:00
Martin Willi
4b1cd5a367
Reenabled acq_expires SA timer using rekey timeout
...
While not using a SA expiration for allocating SPIs works fine,
the situation is much more problematic for kernel-created temporary
SAs from acquires. If the negotiation of such a CHILD_SA fails,
the created temporary SA can not be deleted.
2009-10-07 13:09:59 +02:00
Martin Willi
991f7ccd6c
Catch CHILD_SA state changes during acquire
...
If an acquire fails due to a TS_UNACCEPTABLE or other CHILD_SA only errors,
we have to reset the pending state in the trap manager.
2009-10-07 13:09:59 +02:00
Andreas Steffen
84e390fdc4
list subjectAltNames
2009-10-06 23:50:26 +02:00
Andreas Steffen
20afe5e9f5
some ipsec listall finetuning
2009-10-06 23:19:46 +02:00
Andreas Steffen
ce2f2461e0
pluto and charon now have the same ipsec listall output format
2009-10-06 16:49:46 +02:00
Andreas Steffen
f3e9eae283
the ikev1 scenarios need the x509 plugin
2009-10-06 14:38:34 +02:00
Andreas Steffen
cf85e1319b
streamlined output from get_validity()
2009-10-06 14:22:27 +02:00
Andreas Steffen
afdaa9e5bf
fixed serial number conversion from hex
2009-10-05 23:52:35 +02:00
Andreas Steffen
0da0f3fc3f
delete group attributes after use
2009-10-05 23:17:36 +02:00
Andreas Steffen
a9fe23cf53
stroke_list outputs group attributes
2009-10-05 23:13:51 +02:00
Andreas Steffen
408e46a324
ipsec pki --issue suports --flag authServer option
2009-10-05 22:44:01 +02:00
Andreas Steffen
ce40bf5def
ipsec pki --issue supports --flag ocspSigning option
2009-10-05 21:20:42 +02:00
Martin Willi
6eacaffc72
Cleaned up EAP-AKA en/decoding, eliminated unaligned half-word reads
2009-10-05 14:06:32 +02:00
Martin Willi
3b836fc759
Cleaned up EAP-SIM en/decoding, eliminated unaligned half-word reads
2009-10-05 13:32:41 +02:00
Martin Willi
587ebae722
Distinguish invalid free()s between corrupted magic and invalid pointer
2009-10-05 11:02:54 +02:00
Andreas Steffen
fc12e3cd2e
pluto now uses x509 plugin for attribute certificate handling
2009-10-05 07:24:28 +02:00
Andreas Steffen
0ea9cbc6e9
fixed output of authKeyID
2009-10-02 21:20:45 +02:00
Andreas Steffen
0aa5cea248
mark embedded parsing in debug mode
2009-10-02 20:54:15 +02:00
Andreas Steffen
ec0abe4ab5
added some notBefore/notAfter debugging info
2009-10-02 20:14:09 +02:00
Andreas Steffen
daaedcb9c2
verify correctness of X.509 versions
2009-10-02 17:49:51 +02:00
Andreas Steffen
6f2f08fb8d
added all missing RFC 5280 OIDs
2009-10-02 14:10:27 +02:00
Andreas Steffen
03a52ce4e5
created ikev1/mode-config-multiple scenario
2009-10-01 09:42:35 +02:00
Andreas Steffen
eb4544f773
fixes multiple IPsec SAs with IKEv1 Mode Config
2009-10-01 09:41:35 +02:00
Andreas Steffen
70e81857f9
generate known OIDs dynamically
2009-09-30 11:49:32 +02:00
Andreas Steffen
0c8d08068e
pluto's crl handling now uses the x509 plugin
2009-09-30 09:29:15 +02:00
Andreas Steffen
5406c65702
scepclient uses pkcs10 from libstrongswan
2009-09-28 05:52:20 +02:00
Andreas Steffen
c72080cea8
abbreviated struct connection by connection_t
2009-09-27 23:49:37 +02:00
Andreas Steffen
0eff9f6539
pluto and scepclient now use the x509 plugin for certificates
2009-09-27 23:09:30 +02:00
Andreas Steffen
727b0f11e2
whitelist Curl_client_write
2009-09-27 23:07:21 +02:00
Andreas Steffen
8ad23ba346
added get_subjectKeyIdentifier() to x509_t
2009-09-26 22:10:36 +02:00
Martin Willi
f12d8cf719
Do not increase the invalid-KE/Cookie retry counter for additional keyingtry attempts
2009-09-24 14:49:41 +02:00
Martin Willi
cf76c42903
Do not create a replacement IKE_SA if we have CHILD_SAs to route only
2009-09-24 14:49:41 +02:00