Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Tobias Brunner
878afdf90b
pki: Add support for Ed448 keys/certificates
2020-02-10 13:37:31 +01:00
Tobias Brunner
d16e810778
pki: Remove unnecessary and problematic chunk_from_chars() usage in --signcrl
...
If the serial is not yet set, the same default value is set just below.
See 8ea13bbc5c
for details on chunk_from_chars().
References #3249 .
2020-01-30 18:18:14 +01:00
Tobias Brunner
ea1f4cd7a9
pki: Avoid naming conflict with global variables for passed arguments
2020-01-28 15:32:43 +01:00
Tobias Brunner
532060c0fa
pki: Plugins to load may be defined via PKI_PLUGINS env variable
2019-05-08 14:56:48 +02:00
Andreas Steffen
df6441a13f
pki: Allow inclusion of [unsupported] critical X.509 extension
2019-05-08 14:56:48 +02:00
Tobias Brunner
0c924641e6
pki: Add different output options for --keyid
...
Makes machine-processing these identifiers easier.
2019-05-08 14:56:48 +02:00
Tobias Brunner
c88030807e
pki: Fix memory leaks in --signcrl if signature scheme is not found
...
Fixes: dd4bd21c5a
("pki: Query private key for supported signature schemes")
2019-04-30 10:25:56 +02:00
Tobias Brunner
ecfe67550d
signature-params: Provide option for maximum RSA/PSS salt length
...
However, the length now has to be resolved early, so we don't operate on
the negative constant values e.g. when generating the encoding.
2018-10-26 09:03:26 +02:00
Tobias Brunner
dd4bd21c5a
pki: Query private key for supported signature schemes
2018-10-26 09:03:26 +02:00
Tobias Brunner
66aca84eba
signcrl: Remove useless assignment
2018-09-17 18:51:41 +02:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Tobias Brunner
943f3929f4
pki: --verify command optionally takes directories for CAs and CRLs
2018-05-18 17:29:00 +02:00
Andreas Steffen
3e7a19bfa9
pki: Extend pki --print with --keyid parameter
2017-12-10 19:31:10 +01:00
Tobias Brunner
27a79326c7
pki: Enable PSS padding if enabled in strongswan.conf
2017-11-08 16:48:10 +01:00
Tobias Brunner
d57af8dde0
pki: Optionally generate RSA/PSS signatures
2017-11-08 16:48:10 +01:00
Tobias Brunner
9b828ee85f
pki: Indent usage lines properly automatically
2017-11-08 16:48:10 +01:00
Tobias Brunner
dc83bc147e
pki: Properly forward digest to attribute certificate builder
2017-11-08 16:48:10 +01:00
Tobias Brunner
6f97c0d50b
ikev2: Enumerate RSA/PSS schemes and use them if enabled
2017-11-08 16:48:10 +01:00
Tobias Brunner
54f8d09261
auth-cfg: Store signature schemes as signature_params_t objects
...
Due to circular references the hasher_from_signature_scheme() helper
does not take a signature_params_t object.
2017-11-08 16:48:10 +01:00
Tobias Brunner
4e7b7db62f
certificates: Use shared destructor for x509_cdp_t
2017-09-18 10:54:19 +02:00
Tobias Brunner
609457e4c8
pki: Fix typo in --print man page
2017-07-05 10:15:45 +02:00
Tobias Brunner
525cc46cab
Change interface for enumerator_create_filter() callback
...
This avoids the unportable 5 pointer hack, but requires enumerating in
the callback.
2017-05-26 13:56:44 +02:00
Tobias Brunner
069bf10d3f
pki: Reset variable so error handling works properly
...
If we jump to `end` without this we crash (not necessarily visibly) due
to a double free and the actual error message is not printed.
2017-04-19 18:56:43 +02:00
Tobias Brunner
3207193cbf
pki: Actually make the default key type KEY_ANY for --self
...
Fixes: 05ccde0a8b
("pki: Add generic 'priv' key type that loads any
type of private key")
2017-03-24 10:45:58 +01:00
Tobias Brunner
4c9418ac4d
pki: Cast length derived from pointer arithmetic to int
2017-03-23 18:29:18 +01:00
Andreas Steffen
ab94f76df6
pki: Add key object handle of smartcard or TPM private key as an argument to pki --keyid
2017-03-06 18:54:09 +01:00
Andreas Steffen
2d41e1c51c
pki: Edited keyid parameter use in various pki man pages and usage outputs
2017-03-06 18:54:09 +01:00
Andreas Steffen
2da6a5f541
Add keyid of smartcard or TPM private key as an argument to pki --req
2017-03-02 20:30:24 +01:00
Martin Willi
2d7f940f11
pki: Add a note about constructing RFC 3779 compliant certificates to manpage
2017-02-27 09:36:48 +01:00
Martin Willi
ead1dd3bcb
pki: Support an --addrblock option for issued certificates
2017-02-27 09:36:48 +01:00
Martin Willi
b6c371fbf1
pki: Support an --addrblock option for self-signed certificates
2017-02-27 09:36:48 +01:00
Martin Willi
48a5b29fd3
pki: Add a helper function parse traffic selectors from CIDR subnets or ranges
2017-02-27 09:36:48 +01:00
Andreas Steffen
35bc60cc68
Added support of EdDSA signatures
2016-12-14 11:15:47 +01:00
Tobias Brunner
790847d17c
pki: Don't remove zero bytes in CRL serials anymore
...
This was added a few years ago because pki --signcrl once encoded serials
incorrectly as eight byte blobs. But still ensure we have can handle
overflows in case the serial is encoded incorrectly without zero-prefix.
2016-10-11 17:18:22 +02:00
Tobias Brunner
49d9266c31
pki: Use serial of base CRL for delta CRLs
...
According to RFC 5280 delta CRLs and complete CRLs MUST share one
numbering sequence.
2016-10-11 17:18:22 +02:00
Tobias Brunner
05ccde0a8b
pki: Add generic 'priv' key type that loads any type of private key
2016-10-05 11:32:52 +02:00
Tobias Brunner
1798e490da
pki: Drop -priv suffix to specify private key types
2016-10-05 11:32:52 +02:00
Tobias Brunner
09d8215d3f
pki: Allow to load CRLs from files in --verify
2016-08-25 11:07:35 +02:00
Martin Willi
518a5b2ece
configure: Check for and explicitly link against -latomic
...
Some C libraries, such as uClibc, require an explicit link for some atomic
functions. Check for any libatomic, and explcily link it.
2016-06-14 14:27:20 +02:00
Tobias Brunner
50e190e8ad
pki: Increase MAX_LINES
...
The --issue and --self commands both define 10 lines of usage summary
text.
2015-12-16 12:09:18 +01:00
Tobias Brunner
8ea64a78d6
pki: Never print more than MAX_LINES of usage summary
...
Print a warning if a registered command exceeds that limit.
2015-12-16 12:07:13 +01:00
Andreas Steffen
3317d0e77b
Standardized printing of certificate information
...
The certificate_printer class allows the printing of certificate
information to a text file (usually stdout). This class is used
by the pki --print and swanctl --list-certs commands as well as
by the stroke plugin.
2015-12-11 18:26:53 +01:00
Martin Willi
41106e7993
pki: Explicitly link against -lpthread and -ldl if required
...
We already do this for charon, as some toolchains require an explicit
link even if libstrongswan already depends on it.
2015-12-04 08:02:03 +01:00
Andreas Steffen
f6fede934b
Support BLISS signatures with SHA-3 hash
2015-11-03 21:35:09 +01:00
Tobias Brunner
592f31f5af
pki: Add new type options to --issue command usage output
2015-08-27 17:55:15 +02:00
Tobias Brunner
6ef4668626
pki: Add --dn command to extract the subject DN of a certificate
2015-08-17 11:34:01 +02:00
Tobias Brunner
1bc2549914
pki: Optionally extract public key from given private key in --issue
...
Fixes #618 .
2015-08-10 12:33:02 +02:00
Tobias Brunner
2872f77829
pki: Choose default digest based on the signature key
2015-03-23 17:22:31 +01:00
Tobias Brunner
ae0604f583
pki: Use SHA-256 as default for signatures
...
Since the BLISS private key supports this we don't do any special
handling anymore (if the user choses a digest that is not supported,
signing will simply fail later because no signature scheme will be found).
2015-03-23 17:22:31 +01:00