ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,542 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

225 Commits

Author SHA1 Message Date
Josh Soref b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner 878afdf90b pki: Add support for Ed448 keys/certificates 2020-02-10 13:37:31 +01:00
Tobias Brunner d16e810778 pki: Remove unnecessary and problematic chunk_from_chars() usage in --signcrl 
If the serial is not yet set, the same default value is set just below.

See 8ea13bbc5c for details on chunk_from_chars().

References #3249.
 2020-01-30 18:18:14 +01:00
Tobias Brunner ea1f4cd7a9 pki: Avoid naming conflict with global variables for passed arguments 2020-01-28 15:32:43 +01:00
Tobias Brunner 532060c0fa pki: Plugins to load may be defined via PKI_PLUGINS env variable 2019-05-08 14:56:48 +02:00
Andreas Steffen df6441a13f pki: Allow inclusion of [unsupported] critical X.509 extension 2019-05-08 14:56:48 +02:00
Tobias Brunner 0c924641e6 pki: Add different output options for --keyid 
Makes machine-processing these identifiers easier.
 2019-05-08 14:56:48 +02:00
Tobias Brunner c88030807e pki: Fix memory leaks in --signcrl if signature scheme is not found 
Fixes: dd4bd21c5a ("pki: Query private key for supported signature schemes")
 2019-04-30 10:25:56 +02:00
Tobias Brunner ecfe67550d signature-params: Provide option for maximum RSA/PSS salt length 
However, the length now has to be resolved early, so we don't operate on
the negative constant values e.g. when generating the encoding.
 2018-10-26 09:03:26 +02:00
Tobias Brunner dd4bd21c5a pki: Query private key for supported signature schemes 2018-10-26 09:03:26 +02:00
Tobias Brunner 66aca84eba signcrl: Remove useless assignment 2018-09-17 18:51:41 +02:00
Tobias Brunner 1b67166921 Unify format of HSR copyright statements 2018-05-23 16:32:53 +02:00
Tobias Brunner 943f3929f4 pki: --verify command optionally takes directories for CAs and CRLs 2018-05-18 17:29:00 +02:00
Andreas Steffen 3e7a19bfa9 pki: Extend pki --print with --keyid parameter 2017-12-10 19:31:10 +01:00
Tobias Brunner 27a79326c7 pki: Enable PSS padding if enabled in strongswan.conf 2017-11-08 16:48:10 +01:00
Tobias Brunner d57af8dde0 pki: Optionally generate RSA/PSS signatures 2017-11-08 16:48:10 +01:00
Tobias Brunner 9b828ee85f pki: Indent usage lines properly automatically 2017-11-08 16:48:10 +01:00
Tobias Brunner dc83bc147e pki: Properly forward digest to attribute certificate builder 2017-11-08 16:48:10 +01:00
Tobias Brunner 6f97c0d50b ikev2: Enumerate RSA/PSS schemes and use them if enabled 2017-11-08 16:48:10 +01:00
Tobias Brunner 54f8d09261 auth-cfg: Store signature schemes as signature_params_t objects 
Due to circular references the hasher_from_signature_scheme() helper
does not take a signature_params_t object.
 2017-11-08 16:48:10 +01:00
Tobias Brunner 4e7b7db62f certificates: Use shared destructor for x509_cdp_t 2017-09-18 10:54:19 +02:00
Tobias Brunner 609457e4c8 pki: Fix typo in --print man page 2017-07-05 10:15:45 +02:00
Tobias Brunner 525cc46cab Change interface for enumerator_create_filter() callback 
This avoids the unportable 5 pointer hack, but requires enumerating in
the callback.
 2017-05-26 13:56:44 +02:00
Tobias Brunner 069bf10d3f pki: Reset variable so error handling works properly 
If we jump to `end` without this we crash (not necessarily visibly) due
to a double free and the actual error message is not printed.
 2017-04-19 18:56:43 +02:00
Tobias Brunner 3207193cbf pki: Actually make the default key type KEY_ANY for --self 
Fixes: 05ccde0a8b ("pki: Add generic 'priv' key type that loads any
type of private key")
 2017-03-24 10:45:58 +01:00
Tobias Brunner 4c9418ac4d pki: Cast length derived from pointer arithmetic to int 2017-03-23 18:29:18 +01:00
Andreas Steffen ab94f76df6 pki: Add key object handle of smartcard or TPM private key as an argument to pki --keyid 2017-03-06 18:54:09 +01:00
Andreas Steffen 2d41e1c51c pki: Edited keyid parameter use in various pki man pages and usage outputs 2017-03-06 18:54:09 +01:00
Andreas Steffen 2da6a5f541 Add keyid of smartcard or TPM private key as an argument to pki --req 2017-03-02 20:30:24 +01:00
Martin Willi 2d7f940f11 pki: Add a note about constructing RFC 3779 compliant certificates to manpage 2017-02-27 09:36:48 +01:00
Martin Willi ead1dd3bcb pki: Support an --addrblock option for issued certificates 2017-02-27 09:36:48 +01:00
Martin Willi b6c371fbf1 pki: Support an --addrblock option for self-signed certificates 2017-02-27 09:36:48 +01:00
Martin Willi 48a5b29fd3 pki: Add a helper function parse traffic selectors from CIDR subnets or ranges 2017-02-27 09:36:48 +01:00
Andreas Steffen 35bc60cc68 Added support of EdDSA signatures 2016-12-14 11:15:47 +01:00
Tobias Brunner 790847d17c pki: Don't remove zero bytes in CRL serials anymore 
This was added a few years ago because pki --signcrl once encoded serials
incorrectly as eight byte blobs.  But still ensure we have can handle
overflows in case the serial is encoded incorrectly without zero-prefix.
 2016-10-11 17:18:22 +02:00
Tobias Brunner 49d9266c31 pki: Use serial of base CRL for delta CRLs 
According to RFC 5280 delta CRLs and complete CRLs MUST share one
numbering sequence.
 2016-10-11 17:18:22 +02:00
Tobias Brunner 05ccde0a8b pki: Add generic 'priv' key type that loads any type of private key 2016-10-05 11:32:52 +02:00
Tobias Brunner 1798e490da pki: Drop -priv suffix to specify private key types 2016-10-05 11:32:52 +02:00
Tobias Brunner 09d8215d3f pki: Allow to load CRLs from files in --verify 2016-08-25 11:07:35 +02:00
Martin Willi 518a5b2ece configure: Check for and explicitly link against -latomic 
Some C libraries, such as uClibc, require an explicit link for some atomic
functions. Check for any libatomic, and explcily link it.
 2016-06-14 14:27:20 +02:00
Tobias Brunner 50e190e8ad pki: Increase MAX_LINES 
The --issue and --self commands both define 10 lines of usage summary
text.
 2015-12-16 12:09:18 +01:00
Tobias Brunner 8ea64a78d6 pki: Never print more than MAX_LINES of usage summary 
Print a warning if a registered command exceeds that limit.
 2015-12-16 12:07:13 +01:00
Andreas Steffen 3317d0e77b Standardized printing of certificate information 
The certificate_printer class allows the printing of certificate
information to a text file (usually stdout). This class is used
by the pki --print and swanctl --list-certs commands as well as
by the stroke plugin.
 2015-12-11 18:26:53 +01:00
Martin Willi 41106e7993 pki: Explicitly link against -lpthread and -ldl if required 
We already do this for charon, as some toolchains require an explicit
link even if libstrongswan already depends on it.
 2015-12-04 08:02:03 +01:00
Andreas Steffen f6fede934b Support BLISS signatures with SHA-3 hash 2015-11-03 21:35:09 +01:00
Tobias Brunner 592f31f5af pki: Add new type options to --issue command usage output 2015-08-27 17:55:15 +02:00
Tobias Brunner 6ef4668626 pki: Add --dn command to extract the subject DN of a certificate 2015-08-17 11:34:01 +02:00
Tobias Brunner 1bc2549914 pki: Optionally extract public key from given private key in --issue 
Fixes #618.
 2015-08-10 12:33:02 +02:00
Tobias Brunner 2872f77829 pki: Choose default digest based on the signature key 2015-03-23 17:22:31 +01:00
Tobias Brunner ae0604f583 pki: Use SHA-256 as default for signatures 
Since the BLISS private key supports this we don't do any special
handling anymore (if the user choses a digest that is not supported,
signing will simply fail later because no signature scheme will be found).
 2015-03-23 17:22:31 +01:00