Tobias Brunner
1a8ffea315
pki: Add example commands to setup a simple CA
2013-09-13 15:07:36 +02:00
Tobias Brunner
b068c4ec9d
pki: Add pki --verify man page
2013-09-13 15:07:36 +02:00
Tobias Brunner
4adeaa5eb9
pki: Add pki --pub man page
2013-09-13 15:07:36 +02:00
Tobias Brunner
a319eff80d
pki: Add pki --print man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
e69fd30538
pki: Add pki --keyid man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
558771400e
pki: Add pki --pkcs7 man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
bb8e2e1759
pki: Add pki --req man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
96aa5a1ddd
pki: Add pki --signcrl man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
42e3a21e24
pki: Add pki --issue man page
2013-09-13 15:07:35 +02:00
Tobias Brunner
3a643b8901
pki: Add pki --self man page
...
Can be opened with "man pki --self".
2013-09-13 15:07:35 +02:00
Tobias Brunner
a612f6e338
pki: Add pki --gen man page
...
Can be opened with "man pki --gen".
2013-09-13 15:07:29 +02:00
Tobias Brunner
34cff9349b
pki: Add ipsec-pki(8) man page
...
Can be opened either with "man ipsec pki" or "man ipsec-pki".
Since man(1) only supports one level of subpages, the forthcoming man
pages for each command will have to be opened with "man pki --<command>".
2013-09-13 14:32:51 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Tobias Brunner
b18a531715
plugin-loader: Removed unused path argument of load() method
...
Multiple additional search paths can be added with the add_path()
method.
2013-06-28 10:44:15 +02:00
Tobias Brunner
11adf114c1
Fixed Doxygen comments after scanning complete src directory
2013-03-02 18:31:53 +01:00
Andreas Steffen
a4ddc0bb26
Encode RSA public keys in RFC 3110 DNSKEY format
2013-02-19 12:25:00 +01:00
Tobias Brunner
4cd3fb788d
Properly read data from stream in pki --pkcs7
2013-01-24 19:13:41 +01:00
Tobias Brunner
27a814b527
Properly destroy mem_cred object on pki --pkcs7 --help
2013-01-24 19:13:41 +01:00
Martin Willi
063ae4e52a
Allocate data returned by pkcs7_t.get_attribute()
2012-12-19 10:32:08 +01:00
Martin Willi
24b2dae2b6
Add a --show option to pki --pkcs7 to print contained certificates
2012-12-19 10:32:08 +01:00
Martin Willi
9afbe59953
pki --pkcs7 --verify shows prints the signing time, if available
2012-12-19 10:32:08 +01:00
Martin Willi
5a50bec9d2
Fix leak in pki --pkcs7 --decrypt
2012-12-19 10:32:08 +01:00
Martin Willi
47120d4977
Add a pki command to sign, verify, encrypt and decrypt PKCS#7 containers
2012-12-19 10:32:07 +01:00
Andreas Steffen
48b23d06a8
allow the optional sharing if RSA private keys
2012-11-22 00:34:42 +01:00
Andreas Steffen
168ee460c6
implemented generation of safe primes
2012-11-18 19:22:31 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
8b0dce08f2
Avoid overrunning array when registering pki command line options
2012-09-28 18:22:54 +02:00
Martin Willi
c63fb853e8
Use centralized hasher names in pki utility
2012-07-17 17:32:05 +02:00
Tobias Brunner
e93bb353d5
Check rng return value when generating serial numbers in pki utility
2012-07-16 14:53:35 +02:00
Martin Willi
a37f2d2006
certificate_t->issued_by takes an argument to receive signature scheme
2012-06-12 14:24:49 +02:00
Martin Willi
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
Andreas Steffen
5ff99529e6
ASN.1 two's complement encoding prevents overflow in CRL serial number
2012-04-04 11:29:12 +02:00
Andreas Steffen
320fd5fe62
moved chunk_skip_zero to chunk.h
2012-04-03 14:12:50 +02:00
Andreas Steffen
e464894e8b
remove leading zeros in ASN.1 encoded serial numbers
2012-03-27 15:05:36 +02:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Tobias Brunner
4bc4e8e17b
Added support for iKEIntermediate flag to ipsec pki.
2012-03-20 17:31:25 +01:00
Tobias Brunner
f1ba06c1c6
Cache list of plugin names to further simplify its usage.
...
Also helpful for ipsec statusall to avoid having to enumerate plugins.
2012-01-19 12:37:42 +01:00
Tobias Brunner
fdf1f239ef
Log list of loaded plugins in main PKI help output.
2012-01-19 11:56:43 +01:00
Tobias Brunner
20d752b4ff
pki: Avoid integer overflow when calculating certificate lifetimes.
...
This only works properly if sizeof(time_t) > 4.
2011-12-23 16:33:24 +01:00
Tobias Brunner
29388829fa
Do proper cleanup in error case in pki req.
2011-04-14 18:11:45 +02:00
Tobias Brunner
3fe6c0b27e
Do proper cleanup in some error cases in pki signcrl.
2011-04-14 18:11:44 +02:00
Andreas Steffen
eead71eb75
use DN from pkcs10 request if it exists
2011-02-07 23:41:54 +01:00
Martin Willi
3fd3f8dea8
Added support for empty subjects DNs to pki --issue
2011-01-05 16:46:07 +01:00
Martin Willi
0110c26a04
Use incremented serial of base CRL when signing delta CRL
2011-01-05 16:46:06 +01:00
Martin Willi
b088fd4a76
Slightly renamed different policyConstraints to distinguish them better
2011-01-05 16:46:05 +01:00
Martin Willi
6a339fffc7
Added inhibitAnyPolicy constraint support to pki tool
2011-01-05 16:46:05 +01:00
Martin Willi
b3d359e58f
Use a generic getter for all numerical X.509 constraints
2011-01-05 16:46:05 +01:00
Martin Willi
de8521f6f2
Added support for delta CRLs to pki tool
2011-01-05 16:46:04 +01:00
Martin Willi
a6478a0402
Simplified format of x509 CRL URI parsing/enumerator
2011-01-05 16:46:03 +01:00
Martin Willi
a864eb37b1
Added policyConstraints support to pki tool
2011-01-05 16:46:02 +01:00
Martin Willi
5dba5852fc
Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
2011-01-05 16:46:02 +01:00
Martin Willi
3ffc9d9a88
Added policyMappings support to pki tool
2011-01-05 16:46:02 +01:00
Martin Willi
6c3ac04478
Added certificatePolicy options to pki tool
2011-01-05 16:46:02 +01:00
Martin Willi
e6fbe5933b
pki --issue/self support permitted/excluded NameConstraints
2011-01-05 16:46:00 +01:00
Martin Willi
64bcaae203
pki --print prints NameConstraints
2011-01-05 16:46:00 +01:00
Martin Willi
dffb176f2b
CRLSign keyUsage or CA basicConstraint are sufficient for CRL validation
2011-01-05 16:45:56 +01:00
Martin Willi
bb0cda2fa9
pki tool shows and builds crlSign keyUsage
2011-01-05 16:45:56 +01:00
Martin Willi
630d58724a
Added --crlissuer option to pki --issue
2011-01-05 16:45:56 +01:00
Martin Willi
4e508517d7
Added support for CRL Issuers to x509 and OpenSSL plugins
2011-01-05 16:45:55 +01:00
Martin Willi
21f80e9dbc
Added crl support to pki --print
2010-08-30 11:23:45 +02:00
Martin Willi
8f01815143
Build dedicated plugin lists for each strongSwan component
2010-08-12 14:46:57 +02:00
Martin Willi
a944d2092b
Use bits instead of bytes for a private/public key
2010-08-10 18:46:30 +02:00
Martin Willi
efab731338
Added PKCS#11 private key support to the pki tool
2010-08-04 09:26:21 +02:00
Martin Willi
089d554a01
The pki tool uses a callback credential set to read in passphrase/PIN
2010-08-04 09:26:21 +02:00
Martin Willi
3429be9514
Use a dedicated build part for challenge passwords, BUILD_PASSPHRASE gets obsolete
2010-08-04 09:26:21 +02:00
Martin Willi
b5b95c75de
Added pki PEM encoding support for certificates, CRLs and PKCS10 requests
2010-07-13 14:14:39 +02:00
Martin Willi
0406eeaacb
Support different encoding types in certificate.get_encoding()
2010-07-13 13:53:20 +02:00
Martin Willi
da9724e6d0
Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding
2010-07-13 11:29:35 +02:00
Martin Willi
a2cf26f1c1
Changed default lifetime of certificates to 3 years
2010-05-31 13:15:19 +02:00
Martin Willi
70ac7c43a5
Support extendedKeyUsage flags in self-signed certificates
2010-05-31 13:15:05 +02:00
Martin Willi
0c73ceff0a
Added a --signcrl command to the pki utility
2010-05-21 16:25:51 +02:00
Martin Willi
2e57b21252
Added a --print command to pki that dumps different credentials
2010-05-20 17:37:18 +02:00
Tobias Brunner
257e27df07
Fixing out-of-tree build after adding dependency to config.status.
2010-04-29 13:29:53 +02:00
Martin Willi
b0e789035c
Users of PLUGINS depend on config.status, rebuilding them if plugin configuration is updated
2010-04-29 11:28:27 +02:00
Tobias Brunner
8b0e09103b
Adding DBG_LIB to all calls of libstrongswan's version of DBG*.
2010-04-06 12:47:40 +02:00
Andreas Steffen
e3943f5559
fixed short option name
2010-04-04 10:30:08 +02:00
Andreas Steffen
c0df187cb4
we don't accept a serial number with leading zeroes
2010-03-14 19:41:40 +01:00
Martin Willi
7eab4a1be6
Support TLS client authentication Extended Key Usage in x509 generation
2010-01-14 12:00:43 +01:00
Andreas Steffen
3e33ae1004
ipsec pki --self|issue supports --pathlen option setting a path length constraint
2009-12-31 15:13:35 +01:00
Martin Willi
4952dc11da
Fixed all doxygen warnings
2009-10-22 14:34:10 +02:00
Andreas Steffen
408e46a324
ipsec pki --issue suports --flag authServer option
2009-10-05 22:44:01 +02:00
Andreas Steffen
ce40bf5def
ipsec pki --issue supports --flag ocspSigning option
2009-10-05 21:20:42 +02:00
Martin Willi
17859fe6cf
Right-align short options in pki usage
2009-09-24 11:28:53 +02:00
Martin Willi
b538b606da
Use the default debug hook if possible
2009-09-16 13:16:00 +02:00
Martin Willi
a474081f1f
Removed obsolete per-command debug level option
2009-09-16 12:52:56 +02:00
Andreas Steffen
934942dddb
corrected usage
2009-09-15 22:43:22 +02:00
Andreas Steffen
c657492705
pki --req generates a PKCS#10 certificate request
2009-09-15 22:33:32 +02:00
Andreas Steffen
8101695b32
fixed typo
2009-09-15 16:48:13 +02:00
Martin Willi
ae7452e87c
Handle pki --debug and --options in a generic way for all command
2009-09-15 11:53:46 +02:00
Martin Willi
4fdb9f6f74
pki tool supports single letter short options
2009-09-15 10:20:22 +02:00
Andreas Steffen
622e558cb0
pki --pub and --keyid accept pkcs10 as input
2009-09-15 06:24:14 +02:00
Andreas Steffen
5a4dee6dc4
enable debug level setting
2009-09-14 19:29:05 +02:00
Andreas Steffen
f03e0e9147
support of PKCS#10 certificate request parsing
2009-09-13 21:00:15 +02:00
Andreas Steffen
4da11016e7
fixed another typo
2009-09-12 06:44:11 +02:00
Andreas Steffen
abffb63ffe
fixed typo
2009-09-12 06:42:35 +02:00
Martin Willi
06a8df11d9
pki tool can issue/self-sign certificates with OCSP URIs
2009-09-11 17:17:56 +02:00
Martin Willi
3a7bd9bd49
pki tool can issue certificates with CRL distribution points
2009-09-11 15:36:22 +02:00
Martin Willi
356b2b2780
pass NULL to library_init() to load settings from default file
2009-09-10 18:52:42 +02:00
Martin Willi
5b03a350fc
use NULL to load plugins from default plugin directory
2009-09-10 18:52:42 +02:00
Martin Willi
3ce9438b60
Use dynamic registration/usage invocation of command types
2009-09-10 16:18:30 +02:00
Martin Willi
6be68cc1c7
splitted PKI tool to a file per command
2009-09-10 12:31:40 +02:00
Martin Willi
e5e6c6f43c
use generic option parsing with usage information
2009-09-10 11:18:41 +02:00
Martin Willi
63ee88745a
fixed memleak
2009-09-09 17:16:00 +02:00
Andreas Steffen
1f45e32594
split usage information
2009-09-09 02:37:17 +02:00
Andreas Steffen
e666d45ddb
updated usage of ipsec pki --self
2009-09-08 22:22:09 +02:00
Andreas Steffen
a5fc71562a
support --options also in ipsec pki --self
2009-09-08 21:54:00 +02:00
Andreas Steffen
ddf8ee0f37
--options reads command line options from file
2009-09-08 21:36:35 +02:00
Martin Willi
b5d31b3e56
pki tool supports subjectAltNames in certificates
2009-09-08 13:27:35 +02:00
Martin Willi
8871e59c11
pki tool --issue/--verify operations require a CA with CA basicConstraint
2009-09-08 10:44:08 +02:00
Martin Willi
e4a4589606
pki tool can set CA basicConstraint on --self/--issued certificates
2009-09-08 10:39:04 +02:00
Martin Willi
58f34613e0
pki tool can issue certificates
2009-09-07 16:04:30 +02:00
Martin Willi
7daf5226b7
removed trailing spaces ([[:space:]]+$)
2009-09-04 13:46:09 +02:00
Martin Willi
8fb4edc4ff
handle plugin loading failures
2009-09-01 16:20:45 +02:00
Andreas Steffen
be04eef270
allow choice of digest algorithm in certificate generation
2009-08-28 09:08:03 +02:00
Andreas Steffen
050649ac41
cosmetics
2009-08-27 15:35:56 +02:00
Martin Willi
cec37b643a
fixed return value
2009-08-27 15:28:45 +02:00
Martin Willi
9436b31c94
PKI tool supports certificate verification
2009-08-27 14:43:40 +02:00
Martin Willi
5e97fa9900
PKI tool supports generation of self-signed certificates
2009-08-27 13:59:30 +02:00
Martin Willi
d5dd43e777
implemented fingerprinting support for PKI tool
2009-08-27 10:41:07 +02:00
Andreas Steffen
289ce4ade6
use --outform consistantly
2009-08-26 18:55:18 +02:00
Andreas Steffen
2f1f17f137
the option has been changed to --outform
2009-08-26 18:41:19 +02:00
Martin Willi
083142c4a0
encoding public EC keys is not really possible without subjectPublicKeyInfo
2009-08-26 16:15:38 +02:00
Martin Willi
d4df33f255
pki tool supports public key extraction from private key, certificates
2009-08-26 13:05:17 +02:00
Martin Willi
7c577c8ea2
started implementation of a PKI tool, currently supporting RSA|ECDSA key generation
2009-08-26 11:23:55 +02:00