Martin Willi
|
a864eb37b1
|
Added policyConstraints support to pki tool
|
2011-01-05 16:46:02 +01:00 |
Martin Willi
|
5dba5852fc
|
Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
|
2011-01-05 16:46:02 +01:00 |
Martin Willi
|
3ffc9d9a88
|
Added policyMappings support to pki tool
|
2011-01-05 16:46:02 +01:00 |
Martin Willi
|
6c3ac04478
|
Added certificatePolicy options to pki tool
|
2011-01-05 16:46:02 +01:00 |
Martin Willi
|
e6fbe5933b
|
pki --issue/self support permitted/excluded NameConstraints
|
2011-01-05 16:46:00 +01:00 |
Martin Willi
|
64bcaae203
|
pki --print prints NameConstraints
|
2011-01-05 16:46:00 +01:00 |
Martin Willi
|
dffb176f2b
|
CRLSign keyUsage or CA basicConstraint are sufficient for CRL validation
|
2011-01-05 16:45:56 +01:00 |
Martin Willi
|
bb0cda2fa9
|
pki tool shows and builds crlSign keyUsage
|
2011-01-05 16:45:56 +01:00 |
Martin Willi
|
630d58724a
|
Added --crlissuer option to pki --issue
|
2011-01-05 16:45:56 +01:00 |
Martin Willi
|
4e508517d7
|
Added support for CRL Issuers to x509 and OpenSSL plugins
|
2011-01-05 16:45:55 +01:00 |
Martin Willi
|
21f80e9dbc
|
Added crl support to pki --print
|
2010-08-30 11:23:45 +02:00 |
Martin Willi
|
8f01815143
|
Build dedicated plugin lists for each strongSwan component
|
2010-08-12 14:46:57 +02:00 |
Martin Willi
|
a944d2092b
|
Use bits instead of bytes for a private/public key
|
2010-08-10 18:46:30 +02:00 |
Martin Willi
|
efab731338
|
Added PKCS#11 private key support to the pki tool
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
089d554a01
|
The pki tool uses a callback credential set to read in passphrase/PIN
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
3429be9514
|
Use a dedicated build part for challenge passwords, BUILD_PASSPHRASE gets obsolete
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
b5b95c75de
|
Added pki PEM encoding support for certificates, CRLs and PKCS10 requests
|
2010-07-13 14:14:39 +02:00 |
Martin Willi
|
0406eeaacb
|
Support different encoding types in certificate.get_encoding()
|
2010-07-13 13:53:20 +02:00 |
Martin Willi
|
da9724e6d0
|
Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding
|
2010-07-13 11:29:35 +02:00 |
Martin Willi
|
a2cf26f1c1
|
Changed default lifetime of certificates to 3 years
|
2010-05-31 13:15:19 +02:00 |
Martin Willi
|
70ac7c43a5
|
Support extendedKeyUsage flags in self-signed certificates
|
2010-05-31 13:15:05 +02:00 |
Martin Willi
|
0c73ceff0a
|
Added a --signcrl command to the pki utility
|
2010-05-21 16:25:51 +02:00 |
Martin Willi
|
2e57b21252
|
Added a --print command to pki that dumps different credentials
|
2010-05-20 17:37:18 +02:00 |
Tobias Brunner
|
257e27df07
|
Fixing out-of-tree build after adding dependency to config.status.
|
2010-04-29 13:29:53 +02:00 |
Martin Willi
|
b0e789035c
|
Users of PLUGINS depend on config.status, rebuilding them if plugin configuration is updated
|
2010-04-29 11:28:27 +02:00 |
Tobias Brunner
|
8b0e09103b
|
Adding DBG_LIB to all calls of libstrongswan's version of DBG*.
|
2010-04-06 12:47:40 +02:00 |
Andreas Steffen
|
e3943f5559
|
fixed short option name
|
2010-04-04 10:30:08 +02:00 |
Andreas Steffen
|
c0df187cb4
|
we don't accept a serial number with leading zeroes
|
2010-03-14 19:41:40 +01:00 |
Martin Willi
|
7eab4a1be6
|
Support TLS client authentication Extended Key Usage in x509 generation
|
2010-01-14 12:00:43 +01:00 |
Andreas Steffen
|
3e33ae1004
|
ipsec pki --self|issue supports --pathlen option setting a path length constraint
|
2009-12-31 15:13:35 +01:00 |
Martin Willi
|
4952dc11da
|
Fixed all doxygen warnings
|
2009-10-22 14:34:10 +02:00 |
Andreas Steffen
|
408e46a324
|
ipsec pki --issue suports --flag authServer option
|
2009-10-05 22:44:01 +02:00 |
Andreas Steffen
|
ce40bf5def
|
ipsec pki --issue supports --flag ocspSigning option
|
2009-10-05 21:20:42 +02:00 |
Martin Willi
|
17859fe6cf
|
Right-align short options in pki usage
|
2009-09-24 11:28:53 +02:00 |
Martin Willi
|
b538b606da
|
Use the default debug hook if possible
|
2009-09-16 13:16:00 +02:00 |
Martin Willi
|
a474081f1f
|
Removed obsolete per-command debug level option
|
2009-09-16 12:52:56 +02:00 |
Andreas Steffen
|
934942dddb
|
corrected usage
|
2009-09-15 22:43:22 +02:00 |
Andreas Steffen
|
c657492705
|
pki --req generates a PKCS#10 certificate request
|
2009-09-15 22:33:32 +02:00 |
Andreas Steffen
|
8101695b32
|
fixed typo
|
2009-09-15 16:48:13 +02:00 |
Martin Willi
|
ae7452e87c
|
Handle pki --debug and --options in a generic way for all command
|
2009-09-15 11:53:46 +02:00 |
Martin Willi
|
4fdb9f6f74
|
pki tool supports single letter short options
|
2009-09-15 10:20:22 +02:00 |
Andreas Steffen
|
622e558cb0
|
pki --pub and --keyid accept pkcs10 as input
|
2009-09-15 06:24:14 +02:00 |
Andreas Steffen
|
5a4dee6dc4
|
enable debug level setting
|
2009-09-14 19:29:05 +02:00 |
Andreas Steffen
|
f03e0e9147
|
support of PKCS#10 certificate request parsing
|
2009-09-13 21:00:15 +02:00 |
Andreas Steffen
|
4da11016e7
|
fixed another typo
|
2009-09-12 06:44:11 +02:00 |
Andreas Steffen
|
abffb63ffe
|
fixed typo
|
2009-09-12 06:42:35 +02:00 |
Martin Willi
|
06a8df11d9
|
pki tool can issue/self-sign certificates with OCSP URIs
|
2009-09-11 17:17:56 +02:00 |
Martin Willi
|
3a7bd9bd49
|
pki tool can issue certificates with CRL distribution points
|
2009-09-11 15:36:22 +02:00 |
Martin Willi
|
356b2b2780
|
pass NULL to library_init() to load settings from default file
|
2009-09-10 18:52:42 +02:00 |
Martin Willi
|
5b03a350fc
|
use NULL to load plugins from default plugin directory
|
2009-09-10 18:52:42 +02:00 |
Martin Willi
|
3ce9438b60
|
Use dynamic registration/usage invocation of command types
|
2009-09-10 16:18:30 +02:00 |
Martin Willi
|
6be68cc1c7
|
splitted PKI tool to a file per command
|
2009-09-10 12:31:40 +02:00 |
Martin Willi
|
e5e6c6f43c
|
use generic option parsing with usage information
|
2009-09-10 11:18:41 +02:00 |
Martin Willi
|
63ee88745a
|
fixed memleak
|
2009-09-09 17:16:00 +02:00 |
Andreas Steffen
|
1f45e32594
|
split usage information
|
2009-09-09 02:37:17 +02:00 |
Andreas Steffen
|
e666d45ddb
|
updated usage of ipsec pki --self
|
2009-09-08 22:22:09 +02:00 |
Andreas Steffen
|
a5fc71562a
|
support --options also in ipsec pki --self
|
2009-09-08 21:54:00 +02:00 |
Andreas Steffen
|
ddf8ee0f37
|
--options reads command line options from file
|
2009-09-08 21:36:35 +02:00 |
Martin Willi
|
b5d31b3e56
|
pki tool supports subjectAltNames in certificates
|
2009-09-08 13:27:35 +02:00 |
Martin Willi
|
8871e59c11
|
pki tool --issue/--verify operations require a CA with CA basicConstraint
|
2009-09-08 10:44:08 +02:00 |
Martin Willi
|
e4a4589606
|
pki tool can set CA basicConstraint on --self/--issued certificates
|
2009-09-08 10:39:04 +02:00 |
Martin Willi
|
58f34613e0
|
pki tool can issue certificates
|
2009-09-07 16:04:30 +02:00 |
Martin Willi
|
7daf5226b7
|
removed trailing spaces ([[:space:]]+$)
|
2009-09-04 13:46:09 +02:00 |
Martin Willi
|
8fb4edc4ff
|
handle plugin loading failures
|
2009-09-01 16:20:45 +02:00 |
Andreas Steffen
|
be04eef270
|
allow choice of digest algorithm in certificate generation
|
2009-08-28 09:08:03 +02:00 |
Andreas Steffen
|
050649ac41
|
cosmetics
|
2009-08-27 15:35:56 +02:00 |
Martin Willi
|
cec37b643a
|
fixed return value
|
2009-08-27 15:28:45 +02:00 |
Martin Willi
|
9436b31c94
|
PKI tool supports certificate verification
|
2009-08-27 14:43:40 +02:00 |
Martin Willi
|
5e97fa9900
|
PKI tool supports generation of self-signed certificates
|
2009-08-27 13:59:30 +02:00 |
Martin Willi
|
d5dd43e777
|
implemented fingerprinting support for PKI tool
|
2009-08-27 10:41:07 +02:00 |
Andreas Steffen
|
289ce4ade6
|
use --outform consistantly
|
2009-08-26 18:55:18 +02:00 |
Andreas Steffen
|
2f1f17f137
|
the option has been changed to --outform
|
2009-08-26 18:41:19 +02:00 |
Martin Willi
|
083142c4a0
|
encoding public EC keys is not really possible without subjectPublicKeyInfo
|
2009-08-26 16:15:38 +02:00 |
Martin Willi
|
d4df33f255
|
pki tool supports public key extraction from private key, certificates
|
2009-08-26 13:05:17 +02:00 |
Martin Willi
|
7c577c8ea2
|
started implementation of a PKI tool, currently supporting RSA|ECDSA key generation
|
2009-08-26 11:23:55 +02:00 |