685232670a
added uptime statistics to statusall
2008-03-26 16:13:14 +00:00
7b88a983d8
caching of ocsp responses (experimental), no crl caching yet
2008-03-26 15:21:50 +00:00
391abda082
fixed compile error if --enable-p2p is set
2008-03-26 14:45:24 +00:00
5298777ad8
treat sig_alg and algorithm comparison in a consistent way over all certificate types
2008-03-26 13:10:36 +00:00
e37f7715bf
fixed rightca= constraint checking
...
implemented rightca= for intermediate CAs we do not have the certificate at config load
2008-03-26 12:23:46 +00:00
2d84da89b9
fixed auth_info_t.equals()
2008-03-26 10:58:19 +00:00
0b14fdb92b
splitted stroke plugin to several files:
...
socket: reads messages from socket, dispatching
config: process add/del conn, serves configs through backend_t
control: controlling of the daemon (up/down/route/...(
cred: credential loading, serves creds through credential_set_t
ca: ca sections from ipsec.conf, serves cdp's through credential_set_t
list: log status information to stroke console (status/statusall/list*)
shared_key: shared key implementation for keys read from ipsec.secrets
plugin: registers stroke plugin and starts socket w/ thread
2008-03-26 10:10:40 +00:00
3c7e72f5b0
added equals() method to peer_cfg, ike_cfg, proposals, auth_info
...
allows easier merging of ipsec.conf connections
replaced some iterators through enumerators
made proposals algorithm_t private using enumerator
2008-03-26 10:06:45 +00:00
a852928a6f
fixed compiler warnings
2008-03-26 09:29:30 +00:00
26930a8c3e
certificate factory can load certs from file
2008-03-25 22:28:27 +00:00
ff98c85b57
added component BUILD_FROM_FILE
2008-03-25 13:26:33 +00:00
13bec89740
renamed certificate field in x509_cert.c to encoding
2008-03-25 12:22:12 +00:00
84a5c6a679
added ac.c
2008-03-25 10:13:57 +00:00
3e6ee16478
defined *_create_from_file() constructors in libstrongswan/credentials/certificates
2008-03-25 10:12:45 +00:00
63cb8a7fee
fixed refence counts before calling attribute certificate factory
2008-03-25 09:39:23 +00:00
9bb8d23e17
corrected some doxygen entries
2008-03-22 08:15:18 +00:00
855606efd4
optimized self-signed certificate detection
2008-03-21 20:37:08 +00:00
36617c1ad5
shortened debug output
2008-03-21 20:36:19 +00:00
02fd225ea5
detect trusted self-signed before trust chain verification
2008-03-21 19:10:55 +00:00
ffce5db1b7
self-signed certificates were not marked by x509_cert.c
2008-03-21 19:07:12 +00:00
c081a9bfe6
added ietf group attribute support to attibute certificate factory
2008-03-21 16:59:21 +00:00
93da2684b6
fixed memory allocation problem in openac
2008-03-21 15:58:48 +00:00
104c96a63c
added BUILD_SERIAL component and fixed several ac bugs
2008-03-21 12:44:15 +00:00
a2083c30d5
added VALIDATION_UNKNOWN to cert_validation_names
2008-03-21 11:54:12 +00:00
6ac3a7acbb
added credential factory support for BULD_NOT_BEFORE_TIME and BUILD_NOT_AFTER_TIME
2008-03-21 11:32:33 +00:00
b6377673e7
added x509_ac_builder plugin
2008-03-21 10:52:11 +00:00
3d48f3301a
initialize library in openac
2008-03-21 10:42:05 +00:00
754c1c0ef7
suppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from Astaro.
2008-03-21 09:34:40 +00:00
112482d3f4
optimized debug output of credential_manager.c
2008-03-21 09:28:25 +00:00
dd7924f033
removed build.h include
2008-03-20 15:25:02 +00:00
bdec2e4f52
refactored openac and its attribute certificate factory
2008-03-20 15:23:52 +00:00
25c9637222
modified debug text
2008-03-20 15:22:26 +00:00
dfd5cdcb88
cert_cache_t caches subject-issuer relations and subject certificates
...
ocsp/crl do not benefit yet due missing lookup function
2008-03-20 14:31:36 +00:00
fe8f7626d1
fallback to random end entity certificate if trustchain building fails
2008-03-20 13:14:55 +00:00
629e55434a
2008-03-20 11:38:51 +00:00
a86e3ab37a
some C libraries need _GNU_SOURCE for rwlocks
2008-03-20 11:27:55 +00:00
36524c4844
added support for certificate requests for not yet known CAs
2008-03-20 10:09:56 +00:00
2b522ab450
added $
2008-03-20 09:30:07 +00:00
9be0dc922e
fixed verification of preinstalled certificates
2008-03-20 09:30:02 +00:00
384ebaa57a
included utils/linked_list.h
2008-03-20 09:28:58 +00:00
44ab7c85d7
more trustchain verification improvements
...
should fix crl-revoked and two-certs scenarios
2008-03-20 09:27:57 +00:00
1a9ad33e3b
cleaned up includes
2008-03-20 09:24:22 +00:00
ca7663ece6
CA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flag
2008-03-20 07:21:44 +00:00
48acfe98ae
refactored trustchain verification, this should fix #33
...
moved auth_info/ocsp_response credset wrapper to separate files
2008-03-19 17:54:54 +00:00
84d8ff64cd
increased debug level in trust chain verification for auditing purposes
2008-03-19 17:04:09 +00:00
de7062a280
removed unimplemented private/public key function declarations
2008-03-19 14:21:56 +00:00
cfede7f6e2
The introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
...
as it requires to XOR the key into the hashers state.
A new SHA1 based keyed hash function, implemented as PRF, enables EAP-AKA
and the FIPS-PRF function to properly use the existing SHA1 implementation.
2008-03-19 14:02:52 +00:00
c912c3d382
log nextUpdate of crls and ocsp responses
2008-03-19 13:11:29 +00:00
2590faa330
fixed stupid bug in fetch_ocsp()
2008-03-19 12:36:15 +00:00
ae8715f956
attempt to achieve consistent debugging output
2008-03-19 12:06:38 +00:00
Martin Willi