Tobias Brunner
6d599fb964
Removed remaining pluto related configure options.
2012-06-13 11:33:32 +02:00
Tobias Brunner
25fb9d3f4a
starter: Print additional help texts for selected deprecated keywords.
2012-06-12 16:15:03 +02:00
Tobias Brunner
9707d9db79
starter: Improved how deprecated keywords are handled.
...
We only throw a warning now instead of rejecting the config.
2012-06-12 16:15:03 +02:00
Tobias Brunner
5c7a219804
Revert "starter: Don't treat unsupported keywords as fatal errors just report them."
...
This reverts commit e55876a657
.
2012-06-12 16:15:03 +02:00
Martin Willi
5a6e5e0d2d
NEWS about specifying trustchain HASH algorithm requirements
2012-06-12 15:01:39 +02:00
Martin Willi
7c4214bd38
Add documentation for signature hash algorithm enforcing to man ipsec.conf
2012-06-12 15:01:39 +02:00
Martin Willi
e35bbb9740
Added signature scheme options left/rightauth
2012-06-12 15:01:39 +02:00
Martin Willi
918e92c4c9
Support multiple different public key strength types in constraints
2012-06-12 14:24:49 +02:00
Martin Willi
fd4ff11858
Add signature schemes to auth_cfg during trustchain validation
2012-06-12 14:24:49 +02:00
Martin Willi
a37f2d2006
certificate_t->issued_by takes an argument to receive signature scheme
2012-06-12 14:24:49 +02:00
Martin Willi
439d0742e9
Define auth_cfg rules for signature schemes
2012-06-12 14:24:49 +02:00
Tobias Brunner
e7c01bed49
starter: Fixed parsing of left|right=%any.
2012-06-12 10:16:51 +02:00
Andreas Steffen
4745fce666
deleted IKEv1 charon-pluto interoperability scenarios
2012-06-12 10:00:21 +02:00
Tobias Brunner
4d21846912
starter: Fix comparison of connections.
2012-06-11 17:33:32 +02:00
Tobias Brunner
3e2ff81e5d
starter: Removed all unsupported keywords.
2012-06-11 17:33:32 +02:00
Tobias Brunner
e55876a657
starter: Don't treat unsupported keywords as fatal errors just report them.
2012-06-11 17:33:32 +02:00
Tobias Brunner
fff4b74db2
Bye bye Pluto!
...
Charon will take over IKEv1 duties from here. This also removes
libfreeswan and whack.
2012-06-11 17:33:32 +02:00
Tobias Brunner
4a54860986
_copyright: Replicate copyright text here instead of calling libfreeswan.
2012-06-11 17:33:32 +02:00
Tobias Brunner
ee3026a1e2
starter: Remove all ties to pluto/libfreeswan.
...
Moved some types/constants in the process.
2012-06-11 17:33:32 +02:00
Tobias Brunner
5b09310e67
starter: Use custom type for SA specific options (flags).
2012-06-11 17:33:31 +02:00
Tobias Brunner
29906e0eab
starter: Parse left|rightprotoport directly in confread.c.
2012-06-11 17:33:31 +02:00
Tobias Brunner
eca839b0a7
starter: No special handling for left|rightsubnet, just pass it on as string.
2012-06-11 17:33:31 +02:00
Tobias Brunner
6ce841b213
starter: Use host_t to parse left|rightsourceip.
...
Also for the yet unused natip option.
2012-06-11 17:33:31 +02:00
Tobias Brunner
0ac29be793
starter: Remove left|rightsubnetwithin option (charon narrows left|rightsubnet down accordingly).
2012-06-11 17:33:31 +02:00
Tobias Brunner
8dd094e185
starter: Don't resolve any addresses in starter.
...
Also removed remains of some unknown iface option.
2012-06-11 17:33:31 +02:00
Tobias Brunner
efc69e9f38
starter: Removed pfs and pfsgroup options (handled via esp option).
2012-06-11 17:33:31 +02:00
Tobias Brunner
6d065f14ae
starter: Store mode of the IPsec SA/policy in a separate member.
2012-06-11 17:33:30 +02:00
Tobias Brunner
f82365ad27
starter: Use custom type to mark seen keywords.
2012-06-11 17:33:30 +02:00
Tobias Brunner
57323f6259
starter: Remove left|rightnexthop option.
...
Charon does this lookup dynamically.
2012-06-11 17:33:30 +02:00
Tobias Brunner
753ca22f9c
Implement strdupnull() macro as static inline function.
...
This avoids compiler warnings if the argument is a const char*.
2012-06-11 17:33:30 +02:00
Tobias Brunner
7cce0e96f2
starter: Replaced all usages of clone_str() with strdupnull().
2012-06-11 17:33:30 +02:00
Tobias Brunner
e838c39ba9
starter: Parse authby as string.
2012-06-11 17:33:30 +02:00
Tobias Brunner
041e763b77
starter: Remove main parts of pluto support (invoke, whack).
2012-06-11 17:33:30 +02:00
Tobias Brunner
95e41fb80a
starter: Drop support for %defaultroute.
2012-06-11 17:33:29 +02:00
Tobias Brunner
163b227386
starter: Migrated logging to libstrongswan.
2012-06-11 17:33:29 +02:00
Tobias Brunner
bcfb6b8efc
starter: Remove unneeded starter_exec function.
2012-06-11 17:33:29 +02:00
Tobias Brunner
d7c3fd5421
scepclient: Option added to read PKCS#10 certificate request from a file.
2012-06-11 17:33:29 +02:00
Tobias Brunner
cea9bf563a
scepclient: Option added to read self-signed certificate from a file.
2012-06-11 17:33:29 +02:00
Tobias Brunner
3a7c6b39b5
scepclient: Generate uppercase transaction ID.
2012-06-11 17:33:29 +02:00
Tobias Brunner
f79b665243
scepclient: Use HTTP 1.0 for all requests.
2012-06-11 17:33:28 +02:00
Tobias Brunner
1d81b1ab18
scepclient: Options added to specify digest/signature algorithms.
...
Also changed the defaults to DES/MD5 as that's what should be used
if GetCACaps is not used to learn the issuers capabilities.
2012-06-11 17:33:28 +02:00
Tobias Brunner
cc55783f36
Added function to convert integrity algorithms to hash algorithms (if based on one).
2012-06-11 17:33:28 +02:00
Tobias Brunner
82e526ce81
Properly encode 0 in ASN.1.
...
According to X.690 an INTEGER object always has at least one content
octet.
2012-06-11 17:09:20 +02:00
Tobias Brunner
e8120632ae
Don't use chunk_skip() in asn1_length().
...
chunk_skip() returns chunk_empty if the length of the chunk is equal to
the number of bytes to skip, this is problematic as asn1_length() modifies
the original chunk. asn1_parser_t for instance uses the modified chunk to
later calculate the length of the resulting ASN.1 object which produces
incorrect results if it is based on chunk_empty.
2012-06-11 17:09:20 +02:00
Tobias Brunner
6e6d78a561
Changed memory management and call logic in PKCS#7 parser/generator.
2012-06-11 17:09:20 +02:00
Tobias Brunner
2bf125f0ed
Changed memory management and attribute handling in PKCS#9 wrapper.
2012-06-11 17:09:20 +02:00
Tobias Brunner
f912fedc9b
scepclient: Also number CA certificates in case there is more than one.
...
Also, only number them if there are multiple certificates.
2012-06-11 17:09:19 +02:00
Tobias Brunner
04ff78aa33
scepclient: Store received RA certificates, using CA cert name as base.
2012-06-11 17:09:19 +02:00
Tobias Brunner
c6a2aa49b4
scepclient: Use pkcs7_t and pkcs9_t, remove all dependencies to pluto/libfreeswan.
2012-06-11 17:09:19 +02:00
Tobias Brunner
ea92d4f305
Added get_attributes() method to pkcs7_t.
2012-06-11 17:09:19 +02:00