Martin Willi
|
6e862e2152
|
Added PKCS#11 token plugin stub
|
2010-08-04 09:26:18 +02:00 |
Andreas Steffen
|
f8bb082f1f
|
added ikev2/rw-eap-tls-only scenario
|
2010-08-04 08:36:27 +02:00 |
Andreas Steffen
|
9dffc26b73
|
--enable eap-tls and --disable-load-warning in uml build
|
2010-08-04 07:48:19 +02:00 |
Tobias Brunner
|
f8029ca3f9
|
test_cert adapted to extended signature of get_encoding().
|
2010-08-03 19:00:56 +02:00 |
Tobias Brunner
|
56bceda7b5
|
Fixed compiler warnings.
|
2010-08-03 19:00:46 +02:00 |
Martin Willi
|
0f82a47063
|
Moved TLS stack to its own library
|
2010-08-03 15:39:26 +02:00 |
Martin Willi
|
0b71bc7af0
|
Moved eap-tls plugin to libcharon, updated to 4.4.1 APIs
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
400df4ca7c
|
Implemented EAP-TLS server functionality
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
97abf95412
|
TLS stack keeps a copy of server/peer identities
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
c8a2fca58c
|
Limit the number of EAP-TLS packets allowed
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
8fef06a683
|
Use stricter state handling while processing TLS messages
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
dc9f34be4d
|
Cleaned up the public TLS interface
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
84d67ead4e
|
Refactored common used operations into TLS crypto helper
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
3e7e777941
|
Properly send empty EAP-TLS messages
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
51313a39d1
|
Derive MSK for EAP-TLS authentication
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
110364b042
|
Verify Server Finished message
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
f139b5786f
|
Implemented input record decryption and verification
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
84543e6efa
|
Implemented key derivation, output record signing and encryption
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
18010de23d
|
Derive master secret, create Finished message
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
149b7e6d01
|
Implemented the TLS specific PRF in its TLSv1.0 and TLSv1.2 variants
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
3ddd164e5e
|
Implemented sending of Certificate, ClientKeyExchange, CertificateVerify and ChangeCipherSpec as peer
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
3a1640dea1
|
Implemented a tls_writer class to simplify TLS data generation
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
4ef946dd64
|
Implemented a tls_reader class to simplify TLS data parsing
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
3e962b0843
|
Process ServerHello(Done), Certificate(Request) messages
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
698674c7f3
|
Send a ClientHello to start TLS negotiation
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
536dbc00b9
|
Added TLS crypto helper, currently supports cipher suite selection
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
9dc73cd21c
|
Added support for AUTH_HMAC_SHA2_256_256, used in TLS
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
4c0c2283a5
|
Added stubs for handshake handling, server and peer variants
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
4c0124a0a2
|
Accept follow-up fragments with a TLS message length
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
40e384ea01
|
Added dummy/identity implementations of the different TLS record layers
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
dcbbeb2d09
|
Pass TLS records to newly introduced TLS stack
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
f7f63c52e1
|
Added some TLS constants
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
b173819e5d
|
(De-)fragment EAP-TLS packets, pass TLS records to upper layer
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
2107953804
|
Added EAP-TLS plugin stub
|
2010-08-03 15:39:24 +02:00 |
Thomas Egerer
|
86a73f16ab
|
Do not touch child from collision if peer deleted it
|
2010-08-03 10:32:38 +02:00 |
Waldemar Brodkorb
|
45e962edef
|
substitute obsolete function calls(bzero/index)
|
2010-08-01 21:20:15 +02:00 |
Andreas Steffen
|
50fb724ddd
|
delete tarball files
|
2010-07-30 22:27:41 +02:00 |
Andreas Steffen
|
b599b80013
|
version bump to 4.4.2
|
2010-07-30 22:26:14 +02:00 |
Martin Willi
|
63163cc340
|
The va_list trick does not seem to be portable, revert dots-in-section fix
This reverts commit 8f50d06c35 .
|
2010-07-30 10:57:59 +02:00 |
Thomas Egerer
|
5d2e159b41
|
Fix segfault on 'ipsec stroke up ]' command
|
2010-07-29 14:03:11 +02:00 |
Martin Willi
|
8f50d06c35
|
Fixed settings lookup if the section/key contains dots
|
2010-07-29 12:14:32 +02:00 |
Martin Willi
|
c5c921bfa3
|
Added NEWS for snprintf() fixes
|
2010-07-28 11:06:49 +02:00 |
Martin Willi
|
b8aeaea80c
|
Fix use of snprintf() in pluto subjectAltName enumeration
|
2010-07-28 10:54:48 +02:00 |
Martin Willi
|
c118559afe
|
Fix use of snprintf() in IETF attributes to string conversion
|
2010-07-28 10:54:48 +02:00 |
Martin Willi
|
018543f3a8
|
Fix use of snprintf() in identification DN to ASCII conversion
|
2010-07-28 10:54:47 +02:00 |
Martin Willi
|
c8bd06c7cf
|
More NEWS for HA functionality
|
2010-07-28 10:49:58 +02:00 |
Martin Willi
|
98d0343870
|
Implemented a HA enabled in-memory address pool
|
2010-07-28 10:06:19 +02:00 |
Martin Willi
|
7455ab063f
|
Added a function to segmentate a generic integer
|
2010-07-28 10:06:19 +02:00 |
Andreas Steffen
|
ff7b0dd289
|
added NETMAP rules for the reverse direction
|
2010-07-27 21:16:44 +02:00 |
Andreas Steffen
|
c100dd6b5f
|
fixed description of ikev2/net2net-same-nets scenario
|
2010-07-27 20:50:28 +02:00 |