6f00ddb90c
keychain: support on-the-fly enumeration of trusted/untrusted certificates
2013-07-18 12:17:54 +02:00
7b8edabd8a
keychain: add a stub for a credential plugin using OS X Keychain Services
2013-07-18 12:17:54 +02:00
c3e7b3de0b
openssl: parse X.509 extended key usage from extension parsing loop
...
Otherwise parsing gets aborted if unknown critical extensions are handled as
error.
2013-07-18 12:17:53 +02:00
3f55f203ee
openssl: show which critical X.509 extension is not supported
2013-07-18 12:17:53 +02:00
e0b868f79e
pkcs12: Add plugin dependencies with soft dependencies on the most common algorithms
2013-07-15 10:48:19 +02:00
126778679f
Recognize critical IssuingDistributionPoint CRL extension
2013-07-12 09:00:47 +02:00
d27f225d9a
Use strpfx() helper where appropriate
2013-07-08 18:49:30 +02:00
324b90cc46
openssl: RAND_pseudo_bytes() returns 0 if bytes are not cryptographically strong
...
For our purposes with RNG_WEAK this is fine, so accept a zero return value.
2013-07-04 11:09:54 +02:00
b18a531715
plugin-loader: Removed unused path argument of load() method
...
Multiple additional search paths can be added with the add_path()
method.
2013-06-28 10:44:15 +02:00
f2086e42ff
plugin-loader: Method added to provide additional search paths for plugins
2013-06-27 10:27:24 +02:00
0d25c4ef87
plugin-loader: Move logging of failed features to status()
...
Still log an error message if critical features fail, as loaded
plugins/features are not logged in that case.
This way loaded plugins are printed before failed features and
the relation is easier to make for users. It also allows programs
to log this message on a different level.
2013-06-21 15:22:46 +02:00
607f8e9906
plugin-loader: Add method to print loaded plugins on a given log level
2013-06-21 15:17:53 +02:00
34ee14dd28
plugin-loader: Collect statistics while loading features, print them in case features failed to load
...
There is no need to explicitly search for failed features in critical
plugins as this is now detected while loading the features.
2013-06-21 15:13:25 +02:00
681e53c70c
plugin-loader: Use different log level if failed feature is in critical plugin
2013-06-21 15:13:25 +02:00
13d2d8f634
plugin-loader: Log message when failing to load plugin
2013-06-21 15:13:25 +02:00
51b9d7513d
plugin-loader: Reduce verbosity while loading plugins
2013-06-21 15:13:25 +02:00
2bedb0f270
Move test-runners has_feature() function to plugin loader
2013-06-21 10:53:22 +02:00
c0d0391a51
pubkey: Improve comparison of raw public key certificate objects
2013-06-21 10:02:25 +02:00
fe20f752f1
curl: add an option to fetch bound to a local source address
2013-06-11 15:54:26 +02:00
49d7a98f47
Refactored plugin-loader with improved dependency resolution
...
With the new implementation the plugins don't have to be listed in any
special order, dependencies are properly resolved. The order only
matters if two plugins provide the same feature.
2013-06-11 11:18:19 +02:00
da04914933
test-vectors: Use plugin features
2013-06-11 11:18:18 +02:00
17f00db6d6
revocation: Use plugin features with soft dependencies on fetcher and en-/decoding
2013-06-11 11:18:18 +02:00
25da1943b3
padlock: Use plugin features to properly register algorithms
2013-06-11 11:18:18 +02:00
7756c0383e
pkcs11: Use plugin_features_add() in get_features()
2013-06-11 11:18:18 +02:00
886a40d75e
plugin-feature: Added helper function to extend arrays of plugin features
2013-06-11 11:18:18 +02:00
c172a92bfb
constraints: Use plugin features with soft dependency on X.509 decoding
2013-06-11 11:18:18 +02:00
e3bdf03af4
blowfish: Use plugin features to properly register crypter
2013-06-11 11:18:18 +02:00
d895721489
unbound: Use plugin features and provide RESOLVER
2013-06-11 11:18:18 +02:00
f5bd1a5e09
plugin-feature: Add feature for DNSSEC-enabled resolvers
2013-06-11 11:18:18 +02:00
8a6cc1e35f
plugin-feature: Function added to exactly compare plugin features
2013-06-11 11:18:17 +02:00
5e4b1ad20a
openssl: add support for IP addr blocks in X.509 certificates
2013-05-24 15:09:47 +02:00
2e9201f4ef
af-alg: fix number of signers after adding untruncated HMAC-SHA-512 ( 1f2a34d6)
2013-05-15 17:20:36 +02:00
bd538e8c4a
openssl: Only warn about unavailable FIPS mode if the user requested it
2013-05-08 15:23:14 +02:00
904390e887
openssl: Cleanup thread specific error buffer
2013-05-08 15:02:40 +02:00
3ee2af97bf
openssl: Don't use deprecated CRYPTO_set_id_callback() with OpenSSL >= 1.0.0
2013-05-08 15:02:40 +02:00
780900ab0e
openssl: Add PKCS#12 parsing via OpenSSL
2013-05-08 15:02:40 +02:00
651d5ab8e7
openssl: Properly cleanup OpenSSL library
2013-05-08 15:02:40 +02:00
3bd498284e
PEM plugin loads PKCS#12 containers from (DER-encoded) files
...
It is not actually able to handle PEM encoded PKCS#12 files produced
by OpenSSL.
2013-05-08 15:02:40 +02:00
abc04e6b3f
Remove pluto specific certificate types
2013-05-08 15:02:40 +02:00
1f2a34d6d8
Add support for untruncated HMAC-SHA-512
2013-05-08 15:02:39 +02:00
feef637368
Add pkcs12 plugin which adds support for decoding PKCS#12 containers
2013-05-08 15:02:39 +02:00
0d0929fa0c
Register PKCS#8 builder for KEY_ANY
2013-05-08 15:02:39 +02:00
8e48e0009a
Add support for PKCS#7/CMS encrypted-data
2013-05-08 15:02:39 +02:00
cb38e2f30a
Add test vectors for RC2
2013-05-08 15:02:38 +02:00
9d4fc8677f
Add implementation of the RC2 block cipher (RFC 2268)
2013-05-08 15:02:34 +02:00
4076e3ee91
Extract PKCS#5 handling from pkcs8 plugin to separate helper class
2013-05-08 14:53:08 +02:00
e07e489d5f
agent: Use sshkey plugin to parse keys, adds support for ECDSA
2013-05-07 17:08:31 +02:00
dd9e366814
sshkey: Add support for ECDSA keys
2013-05-07 17:08:31 +02:00
cc4408abcb
sshkey: Added builder for SSHKEY RSA keys
2013-05-07 15:38:28 +02:00
584d656b77
Add sshkey plugin stub that will parse RFC 4253 public keys
2013-05-07 14:08:51 +02:00
Martin Willi