45156cc791
check self-signedness of certificate at creation time
2007-05-17 17:18:38 +00:00
6162a2442d
list crlnumber
2007-04-27 22:27:22 +00:00
cb5485318f
initialize isCA to FALSE
2007-04-20 14:36:55 +00:00
b073ad64b8
isOcspSigner was not initialized
2007-04-20 12:38:35 +00:00
4841189b72
implementation of strictcrlpolicy=ifuri
2007-04-20 11:12:08 +00:00
be6258485c
fixed destroy() bug
2007-04-14 17:34:41 +00:00
6598f99af0
exported parse_generalNames()
2007-04-14 17:34:18 +00:00
4390abeb94
added trailing newline to list()
2007-04-12 20:16:14 +00:00
734dc32edd
started to parse attribute certificates
2007-04-12 19:39:11 +00:00
3e21837582
cosmetics
2007-04-12 19:33:13 +00:00
56352fca2f
replace cert by this in parse_certificate()
2007-04-12 18:57:33 +00:00
f5ce017b0d
parse_authorityKeyIdentifier() is made available externally
2007-04-12 18:56:46 +00:00
34ee184a2d
external functions are defined in asn1.h and x509.h now
2007-04-12 18:55:44 +00:00
f880eb2dca
started support of X.509 attribute certificates
2007-04-12 17:49:33 +00:00
f865d34b35
fixed output of list_certinfos()
2007-04-12 16:36:12 +00:00
6a132a53e5
corrected copyright statement
2007-04-12 16:21:02 +00:00
a1b2d82db0
removed %Q, %Y, %W, %U printf handlers
2007-04-12 09:44:26 +00:00
babdde4fa4
cosmetics in debug output
2007-04-06 10:35:13 +00:00
241d2ff3bc
support of ldap-based crl fetching
2007-04-06 09:44:06 +00:00
8883eef7b8
support cachecrls=yes
2007-04-05 17:07:14 +00:00
e58afb1a0a
support of crlcheckinterval=0 to disable IKEv2 CRL fetching
2007-04-04 07:49:05 +00:00
3d62a7d225
fixed crl fetching bug
2007-04-03 22:02:17 +00:00
a8f02ad5f5
implemented dynamic http-based CRL fetching
2007-04-03 21:09:11 +00:00
2bfadf7f3b
implemented ipsec purgeocsp
2007-03-28 20:43:11 +00:00
7a89380eca
replaced expired since %V by expired %V ago
2007-03-28 05:36:27 +00:00
1bf8530507
implemented ipsec listocsp function
2007-03-27 04:40:25 +00:00
448d8789d5
fixed case of missing subjectKeyID
2007-03-14 21:06:57 +00:00
889feb978b
corrected typo
2007-03-14 19:33:34 +00:00
aa407a6b28
log reception of trusted signer certificate
2007-03-14 15:11:58 +00:00
05d1685372
fixed carry bug in FIPS prf
2007-03-14 14:54:23 +00:00
96567fc8a2
fixed compilation warnings and errors when not using curl
2007-03-13 14:52:18 +00:00
db0f828413
results from the single responses is stored in the corresponding certinfo_t structs
2007-03-12 13:42:31 +00:00
d45d2f1e21
fixed a memory leak in response_t
2007-03-09 14:44:34 +00:00
1bcb84605f
ocsp signer certificate and ocsp response signature can be verified
2007-03-08 23:29:04 +00:00
33d108de22
generalized get_ca_certificate() to get_auth_certificate(auth_flags)
2007-03-08 18:56:43 +00:00
8d0cd21a01
support of setting and getting authority flags
2007-03-08 16:48:16 +00:00
95f6a18fc7
added ocsp_parse_single_response
2007-03-08 00:35:20 +00:00
3243e90188
experimental SHA2 HMAC and PRF implementations
2007-03-08 00:14:17 +00:00
40695383ae
parsing basic ocsp response
2007-03-08 00:13:15 +00:00
08d42d3994
forgot to assign public.is_ocsp_signer() method
2007-03-07 23:31:03 +00:00
8dfb0a31b5
added parsing level to x509_create_from_chunk() and added is_ocsp_signer() method
2007-03-07 22:57:50 +00:00
78703918aa
http post fetching using libcurl implemented
2007-03-07 19:28:03 +00:00
62a8ee10c3
corrected comment
2007-03-07 14:11:02 +00:00
dd82ca4dcc
start ocsp checking only if there are any ocspuris present
2007-03-07 13:22:07 +00:00
817fecddc9
nonce in ocsp_t was not properly initialized
2007-03-07 04:22:21 +00:00
7687c463da
ocsp request is now fully built but without requestor signature
2007-03-07 03:39:40 +00:00
45fe480e87
starting to build ocsp request
2007-03-06 23:05:44 +00:00
ce7fdaca71
iterate certinfos linked list for matching serialNumber
2007-03-05 22:08:48 +00:00
e5b0570a02
refactored ca_info_t
2007-03-03 21:07:23 +00:00
eb8aaa6747
added
2007-02-28 20:30:44 +00:00
a7a5e834e3
fixed big endian bug in md5 hasher
2007-02-28 07:20:16 +00:00
2ddcc33e16
added once flag to certinfo_t
2007-02-27 21:23:51 +00:00
87dabcbd1e
added certinfos linked list
2007-02-27 21:21:54 +00:00
9c6032510f
added support of OCSP accessLocations
2007-02-25 08:15:46 +00:00
508d22b2f9
correct interface definition
2007-02-25 08:15:38 +00:00
db56de5bf7
full support of ca info records
2007-02-24 23:21:57 +00:00
e3c0ece8c8
added the create_crluri_iterator method
2007-02-24 23:21:45 +00:00
87f0656c39
listing ca_info items
2007-02-24 00:34:44 +00:00
7d203c3b75
replace printf.h by stdio.h
2007-02-24 00:34:17 +00:00
0cdec3baa5
addin get_keyid() method
2007-02-24 00:33:48 +00:00
2ef41cdad9
support of ca info records
2007-02-23 15:14:59 +00:00
f27f6296e6
merged EAP framework from branch into trunk
...
includes a lot of other modifications
2007-02-12 15:56:47 +00:00
7006a51efc
removed my time_t printf handler patch, applied the one of andreas (64bit save)
2007-02-08 15:22:21 +00:00
61c0e0f220
fixed printf() hooks for time
2007-02-08 14:31:59 +00:00
2f5914a343
fixed 64 bit issue with print time
2007-01-20 15:13:05 +00:00
db7ef62494
better split up of library files "types.h" & "definitions.h"
...
centralized all printf specifier character definitions
reuse of arginfo handlers
more cleanups
fixed more AMD64 issues
added DEBUG_LEVEL compile flag to exclude DBGn() statements
2006-10-31 12:27:59 +00:00
382b481795
moved typedefs to beginning of files to solve some include problems
...
splitted authenticator to have a separate implementation for each auth_method_t
using va_copy to clone va_lists, should fix proplems on AMD64
some other cleanups
2006-10-30 14:07:05 +00:00
ede816a786
cosmetics
2006-10-28 13:14:42 +00:00
beb67fd9d5
redesigned format of print function
2006-10-25 08:35:38 +00:00
fea60bb577
replaced 'times' by 'dates'
2006-10-25 08:32:32 +00:00
d489707eab
added private flag to asn1_init
2006-10-25 08:31:15 +00:00
191a26a6a7
removed deprecated iterator methods (has_next & current)
...
added iterator hook to manipulate iterator the clean way
2006-10-24 14:20:45 +00:00
55bbff11ec
linked list cleanups
...
added list methods invoke(), destroy_offset(), destroy_function()
simplified list destruction when destroying its items
2006-10-24 08:46:17 +00:00
60356f3375
introduced new logging subsystem using bus:
...
passive listeners can register on the bus
active listeners wait for signals actively
multiplexing allows multiple listeners to receive debug signals
a lot more...
2006-10-18 11:46:13 +00:00
151168f6ea
2006-09-27 14:15:49 +00:00
37d882e732
defined maximum hash size
2006-09-25 06:15:57 +00:00
2fcc4168f8
fixed some compiler warnings
2006-09-21 09:17:13 +00:00
995d8116e1
public declaration of all HASH_SIZEs in hasher.h
2006-09-20 06:45:19 +00:00
490d267ac3
support of encrypted private key files
2006-09-20 05:48:54 +00:00
b5cac6684d
added copyright notice to sha2_hasher
...
included SHA2 in build process
2006-09-19 14:54:01 +00:00
e698dc4559
implemented sha2_hasher which supports SHA-256, SHA-384 and SHA-512
2006-09-19 14:49:47 +00:00
462129d332
added support for 3DES encryption algorithm in IKE
2006-09-19 11:18:35 +00:00
a2cf2812c4
some cleanups here and there
2006-09-18 11:37:40 +00:00
b267ed00d1
verify_emsa_pkcs1_signature returns status_t
2006-09-18 07:44:16 +00:00
2e7b7faf0c
cosmetics
2006-09-18 07:43:44 +00:00
8a95c322c5
fixed certificate verification bug!
2006-09-14 12:22:08 +00:00
c0593835f4
reuse an existing IKE_SA to set up additional CHILD_SAs
2006-07-20 14:57:49 +00:00
269f7f448b
leak detective blanks memory on free & alloc, allows further membug detection
2006-07-12 11:15:31 +00:00
af2faa1f1d
reenabled check_expiry
2006-07-07 12:25:25 +00:00
c71d53ba4e
updated copyright information
2006-07-07 08:49:06 +00:00
b12af2ead6
fixed compiler warnings
2006-07-05 10:09:42 +00:00
971218c3ae
support of cert payloads
2006-07-03 06:27:45 +00:00
6f74bfd6ac
added X.509 trust chain verification
2006-06-27 08:48:28 +00:00
76dafed7a7
implemented rereadcrls rereadcacerts
2006-06-20 06:08:33 +00:00
c345ff0b1e
added crl support
2006-06-16 05:51:36 +00:00
63b86f5641
cosmetics
2006-06-16 05:51:16 +00:00
147fe5095d
fixed aes code, we support now aes128, aes192, aes256 in IKE
2006-06-15 13:14:09 +00:00
b3b4c0e44b
corrected some descriptions
2006-06-13 11:33:13 +00:00
3c846c630a
moved RSA key size constraints to definitions.h
2006-06-13 11:32:12 +00:00
a2a3fb3e25
workaround for peers rekeying at the same time
...
loading lifetime policies from ipsec.conf
2006-06-12 07:33:20 +00:00
a612f2dd00
added public methods is_ca() and is_valid()
2006-06-09 05:47:00 +00:00
f5a4518a74
computation of SHA-1 hash over publicKeyInfo object
2006-05-30 07:47:19 +00:00
cdffecf3ba
added has_key parameter to log_certificates()
2006-05-30 07:43:39 +00:00
c164f8c4a7
log_certificates() now shows keyid and availability of matching private key
2006-05-30 07:42:52 +00:00
353c7b57c8
reworked parsing and matching of subjectAltNames
2006-05-29 07:06:02 +00:00
a8a1fa1c03
corrected type
2006-05-29 06:58:55 +00:00
418c859231
moved definition of generalNames_t to identification.h; initialized subjectKeyID, authKeyID and authKeySerialNumber
2006-05-23 08:14:24 +00:00
86a7937b45
- applied patch from andreas, which allows certificate listing via stroke
2006-05-19 06:44:08 +00:00
3e61d63a3a
- added ipsec.conf template and man page back
...
- removed old Makefiles
- added new strongswan KDevelop project & startup hack
2006-05-18 14:21:58 +00:00
9cf5f29027
2006-05-10 13:16:27 +00:00
95806de938
2006-05-10 07:58:29 +00:00
Andreas Steffen