Martin Willi
|
44e513a320
|
Added support for trustchain key strength checking to rightauth option
|
2011-01-07 15:51:35 +01:00 |
Martin Willi
|
6367de28ad
|
Added a left/rightcertpolicy keyword to specify certificatePolicy requirements
|
2011-01-07 15:51:35 +01:00 |
Martin Willi
|
2e90006f96
|
Show base CRL of delta CRLs in listcrls
|
2011-01-05 16:46:06 +01:00 |
Martin Willi
|
b3d359e58f
|
Use a generic getter for all numerical X.509 constraints
|
2011-01-05 16:46:05 +01:00 |
Martin Willi
|
5dba5852fc
|
Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
|
2011-01-05 16:46:02 +01:00 |
Andreas Steffen
|
27a66f9393
|
implemented wrap around of registered IKEv1 algorithm names
|
2010-12-26 17:11:02 +01:00 |
Andreas Steffen
|
16b6606e5f
|
wrap list of IKEv2 algorithms after 120 characters per line
|
2010-12-24 17:29:51 +01:00 |
Andreas Steffen
|
cb6be85cfe
|
Migrated stroke_list_t to INIT/METHOD macros
|
2010-12-24 14:29:09 +01:00 |
Martin Willi
|
6c302616f1
|
Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality
|
2010-12-20 09:45:39 +01:00 |
Martin Willi
|
37788b1d06
|
Added a TFC padding option to child_cfg
|
2010-12-20 09:45:39 +01:00 |
Andreas Steffen
|
5932f41fcc
|
trace back crypto algorithms to the plugins that registered them
|
2010-12-18 16:31:12 +01:00 |
Martin Willi
|
cf5866b9c0
|
Renamed purgex509/crl to purgecerts/crls to be consistent with list commands
|
2010-12-10 11:21:55 +01:00 |
Martin Willi
|
6aa144ddb7
|
Added options to flush CRLs/X509 certs from the cert cache
|
2010-12-10 09:45:22 +01:00 |
Andreas Steffen
|
4332cd7f95
|
added newline
|
2010-12-07 09:02:55 +01:00 |
Andreas Steffen
|
faccd69068
|
re-introduced comment
|
2010-12-07 09:01:28 +01:00 |
Andreas Steffen
|
a42aaed64f
|
Migrated stroke_control_t to INIT/METHOD macros
|
2010-12-07 08:58:57 +01:00 |
Andreas Steffen
|
d31aec9fa7
|
Migrated stroke_plugin_t to INIT/METHOD macros
|
2010-12-07 08:01:56 +01:00 |
Tobias Brunner
|
5b2d9f24f5
|
Refactored stroke_cred_t to use mem_cred_t.
|
2010-12-03 18:00:00 +01:00 |
Tobias Brunner
|
413d8fe0e3
|
Avoid calling globfree twice on failure.
|
2010-12-03 17:38:36 +01:00 |
Andreas Steffen
|
c616d84c3f
|
start and route connections defined in an SQL database via start_action field and ipsec up %startall command
|
2010-11-28 11:57:49 +01:00 |
Andreas Steffen
|
a9ac8c51ea
|
Migrated stroke_config_t to INIT/METHOD macros
|
2010-11-27 01:12:58 +01:00 |
Andreas Steffen
|
a5ffb559d2
|
Migrated stroke_cat_t to INIT/METHOD macros
|
2010-11-27 00:49:15 +01:00 |
Martin Willi
|
851d60484e
|
Added a stroke rekey command to trigger IKE/CHILD_SA rekeying manually
|
2010-11-03 15:12:05 +01:00 |
Andreas Steffen
|
9b9352c83b
|
fixed 64 bit printf() issue
|
2010-10-24 20:30:19 +02:00 |
Andreas Steffen
|
80f86acccb
|
show validity of OCSP responses
|
2010-09-10 22:26:03 +02:00 |
Tobias Brunner
|
bb381e26c6
|
Refer to scheduler and processor via lib and not hydra.
|
2010-09-02 19:04:18 +02:00 |
Tobias Brunner
|
f6659688ab
|
Refer to kernel interface via hydra and not charon.
|
2010-09-02 19:01:25 +02:00 |
Tobias Brunner
|
61e8e73206
|
Refer to scheduler via hydra and not charon.
|
2010-09-02 19:01:24 +02:00 |
Tobias Brunner
|
c5f7146b17
|
Refer to processor via hydra and not charon.
|
2010-09-02 19:01:22 +02:00 |
Martin Willi
|
bbdc85b66e
|
Respect key types in stroke key/certificate backend
|
2010-09-02 13:07:23 +02:00 |
Martin Willi
|
33b1a2567f
|
Load a left/rightcert2 for EAP-TLS even if no left/rightauth2 is defined
|
2010-08-31 18:10:23 +02:00 |
Martin Willi
|
64d7b0733f
|
Added support for the ipsec.conf aaa_identity keyword
|
2010-08-31 17:52:52 +02:00 |
Martin Willi
|
835ec23aff
|
Use enum mappings to resolve debug group
|
2010-08-23 09:47:04 +02:00 |
Martin Willi
|
9d49f79f55
|
List registered AEAD algorithms in listalgs
|
2010-08-19 19:02:34 +02:00 |
Martin Willi
|
3d711a68fb
|
Added a stroke command to export cached x509 certificates to the console
|
2010-08-10 18:46:30 +02:00 |
Martin Willi
|
a944d2092b
|
Use bits instead of bytes for a private/public key
|
2010-08-10 18:46:30 +02:00 |
Tobias Brunner
|
744b83c7c9
|
Fixed loading of secrets with IDs.
Since the ID string is manually terminated by a null character, write
permission is required for the mmapped ipsec.secrets.
|
2010-08-04 16:03:46 +02:00 |
Tobias Brunner
|
dca2d89209
|
Fixed loading of private keys without password.
The chunk storing the password was not correctly initialized, resulting
in a segmentation fault when no password was specified in ipsec.secrets.
|
2010-08-04 14:22:48 +02:00 |
Martin Willi
|
0d08ebe7ac
|
Pass type of requested key in the callback credential set
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
15177f5785
|
Obseleted BUILD_PASSPHRASE(_CALLBACK) for private key loading, use credential sets
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
0556667dca
|
Use credential sets to load smartcard keys
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
62be923683
|
Implemented a callback based credential set, currently for shared keys only
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
9587ece534
|
mmap() ipsec.secrets instead malloc(), proper error checking
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
947298b302
|
Splitted up the load_secrets() function
|
2010-08-04 09:26:21 +02:00 |
Martin Willi
|
57522106c4
|
%prompt support for smartcard PIN via "ipsec secrets"
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
0b8b664056
|
Pass the PKCS11 keyid as chunk, not as string
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
353d10d590
|
Reuse generic passphrase build part, not a dedicated PIN part
|
2010-08-04 09:26:20 +02:00 |
Martin Willi
|
3479c27931
|
Support module names in %smartcard specifier, streamlined smartcard building
|
2010-08-04 09:26:20 +02:00 |
Thomas Egerer
|
5d2e159b41
|
Fix segfault on 'ipsec stroke up ]' command
|
2010-07-29 14:03:11 +02:00 |
Martin Willi
|
0406eeaacb
|
Support different encoding types in certificate.get_encoding()
|
2010-07-13 13:53:20 +02:00 |
Martin Willi
|
da9724e6d0
|
Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding
|
2010-07-13 11:29:35 +02:00 |
Martin Willi
|
2ccc02a4fd
|
Moved credential manager to libstrongswan
|
2010-07-13 10:26:07 +02:00 |
Andreas Steffen
|
26c4d0102a
|
configuration of different marks for inbound and outbound direction
|
2010-07-09 09:06:07 +02:00 |
Martin Willi
|
4f99093235
|
Show mallinfo() data in statusall, if available
|
2010-07-06 16:28:25 +02:00 |
Martin Willi
|
4172574bfb
|
Use the group constraint in a more generic fashion, not only for attribute certificates
|
2010-07-05 09:41:04 +02:00 |
Andreas Steffen
|
ee26c537d7
|
support of xfrm marks for IKEv2
|
2010-07-02 23:46:09 +02:00 |
Martin Willi
|
d5ad6eb1e0
|
Flush certificate cache on CA delete
|
2010-06-07 13:51:18 +02:00 |
Martin Willi
|
a3ffa9edfd
|
Log non-empty task queues in statusall
|
2010-06-07 11:59:37 +02:00 |
Martin Willi
|
8029e5efd2
|
Added generic implementations for crl_is_newer/certificate_is_newer
|
2010-05-21 16:25:51 +02:00 |
Reto Buerki
|
277fcf9f86
|
Add reqid field and getter function to child_cfg_t.
|
2010-05-04 14:38:34 +02:00 |
Tobias Brunner
|
c9235353f8
|
Use a read-write lock in stroke_attribute to increase concurrency.
|
2010-04-06 12:47:39 +02:00 |
Tobias Brunner
|
8c9f5bad8b
|
Migrated stroke_attribute_t to METHOD/INIT macros.
|
2010-04-06 12:47:38 +02:00 |
Tobias Brunner
|
ac5fb545c5
|
Extracted in-memory IP address pool from stroke plugin to libhydra.
|
2010-04-06 12:47:38 +02:00 |
Martin Willi
|
89bf11d204
|
Respect line with in Makefile.am's, other cosmetics
|
2010-03-25 14:54:56 +01:00 |
Tobias Brunner
|
58f86d0f0f
|
Changed all usages of lib->attributes to hydra->attributes.
|
2010-03-24 18:54:26 +01:00 |
Tobias Brunner
|
bd3f8ea30b
|
Convert charon into libcharon.
|
2010-03-19 13:34:52 +01:00 |
Tobias Brunner
|
08c5572602
|
Moving charon to libcharon.
|
2010-03-19 13:34:52 +01:00 |