Martin Willi
87dd205b61
Add a return value to hasher_t.allocate_hash()
2012-07-16 14:55:06 +02:00
Martin Willi
a37f2d2006
certificate_t->issued_by takes an argument to receive signature scheme
2012-06-12 14:24:49 +02:00
Tobias Brunner
79d5c4f06b
Fixed return values of several functions (e.g. return FALSE for pointer types).
2012-05-31 17:39:04 +02:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Tobias Brunner
f29a4f1c64
Added support for iKEIntermediate X.509 extended key usage flag.
...
Mac OS X requires server certificates to have this flag set.
2012-03-20 17:31:24 +01:00
Tobias Brunner
00cc2188d4
Some whitespace fixes.
2012-03-20 17:31:24 +01:00
Adrian-Ken Rueegsegger
d887b8e134
Fix whitespaces
2012-01-12 11:25:18 +01:00
Tobias Brunner
e86b685da5
Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.
2011-12-23 18:07:39 +01:00
Tobias Brunner
1267127c11
Properly ASN.1 encode dates in certificates depending on the year.
2011-12-23 16:29:41 +01:00
Tobias Brunner
eb497205e3
Log most X.509 related messages in new ASN log group.
2011-12-16 16:44:38 +01:00
Andreas Steffen
4953a78a66
fixed parsing of X.509 certificatePolicies
2011-03-11 12:38:00 +01:00
Andreas Steffen
d390b3b901
[hopefully] fixed pathlen problem on ARM platforms
2011-02-10 15:51:18 +01:00
Tobias Brunner
84545f6e7c
Some typos fixed.
2011-02-07 11:39:41 +01:00
Andreas Steffen
c4fd3b2f42
introduced libstrongswan.x509.enforce_critical parameter
2011-02-05 09:01:18 +01:00
Martin Willi
b088fd4a76
Slightly renamed different policyConstraints to distinguish them better
2011-01-05 16:46:05 +01:00
Martin Willi
07eee80401
Added support for inhibitAnyPolicy constraint to x509 plugin
2011-01-05 16:46:05 +01:00
Martin Willi
b3d359e58f
Use a generic getter for all numerical X.509 constraints
2011-01-05 16:46:05 +01:00
Martin Willi
1019cad161
Moved CRL distribution point building to an exportable function
2011-01-05 16:46:03 +01:00
Martin Willi
a6478a0402
Simplified format of x509 CRL URI parsing/enumerator
2011-01-05 16:46:03 +01:00
Martin Willi
a742d97fb8
Added support for policyConstraints to x509 plugin
2011-01-05 16:46:02 +01:00
Martin Willi
5dba5852fc
Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
2011-01-05 16:46:02 +01:00
Martin Willi
5a0caa4b3a
Added policyMappings support to x509 plugin
2011-01-05 16:46:02 +01:00
Martin Willi
20bd78106e
Added certificatePolicy support to x509 plugin
2011-01-05 16:46:02 +01:00
Martin Willi
7eeb37dea9
Added support for generating NameConstraints in x509 plugin
2011-01-05 16:46:00 +01:00
Martin Willi
7c325cee5c
Added support for parsing NameConstraints in x509 plugin
2011-01-05 16:46:00 +01:00
Martin Willi
dbfbbec368
Added name constraint enumerator to x509 interface
2011-01-05 16:46:00 +01:00
Martin Willi
a199ef15e6
Migrated x509_cert_t to INIT/METHOD macros
2011-01-05 16:46:00 +01:00
Martin Willi
ece5ac2271
Parse and encode crlSign keyUsage flag in x509 plugin
2011-01-05 16:45:56 +01:00
Martin Willi
4e508517d7
Added support for CRL Issuers to x509 and OpenSSL plugins
2011-01-05 16:45:55 +01:00
Martin Willi
663e735553
Compare subject against all key identifiers in has_subject()
2010-09-09 17:46:20 +02:00
Andreas Steffen
f85f0c2795
has_subject() now resolves ID_KEY_IDs
2010-09-09 17:15:46 +02:00
Martin Willi
772cba39e4
Parse UPN subjectAltNames in x509 plugin
2010-08-10 18:46:31 +02:00
Martin Willi
0406eeaacb
Support different encoding types in certificate.get_encoding()
2010-07-13 13:53:20 +02:00
Martin Willi
da9724e6d0
Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding
2010-07-13 11:29:35 +02:00
Martin Willi
7a74295e42
Select subjectAltName address family using address length in x509 plugin
2010-06-24 12:01:18 +02:00
Martin Willi
aab861608a
Removed is_newer() from certificate_t, obsoleting all implementations
2010-05-21 16:25:51 +02:00
Tobias Brunner
8b0e09103b
Adding DBG_LIB to all calls of libstrongswan's version of DBG*.
2010-04-06 12:47:40 +02:00
Andreas Steffen
ceeb9bac8b
critical keyUsage extension must be parsed
2010-03-07 20:51:34 +01:00
Andreas Steffen
1ec8f22de2
set Certificate Sign and CRL Sign flags in keyUsage extension if CA is true
2010-03-07 17:27:53 +01:00
Andreas Steffen
b917f49684
initialize variables to avoid compiler warning
2010-02-05 12:34:37 +01:00
Martin Willi
7eab4a1be6
Support TLS client authentication Extended Key Usage in x509 generation
2010-01-14 12:00:43 +01:00
Andreas Steffen
3e33ae1004
ipsec pki --self|issue supports --pathlen option setting a path length constraint
2009-12-31 15:13:35 +01:00
Andreas Steffen
e16a01a5e6
X509_IP_ADDR_BLOCKS flag signals the presence of an ipAddrBlock certificate extension
2009-12-22 13:18:27 +01:00
Andreas Steffen
91e35b7c9e
added create_ipAddrBlock_enumerator() method to x509_t
2009-12-22 11:58:30 +01:00
Andreas Steffen
157125e4c9
traffic_selector supports RFC 3779 address range format
2009-12-21 21:29:01 +01:00
Andreas Steffen
513eb95e60
parse RFC 3779 addressFamily
2009-12-20 19:26:28 +01:00
Andreas Steffen
7d379a786c
plugin name is x509
2009-12-20 16:01:35 +01:00
Andreas Steffen
28c25485ba
discard certificate with unknown critical extensions
2009-12-20 15:53:39 +01:00
Andreas Steffen
f3e366a9a0
use traffic_selector_t object to represent ipAddrBlocks
2009-12-20 15:15:02 +01:00
Andreas Steffen
ad858aee15
parse ipAddrBlocks
2009-12-17 17:32:55 +01:00