aa693d763a
stroke: Use dirname(3) correctly
2014-02-24 12:04:10 +01:00
d223fe807a
libcharon: Use lib->ns instead of charon->name
2014-02-12 14:34:32 +01:00
ecdef634aa
stroke: Use chunk_map() instead of non-portable mmap()
2014-01-23 15:55:32 +01:00
b9ee059ca9
chunk: Externalize error reporting in chunk_write()
...
This avoids passing that arbitrary label just for error messages, and gives
greater flexibility in handling errors.
2014-01-23 15:55:32 +01:00
591f923134
stroke: Add certificates extracted from PKCS#12 files to correct credential set
...
Only keys and shared secrets are moved from the temporary credential set after
loading all secrets.
2013-07-15 10:59:13 +02:00
d27f225d9a
Use strpfx() helper where appropriate
2013-07-08 18:49:30 +02:00
6040eff900
stroke: Add second password if provided
2013-05-08 15:02:41 +02:00
1c080407b2
stroke: Fail silently if another builder calls PW callback after giving up
...
Also reduced the number of tries to 3.
2013-05-08 15:02:41 +02:00
4a64c3e9a0
stroke: Cache passwords so the user is not prompted multiple times for the same password
...
To verify/decrypt a PKCS#12 container a password might be needed
multiple times. If it was entered correctly we don't want to bother the
user again with another password prompt.
The passwords for MAC creation and encryption could be different so the
user might be prompted multiple times after all.
2013-05-08 15:02:41 +02:00
e240b03e68
stroke: Fix prompt and error messages in passphrase callback
2013-05-08 15:02:41 +02:00
7971278c92
stroke: Load credentials from PKCS#12 files (P12 token)
2013-05-08 15:02:41 +02:00
87692be215
Load any type (RSA/ECDSA) of public key via left|rightsigkey
2013-05-07 17:08:31 +02:00
fa1d3d39dc
left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly
...
The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.
2013-05-07 15:38:28 +02:00
c0bbddfa42
Try to load raw keys from ipsec.conf as PKCS#1 blob first
...
The DNSKEY builder is quite eager and parses pretty much anything
as RSA key, so this has to be done before.
2013-05-07 14:08:51 +02:00
1a71178940
Avoid a race condition when reloading secrets from ipsec.secrets
...
With the previous implementation that cleared the secrets in the active
credential set and then loaded the secrets, IKE SA establishment would
fail (as initiator or responder) if secrets are concurrently reloaded
and the required secret was not yet loaded.
2013-03-20 15:27:34 +01:00
824864f4e0
Don't try to mmap() empty ipsec.secret files
2013-03-19 13:46:16 +01:00
9ccfeb8ca1
Use proper buffer sizes for parse_smartcard()
2013-01-24 23:35:42 +01:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
4ce55ffb0b
Use explicit, larger buffer sizes for smartcard keyids and modules
2012-10-24 13:07:53 +02:00
794d713dca
Support loading cacert certificates in ipsec.conf ca sections from smartcard
2012-10-24 13:07:53 +02:00
2abe404927
Refactored stroke smartcard token parsing, support module and slot in leftcert option
2012-10-24 13:07:53 +02:00
9687cb5100
Load ipsec.conf %smartcard leftcerts with pkcs11 builder
2012-10-24 13:07:52 +02:00
82f3549fe2
Fix leak of PINs from ipsec.secrets
2012-10-09 11:54:00 +02:00
a05f3b2021
Make sure first argument is an int when using %.*s to print e.g. chunks
2012-09-28 18:01:49 +02:00
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
5f1931ada1
added support for raw RSA public keys to stroke
2012-04-30 00:31:42 +02:00
7b00fdeb84
Added method to add additional shared secrets to stroke_cred_t.
2012-04-17 14:20:58 +02:00
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
747f837cce
Added a flag to register local credential sets exclusively, disabling all others
2012-03-20 17:31:28 +01:00
9ec66bc1a5
Added an option to load CA certificates without CA basic constraint.
...
Enabling this option treats all certificates in ipsec.d/cacerts and
ipsec.conf ca sections as CA certificates even if they do not contain a
CA basic constraint.
2012-02-01 14:34:52 +01:00
d3bd67239f
Added fallback to ipsec.secrets parser if glob(3) is not available.
2011-10-11 16:30:20 +02:00
673ce4da9b
Migrated stroke_cred_t to INIT/METHOD macros.
2011-10-03 19:04:19 +02:00
4778655726
Cast size_t len arguments to %.*s to int
2011-04-20 13:08:32 +02:00
dd0696ec8e
Use strncpy when reading smartcard keyids from ipsec.secrets.
2011-04-19 18:00:16 +02:00
b0fd7d1482
Proper cleanup if IDs in ipsec.secrets cannot be parsed.
2011-04-14 18:11:45 +02:00
e51cae33a9
Fix compiler warnings at creation of CRL cache filenames.
...
This was not really a problem because ptr is the first member of a chunk_t
and it contains a null-terminated string at that point. But it's clearer
this way.
2011-04-14 18:10:27 +02:00
5b2d9f24f5
Refactored stroke_cred_t to use mem_cred_t.
2010-12-03 18:00:00 +01:00
413d8fe0e3
Avoid calling globfree twice on failure.
2010-12-03 17:38:36 +01:00
bbdc85b66e
Respect key types in stroke key/certificate backend
2010-09-02 13:07:23 +02:00
744b83c7c9
Fixed loading of secrets with IDs.
...
Since the ID string is manually terminated by a null character, write
permission is required for the mmapped ipsec.secrets.
2010-08-04 16:03:46 +02:00
dca2d89209
Fixed loading of private keys without password.
...
The chunk storing the password was not correctly initialized, resulting
in a segmentation fault when no password was specified in ipsec.secrets.
2010-08-04 14:22:48 +02:00
0d08ebe7ac
Pass type of requested key in the callback credential set
2010-08-04 09:26:21 +02:00
15177f5785
Obseleted BUILD_PASSPHRASE(_CALLBACK) for private key loading, use credential sets
2010-08-04 09:26:21 +02:00
0556667dca
Use credential sets to load smartcard keys
2010-08-04 09:26:21 +02:00
62be923683
Implemented a callback based credential set, currently for shared keys only
2010-08-04 09:26:21 +02:00
9587ece534
mmap() ipsec.secrets instead malloc(), proper error checking
2010-08-04 09:26:21 +02:00
947298b302
Splitted up the load_secrets() function
2010-08-04 09:26:21 +02:00
57522106c4
%prompt support for smartcard PIN via "ipsec secrets"
2010-08-04 09:26:20 +02:00
0b8b664056
Pass the PKCS11 keyid as chunk, not as string
2010-08-04 09:26:20 +02:00
Tobias Brunner