21235e1ec2
Merge branch 'ikev1-fragmentation'
...
This adds support for the proprietary IKEv1 fragmentation extension.
Conflicts:
NEWS
2013-01-12 11:58:26 +01:00
10eee5fcba
Fixed some typos in comments
2013-01-11 10:21:51 +01:00
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
1efd6c6f2a
Make use of new CIDR string ts constructor where appropriate
2012-10-24 13:25:08 +02:00
4ce55ffb0b
Use explicit, larger buffer sizes for smartcard keyids and modules
2012-10-24 13:07:53 +02:00
794d713dca
Support loading cacert certificates in ipsec.conf ca sections from smartcard
2012-10-24 13:07:53 +02:00
2abe404927
Refactored stroke smartcard token parsing, support module and slot in leftcert option
2012-10-24 13:07:53 +02:00
9687cb5100
Load ipsec.conf %smartcard leftcerts with pkcs11 builder
2012-10-24 13:07:52 +02:00
0c4b9f7cda
Add a "ipsec listcounters" command to stroke
2012-10-24 11:34:31 +02:00
f9332e0a8b
Add a print method for stroke counters
2012-10-24 11:34:31 +02:00
fc4d1568d1
Add stroke message type counters
2012-10-24 11:34:30 +02:00
5715af7508
Add stroke counters for invalid IKE messages
2012-10-24 11:34:30 +02:00
81e0e10344
Add stroke CHILD_SA rekeying counter
2012-10-24 11:34:30 +02:00
a32a8d4a67
Add stroke IKE rekey counters
2012-10-24 11:34:30 +02:00
47904e3c74
Define stroke counter types to implement
2012-10-24 11:34:11 +02:00
8554895b95
Add a stub for IKE event counters in stroke
2012-10-24 11:34:11 +02:00
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
9fc7cc6f9b
Add IKE version information to ike_cfg_t
2012-10-24 10:18:35 +02:00
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
82f3549fe2
Fix leak of PINs from ipsec.secrets
2012-10-09 11:54:00 +02:00
a05f3b2021
Make sure first argument is an int when using %.*s to print e.g. chunks
2012-09-28 18:01:49 +02:00
4106aea8e4
Made IP address enumeration more flexible
...
Also added an option to enumerate addresses on ignored interfaces.
2012-09-21 18:16:26 +02:00
9ba36c0f7f
Make it easy to check if an address is locally usable via changed get_interface() method
2012-09-21 18:16:26 +02:00
aed33805ce
Don't ignore loopback devices and allow addresses on them being enumerated
2012-09-21 18:16:26 +02:00
8c19323c37
Make stroke user-creds work with XAuth configs
2012-09-18 16:56:17 +02:00
b7a500e985
Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity>
2012-09-18 14:40:41 +02:00
1e04488f32
Check for an existing lease in all stroke pools before creating a new one
2012-09-11 16:18:28 +02:00
28a3d5bfbd
Pass full pool list to release_address
2012-09-11 16:18:28 +02:00
594c58e111
Pass the full list of pools to acquire_address, enumerate in providers
...
If the provider has access to the full pool list, it can enumerate
them twice, for example to search for existing leases first, and
only search for new leases in a second step.
Fixes lease enumeration in attr-sql using multiple pools.
2012-09-11 16:18:28 +02:00
f4cc7ea11b
Add uniqueids=never to ignore INITIAL_CONTACT notifies
...
With uniqueids=no the daemon still deletes any existing IKE_SA with the
same peer if an INITIAL_CONTACT notify is received. With this new option
it also ignores these notifies.
2012-09-10 17:37:18 +02:00
383c174a79
Print the name of mem pools instead of the confusing <base>/<size>
2012-09-10 12:42:09 +02:00
1323dc1138
Merge branch 'multi-vip'
...
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
2012-08-31 12:55:56 +02:00
7240914955
Use eap_vendor_type_from_string() in stroke
2012-08-31 11:40:28 +02:00
d55fe264d1
Pass all configured pool names to attribute provider enumerator
2012-08-30 16:43:43 +02:00
feb8550401
Pass a list instead of a single virtual IP to attribute enumerators
2012-08-30 16:43:42 +02:00
96c2b3cf89
Support multiple addresses/pools in left/rightsourceip
2012-08-30 16:43:42 +02:00
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
63e460542c
Add a stroke attribute_handler requesting DNS servers given with leftdns
2012-08-21 09:38:01 +02:00
9937ca069a
Serve ipsec.conf rightdns servers through stroke attribute provider
2012-08-21 09:38:01 +02:00
17319aa28d
Add a left/rightdns keyword to configure connection specific DNS attributes
2012-08-21 09:38:00 +02:00
b223d517c8
Replaced usages of CHARON_*_PORT with calls to get_port().
2012-08-08 15:12:25 +02:00
e7ea057fd2
Make the UDP ports charon listens for packets on (and uses as source ports) configurable.
2012-08-08 15:07:43 +02:00
874f7c7e2c
Don't add ANY identity constraint to auth config, as XAuth rounds don't use one
2012-07-26 12:38:34 +02:00
46df61dff7
Add an ipsec.conf leftgroups2 parameter for the second authentication round
2012-07-26 11:51:58 +02:00
87dd205b61
Add a return value to hasher_t.allocate_hash()
2012-07-16 14:55:06 +02:00
8d98f7fef6
Avoid that any % characters (e.g. in %any) are evaluated when logging via stroke
2012-07-12 16:58:00 +02:00
0619ddfaa4
Refactored heavily #ifdefd capability code to its own libstrongswan class
2012-07-04 11:01:40 +02:00
0f018a7324
Show some uname() info in "ipsec statusall"
2012-06-28 11:56:40 +02:00
dc6d259635
Show remote EAP/XAuth identity in "statusall" on a separate line
2012-06-27 11:42:00 +02:00
26d77eb3e6
Centralized thread cancellation in processor_t
...
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
dd1381e7d3
Show EAP/XAuth identity in "ipsec status", if available
2012-06-25 10:18:35 +02:00
e2dd114f37
Select requested virtual IP family based on remote TS, if no local TS available
2012-06-20 10:02:01 +02:00
137035cc78
Show what kind of *Swan we run in "ipsec status"
2012-06-14 10:25:48 +02:00
e35bbb9740
Added signature scheme options left/rightauth
2012-06-12 15:01:39 +02:00
a37f2d2006
certificate_t->issued_by takes an argument to receive signature scheme
2012-06-12 14:24:49 +02:00
1d315bddd3
implemented the right|leftallowany feature
2012-06-08 21:24:41 +02:00
21043198ff
Show expiration time of rekeyed CHILD_SAs in statusall
2012-06-05 10:29:43 +02:00
2ac996cb71
list IKEv1 Aggressive Mode in ipsec statusall
2012-05-23 11:12:27 +02:00
5c162dd944
List registered nonce generators in statusall output.
2012-05-18 08:15:41 +02:00
80c5b17d1a
make IKEv1 DPD timeout configurable in charon
2012-05-17 19:49:22 +02:00
1e26235a0d
fixed feature dependencies for CERT_TRUSTED_PUBKEY
2012-05-05 08:54:36 +02:00
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
2ee11fd42d
display (soft) same as (not loaded)
2012-05-03 11:54:56 +02:00
493c468d4d
charon is now an IKE daemon
2012-05-03 11:49:30 +02:00
c9931135d1
stroke plugin sdepends on building CERT_ANY certificates
2012-05-03 11:07:21 +02:00
ead92870b8
Loggers specify what log messages they want to receive during registration.
...
This also allows us to generate the log message only once for all
loggers that need it (avoids calls to custom printf specifier callbacks).
To update the log levels loggers can simply be registered again.
2012-05-02 14:45:38 +02:00
daab152afa
Add plugin features support to stroke plugin
2012-05-02 14:05:52 +02:00
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
552557a65d
add AUTH_RULE_SUBJECT_CERT for raw public keys
2012-04-30 13:40:48 +02:00
3577ec76a5
output validity of raw public key if available
2012-04-30 09:47:34 +02:00
5f1931ada1
added support for raw RSA public keys to stroke
2012-04-30 00:31:42 +02:00
7e84c4275c
Removed auth_cfg_t.replace_value() and replaced usages with add().
...
replace_value() was used to replace identities. Since for these the latest is
now returned by get(), adding the new identity with add() is sufficient.
2012-04-18 18:50:14 +02:00
80067cf9e6
Store password with remote ID to tie it stronger to a specific connection.
2012-04-18 13:32:49 +02:00
9f1b303afc
Added stroke user-creds command, to set username/password for a connection.
2012-04-17 14:20:58 +02:00
7b00fdeb84
Added method to add additional shared secrets to stroke_cred_t.
2012-04-17 14:20:58 +02:00
4c31657d2c
Typo fixed.
2012-04-17 14:20:58 +02:00
4626e49ad9
remove leading zero in ASN.1 encoded serial numbers
2012-04-05 09:04:11 +02:00
320fd5fe62
moved chunk_skip_zero to chunk.h
2012-04-03 14:12:50 +02:00
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
5aef6bd0f3
Accept NULL auth_cfg_t passed to credential_manager_t.get_private()
2012-03-20 17:31:39 +01:00
c791def8c1
Added support for authby/xauth_server legacy options
2012-03-20 17:31:38 +01:00
5763367cac
Show IKE version in ipsec statusall
2012-03-20 17:31:37 +01:00
e129168ba6
Added a "aggressive" ipsec.conf connection option
2012-03-20 17:31:34 +01:00
5ce59d4c06
Added an aggressive mode peer_cfg option
2012-03-20 17:31:34 +01:00
747f837cce
Added a flag to register local credential sets exclusively, disabling all others
2012-03-20 17:31:28 +01:00
ac009df132
Pass IKE version to peer config enumerator, filter configs
2012-03-20 17:31:25 +01:00
d94c923648
Support an "any" IKE version for both IKEv1 or IKEv2
2012-03-20 17:31:25 +01:00
f29a4f1c64
Added support for iKEIntermediate X.509 extended key usage flag.
...
Mac OS X requires server certificates to have this flag set.
2012-03-20 17:31:24 +01:00
5f6a37eb9b
Be a little more verbose about XAuth configs in ipsec statusall
2012-03-20 17:31:23 +01:00
21a4fc832e
Pass ipsec.conf xauth_identity option via stroke to charon configurations
2012-03-20 17:31:23 +01:00
0a43f4b6c4
Log configured IKE version in stroke plugin.
2012-03-20 17:31:20 +01:00
cbda13f6fe
Accept a xauth backend name appended to left/rightauth
2012-03-20 17:31:15 +01:00
96c9159d96
Use a second authentication config to configure XAUTH authentication
2012-03-20 17:31:15 +01:00
b4e815354c
Map auth_class to auth method and IKEv1 proposal attribute
2012-03-20 17:30:53 +01:00
23f4e4b42d
IKEv1 XAUTH: Added ability to configure XAUTH+PSK. Added task to handle XAUTH requests. Modified task_manager_v1 to enable it to initiate new tasks immediately after finishing a response.
2012-03-20 17:30:49 +01:00
cf1772f685
Do not ignore configs for IKEv1 in charon anymore
2012-03-20 17:30:43 +01:00
f7a8fcedc0
Use enum to define IKE version on peer_cfg_t.
...
Replaced all those magic numbers.
2012-03-20 17:30:41 +01:00
bc403eb1e5
Fixed crash and locking issues while unrouting connections via stroke
2012-03-13 10:56:22 +01:00
9ec66bc1a5
Added an option to load CA certificates without CA basic constraint.
...
Enabling this option treats all certificates in ipsec.d/cacerts and
ipsec.conf ca sections as CA certificates even if they do not contain a
CA basic constraint.
2012-02-01 14:34:52 +01:00
f1ba06c1c6
Cache list of plugin names to further simplify its usage.
...
Also helpful for ipsec statusall to avoid having to enumerate plugins.
2012-01-19 12:37:42 +01:00
576298a3ef
Simplified logging of list of loaded plugins.
2012-01-19 11:56:03 +01:00
7c0c2349a9
Make number of concurrently handled stroke messages configurable.
2011-12-29 18:41:39 +01:00
8ff513a863
Limit the number of concurrently handled stroke messages.
...
This avoids clogging the thread pool with potentially blocking jobs.
2011-12-29 18:39:34 +01:00
b46a5cd4ef
Fixed check for log groups when debug_t is unsigned.
...
The range and signedness of enum types is up to the compiler.
2011-11-25 09:48:32 +01:00
b21cfa93f8
Cosmetics
2011-10-26 10:32:54 +02:00
2d2ffa58f6
Added a listplugins stroke command to show plugin features
2011-10-14 10:05:44 +02:00
fa7c8338ca
Plugin enumerator enumerates over loaded features, too
2011-10-14 10:05:44 +02:00
9cd7f384ba
Include library.h in plugin.h
2011-10-14 10:04:45 +02:00
f7ce74983d
Removed unneeded include.
...
This is not available on Android and redirects to <fcntl.h> on Ubuntu.
2011-10-11 16:30:20 +02:00
d3bd67239f
Added fallback to ipsec.secrets parser if glob(3) is not available.
2011-10-11 16:30:20 +02:00
673ce4da9b
Migrated stroke_cred_t to INIT/METHOD macros.
2011-10-03 19:04:19 +02:00
0d430d4f54
Migrated stroke_socket_t to INIT/METHOD macros.
2011-10-03 18:56:21 +02:00
8e3f14baab
bus->listen() and the controller wrappers accept a timeout to wait for callbacks
2011-08-26 10:44:25 +02:00
d33f6f7dba
fixed esn type
2011-07-20 23:11:19 +02:00
6101ee9b06
added log and status output for ESN
2011-07-16 11:09:38 +02:00
47daa0e6fe
Replaced more complex iterator usages.
2011-07-06 09:43:45 +02:00
4bbce1ef37
Replaced ike_sa_t.create_child_sa_iterator with enumerator.
...
This required two new methods on ike_sa_t. One returns the number of
CHILD_SAs and one allows to remove a CHILD_SA.
2011-07-06 09:43:45 +02:00
f87991704e
implemented PASS and DROP shunt policies
2011-06-28 19:42:54 +02:00
876961cf0e
Properly print time differences.
...
time_t is not necessarily of type int.
2011-06-07 17:52:34 +02:00
1b185ea490
Use proper printf specifiers to print u_int64_t and uintptr_t.
2011-06-07 17:30:57 +02:00
cb7a9862c6
Fix compilation with GCC 4.6.
2011-06-07 15:45:18 +02:00
f34ebc845b
Add a closeaction ipsec.conf keyword to configure close action
2011-06-07 12:07:21 +02:00
14bf2f689d
Use CRITICAL job priority class for long running dispatcher jobs
2011-05-16 15:24:15 +02:00
4cf6f101d8
Show total and half-open SA count in statusall
2011-05-16 15:24:15 +02:00
c726b1a6a5
Show how many threads are active in each class in statusall
2011-05-16 15:24:14 +02:00
a694b481ee
Added a statusallnb stroke command to show status non-blocking
2011-05-16 15:24:14 +02:00
69c3eca0e9
Added a non-blocking, skipping variant of IKE_SA enumerator
2011-05-16 15:24:13 +02:00
c73d4f53f5
Processor job scheduling respects job priority classes
2011-05-16 15:24:13 +02:00
dfe9bad981
Added a stroke memusage command to show memory usage
2011-05-16 15:22:21 +02:00
4778655726
Cast size_t len arguments to %.*s to int
2011-04-20 13:08:32 +02:00
dd0696ec8e
Use strncpy when reading smartcard keyids from ipsec.secrets.
2011-04-19 18:00:16 +02:00
c55818ebb0
Added a (not yet implemented) plugin_t method to reload plugin configuration
2011-04-15 10:07:13 +02:00
787b5884aa
Added a get_name() function to plugin_t, create_plugin_enumerator enumerates over plugin_t
2011-04-15 10:07:12 +02:00
b0fd7d1482
Proper cleanup if IDs in ipsec.secrets cannot be parsed.
2011-04-14 18:11:45 +02:00
e51cae33a9
Fix compiler warnings at creation of CRL cache filenames.
...
This was not really a problem because ptr is the first member of a chunk_t
and it contains a null-terminated string at that point. But it's clearer
this way.
2011-04-14 18:10:27 +02:00
aee071ed8b
Fixed check for member of stroke_msg_t in pop_string.
...
Because of the cast to char** the length of the message was multiplied
by sizeof(char*), i.e. 4 or 8 bytes (depending on the architecture) instead
of by 1 (sizeof(char)).
2011-04-13 18:18:03 +02:00
25ed5672a6
initiate or route all child configs if they have different names from their parent peer config
2011-03-04 07:02:31 +01:00
ea1c20d14b
initiate or route child configs which don't have a peer config of the same name
2011-03-01 22:24:19 +01:00
a2ebc1bd69
put DN in double quotes
2011-03-01 22:19:59 +01:00
d390b3b901
[hopefully] fixed pathlen problem on ARM platforms
2011-02-10 15:51:18 +01:00
f04d1c2dfe
replaced ipsec up %startall command by start_action job
2011-02-09 22:27:04 +01:00
44e513a320
Added support for trustchain key strength checking to rightauth option
2011-01-07 15:51:35 +01:00
6367de28ad
Added a left/rightcertpolicy keyword to specify certificatePolicy requirements
2011-01-07 15:51:35 +01:00
2e90006f96
Show base CRL of delta CRLs in listcrls
2011-01-05 16:46:06 +01:00
b3d359e58f
Use a generic getter for all numerical X.509 constraints
2011-01-05 16:46:05 +01:00
5dba5852fc
Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
2011-01-05 16:46:02 +01:00
27a66f9393
implemented wrap around of registered IKEv1 algorithm names
2010-12-26 17:11:02 +01:00
16b6606e5f
wrap list of IKEv2 algorithms after 120 characters per line
2010-12-24 17:29:51 +01:00
cb6be85cfe
Migrated stroke_list_t to INIT/METHOD macros
2010-12-24 14:29:09 +01:00
6c302616f1
Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality
2010-12-20 09:45:39 +01:00
37788b1d06
Added a TFC padding option to child_cfg
2010-12-20 09:45:39 +01:00
5932f41fcc
trace back crypto algorithms to the plugins that registered them
2010-12-18 16:31:12 +01:00
cf5866b9c0
Renamed purgex509/crl to purgecerts/crls to be consistent with list commands
2010-12-10 11:21:55 +01:00
6aa144ddb7
Added options to flush CRLs/X509 certs from the cert cache
2010-12-10 09:45:22 +01:00
4332cd7f95
added newline
2010-12-07 09:02:55 +01:00
faccd69068
re-introduced comment
2010-12-07 09:01:28 +01:00
a42aaed64f
Migrated stroke_control_t to INIT/METHOD macros
2010-12-07 08:58:57 +01:00
d31aec9fa7
Migrated stroke_plugin_t to INIT/METHOD macros
2010-12-07 08:01:56 +01:00
5b2d9f24f5
Refactored stroke_cred_t to use mem_cred_t.
2010-12-03 18:00:00 +01:00
413d8fe0e3
Avoid calling globfree twice on failure.
2010-12-03 17:38:36 +01:00
c616d84c3f
start and route connections defined in an SQL database via start_action field and ipsec up %startall command
2010-11-28 11:57:49 +01:00
a9ac8c51ea
Migrated stroke_config_t to INIT/METHOD macros
2010-11-27 01:12:58 +01:00
a5ffb559d2
Migrated stroke_cat_t to INIT/METHOD macros
2010-11-27 00:49:15 +01:00
851d60484e
Added a stroke rekey command to trigger IKE/CHILD_SA rekeying manually
2010-11-03 15:12:05 +01:00
9b9352c83b
fixed 64 bit printf() issue
2010-10-24 20:30:19 +02:00
80f86acccb
show validity of OCSP responses
2010-09-10 22:26:03 +02:00
bb381e26c6
Refer to scheduler and processor via lib and not hydra.
2010-09-02 19:04:18 +02:00
f6659688ab
Refer to kernel interface via hydra and not charon.
2010-09-02 19:01:25 +02:00
61e8e73206
Refer to scheduler via hydra and not charon.
2010-09-02 19:01:24 +02:00
c5f7146b17
Refer to processor via hydra and not charon.
2010-09-02 19:01:22 +02:00
bbdc85b66e
Respect key types in stroke key/certificate backend
2010-09-02 13:07:23 +02:00
33b1a2567f
Load a left/rightcert2 for EAP-TLS even if no left/rightauth2 is defined
2010-08-31 18:10:23 +02:00
64d7b0733f
Added support for the ipsec.conf aaa_identity keyword
2010-08-31 17:52:52 +02:00
835ec23aff
Use enum mappings to resolve debug group
2010-08-23 09:47:04 +02:00
9d49f79f55
List registered AEAD algorithms in listalgs
2010-08-19 19:02:34 +02:00
3d711a68fb
Added a stroke command to export cached x509 certificates to the console
2010-08-10 18:46:30 +02:00
a944d2092b
Use bits instead of bytes for a private/public key
2010-08-10 18:46:30 +02:00
744b83c7c9
Fixed loading of secrets with IDs.
...
Since the ID string is manually terminated by a null character, write
permission is required for the mmapped ipsec.secrets.
2010-08-04 16:03:46 +02:00
dca2d89209
Fixed loading of private keys without password.
...
The chunk storing the password was not correctly initialized, resulting
in a segmentation fault when no password was specified in ipsec.secrets.
2010-08-04 14:22:48 +02:00
0d08ebe7ac
Pass type of requested key in the callback credential set
2010-08-04 09:26:21 +02:00
15177f5785
Obseleted BUILD_PASSPHRASE(_CALLBACK) for private key loading, use credential sets
2010-08-04 09:26:21 +02:00
0556667dca
Use credential sets to load smartcard keys
2010-08-04 09:26:21 +02:00
62be923683
Implemented a callback based credential set, currently for shared keys only
2010-08-04 09:26:21 +02:00
9587ece534
mmap() ipsec.secrets instead malloc(), proper error checking
2010-08-04 09:26:21 +02:00
947298b302
Splitted up the load_secrets() function
2010-08-04 09:26:21 +02:00
57522106c4
%prompt support for smartcard PIN via "ipsec secrets"
2010-08-04 09:26:20 +02:00
0b8b664056
Pass the PKCS11 keyid as chunk, not as string
2010-08-04 09:26:20 +02:00
353d10d590
Reuse generic passphrase build part, not a dedicated PIN part
2010-08-04 09:26:20 +02:00
3479c27931
Support module names in %smartcard specifier, streamlined smartcard building
2010-08-04 09:26:20 +02:00
5d2e159b41
Fix segfault on 'ipsec stroke up ]' command
2010-07-29 14:03:11 +02:00
0406eeaacb
Support different encoding types in certificate.get_encoding()
2010-07-13 13:53:20 +02:00
da9724e6d0
Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding
2010-07-13 11:29:35 +02:00
2ccc02a4fd
Moved credential manager to libstrongswan
2010-07-13 10:26:07 +02:00
26c4d0102a
configuration of different marks for inbound and outbound direction
2010-07-09 09:06:07 +02:00
4f99093235
Show mallinfo() data in statusall, if available
2010-07-06 16:28:25 +02:00
4172574bfb
Use the group constraint in a more generic fashion, not only for attribute certificates
2010-07-05 09:41:04 +02:00
ee26c537d7
support of xfrm marks for IKEv2
2010-07-02 23:46:09 +02:00
d5ad6eb1e0
Flush certificate cache on CA delete
2010-06-07 13:51:18 +02:00
Tobias Brunner