Martin Willi
ea340ee840
Wrap task enumerator in ike_sa
2010-06-07 11:37:55 +02:00
Martin Willi
8bced61b76
Migrated ike_sa_t to INIT/METHOD macros
2010-06-07 09:30:27 +00:00
Martin Willi
665c18bd85
Added support for task enumeration in task_manager_t
2010-06-07 10:45:25 +02:00
Martin Willi
9560a3166f
Migrated task_manager_t to INIT/METHOD macros
2010-06-07 10:37:00 +02:00
Andreas Steffen
39e3b58fe4
use --addattr
2010-06-05 13:49:01 +02:00
Andreas Steffen
88613f159d
use --addattr
2010-06-05 13:47:23 +02:00
Andreas Steffen
4321d19d1e
added ikev2/nat-virtual-ip scenario
2010-06-05 13:42:28 +02:00
Andreas Steffen
b2be7dd621
remove stray carolReq.pem
2010-06-05 13:36:39 +02:00
Andreas Steffen
5a9a255ae5
share pool in ikev1/mode-config-multiple scenario
2010-06-05 13:17:51 +02:00
Andreas Steffen
6d989d356b
use --addattr
2010-06-05 13:15:03 +02:00
Andreas Steffen
bdd28aa9c5
remove stray scenario files
2010-06-05 13:10:39 +02:00
Martin Willi
d43775ae58
Accept ARP requests with an ethernet trailer, but trim it
2010-06-03 08:39:33 +02:00
Martin Willi
d2c358742a
Added a EAP-SIM/AKA backend reading triplets/quintuplets from a SQL database
2010-06-02 15:59:44 +02:00
Andreas Steffen
c77f4b305e
fixed configuration attribute type determination
2010-06-02 11:52:17 +02:00
Martin Willi
2f57e6da0e
Disable close action for a redundant CHILD_SA resulting from a rekey collision
...
If a rekey collision is detected, the winning peer of the nonce compare
will delete the redundant CHILD_SA. The other peer should not enforce the
close action on this CHILD, as it would reestablish the redundat CHILD_SA.
Thanks to Thomas Egerer from secunet for pointing this out and the initial
patchset.
2010-06-02 11:48:52 +02:00
Martin Willi
fe02d99b96
Use wrapped getters for close/dpd action
2010-06-02 11:48:51 +02:00
Martin Willi
4c401ea216
Wrap getters for dpd/close action into CHILD_SA, allows us to override them
2010-06-02 11:48:44 +02:00
Andreas Steffen
616b13c7a5
ipsec pool --statusattr [--hexout] outputs attribute values in correct format if known
2010-06-01 16:47:56 +02:00
Andreas Steffen
185d8b7335
added unity_def_domain keyword tip ipsec pool
2010-05-31 16:47:06 +02:00
Martin Willi
80b5661a9b
Added generated manpages to .gitignore
2010-05-31 13:41:25 +02:00
Martin Willi
a2cf26f1c1
Changed default lifetime of certificates to 3 years
2010-05-31 13:15:19 +02:00
Martin Willi
70ac7c43a5
Support extendedKeyUsage flags in self-signed certificates
2010-05-31 13:15:05 +02:00
Tobias Brunner
3d829c4c0a
IPSEC_CONFDIR in ipsec script fixed.
2010-05-30 13:07:32 +02:00
Tobias Brunner
8f76653a4c
Adding the version number to the most relevant manual pages.
2010-05-30 13:03:04 +02:00
Tobias Brunner
1d3a48b559
Updated and corrected the ipsec.secrets(5) manual page.
2010-05-30 12:29:32 +02:00
Tobias Brunner
f115838bee
Updated and corrected the ipsec.conf(5) manual page.
2010-05-30 12:29:26 +02:00
Tobias Brunner
28550caaa8
Updated and corrected the ipsec(8) manual page.
2010-05-30 12:29:18 +02:00
Andreas Steffen
d9c751daac
added --leases command line option to synopsis
2010-05-29 13:29:23 +02:00
Andreas Steffen
751379e5e8
added --showattr command line option to synopsys
2010-05-29 13:23:20 +02:00
Andreas Steffen
3561cc4b3b
added X.509 support by openssl plugin to NEWS
2010-05-29 11:22:36 +02:00
Andreas Steffen
5b6200888b
remove x509 plugin from openssl-ikev1 scenarios
2010-05-28 23:22:15 +02:00
Tobias Brunner
d070e0a6d1
Do not install trap policy if remote host is %any.
2010-05-28 15:43:12 +02:00
Andreas Steffen
e8960c2a99
be lenient towards wrong attribute encodings
2010-05-28 15:07:21 +02:00
Martin Willi
2e08be79a3
Send empty SIM/AKA-NOTIFICATION response for non-success codes, too
2010-05-27 15:04:25 +02:00
Martin Willi
ddf29f5b07
Added support for reading raw PUT/POST data from HTTP request
2010-05-27 09:30:14 +02:00
Martin Willi
f00a101590
Unwrap subjectKeyIdentifier from OCTET_STRING
2010-05-26 16:09:50 +02:00
Andreas Steffen
bd371ccac7
remove x509 plugin from remaining openssl-ikev2 scenarios
2010-05-25 15:49:58 +02:00
Andreas Steffen
2996cb3163
openssl-ikev2/rw-cert scenario doesn't need x509 plugin any more
2010-05-25 15:26:46 +02:00
Andreas Steffen
e2bd6b616e
several subnets can be concatenated
2010-05-22 22:53:24 +02:00
Andreas Steffen
2111dc1b84
added --showattr command to usage()
2010-05-22 10:46:15 +02:00
Martin Willi
24632bc0e8
Fixed compiler warning in invocation of crl_is_newer()
2010-05-21 16:41:13 +02:00
Martin Willi
09f38ebe54
Use CAs subjectKeyIdentifier as CRLs authorityKeyIdentifier
2010-05-21 16:38:19 +02:00
Martin Willi
0c73ceff0a
Added a --signcrl command to the pki utility
2010-05-21 16:25:51 +02:00
Martin Willi
13c593f126
Added support for CRL generation to x509 plugin
2010-05-21 16:25:51 +02:00
Martin Willi
aab861608a
Removed is_newer() from certificate_t, obsoleting all implementations
2010-05-21 16:25:51 +02:00
Martin Willi
8029e5efd2
Added generic implementations for crl_is_newer/certificate_is_newer
2010-05-21 16:25:51 +02:00
Martin Willi
654218a31b
Migrated x509_crl_t to INIT/METHOD macros
2010-05-21 16:25:51 +02:00
Martin Willi
6d7eed9a37
Implemented X.509 CRL reading using OpenSSL
2010-05-21 16:25:51 +02:00
Martin Willi
5728c6aa7e
Implemented X.509 certificate reading using OpenSSL
2010-05-21 16:25:51 +02:00
Andreas Steffen
3e3059ba7c
oops, removed stray parenthesis
2010-05-20 17:39:10 +02:00