Tobias Brunner
1ec9382880
vici: Add support for PPKs
2018-09-10 18:03:01 +02:00
Tobias Brunner
859d645c44
vici: Accept XAUTH as shared key type too
...
Fixes #2481 .
2017-12-22 10:09:22 +01:00
Tobias Brunner
605a98c7ce
vici: Return key ID from load-key command
...
We already do this for load-token and this should simplify client
implementations.
2017-05-23 16:41:02 +02:00
Tobias Brunner
2ceeb96db5
vici: Add command to load a private key from a token
...
PINs are stored in a "hidden" credential set, so that its shared
secrets are not exposed via VICI. Since they are not explicitly loaded as
shared secrets via VICI a client might consider them as removed secrets and
remove them.
2017-02-16 19:24:07 +01:00
Tobias Brunner
ed105f45af
vici: Add support for NT Hash secrets
...
Fixes #1002 .
2017-02-16 19:23:51 +01:00
Tobias Brunner
cf57d9a98f
vici: Add possibility to remove shared keys by a unique identifier
...
This identifier can be set when adding/replacing a secret. The unique
identifiers of all secrets may be enumerated.
2017-02-16 19:21:13 +01:00
Tobias Brunner
2a56acf501
vici: Add commands to enumerate and remove private keys
...
They are identified by their SHA-1 key identifier.
2017-02-16 19:21:12 +01:00
Andreas Steffen
85b5a6ace2
Save both base and delta CRLs to disk
2016-10-11 17:18:22 +02:00
Andreas Steffen
2a2669ee3e
vici: strongswan.conf cache_crls = yes saves fetched CRLs to disk
2016-10-11 17:18:22 +02:00
Andreas Steffen
2c7cfe7630
vici: flush-certs command flushes certificate cache
...
When fresh CRLs are released with a high update frequency (e.g.
every 24 hours) or OCSP is used then the certificate cache gets
quickly filled with stale CRLs or OCSP responses. The new VICI
flush-certs command allows to flush e.g. cached CRLs or OCSP
responses only. Without the type argument all kind of certificates
(e.g. also received end entity and intermediate CA certificates)
are purged.
2016-09-13 17:02:59 +02:00
Andreas Steffen
87371460f6
vici: Support of raw public keys
2016-01-09 07:23:29 +01:00
Andreas Steffen
02d431022c
Refactored certificate management for the vici and stroke interfaces
2015-12-12 00:19:24 +01:00
Andreas Steffen
334119b843
Share vici_cert_info.c with vici_cred.c
2015-12-11 18:26:55 +01:00
Tobias Brunner
176c24b8e1
vici: Attribute certificates are not trusted
2015-11-12 14:45:43 +01:00
Tobias Brunner
e5e352e631
vici: Properly add CRLs to the credential set
...
add_crl() ensures that old CLRs are not stored in the credential set.
2015-11-12 14:45:42 +01:00
Andreas Steffen
63d370387d
vici: Certification Authority support added.
...
CDP and OCSP URIs for a one or multiple certification authorities
can be added via the VICI interface. swanctl allows to read
definitions from a new authorities section.
2015-07-21 13:02:30 +02:00
Martin Willi
94d9398202
vici: Return a success result for the clear-creds command
...
Even if the command actually can't fail, this looks more aligned to similar
commands.
2014-10-10 11:42:17 +02:00
Martin Willi
c2b6402eb0
vici: Log owners of a just loaded shared-secret
2014-05-07 14:13:39 +02:00
Martin Willi
41745e24f3
vici: Handle "xauth" as an alias for "eap" secrets
2014-05-07 14:13:38 +02:00
Martin Willi
6efa792d22
vici: Add a load-shared command to load shared IKE and EAP secrets
2014-05-07 14:13:37 +02:00
Martin Willi
559ef7de48
vici: Add a load-key command to load private keys
2014-05-07 14:13:36 +02:00
Martin Willi
c12edb2a27
vici: Support loading of different certificate types
2014-05-07 14:13:36 +02:00
Martin Willi
de190f62c2
vici: Add a credential backend
2014-05-07 14:13:36 +02:00