Andreas Steffen
754c1c0ef7
suppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from Astaro.
2008-03-21 09:34:40 +00:00
Andreas Steffen
112482d3f4
optimized debug output of credential_manager.c
2008-03-21 09:28:25 +00:00
Andreas Steffen
dd7924f033
removed build.h include
2008-03-20 15:25:02 +00:00
Andreas Steffen
bdec2e4f52
refactored openac and its attribute certificate factory
2008-03-20 15:23:52 +00:00
Andreas Steffen
25c9637222
modified debug text
2008-03-20 15:22:26 +00:00
Martin Willi
dfd5cdcb88
cert_cache_t caches subject-issuer relations and subject certificates
...
ocsp/crl do not benefit yet due missing lookup function
2008-03-20 14:31:36 +00:00
Martin Willi
fe8f7626d1
fallback to random end entity certificate if trustchain building fails
2008-03-20 13:14:55 +00:00
Martin Willi
629e55434a
2008-03-20 11:38:51 +00:00
Martin Willi
a86e3ab37a
some C libraries need _GNU_SOURCE for rwlocks
2008-03-20 11:27:55 +00:00
Martin Willi
36524c4844
added support for certificate requests for not yet known CAs
2008-03-20 10:09:56 +00:00
Andreas Steffen
2b522ab450
added $
2008-03-20 09:30:07 +00:00
Martin Willi
9be0dc922e
fixed verification of preinstalled certificates
2008-03-20 09:30:02 +00:00
Andreas Steffen
384ebaa57a
included utils/linked_list.h
2008-03-20 09:28:58 +00:00
Martin Willi
44ab7c85d7
more trustchain verification improvements
...
should fix crl-revoked and two-certs scenarios
2008-03-20 09:27:57 +00:00
Andreas Steffen
1a9ad33e3b
cleaned up includes
2008-03-20 09:24:22 +00:00
Martin Willi
ca7663ece6
CA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flag
2008-03-20 07:21:44 +00:00
Martin Willi
48acfe98ae
refactored trustchain verification, this should fix #33
...
moved auth_info/ocsp_response credset wrapper to separate files
2008-03-19 17:54:54 +00:00
Andreas Steffen
84d8ff64cd
increased debug level in trust chain verification for auditing purposes
2008-03-19 17:04:09 +00:00
Martin Willi
de7062a280
removed unimplemented private/public key function declarations
2008-03-19 14:21:56 +00:00
Martin Willi
cfede7f6e2
The introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
...
as it requires to XOR the key into the hashers state.
A new SHA1 based keyed hash function, implemented as PRF, enables EAP-AKA
and the FIPS-PRF function to properly use the existing SHA1 implementation.
2008-03-19 14:02:52 +00:00
Andreas Steffen
c912c3d382
log nextUpdate of crls and ocsp responses
2008-03-19 13:11:29 +00:00
Andreas Steffen
2590faa330
fixed stupid bug in fetch_ocsp()
2008-03-19 12:36:15 +00:00
Andreas Steffen
ae8715f956
attempt to achieve consistent debugging output
2008-03-19 12:06:38 +00:00
Martin Willi
d3a6993777
fixed shared key lookup in stroke
2008-03-19 10:24:51 +00:00
Martin Willi
3c448f019b
fixed peer_cfg lookup when omitting IDr
2008-03-19 10:08:59 +00:00
Martin Willi
081ae2eb61
fixed CRL check return value on revoked certificates
...
fixed possible refcounting bugs
generic return_null() implementation
2008-03-19 09:44:47 +00:00
Martin Willi
a40708e511
fixed compiler warning
2008-03-18 14:06:11 +00:00
Martin Willi
bed94c8aeb
added generic payload order rules for notifies
2008-03-18 12:45:23 +00:00
Martin Willi
7162be5772
fixed ike_cfg lookup in stroke
2008-03-18 12:40:41 +00:00
Martin Willi
4bfa63ed25
added false positive signature check
2008-03-18 12:25:39 +00:00
Martin Willi
18be601fcd
added missing test case file ([3607])
2008-03-18 12:16:36 +00:00
Martin Willi
d7c529f5a6
creating public key from RSA private key
...
RSA key generation and signature test
2008-03-18 12:13:51 +00:00
Andreas Steffen
8d49b51f8b
made is_newer() a certificate_t method
2008-03-18 10:36:08 +00:00
Martin Willi
50045c3b14
better normalized tables for SQL plugin (IDs)
2008-03-18 09:07:04 +00:00
Martin Willi
34e281ed32
enforcing x509_flags on certificate construction
2008-03-17 08:06:49 +00:00
Martin Willi
d4ba109c9c
fixed CRL revoked certs enumeration
2008-03-17 07:25:32 +00:00
Martin Willi
933f80c391
logging to SQL database
2008-03-15 14:17:09 +00:00
Martin Willi
72d68379dc
correctly unregister IKE_SA at the bus
2008-03-15 14:08:43 +00:00
Martin Willi
8d04f78d07
removed X509_PEER flag; flags are meant to read cert, not to store additional state in cert
...
removed x509_t.set_flags for the reason above
implemented a simple, generic shared_key_t
2008-03-14 15:11:29 +00:00
Martin Willi
39ea88f694
credential lookup in mysql/sqlite database
2008-03-14 15:06:42 +00:00
Martin Willi
9c410a8806
refactored buggy trustchain building, fixed refcount bug
2008-03-14 15:04:16 +00:00
Martin Willi
dbcf4e7451
reduced mysql pool verbosity
2008-03-14 15:03:19 +00:00
Martin Willi
8f1596d606
SQL schema for MySQL and SQLite, test data
2008-03-14 07:39:01 +00:00
Tobias Brunner
df3462ddbe
two small fixes
2008-03-13 15:03:06 +00:00
Martin Willi
e42db695e2
fixed apidoc grouping
2008-03-13 14:53:57 +00:00
Martin Willi
419ee1072e
added NetworkManager prototype DBUS policy, applet config
2008-03-13 14:41:27 +00:00
Martin Willi
2d94fdfab7
added old and unmaintained prototype of NetworkManager applet and authenticator
2008-03-13 14:37:11 +00:00
Martin Willi
b820f8aa8e
reverted accidentally commited testing config
2008-03-13 14:20:20 +00:00
Martin Willi
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
Andreas Steffen
2df655134c
activated svn:keywords on all UML scripts
2008-03-01 10:25:52 +00:00