Andreas Steffen
c77f4b305e
fixed configuration attribute type determination
2010-06-02 11:52:17 +02:00
Martin Willi
2f57e6da0e
Disable close action for a redundant CHILD_SA resulting from a rekey collision
...
If a rekey collision is detected, the winning peer of the nonce compare
will delete the redundant CHILD_SA. The other peer should not enforce the
close action on this CHILD, as it would reestablish the redundat CHILD_SA.
Thanks to Thomas Egerer from secunet for pointing this out and the initial
patchset.
2010-06-02 11:48:52 +02:00
Martin Willi
fe02d99b96
Use wrapped getters for close/dpd action
2010-06-02 11:48:51 +02:00
Martin Willi
4c401ea216
Wrap getters for dpd/close action into CHILD_SA, allows us to override them
2010-06-02 11:48:44 +02:00
Andreas Steffen
616b13c7a5
ipsec pool --statusattr [--hexout] outputs attribute values in correct format if known
2010-06-01 16:47:56 +02:00
Andreas Steffen
185d8b7335
added unity_def_domain keyword tip ipsec pool
2010-05-31 16:47:06 +02:00
Martin Willi
80b5661a9b
Added generated manpages to .gitignore
2010-05-31 13:41:25 +02:00
Martin Willi
a2cf26f1c1
Changed default lifetime of certificates to 3 years
2010-05-31 13:15:19 +02:00
Martin Willi
70ac7c43a5
Support extendedKeyUsage flags in self-signed certificates
2010-05-31 13:15:05 +02:00
Tobias Brunner
3d829c4c0a
IPSEC_CONFDIR in ipsec script fixed.
2010-05-30 13:07:32 +02:00
Tobias Brunner
8f76653a4c
Adding the version number to the most relevant manual pages.
2010-05-30 13:03:04 +02:00
Tobias Brunner
1d3a48b559
Updated and corrected the ipsec.secrets(5) manual page.
2010-05-30 12:29:32 +02:00
Tobias Brunner
f115838bee
Updated and corrected the ipsec.conf(5) manual page.
2010-05-30 12:29:26 +02:00
Tobias Brunner
28550caaa8
Updated and corrected the ipsec(8) manual page.
2010-05-30 12:29:18 +02:00
Andreas Steffen
d9c751daac
added --leases command line option to synopsis
2010-05-29 13:29:23 +02:00
Andreas Steffen
751379e5e8
added --showattr command line option to synopsys
2010-05-29 13:23:20 +02:00
Andreas Steffen
3561cc4b3b
added X.509 support by openssl plugin to NEWS
2010-05-29 11:22:36 +02:00
Andreas Steffen
5b6200888b
remove x509 plugin from openssl-ikev1 scenarios
2010-05-28 23:22:15 +02:00
Tobias Brunner
d070e0a6d1
Do not install trap policy if remote host is %any.
2010-05-28 15:43:12 +02:00
Andreas Steffen
e8960c2a99
be lenient towards wrong attribute encodings
2010-05-28 15:07:21 +02:00
Martin Willi
2e08be79a3
Send empty SIM/AKA-NOTIFICATION response for non-success codes, too
2010-05-27 15:04:25 +02:00
Martin Willi
ddf29f5b07
Added support for reading raw PUT/POST data from HTTP request
2010-05-27 09:30:14 +02:00
Martin Willi
f00a101590
Unwrap subjectKeyIdentifier from OCTET_STRING
2010-05-26 16:09:50 +02:00
Andreas Steffen
bd371ccac7
remove x509 plugin from remaining openssl-ikev2 scenarios
2010-05-25 15:49:58 +02:00
Andreas Steffen
2996cb3163
openssl-ikev2/rw-cert scenario doesn't need x509 plugin any more
2010-05-25 15:26:46 +02:00
Andreas Steffen
e2bd6b616e
several subnets can be concatenated
2010-05-22 22:53:24 +02:00
Andreas Steffen
2111dc1b84
added --showattr command to usage()
2010-05-22 10:46:15 +02:00
Martin Willi
24632bc0e8
Fixed compiler warning in invocation of crl_is_newer()
2010-05-21 16:41:13 +02:00
Martin Willi
09f38ebe54
Use CAs subjectKeyIdentifier as CRLs authorityKeyIdentifier
2010-05-21 16:38:19 +02:00
Martin Willi
0c73ceff0a
Added a --signcrl command to the pki utility
2010-05-21 16:25:51 +02:00
Martin Willi
13c593f126
Added support for CRL generation to x509 plugin
2010-05-21 16:25:51 +02:00
Martin Willi
aab861608a
Removed is_newer() from certificate_t, obsoleting all implementations
2010-05-21 16:25:51 +02:00
Martin Willi
8029e5efd2
Added generic implementations for crl_is_newer/certificate_is_newer
2010-05-21 16:25:51 +02:00
Martin Willi
654218a31b
Migrated x509_crl_t to INIT/METHOD macros
2010-05-21 16:25:51 +02:00
Martin Willi
6d7eed9a37
Implemented X.509 CRL reading using OpenSSL
2010-05-21 16:25:51 +02:00
Martin Willi
5728c6aa7e
Implemented X.509 certificate reading using OpenSSL
2010-05-21 16:25:51 +02:00
Andreas Steffen
3e3059ba7c
oops, removed stray parenthesis
2010-05-20 17:39:10 +02:00
Martin Willi
9806381322
Fixed doxygen group
2010-05-20 17:37:18 +02:00
Martin Willi
40b2be16e3
Whitelist OpenSSLs ERR_put_error() in leak-detective
...
As we do not invoke ERR_get/clear_error() in all error cases, the
error codes are not removed from the error queue. But it is save
to whitelist the put function, as it uses a circular buffer that
does not grow beyond ERR_NUM_ERRORS errors (16 by default).
2010-05-20 17:37:18 +02:00
Martin Willi
2e57b21252
Added a --print command to pki that dumps different credentials
2010-05-20 17:37:18 +02:00
Martin Willi
091d178060
Option to skip slow addr2line resolution in leak-detective
2010-05-20 17:37:18 +02:00
Andreas Steffen
36c1650b19
range check for configuration attribute types
2010-05-20 17:35:10 +02:00
Andreas Steffen
c2d10df6e7
implement ipsec pool -showattr function
2010-05-20 17:24:43 +02:00
Andreas Steffen
05f1096cd8
removed deprecated use of ipsec pool --attr|del dns|nbns from usage()
2010-05-20 16:30:15 +02:00
Tobias Brunner
e3dd6b1475
Only include C files that start with the plugin name when building for Android.
2010-05-20 12:01:12 +02:00
Andreas Steffen
c5c6f9b6da
added ipsec pool attribute support to NEWS
2010-05-19 21:53:55 +02:00
Andreas Steffen
ad6dbc41e5
management of any attribute by ipsec pool
2010-05-19 21:51:21 +02:00
Andreas Steffen
b596f4f260
updated ikev1/rw-cert scenario to support xauth integrity test
2010-05-19 08:31:39 +02:00
Andreas Steffen
f71cb4777e
checksum_builder() needs the pluto symbol
2010-05-19 08:02:22 +02:00
Andreas Steffen
73434ce9eb
updated ikev1/xauth-rsa-mode-config scenario to support xauth plugin
2010-05-18 22:57:12 +02:00