fd1ff46f61
Added support for PKCS#5 v2 schemes when decrypting PKCS#8 files.
2012-02-01 18:27:46 +01:00
1f2e036b3e
NEWS about pkcs8 plugin added.
2012-02-01 18:27:46 +01:00
cab127cba6
Added support for encrypted PKCS#8 files (for some PKCS#5 v1.5 schemes).
2012-02-01 18:27:46 +01:00
db3334dc32
Added support to parse PKCS#8 encoded ECDSA private keys.
2012-02-01 18:27:45 +01:00
27f8a61df3
OpenSSL plugin parses ECDSA private keys with explicitly specified EC parameters.
...
This is needed in case the key itself does not contain the parameters,
which is the case for PKCS#8.
2012-02-01 18:27:45 +01:00
b20c54ff3f
Add builder part for parameters from algorithmIdentifier.
2012-02-01 18:27:45 +01:00
25c6d26c1d
Return parsed parameters from algorithmIdentifier if they are an OID (aka EC named curve).
...
Explicit EC parameters are not supported with this function, but before this
change no parameters were actually ever returned.
2012-02-01 18:27:45 +01:00
9255aa87ec
Parse RSA private keys from PKCS#8 encoded blobs.
2012-02-01 18:27:45 +01:00
5ec525c1d1
Added PKCS#8 stub plugin.
2012-02-01 18:27:45 +01:00
9ec66bc1a5
Added an option to load CA certificates without CA basic constraint.
...
Enabling this option treats all certificates in ipsec.d/cacerts and
ipsec.conf ca sections as CA certificates even if they do not contain a
CA basic constraint.
2012-02-01 14:34:52 +01:00
a895801270
Added TLS session resumption NEWS
2012-02-01 12:13:00 +01:00
a345aa2639
Added RADIUS accounting NEWS
2012-02-01 12:07:32 +01:00
503dee4d2f
Added RADIUS accounting option to strongswan.conf manual
2012-02-01 11:35:13 +01:00
0399edef71
Support RADIUS accounting messages containing Framed-IP and Inbound/Outbound-Octets
2012-01-30 19:16:49 +01:00
8e5b4aa023
Open RADIUS accounting sockets to exchange accounting messages
2012-01-30 19:15:20 +01:00
a69aff5f17
Support signing of RADIUS accounting messages
2012-01-30 19:13:20 +01:00
370de553f8
RADIUS message constructor accepts a message code parameter
2012-01-30 19:11:08 +01:00
7171d8765e
Disable crypto benchmarking if CLOCK_THREAD_CPUTIME_ID is not available.
2012-01-30 11:04:55 +01:00
023800ba62
Build libstrongswan if libfast gets built
2012-01-24 18:23:44 +01:00
f1ba06c1c6
Cache list of plugin names to further simplify its usage.
...
Also helpful for ipsec statusall to avoid having to enumerate plugins.
2012-01-19 12:37:42 +01:00
fdf1f239ef
Log list of loaded plugins in main PKI help output.
2012-01-19 11:56:43 +01:00
576298a3ef
Simplified logging of list of loaded plugins.
2012-01-19 11:56:03 +01:00
ad1aaf4be3
Function added to plugin_loader to get a list of the names of loaded plugins.
2012-01-19 11:51:51 +01:00
498d172c33
Use correct time_t variables to store ARG_TIME options
2012-01-18 10:31:45 +01:00
d68b8dfec4
Destroy active task list before queued tasks
...
Since active task's destruction might result in adopting tasks from a
rekeyed ike sa it seems better to first destroy the active task list and
then destroy all queued tasks. This way adoption is possible at all,
while otherwise the queued task list would be empty.
2012-01-18 10:06:54 +01:00
5ed3e3a7e6
Various style, typo and whitespace corrections
2012-01-13 16:27:35 +01:00
9d17c1a679
Starter depends on whack/stroke on Android.
...
With this change whack and stroke get installed automatically if starter is
enabled.
2012-01-12 19:19:47 +01:00
2e0b478a01
Android 4 requires LOCAL_MODULE_TAGS to be set for all modules.
...
Because all packages are now marked as optional executables that are to
be installed on the final system have to be added to PRODUCT_PACKAGES in
build/target/product/core.mk. Dependencies (such as libraries) are
installed automatically.
2012-01-12 19:18:35 +01:00
35a1986142
Fixed additional typos in comments and log messages.
2012-01-12 11:42:42 +01:00
d887b8e134
Fix whitespaces
2012-01-12 11:25:18 +01:00
2a375e62f3
Some documentation corrections
2012-01-12 11:25:12 +01:00
17e3a92661
Fix gettid() on Android, which is defined in unistd.h there.
2012-01-12 11:08:22 +01:00
66f16d9629
Use native gettid() if available (which is the case on Android).
2012-01-10 18:31:33 +01:00
190cd8a475
pluto: Use srand() to initialize the C library PRNG.
...
Otherwise rekey and DPD times would always be the same after a restart.
2012-01-04 13:19:29 +01:00
f8b2906929
Use the TLS socket splicing in tls_test script
2011-12-31 13:14:49 +01:00
3a87c89b1b
Added a tls_socket_t.splice method to wrap a file descriptor into TLS
2011-12-31 13:14:49 +01:00
6a5c86b7ad
Implemented TLS session resumption both as client and as server
2011-12-31 13:14:49 +01:00
ca5767621b
Implemented a TLS session cache
2011-12-31 13:14:49 +01:00
703c0db894
Check for cipherspec changes after each handshake message
2011-12-31 13:14:49 +01:00
4caa380625
Separated cipherspec checking and switching, allowing us to defer the second
2011-12-31 13:14:49 +01:00
7c0c2349a9
Make number of concurrently handled stroke messages configurable.
2011-12-29 18:41:39 +01:00
8ff513a863
Limit the number of concurrently handled stroke messages.
...
This avoids clogging the thread pool with potentially blocking jobs.
2011-12-29 18:39:34 +01:00
cb4da3f610
register aik certificate via ipsec attest
2011-12-25 14:31:26 +01:00
84da59f609
Be less verbose about TLS extensions
2011-12-24 14:14:25 +01:00
ed57dfca3f
In TLS 1.2, PRF and HASH function use at least SHA-256, not the MAC hash function
2011-12-24 12:42:28 +01:00
6b01216422
Added a getter for the tls_socket file descriptor
2011-12-24 12:42:25 +01:00
e86b685da5
Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.
2011-12-23 18:07:39 +01:00
f4095fdc8a
Avoid integer overflow when parsing ASN.1 dates.
...
This only works properly if sizeof(time_t) > 4.
2011-12-23 16:38:28 +01:00
20d752b4ff
pki: Avoid integer overflow when calculating certificate lifetimes.
...
This only works properly if sizeof(time_t) > 4.
2011-12-23 16:33:24 +01:00
1267127c11
Properly ASN.1 encode dates in certificates depending on the year.
2011-12-23 16:29:41 +01:00
Tobias Brunner