Tobias Brunner
fd1ff46f61
Added support for PKCS#5 v2 schemes when decrypting PKCS#8 files.
2012-02-01 18:27:46 +01:00
Tobias Brunner
1f2e036b3e
NEWS about pkcs8 plugin added.
2012-02-01 18:27:46 +01:00
Tobias Brunner
cab127cba6
Added support for encrypted PKCS#8 files (for some PKCS#5 v1.5 schemes).
2012-02-01 18:27:46 +01:00
Tobias Brunner
db3334dc32
Added support to parse PKCS#8 encoded ECDSA private keys.
2012-02-01 18:27:45 +01:00
Tobias Brunner
27f8a61df3
OpenSSL plugin parses ECDSA private keys with explicitly specified EC parameters.
...
This is needed in case the key itself does not contain the parameters,
which is the case for PKCS#8.
2012-02-01 18:27:45 +01:00
Tobias Brunner
b20c54ff3f
Add builder part for parameters from algorithmIdentifier.
2012-02-01 18:27:45 +01:00
Tobias Brunner
25c6d26c1d
Return parsed parameters from algorithmIdentifier if they are an OID (aka EC named curve).
...
Explicit EC parameters are not supported with this function, but before this
change no parameters were actually ever returned.
2012-02-01 18:27:45 +01:00
Tobias Brunner
9255aa87ec
Parse RSA private keys from PKCS#8 encoded blobs.
2012-02-01 18:27:45 +01:00
Tobias Brunner
5ec525c1d1
Added PKCS#8 stub plugin.
2012-02-01 18:27:45 +01:00
Tobias Brunner
9ec66bc1a5
Added an option to load CA certificates without CA basic constraint.
...
Enabling this option treats all certificates in ipsec.d/cacerts and
ipsec.conf ca sections as CA certificates even if they do not contain a
CA basic constraint.
2012-02-01 14:34:52 +01:00
Martin Willi
a895801270
Added TLS session resumption NEWS
2012-02-01 12:13:00 +01:00
Martin Willi
a345aa2639
Added RADIUS accounting NEWS
2012-02-01 12:07:32 +01:00
Martin Willi
503dee4d2f
Added RADIUS accounting option to strongswan.conf manual
2012-02-01 11:35:13 +01:00
Martin Willi
0399edef71
Support RADIUS accounting messages containing Framed-IP and Inbound/Outbound-Octets
2012-01-30 19:16:49 +01:00
Martin Willi
8e5b4aa023
Open RADIUS accounting sockets to exchange accounting messages
2012-01-30 19:15:20 +01:00
Martin Willi
a69aff5f17
Support signing of RADIUS accounting messages
2012-01-30 19:13:20 +01:00
Martin Willi
370de553f8
RADIUS message constructor accepts a message code parameter
2012-01-30 19:11:08 +01:00
Tobias Brunner
7171d8765e
Disable crypto benchmarking if CLOCK_THREAD_CPUTIME_ID is not available.
2012-01-30 11:04:55 +01:00
Martin Willi
023800ba62
Build libstrongswan if libfast gets built
2012-01-24 18:23:44 +01:00
Tobias Brunner
f1ba06c1c6
Cache list of plugin names to further simplify its usage.
...
Also helpful for ipsec statusall to avoid having to enumerate plugins.
2012-01-19 12:37:42 +01:00
Tobias Brunner
fdf1f239ef
Log list of loaded plugins in main PKI help output.
2012-01-19 11:56:43 +01:00
Tobias Brunner
576298a3ef
Simplified logging of list of loaded plugins.
2012-01-19 11:56:03 +01:00
Tobias Brunner
ad1aaf4be3
Function added to plugin_loader to get a list of the names of loaded plugins.
2012-01-19 11:51:51 +01:00
Martin Willi
498d172c33
Use correct time_t variables to store ARG_TIME options
2012-01-18 10:31:45 +01:00
Thomas Egerer
d68b8dfec4
Destroy active task list before queued tasks
...
Since active task's destruction might result in adopting tasks from a
rekeyed ike sa it seems better to first destroy the active task list and
then destroy all queued tasks. This way adoption is possible at all,
while otherwise the queued task list would be empty.
2012-01-18 10:06:54 +01:00
Adrian-Ken Rueegsegger
5ed3e3a7e6
Various style, typo and whitespace corrections
2012-01-13 16:27:35 +01:00
Tobias Brunner
9d17c1a679
Starter depends on whack/stroke on Android.
...
With this change whack and stroke get installed automatically if starter is
enabled.
2012-01-12 19:19:47 +01:00
Tobias Brunner
2e0b478a01
Android 4 requires LOCAL_MODULE_TAGS to be set for all modules.
...
Because all packages are now marked as optional executables that are to
be installed on the final system have to be added to PRODUCT_PACKAGES in
build/target/product/core.mk. Dependencies (such as libraries) are
installed automatically.
2012-01-12 19:18:35 +01:00
Tobias Brunner
35a1986142
Fixed additional typos in comments and log messages.
2012-01-12 11:42:42 +01:00
Adrian-Ken Rueegsegger
d887b8e134
Fix whitespaces
2012-01-12 11:25:18 +01:00
Adrian-Ken Rueegsegger
2a375e62f3
Some documentation corrections
2012-01-12 11:25:12 +01:00
Tobias Brunner
17e3a92661
Fix gettid() on Android, which is defined in unistd.h there.
2012-01-12 11:08:22 +01:00
Tobias Brunner
66f16d9629
Use native gettid() if available (which is the case on Android).
2012-01-10 18:31:33 +01:00
Tobias Brunner
190cd8a475
pluto: Use srand() to initialize the C library PRNG.
...
Otherwise rekey and DPD times would always be the same after a restart.
2012-01-04 13:19:29 +01:00
Martin Willi
f8b2906929
Use the TLS socket splicing in tls_test script
2011-12-31 13:14:49 +01:00
Martin Willi
3a87c89b1b
Added a tls_socket_t.splice method to wrap a file descriptor into TLS
2011-12-31 13:14:49 +01:00
Martin Willi
6a5c86b7ad
Implemented TLS session resumption both as client and as server
2011-12-31 13:14:49 +01:00
Martin Willi
ca5767621b
Implemented a TLS session cache
2011-12-31 13:14:49 +01:00
Martin Willi
703c0db894
Check for cipherspec changes after each handshake message
2011-12-31 13:14:49 +01:00
Martin Willi
4caa380625
Separated cipherspec checking and switching, allowing us to defer the second
2011-12-31 13:14:49 +01:00
Tobias Brunner
7c0c2349a9
Make number of concurrently handled stroke messages configurable.
2011-12-29 18:41:39 +01:00
Tobias Brunner
8ff513a863
Limit the number of concurrently handled stroke messages.
...
This avoids clogging the thread pool with potentially blocking jobs.
2011-12-29 18:39:34 +01:00
Andreas Steffen
cb4da3f610
register aik certificate via ipsec attest
2011-12-25 14:31:26 +01:00
Martin Willi
84da59f609
Be less verbose about TLS extensions
2011-12-24 14:14:25 +01:00
Martin Willi
ed57dfca3f
In TLS 1.2, PRF and HASH function use at least SHA-256, not the MAC hash function
2011-12-24 12:42:28 +01:00
Martin Willi
6b01216422
Added a getter for the tls_socket file descriptor
2011-12-24 12:42:25 +01:00
Tobias Brunner
e86b685da5
Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.
2011-12-23 18:07:39 +01:00
Tobias Brunner
f4095fdc8a
Avoid integer overflow when parsing ASN.1 dates.
...
This only works properly if sizeof(time_t) > 4.
2011-12-23 16:38:28 +01:00
Tobias Brunner
20d752b4ff
pki: Avoid integer overflow when calculating certificate lifetimes.
...
This only works properly if sizeof(time_t) > 4.
2011-12-23 16:33:24 +01:00
Tobias Brunner
1267127c11
Properly ASN.1 encode dates in certificates depending on the year.
2011-12-23 16:29:41 +01:00