Martin Willi
1cf8c5f746
Migrated EAP-TTLS to the generic TLS helper
2010-08-31 16:17:01 +02:00
Martin Willi
be751012c3
Migrated EAP-TLS to the generic TLS helper
2010-08-31 16:17:01 +02:00
Martin Willi
877c910f04
Implemented a generic TLS EAP helper to implement EAP-TLS, TTLS and other variants
2010-08-31 16:16:58 +02:00
Martin Willi
ecd98efa9d
Support output fragmentation of TLS records
2010-08-31 15:54:37 +02:00
Martin Willi
f13a03add0
Moved EAP type/code definitions to a seprate header file in libstrongswan
2010-08-31 15:35:29 +02:00
Martin Willi
ce1af73907
Implemented buffering of partial records in TLS stack
2010-08-31 15:35:29 +02:00
Martin Willi
d169aab35e
Log TLS handshake subtypes as handshakes
2010-08-31 15:35:29 +02:00
Martin Willi
fd0bde9a60
Added a TLS debug level option, use debugging hook
2010-08-31 15:35:29 +02:00
Martin Willi
4332b5af89
Do not strdup() zero length strings in identification_create_from_string()
2010-08-31 15:34:45 +02:00
Tobias Brunner
64d24679df
Corrected some URLs.
2010-08-31 14:46:53 +02:00
Tobias Brunner
9b698a771c
Enable the generation of unencrypted messages (e.g. ME connectivity checks).
2010-08-30 17:25:12 +02:00
Andreas Steffen
68eb610d81
fixed typos
2010-08-30 16:22:33 +02:00
Andreas Steffen
6ade82d5b7
fixed copy-and-paste errors
2010-08-30 15:42:44 +02:00
Andreas Steffen
d93e2e5409
created an eap-tnc method hull
2010-08-30 15:36:34 +02:00
Andreas Steffen
577893612f
for the time being assume a single request/response exchange for a given EAP method
2010-08-30 15:36:34 +02:00
Tobias Brunner
2402dee177
Port floating patch partially reversed.
...
If MOBIKE is enabled, we do have to switch to port 4500 with the
IKE_AUTH request, that is, before we know whether the other peer
actually supports MOBIKE or not.
2010-08-30 14:54:31 +02:00
Tobias Brunner
277f02ce9e
Slightly refactored port floating.
...
In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE.
2010-08-30 13:42:58 +02:00
Andreas Steffen
be63a48c36
defined EAP-TNC
2010-08-30 13:13:39 +02:00
Martin Willi
2291754ddf
Unwrap crlNumber INTEGER in openssl CRL parsing
2010-08-30 11:23:46 +02:00
Martin Willi
21f80e9dbc
Added crl support to pki --print
2010-08-30 11:23:45 +02:00
Tobias Brunner
0433b4172b
Typo in doxygen comment fixed.
2010-08-30 10:49:32 +02:00
Tobias Brunner
fde2d34d0f
Fixed ME after introduction of AEAD wrapper.
2010-08-30 10:48:09 +02:00
Martin Willi
45684ee65c
Fixed pluto smartcard support after introducing encryption schemes
2010-08-30 10:14:45 +02:00
Andreas Steffen
1bc8690f54
replaced ikev2/esp-alg-aes-ctr by ikev2/alg-aes-ctr
2010-08-29 21:52:08 +02:00
Andreas Steffen
6297dc390f
added ctr ccm and gcm plugins to ikev2/rw-cert scenario
2010-08-29 21:11:00 +02:00
Andreas Steffen
8eb74facfe
added ctr ccm and gcm plugins to openssl-ikev2/rw-cert scenario
2010-08-29 21:09:25 +02:00
Andreas Steffen
6aa82ec280
added ctr ccm and gcm plugins to gcrypt-ikev2/rw-cert scenario
2010-08-29 20:50:37 +02:00
Andreas Steffen
4f2a0bd839
replaced ikev2/esp-alg-aes-gcm by ikev2/alg-aes-gcm
2010-08-29 20:39:51 +02:00
Andreas Steffen
8318d88450
replaced ikev2/esp-alg-aes-ccm by ikev2/alg-aes-ccm
2010-08-29 20:24:12 +02:00
Andreas Steffen
897c7a72cf
Win7 might send up to 7k of certificate requests
2010-08-27 16:30:05 +02:00
Tobias Brunner
cb7a0cef48
Fixed documentation of XAUTH in ipsec.secrets.
2010-08-26 10:25:08 +02:00
Martin Willi
2bf0e74c38
Prefer AES/Camellia suites over 3DES/NULL encryption
2010-08-25 18:30:09 +02:00
Martin Willi
a596006e3f
Send TLS alerts for errors in TLS handshake building
2010-08-25 18:24:27 +02:00
Martin Willi
ee88ddd6aa
Refactored fragment building, use correct TLS content type for non-first fragments
2010-08-25 18:04:59 +02:00
Martin Willi
dfde6570c7
Update delete_payload length when adding SPIs
2010-08-25 17:04:25 +02:00
Martin Willi
5299719569
Migrated delete_payload to INIT/METHOD macros, replaced iterator
2010-08-25 17:03:00 +02:00
Martin Willi
e5c6ebb697
Use different return values in payload decryption to distinguish between integrity and syntax errors
2010-08-25 15:29:53 +02:00
Martin Willi
f1a74a3cab
Implemented a TLS utility to test on any TLS secured TCP connection
2010-08-25 12:57:13 +02:00
Martin Willi
17102f7b58
Added a simple high level TLS wrapper for sockets
2010-08-25 12:52:53 +02:00
Martin Willi
bd23b9086e
Initialize output chunk before appending data to it
2010-08-25 12:43:21 +02:00
Martin Willi
3dd06bd4ed
Added private key support to in-memory credential set
2010-08-25 10:28:23 +02:00
Martin Willi
72c6335de9
Added certificate support to in-memory credential set
2010-08-25 10:28:22 +02:00
Thomas Egerer
e54e86cb49
Check if colliding rekey actually created an IKE_INIT
...
In some cases (especially if a child is half-open) the colliding
rekey-job might not have created the ike_init member. If so, the
nonce check fails with SIGSEGV.
2010-08-25 10:16:42 +02:00
Martin Willi
8427c78611
Added a ike_name logger option to prefix the IKE_SA name on each line
2010-08-25 09:55:37 +02:00
Andreas Steffen
d9b85e28b9
removed tls_record_t definition
2010-08-24 19:19:13 +02:00
Martin Willi
69e8bb2e8d
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
2010-08-24 11:34:43 +02:00
Martin Willi
a2c1235969
Skip the close notify if application layer completes successfully
2010-08-24 10:30:24 +02:00
Andreas Steffen
421a529f88
added ikev2/rw-eap-tls-fragments scenario
2010-08-24 10:12:15 +02:00
Andreas Steffen
234aa8ee03
use correct network diagram
2010-08-24 10:09:58 +02:00
Andreas Steffen
79a5e391f8
support fragmentation in AVPs
2010-08-24 09:02:51 +02:00