Tobias Brunner
f7f3d87ed7
All kernel listener hooks are optional.
2010-09-02 19:01:23 +02:00
Tobias Brunner
c560ddeb25
Added listener handling to kernel interface.
2010-09-02 19:01:23 +02:00
Tobias Brunner
bd50254ca9
Added an interface for kernel event listeners.
2010-09-02 19:01:23 +02:00
Tobias Brunner
1989c75e9e
Some minor comment fixes.
2010-09-02 19:01:23 +02:00
Tobias Brunner
211943be23
Some whitespace and code style fixes.
2010-09-02 19:01:23 +02:00
Tobias Brunner
74f15e9320
Do not include files from libcharon in libhydra.
2010-09-02 19:01:22 +02:00
Tobias Brunner
07500cda69
Move callback_job_t to libhydra.
2010-09-02 19:01:22 +02:00
Tobias Brunner
222a64d892
Fixing Doxygen groups after moving processor.
2010-09-02 19:01:22 +02:00
Tobias Brunner
c5f7146b17
Refer to processor via hydra and not charon.
2010-09-02 19:01:22 +02:00
Tobias Brunner
633fbe4fde
Move processor_t (thread-pool) to libhydra.
2010-09-02 19:01:22 +02:00
Martin Willi
dbb7c0306c
Support different hash/sig algorithms in handshake signing, including ECDSA
2010-09-02 13:07:25 +02:00
Martin Willi
99dcaea9bd
Added TLS ClientCertificateType identifiers
2010-09-02 13:07:24 +02:00
Martin Willi
9dd2ca924e
Added TLS specific Hash and Signature Algorithm identifiers
2010-09-02 13:07:24 +02:00
Martin Willi
ea6d7cb4be
Fixed typos in tls_writer method descriptions
2010-09-02 13:07:24 +02:00
Martin Willi
bbdc85b66e
Respect key types in stroke key/certificate backend
2010-09-02 13:07:23 +02:00
Martin Willi
0ac49c3292
Added an enumerator for registered credential builders
2010-09-02 10:49:02 +02:00
Martin Willi
b019136596
Migrated credential_factory to INIT/METHOD macros
2010-09-02 10:49:02 +02:00
Andreas Steffen
4171cbd60b
adapted evaltest.dat to new RULE_OCSP_VALIDATION
2010-09-01 22:22:27 +02:00
Andreas Steffen
54cba78573
cosmetics in debug output
2010-09-01 14:30:14 +02:00
Andreas Steffen
873604dd7f
defined aaa_identity
2010-09-01 00:16:19 +02:00
Andreas Steffen
3a01908060
increase number of message due to large certificate payloads
2010-09-01 00:11:23 +02:00
Andreas Steffen
5fb1311b2a
clarified debug output
2010-08-31 23:22:39 +02:00
Andreas Steffen
c3024a0848
fixed typo
2010-08-31 21:42:14 +02:00
Martin Willi
93709d1093
Do not process any more TLS handshake messages on fatal alerts
2010-08-31 18:10:24 +02:00
Martin Willi
33b1a2567f
Load a left/rightcert2 for EAP-TLS even if no left/rightauth2 is defined
2010-08-31 18:10:23 +02:00
Martin Willi
c811479986
Strictly check if the server certificate matches the TLS server identity
2010-08-31 18:10:23 +02:00
Martin Willi
36eafea232
Use the AAA Identity for EAP authentication, if given
2010-08-31 18:10:23 +02:00
Martin Willi
64d7b0733f
Added support for the ipsec.conf aaa_identity keyword
2010-08-31 17:52:52 +02:00
Martin Willi
81137552e5
Added an AAA identity authentication config option
2010-08-31 17:26:20 +02:00
Martin Willi
f9fc5f2045
Added strongswan.conf options for EAP-TLS/TTLS fragment size
2010-08-31 16:17:01 +02:00
Martin Willi
743f94067e
Support processing of partial TLS record headers
2010-08-31 16:17:01 +02:00
Martin Willi
1cf8c5f746
Migrated EAP-TTLS to the generic TLS helper
2010-08-31 16:17:01 +02:00
Martin Willi
be751012c3
Migrated EAP-TLS to the generic TLS helper
2010-08-31 16:17:01 +02:00
Martin Willi
877c910f04
Implemented a generic TLS EAP helper to implement EAP-TLS, TTLS and other variants
2010-08-31 16:16:58 +02:00
Martin Willi
ecd98efa9d
Support output fragmentation of TLS records
2010-08-31 15:54:37 +02:00
Martin Willi
f13a03add0
Moved EAP type/code definitions to a seprate header file in libstrongswan
2010-08-31 15:35:29 +02:00
Martin Willi
ce1af73907
Implemented buffering of partial records in TLS stack
2010-08-31 15:35:29 +02:00
Martin Willi
d169aab35e
Log TLS handshake subtypes as handshakes
2010-08-31 15:35:29 +02:00
Martin Willi
fd0bde9a60
Added a TLS debug level option, use debugging hook
2010-08-31 15:35:29 +02:00
Martin Willi
4332b5af89
Do not strdup() zero length strings in identification_create_from_string()
2010-08-31 15:34:45 +02:00
Tobias Brunner
64d24679df
Corrected some URLs.
2010-08-31 14:46:53 +02:00
Tobias Brunner
9b698a771c
Enable the generation of unencrypted messages (e.g. ME connectivity checks).
2010-08-30 17:25:12 +02:00
Andreas Steffen
68eb610d81
fixed typos
2010-08-30 16:22:33 +02:00
Andreas Steffen
6ade82d5b7
fixed copy-and-paste errors
2010-08-30 15:42:44 +02:00
Andreas Steffen
d93e2e5409
created an eap-tnc method hull
2010-08-30 15:36:34 +02:00
Andreas Steffen
577893612f
for the time being assume a single request/response exchange for a given EAP method
2010-08-30 15:36:34 +02:00
Tobias Brunner
2402dee177
Port floating patch partially reversed.
...
If MOBIKE is enabled, we do have to switch to port 4500 with the
IKE_AUTH request, that is, before we know whether the other peer
actually supports MOBIKE or not.
2010-08-30 14:54:31 +02:00
Tobias Brunner
277f02ce9e
Slightly refactored port floating.
...
In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE.
2010-08-30 13:42:58 +02:00
Andreas Steffen
be63a48c36
defined EAP-TNC
2010-08-30 13:13:39 +02:00
Martin Willi
2291754ddf
Unwrap crlNumber INTEGER in openssl CRL parsing
2010-08-30 11:23:46 +02:00