Martin Willi
f90d465ce2
Added addrblock plugin to RFC3779 test cases
2010-07-13 10:26:07 +02:00
Martin Willi
1f457546c1
Added revocation plugin to ikev2 crl/ocsp test cases
2010-07-13 10:26:07 +02:00
Martin Willi
e57a29c731
Moved X509 ipAddrBlock checking to the addrblock plugin
2010-07-13 10:26:07 +02:00
Martin Willi
be715344c2
Added a hook to narrow traffic selectors for CHILD_SAs
2010-07-13 10:26:07 +02:00
Martin Willi
88fa56b1ad
Moved bus_t to METHOD/INIT macros
2010-07-13 10:26:07 +02:00
Martin Willi
1c8c924610
Moved addrblock plugin to libcharon
2010-07-13 10:26:07 +02:00
Martin Willi
c2e5cee413
Moved CRL/OCSP checking to a dedicated plugin called revocation
2010-07-13 10:26:07 +02:00
Martin Willi
c1f9dad672
Made some useful methods in the credential manager public
2010-07-13 10:26:07 +02:00
Martin Willi
5f9e62c54f
Moved X509 addrBlock validation to a separate addrblock plugin
2010-07-13 10:26:07 +02:00
Martin Willi
2feb16f5dd
Added a certificate validation hook to the credential manager
2010-07-13 10:26:07 +02:00
Martin Willi
c3a9bef08e
Migrated credential manager to INIT/METHOD macros
2010-07-13 10:26:07 +02:00
Martin Willi
2ccc02a4fd
Moved credential manager to libstrongswan
2010-07-13 10:26:07 +02:00
Martin Willi
2ca7db1337
Move pathlen constraint checking to X509 specific checks
2010-07-13 10:26:06 +02:00
Martin Willi
5db798c8e0
Charon uses a generic trunstchain length limit, not only for X509 certificates
2010-07-13 10:26:06 +02:00
Martin Willi
01bb70e4ad
Combined the OCSP/CRL options to a signle Online check option
2010-07-13 10:26:06 +02:00
Andreas Steffen
d5f29da3d2
added mark, mark_in, and mark_out to the ipsec.conf.5 man page
2010-07-13 09:15:53 +02:00
Andreas Steffen
c1918dc28f
we need some ordering
2010-07-12 22:44:27 +02:00
Andreas Steffen
c13a4b4030
changed ordering of statusattr output
2010-07-12 22:38:18 +02:00
Andreas Steffen
bb021fbbc9
updated ikev2/ip-two-pools-db scenario to support pool and identity based dns attributes
2010-07-12 20:54:40 +02:00
Andreas Steffen
1cecc6a6ef
fixed alignment of caption
2010-07-12 20:48:14 +02:00
Andreas Steffen
ab635e029e
updated SQL templates to support attribute pool and identity parameters
2010-07-12 20:28:34 +02:00
Andreas Steffen
cb0a9d58a3
output identities correctly
2010-07-12 20:28:34 +02:00
Andreas Steffen
5047fe7ad3
added second example scenario
2010-07-12 20:28:34 +02:00
Tobias Brunner
dcb4651d8c
apidoc is actually a directory not a file.
2010-07-12 15:28:55 +02:00
Tobias Brunner
af7b34b13b
Added missing pool parameter in DHCP attribute provider.
2010-07-12 12:27:49 +02:00
Martin Willi
52f97c3893
Do not interpret long class attributes (such as from NPS) as group
2010-07-09 13:53:43 +02:00
Martin Willi
cfa1c07604
Group membership constraint is fulfilled if subject is member in one of the groups
2010-07-09 13:51:58 +02:00
Heiko Hund
ec7adea007
Added support for named attribute groups
...
Add the possibility to group attributes by a name and assign these
groups to connections. This allows a more granular configuration of
which client will receive what atrributes.
2010-07-09 13:09:31 +02:00
Andreas Steffen
db4ad736be
transport reqid, mark_in and mark_out in whack message
2010-07-09 12:19:39 +02:00
Andreas Steffen
f65e0dc80f
added ikev2/net2net-psk-dscp2 DiffServ scenario
2010-07-09 11:55:01 +02:00
Andreas Steffen
9f94906815
added ikev2/nat-two-rw-mark-in-out scenario
2010-07-09 09:36:03 +02:00
Andreas Steffen
bcf608c848
some changes to the ikev2/nat-two-rw-mark scenario
2010-07-09 09:35:02 +02:00
Andreas Steffen
26c4d0102a
configuration of different marks for inbound and outbound direction
2010-07-09 09:06:07 +02:00
Martin Willi
6f07f5e3d4
The file logger supports a time prefix using a strftime() format specifier
2010-07-08 17:44:19 +02:00
Martin Willi
4cc9afe35f
Print identity to a lease address on the same line for simpler greping
2010-07-08 17:44:19 +02:00
Martin Willi
6c4cd8fa15
Implemented missing bypass_socket() method in load-testers faked kernel interface
2010-07-07 10:01:32 +02:00
Andreas Steffen
a729d17afa
added req parameter to ipsec.conf man page
2010-07-06 20:32:33 +02:00
Martin Willi
4f99093235
Show mallinfo() data in statusall, if available
2010-07-06 16:28:25 +02:00
Martin Willi
380106ab0d
Avoid relocking while enumerator is alive
2010-07-06 16:28:25 +02:00
Tobias Brunner
f395f28e44
Added missing markt_t in load tester, also migrated to INIT/METHOD macros.
2010-07-06 09:29:18 +02:00
Tobias Brunner
83b23011de
Some Doxygen fixes.
2010-07-05 15:04:30 +02:00
Tobias Brunner
8f7e8e075a
Fixed typo.
2010-07-05 14:53:56 +02:00
Martin Willi
a4c0da1669
Added support for group membership information containted in the RADIUS class attribute
2010-07-05 09:41:04 +02:00
Martin Willi
4172574bfb
Use the group constraint in a more generic fashion, not only for attribute certificates
2010-07-05 09:41:04 +02:00
Martin Willi
53913d764e
Use the responder side configured EAP-Identity directly, if given
2010-07-05 09:41:04 +02:00
Martin Willi
ec6caa1367
Copy EAP specific attributes to auth config only
2010-07-05 09:41:04 +02:00
Tobias Brunner
43ab542b66
Disable EAP-GTC on Android.
...
The EAP-GTC plugin does not compile due to its dependency on PAM.
2010-07-05 09:40:26 +02:00
Andreas Steffen
ec40c02ad2
added IKEv2 xfrm marks support to NEWS
2010-07-03 22:14:45 +02:00
Andreas Steffen
36b3c0a8dd
regenerated loop intermediate CA certificates
2010-07-03 18:18:30 +02:00
Andreas Steffen
342fc85e9e
added ikev2/nat-two-rw-mark scenario
2010-07-03 13:25:09 +02:00