strongswan.git
10 years agoAdded certificatePolicy support to x509 plugin
Martin Willi [Wed, 15 Dec 2010 13:08:20 +0000 (14:08 +0100)]
Added certificatePolicy support to x509 plugin

10 years agoAdded a null-safe strdup variant
Martin Willi [Wed, 15 Dec 2010 11:15:12 +0000 (12:15 +0100)]
Added a null-safe strdup variant

10 years agoFail when parsing unsupported critical extensions in openssl_x509
Martin Willi [Tue, 14 Dec 2010 16:34:34 +0000 (17:34 +0100)]
Fail when parsing unsupported critical extensions in openssl_x509

10 years agoAdded CertificatePolicy OID identifier
Martin Willi [Tue, 14 Dec 2010 16:34:02 +0000 (17:34 +0100)]
Added CertificatePolicy OID identifier

10 years agoAdded command line tool for OID to DER conversion function
Martin Willi [Tue, 14 Dec 2010 13:49:17 +0000 (14:49 +0100)]
Added command line tool for OID to DER conversion function

10 years agoAdded conversion functions between string OIDs and its DER encoding
Martin Willi [Tue, 14 Dec 2010 13:47:44 +0000 (14:47 +0100)]
Added conversion functions between string OIDs and its DER encoding

10 years agoDo not parse certificates with invalid version in openssl plugin
Martin Willi [Mon, 13 Dec 2010 13:22:00 +0000 (14:22 +0100)]
Do not parse certificates with invalid version in openssl plugin

10 years agoImplemented NameConstraint matching in constraints plugin
Martin Willi [Thu, 9 Dec 2010 15:39:07 +0000 (16:39 +0100)]
Implemented NameConstraint matching in constraints plugin

10 years agopki --issue/self support permitted/excluded NameConstraints
Martin Willi [Thu, 9 Dec 2010 15:29:22 +0000 (16:29 +0100)]
pki --issue/self support permitted/excluded NameConstraints

10 years agopki --print prints NameConstraints
Martin Willi [Thu, 9 Dec 2010 12:34:17 +0000 (13:34 +0100)]
pki --print prints NameConstraints

10 years agoAdded support for generating NameConstraints in x509 plugin
Martin Willi [Thu, 9 Dec 2010 12:33:43 +0000 (13:33 +0100)]
Added support for generating NameConstraints in x509 plugin

10 years agoAdded support for parsing NameConstraints in x509 plugin
Martin Willi [Thu, 9 Dec 2010 12:33:07 +0000 (13:33 +0100)]
Added support for parsing NameConstraints in x509 plugin

10 years agoAdded name constraint enumerator to x509 interface
Martin Willi [Thu, 9 Dec 2010 10:50:50 +0000 (11:50 +0100)]
Added name constraint enumerator to x509 interface

10 years agoMigrated x509_cert_t to INIT/METHOD macros
Martin Willi [Thu, 9 Dec 2010 10:44:31 +0000 (11:44 +0100)]
Migrated x509_cert_t to INIT/METHOD macros

10 years agoMoved X509 pathlen constraint checking to constraints plugin
Martin Willi [Thu, 9 Dec 2010 09:46:48 +0000 (10:46 +0100)]
Moved X509 pathlen constraint checking to constraints plugin

10 years agoAdded plugin stub for advanced X509 constraint checking
Martin Willi [Thu, 9 Dec 2010 09:41:54 +0000 (09:41 +0000)]
Added plugin stub for advanced X509 constraint checking

10 years agoAdded a hook to reset ESP sequence numbers
Martin Willi [Fri, 10 Dec 2010 17:18:24 +0000 (18:18 +0100)]
Added a hook to reset ESP sequence numbers

10 years agoAccept a suffix to differentiate x509, crl, ecdsa and rsa files
Martin Willi [Fri, 10 Dec 2010 13:33:28 +0000 (14:33 +0100)]
Accept a suffix to differentiate x509, crl, ecdsa and rsa files

10 years agoUse strncaseeq instead of strncasecmp
Martin Willi [Fri, 10 Dec 2010 13:25:19 +0000 (14:25 +0100)]
Use strncaseeq instead of strncasecmp

10 years agoAdded a strncaseeq variant to the string comparison macros
Martin Willi [Fri, 10 Dec 2010 13:22:18 +0000 (14:22 +0100)]
Added a strncaseeq variant to the string comparison macros

10 years agoAdded tfc_padding option, changes signature to master changes
Martin Willi [Fri, 10 Dec 2010 10:29:39 +0000 (11:29 +0100)]
Added tfc_padding option, changes signature to master changes

10 years agoCRL/OCSP validation stores trustchain information in auth_cfg
Martin Willi [Tue, 7 Dec 2010 16:53:13 +0000 (17:53 +0100)]
CRL/OCSP validation stores trustchain information in auth_cfg

10 years agoKey strength checking stores all key sizes in auth_cfg, verifies all in complies()
Martin Willi [Tue, 7 Dec 2010 16:48:23 +0000 (17:48 +0100)]
Key strength checking stores all key sizes in auth_cfg, verifies all in complies()

10 years agoInstall "ipsec" script with tools or conftest
Martin Willi [Mon, 6 Dec 2010 09:36:51 +0000 (10:36 +0100)]
Install "ipsec" script with tools or conftest

10 years agoUse subject, not issuer, of CRL issuing certificate
Martin Willi [Fri, 3 Dec 2010 13:29:03 +0000 (14:29 +0100)]
Use subject, not issuer, of CRL issuing certificate

10 years agoCRLSign keyUsage or CA basicConstraint are sufficient for CRL validation
Martin Willi [Fri, 3 Dec 2010 12:51:51 +0000 (13:51 +0100)]
CRLSign keyUsage or CA basicConstraint are sufficient for CRL validation

10 years agoParse and encode crlSign keyUsage flag in x509 plugin
Martin Willi [Fri, 3 Dec 2010 12:26:38 +0000 (13:26 +0100)]
Parse and encode crlSign keyUsage flag in x509 plugin

10 years agopki tool shows and builds crlSign keyUsage
Martin Willi [Fri, 3 Dec 2010 12:25:45 +0000 (13:25 +0100)]
pki tool shows and builds crlSign keyUsage

10 years agoAdded a flag for X509 CRLSign keyUsage
Martin Willi [Fri, 3 Dec 2010 12:24:49 +0000 (13:24 +0100)]
Added a flag for X509 CRLSign keyUsage

10 years agoRemove x509_flag_names, flags do not work with ENUM()
Martin Willi [Fri, 3 Dec 2010 12:23:59 +0000 (13:23 +0100)]
Remove x509_flag_names, flags do not work with ENUM()

10 years agoUse certificate CRLIssuer information to look up cacched CRLs or CDPs
Martin Willi [Thu, 2 Dec 2010 14:38:44 +0000 (15:38 +0100)]
Use certificate CRLIssuer information to look up cacched CRLs or CDPs

10 years agoAdded --crlissuer option to pki --issue
Martin Willi [Thu, 2 Dec 2010 14:37:28 +0000 (15:37 +0100)]
Added --crlissuer option to pki --issue

10 years agoAdded support for CRL Issuers to x509 and OpenSSL plugins
Martin Willi [Fri, 3 Dec 2010 09:28:46 +0000 (09:28 +0000)]
Added support for CRL Issuers to x509 and OpenSSL plugins

10 years agoGenerate payload to rebuild_auth, works with injected unknown payloads
Martin Willi [Wed, 1 Dec 2010 13:56:26 +0000 (14:56 +0100)]
Generate payload to rebuild_auth, works with injected unknown payloads

10 years agoMove rebuild_auth functionality to a standalone hook
Martin Willi [Wed, 1 Dec 2010 13:33:57 +0000 (14:33 +0100)]
Move rebuild_auth functionality to a standalone hook

This reverts commit 3c12b239fd55aa36c59eb60224d27af8b8d915d1.

10 years agoAdded key strength constraints support to conftest
Martin Willi [Thu, 25 Nov 2010 14:27:31 +0000 (15:27 +0100)]
Added key strength constraints support to conftest

10 years agoAdded key strength constraints for RSA or ECDSA trustchains
Martin Willi [Thu, 25 Nov 2010 14:26:51 +0000 (15:26 +0100)]
Added key strength constraints for RSA or ECDSA trustchains

10 years agoImplemented hook to log traffic selectors
Martin Willi [Thu, 25 Nov 2010 12:54:31 +0000 (13:54 +0100)]
Implemented hook to log traffic selectors

10 years agoThe set_reserved() hook rebuilds AUTH if it mangles ID payload fields
Martin Willi [Thu, 25 Nov 2010 11:32:41 +0000 (12:32 +0100)]
The set_reserved() hook rebuilds AUTH if it mangles ID payload fields

10 years agoInclude the used reserved bytes from ID payloads in AUTH calculation
Martin Willi [Thu, 25 Nov 2010 10:35:43 +0000 (11:35 +0100)]
Include the used reserved bytes from ID payloads in AUTH calculation

10 years agoMigrated psk/pubkey_authenticators to INIT/METHOD macros
Martin Willi [Thu, 25 Nov 2010 10:13:04 +0000 (11:13 +0100)]
Migrated psk/pubkey_authenticators to INIT/METHOD macros

10 years agoExtended set_reserved hook to mangle sa_payload substructures
Martin Willi [Thu, 25 Nov 2010 09:55:29 +0000 (10:55 +0100)]
Extended set_reserved hook to mangle sa_payload substructures

10 years agoAdded substructure enumerators to sa_payload, proposal_substructure
Martin Willi [Thu, 25 Nov 2010 09:55:08 +0000 (10:55 +0100)]
Added substructure enumerators to sa_payload, proposal_substructure

10 years agoMoved check if packet already encoded to ike_sa, avoids message() hook invocation...
Martin Willi [Wed, 24 Nov 2010 17:09:06 +0000 (18:09 +0100)]
Moved check if packet already encoded to ike_sa, avoids message() hook invocation twice

10 years agoThe set_ike_version hook supports version flag mangling
Martin Willi [Wed, 24 Nov 2010 16:45:39 +0000 (17:45 +0100)]
The set_ike_version hook supports version flag mangling

10 years agoAdded a message method to set the "higher version supported" flag
Martin Willi [Wed, 24 Nov 2010 16:45:12 +0000 (17:45 +0100)]
Added a message method to set the "higher version supported" flag

10 years agoImplemented hook to toggle initiator flag in IKE header
Martin Willi [Wed, 24 Nov 2010 16:22:16 +0000 (17:22 +0100)]
Implemented hook to toggle initiator flag in IKE header

10 years agoImplemented a hook to set reserved bits
Martin Willi [Wed, 24 Nov 2010 14:42:08 +0000 (14:42 +0000)]
Implemented a hook to set reserved bits

10 years agoAdded reserved bit mangling wrapper functions to message
Martin Willi [Wed, 24 Nov 2010 15:56:46 +0000 (16:56 +0100)]
Added reserved bit mangling wrapper functions to message

10 years agoUse payload_get_field() to look up payload fields
Martin Willi [Wed, 24 Nov 2010 16:07:45 +0000 (17:07 +0100)]
Use payload_get_field() to look up payload fields

10 years agoImplemented a generic payload field lookup function
Martin Willi [Wed, 24 Nov 2010 15:52:49 +0000 (16:52 +0100)]
Implemented a generic payload field lookup function

10 years agoReserved field get parsed/generated like any other bit/byte field
Martin Willi [Wed, 24 Nov 2010 15:44:48 +0000 (16:44 +0100)]
Reserved field get parsed/generated like any other bit/byte field

10 years agoAdded member fields for reserved bits and bytes in all payloads
Martin Willi [Wed, 24 Nov 2010 15:34:16 +0000 (16:34 +0100)]
Added member fields for reserved bits and bytes in all payloads

10 years agoMigrated vendor_id_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:42:22 +0000 (14:42 +0100)]
Migrated vendor_id_payload to INIT/METHOD macros

10 years agoMigrated ts_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:36:47 +0000 (14:36 +0100)]
Migrated ts_payload to INIT/METHOD macros

10 years agoUse enumerator instead of deprecated iterator
Martin Willi [Wed, 24 Nov 2010 13:21:01 +0000 (14:21 +0100)]
Use enumerator instead of deprecated iterator

10 years agoMigrated transform_substructure to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:17:44 +0000 (14:17 +0100)]
Migrated transform_substructure to INIT/METHOD macros

10 years agoRemoved obsolete clone mehtod from proposal_substructure
Martin Willi [Wed, 24 Nov 2010 12:58:33 +0000 (13:58 +0100)]
Removed obsolete clone mehtod from proposal_substructure

10 years agoMigrated transform_attribute to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 11:14:31 +0000 (12:14 +0100)]
Migrated transform_attribute to INIT/METHOD macros

10 years agoMigrated traffic_selector_substructre to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 11:00:53 +0000 (12:00 +0100)]
Migrated traffic_selector_substructre to INIT/METHOD macros

10 years agoMigrated notify_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:54:12 +0000 (11:54 +0100)]
Migrated notify_payload to INIT/METHOD macros

10 years agoMigrated nonce_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:42:29 +0000 (11:42 +0100)]
Migrated nonce_payload to INIT/METHOD macros

10 years agoMigrated ke_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:37:34 +0000 (11:37 +0100)]
Migrated ke_payload to INIT/METHOD macros

10 years agoMigrated id_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:29:18 +0000 (11:29 +0100)]
Migrated id_payload to INIT/METHOD macros

10 years agoUse standard ID getter in log_id hook
Martin Willi [Wed, 24 Nov 2010 10:28:58 +0000 (11:28 +0100)]
Use standard ID getter in log_id hook

10 years agoMigrated cp_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:16:37 +0000 (11:16 +0100)]
Migrated cp_payload to INIT/METHOD macros

10 years agoMigrated configuration_attribute to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:07:28 +0000 (11:07 +0100)]
Migrated configuration_attribute to INIT/METHOD macros

10 years agoMigrated certreq_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:01:27 +0000 (11:01 +0100)]
Migrated certreq_payload to INIT/METHOD macros

10 years agoMigrated cert_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 09:53:38 +0000 (10:53 +0100)]
Migrated cert_payload to INIT/METHOD macros

10 years agoMigrated auth_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 09:38:58 +0000 (10:38 +0100)]
Migrated auth_payload to INIT/METHOD macros

10 years agoImplemented a hook to toggle the IKE message request flag
Martin Willi [Tue, 23 Nov 2010 12:55:32 +0000 (13:55 +0100)]
Implemented a hook to toggle the IKE message request flag

10 years agoImplemented hook to modify IKE header SPIs
Martin Willi [Tue, 23 Nov 2010 12:53:00 +0000 (13:53 +0100)]
Implemented hook to modify IKE header SPIs

10 years agoFixed transport mode configuration option
Martin Willi [Tue, 23 Nov 2010 12:34:08 +0000 (13:34 +0100)]
Fixed transport mode configuration option

10 years agoDisable MOBIKE in conftesting, as it changes port floating behavior
Martin Willi [Tue, 23 Nov 2010 10:43:23 +0000 (11:43 +0100)]
Disable MOBIKE in conftesting, as it changes port floating behavior

10 years agoLoad plugins only once, even if listed twice
Martin Willi [Tue, 23 Nov 2010 10:06:46 +0000 (11:06 +0100)]
Load plugins only once, even if listed twice

10 years agoPreload plugins configured in tests
Martin Willi [Tue, 23 Nov 2010 09:58:39 +0000 (10:58 +0100)]
Preload plugins configured in tests

10 years agoMoved generic infrastructure initialization to libcharon_init(), allows us to preload...
Martin Willi [Tue, 23 Nov 2010 09:50:36 +0000 (10:50 +0100)]
Moved generic infrastructure initialization to libcharon_init(), allows us to preload plugins

10 years agoAdded IKE options to configure source/destination ports
Martin Willi [Tue, 23 Nov 2010 09:45:45 +0000 (10:45 +0100)]
Added IKE options to configure source/destination ports

10 years agoAdded IKE config option to fake NAT situations
Martin Willi [Tue, 23 Nov 2010 09:43:48 +0000 (10:43 +0100)]
Added IKE config option to fake NAT situations

10 years agoShow SPI in proposal logging hook
Martin Willi [Tue, 23 Nov 2010 09:12:32 +0000 (10:12 +0100)]
Show SPI in proposal logging hook

10 years agoImplemented a hook to inject custom proposals
Martin Willi [Tue, 23 Nov 2010 09:01:42 +0000 (10:01 +0100)]
Implemented a hook to inject custom proposals

10 years agoFixed error reporting
Martin Willi [Tue, 23 Nov 2010 09:01:23 +0000 (10:01 +0100)]
Fixed error reporting

10 years agoRemove unused variable
Martin Willi [Tue, 23 Nov 2010 07:42:57 +0000 (08:42 +0100)]
Remove unused variable

10 years agoAdded hook to log ID payload type and data
Martin Willi [Mon, 15 Nov 2010 13:56:34 +0000 (14:56 +0100)]
Added hook to log ID payload type and data

10 years agoAdded hook to log received KE group
Martin Willi [Mon, 15 Nov 2010 13:47:06 +0000 (14:47 +0100)]
Added hook to log received KE group

10 years agoAdded a hook to modify proposal numbers
Martin Willi [Mon, 15 Nov 2010 13:37:02 +0000 (14:37 +0100)]
Added a hook to modify proposal numbers

10 years agoAdded a hook to print received proposals, including number
Martin Willi [Mon, 15 Nov 2010 13:07:17 +0000 (14:07 +0100)]
Added a hook to print received proposals, including number

10 years agoAdded a hook to alter the payload length field of arbitrary payloads
Martin Willi [Mon, 15 Nov 2010 10:54:35 +0000 (11:54 +0100)]
Added a hook to alter the payload length field of arbitrary payloads

10 years agoDo not update payload length during generation, allows hooks override payload length
Martin Willi [Mon, 15 Nov 2010 10:53:20 +0000 (11:53 +0100)]
Do not update payload length during generation, allows hooks override payload length

10 years agoDo not recalculate payload header length after generation, payloads do length calculation
Martin Willi [Mon, 15 Nov 2010 10:52:30 +0000 (11:52 +0100)]
Do not recalculate payload header length after generation, payloads do length calculation

10 years agoSupport loading of certificate revocation lists
Martin Willi [Fri, 12 Nov 2010 15:10:00 +0000 (16:10 +0100)]
Support loading of certificate revocation lists

10 years agoImplemented a hook that recreates a valid incoming IKE_AUTH response, even if AUTH_FAILED
Martin Willi [Fri, 12 Nov 2010 14:40:29 +0000 (15:40 +0100)]
Implemented a hook that recreates a valid incoming IKE_AUTH response, even if AUTH_FAILED

10 years agoApply IKE major/minor version set on message to IKE header
Martin Willi [Thu, 11 Nov 2010 15:37:26 +0000 (16:37 +0100)]
Apply IKE major/minor version set on message to IKE header

10 years agoAdded setters for IKE major/minor version to ike_header
Martin Willi [Thu, 11 Nov 2010 15:35:35 +0000 (16:35 +0100)]
Added setters for IKE major/minor version to ike_header

10 years agoMigrated ike_header_t to INIT/METHOD macros
Martin Willi [Thu, 11 Nov 2010 15:32:57 +0000 (16:32 +0100)]
Migrated ike_header_t to INIT/METHOD macros

10 years agoAdded hook to set arbitrary IKE major/minor versions in message headers
Martin Willi [Thu, 11 Nov 2010 15:12:58 +0000 (16:12 +0100)]
Added hook to set arbitrary IKE major/minor versions in message headers

10 years agoPrefer test specific over suite specific configuration
Martin Willi [Thu, 11 Nov 2010 14:52:32 +0000 (15:52 +0100)]
Prefer test specific over suite specific configuration

10 years agoAdded a force_hookie hook that requests a COOKIE independent of our COOKIE mechanism
Martin Willi [Thu, 11 Nov 2010 14:38:52 +0000 (15:38 +0100)]
Added a force_hookie hook that requests a COOKIE independent of our COOKIE mechanism

10 years agoThe add_payload hook supports replacing existing payloads of the same type
Martin Willi [Wed, 10 Nov 2010 16:41:51 +0000 (17:41 +0100)]
The add_payload hook supports replacing existing payloads of the same type

10 years agoFix insertion of non hex encoded payload data
Martin Willi [Wed, 10 Nov 2010 16:41:23 +0000 (17:41 +0100)]
Fix insertion of non hex encoded payload data