strongswan.git
10 years agoShow base CRL of delta CRLs in listcrls
Martin Willi [Thu, 23 Dec 2010 13:40:37 +0000 (14:40 +0100)]
Show base CRL of delta CRLs in listcrls

10 years agoVerify trustchain for each candidate certificate only once
Martin Willi [Thu, 23 Dec 2010 13:36:20 +0000 (14:36 +0100)]
Verify trustchain for each candidate certificate only once

10 years agoProvide CRLs received in CERT payloads to trustchain verification
Martin Willi [Thu, 23 Dec 2010 11:18:15 +0000 (12:18 +0100)]
Provide CRLs received in CERT payloads to trustchain verification

10 years agoAdded an AUTH_HELPER for revocation certificates
Martin Willi [Thu, 23 Dec 2010 11:17:49 +0000 (12:17 +0100)]
Added an AUTH_HELPER for revocation certificates

10 years agoAdded support for CDPs to conftest
Martin Willi [Thu, 23 Dec 2010 10:54:17 +0000 (11:54 +0100)]
Added support for CDPs to conftest

10 years agoAdded CDP support to mem_cred
Martin Willi [Thu, 23 Dec 2010 10:54:01 +0000 (11:54 +0100)]
Added CDP support to mem_cred

10 years agoCheck for issuer only if we actually got a CRL
Martin Willi [Thu, 23 Dec 2010 10:44:36 +0000 (11:44 +0100)]
Check for issuer only if we actually got a CRL

10 years agoUpdated conftest README
Martin Willi [Wed, 22 Dec 2010 17:00:11 +0000 (18:00 +0100)]
Updated conftest README

10 years agoAdded support for custom file loggers, loglevel settings
Martin Willi [Wed, 22 Dec 2010 16:19:28 +0000 (17:19 +0100)]
Added support for custom file loggers, loglevel settings

10 years agoCheck inhibitAnyPolicy in constraints plugin
Martin Willi [Wed, 22 Dec 2010 15:08:20 +0000 (16:08 +0100)]
Check inhibitAnyPolicy in constraints plugin

10 years agoSlightly renamed different policyConstraints to distinguish them better
Martin Willi [Wed, 22 Dec 2010 14:58:00 +0000 (15:58 +0100)]
Slightly renamed different policyConstraints to distinguish them better

10 years agoAdded inhibitAnyPolicy constraint support to pki tool
Martin Willi [Wed, 22 Dec 2010 14:52:19 +0000 (15:52 +0100)]
Added inhibitAnyPolicy constraint support to pki tool

10 years agoAdded support for inhibitAnyPolicy constraint to x509 plugin
Martin Willi [Wed, 22 Dec 2010 14:52:02 +0000 (15:52 +0100)]
Added support for inhibitAnyPolicy constraint to x509 plugin

10 years agoUse a generic getter for all numerical X.509 constraints
Martin Willi [Wed, 22 Dec 2010 14:10:03 +0000 (15:10 +0100)]
Use a generic getter for all numerical X.509 constraints

10 years agoCheck inhibitPolicyMapping in constraints plugin
Martin Willi [Wed, 22 Dec 2010 13:53:46 +0000 (14:53 +0100)]
Check inhibitPolicyMapping in constraints plugin

10 years agoCheck requireExplicitPolicy in constraints plugin
Martin Willi [Wed, 22 Dec 2010 09:38:06 +0000 (10:38 +0100)]
Check requireExplicitPolicy in constraints plugin

10 years agoInclude subject cert to temporary auth info before completing trustchain
Martin Willi [Wed, 22 Dec 2010 10:49:16 +0000 (11:49 +0100)]
Include subject cert to temporary auth info before completing trustchain

10 years agoFail silently when trying to convert IPv6 address to v4 family host
Martin Willi [Wed, 22 Dec 2010 10:42:44 +0000 (11:42 +0100)]
Fail silently when trying to convert IPv6 address to v4 family host

10 years agoPass an additional anchor flag to validate() hook if we reach the root CA
Martin Willi [Wed, 22 Dec 2010 09:43:06 +0000 (10:43 +0100)]
Pass an additional anchor flag to validate() hook if we reach the root CA

10 years agoAlways pass auth info to validate(), use pathlen to check for user certificate
Martin Willi [Wed, 22 Dec 2010 09:34:58 +0000 (10:34 +0100)]
Always pass auth info to validate(), use pathlen to check for user certificate

10 years agoMerge test config into suite config, instead of having two distinct configs
Martin Willi [Mon, 20 Dec 2010 14:49:00 +0000 (15:49 +0100)]
Merge test config into suite config, instead of having two distinct configs

10 years agoAdded support for delta CRLs to pki tool
Martin Willi [Fri, 17 Dec 2010 16:00:32 +0000 (17:00 +0100)]
Added support for delta CRLs to pki tool

10 years agoAdded support for delta CRLs to x509 plugin
Martin Willi [Fri, 17 Dec 2010 15:53:00 +0000 (16:53 +0100)]
Added support for delta CRLs to x509 plugin

10 years agoMoved CRL distribution point building to an exportable function
Martin Willi [Fri, 17 Dec 2010 15:52:04 +0000 (16:52 +0100)]
Moved CRL distribution point building to an exportable function

10 years agoSimplified format of x509 CRL URI parsing/enumerator
Martin Willi [Fri, 17 Dec 2010 14:52:15 +0000 (15:52 +0100)]
Simplified format of x509 CRL URI parsing/enumerator

10 years agoFail on critical extensions in openssl CRLs
Martin Willi [Fri, 17 Dec 2010 10:40:01 +0000 (11:40 +0100)]
Fail on critical extensions in openssl CRLs

10 years agoRespect enforce_critical setting in x509 plugin CRLs
Martin Willi [Fri, 17 Dec 2010 10:38:04 +0000 (11:38 +0100)]
Respect enforce_critical setting in x509 plugin CRLs

10 years agoParse CRL extensions in a switch statement
Martin Willi [Fri, 17 Dec 2010 10:36:15 +0000 (11:36 +0100)]
Parse CRL extensions in a switch statement

10 years agoRespect policy mappings in certificatePolicy validation
Martin Willi [Thu, 16 Dec 2010 15:44:33 +0000 (16:44 +0100)]
Respect policy mappings in certificatePolicy validation

10 years agoAdded a cert_policy option to conftest configurations
Martin Willi [Thu, 16 Dec 2010 15:18:11 +0000 (16:18 +0100)]
Added a cert_policy option to conftest configurations

10 years agoValidate simple certificatePolicy inheritance
Martin Willi [Thu, 16 Dec 2010 10:24:52 +0000 (11:24 +0100)]
Validate simple certificatePolicy inheritance

10 years agoAdded a certificate policy OID auth_cfg constraint
Martin Willi [Thu, 16 Dec 2010 10:25:32 +0000 (11:25 +0100)]
Added a certificate policy OID auth_cfg constraint

10 years agoAdded policyConstraints support to pki tool
Martin Willi [Wed, 15 Dec 2010 16:46:04 +0000 (17:46 +0100)]
Added policyConstraints support to pki tool

10 years agoAdded support for policyConstraints to x509 plugin
Martin Willi [Wed, 15 Dec 2010 16:45:32 +0000 (17:45 +0100)]
Added support for policyConstraints to x509 plugin

10 years agoSlightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
Martin Willi [Wed, 15 Dec 2010 15:42:30 +0000 (16:42 +0100)]
Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too

10 years agoAdded policyMappings support to pki tool
Martin Willi [Wed, 15 Dec 2010 14:30:09 +0000 (14:30 +0000)]
Added policyMappings support to pki tool

10 years agoAdded policyMappings support to x509 plugin
Martin Willi [Wed, 15 Dec 2010 14:29:25 +0000 (14:29 +0000)]
Added policyMappings support to x509 plugin

10 years agoAdded policyMappings OID identifier
Martin Willi [Wed, 15 Dec 2010 14:28:31 +0000 (14:28 +0000)]
Added policyMappings OID identifier

10 years agoAdded certificatePolicy options to pki tool
Martin Willi [Wed, 15 Dec 2010 13:31:04 +0000 (14:31 +0100)]
Added certificatePolicy options to pki tool

10 years agoAdded certificatePolicy support to x509 plugin
Martin Willi [Wed, 15 Dec 2010 13:08:20 +0000 (14:08 +0100)]
Added certificatePolicy support to x509 plugin

10 years agoAdded a null-safe strdup variant
Martin Willi [Wed, 15 Dec 2010 11:15:12 +0000 (12:15 +0100)]
Added a null-safe strdup variant

10 years agoFail when parsing unsupported critical extensions in openssl_x509
Martin Willi [Tue, 14 Dec 2010 16:34:34 +0000 (17:34 +0100)]
Fail when parsing unsupported critical extensions in openssl_x509

10 years agoAdded CertificatePolicy OID identifier
Martin Willi [Tue, 14 Dec 2010 16:34:02 +0000 (17:34 +0100)]
Added CertificatePolicy OID identifier

10 years agoAdded command line tool for OID to DER conversion function
Martin Willi [Tue, 14 Dec 2010 13:49:17 +0000 (14:49 +0100)]
Added command line tool for OID to DER conversion function

10 years agoAdded conversion functions between string OIDs and its DER encoding
Martin Willi [Tue, 14 Dec 2010 13:47:44 +0000 (14:47 +0100)]
Added conversion functions between string OIDs and its DER encoding

10 years agoDo not parse certificates with invalid version in openssl plugin
Martin Willi [Mon, 13 Dec 2010 13:22:00 +0000 (14:22 +0100)]
Do not parse certificates with invalid version in openssl plugin

10 years agoImplemented NameConstraint matching in constraints plugin
Martin Willi [Thu, 9 Dec 2010 15:39:07 +0000 (16:39 +0100)]
Implemented NameConstraint matching in constraints plugin

10 years agopki --issue/self support permitted/excluded NameConstraints
Martin Willi [Thu, 9 Dec 2010 15:29:22 +0000 (16:29 +0100)]
pki --issue/self support permitted/excluded NameConstraints

10 years agopki --print prints NameConstraints
Martin Willi [Thu, 9 Dec 2010 12:34:17 +0000 (13:34 +0100)]
pki --print prints NameConstraints

10 years agoAdded support for generating NameConstraints in x509 plugin
Martin Willi [Thu, 9 Dec 2010 12:33:43 +0000 (13:33 +0100)]
Added support for generating NameConstraints in x509 plugin

10 years agoAdded support for parsing NameConstraints in x509 plugin
Martin Willi [Thu, 9 Dec 2010 12:33:07 +0000 (13:33 +0100)]
Added support for parsing NameConstraints in x509 plugin

10 years agoAdded name constraint enumerator to x509 interface
Martin Willi [Thu, 9 Dec 2010 10:50:50 +0000 (11:50 +0100)]
Added name constraint enumerator to x509 interface

10 years agoMigrated x509_cert_t to INIT/METHOD macros
Martin Willi [Thu, 9 Dec 2010 10:44:31 +0000 (11:44 +0100)]
Migrated x509_cert_t to INIT/METHOD macros

10 years agoMoved X509 pathlen constraint checking to constraints plugin
Martin Willi [Thu, 9 Dec 2010 09:46:48 +0000 (10:46 +0100)]
Moved X509 pathlen constraint checking to constraints plugin

10 years agoAdded plugin stub for advanced X509 constraint checking
Martin Willi [Thu, 9 Dec 2010 09:41:54 +0000 (09:41 +0000)]
Added plugin stub for advanced X509 constraint checking

10 years agoAdded a hook to reset ESP sequence numbers
Martin Willi [Fri, 10 Dec 2010 17:18:24 +0000 (18:18 +0100)]
Added a hook to reset ESP sequence numbers

10 years agoAccept a suffix to differentiate x509, crl, ecdsa and rsa files
Martin Willi [Fri, 10 Dec 2010 13:33:28 +0000 (14:33 +0100)]
Accept a suffix to differentiate x509, crl, ecdsa and rsa files

10 years agoUse strncaseeq instead of strncasecmp
Martin Willi [Fri, 10 Dec 2010 13:25:19 +0000 (14:25 +0100)]
Use strncaseeq instead of strncasecmp

10 years agoAdded a strncaseeq variant to the string comparison macros
Martin Willi [Fri, 10 Dec 2010 13:22:18 +0000 (14:22 +0100)]
Added a strncaseeq variant to the string comparison macros

10 years agoAdded tfc_padding option, changes signature to master changes
Martin Willi [Fri, 10 Dec 2010 10:29:39 +0000 (11:29 +0100)]
Added tfc_padding option, changes signature to master changes

10 years agoCRL/OCSP validation stores trustchain information in auth_cfg
Martin Willi [Tue, 7 Dec 2010 16:53:13 +0000 (17:53 +0100)]
CRL/OCSP validation stores trustchain information in auth_cfg

10 years agoKey strength checking stores all key sizes in auth_cfg, verifies all in complies()
Martin Willi [Tue, 7 Dec 2010 16:48:23 +0000 (17:48 +0100)]
Key strength checking stores all key sizes in auth_cfg, verifies all in complies()

10 years agoInstall "ipsec" script with tools or conftest
Martin Willi [Mon, 6 Dec 2010 09:36:51 +0000 (10:36 +0100)]
Install "ipsec" script with tools or conftest

10 years agoUse subject, not issuer, of CRL issuing certificate
Martin Willi [Fri, 3 Dec 2010 13:29:03 +0000 (14:29 +0100)]
Use subject, not issuer, of CRL issuing certificate

10 years agoCRLSign keyUsage or CA basicConstraint are sufficient for CRL validation
Martin Willi [Fri, 3 Dec 2010 12:51:51 +0000 (13:51 +0100)]
CRLSign keyUsage or CA basicConstraint are sufficient for CRL validation

10 years agoParse and encode crlSign keyUsage flag in x509 plugin
Martin Willi [Fri, 3 Dec 2010 12:26:38 +0000 (13:26 +0100)]
Parse and encode crlSign keyUsage flag in x509 plugin

10 years agopki tool shows and builds crlSign keyUsage
Martin Willi [Fri, 3 Dec 2010 12:25:45 +0000 (13:25 +0100)]
pki tool shows and builds crlSign keyUsage

10 years agoAdded a flag for X509 CRLSign keyUsage
Martin Willi [Fri, 3 Dec 2010 12:24:49 +0000 (13:24 +0100)]
Added a flag for X509 CRLSign keyUsage

10 years agoRemove x509_flag_names, flags do not work with ENUM()
Martin Willi [Fri, 3 Dec 2010 12:23:59 +0000 (13:23 +0100)]
Remove x509_flag_names, flags do not work with ENUM()

10 years agoUse certificate CRLIssuer information to look up cacched CRLs or CDPs
Martin Willi [Thu, 2 Dec 2010 14:38:44 +0000 (15:38 +0100)]
Use certificate CRLIssuer information to look up cacched CRLs or CDPs

10 years agoAdded --crlissuer option to pki --issue
Martin Willi [Thu, 2 Dec 2010 14:37:28 +0000 (15:37 +0100)]
Added --crlissuer option to pki --issue

10 years agoAdded support for CRL Issuers to x509 and OpenSSL plugins
Martin Willi [Fri, 3 Dec 2010 09:28:46 +0000 (09:28 +0000)]
Added support for CRL Issuers to x509 and OpenSSL plugins

10 years agoGenerate payload to rebuild_auth, works with injected unknown payloads
Martin Willi [Wed, 1 Dec 2010 13:56:26 +0000 (14:56 +0100)]
Generate payload to rebuild_auth, works with injected unknown payloads

10 years agoMove rebuild_auth functionality to a standalone hook
Martin Willi [Wed, 1 Dec 2010 13:33:57 +0000 (14:33 +0100)]
Move rebuild_auth functionality to a standalone hook

This reverts commit 3c12b239fd55aa36c59eb60224d27af8b8d915d1.

10 years agoAdded key strength constraints support to conftest
Martin Willi [Thu, 25 Nov 2010 14:27:31 +0000 (15:27 +0100)]
Added key strength constraints support to conftest

10 years agoAdded key strength constraints for RSA or ECDSA trustchains
Martin Willi [Thu, 25 Nov 2010 14:26:51 +0000 (15:26 +0100)]
Added key strength constraints for RSA or ECDSA trustchains

10 years agoImplemented hook to log traffic selectors
Martin Willi [Thu, 25 Nov 2010 12:54:31 +0000 (13:54 +0100)]
Implemented hook to log traffic selectors

10 years agoThe set_reserved() hook rebuilds AUTH if it mangles ID payload fields
Martin Willi [Thu, 25 Nov 2010 11:32:41 +0000 (12:32 +0100)]
The set_reserved() hook rebuilds AUTH if it mangles ID payload fields

10 years agoInclude the used reserved bytes from ID payloads in AUTH calculation
Martin Willi [Thu, 25 Nov 2010 10:35:43 +0000 (11:35 +0100)]
Include the used reserved bytes from ID payloads in AUTH calculation

10 years agoMigrated psk/pubkey_authenticators to INIT/METHOD macros
Martin Willi [Thu, 25 Nov 2010 10:13:04 +0000 (11:13 +0100)]
Migrated psk/pubkey_authenticators to INIT/METHOD macros

10 years agoExtended set_reserved hook to mangle sa_payload substructures
Martin Willi [Thu, 25 Nov 2010 09:55:29 +0000 (10:55 +0100)]
Extended set_reserved hook to mangle sa_payload substructures

10 years agoAdded substructure enumerators to sa_payload, proposal_substructure
Martin Willi [Thu, 25 Nov 2010 09:55:08 +0000 (10:55 +0100)]
Added substructure enumerators to sa_payload, proposal_substructure

10 years agoMoved check if packet already encoded to ike_sa, avoids message() hook invocation...
Martin Willi [Wed, 24 Nov 2010 17:09:06 +0000 (18:09 +0100)]
Moved check if packet already encoded to ike_sa, avoids message() hook invocation twice

10 years agoThe set_ike_version hook supports version flag mangling
Martin Willi [Wed, 24 Nov 2010 16:45:39 +0000 (17:45 +0100)]
The set_ike_version hook supports version flag mangling

10 years agoAdded a message method to set the "higher version supported" flag
Martin Willi [Wed, 24 Nov 2010 16:45:12 +0000 (17:45 +0100)]
Added a message method to set the "higher version supported" flag

10 years agoImplemented hook to toggle initiator flag in IKE header
Martin Willi [Wed, 24 Nov 2010 16:22:16 +0000 (17:22 +0100)]
Implemented hook to toggle initiator flag in IKE header

10 years agoImplemented a hook to set reserved bits
Martin Willi [Wed, 24 Nov 2010 14:42:08 +0000 (14:42 +0000)]
Implemented a hook to set reserved bits

10 years agoAdded reserved bit mangling wrapper functions to message
Martin Willi [Wed, 24 Nov 2010 15:56:46 +0000 (16:56 +0100)]
Added reserved bit mangling wrapper functions to message

10 years agoUse payload_get_field() to look up payload fields
Martin Willi [Wed, 24 Nov 2010 16:07:45 +0000 (17:07 +0100)]
Use payload_get_field() to look up payload fields

10 years agoImplemented a generic payload field lookup function
Martin Willi [Wed, 24 Nov 2010 15:52:49 +0000 (16:52 +0100)]
Implemented a generic payload field lookup function

10 years agoReserved field get parsed/generated like any other bit/byte field
Martin Willi [Wed, 24 Nov 2010 15:44:48 +0000 (16:44 +0100)]
Reserved field get parsed/generated like any other bit/byte field

10 years agoAdded member fields for reserved bits and bytes in all payloads
Martin Willi [Wed, 24 Nov 2010 15:34:16 +0000 (16:34 +0100)]
Added member fields for reserved bits and bytes in all payloads

10 years agoMigrated vendor_id_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:42:22 +0000 (14:42 +0100)]
Migrated vendor_id_payload to INIT/METHOD macros

10 years agoMigrated ts_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:36:47 +0000 (14:36 +0100)]
Migrated ts_payload to INIT/METHOD macros

10 years agoUse enumerator instead of deprecated iterator
Martin Willi [Wed, 24 Nov 2010 13:21:01 +0000 (14:21 +0100)]
Use enumerator instead of deprecated iterator

10 years agoMigrated transform_substructure to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:17:44 +0000 (14:17 +0100)]
Migrated transform_substructure to INIT/METHOD macros

10 years agoRemoved obsolete clone mehtod from proposal_substructure
Martin Willi [Wed, 24 Nov 2010 12:58:33 +0000 (13:58 +0100)]
Removed obsolete clone mehtod from proposal_substructure

10 years agoMigrated transform_attribute to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 11:14:31 +0000 (12:14 +0100)]
Migrated transform_attribute to INIT/METHOD macros

10 years agoMigrated traffic_selector_substructre to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 11:00:53 +0000 (12:00 +0100)]
Migrated traffic_selector_substructre to INIT/METHOD macros

10 years agoMigrated notify_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:54:12 +0000 (11:54 +0100)]
Migrated notify_payload to INIT/METHOD macros