strongswan.git
10 years agothe option has been changed to --outform
Andreas Steffen [Wed, 26 Aug 2009 16:41:19 +0000 (18:41 +0200)]
the option has been changed to --outform

10 years agoadded pki/.libs/pki to the libs
Andreas Steffen [Wed, 26 Aug 2009 16:27:04 +0000 (18:27 +0200)]
added pki/.libs/pki to the libs

10 years agofixed two typos
Andreas Steffen [Wed, 26 Aug 2009 15:29:57 +0000 (17:29 +0200)]
fixed two typos

10 years agoencoding public EC keys is not really possible without subjectPublicKeyInfo
Martin Willi [Wed, 26 Aug 2009 14:15:38 +0000 (16:15 +0200)]
encoding public EC keys is not really possible without subjectPublicKeyInfo

10 years agocomplain about build errors in non-recursive cases only
Martin Willi [Wed, 26 Aug 2009 12:44:05 +0000 (14:44 +0200)]
complain about build errors in non-recursive cases only

10 years agoopenac (and tools) do not depend on gmp anymore
Martin Willi [Wed, 26 Aug 2009 12:08:20 +0000 (14:08 +0200)]
openac (and tools) do not depend on gmp anymore

10 years agomoved chunk_increment() function to libstrongswan
Martin Willi [Wed, 26 Aug 2009 12:07:26 +0000 (14:07 +0200)]
moved chunk_increment() function to libstrongswan

10 years agopki tool supports public key extraction from private key, certificates
Martin Willi [Wed, 26 Aug 2009 11:05:17 +0000 (13:05 +0200)]
pki tool supports public key extraction from private key, certificates

10 years agoadded a BUILD_FROM_FD option, supporting credential parsing from stdin
Martin Willi [Wed, 26 Aug 2009 11:03:23 +0000 (13:03 +0200)]
added a BUILD_FROM_FD option, supporting credential parsing from stdin

10 years agostarted implementation of a PKI tool, currently supporting RSA|ECDSA key generation
Martin Willi [Wed, 26 Aug 2009 09:22:09 +0000 (11:22 +0200)]
started implementation of a PKI tool, currently supporting RSA|ECDSA key generation

10 years agoimplemented openssl EC key generation
Martin Willi [Wed, 26 Aug 2009 09:20:13 +0000 (11:20 +0200)]
implemented openssl EC key generation

10 years agofixed openssl RSA private key encoding
Martin Willi [Wed, 26 Aug 2009 09:19:06 +0000 (11:19 +0200)]
fixed openssl RSA private key encoding

10 years agokeyids in SQL use ID_KEY_ID type with subjectPublicKey SHA1 hash
Martin Willi [Tue, 25 Aug 2009 12:29:48 +0000 (14:29 +0200)]
keyids in SQL use ID_KEY_ID type with subjectPublicKey SHA1 hash

10 years agotests load pem/pkcs1 plugins, pubkey plugin not needed anymore
Martin Willi [Tue, 25 Aug 2009 11:21:50 +0000 (13:21 +0200)]
tests load pem/pkcs1 plugins, pubkey plugin not needed anymore

10 years agouse ./configured plugins in keyid scripts
Martin Willi [Tue, 25 Aug 2009 09:31:08 +0000 (11:31 +0200)]
use ./configured plugins in keyid scripts

10 years agoaccept PEM encoded keys in keyid scripts
Martin Willi [Tue, 25 Aug 2009 09:30:42 +0000 (11:30 +0200)]
accept PEM encoded keys in keyid scripts

10 years agomigrated scripts to new fingerprinting API
Martin Willi [Tue, 25 Aug 2009 09:29:51 +0000 (11:29 +0200)]
migrated scripts to new fingerprinting API

10 years agoupdated medsrv and test to new fingerprint/encoding API
Martin Willi [Tue, 25 Aug 2009 13:37:33 +0000 (15:37 +0200)]
updated medsrv and test to new fingerprint/encoding API

10 years agoupdated load-tester plugin to new fingerprinting API
Martin Willi [Mon, 24 Aug 2009 14:57:09 +0000 (16:57 +0200)]
updated load-tester plugin to new fingerprinting API

10 years agouse only KEY_ID_PUBKEY_SHA1 fingerprint charon internally
Martin Willi [Mon, 24 Aug 2009 14:06:59 +0000 (16:06 +0200)]
use only KEY_ID_PUBKEY_SHA1 fingerprint charon internally

10 years agoupdated nm plugin to new fingerprinting API
Martin Willi [Mon, 24 Aug 2009 14:06:21 +0000 (16:06 +0200)]
updated nm plugin to new fingerprinting API

10 years agoupdated agent plugin to new fingerprint/encoding API
Martin Willi [Mon, 24 Aug 2009 13:10:18 +0000 (15:10 +0200)]
updated agent plugin to new fingerprint/encoding API

10 years agoupdated stroke plugin to fingerprinting API
Martin Willi [Mon, 24 Aug 2009 12:20:59 +0000 (14:20 +0200)]
updated stroke plugin to fingerprinting API

10 years agoupdated charon to new fingerprinting API
Martin Willi [Mon, 24 Aug 2009 12:20:29 +0000 (14:20 +0200)]
updated charon to new fingerprinting API

10 years agoupdated pluto to new fingerprinting API
Martin Willi [Mon, 24 Aug 2009 12:19:51 +0000 (14:19 +0200)]
updated pluto to new fingerprinting API

10 years agoupdated scepclient to new encoding API
Martin Willi [Mon, 24 Aug 2009 12:19:16 +0000 (14:19 +0200)]
updated scepclient to new encoding API

10 years agoupdated pubkey plugin to new fingerprinting API
Martin Willi [Mon, 24 Aug 2009 12:15:03 +0000 (14:15 +0200)]
updated pubkey plugin to new fingerprinting API

10 years agoupdated x509 plugin to public key/x509 API changes
Martin Willi [Mon, 24 Aug 2009 12:11:44 +0000 (14:11 +0200)]
updated x509 plugin to public key/x509 API changes

10 years agoupdated x509/CRL/AC API to align with public key, authKeyIdentifier is a chunk
Martin Willi [Mon, 24 Aug 2009 12:10:26 +0000 (14:10 +0200)]
updated x509/CRL/AC API to align with public key, authKeyIdentifier is a chunk

10 years agoupdated openssl plugin to new private/public key API, use encoder framework
Martin Willi [Mon, 24 Aug 2009 12:09:18 +0000 (14:09 +0200)]
updated openssl plugin to new private/public key API, use encoder framework

10 years agoupdated gcrypt plugin to new private/public key API, use encoder framework
Martin Willi [Mon, 24 Aug 2009 12:07:32 +0000 (14:07 +0200)]
updated gcrypt plugin to new private/public key API, use encoder framework

10 years agoupdated gmp plugin to new private/public key API, use encoder framework
Martin Willi [Mon, 24 Aug 2009 12:06:41 +0000 (14:06 +0200)]
updated gmp plugin to new private/public key API, use encoder framework

10 years agochanged get_id/get_encoding API of private/public key to use new encoding framework
Martin Willi [Mon, 24 Aug 2009 12:04:23 +0000 (14:04 +0200)]
changed get_id/get_encoding API of private/public key to use new encoding framework

10 years agoremoved obsolete fingerprint identification types
Martin Willi [Mon, 24 Aug 2009 12:21:38 +0000 (14:21 +0200)]
removed obsolete fingerprint identification types

10 years agoadded generic implementation helpers for private_key_t.equals/belongs_to, public_key_...
Martin Willi [Mon, 24 Aug 2009 12:00:43 +0000 (14:00 +0200)]
added generic implementation helpers for private_key_t.equals/belongs_to, public_key_t.equals

10 years agoadded a seperate chache lookup, as encode() requires arguments expensive to build
Martin Willi [Mon, 24 Aug 2009 09:12:07 +0000 (11:12 +0200)]
added a seperate chache lookup, as encode() requires arguments expensive to build

10 years agouse credential builder API to parse trusted public keys
Martin Willi [Fri, 21 Aug 2009 11:53:19 +0000 (13:53 +0200)]
use credential builder API to parse trusted public keys

10 years agoimplemented PGP fingerprinting
Martin Willi [Wed, 19 Aug 2009 14:26:29 +0000 (16:26 +0200)]
implemented PGP fingerprinting

10 years agoimplemented pkcs1 private/public key encoding and fingerprinting
Martin Willi [Wed, 19 Aug 2009 14:10:08 +0000 (16:10 +0200)]
implemented pkcs1 private/public key encoding and fingerprinting

10 years agochunk_cat/cata/create_cat/length accept the sensitive data clearing mode 's'
Martin Willi [Wed, 19 Aug 2009 14:02:20 +0000 (16:02 +0200)]
chunk_cat/cata/create_cat/length accept the sensitive data clearing mode 's'

10 years agoin addition to 'm'/'c' mode, asn1_wrap accepts a 's' mode clearing sensitive information
Martin Willi [Wed, 19 Aug 2009 14:00:48 +0000 (16:00 +0200)]
in addition to 'm'/'c' mode, asn1_wrap accepts a 's' mode clearing sensitive information

10 years agoadded a facility to hand out fingerprinting/key encoding to the pkcs1/pgp/... plugins
Martin Willi [Tue, 18 Aug 2009 15:48:34 +0000 (17:48 +0200)]
added a facility to hand out fingerprinting/key encoding to the pkcs1/pgp/... plugins

10 years agogmp uses component builder to build public- from private-key
Martin Willi [Tue, 18 Aug 2009 07:58:12 +0000 (09:58 +0200)]
gmp uses component builder to build public- from private-key

10 years agogcrypt uses component builder to build public- from private-key
Martin Willi [Tue, 18 Aug 2009 07:47:41 +0000 (09:47 +0200)]
gcrypt uses component builder to build public- from private-key

10 years agomoved PGP code to pluto and gpg plugin
Martin Willi [Mon, 17 Aug 2009 13:56:08 +0000 (15:56 +0200)]
moved PGP code to pluto and gpg plugin

10 years agogmp plugin makes use of pkcs1/pgp/dnskey plugins
Martin Willi [Mon, 17 Aug 2009 12:58:42 +0000 (14:58 +0200)]
gmp plugin makes use of pkcs1/pgp/dnskey plugins

10 years agoenforce RSA_PRIME1 > RSA_PRIME2 (p > q) in PGP
Martin Willi [Mon, 17 Aug 2009 13:30:20 +0000 (15:30 +0200)]
enforce RSA_PRIME1 > RSA_PRIME2 (p > q) in PGP

10 years agoimplemented RFC3110 key builder in a plugin, added generic DNSKEY RR parsing
Martin Willi [Mon, 17 Aug 2009 12:45:52 +0000 (14:45 +0200)]
implemented RFC3110 key builder in a plugin, added generic DNSKEY RR parsing

10 years agorenamed BUILD_BLOB_RFC_3110 to BUILD_BLOB_DNSKEY, we potentially support other key...
Martin Willi [Mon, 17 Aug 2009 12:11:39 +0000 (14:11 +0200)]
renamed BUILD_BLOB_RFC_3110 to BUILD_BLOB_DNSKEY, we potentially support other key types

10 years agopluto uses KEY_ANY builder to parse PGP public keys
Martin Willi [Mon, 17 Aug 2009 11:48:50 +0000 (13:48 +0200)]
pluto uses KEY_ANY builder to parse PGP public keys

10 years agoimplemented a pgp plugin providing PGP key parsing builders
Martin Willi [Mon, 17 Aug 2009 11:46:04 +0000 (13:46 +0200)]
implemented a pgp plugin providing PGP key parsing builders

10 years agomake use of the pkcs1 plugin in gcrypt rsa key parsing
Martin Willi [Fri, 14 Aug 2009 15:21:03 +0000 (17:21 +0200)]
make use of the pkcs1 plugin in gcrypt rsa key parsing

10 years agoremoved subjectPublicKeyInfo parsing, provided by pkcs1 plugin
Martin Willi [Fri, 14 Aug 2009 14:51:12 +0000 (16:51 +0200)]
removed subjectPublicKeyInfo parsing, provided by pkcs1 plugin

10 years agoimplemented a pkcs1 plugin providing PKCS#1 key parsing builders
Martin Willi [Fri, 14 Aug 2009 14:48:40 +0000 (16:48 +0200)]
implemented a pkcs1 plugin providing PKCS#1 key parsing builders

10 years agoadded support for %prompt-ing private key passhprases in strokes "ipsec secrets"
Martin Willi [Fri, 14 Aug 2009 13:01:35 +0000 (15:01 +0200)]
added support for %prompt-ing private key passhprases in strokes "ipsec secrets"

10 years agoshow more information if building a credential fails
Martin Willi [Fri, 14 Aug 2009 11:19:47 +0000 (13:19 +0200)]
show more information if building a credential fails

10 years agolog loaded private key/certificates
Martin Willi [Thu, 13 Aug 2009 15:14:41 +0000 (17:14 +0200)]
log loaded private key/certificates

10 years agoadded getnetbyname/gethostbyname2 to leak detective whitelist, used by pluto
Martin Willi [Thu, 13 Aug 2009 14:47:57 +0000 (16:47 +0200)]
added getnetbyname/gethostbyname2 to leak detective whitelist, used by pluto

10 years agoclone blobs passed to parse functions, check before free
Martin Willi [Thu, 13 Aug 2009 14:47:27 +0000 (16:47 +0200)]
clone blobs passed to parse functions, check before free

10 years agofixed builder signature
Martin Willi [Thu, 13 Aug 2009 14:05:06 +0000 (16:05 +0200)]
fixed builder signature

10 years agodo not enumerate builders returning NULL
Martin Willi [Thu, 13 Aug 2009 14:04:45 +0000 (16:04 +0200)]
do not enumerate builders returning NULL

10 years agoupdated pubkey_speed test to use pem plugin
Martin Willi [Thu, 13 Aug 2009 13:39:29 +0000 (15:39 +0200)]
updated pubkey_speed test to use pem plugin

10 years agohandle pluto specific certificates under CRED_CERTIFICATE, not as own credential...
Martin Willi [Thu, 13 Aug 2009 13:05:14 +0000 (15:05 +0200)]
handle pluto specific certificates under CRED_CERTIFICATE, not as own credential kind

10 years agounified pluto builder implementations
Martin Willi [Thu, 13 Aug 2009 12:18:58 +0000 (14:18 +0200)]
unified pluto builder implementations

10 years agoremoved obsolete PEM code in pluto/libstrongswan
Martin Willi [Thu, 13 Aug 2009 11:47:31 +0000 (13:47 +0200)]
removed obsolete PEM code in pluto/libstrongswan

10 years agouse credential builder to build crls
Martin Willi [Thu, 13 Aug 2009 11:37:14 +0000 (13:37 +0200)]
use credential builder to build crls

10 years agouse credential builder to build attribute certificates
Martin Willi [Thu, 13 Aug 2009 09:15:31 +0000 (11:15 +0200)]
use credential builder to build attribute certificates

10 years agomoved builder hooks to a separate file
Martin Willi [Thu, 13 Aug 2009 08:48:22 +0000 (10:48 +0200)]
moved builder hooks to a separate file

10 years agouse a pluto specific credential builder to build pluto cert_t's
Martin Willi [Wed, 12 Aug 2009 15:27:15 +0000 (17:27 +0200)]
use a pluto specific credential builder to build pluto cert_t's

10 years agoremoved obsolete pgp private key parsing, done by libstrongswan
Martin Willi [Wed, 12 Aug 2009 14:14:26 +0000 (16:14 +0200)]
removed obsolete pgp private key parsing, done by libstrongswan

10 years agouse libstrongswan for private key loading, whack callback to read passphrase
Martin Willi [Wed, 12 Aug 2009 14:13:18 +0000 (16:13 +0200)]
use libstrongswan for private key loading, whack callback to read passphrase

10 years agopass along X509 flags when loading PEM encoded data
Martin Willi [Wed, 12 Aug 2009 13:34:14 +0000 (15:34 +0200)]
pass along X509 flags when loading PEM encoded data

10 years agomake use of the pem helper plugin to load credentials
Martin Willi [Wed, 12 Aug 2009 12:40:16 +0000 (14:40 +0200)]
make use of the pem helper plugin to load credentials

10 years agoadded file loading support to pem plugin, using mmap()
Martin Willi [Wed, 12 Aug 2009 11:26:02 +0000 (13:26 +0200)]
added file loading support to pem plugin, using mmap()

10 years agomoved PEM parsing functionality to its own plugin
Martin Willi [Tue, 11 Aug 2009 14:24:01 +0000 (16:24 +0200)]
moved PEM parsing functionality to its own plugin

10 years agomake boolean expression less enigmatic
Andreas Steffen [Tue, 25 Aug 2009 19:09:54 +0000 (21:09 +0200)]
make boolean expression less enigmatic

10 years agoset stroke connection flags to a clear TRUE/FALSE
Martin Willi [Tue, 25 Aug 2009 17:57:36 +0000 (19:57 +0200)]
set stroke connection flags to a clear TRUE/FALSE

10 years agodisable lifetimes of allocated SPIs
Martin Willi [Tue, 25 Aug 2009 16:15:25 +0000 (18:15 +0200)]
disable lifetimes of allocated SPIs

The default lifetime of 30 seconds is too short, as a tunnel
setup may need several minutes if we have high packet loss. Instead
of increasing the value, we disable lifetimes completely, as we handle
the removal of such SAs from userland just fine.

10 years agoremove incomplete SAs with PROTO_ESP
Martin Willi [Tue, 25 Aug 2009 16:12:55 +0000 (18:12 +0200)]
remove incomplete SAs with PROTO_ESP

10 years agoadded URL for git repository served over git:// protocol
Martin Willi [Fri, 21 Aug 2009 08:52:39 +0000 (10:52 +0200)]
added URL for git repository served over git:// protocol

10 years agoversion bump to 4.3.5
Andreas Steffen [Tue, 18 Aug 2009 16:35:37 +0000 (18:35 +0200)]
version bump to 4.3.5

10 years agopruned OID tree
Andreas Steffen [Tue, 18 Aug 2009 16:24:26 +0000 (18:24 +0200)]
pruned OID tree

10 years agofixed wrong emailAddress OID introduced by revision c31687da
Andreas Steffen [Tue, 18 Aug 2009 15:52:00 +0000 (17:52 +0200)]
fixed wrong emailAddress OID introduced by revision c31687da

10 years agoFixing address resolution via getaddrinfo in libfreeswan. 4.3.4
Tobias Brunner [Tue, 18 Aug 2009 10:30:11 +0000 (12:30 +0200)]
Fixing address resolution via getaddrinfo in libfreeswan.

10 years agocheck integrity of pool code file
Andreas Steffen [Mon, 17 Aug 2009 13:46:56 +0000 (15:46 +0200)]
check integrity of pool code file

10 years agointegrity test of openac and scepclient code files
Andreas Steffen [Mon, 17 Aug 2009 12:25:18 +0000 (14:25 +0200)]
integrity test of openac and scepclient code files

10 years agoNEWS for 4.3.4
Andreas Steffen [Mon, 17 Aug 2009 11:47:28 +0000 (13:47 +0200)]
NEWS for 4.3.4

10 years agoreinitialize print arguments
Andreas Steffen [Mon, 17 Aug 2009 08:54:34 +0000 (10:54 +0200)]
reinitialize print arguments

10 years agocheck success of library_init()
Andreas Steffen [Fri, 14 Aug 2009 20:13:51 +0000 (22:13 +0200)]
check success of library_init()

10 years agoReplacing gethostbyname, gethostbyname2 and their _r variants with getaddrinfo to...
Tobias Brunner [Fri, 14 Aug 2009 13:47:04 +0000 (15:47 +0200)]
Replacing gethostbyname, gethostbyname2 and their _r variants with getaddrinfo to increase portability.

10 years agoOpenSolaris needs libsocket and libnsl for socket().
Tobias Brunner [Fri, 14 Aug 2009 12:42:03 +0000 (14:42 +0200)]
OpenSolaris needs libsocket and libnsl for socket().

10 years agoEnable CMSG headers and macros on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 12:32:18 +0000 (14:32 +0200)]
Enable CMSG headers and macros on OpenSolaris.

10 years agoAdded define to get sigwait with two parameters on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 12:31:18 +0000 (14:31 +0200)]
Added define to get sigwait with two parameters on OpenSolaris.

10 years agosockio.h is required on OpenSolaris for SIOCGIFADDR.
Tobias Brunner [Fri, 14 Aug 2009 12:02:27 +0000 (14:02 +0200)]
sockio.h is required on OpenSolaris for SIOCGIFADDR.

10 years agoReplaced the strange definitions of IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT on...
Tobias Brunner [Fri, 14 Aug 2009 11:57:07 +0000 (13:57 +0200)]
Replaced the strange definitions of IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT on OpenSolaris.

10 years agoDefined some missing fixed-width int types on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 11:54:53 +0000 (13:54 +0200)]
Defined some missing fixed-width int types on OpenSolaris.

10 years agoLOG_AUTHPRIV is not defined on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 11:37:07 +0000 (13:37 +0200)]
LOG_AUTHPRIV is not defined on OpenSolaris.

10 years agoOpenSolaris defines MUTEX_DEFAULT therefore we rename the members of the enums mutex...
Tobias Brunner [Fri, 14 Aug 2009 11:30:59 +0000 (13:30 +0200)]
OpenSolaris defines MUTEX_DEFAULT therefore we rename the members of the enums mutex/condvar/rwlock_type_t.

10 years agoWe need to include alloca.h on OpenSolaris.
Tobias Brunner [Fri, 14 Aug 2009 11:25:22 +0000 (13:25 +0200)]
We need to include alloca.h on OpenSolaris.

10 years agofixed 4.3 refactoring error
Andreas Steffen [Tue, 11 Aug 2009 06:51:16 +0000 (08:51 +0200)]
fixed 4.3 refactoring error