strongswan.git
11 years agoUpdated pgp plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:23:08 +0000 (16:23 +0200)]
Updated pgp plugin to the new builder API

11 years agoUpdated pem plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:22:42 +0000 (16:22 +0200)]
Updated pem plugin to the new builder API

11 years agoUpdated openssl plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:21:21 +0000 (16:21 +0200)]
Updated openssl plugin to the new builder API

11 years agoUpdated gmp plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:20:53 +0000 (16:20 +0200)]
Updated gmp plugin to the new builder API

11 years agoUpdated gcrypt plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:20:35 +0000 (16:20 +0200)]
Updated gcrypt plugin to the new builder API

11 years agoUpdated dnskey plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:19:44 +0000 (16:19 +0200)]
Updated dnskey plugin to the new builder API

11 years agoUpdated agent plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:19:08 +0000 (16:19 +0200)]
Updated agent plugin to the new builder API

11 years agoUpdated pluto to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:18:29 +0000 (16:18 +0200)]
Updated pluto to the new builder API

11 years agoReplaced builder_t objects by simple builder_function_t functions
Martin Willi [Wed, 9 Sep 2009 14:16:34 +0000 (16:16 +0200)]
Replaced builder_t objects by simple builder_function_t functions

11 years agoUse dynamic registration/usage invocation of command types
Martin Willi [Thu, 10 Sep 2009 10:44:06 +0000 (12:44 +0200)]
Use dynamic registration/usage invocation of command types

11 years agosplitted PKI tool to a file per command
Martin Willi [Thu, 10 Sep 2009 10:31:40 +0000 (12:31 +0200)]
splitted PKI tool to a file per command

11 years agouse generic option parsing with usage information
Martin Willi [Thu, 10 Sep 2009 09:18:41 +0000 (11:18 +0200)]
use generic option parsing with usage information

11 years agofixed memleak
Martin Willi [Wed, 9 Sep 2009 15:12:38 +0000 (17:12 +0200)]
fixed memleak

11 years agoevaluate arguments of chunk_clone/clonea/alloc/alloca only once
Martin Willi [Wed, 9 Sep 2009 11:30:31 +0000 (13:30 +0200)]
evaluate arguments of chunk_clone/clonea/alloc/alloca only once

11 years agosplit usage information
Andreas Steffen [Wed, 9 Sep 2009 00:37:17 +0000 (02:37 +0200)]
split usage information

11 years agoupdated usage of ipsec pki --self
Andreas Steffen [Tue, 8 Sep 2009 20:22:09 +0000 (22:22 +0200)]
updated usage of ipsec pki --self

11 years agosupport --options also in ipsec pki --self
Andreas Steffen [Tue, 8 Sep 2009 19:54:00 +0000 (21:54 +0200)]
support --options also in ipsec pki --self

11 years ago--options reads command line options from file
Andreas Steffen [Tue, 8 Sep 2009 19:36:35 +0000 (21:36 +0200)]
--options reads command line options from file

11 years agopki tool supports subjectAltNames in certificates
Martin Willi [Tue, 8 Sep 2009 11:27:35 +0000 (13:27 +0200)]
pki tool supports subjectAltNames in certificates

11 years agox509 certificates support encoding of email, DNS and IP subjectAltNames
Martin Willi [Tue, 8 Sep 2009 11:17:41 +0000 (13:17 +0200)]
x509 certificates support encoding of email, DNS and IP subjectAltNames

11 years agonon self-signed x509 certificates are encoded with authorityKeyIdentifier
Martin Willi [Tue, 8 Sep 2009 09:26:05 +0000 (11:26 +0200)]
non self-signed x509 certificates are encoded with authorityKeyIdentifier

11 years agox509 CA certificates are encoded with a subjectKeyIdentifier
Martin Willi [Tue, 8 Sep 2009 09:02:49 +0000 (11:02 +0200)]
x509 CA certificates are encoded with a subjectKeyIdentifier

11 years agopki tool --issue/--verify operations require a CA with CA basicConstraint
Martin Willi [Tue, 8 Sep 2009 08:44:08 +0000 (10:44 +0200)]
pki tool --issue/--verify operations require a CA with CA basicConstraint

11 years agopki tool can set CA basicConstraint on --self/--issued certificates
Martin Willi [Tue, 8 Sep 2009 08:39:04 +0000 (10:39 +0200)]
pki tool can set CA basicConstraint on --self/--issued certificates

11 years agox509 plugin supports encoding of CA basicConstraint extension
Martin Willi [Tue, 8 Sep 2009 08:38:02 +0000 (10:38 +0200)]
x509 plugin supports encoding of CA basicConstraint extension

11 years agopki tool can issue certificates
Martin Willi [Mon, 7 Sep 2009 14:04:30 +0000 (16:04 +0200)]
pki tool can issue certificates

11 years agouse sysconfdir, no need for an additional confdir variable
Martin Willi [Mon, 7 Sep 2009 13:10:30 +0000 (15:10 +0200)]
use sysconfdir, no need for an additional confdir variable

11 years agoonly add generated m4 files to include path
Martin Willi [Mon, 7 Sep 2009 13:10:01 +0000 (15:10 +0200)]
only add generated m4 files to include path

11 years agoUse macros to define --with options
Martin Willi [Mon, 7 Sep 2009 10:07:57 +0000 (12:07 +0200)]
Use macros to define --with options

11 years agoUse macros to define --enable/--disable options
Martin Willi [Mon, 7 Sep 2009 08:34:14 +0000 (10:34 +0200)]
Use macros to define --enable/--disable options

11 years agoAdded a .gitignore for generated m4 scripts
Martin Willi [Mon, 7 Sep 2009 08:35:22 +0000 (10:35 +0200)]
Added a .gitignore for generated m4 scripts

11 years agouse m4/ autoconf subdirectory
Martin Willi [Mon, 7 Sep 2009 07:31:31 +0000 (09:31 +0200)]
use m4/ autoconf subdirectory

11 years agoRemoved trailing whitespaces in configure.in/Makefile.am
Martin Willi [Mon, 7 Sep 2009 09:46:16 +0000 (11:46 +0200)]
Removed trailing whitespaces in configure.in/Makefile.am

11 years agoCleaned up some code of the mediation extension.
Tobias Brunner [Fri, 4 Sep 2009 13:48:30 +0000 (15:48 +0200)]
Cleaned up some code of the mediation extension.

11 years agoMoved set_state after the DBG0 statement, so that the message gets logged also for...
Tobias Brunner [Fri, 4 Sep 2009 09:10:52 +0000 (11:10 +0200)]
Moved set_state after the DBG0 statement, so that the message gets logged also for mediation connections without CHILD_SA.

11 years agoremove spaces before tabs at the beginning of lines (^( )+\t)
Martin Willi [Fri, 4 Sep 2009 13:02:11 +0000 (15:02 +0200)]
remove spaces before tabs at the beginning of lines (^( )+\t)

11 years agoremove spaces within tabs (\t( )+\t)
Martin Willi [Fri, 4 Sep 2009 12:58:05 +0000 (14:58 +0200)]
remove spaces within tabs (\t( )+\t)

11 years agoreplaces four spaces by tabs, where appropriate
Martin Willi [Fri, 4 Sep 2009 12:50:23 +0000 (14:50 +0200)]
replaces four spaces by tabs, where appropriate

11 years agoremoved trailing spaces ([[:space:]]+$)
Martin Willi [Fri, 4 Sep 2009 11:46:09 +0000 (13:46 +0200)]
removed trailing spaces ([[:space:]]+$)

11 years agofixed open failure debug message in load_secrets
Marius Tomaschewski [Fri, 4 Sep 2009 09:36:36 +0000 (11:36 +0200)]
fixed open failure debug message in load_secrets

11 years agofixed memleak in rekey collissions
Martin Willi [Thu, 3 Sep 2009 16:09:29 +0000 (18:09 +0200)]
fixed memleak in rekey collissions

11 years agoConvert empty CREATE_CHILD_SA exchange to an INFORMATIONAL
Martin Willi [Thu, 3 Sep 2009 15:32:41 +0000 (17:32 +0200)]
Convert empty CREATE_CHILD_SA exchange to an INFORMATIONAL

11 years agoUse get_notify() to look up single notifies
Martin Willi [Thu, 3 Sep 2009 15:32:01 +0000 (17:32 +0200)]
Use get_notify() to look up single notifies

11 years agoaccept octet strings in is_asn1() check
Martin Willi [Thu, 3 Sep 2009 13:35:05 +0000 (15:35 +0200)]
accept octet strings in is_asn1() check

11 years agoUse recursive source address lookup if we get a gateway only
Martin Willi [Wed, 2 Sep 2009 09:47:14 +0000 (11:47 +0200)]
Use recursive source address lookup if we get a gateway only

11 years agoFixed load_secrets to acquire/release lock in level 0 only
Marius Tomaschewski [Wed, 2 Sep 2009 11:49:39 +0000 (13:49 +0200)]
Fixed load_secrets to acquire/release lock in level 0 only

The write_lock call fails with EDEADLK and unlocks in the
next recursion level.

11 years agoComplain about rw(un)lock errors
Martin Willi [Thu, 3 Sep 2009 12:27:33 +0000 (14:27 +0200)]
Complain about rw(un)lock errors

11 years agoSimplified the search for ME_CONNECTID notifies.
Tobias Brunner [Wed, 2 Sep 2009 15:29:02 +0000 (17:29 +0200)]
Simplified the search for ME_CONNECTID notifies.

11 years agoFixed some typos; whitespace cleanup.
Tobias Brunner [Wed, 2 Sep 2009 15:26:36 +0000 (17:26 +0200)]
Fixed some typos; whitespace cleanup.

11 years agoMissing commas added.
Tobias Brunner [Wed, 2 Sep 2009 14:12:52 +0000 (16:12 +0200)]
Missing commas added.

11 years agohandle plugin loading failures
Martin Willi [Tue, 1 Sep 2009 14:20:45 +0000 (16:20 +0200)]
handle plugin loading failures

11 years agoplugins marked with a '!' are handled as critical: cancel if loading fails
Martin Willi [Tue, 1 Sep 2009 14:08:28 +0000 (16:08 +0200)]
plugins marked with a '!' are handled as critical: cancel if loading fails

11 years agouse subjectPublicKeyInfo hash for CA certificate lookup
Martin Willi [Tue, 1 Sep 2009 12:05:58 +0000 (14:05 +0200)]
use subjectPublicKeyInfo hash for CA certificate lookup

11 years agoDescription of new lifetime limits added to manpage.
Tobias Brunner [Tue, 1 Sep 2009 10:48:59 +0000 (12:48 +0200)]
Description of new lifetime limits added to manpage.

11 years agoAdded lifetime/margintime keywords as alias for keylife/rekeymargin.
Tobias Brunner [Fri, 28 Aug 2009 15:10:08 +0000 (17:10 +0200)]
Added lifetime/margintime keywords as alias for keylife/rekeymargin.

11 years agoRefactored the lifetime_cfg_t struct to be simpler and more expressive. Initializatio...
Tobias Brunner [Fri, 28 Aug 2009 15:04:35 +0000 (17:04 +0200)]
Refactored the lifetime_cfg_t struct to be simpler and more expressive. Initialization is now static.

11 years agoHandling of new lifetime limits added to stroke.
Tobias Brunner [Thu, 27 Aug 2009 16:10:39 +0000 (18:10 +0200)]
Handling of new lifetime limits added to stroke.

11 years agoAdded keywords for the new lifetime limits to starter.
Tobias Brunner [Thu, 27 Aug 2009 16:09:26 +0000 (18:09 +0200)]
Added keywords for the new lifetime limits to starter.

11 years agoAdded parser for unsigned long long ints to starter.
Tobias Brunner [Thu, 27 Aug 2009 16:03:17 +0000 (18:03 +0200)]
Added parser for unsigned long long ints to starter.

11 years agoIf no inbound CHILD_SA is found, try to find an outbound SA.
Tobias Brunner [Thu, 27 Aug 2009 14:16:23 +0000 (16:16 +0200)]
If no inbound CHILD_SA is found, try to find an outbound SA.

Due to the new lifetime limits in- and outbound SAs may expire
individually.

11 years agoSet the packet and byte limits in the netlink and pfkey kernel interfaces.
Tobias Brunner [Thu, 27 Aug 2009 14:07:30 +0000 (16:07 +0200)]
Set the packet and byte limits in the netlink and pfkey kernel interfaces.

11 years agoTerminology and return value of get_lifetime of child_sa_t corrected.
Tobias Brunner [Thu, 27 Aug 2009 09:46:35 +0000 (11:46 +0200)]
Terminology and return value of get_lifetime of child_sa_t corrected.

11 years agochild_sa_t adapted to the new lifetime configuration.
Tobias Brunner [Thu, 27 Aug 2009 09:45:36 +0000 (11:45 +0200)]
child_sa_t adapted to the new lifetime configuration.

11 years agoAdapted the kernel interfaces to the new lifetime configuration.
Tobias Brunner [Thu, 27 Aug 2009 09:41:52 +0000 (11:41 +0200)]
Adapted the kernel interfaces to the new lifetime configuration.

11 years agoAdapted the config backends to the new lifetime configuration.
Tobias Brunner [Thu, 27 Aug 2009 09:38:13 +0000 (11:38 +0200)]
Adapted the config backends to the new lifetime configuration.

11 years agochild_cfg_t now takes a lifetime_cfg_t to configure the lifetime limits. Also adjuste...
Tobias Brunner [Thu, 27 Aug 2009 09:27:10 +0000 (11:27 +0200)]
child_cfg_t now takes a lifetime_cfg_t to configure the lifetime limits. Also adjusted the jitter calculation, so it works for values > RAND_MAX.

11 years agolifetime_cfg_t added to configure lifetime limits of a CHILD_SA.
Tobias Brunner [Thu, 27 Aug 2009 09:22:43 +0000 (11:22 +0200)]
lifetime_cfg_t added to configure lifetime limits of a CHILD_SA.

11 years agoAdded side effect free min and max macros.
Tobias Brunner [Tue, 25 Aug 2009 11:11:42 +0000 (13:11 +0200)]
Added side effect free min and max macros.

11 years agosql/rw-rsa and sql/rw-rsa-keyid scenarios require the pubkey plugin
Martin Willi [Tue, 1 Sep 2009 09:34:09 +0000 (11:34 +0200)]
sql/rw-rsa and sql/rw-rsa-keyid scenarios require the pubkey plugin

11 years agofixed certificate_t enum names
Martin Willi [Tue, 1 Sep 2009 09:28:05 +0000 (11:28 +0200)]
fixed certificate_t enum names

11 years agochanged prefix of crl_reason_t values from CRL_ to CRL_REASON_
Andreas Steffen [Mon, 31 Aug 2009 21:21:50 +0000 (23:21 +0200)]
changed prefix of crl_reason_t values from CRL_ to CRL_REASON_

11 years agouse crl_reason_t definition from <credentials/certificates/crl.h>
Andreas Steffen [Mon, 31 Aug 2009 21:05:45 +0000 (23:05 +0200)]
use crl_reason_t definition from <credentials/certificates/crl.h>

11 years agouse crl_reason_t definition from <credentials/certificates/crl.h>
Andreas Steffen [Mon, 31 Aug 2009 20:58:34 +0000 (22:58 +0200)]
use crl_reason_t definition from <credentials/certificates/crl.h>

11 years agouse time_monotonic() instead of time() for statistics and time difference calculations
Martin Willi [Mon, 31 Aug 2009 15:59:00 +0000 (17:59 +0200)]
use time_monotonic() instead of time() for statistics and time difference calculations

11 years agouse time_monotonic() instead of gettimeofday() for time difference calculations
Martin Willi [Mon, 31 Aug 2009 13:25:03 +0000 (15:25 +0200)]
use time_monotonic() instead of gettimeofday() for time difference calculations

11 years agouse monotonic time source in convar->timed_wait, and in the scheduler using it
Martin Willi [Mon, 31 Aug 2009 13:13:48 +0000 (15:13 +0200)]
use monotonic time source in convar->timed_wait, and in the scheduler using it

11 years agoimplemented a monotonic timestamping function, unaffected from system time changes
Martin Willi [Mon, 31 Aug 2009 13:03:35 +0000 (15:03 +0200)]
implemented a monotonic timestamping function, unaffected from system time changes

11 years agodo not depend on gcrypt autoconf macros
Martin Willi [Mon, 31 Aug 2009 11:14:54 +0000 (13:14 +0200)]
do not depend on gcrypt autoconf macros

11 years agoadded ECGDSA specific OIDs
Martin Willi [Mon, 31 Aug 2009 08:34:00 +0000 (10:34 +0200)]
added ECGDSA specific OIDs

11 years agofixed crash in crl listing
Martin Willi [Mon, 31 Aug 2009 08:21:38 +0000 (10:21 +0200)]
fixed crash in crl listing

11 years agogeneration of keyid requires pkcs1 plugin
Andreas Steffen [Sun, 30 Aug 2009 20:55:40 +0000 (22:55 +0200)]
generation of keyid requires pkcs1 plugin

11 years agoclear RSA private key chunks after use
Andreas Steffen [Sun, 30 Aug 2009 17:12:29 +0000 (19:12 +0200)]
clear RSA private key chunks after use

11 years agoASN.1 DER encoding of private key is not needed anymore
Andreas Steffen [Sun, 30 Aug 2009 17:05:43 +0000 (19:05 +0200)]
ASN.1 DER encoding of private key is not needed anymore

11 years agonew UML scenario certs have SHA256 digest
Andreas Steffen [Sun, 30 Aug 2009 15:58:34 +0000 (17:58 +0200)]
new UML scenario certs have SHA256 digest

11 years agoremoved position debug output
Andreas Steffen [Sun, 30 Aug 2009 15:37:27 +0000 (17:37 +0200)]
removed position debug output

11 years agoadded workaround to parse PEM encoded PGP key with KEY_RSA
Martin Willi [Fri, 28 Aug 2009 15:25:07 +0000 (17:25 +0200)]
added workaround to parse PEM encoded PGP key with KEY_RSA

11 years agoimplemented PGP Secret-Key Packet parsing
Martin Willi [Fri, 28 Aug 2009 15:23:58 +0000 (17:23 +0200)]
implemented PGP Secret-Key Packet parsing

11 years agofixed memleak
Martin Willi [Fri, 28 Aug 2009 14:16:39 +0000 (16:16 +0200)]
fixed memleak

11 years ago.., but a comment might be helpful
Andreas Steffen [Fri, 28 Aug 2009 07:28:39 +0000 (09:28 +0200)]
.., but a comment might be helpful

11 years agoremoved TODO reminder
Andreas Steffen [Fri, 28 Aug 2009 07:26:46 +0000 (09:26 +0200)]
removed TODO reminder

11 years agoallow choice of digest algorithm in certificate generation
Andreas Steffen [Fri, 28 Aug 2009 07:08:03 +0000 (09:08 +0200)]
allow choice of digest algorithm in certificate generation

11 years agobuild_curve_signature() processes hash not data
Andreas Steffen [Thu, 27 Aug 2009 18:41:29 +0000 (20:41 +0200)]
build_curve_signature() processes hash not data

11 years agoNID_hash and NID_ec_curve were interchanged
Andreas Steffen [Thu, 27 Aug 2009 18:28:41 +0000 (20:28 +0200)]
NID_hash and NID_ec_curve were interchanged

11 years agoverify_signature() now processes hash not data
Andreas Steffen [Thu, 27 Aug 2009 18:18:22 +0000 (20:18 +0200)]
verify_signature() now processes hash not data

11 years agoNID_hash and NID_ec_curver were interchanged
Andreas Steffen [Thu, 27 Aug 2009 18:11:49 +0000 (20:11 +0200)]
NID_hash and NID_ec_curver were interchanged

11 years agoverify that the ECDSA auth signature was done with the correct curve
Martin Willi [Thu, 27 Aug 2009 15:58:02 +0000 (17:58 +0200)]
verify that the ECDSA auth signature was done with the correct curve

11 years agodistinguish between RFC 4754 (concatenated) and RFC 3279 (DER encoded) ECDSA signatures
Martin Willi [Thu, 27 Aug 2009 15:36:17 +0000 (17:36 +0200)]
distinguish between RFC 4754 (concatenated) and RFC 3279 (DER encoded) ECDSA signatures

11 years agoOID_EC_PUBLICKEY has a parameters field, defining the elliptic curve
Andreas Steffen [Thu, 27 Aug 2009 14:34:16 +0000 (16:34 +0200)]
OID_EC_PUBLICKEY has a parameters field, defining the elliptic curve

11 years agoadded OID_EC_PUBLIC_KEY algorithmIdentifier
Andreas Steffen [Thu, 27 Aug 2009 14:07:59 +0000 (16:07 +0200)]
added OID_EC_PUBLIC_KEY algorithmIdentifier

11 years agocosmetics
Andreas Steffen [Thu, 27 Aug 2009 13:33:22 +0000 (15:33 +0200)]
cosmetics