strongswan.git
10 years agoshortened file loading debug output
Andreas Steffen [Tue, 22 Sep 2009 10:33:13 +0000 (12:33 +0200)]
shortened file loading debug output

10 years agocomputed hash-and-url for new certificates
Andreas Steffen [Tue, 22 Sep 2009 10:05:37 +0000 (12:05 +0200)]
computed hash-and-url for new certificates

10 years agoFixed encoding of hash-and-url cert payload
Martin Willi [Tue, 22 Sep 2009 08:07:04 +0000 (10:07 +0200)]
Fixed encoding of hash-and-url cert payload

10 years agoDo not assign SIM version to a volatile buffer on stack
Martin Willi [Tue, 22 Sep 2009 07:11:35 +0000 (09:11 +0200)]
Do not assign SIM version to a volatile buffer on stack

10 years agoCA certificates are looked up using the subjectPublicKeyInfo keyid
Martin Willi [Mon, 21 Sep 2009 16:13:25 +0000 (18:13 +0200)]
CA certificates are looked up using the subjectPublicKeyInfo keyid

10 years agoCredential backends use has_fingerprint() methods to select keys/certificates
Martin Willi [Mon, 21 Sep 2009 15:03:00 +0000 (17:03 +0200)]
Credential backends use has_fingerprint() methods to select keys/certificates

10 years agoPublic/Private keys implement a has_fingerprint() method
Martin Willi [Mon, 21 Sep 2009 14:47:25 +0000 (16:47 +0200)]
Public/Private keys implement a has_fingerprint() method

10 years agoCorrectly serve certificates if CERT_ANY requested
Martin Willi [Mon, 21 Sep 2009 13:34:29 +0000 (15:34 +0200)]
Correctly serve certificates if CERT_ANY requested

10 years agoEnforce a local address of the same family as remote address
Martin Willi [Mon, 21 Sep 2009 13:19:39 +0000 (15:19 +0200)]
Enforce a local address of the same family as remote address

10 years agoReturn certificates of requested kind only
Martin Willi [Mon, 21 Sep 2009 12:43:57 +0000 (14:43 +0200)]
Return certificates of requested kind only

10 years agoplugin has been renamed to resolve
Andreas Steffen [Sun, 20 Sep 2009 20:03:23 +0000 (22:03 +0200)]
plugin has been renamed to resolve

10 years agodelete resolv_conf_* files
Andreas Steffen [Sun, 20 Sep 2009 19:59:36 +0000 (21:59 +0200)]
delete resolv_conf_* files

10 years agoall arguments must be read
Andreas Steffen [Sun, 20 Sep 2009 19:56:22 +0000 (21:56 +0200)]
all arguments must be read

10 years agoresolv_conf plugin renamed to resolve
Andreas Steffen [Sun, 20 Sep 2009 17:06:58 +0000 (19:06 +0200)]
resolv_conf plugin renamed to resolve

10 years agoadapt evaltest.dat to changed debug output
Andreas Steffen [Sun, 20 Sep 2009 15:23:24 +0000 (17:23 +0200)]
adapt evaltest.dat to changed debug output

10 years agorenewed certs in dynamic-initiator/dynamic-responder scenarios
Andreas Steffen [Sat, 19 Sep 2009 06:18:42 +0000 (08:18 +0200)]
renewed certs in dynamic-initiator/dynamic-responder scenarios

10 years agouse new certificates
Andreas Steffen [Fri, 18 Sep 2009 22:26:55 +0000 (00:26 +0200)]
use new certificates

10 years agoeliminated double library_deinit()
Andreas Steffen [Fri, 18 Sep 2009 22:00:56 +0000 (00:00 +0200)]
eliminated double library_deinit()

10 years agokeyids of renewed keys
Andreas Steffen [Fri, 18 Sep 2009 19:44:57 +0000 (21:44 +0200)]
keyids of renewed keys

10 years agoupdated to renewed certs in SQL database
Andreas Steffen [Fri, 18 Sep 2009 19:22:37 +0000 (21:22 +0200)]
updated to renewed certs in SQL database

10 years agorenewal of end entity certificates
Andreas Steffen [Fri, 18 Sep 2009 19:17:03 +0000 (21:17 +0200)]
renewal of end entity certificates

10 years agofixed --enable-eap-md5 and --enable-eap-gtc options
Andreas Steffen [Fri, 18 Sep 2009 16:23:26 +0000 (18:23 +0200)]
fixed --enable-eap-md5 and --enable-eap-gtc options

10 years agobackwards compatibility with SQL format
Andreas Steffen [Fri, 18 Sep 2009 05:22:07 +0000 (07:22 +0200)]
backwards compatibility with SQL format

10 years agoUse helper functions to handle (non-)skippable attributes
Martin Willi [Fri, 18 Sep 2009 13:08:43 +0000 (15:08 +0200)]
Use helper functions to handle (non-)skippable attributes

10 years agoClients can handle AKA-Identity requests by sending the full identity
Martin Willi [Fri, 18 Sep 2009 12:51:35 +0000 (14:51 +0200)]
Clients can handle AKA-Identity requests by sending the full identity

10 years agonm uses the distributions trusted root CAs if none is explicitly specified
Martin Willi [Fri, 18 Sep 2009 12:29:50 +0000 (14:29 +0200)]
nm uses the distributions trusted root CAs if none is explicitly specified

10 years agosome reformulations
Andreas Steffen [Thu, 17 Sep 2009 20:20:35 +0000 (22:20 +0200)]
some reformulations

10 years agoget_private() in listcacerts requires a valid auth cfg
Martin Willi [Thu, 17 Sep 2009 10:47:03 +0000 (12:47 +0200)]
get_private() in listcacerts requires a valid auth cfg

10 years agoFixed nexthop lookup, used by source route installation
Martin Willi [Wed, 16 Sep 2009 11:55:32 +0000 (13:55 +0200)]
Fixed nexthop lookup, used by source route installation

10 years agoUse continue to advance to next iteration
Martin Willi [Wed, 16 Sep 2009 11:32:47 +0000 (13:32 +0200)]
Use continue to advance to next iteration

10 years agoComplain about missing %defaultroute support only if one is actually used
Martin Willi [Wed, 16 Sep 2009 11:27:49 +0000 (13:27 +0200)]
Complain about missing %defaultroute support only if one is actually used

10 years agoUse the default debug hook if possible
Martin Willi [Wed, 16 Sep 2009 11:16:00 +0000 (13:16 +0200)]
Use the default debug hook if possible

10 years agoDefault logger implementation can be modified by dbg_default_set_level/stream
Martin Willi [Wed, 16 Sep 2009 11:06:16 +0000 (13:06 +0200)]
Default logger implementation can be modified by dbg_default_set_level/stream

10 years agoRemoved obsolete per-command debug level option
Martin Willi [Wed, 16 Sep 2009 10:52:56 +0000 (12:52 +0200)]
Removed obsolete per-command debug level option

10 years agoFixed loading of DER encoded certificate files
Martin Willi [Wed, 16 Sep 2009 09:24:35 +0000 (11:24 +0200)]
Fixed loading of DER encoded certificate files

10 years agocorrected usage
Andreas Steffen [Tue, 15 Sep 2009 20:43:22 +0000 (22:43 +0200)]
corrected usage

10 years agopki --req generates a PKCS#10 certificate request
Andreas Steffen [Tue, 15 Sep 2009 20:33:32 +0000 (22:33 +0200)]
pki --req generates a PKCS#10 certificate request

10 years agoimplemented ASN.1 encoding of PKCS#10 attributes
Andreas Steffen [Tue, 15 Sep 2009 19:55:44 +0000 (21:55 +0200)]
implemented ASN.1 encoding of PKCS#10 attributes

10 years agofixed typo
Andreas Steffen [Tue, 15 Sep 2009 14:48:13 +0000 (16:48 +0200)]
fixed typo

10 years agoDisable rtnetlink defaultroute lookup if pluto is disabled
Martin Willi [Tue, 15 Sep 2009 11:13:45 +0000 (13:13 +0200)]
Disable rtnetlink defaultroute lookup if pluto is disabled

As we do not support Pluto on BSD/Mac, exclude the Linux specific
rtnetlink routing lookup; Charon doesn't require it anyway.

10 years agoGet starter default route via rtnetlink
Heiko Hund [Tue, 8 Sep 2009 09:32:50 +0000 (11:32 +0200)]
Get starter default route via rtnetlink

This patch changes the way routes are fetched from the kernel by starter.

The way it's currently done (via /proc) is limited to routes in the
"main" routing table. Routes from the "default" table are never seen by
starter. Starter may miss the default route even if it's set. Thus, default
routes are now read from the "main" and the "default" table.

The way this code behaves if more than one default route is found is slightly
different to before. Instead of bailing out it just chooses the one with the best
metric. I thought this was be a reasonable change.

10 years agoHandle pki --debug and --options in a generic way for all command
Martin Willi [Tue, 15 Sep 2009 09:49:14 +0000 (11:49 +0200)]
Handle pki --debug and --options in a generic way for all command

10 years agopki tool supports single letter short options
Martin Willi [Tue, 15 Sep 2009 08:20:22 +0000 (10:20 +0200)]
pki tool supports single letter short options

10 years agoExponents of a RSA key in openssl are optional (for PGP)
Martin Willi [Tue, 15 Sep 2009 07:17:04 +0000 (09:17 +0200)]
Exponents of a RSA key in openssl are optional (for PGP)

10 years agoAdded some NEWS
Martin Willi [Tue, 15 Sep 2009 07:13:31 +0000 (09:13 +0200)]
Added some NEWS

10 years agoUse ID_KEY_ID as PGP user id, as it can contain any string
Martin Willi [Tue, 15 Sep 2009 06:45:08 +0000 (08:45 +0200)]
Use ID_KEY_ID as PGP user id, as it can contain any string

10 years agoFall back to default credential set lookup if fingerprint lookup fails
Martin Willi [Tue, 15 Sep 2009 06:44:10 +0000 (08:44 +0200)]
Fall back to default credential set lookup if fingerprint lookup fails

10 years agoImplemented support for preinstalled PGP certificates in charon
Martin Willi [Mon, 14 Sep 2009 18:04:48 +0000 (20:04 +0200)]
Implemented support for preinstalled PGP certificates in charon

10 years agoAdded basic support for PGP certificates (no trust relationships yet)
Martin Willi [Mon, 14 Sep 2009 14:56:54 +0000 (16:56 +0200)]
Added basic support for PGP certificates (no trust relationships yet)

10 years agoMoved generic PGP parsing functions to pgp_utils.[ch]
Martin Willi [Mon, 14 Sep 2009 14:06:19 +0000 (16:06 +0200)]
Moved generic PGP parsing functions to pgp_utils.[ch]

10 years agopki --pub and --keyid accept pkcs10 as input
Andreas Steffen [Tue, 15 Sep 2009 04:23:38 +0000 (06:23 +0200)]
pki --pub and --keyid accept pkcs10 as input

10 years agoreplaced the missed ${confdir} by ${sysconfdir}
Martin Willi [Mon, 14 Sep 2009 15:56:12 +0000 (17:56 +0200)]
replaced the missed ${confdir} by ${sysconfdir}

10 years agocheck if PKCS#10 version is 1
Andreas Steffen [Mon, 14 Sep 2009 17:38:57 +0000 (19:38 +0200)]
check if PKCS#10 version is 1

10 years agocosmetics
Andreas Steffen [Mon, 14 Sep 2009 17:28:56 +0000 (19:28 +0200)]
cosmetics

10 years agoenable debug level setting
Andreas Steffen [Mon, 14 Sep 2009 17:28:25 +0000 (19:28 +0200)]
enable debug level setting

10 years agoFixed pluto certificate parsing
Martin Willi [Mon, 14 Sep 2009 15:17:07 +0000 (17:17 +0200)]
Fixed pluto certificate parsing

10 years agoAdded support to build RSA keys from components in openssl
Martin Willi [Mon, 14 Sep 2009 12:29:10 +0000 (14:29 +0200)]
Added support to build RSA keys from components in openssl

10 years agosupport of PKCS#10 certificate request generation without attributes
Andreas Steffen [Sun, 13 Sep 2009 22:45:51 +0000 (00:45 +0200)]
support of PKCS#10 certificate request generation without attributes

10 years agoextended hasher_signature_algorithm_to_oid() function
Andreas Steffen [Sun, 13 Sep 2009 19:41:51 +0000 (21:41 +0200)]
extended hasher_signature_algorithm_to_oid() function

10 years agoremoved req.h
Andreas Steffen [Sun, 13 Sep 2009 19:03:36 +0000 (21:03 +0200)]
removed req.h

10 years agosupport of PKCS#10 certificate request parsing
Andreas Steffen [Sun, 13 Sep 2009 19:00:15 +0000 (21:00 +0200)]
support of PKCS#10 certificate request parsing

10 years agoparsing error caused segfault in destroy()
Andreas Steffen [Sun, 13 Sep 2009 18:56:12 +0000 (20:56 +0200)]
parsing error caused segfault in destroy()

10 years agoneed two PKCS#9 OIDs
Andreas Steffen [Sat, 12 Sep 2009 22:42:15 +0000 (00:42 +0200)]
need two PKCS#9 OIDs

10 years agocorrected captions
Andreas Steffen [Sat, 12 Sep 2009 15:39:15 +0000 (17:39 +0200)]
corrected captions

10 years agofixed another typo
Andreas Steffen [Sat, 12 Sep 2009 04:44:11 +0000 (06:44 +0200)]
fixed another typo

10 years agofixed typo
Andreas Steffen [Sat, 12 Sep 2009 04:42:35 +0000 (06:42 +0200)]
fixed typo

10 years agopki tool can issue/self-sign certificates with OCSP URIs
Martin Willi [Fri, 11 Sep 2009 15:17:56 +0000 (17:17 +0200)]
pki tool can issue/self-sign certificates with OCSP URIs

10 years agox509 plugin supports encoding of OCSP AuthorityInfo AccessLocations
Martin Willi [Fri, 11 Sep 2009 15:16:22 +0000 (17:16 +0200)]
x509 plugin supports encoding of OCSP AuthorityInfo AccessLocations

10 years agoadded lost session cookie buffer
Martin Willi [Fri, 11 Sep 2009 14:23:15 +0000 (16:23 +0200)]
added lost session cookie buffer

10 years agoRemoved chunk_from_buf() in favor of a simpler chunk_from_chars() macro
Martin Willi [Fri, 11 Sep 2009 13:35:10 +0000 (15:35 +0200)]
Removed chunk_from_buf() in favor of a simpler chunk_from_chars() macro

10 years agopki tool can issue certificates with CRL distribution points
Martin Willi [Fri, 11 Sep 2009 09:45:42 +0000 (11:45 +0200)]
pki tool can issue certificates with CRL distribution points

10 years agox509 plugin supports encoding of CRL distribution points
Martin Willi [Fri, 11 Sep 2009 09:45:04 +0000 (11:45 +0200)]
x509 plugin supports encoding of CRL distribution points

10 years agodouble check session id has been initialized
Martin Willi [Thu, 10 Sep 2009 18:51:43 +0000 (20:51 +0200)]
double check session id has been initialized

10 years agopass NULL to library_init() to load settings from default file
Martin Willi [Tue, 8 Sep 2009 18:01:13 +0000 (20:01 +0200)]
pass NULL to library_init() to load settings from default file

10 years agouse NULL to load plugins from default plugin directory
Martin Willi [Tue, 8 Sep 2009 17:48:34 +0000 (19:48 +0200)]
use NULL to load plugins from default plugin directory

10 years agoremove obsolete @brief doxygen tags
Martin Willi [Mon, 7 Sep 2009 16:56:53 +0000 (18:56 +0200)]
remove obsolete @brief doxygen tags

10 years agoUse wrapped mutex_t/condvar_t instead of pthread_mutex/cond_t
Martin Willi [Mon, 7 Sep 2009 16:50:02 +0000 (18:50 +0200)]
Use wrapped mutex_t/condvar_t instead of pthread_mutex/cond_t

10 years agolibfast uses enumerator instead of deprecated iterator
Martin Willi [Mon, 7 Sep 2009 16:28:55 +0000 (18:28 +0200)]
libfast uses enumerator instead of deprecated iterator

10 years agoUpdated x509 plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:24:06 +0000 (16:24 +0200)]
Updated x509 plugin to the new builder API

10 years agoUpdated pubkey plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:23:41 +0000 (16:23 +0200)]
Updated pubkey plugin to the new builder API

10 years agoUpdated pkcs1 plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:23:26 +0000 (16:23 +0200)]
Updated pkcs1 plugin to the new builder API

10 years agoUpdated pgp plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:23:08 +0000 (16:23 +0200)]
Updated pgp plugin to the new builder API

10 years agoUpdated pem plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:22:42 +0000 (16:22 +0200)]
Updated pem plugin to the new builder API

10 years agoUpdated openssl plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:21:21 +0000 (16:21 +0200)]
Updated openssl plugin to the new builder API

10 years agoUpdated gmp plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:20:53 +0000 (16:20 +0200)]
Updated gmp plugin to the new builder API

10 years agoUpdated gcrypt plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:20:35 +0000 (16:20 +0200)]
Updated gcrypt plugin to the new builder API

10 years agoUpdated dnskey plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:19:44 +0000 (16:19 +0200)]
Updated dnskey plugin to the new builder API

10 years agoUpdated agent plugin to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:19:08 +0000 (16:19 +0200)]
Updated agent plugin to the new builder API

10 years agoUpdated pluto to the new builder API
Martin Willi [Wed, 9 Sep 2009 14:18:29 +0000 (16:18 +0200)]
Updated pluto to the new builder API

10 years agoReplaced builder_t objects by simple builder_function_t functions
Martin Willi [Wed, 9 Sep 2009 14:16:34 +0000 (16:16 +0200)]
Replaced builder_t objects by simple builder_function_t functions

10 years agoUse dynamic registration/usage invocation of command types
Martin Willi [Thu, 10 Sep 2009 10:44:06 +0000 (12:44 +0200)]
Use dynamic registration/usage invocation of command types

10 years agosplitted PKI tool to a file per command
Martin Willi [Thu, 10 Sep 2009 10:31:40 +0000 (12:31 +0200)]
splitted PKI tool to a file per command

10 years agouse generic option parsing with usage information
Martin Willi [Thu, 10 Sep 2009 09:18:41 +0000 (11:18 +0200)]
use generic option parsing with usage information

10 years agofixed memleak
Martin Willi [Wed, 9 Sep 2009 15:12:38 +0000 (17:12 +0200)]
fixed memleak

10 years agoevaluate arguments of chunk_clone/clonea/alloc/alloca only once
Martin Willi [Wed, 9 Sep 2009 11:30:31 +0000 (13:30 +0200)]
evaluate arguments of chunk_clone/clonea/alloc/alloca only once

10 years agosplit usage information
Andreas Steffen [Wed, 9 Sep 2009 00:37:17 +0000 (02:37 +0200)]
split usage information

10 years agoupdated usage of ipsec pki --self
Andreas Steffen [Tue, 8 Sep 2009 20:22:09 +0000 (22:22 +0200)]
updated usage of ipsec pki --self

10 years agosupport --options also in ipsec pki --self
Andreas Steffen [Tue, 8 Sep 2009 19:54:00 +0000 (21:54 +0200)]
support --options also in ipsec pki --self

10 years ago--options reads command line options from file
Andreas Steffen [Tue, 8 Sep 2009 19:36:35 +0000 (21:36 +0200)]
--options reads command line options from file

10 years agopki tool supports subjectAltNames in certificates
Martin Willi [Tue, 8 Sep 2009 11:27:35 +0000 (13:27 +0200)]
pki tool supports subjectAltNames in certificates