strongswan.git
9 years agoRespect enforce_critical setting in x509 plugin CRLs
Martin Willi [Fri, 17 Dec 2010 10:38:04 +0000 (11:38 +0100)]
Respect enforce_critical setting in x509 plugin CRLs

9 years agoParse CRL extensions in a switch statement
Martin Willi [Fri, 17 Dec 2010 10:36:15 +0000 (11:36 +0100)]
Parse CRL extensions in a switch statement

9 years agoRespect policy mappings in certificatePolicy validation
Martin Willi [Thu, 16 Dec 2010 15:44:33 +0000 (16:44 +0100)]
Respect policy mappings in certificatePolicy validation

9 years agoAdded a cert_policy option to conftest configurations
Martin Willi [Thu, 16 Dec 2010 15:18:11 +0000 (16:18 +0100)]
Added a cert_policy option to conftest configurations

9 years agoValidate simple certificatePolicy inheritance
Martin Willi [Thu, 16 Dec 2010 10:24:52 +0000 (11:24 +0100)]
Validate simple certificatePolicy inheritance

9 years agoAdded a certificate policy OID auth_cfg constraint
Martin Willi [Thu, 16 Dec 2010 10:25:32 +0000 (11:25 +0100)]
Added a certificate policy OID auth_cfg constraint

9 years agoAdded policyConstraints support to pki tool
Martin Willi [Wed, 15 Dec 2010 16:46:04 +0000 (17:46 +0100)]
Added policyConstraints support to pki tool

9 years agoAdded support for policyConstraints to x509 plugin
Martin Willi [Wed, 15 Dec 2010 16:45:32 +0000 (17:45 +0100)]
Added support for policyConstraints to x509 plugin

9 years agoSlightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
Martin Willi [Wed, 15 Dec 2010 15:42:30 +0000 (16:42 +0100)]
Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too

9 years agoAdded policyMappings support to pki tool
Martin Willi [Wed, 15 Dec 2010 14:30:09 +0000 (14:30 +0000)]
Added policyMappings support to pki tool

9 years agoAdded policyMappings support to x509 plugin
Martin Willi [Wed, 15 Dec 2010 14:29:25 +0000 (14:29 +0000)]
Added policyMappings support to x509 plugin

9 years agoAdded policyMappings OID identifier
Martin Willi [Wed, 15 Dec 2010 14:28:31 +0000 (14:28 +0000)]
Added policyMappings OID identifier

9 years agoAdded certificatePolicy options to pki tool
Martin Willi [Wed, 15 Dec 2010 13:31:04 +0000 (14:31 +0100)]
Added certificatePolicy options to pki tool

9 years agoAdded certificatePolicy support to x509 plugin
Martin Willi [Wed, 15 Dec 2010 13:08:20 +0000 (14:08 +0100)]
Added certificatePolicy support to x509 plugin

9 years agoAdded a null-safe strdup variant
Martin Willi [Wed, 15 Dec 2010 11:15:12 +0000 (12:15 +0100)]
Added a null-safe strdup variant

9 years agoFail when parsing unsupported critical extensions in openssl_x509
Martin Willi [Tue, 14 Dec 2010 16:34:34 +0000 (17:34 +0100)]
Fail when parsing unsupported critical extensions in openssl_x509

9 years agoAdded CertificatePolicy OID identifier
Martin Willi [Tue, 14 Dec 2010 16:34:02 +0000 (17:34 +0100)]
Added CertificatePolicy OID identifier

9 years agoAdded command line tool for OID to DER conversion function
Martin Willi [Tue, 14 Dec 2010 13:49:17 +0000 (14:49 +0100)]
Added command line tool for OID to DER conversion function

9 years agoAdded conversion functions between string OIDs and its DER encoding
Martin Willi [Tue, 14 Dec 2010 13:47:44 +0000 (14:47 +0100)]
Added conversion functions between string OIDs and its DER encoding

9 years agoDo not parse certificates with invalid version in openssl plugin
Martin Willi [Mon, 13 Dec 2010 13:22:00 +0000 (14:22 +0100)]
Do not parse certificates with invalid version in openssl plugin

9 years agoImplemented NameConstraint matching in constraints plugin
Martin Willi [Thu, 9 Dec 2010 15:39:07 +0000 (16:39 +0100)]
Implemented NameConstraint matching in constraints plugin

9 years agopki --issue/self support permitted/excluded NameConstraints
Martin Willi [Thu, 9 Dec 2010 15:29:22 +0000 (16:29 +0100)]
pki --issue/self support permitted/excluded NameConstraints

9 years agopki --print prints NameConstraints
Martin Willi [Thu, 9 Dec 2010 12:34:17 +0000 (13:34 +0100)]
pki --print prints NameConstraints

9 years agoAdded support for generating NameConstraints in x509 plugin
Martin Willi [Thu, 9 Dec 2010 12:33:43 +0000 (13:33 +0100)]
Added support for generating NameConstraints in x509 plugin

9 years agoAdded support for parsing NameConstraints in x509 plugin
Martin Willi [Thu, 9 Dec 2010 12:33:07 +0000 (13:33 +0100)]
Added support for parsing NameConstraints in x509 plugin

9 years agoAdded name constraint enumerator to x509 interface
Martin Willi [Thu, 9 Dec 2010 10:50:50 +0000 (11:50 +0100)]
Added name constraint enumerator to x509 interface

9 years agoMigrated x509_cert_t to INIT/METHOD macros
Martin Willi [Thu, 9 Dec 2010 10:44:31 +0000 (11:44 +0100)]
Migrated x509_cert_t to INIT/METHOD macros

9 years agoMoved X509 pathlen constraint checking to constraints plugin
Martin Willi [Thu, 9 Dec 2010 09:46:48 +0000 (10:46 +0100)]
Moved X509 pathlen constraint checking to constraints plugin

9 years agoAdded plugin stub for advanced X509 constraint checking
Martin Willi [Thu, 9 Dec 2010 09:41:54 +0000 (09:41 +0000)]
Added plugin stub for advanced X509 constraint checking

9 years agoAdded a hook to reset ESP sequence numbers
Martin Willi [Fri, 10 Dec 2010 17:18:24 +0000 (18:18 +0100)]
Added a hook to reset ESP sequence numbers

9 years agoAccept a suffix to differentiate x509, crl, ecdsa and rsa files
Martin Willi [Fri, 10 Dec 2010 13:33:28 +0000 (14:33 +0100)]
Accept a suffix to differentiate x509, crl, ecdsa and rsa files

9 years agoUse strncaseeq instead of strncasecmp
Martin Willi [Fri, 10 Dec 2010 13:25:19 +0000 (14:25 +0100)]
Use strncaseeq instead of strncasecmp

9 years agoAdded a strncaseeq variant to the string comparison macros
Martin Willi [Fri, 10 Dec 2010 13:22:18 +0000 (14:22 +0100)]
Added a strncaseeq variant to the string comparison macros

9 years agoAdded tfc_padding option, changes signature to master changes
Martin Willi [Fri, 10 Dec 2010 10:29:39 +0000 (11:29 +0100)]
Added tfc_padding option, changes signature to master changes

9 years agoCRL/OCSP validation stores trustchain information in auth_cfg
Martin Willi [Tue, 7 Dec 2010 16:53:13 +0000 (17:53 +0100)]
CRL/OCSP validation stores trustchain information in auth_cfg

9 years agoKey strength checking stores all key sizes in auth_cfg, verifies all in complies()
Martin Willi [Tue, 7 Dec 2010 16:48:23 +0000 (17:48 +0100)]
Key strength checking stores all key sizes in auth_cfg, verifies all in complies()

9 years agoInstall "ipsec" script with tools or conftest
Martin Willi [Mon, 6 Dec 2010 09:36:51 +0000 (10:36 +0100)]
Install "ipsec" script with tools or conftest

9 years agoUse subject, not issuer, of CRL issuing certificate
Martin Willi [Fri, 3 Dec 2010 13:29:03 +0000 (14:29 +0100)]
Use subject, not issuer, of CRL issuing certificate

9 years agoCRLSign keyUsage or CA basicConstraint are sufficient for CRL validation
Martin Willi [Fri, 3 Dec 2010 12:51:51 +0000 (13:51 +0100)]
CRLSign keyUsage or CA basicConstraint are sufficient for CRL validation

9 years agoParse and encode crlSign keyUsage flag in x509 plugin
Martin Willi [Fri, 3 Dec 2010 12:26:38 +0000 (13:26 +0100)]
Parse and encode crlSign keyUsage flag in x509 plugin

9 years agopki tool shows and builds crlSign keyUsage
Martin Willi [Fri, 3 Dec 2010 12:25:45 +0000 (13:25 +0100)]
pki tool shows and builds crlSign keyUsage

9 years agoAdded a flag for X509 CRLSign keyUsage
Martin Willi [Fri, 3 Dec 2010 12:24:49 +0000 (13:24 +0100)]
Added a flag for X509 CRLSign keyUsage

9 years agoRemove x509_flag_names, flags do not work with ENUM()
Martin Willi [Fri, 3 Dec 2010 12:23:59 +0000 (13:23 +0100)]
Remove x509_flag_names, flags do not work with ENUM()

9 years agoUse certificate CRLIssuer information to look up cacched CRLs or CDPs
Martin Willi [Thu, 2 Dec 2010 14:38:44 +0000 (15:38 +0100)]
Use certificate CRLIssuer information to look up cacched CRLs or CDPs

9 years agoAdded --crlissuer option to pki --issue
Martin Willi [Thu, 2 Dec 2010 14:37:28 +0000 (15:37 +0100)]
Added --crlissuer option to pki --issue

9 years agoAdded support for CRL Issuers to x509 and OpenSSL plugins
Martin Willi [Fri, 3 Dec 2010 09:28:46 +0000 (09:28 +0000)]
Added support for CRL Issuers to x509 and OpenSSL plugins

9 years agoGenerate payload to rebuild_auth, works with injected unknown payloads
Martin Willi [Wed, 1 Dec 2010 13:56:26 +0000 (14:56 +0100)]
Generate payload to rebuild_auth, works with injected unknown payloads

9 years agoMove rebuild_auth functionality to a standalone hook
Martin Willi [Wed, 1 Dec 2010 13:33:57 +0000 (14:33 +0100)]
Move rebuild_auth functionality to a standalone hook

This reverts commit 3c12b239fd55aa36c59eb60224d27af8b8d915d1.

9 years agoAdded key strength constraints support to conftest
Martin Willi [Thu, 25 Nov 2010 14:27:31 +0000 (15:27 +0100)]
Added key strength constraints support to conftest

9 years agoAdded key strength constraints for RSA or ECDSA trustchains
Martin Willi [Thu, 25 Nov 2010 14:26:51 +0000 (15:26 +0100)]
Added key strength constraints for RSA or ECDSA trustchains

9 years agoImplemented hook to log traffic selectors
Martin Willi [Thu, 25 Nov 2010 12:54:31 +0000 (13:54 +0100)]
Implemented hook to log traffic selectors

9 years agoThe set_reserved() hook rebuilds AUTH if it mangles ID payload fields
Martin Willi [Thu, 25 Nov 2010 11:32:41 +0000 (12:32 +0100)]
The set_reserved() hook rebuilds AUTH if it mangles ID payload fields

9 years agoInclude the used reserved bytes from ID payloads in AUTH calculation
Martin Willi [Thu, 25 Nov 2010 10:35:43 +0000 (11:35 +0100)]
Include the used reserved bytes from ID payloads in AUTH calculation

9 years agoMigrated psk/pubkey_authenticators to INIT/METHOD macros
Martin Willi [Thu, 25 Nov 2010 10:13:04 +0000 (11:13 +0100)]
Migrated psk/pubkey_authenticators to INIT/METHOD macros

9 years agoExtended set_reserved hook to mangle sa_payload substructures
Martin Willi [Thu, 25 Nov 2010 09:55:29 +0000 (10:55 +0100)]
Extended set_reserved hook to mangle sa_payload substructures

9 years agoAdded substructure enumerators to sa_payload, proposal_substructure
Martin Willi [Thu, 25 Nov 2010 09:55:08 +0000 (10:55 +0100)]
Added substructure enumerators to sa_payload, proposal_substructure

9 years agoMoved check if packet already encoded to ike_sa, avoids message() hook invocation...
Martin Willi [Wed, 24 Nov 2010 17:09:06 +0000 (18:09 +0100)]
Moved check if packet already encoded to ike_sa, avoids message() hook invocation twice

9 years agoThe set_ike_version hook supports version flag mangling
Martin Willi [Wed, 24 Nov 2010 16:45:39 +0000 (17:45 +0100)]
The set_ike_version hook supports version flag mangling

9 years agoAdded a message method to set the "higher version supported" flag
Martin Willi [Wed, 24 Nov 2010 16:45:12 +0000 (17:45 +0100)]
Added a message method to set the "higher version supported" flag

9 years agoImplemented hook to toggle initiator flag in IKE header
Martin Willi [Wed, 24 Nov 2010 16:22:16 +0000 (17:22 +0100)]
Implemented hook to toggle initiator flag in IKE header

9 years agoImplemented a hook to set reserved bits
Martin Willi [Wed, 24 Nov 2010 14:42:08 +0000 (14:42 +0000)]
Implemented a hook to set reserved bits

9 years agoAdded reserved bit mangling wrapper functions to message
Martin Willi [Wed, 24 Nov 2010 15:56:46 +0000 (16:56 +0100)]
Added reserved bit mangling wrapper functions to message

9 years agoUse payload_get_field() to look up payload fields
Martin Willi [Wed, 24 Nov 2010 16:07:45 +0000 (17:07 +0100)]
Use payload_get_field() to look up payload fields

9 years agoImplemented a generic payload field lookup function
Martin Willi [Wed, 24 Nov 2010 15:52:49 +0000 (16:52 +0100)]
Implemented a generic payload field lookup function

9 years agoReserved field get parsed/generated like any other bit/byte field
Martin Willi [Wed, 24 Nov 2010 15:44:48 +0000 (16:44 +0100)]
Reserved field get parsed/generated like any other bit/byte field

9 years agoAdded member fields for reserved bits and bytes in all payloads
Martin Willi [Wed, 24 Nov 2010 15:34:16 +0000 (16:34 +0100)]
Added member fields for reserved bits and bytes in all payloads

9 years agoMigrated vendor_id_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:42:22 +0000 (14:42 +0100)]
Migrated vendor_id_payload to INIT/METHOD macros

9 years agoMigrated ts_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:36:47 +0000 (14:36 +0100)]
Migrated ts_payload to INIT/METHOD macros

9 years agoUse enumerator instead of deprecated iterator
Martin Willi [Wed, 24 Nov 2010 13:21:01 +0000 (14:21 +0100)]
Use enumerator instead of deprecated iterator

9 years agoMigrated transform_substructure to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:17:44 +0000 (14:17 +0100)]
Migrated transform_substructure to INIT/METHOD macros

9 years agoRemoved obsolete clone mehtod from proposal_substructure
Martin Willi [Wed, 24 Nov 2010 12:58:33 +0000 (13:58 +0100)]
Removed obsolete clone mehtod from proposal_substructure

9 years agoMigrated transform_attribute to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 11:14:31 +0000 (12:14 +0100)]
Migrated transform_attribute to INIT/METHOD macros

9 years agoMigrated traffic_selector_substructre to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 11:00:53 +0000 (12:00 +0100)]
Migrated traffic_selector_substructre to INIT/METHOD macros

9 years agoMigrated notify_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:54:12 +0000 (11:54 +0100)]
Migrated notify_payload to INIT/METHOD macros

9 years agoMigrated nonce_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:42:29 +0000 (11:42 +0100)]
Migrated nonce_payload to INIT/METHOD macros

9 years agoMigrated ke_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:37:34 +0000 (11:37 +0100)]
Migrated ke_payload to INIT/METHOD macros

9 years agoMigrated id_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:29:18 +0000 (11:29 +0100)]
Migrated id_payload to INIT/METHOD macros

9 years agoUse standard ID getter in log_id hook
Martin Willi [Wed, 24 Nov 2010 10:28:58 +0000 (11:28 +0100)]
Use standard ID getter in log_id hook

9 years agoMigrated cp_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:16:37 +0000 (11:16 +0100)]
Migrated cp_payload to INIT/METHOD macros

9 years agoMigrated configuration_attribute to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:07:28 +0000 (11:07 +0100)]
Migrated configuration_attribute to INIT/METHOD macros

9 years agoMigrated certreq_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:01:27 +0000 (11:01 +0100)]
Migrated certreq_payload to INIT/METHOD macros

9 years agoMigrated cert_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 09:53:38 +0000 (10:53 +0100)]
Migrated cert_payload to INIT/METHOD macros

9 years agoMigrated auth_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 09:38:58 +0000 (10:38 +0100)]
Migrated auth_payload to INIT/METHOD macros

9 years agoImplemented a hook to toggle the IKE message request flag
Martin Willi [Tue, 23 Nov 2010 12:55:32 +0000 (13:55 +0100)]
Implemented a hook to toggle the IKE message request flag

9 years agoImplemented hook to modify IKE header SPIs
Martin Willi [Tue, 23 Nov 2010 12:53:00 +0000 (13:53 +0100)]
Implemented hook to modify IKE header SPIs

9 years agoFixed transport mode configuration option
Martin Willi [Tue, 23 Nov 2010 12:34:08 +0000 (13:34 +0100)]
Fixed transport mode configuration option

9 years agoDisable MOBIKE in conftesting, as it changes port floating behavior
Martin Willi [Tue, 23 Nov 2010 10:43:23 +0000 (11:43 +0100)]
Disable MOBIKE in conftesting, as it changes port floating behavior

9 years agoLoad plugins only once, even if listed twice
Martin Willi [Tue, 23 Nov 2010 10:06:46 +0000 (11:06 +0100)]
Load plugins only once, even if listed twice

9 years agoPreload plugins configured in tests
Martin Willi [Tue, 23 Nov 2010 09:58:39 +0000 (10:58 +0100)]
Preload plugins configured in tests

9 years agoMoved generic infrastructure initialization to libcharon_init(), allows us to preload...
Martin Willi [Tue, 23 Nov 2010 09:50:36 +0000 (10:50 +0100)]
Moved generic infrastructure initialization to libcharon_init(), allows us to preload plugins

9 years agoAdded IKE options to configure source/destination ports
Martin Willi [Tue, 23 Nov 2010 09:45:45 +0000 (10:45 +0100)]
Added IKE options to configure source/destination ports

9 years agoAdded IKE config option to fake NAT situations
Martin Willi [Tue, 23 Nov 2010 09:43:48 +0000 (10:43 +0100)]
Added IKE config option to fake NAT situations

9 years agoShow SPI in proposal logging hook
Martin Willi [Tue, 23 Nov 2010 09:12:32 +0000 (10:12 +0100)]
Show SPI in proposal logging hook

9 years agoImplemented a hook to inject custom proposals
Martin Willi [Tue, 23 Nov 2010 09:01:42 +0000 (10:01 +0100)]
Implemented a hook to inject custom proposals

9 years agoFixed error reporting
Martin Willi [Tue, 23 Nov 2010 09:01:23 +0000 (10:01 +0100)]
Fixed error reporting

9 years agoRemove unused variable
Martin Willi [Tue, 23 Nov 2010 07:42:57 +0000 (08:42 +0100)]
Remove unused variable

9 years agoAdded hook to log ID payload type and data
Martin Willi [Mon, 15 Nov 2010 13:56:34 +0000 (14:56 +0100)]
Added hook to log ID payload type and data

9 years agoAdded hook to log received KE group
Martin Willi [Mon, 15 Nov 2010 13:47:06 +0000 (14:47 +0100)]
Added hook to log received KE group

9 years agoAdded a hook to modify proposal numbers
Martin Willi [Mon, 15 Nov 2010 13:37:02 +0000 (14:37 +0100)]
Added a hook to modify proposal numbers

9 years agoAdded a hook to print received proposals, including number
Martin Willi [Mon, 15 Nov 2010 13:07:17 +0000 (14:07 +0100)]
Added a hook to print received proposals, including number