strongswan.git
9 years agoimplemented check_and_build_recommendation()
Andreas Steffen [Mon, 10 Jan 2011 05:46:17 +0000 (06:46 +0100)]
implemented check_and_build_recommendation()

9 years agocorrect numbering of batches
Andreas Steffen [Mon, 10 Jan 2011 04:08:48 +0000 (05:08 +0100)]
correct numbering of batches

9 years agoinitialize the reference count correctly
Andreas Steffen [Mon, 10 Jan 2011 04:08:07 +0000 (05:08 +0100)]
initialize the reference count correctly

9 years agohandle zero size Base64 conversions
Andreas Steffen [Mon, 10 Jan 2011 04:06:59 +0000 (05:06 +0100)]
handle zero size Base64 conversions

9 years agocommunicate DELETE state to IMCs and IMVs
Andreas Steffen [Sun, 9 Jan 2011 22:27:43 +0000 (23:27 +0100)]
communicate DELETE state to IMCs and IMVs

9 years agoSend INITIAL_CONTACT even if we have a unique policy
Martin Willi [Mon, 10 Jan 2011 10:54:10 +0000 (11:54 +0100)]
Send INITIAL_CONTACT even if we have a unique policy

9 years agoimplemented parsing of TNCCS 1.1 messages
Andreas Steffen [Sun, 9 Jan 2011 09:00:54 +0000 (10:00 +0100)]
implemented parsing of TNCCS 1.1 messages

9 years agosend notifyConnectionChange() to IMCs
Andreas Steffen [Sun, 9 Jan 2011 09:00:13 +0000 (10:00 +0100)]
send notifyConnectionChange() to IMCs

9 years agosuiteb directory hasn't been moved to Master yet
Andreas Steffen [Sat, 8 Jan 2011 01:17:14 +0000 (02:17 +0100)]
suiteb directory hasn't been moved to Master yet

9 years agogenerate TNCCS-Error messages
Andreas Steffen [Sat, 8 Jan 2011 01:16:14 +0000 (02:16 +0100)]
generate TNCCS-Error messages

9 years agocreated process() method for TNCCS messages
Andreas Steffen [Sat, 8 Jan 2011 01:15:10 +0000 (02:15 +0100)]
created process() method for TNCCS messages

9 years agoAdded NEWS for ipsec.conf certpolicy and key strength options
Martin Willi [Fri, 7 Jan 2011 14:45:53 +0000 (15:45 +0100)]
Added NEWS for ipsec.conf certpolicy and key strength options

9 years agoAdded support for trustchain key strength checking to rightauth option
Martin Willi [Fri, 7 Jan 2011 14:38:34 +0000 (15:38 +0100)]
Added support for trustchain key strength checking to rightauth option

9 years agoAdded a left/rightcertpolicy keyword to specify certificatePolicy requirements
Martin Willi [Fri, 7 Jan 2011 14:14:41 +0000 (15:14 +0100)]
Added a left/rightcertpolicy keyword to specify certificatePolicy requirements

9 years agoFix nonce comparison in rekey collisions, lowest nonce loses
Martin Willi [Fri, 7 Jan 2011 12:32:28 +0000 (13:32 +0100)]
Fix nonce comparison in rekey collisions, lowest nonce loses

9 years agocorrected naming of tnccs_reason_strings_msg_t object
Andreas Steffen [Fri, 7 Jan 2011 06:18:42 +0000 (07:18 +0100)]
corrected naming of tnccs_reason_strings_msg_t object

9 years agodo not forget to advance node
Andreas Steffen [Fri, 7 Jan 2011 06:17:52 +0000 (07:17 +0100)]
do not forget to advance node

9 years agolibcharon plugins depend on libtls and/or libsimaka
Andreas Steffen [Fri, 7 Jan 2011 05:28:08 +0000 (06:28 +0100)]
libcharon plugins depend on libtls and/or libsimaka

9 years agofixed cert_validator_t:validate interface
Andreas Steffen [Fri, 7 Jan 2011 04:41:01 +0000 (05:41 +0100)]
fixed cert_validator_t:validate interface

9 years agoimplemented TNCCS 1.1 without libtnc
Andreas Steffen [Fri, 7 Jan 2011 04:29:04 +0000 (05:29 +0100)]
implemented TNCCS 1.1 without libtnc

9 years agocompute memory requirement for PEM-encoding correctly
Andreas Steffen [Fri, 7 Jan 2011 04:28:17 +0000 (05:28 +0100)]
compute memory requirement for PEM-encoding correctly

9 years agoAdded delta CRL NEWS
Martin Willi [Wed, 5 Jan 2011 17:20:11 +0000 (18:20 +0100)]
Added delta CRL NEWS

9 years agoAdded constraints plugin NEWS
Martin Willi [Wed, 5 Jan 2011 17:15:44 +0000 (18:15 +0100)]
Added constraints plugin NEWS

9 years agoAdded conftest NEWS
Martin Willi [Wed, 5 Jan 2011 17:09:49 +0000 (18:09 +0100)]
Added conftest NEWS

9 years agoAdded NEWS about INITIAL_CONTACT support
Martin Willi [Wed, 5 Jan 2011 17:05:09 +0000 (18:05 +0100)]
Added NEWS about INITIAL_CONTACT support

9 years agoDestroy existing IKE_SAs with same identities when receiving INITIAL_CONTACT
Martin Willi [Wed, 5 Jan 2011 15:44:01 +0000 (16:44 +0100)]
Destroy existing IKE_SAs with same identities when receiving INITIAL_CONTACT

9 years agoSend INITIAL_CONTACT for the first IKE_SA if it has a unique policy
Martin Willi [Wed, 5 Jan 2011 14:58:38 +0000 (15:58 +0100)]
Send INITIAL_CONTACT for the first IKE_SA if it has a unique policy

9 years agoMigrated ike_sa_manager_t to INIT/METHOD macros, some cleanups
Martin Willi [Wed, 5 Jan 2011 14:15:34 +0000 (15:15 +0100)]
Migrated ike_sa_manager_t to INIT/METHOD macros, some cleanups

9 years agoAdded option to use a different key when rebuilding AUTH
Martin Willi [Thu, 23 Dec 2010 14:40:09 +0000 (15:40 +0100)]
Added option to use a different key when rebuilding AUTH

9 years agoDo not print empty DN identities as invalid
Martin Willi [Thu, 23 Dec 2010 14:22:32 +0000 (15:22 +0100)]
Do not print empty DN identities as invalid

9 years agoAdded support for empty subjects DNs to pki --issue
Martin Willi [Thu, 23 Dec 2010 14:21:52 +0000 (15:21 +0100)]
Added support for empty subjects DNs to pki --issue

9 years agoAdded support for OCSP responder URIs to conftest
Martin Willi [Thu, 23 Dec 2010 14:00:34 +0000 (15:00 +0100)]
Added support for OCSP responder URIs to conftest

9 years agoAdded support for delta CRL checking to revocation plugin
Martin Willi [Thu, 23 Dec 2010 13:51:00 +0000 (14:51 +0100)]
Added support for delta CRL checking to revocation plugin

9 years agoUse incremented serial of base CRL when signing delta CRL
Martin Willi [Thu, 23 Dec 2010 13:50:04 +0000 (14:50 +0100)]
Use incremented serial of base CRL when signing delta CRL

9 years agoShow base CRL of delta CRLs in listcrls
Martin Willi [Thu, 23 Dec 2010 13:40:37 +0000 (14:40 +0100)]
Show base CRL of delta CRLs in listcrls

9 years agoVerify trustchain for each candidate certificate only once
Martin Willi [Thu, 23 Dec 2010 13:36:20 +0000 (14:36 +0100)]
Verify trustchain for each candidate certificate only once

9 years agoProvide CRLs received in CERT payloads to trustchain verification
Martin Willi [Thu, 23 Dec 2010 11:18:15 +0000 (12:18 +0100)]
Provide CRLs received in CERT payloads to trustchain verification

9 years agoAdded an AUTH_HELPER for revocation certificates
Martin Willi [Thu, 23 Dec 2010 11:17:49 +0000 (12:17 +0100)]
Added an AUTH_HELPER for revocation certificates

9 years agoAdded support for CDPs to conftest
Martin Willi [Thu, 23 Dec 2010 10:54:17 +0000 (11:54 +0100)]
Added support for CDPs to conftest

9 years agoAdded CDP support to mem_cred
Martin Willi [Thu, 23 Dec 2010 10:54:01 +0000 (11:54 +0100)]
Added CDP support to mem_cred

9 years agoCheck for issuer only if we actually got a CRL
Martin Willi [Thu, 23 Dec 2010 10:44:36 +0000 (11:44 +0100)]
Check for issuer only if we actually got a CRL

9 years agoUpdated conftest README
Martin Willi [Wed, 22 Dec 2010 17:00:11 +0000 (18:00 +0100)]
Updated conftest README

9 years agoAdded support for custom file loggers, loglevel settings
Martin Willi [Wed, 22 Dec 2010 16:19:28 +0000 (17:19 +0100)]
Added support for custom file loggers, loglevel settings

9 years agoCheck inhibitAnyPolicy in constraints plugin
Martin Willi [Wed, 22 Dec 2010 15:08:20 +0000 (16:08 +0100)]
Check inhibitAnyPolicy in constraints plugin

9 years agoSlightly renamed different policyConstraints to distinguish them better
Martin Willi [Wed, 22 Dec 2010 14:58:00 +0000 (15:58 +0100)]
Slightly renamed different policyConstraints to distinguish them better

9 years agoAdded inhibitAnyPolicy constraint support to pki tool
Martin Willi [Wed, 22 Dec 2010 14:52:19 +0000 (15:52 +0100)]
Added inhibitAnyPolicy constraint support to pki tool

9 years agoAdded support for inhibitAnyPolicy constraint to x509 plugin
Martin Willi [Wed, 22 Dec 2010 14:52:02 +0000 (15:52 +0100)]
Added support for inhibitAnyPolicy constraint to x509 plugin

9 years agoUse a generic getter for all numerical X.509 constraints
Martin Willi [Wed, 22 Dec 2010 14:10:03 +0000 (15:10 +0100)]
Use a generic getter for all numerical X.509 constraints

9 years agoCheck inhibitPolicyMapping in constraints plugin
Martin Willi [Wed, 22 Dec 2010 13:53:46 +0000 (14:53 +0100)]
Check inhibitPolicyMapping in constraints plugin

9 years agoCheck requireExplicitPolicy in constraints plugin
Martin Willi [Wed, 22 Dec 2010 09:38:06 +0000 (10:38 +0100)]
Check requireExplicitPolicy in constraints plugin

9 years agoInclude subject cert to temporary auth info before completing trustchain
Martin Willi [Wed, 22 Dec 2010 10:49:16 +0000 (11:49 +0100)]
Include subject cert to temporary auth info before completing trustchain

9 years agoFail silently when trying to convert IPv6 address to v4 family host
Martin Willi [Wed, 22 Dec 2010 10:42:44 +0000 (11:42 +0100)]
Fail silently when trying to convert IPv6 address to v4 family host

9 years agoPass an additional anchor flag to validate() hook if we reach the root CA
Martin Willi [Wed, 22 Dec 2010 09:43:06 +0000 (10:43 +0100)]
Pass an additional anchor flag to validate() hook if we reach the root CA

9 years agoAlways pass auth info to validate(), use pathlen to check for user certificate
Martin Willi [Wed, 22 Dec 2010 09:34:58 +0000 (10:34 +0100)]
Always pass auth info to validate(), use pathlen to check for user certificate

9 years agoMerge test config into suite config, instead of having two distinct configs
Martin Willi [Mon, 20 Dec 2010 14:49:00 +0000 (15:49 +0100)]
Merge test config into suite config, instead of having two distinct configs

9 years agoAdded support for delta CRLs to pki tool
Martin Willi [Fri, 17 Dec 2010 16:00:32 +0000 (17:00 +0100)]
Added support for delta CRLs to pki tool

9 years agoAdded support for delta CRLs to x509 plugin
Martin Willi [Fri, 17 Dec 2010 15:53:00 +0000 (16:53 +0100)]
Added support for delta CRLs to x509 plugin

9 years agoMoved CRL distribution point building to an exportable function
Martin Willi [Fri, 17 Dec 2010 15:52:04 +0000 (16:52 +0100)]
Moved CRL distribution point building to an exportable function

9 years agoSimplified format of x509 CRL URI parsing/enumerator
Martin Willi [Fri, 17 Dec 2010 14:52:15 +0000 (15:52 +0100)]
Simplified format of x509 CRL URI parsing/enumerator

9 years agoFail on critical extensions in openssl CRLs
Martin Willi [Fri, 17 Dec 2010 10:40:01 +0000 (11:40 +0100)]
Fail on critical extensions in openssl CRLs

9 years agoRespect enforce_critical setting in x509 plugin CRLs
Martin Willi [Fri, 17 Dec 2010 10:38:04 +0000 (11:38 +0100)]
Respect enforce_critical setting in x509 plugin CRLs

9 years agoParse CRL extensions in a switch statement
Martin Willi [Fri, 17 Dec 2010 10:36:15 +0000 (11:36 +0100)]
Parse CRL extensions in a switch statement

9 years agoRespect policy mappings in certificatePolicy validation
Martin Willi [Thu, 16 Dec 2010 15:44:33 +0000 (16:44 +0100)]
Respect policy mappings in certificatePolicy validation

9 years agoAdded a cert_policy option to conftest configurations
Martin Willi [Thu, 16 Dec 2010 15:18:11 +0000 (16:18 +0100)]
Added a cert_policy option to conftest configurations

9 years agoValidate simple certificatePolicy inheritance
Martin Willi [Thu, 16 Dec 2010 10:24:52 +0000 (11:24 +0100)]
Validate simple certificatePolicy inheritance

9 years agoAdded a certificate policy OID auth_cfg constraint
Martin Willi [Thu, 16 Dec 2010 10:25:32 +0000 (11:25 +0100)]
Added a certificate policy OID auth_cfg constraint

9 years agoAdded policyConstraints support to pki tool
Martin Willi [Wed, 15 Dec 2010 16:46:04 +0000 (17:46 +0100)]
Added policyConstraints support to pki tool

9 years agoAdded support for policyConstraints to x509 plugin
Martin Willi [Wed, 15 Dec 2010 16:45:32 +0000 (17:45 +0100)]
Added support for policyConstraints to x509 plugin

9 years agoSlightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too
Martin Willi [Wed, 15 Dec 2010 15:42:30 +0000 (16:42 +0100)]
Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for PolicyConstraints, too

9 years agoAdded policyMappings support to pki tool
Martin Willi [Wed, 15 Dec 2010 14:30:09 +0000 (14:30 +0000)]
Added policyMappings support to pki tool

9 years agoAdded policyMappings support to x509 plugin
Martin Willi [Wed, 15 Dec 2010 14:29:25 +0000 (14:29 +0000)]
Added policyMappings support to x509 plugin

9 years agoAdded policyMappings OID identifier
Martin Willi [Wed, 15 Dec 2010 14:28:31 +0000 (14:28 +0000)]
Added policyMappings OID identifier

9 years agoAdded certificatePolicy options to pki tool
Martin Willi [Wed, 15 Dec 2010 13:31:04 +0000 (14:31 +0100)]
Added certificatePolicy options to pki tool

9 years agoAdded certificatePolicy support to x509 plugin
Martin Willi [Wed, 15 Dec 2010 13:08:20 +0000 (14:08 +0100)]
Added certificatePolicy support to x509 plugin

9 years agoAdded a null-safe strdup variant
Martin Willi [Wed, 15 Dec 2010 11:15:12 +0000 (12:15 +0100)]
Added a null-safe strdup variant

9 years agoFail when parsing unsupported critical extensions in openssl_x509
Martin Willi [Tue, 14 Dec 2010 16:34:34 +0000 (17:34 +0100)]
Fail when parsing unsupported critical extensions in openssl_x509

9 years agoAdded CertificatePolicy OID identifier
Martin Willi [Tue, 14 Dec 2010 16:34:02 +0000 (17:34 +0100)]
Added CertificatePolicy OID identifier

9 years agoAdded command line tool for OID to DER conversion function
Martin Willi [Tue, 14 Dec 2010 13:49:17 +0000 (14:49 +0100)]
Added command line tool for OID to DER conversion function

9 years agoAdded conversion functions between string OIDs and its DER encoding
Martin Willi [Tue, 14 Dec 2010 13:47:44 +0000 (14:47 +0100)]
Added conversion functions between string OIDs and its DER encoding

9 years agoDo not parse certificates with invalid version in openssl plugin
Martin Willi [Mon, 13 Dec 2010 13:22:00 +0000 (14:22 +0100)]
Do not parse certificates with invalid version in openssl plugin

9 years agoImplemented NameConstraint matching in constraints plugin
Martin Willi [Thu, 9 Dec 2010 15:39:07 +0000 (16:39 +0100)]
Implemented NameConstraint matching in constraints plugin

9 years agopki --issue/self support permitted/excluded NameConstraints
Martin Willi [Thu, 9 Dec 2010 15:29:22 +0000 (16:29 +0100)]
pki --issue/self support permitted/excluded NameConstraints

9 years agopki --print prints NameConstraints
Martin Willi [Thu, 9 Dec 2010 12:34:17 +0000 (13:34 +0100)]
pki --print prints NameConstraints

9 years agoAdded support for generating NameConstraints in x509 plugin
Martin Willi [Thu, 9 Dec 2010 12:33:43 +0000 (13:33 +0100)]
Added support for generating NameConstraints in x509 plugin

9 years agoAdded support for parsing NameConstraints in x509 plugin
Martin Willi [Thu, 9 Dec 2010 12:33:07 +0000 (13:33 +0100)]
Added support for parsing NameConstraints in x509 plugin

9 years agoAdded name constraint enumerator to x509 interface
Martin Willi [Thu, 9 Dec 2010 10:50:50 +0000 (11:50 +0100)]
Added name constraint enumerator to x509 interface

9 years agoMigrated x509_cert_t to INIT/METHOD macros
Martin Willi [Thu, 9 Dec 2010 10:44:31 +0000 (11:44 +0100)]
Migrated x509_cert_t to INIT/METHOD macros

9 years agoMoved X509 pathlen constraint checking to constraints plugin
Martin Willi [Thu, 9 Dec 2010 09:46:48 +0000 (10:46 +0100)]
Moved X509 pathlen constraint checking to constraints plugin

9 years agoAdded plugin stub for advanced X509 constraint checking
Martin Willi [Thu, 9 Dec 2010 09:41:54 +0000 (09:41 +0000)]
Added plugin stub for advanced X509 constraint checking

9 years agoAdded a hook to reset ESP sequence numbers
Martin Willi [Fri, 10 Dec 2010 17:18:24 +0000 (18:18 +0100)]
Added a hook to reset ESP sequence numbers

9 years agoAccept a suffix to differentiate x509, crl, ecdsa and rsa files
Martin Willi [Fri, 10 Dec 2010 13:33:28 +0000 (14:33 +0100)]
Accept a suffix to differentiate x509, crl, ecdsa and rsa files

9 years agoUse strncaseeq instead of strncasecmp
Martin Willi [Fri, 10 Dec 2010 13:25:19 +0000 (14:25 +0100)]
Use strncaseeq instead of strncasecmp

9 years agoAdded a strncaseeq variant to the string comparison macros
Martin Willi [Fri, 10 Dec 2010 13:22:18 +0000 (14:22 +0100)]
Added a strncaseeq variant to the string comparison macros

9 years agoAdded tfc_padding option, changes signature to master changes
Martin Willi [Fri, 10 Dec 2010 10:29:39 +0000 (11:29 +0100)]
Added tfc_padding option, changes signature to master changes

9 years agoCRL/OCSP validation stores trustchain information in auth_cfg
Martin Willi [Tue, 7 Dec 2010 16:53:13 +0000 (17:53 +0100)]
CRL/OCSP validation stores trustchain information in auth_cfg

9 years agoKey strength checking stores all key sizes in auth_cfg, verifies all in complies()
Martin Willi [Tue, 7 Dec 2010 16:48:23 +0000 (17:48 +0100)]
Key strength checking stores all key sizes in auth_cfg, verifies all in complies()

9 years agoInstall "ipsec" script with tools or conftest
Martin Willi [Mon, 6 Dec 2010 09:36:51 +0000 (10:36 +0100)]
Install "ipsec" script with tools or conftest

9 years agoUse subject, not issuer, of CRL issuing certificate
Martin Willi [Fri, 3 Dec 2010 13:29:03 +0000 (14:29 +0100)]
Use subject, not issuer, of CRL issuing certificate

9 years agoCRLSign keyUsage or CA basicConstraint are sufficient for CRL validation
Martin Willi [Fri, 3 Dec 2010 12:51:51 +0000 (13:51 +0100)]
CRLSign keyUsage or CA basicConstraint are sufficient for CRL validation

9 years agoParse and encode crlSign keyUsage flag in x509 plugin
Martin Willi [Fri, 3 Dec 2010 12:26:38 +0000 (13:26 +0100)]
Parse and encode crlSign keyUsage flag in x509 plugin