strongswan.git
13 years agosuppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from...
Andreas Steffen [Fri, 21 Mar 2008 09:34:40 +0000 (09:34 -0000)]
suppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from Astaro.

13 years agooptimized debug output of credential_manager.c
Andreas Steffen [Fri, 21 Mar 2008 09:28:25 +0000 (09:28 -0000)]
optimized debug output of credential_manager.c

13 years agoremoved build.h include
Andreas Steffen [Thu, 20 Mar 2008 15:25:02 +0000 (15:25 -0000)]
removed build.h include

13 years agorefactored openac and its attribute certificate factory
Andreas Steffen [Thu, 20 Mar 2008 15:23:52 +0000 (15:23 -0000)]
refactored openac and its attribute certificate factory

13 years agomodified debug text
Andreas Steffen [Thu, 20 Mar 2008 15:22:26 +0000 (15:22 -0000)]
modified debug text

13 years agocert_cache_t caches subject-issuer relations and subject certificates
Martin Willi [Thu, 20 Mar 2008 14:31:36 +0000 (14:31 -0000)]
cert_cache_t caches subject-issuer relations and subject certificates
ocsp/crl do not benefit yet due missing lookup function

13 years agofallback to random end entity certificate if trustchain building fails
Martin Willi [Thu, 20 Mar 2008 13:14:55 +0000 (13:14 -0000)]
fallback to random end entity certificate if trustchain building fails

13 years ago(no commit message)
Martin Willi [Thu, 20 Mar 2008 11:38:51 +0000 (11:38 -0000)]

13 years agosome C libraries need _GNU_SOURCE for rwlocks
Martin Willi [Thu, 20 Mar 2008 11:27:55 +0000 (11:27 -0000)]
some C libraries need _GNU_SOURCE for rwlocks

13 years agoadded support for certificate requests for not yet known CAs
Martin Willi [Thu, 20 Mar 2008 10:09:56 +0000 (10:09 -0000)]
added support for certificate requests for not yet known CAs

13 years agoadded $
Andreas Steffen [Thu, 20 Mar 2008 09:30:07 +0000 (09:30 -0000)]
added $

13 years agofixed verification of preinstalled certificates
Martin Willi [Thu, 20 Mar 2008 09:30:02 +0000 (09:30 -0000)]
fixed verification of preinstalled certificates

13 years agoincluded utils/linked_list.h
Andreas Steffen [Thu, 20 Mar 2008 09:28:58 +0000 (09:28 -0000)]
included utils/linked_list.h

13 years agomore trustchain verification improvements
Martin Willi [Thu, 20 Mar 2008 09:27:57 +0000 (09:27 -0000)]
more trustchain verification improvements
should fix crl-revoked and two-certs scenarios

13 years agocleaned up includes
Andreas Steffen [Thu, 20 Mar 2008 09:24:22 +0000 (09:24 -0000)]
cleaned up includes

13 years agoCA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flag
Martin Willi [Thu, 20 Mar 2008 07:21:44 +0000 (07:21 -0000)]
CA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flag

13 years agorefactored trustchain verification, this should fix #33
Martin Willi [Wed, 19 Mar 2008 17:54:54 +0000 (17:54 -0000)]
refactored trustchain verification, this should fix #33
moved auth_info/ocsp_response credset wrapper to separate files

13 years agoincreased debug level in trust chain verification for auditing purposes
Andreas Steffen [Wed, 19 Mar 2008 17:04:09 +0000 (17:04 -0000)]
increased debug level in trust chain verification for auditing purposes

13 years agoremoved unimplemented private/public key function declarations
Martin Willi [Wed, 19 Mar 2008 14:21:56 +0000 (14:21 -0000)]
removed unimplemented private/public key function declarations

13 years agoThe introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
Martin Willi [Wed, 19 Mar 2008 14:02:52 +0000 (14:02 -0000)]
The introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA,
as it requires to XOR the key into the hashers state.
A new SHA1 based keyed hash function, implemented as PRF, enables EAP-AKA
and the FIPS-PRF function to properly use the existing SHA1 implementation.

13 years agolog nextUpdate of crls and ocsp responses
Andreas Steffen [Wed, 19 Mar 2008 13:11:29 +0000 (13:11 -0000)]
log nextUpdate of crls and ocsp responses

13 years agofixed stupid bug in fetch_ocsp()
Andreas Steffen [Wed, 19 Mar 2008 12:36:15 +0000 (12:36 -0000)]
fixed stupid bug in fetch_ocsp()

13 years agoattempt to achieve consistent debugging output
Andreas Steffen [Wed, 19 Mar 2008 12:06:38 +0000 (12:06 -0000)]
attempt to achieve consistent debugging output

13 years agofixed shared key lookup in stroke
Martin Willi [Wed, 19 Mar 2008 10:24:51 +0000 (10:24 -0000)]
fixed shared key lookup in stroke

13 years agofixed peer_cfg lookup when omitting IDr
Martin Willi [Wed, 19 Mar 2008 10:08:59 +0000 (10:08 -0000)]
fixed peer_cfg lookup when omitting IDr

13 years agofixed CRL check return value on revoked certificates
Martin Willi [Wed, 19 Mar 2008 09:44:47 +0000 (09:44 -0000)]
fixed CRL check return value on revoked certificates
fixed possible refcounting bugs
generic return_null() implementation

13 years agofixed compiler warning
Martin Willi [Tue, 18 Mar 2008 14:06:11 +0000 (14:06 -0000)]
fixed compiler warning

13 years agoadded generic payload order rules for notifies
Martin Willi [Tue, 18 Mar 2008 12:45:23 +0000 (12:45 -0000)]
added generic payload order rules for notifies

13 years agofixed ike_cfg lookup in stroke
Martin Willi [Tue, 18 Mar 2008 12:40:41 +0000 (12:40 -0000)]
fixed ike_cfg lookup in stroke

13 years agoadded false positive signature check
Martin Willi [Tue, 18 Mar 2008 12:25:39 +0000 (12:25 -0000)]
added false positive signature check

13 years agoadded missing test case file ([3607])
Martin Willi [Tue, 18 Mar 2008 12:16:36 +0000 (12:16 -0000)]
added missing test case file ([3607])

13 years agocreating public key from RSA private key
Martin Willi [Tue, 18 Mar 2008 12:13:51 +0000 (12:13 -0000)]
creating public key from RSA private key
RSA key generation and signature test

13 years agomade is_newer() a certificate_t method
Andreas Steffen [Tue, 18 Mar 2008 10:36:08 +0000 (10:36 -0000)]
made is_newer() a certificate_t method

13 years agobetter normalized tables for SQL plugin (IDs)
Martin Willi [Tue, 18 Mar 2008 09:07:04 +0000 (09:07 -0000)]
better normalized tables for SQL plugin (IDs)

13 years agoenforcing x509_flags on certificate construction
Martin Willi [Mon, 17 Mar 2008 08:06:49 +0000 (08:06 -0000)]
enforcing x509_flags on certificate construction

13 years agofixed CRL revoked certs enumeration
Martin Willi [Mon, 17 Mar 2008 07:25:32 +0000 (07:25 -0000)]
fixed CRL revoked certs enumeration

13 years agologging to SQL database
Martin Willi [Sat, 15 Mar 2008 14:17:09 +0000 (14:17 -0000)]
logging to SQL database

13 years agocorrectly unregister IKE_SA at the bus
Martin Willi [Sat, 15 Mar 2008 14:08:43 +0000 (14:08 -0000)]
correctly unregister IKE_SA at the bus

13 years agoremoved X509_PEER flag; flags are meant to read cert, not to store additional state...
Martin Willi [Fri, 14 Mar 2008 15:11:29 +0000 (15:11 -0000)]
removed X509_PEER flag; flags are meant to read cert, not to store additional state in cert
removed x509_t.set_flags for the reason above
implemented a simple, generic shared_key_t

13 years agocredential lookup in mysql/sqlite database
Martin Willi [Fri, 14 Mar 2008 15:06:42 +0000 (15:06 -0000)]
credential lookup in mysql/sqlite database

13 years agorefactored buggy trustchain building, fixed refcount bug
Martin Willi [Fri, 14 Mar 2008 15:04:16 +0000 (15:04 -0000)]
refactored buggy trustchain building, fixed refcount bug

13 years agoreduced mysql pool verbosity
Martin Willi [Fri, 14 Mar 2008 15:03:19 +0000 (15:03 -0000)]
reduced mysql pool verbosity

13 years agoSQL schema for MySQL and SQLite, test data
Martin Willi [Fri, 14 Mar 2008 07:39:01 +0000 (07:39 -0000)]
SQL schema for MySQL and SQLite, test data

13 years agotwo small fixes
Tobias Brunner [Thu, 13 Mar 2008 15:03:06 +0000 (15:03 -0000)]
two small fixes

13 years agofixed apidoc grouping
Martin Willi [Thu, 13 Mar 2008 14:53:57 +0000 (14:53 -0000)]
fixed apidoc grouping

13 years agoadded NetworkManager prototype DBUS policy, applet config
Martin Willi [Thu, 13 Mar 2008 14:41:27 +0000 (14:41 -0000)]
added NetworkManager prototype DBUS policy, applet config

13 years agoadded old and unmaintained prototype of NetworkManager applet and authenticator
Martin Willi [Thu, 13 Mar 2008 14:37:11 +0000 (14:37 -0000)]
added old and unmaintained prototype of NetworkManager applet and authenticator

13 years agoreverted accidentally commited testing config
Martin Willi [Thu, 13 Mar 2008 14:20:20 +0000 (14:20 -0000)]
reverted accidentally commited testing config

13 years agomerged the modularization branch (credentials) back to trunk
Martin Willi [Thu, 13 Mar 2008 14:14:44 +0000 (14:14 -0000)]
merged the modularization branch (credentials) back to trunk

13 years agoactivated svn:keywords on all UML scripts
Andreas Steffen [Sat, 1 Mar 2008 10:25:52 +0000 (10:25 -0000)]
activated svn:keywords on all UML scripts

13 years agosupport of gnome-terminal in UML testing
Andreas Steffen [Fri, 29 Feb 2008 20:17:28 +0000 (20:17 -0000)]
support of gnome-terminal in UML testing

13 years agotake down eth1 interface on alice via ssh
Andreas Steffen [Fri, 29 Feb 2008 17:00:07 +0000 (17:00 -0000)]
take down eth1 interface on alice via ssh

13 years agoadded sleep due to new scheduler in 2.6.24 kernel
Andreas Steffen [Fri, 29 Feb 2008 15:52:25 +0000 (15:52 -0000)]
added sleep due to new scheduler in 2.6.24 kernel

13 years agoversion bumps
Andreas Steffen [Fri, 29 Feb 2008 15:51:16 +0000 (15:51 -0000)]
version bumps

13 years agoimproved P2P_NAT debugging
Andreas Steffen [Wed, 27 Feb 2008 20:30:39 +0000 (20:30 -0000)]
improved P2P_NAT debugging

13 years agocreating sysconfdir if it does not exist
Martin Willi [Fri, 22 Feb 2008 14:50:38 +0000 (14:50 -0000)]
creating sysconfdir if it does not exist
moved all directory creations into starters Makefile

13 years agoversion bump to 4.2.0
Andreas Steffen [Fri, 15 Feb 2008 18:44:29 +0000 (18:44 -0000)]
version bump to 4.2.0

13 years agorelease of 4.1.11 bug fix version 4.1.11
Andreas Steffen [Thu, 14 Feb 2008 21:26:21 +0000 (21:26 -0000)]
release of 4.1.11 bug fix version

13 years agoadded support of --enable-eap-sim
Andreas Steffen [Thu, 14 Feb 2008 21:25:38 +0000 (21:25 -0000)]
added support of --enable-eap-sim

13 years agodisable eth1 interface of UML host alice after booting
Andreas Steffen [Thu, 14 Feb 2008 21:24:54 +0000 (21:24 -0000)]
disable eth1 interface of UML host alice after booting

13 years agoadded sleep 1 to ikev1/xauth-rsa-nosecret scenario
Andreas Steffen [Thu, 14 Feb 2008 21:23:48 +0000 (21:23 -0000)]
added sleep 1 to ikev1/xauth-rsa-nosecret scenario

13 years agorefactored connect_manager_t to use the find functions on linked lists
Tobias Brunner [Thu, 14 Feb 2008 13:42:36 +0000 (13:42 -0000)]
refactored connect_manager_t to use the find functions on linked lists

13 years agofind methods for linked lists
Tobias Brunner [Thu, 14 Feb 2008 12:29:29 +0000 (12:29 -0000)]
find methods for linked lists

13 years agosome websites append a newline character to a DER-encoded binary blob
Andreas Steffen [Tue, 5 Feb 2008 19:27:05 +0000 (19:27 -0000)]
some websites append a newline character to a DER-encoded binary blob

13 years agosplit connections with different virtual IPs in different peer_cfgs
Martin Willi [Tue, 5 Feb 2008 12:39:30 +0000 (12:39 -0000)]
split connections with different virtual IPs in different peer_cfgs
respect different peer_cfg's when initiating a CHILD_SA within an existing IKE_SA

13 years ago * replaced __thread with pthread_key_t/pthread_setspecific
Tobias Brunner [Tue, 5 Feb 2008 09:31:21 +0000 (09:31 -0000)]
 * replaced __thread with pthread_key_t/pthread_setspecific
 * use pthread_once to initialize the request handler

13 years agoEAP-SIM server and client test module added
Andreas Steffen [Mon, 4 Feb 2008 20:55:57 +0000 (20:55 -0000)]
EAP-SIM server and client test module added

13 years agoimplemented IKEV2 EAP-SIM server and client test module that use triplets stored...
Andreas Steffen [Mon, 4 Feb 2008 14:52:06 +0000 (14:52 -0000)]
implemented IKEV2 EAP-SIM server and client test module that use triplets stored in a file. For details see the scenario 'ikev2/rw-eap-sim-rsa'

13 years agouse the new options_t class
Andreas Steffen [Mon, 4 Feb 2008 14:46:43 +0000 (14:46 -0000)]
use the new options_t class

13 years agofixed tabs
Andreas Steffen [Mon, 4 Feb 2008 14:45:50 +0000 (14:45 -0000)]
fixed tabs

13 years agorefactored optionsfrom as in an object-oriented way using the options_t class. Elimin...
Andreas Steffen [Mon, 4 Feb 2008 14:44:14 +0000 (14:44 -0000)]
refactored optionsfrom as in an object-oriented way using the options_t class. Eliminated all memory leaks

13 years agouse identifiers in EAP_SUCCESS/EAP_FAILURE payloads
Martin Willi [Mon, 4 Feb 2008 11:43:10 +0000 (11:43 -0000)]
use identifiers in EAP_SUCCESS/EAP_FAILURE payloads

13 years agoparse signedData object with empty content
Andreas Steffen [Sat, 2 Feb 2008 00:29:03 +0000 (00:29 -0000)]
parse signedData object with empty content

13 years agobuild_signedData() now computes messageDigest attribute
Andreas Steffen [Fri, 1 Feb 2008 22:26:01 +0000 (22:26 -0000)]
build_signedData() now computes messageDigest attribute

13 years agoadded set_messageDigest() and get_messageDigest() methods
Andreas Steffen [Fri, 1 Feb 2008 22:24:51 +0000 (22:24 -0000)]
added set_messageDigest() and get_messageDigest() methods

13 years agoextended and debugged PKCS#7 signedData support
Andreas Steffen [Fri, 1 Feb 2008 14:19:26 +0000 (14:19 -0000)]
extended and debugged PKCS#7 signedData support

13 years agoadded S/MIME capabilities OID
Andreas Steffen [Fri, 1 Feb 2008 10:40:03 +0000 (10:40 -0000)]
added S/MIME capabilities OID

13 years agochanged tabs to 4 spaces
Andreas Steffen [Fri, 1 Feb 2008 01:01:17 +0000 (01:01 -0000)]
changed tabs to 4 spaces

13 years agotwo bug fixes
Andreas Steffen [Fri, 1 Feb 2008 00:15:27 +0000 (00:15 -0000)]
two bug fixes

13 years agonext_payload must be of type u_int8_t
Andreas Steffen [Fri, 1 Feb 2008 00:07:56 +0000 (00:07 -0000)]
next_payload must be of type u_int8_t

13 years agoNAT-T conditions were not inherited during IKE_SA rekeying
Andreas Steffen [Tue, 29 Jan 2008 01:41:47 +0000 (01:41 -0000)]
NAT-T conditions were not inherited during IKE_SA rekeying

13 years agofixed comment
Andreas Steffen [Sun, 27 Jan 2008 20:59:22 +0000 (20:59 -0000)]
fixed comment

13 years agoimplemented pkcs1_encrypt()
Andreas Steffen [Sun, 27 Jan 2008 20:58:52 +0000 (20:58 -0000)]
implemented pkcs1_encrypt()

13 years agofixed padding bug in RSA_encrypt()
Andreas Steffen [Sun, 27 Jan 2008 20:17:15 +0000 (20:17 -0000)]
fixed padding bug in RSA_encrypt()

13 years agoadded RCSID
Andreas Steffen [Tue, 22 Jan 2008 10:52:26 +0000 (10:52 -0000)]
added RCSID

13 years agoadded md2WithRSA algorithm identifier
Andreas Steffen [Tue, 22 Jan 2008 10:52:03 +0000 (10:52 -0000)]
added md2WithRSA algorithm identifier

13 years agoextended asn1_algorithmIdentifier() to SHA-2
Andreas Steffen [Tue, 22 Jan 2008 10:34:44 +0000 (10:34 -0000)]
extended asn1_algorithmIdentifier() to SHA-2

13 years agoextended asn1_algorithmIdentifier() to SHA-2
Andreas Steffen [Tue, 22 Jan 2008 10:32:37 +0000 (10:32 -0000)]
extended asn1_algorithmIdentifier() to SHA-2

13 years agox509_t.build_encoding() now supports any hash algorithm
Andreas Steffen [Tue, 22 Jan 2008 01:32:12 +0000 (01:32 -0000)]
x509_t.build_encoding() now supports any hash algorithm

13 years agofully implemented x509_create()
Andreas Steffen [Tue, 22 Jan 2008 01:09:19 +0000 (01:09 -0000)]
fully implemented x509_create()

13 years agofixed destruction of generalNames linked list
Andreas Steffen [Mon, 21 Jan 2008 22:56:58 +0000 (22:56 -0000)]
fixed destruction of generalNames linked list

13 years agofixed parsing and building of generalNames
Andreas Steffen [Mon, 21 Jan 2008 10:00:13 +0000 (10:00 -0000)]
fixed parsing and building of generalNames

13 years agoimplemented rsa_private_key_t.get_public_key()
Andreas Steffen [Mon, 21 Jan 2008 00:36:38 +0000 (00:36 -0000)]
implemented rsa_private_key_t.get_public_key()

13 years agoadded rsa_public_key_create(mpz_t n, mpz_t e)
Andreas Steffen [Mon, 21 Jan 2008 00:34:41 +0000 (00:34 -0000)]
added rsa_public_key_create(mpz_t n, mpz_t e)

13 years agoadded notBefore and notAfter to x509_create()
Andreas Steffen [Mon, 21 Jan 2008 00:30:26 +0000 (00:30 -0000)]
added notBefore and notAfter to x509_create()

13 years agoadded --with-plugindir option
Andreas Steffen [Sun, 20 Jan 2008 17:57:38 +0000 (17:57 -0000)]
added --with-plugindir option

13 years agoadded missing hasher include
Martin Willi [Thu, 3 Jan 2008 10:42:21 +0000 (10:42 -0000)]
added missing hasher include

13 years agoversion bump to 4.2.0
Andreas Steffen [Mon, 24 Dec 2007 18:07:55 +0000 (18:07 -0000)]
version bump to 4.2.0

13 years agoadd ip xfrm state test for ikev1 transport mode
Andreas Steffen [Wed, 19 Dec 2007 21:02:15 +0000 (21:02 -0000)]
add ip xfrm state test for ikev1 transport mode

13 years agoversion bumps
Andreas Steffen [Wed, 19 Dec 2007 21:01:19 +0000 (21:01 -0000)]
version bumps