strongswan.git
9 years agoAdded support for parsing NameConstraints in x509 plugin
Martin Willi [Thu, 9 Dec 2010 12:33:07 +0000 (13:33 +0100)]
Added support for parsing NameConstraints in x509 plugin

9 years agoAdded name constraint enumerator to x509 interface
Martin Willi [Thu, 9 Dec 2010 10:50:50 +0000 (11:50 +0100)]
Added name constraint enumerator to x509 interface

9 years agoMigrated x509_cert_t to INIT/METHOD macros
Martin Willi [Thu, 9 Dec 2010 10:44:31 +0000 (11:44 +0100)]
Migrated x509_cert_t to INIT/METHOD macros

9 years agoMoved X509 pathlen constraint checking to constraints plugin
Martin Willi [Thu, 9 Dec 2010 09:46:48 +0000 (10:46 +0100)]
Moved X509 pathlen constraint checking to constraints plugin

9 years agoAdded plugin stub for advanced X509 constraint checking
Martin Willi [Thu, 9 Dec 2010 09:41:54 +0000 (09:41 +0000)]
Added plugin stub for advanced X509 constraint checking

9 years agoAdded a hook to reset ESP sequence numbers
Martin Willi [Fri, 10 Dec 2010 17:18:24 +0000 (18:18 +0100)]
Added a hook to reset ESP sequence numbers

9 years agoAccept a suffix to differentiate x509, crl, ecdsa and rsa files
Martin Willi [Fri, 10 Dec 2010 13:33:28 +0000 (14:33 +0100)]
Accept a suffix to differentiate x509, crl, ecdsa and rsa files

9 years agoUse strncaseeq instead of strncasecmp
Martin Willi [Fri, 10 Dec 2010 13:25:19 +0000 (14:25 +0100)]
Use strncaseeq instead of strncasecmp

9 years agoAdded a strncaseeq variant to the string comparison macros
Martin Willi [Fri, 10 Dec 2010 13:22:18 +0000 (14:22 +0100)]
Added a strncaseeq variant to the string comparison macros

9 years agoAdded tfc_padding option, changes signature to master changes
Martin Willi [Fri, 10 Dec 2010 10:29:39 +0000 (11:29 +0100)]
Added tfc_padding option, changes signature to master changes

9 years agoCRL/OCSP validation stores trustchain information in auth_cfg
Martin Willi [Tue, 7 Dec 2010 16:53:13 +0000 (17:53 +0100)]
CRL/OCSP validation stores trustchain information in auth_cfg

9 years agoKey strength checking stores all key sizes in auth_cfg, verifies all in complies()
Martin Willi [Tue, 7 Dec 2010 16:48:23 +0000 (17:48 +0100)]
Key strength checking stores all key sizes in auth_cfg, verifies all in complies()

9 years agoInstall "ipsec" script with tools or conftest
Martin Willi [Mon, 6 Dec 2010 09:36:51 +0000 (10:36 +0100)]
Install "ipsec" script with tools or conftest

9 years agoUse subject, not issuer, of CRL issuing certificate
Martin Willi [Fri, 3 Dec 2010 13:29:03 +0000 (14:29 +0100)]
Use subject, not issuer, of CRL issuing certificate

9 years agoCRLSign keyUsage or CA basicConstraint are sufficient for CRL validation
Martin Willi [Fri, 3 Dec 2010 12:51:51 +0000 (13:51 +0100)]
CRLSign keyUsage or CA basicConstraint are sufficient for CRL validation

9 years agoParse and encode crlSign keyUsage flag in x509 plugin
Martin Willi [Fri, 3 Dec 2010 12:26:38 +0000 (13:26 +0100)]
Parse and encode crlSign keyUsage flag in x509 plugin

9 years agopki tool shows and builds crlSign keyUsage
Martin Willi [Fri, 3 Dec 2010 12:25:45 +0000 (13:25 +0100)]
pki tool shows and builds crlSign keyUsage

9 years agoAdded a flag for X509 CRLSign keyUsage
Martin Willi [Fri, 3 Dec 2010 12:24:49 +0000 (13:24 +0100)]
Added a flag for X509 CRLSign keyUsage

9 years agoRemove x509_flag_names, flags do not work with ENUM()
Martin Willi [Fri, 3 Dec 2010 12:23:59 +0000 (13:23 +0100)]
Remove x509_flag_names, flags do not work with ENUM()

9 years agoUse certificate CRLIssuer information to look up cacched CRLs or CDPs
Martin Willi [Thu, 2 Dec 2010 14:38:44 +0000 (15:38 +0100)]
Use certificate CRLIssuer information to look up cacched CRLs or CDPs

9 years agoAdded --crlissuer option to pki --issue
Martin Willi [Thu, 2 Dec 2010 14:37:28 +0000 (15:37 +0100)]
Added --crlissuer option to pki --issue

9 years agoAdded support for CRL Issuers to x509 and OpenSSL plugins
Martin Willi [Fri, 3 Dec 2010 09:28:46 +0000 (09:28 +0000)]
Added support for CRL Issuers to x509 and OpenSSL plugins

9 years agoGenerate payload to rebuild_auth, works with injected unknown payloads
Martin Willi [Wed, 1 Dec 2010 13:56:26 +0000 (14:56 +0100)]
Generate payload to rebuild_auth, works with injected unknown payloads

9 years agoMove rebuild_auth functionality to a standalone hook
Martin Willi [Wed, 1 Dec 2010 13:33:57 +0000 (14:33 +0100)]
Move rebuild_auth functionality to a standalone hook

This reverts commit 3c12b239fd55aa36c59eb60224d27af8b8d915d1.

9 years agoAdded key strength constraints support to conftest
Martin Willi [Thu, 25 Nov 2010 14:27:31 +0000 (15:27 +0100)]
Added key strength constraints support to conftest

9 years agoAdded key strength constraints for RSA or ECDSA trustchains
Martin Willi [Thu, 25 Nov 2010 14:26:51 +0000 (15:26 +0100)]
Added key strength constraints for RSA or ECDSA trustchains

9 years agoImplemented hook to log traffic selectors
Martin Willi [Thu, 25 Nov 2010 12:54:31 +0000 (13:54 +0100)]
Implemented hook to log traffic selectors

9 years agoThe set_reserved() hook rebuilds AUTH if it mangles ID payload fields
Martin Willi [Thu, 25 Nov 2010 11:32:41 +0000 (12:32 +0100)]
The set_reserved() hook rebuilds AUTH if it mangles ID payload fields

9 years agoInclude the used reserved bytes from ID payloads in AUTH calculation
Martin Willi [Thu, 25 Nov 2010 10:35:43 +0000 (11:35 +0100)]
Include the used reserved bytes from ID payloads in AUTH calculation

9 years agoMigrated psk/pubkey_authenticators to INIT/METHOD macros
Martin Willi [Thu, 25 Nov 2010 10:13:04 +0000 (11:13 +0100)]
Migrated psk/pubkey_authenticators to INIT/METHOD macros

9 years agoExtended set_reserved hook to mangle sa_payload substructures
Martin Willi [Thu, 25 Nov 2010 09:55:29 +0000 (10:55 +0100)]
Extended set_reserved hook to mangle sa_payload substructures

9 years agoAdded substructure enumerators to sa_payload, proposal_substructure
Martin Willi [Thu, 25 Nov 2010 09:55:08 +0000 (10:55 +0100)]
Added substructure enumerators to sa_payload, proposal_substructure

9 years agoMoved check if packet already encoded to ike_sa, avoids message() hook invocation...
Martin Willi [Wed, 24 Nov 2010 17:09:06 +0000 (18:09 +0100)]
Moved check if packet already encoded to ike_sa, avoids message() hook invocation twice

9 years agoThe set_ike_version hook supports version flag mangling
Martin Willi [Wed, 24 Nov 2010 16:45:39 +0000 (17:45 +0100)]
The set_ike_version hook supports version flag mangling

9 years agoAdded a message method to set the "higher version supported" flag
Martin Willi [Wed, 24 Nov 2010 16:45:12 +0000 (17:45 +0100)]
Added a message method to set the "higher version supported" flag

9 years agoImplemented hook to toggle initiator flag in IKE header
Martin Willi [Wed, 24 Nov 2010 16:22:16 +0000 (17:22 +0100)]
Implemented hook to toggle initiator flag in IKE header

9 years agoImplemented a hook to set reserved bits
Martin Willi [Wed, 24 Nov 2010 14:42:08 +0000 (14:42 +0000)]
Implemented a hook to set reserved bits

9 years agoAdded reserved bit mangling wrapper functions to message
Martin Willi [Wed, 24 Nov 2010 15:56:46 +0000 (16:56 +0100)]
Added reserved bit mangling wrapper functions to message

9 years agoUse payload_get_field() to look up payload fields
Martin Willi [Wed, 24 Nov 2010 16:07:45 +0000 (17:07 +0100)]
Use payload_get_field() to look up payload fields

9 years agoImplemented a generic payload field lookup function
Martin Willi [Wed, 24 Nov 2010 15:52:49 +0000 (16:52 +0100)]
Implemented a generic payload field lookup function

9 years agoReserved field get parsed/generated like any other bit/byte field
Martin Willi [Wed, 24 Nov 2010 15:44:48 +0000 (16:44 +0100)]
Reserved field get parsed/generated like any other bit/byte field

9 years agoAdded member fields for reserved bits and bytes in all payloads
Martin Willi [Wed, 24 Nov 2010 15:34:16 +0000 (16:34 +0100)]
Added member fields for reserved bits and bytes in all payloads

9 years agoMigrated vendor_id_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:42:22 +0000 (14:42 +0100)]
Migrated vendor_id_payload to INIT/METHOD macros

9 years agoMigrated ts_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:36:47 +0000 (14:36 +0100)]
Migrated ts_payload to INIT/METHOD macros

9 years agoUse enumerator instead of deprecated iterator
Martin Willi [Wed, 24 Nov 2010 13:21:01 +0000 (14:21 +0100)]
Use enumerator instead of deprecated iterator

9 years agoMigrated transform_substructure to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 13:17:44 +0000 (14:17 +0100)]
Migrated transform_substructure to INIT/METHOD macros

9 years agoRemoved obsolete clone mehtod from proposal_substructure
Martin Willi [Wed, 24 Nov 2010 12:58:33 +0000 (13:58 +0100)]
Removed obsolete clone mehtod from proposal_substructure

9 years agoMigrated transform_attribute to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 11:14:31 +0000 (12:14 +0100)]
Migrated transform_attribute to INIT/METHOD macros

9 years agoMigrated traffic_selector_substructre to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 11:00:53 +0000 (12:00 +0100)]
Migrated traffic_selector_substructre to INIT/METHOD macros

9 years agoMigrated notify_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:54:12 +0000 (11:54 +0100)]
Migrated notify_payload to INIT/METHOD macros

9 years agoMigrated nonce_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:42:29 +0000 (11:42 +0100)]
Migrated nonce_payload to INIT/METHOD macros

9 years agoMigrated ke_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:37:34 +0000 (11:37 +0100)]
Migrated ke_payload to INIT/METHOD macros

9 years agoMigrated id_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:29:18 +0000 (11:29 +0100)]
Migrated id_payload to INIT/METHOD macros

9 years agoUse standard ID getter in log_id hook
Martin Willi [Wed, 24 Nov 2010 10:28:58 +0000 (11:28 +0100)]
Use standard ID getter in log_id hook

9 years agoMigrated cp_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:16:37 +0000 (11:16 +0100)]
Migrated cp_payload to INIT/METHOD macros

9 years agoMigrated configuration_attribute to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:07:28 +0000 (11:07 +0100)]
Migrated configuration_attribute to INIT/METHOD macros

9 years agoMigrated certreq_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 10:01:27 +0000 (11:01 +0100)]
Migrated certreq_payload to INIT/METHOD macros

9 years agoMigrated cert_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 09:53:38 +0000 (10:53 +0100)]
Migrated cert_payload to INIT/METHOD macros

9 years agoMigrated auth_payload to INIT/METHOD macros
Martin Willi [Wed, 24 Nov 2010 09:38:58 +0000 (10:38 +0100)]
Migrated auth_payload to INIT/METHOD macros

9 years agoImplemented a hook to toggle the IKE message request flag
Martin Willi [Tue, 23 Nov 2010 12:55:32 +0000 (13:55 +0100)]
Implemented a hook to toggle the IKE message request flag

9 years agoImplemented hook to modify IKE header SPIs
Martin Willi [Tue, 23 Nov 2010 12:53:00 +0000 (13:53 +0100)]
Implemented hook to modify IKE header SPIs

9 years agoFixed transport mode configuration option
Martin Willi [Tue, 23 Nov 2010 12:34:08 +0000 (13:34 +0100)]
Fixed transport mode configuration option

9 years agoDisable MOBIKE in conftesting, as it changes port floating behavior
Martin Willi [Tue, 23 Nov 2010 10:43:23 +0000 (11:43 +0100)]
Disable MOBIKE in conftesting, as it changes port floating behavior

9 years agoLoad plugins only once, even if listed twice
Martin Willi [Tue, 23 Nov 2010 10:06:46 +0000 (11:06 +0100)]
Load plugins only once, even if listed twice

9 years agoPreload plugins configured in tests
Martin Willi [Tue, 23 Nov 2010 09:58:39 +0000 (10:58 +0100)]
Preload plugins configured in tests

9 years agoMoved generic infrastructure initialization to libcharon_init(), allows us to preload...
Martin Willi [Tue, 23 Nov 2010 09:50:36 +0000 (10:50 +0100)]
Moved generic infrastructure initialization to libcharon_init(), allows us to preload plugins

9 years agoAdded IKE options to configure source/destination ports
Martin Willi [Tue, 23 Nov 2010 09:45:45 +0000 (10:45 +0100)]
Added IKE options to configure source/destination ports

9 years agoAdded IKE config option to fake NAT situations
Martin Willi [Tue, 23 Nov 2010 09:43:48 +0000 (10:43 +0100)]
Added IKE config option to fake NAT situations

9 years agoShow SPI in proposal logging hook
Martin Willi [Tue, 23 Nov 2010 09:12:32 +0000 (10:12 +0100)]
Show SPI in proposal logging hook

9 years agoImplemented a hook to inject custom proposals
Martin Willi [Tue, 23 Nov 2010 09:01:42 +0000 (10:01 +0100)]
Implemented a hook to inject custom proposals

9 years agoFixed error reporting
Martin Willi [Tue, 23 Nov 2010 09:01:23 +0000 (10:01 +0100)]
Fixed error reporting

9 years agoRemove unused variable
Martin Willi [Tue, 23 Nov 2010 07:42:57 +0000 (08:42 +0100)]
Remove unused variable

9 years agoAdded hook to log ID payload type and data
Martin Willi [Mon, 15 Nov 2010 13:56:34 +0000 (14:56 +0100)]
Added hook to log ID payload type and data

9 years agoAdded hook to log received KE group
Martin Willi [Mon, 15 Nov 2010 13:47:06 +0000 (14:47 +0100)]
Added hook to log received KE group

9 years agoAdded a hook to modify proposal numbers
Martin Willi [Mon, 15 Nov 2010 13:37:02 +0000 (14:37 +0100)]
Added a hook to modify proposal numbers

9 years agoAdded a hook to print received proposals, including number
Martin Willi [Mon, 15 Nov 2010 13:07:17 +0000 (14:07 +0100)]
Added a hook to print received proposals, including number

9 years agoAdded a hook to alter the payload length field of arbitrary payloads
Martin Willi [Mon, 15 Nov 2010 10:54:35 +0000 (11:54 +0100)]
Added a hook to alter the payload length field of arbitrary payloads

9 years agoDo not update payload length during generation, allows hooks override payload length
Martin Willi [Mon, 15 Nov 2010 10:53:20 +0000 (11:53 +0100)]
Do not update payload length during generation, allows hooks override payload length

9 years agoDo not recalculate payload header length after generation, payloads do length calculation
Martin Willi [Mon, 15 Nov 2010 10:52:30 +0000 (11:52 +0100)]
Do not recalculate payload header length after generation, payloads do length calculation

9 years agoSupport loading of certificate revocation lists
Martin Willi [Fri, 12 Nov 2010 15:10:00 +0000 (16:10 +0100)]
Support loading of certificate revocation lists

9 years agoImplemented a hook that recreates a valid incoming IKE_AUTH response, even if AUTH_FAILED
Martin Willi [Fri, 12 Nov 2010 14:40:29 +0000 (15:40 +0100)]
Implemented a hook that recreates a valid incoming IKE_AUTH response, even if AUTH_FAILED

9 years agoApply IKE major/minor version set on message to IKE header
Martin Willi [Thu, 11 Nov 2010 15:37:26 +0000 (16:37 +0100)]
Apply IKE major/minor version set on message to IKE header

9 years agoAdded setters for IKE major/minor version to ike_header
Martin Willi [Thu, 11 Nov 2010 15:35:35 +0000 (16:35 +0100)]
Added setters for IKE major/minor version to ike_header

9 years agoMigrated ike_header_t to INIT/METHOD macros
Martin Willi [Thu, 11 Nov 2010 15:32:57 +0000 (16:32 +0100)]
Migrated ike_header_t to INIT/METHOD macros

9 years agoAdded hook to set arbitrary IKE major/minor versions in message headers
Martin Willi [Thu, 11 Nov 2010 15:12:58 +0000 (16:12 +0100)]
Added hook to set arbitrary IKE major/minor versions in message headers

9 years agoPrefer test specific over suite specific configuration
Martin Willi [Thu, 11 Nov 2010 14:52:32 +0000 (15:52 +0100)]
Prefer test specific over suite specific configuration

9 years agoAdded a force_hookie hook that requests a COOKIE independent of our COOKIE mechanism
Martin Willi [Thu, 11 Nov 2010 14:38:52 +0000 (15:38 +0100)]
Added a force_hookie hook that requests a COOKIE independent of our COOKIE mechanism

9 years agoThe add_payload hook supports replacing existing payloads of the same type
Martin Willi [Wed, 10 Nov 2010 16:41:51 +0000 (17:41 +0100)]
The add_payload hook supports replacing existing payloads of the same type

9 years agoFix insertion of non hex encoded payload data
Martin Willi [Wed, 10 Nov 2010 16:41:23 +0000 (17:41 +0100)]
Fix insertion of non hex encoded payload data

9 years agoFixed length calculation of unknown payload
Martin Willi [Wed, 10 Nov 2010 16:40:43 +0000 (17:40 +0100)]
Fixed length calculation of unknown payload

9 years agoAdded a hook to set the critical bit on arbitrary payloads
Martin Willi [Wed, 10 Nov 2010 16:23:57 +0000 (17:23 +0100)]
Added a hook to set the critical bit on arbitrary payloads

9 years agoMove critical bit checking to ike_sa, notify payload includes unsupported payload...
Martin Willi [Wed, 10 Nov 2010 15:47:56 +0000 (16:47 +0100)]
Move critical bit checking to ike_sa, notify payload includes unsupported payload type

9 years agoHandle all error notifies in CREATE_CHILD_SA exchanges
Martin Willi [Wed, 10 Nov 2010 15:30:25 +0000 (16:30 +0100)]
Handle all error notifies in CREATE_CHILD_SA exchanges

9 years agoSupport encoding of UKNOWN_DATA
Martin Willi [Wed, 10 Nov 2010 15:29:59 +0000 (16:29 +0100)]
Support encoding of UKNOWN_DATA

9 years agoMoved our substructure identifiers above 255, ignore private payloads properly
Martin Willi [Wed, 10 Nov 2010 14:41:46 +0000 (15:41 +0100)]
Moved our substructure identifiers above 255, ignore private payloads properly

9 years agoCheck for exceeded payload count even if we have a found one flagged as sufficient
Martin Willi [Wed, 10 Nov 2010 14:34:38 +0000 (15:34 +0100)]
Check for exceeded payload count even if we have a found one flagged as sufficient

9 years agoAdded a hook to inject custom payloads with critical bit
Martin Willi [Wed, 10 Nov 2010 13:26:03 +0000 (14:26 +0100)]
Added a hook to inject custom payloads with critical bit

9 years agoAdded a constructor for custom uknown payloads
Martin Willi [Wed, 10 Nov 2010 13:21:23 +0000 (14:21 +0100)]
Added a constructor for custom uknown payloads

9 years agoUse the payloads actual type in unknown_payload_t
Martin Willi [Wed, 10 Nov 2010 13:17:03 +0000 (14:17 +0100)]
Use the payloads actual type in unknown_payload_t

9 years agoMigrated unknown payload to INIT/METHOD macros
Martin Willi [Wed, 10 Nov 2010 12:56:18 +0000 (13:56 +0100)]
Migrated unknown payload to INIT/METHOD macros