strongswan.git
8 years agoTry to keep the given source address when looking up routes
Tobias Brunner [Thu, 1 Sep 2011 09:33:13 +0000 (11:33 +0200)]
Try to keep the given source address when looking up routes

This allows to pin the local end of an IKE_SA to an address that is not the
physical address of an interface.  Without this patch the local address would
change to the physical address when roam events occur.

8 years agoMake sure we propose a dynamic TS if we don't have hosts to derive a TS from
Tobias Brunner [Fri, 21 Sep 2012 16:13:42 +0000 (18:13 +0200)]
Make sure we propose a dynamic TS if we don't have hosts to derive a TS from

7ee37114 removed this behavior.

8 years agoMove rw-eap-dynamic scenario to its proper location
Tobias Brunner [Fri, 21 Sep 2012 07:34:10 +0000 (09:34 +0200)]
Move rw-eap-dynamic scenario to its proper location

8 years agoIn mem_pool, check for an existing ID entry before creating a new one
Martin Willi [Thu, 20 Sep 2012 09:04:55 +0000 (11:04 +0200)]
In mem_pool, check for an existing ID entry before creating a new one

8 years agoMerge branch 'unity'
Martin Willi [Tue, 18 Sep 2012 15:22:30 +0000 (17:22 +0200)]
Merge branch 'unity'

Add Cisco Unity extension support implemented in a dedicated plugin.

8 years agoAdd a simple test case for the unity plugin, featuring both includes and excludes
Martin Willi [Mon, 17 Sep 2012 14:23:10 +0000 (16:23 +0200)]
Add a simple test case for the unity plugin, featuring both includes and excludes

8 years agoBuild unity plugin in strongSwan test suite
Martin Willi [Mon, 17 Sep 2012 13:39:29 +0000 (15:39 +0200)]
Build unity plugin in strongSwan test suite

8 years agoAdd unity plugin NEWS
Martin Willi [Mon, 17 Sep 2012 09:48:31 +0000 (11:48 +0200)]
Add unity plugin NEWS

8 years agoUpdate ipsec.conf.5, leftsubnet can handle multiple subnets in IKEv1 with Unity
Martin Willi [Mon, 17 Sep 2012 09:43:11 +0000 (11:43 +0200)]
Update ipsec.conf.5, leftsubnet can handle multiple subnets in IKEv1 with Unity

8 years agoAs Unity responder, don't change the proposed TS at all, racoon doesn't like that
Martin Willi [Mon, 17 Sep 2012 12:30:35 +0000 (14:30 +0200)]
As Unity responder, don't change the proposed TS at all, racoon doesn't like that

8 years agoDon't complain about multiple TS in IKEv1, as it supported with Unity
Martin Willi [Thu, 13 Sep 2012 13:57:39 +0000 (15:57 +0200)]
Don't complain about multiple TS in IKEv1, as it supported with Unity

8 years agoAs initiator, narrow received Unity attributes to configured TS
Martin Willi [Thu, 13 Sep 2012 13:57:06 +0000 (15:57 +0200)]
As initiator, narrow received Unity attributes to configured TS

8 years agoWhen using Unity, bump up remote TS as initiator to 0.0.0.0/0, too
Martin Willi [Thu, 13 Sep 2012 13:38:04 +0000 (15:38 +0200)]
When using Unity, bump up remote TS as initiator to 0.0.0.0/0, too

8 years agoEnable Cisco Unity only if Unity vendor id received
Martin Willi [Thu, 13 Sep 2012 13:09:21 +0000 (15:09 +0200)]
Enable Cisco Unity only if Unity vendor id received

8 years agoExchange 0.0.0.0/0 traffic selectors with Unity, narrowing after exchange
Martin Willi [Tue, 24 Jul 2012 11:23:48 +0000 (13:23 +0200)]
Exchange 0.0.0.0/0 traffic selectors with Unity, narrowing after exchange

8 years agoAdd a Unity attribute provider that adds Split-Includes for TS
Martin Willi [Tue, 24 Jul 2012 10:21:25 +0000 (12:21 +0200)]
Add a Unity attribute provider that adds Split-Includes for TS

8 years agoCheck if subset calculation actually yields a TS in Unity narrowing
Martin Willi [Tue, 24 Jul 2012 10:20:32 +0000 (12:20 +0200)]
Check if subset calculation actually yields a TS in Unity narrowing

8 years agoRequest Unity configuration attributes for IKEv1 only
Martin Willi [Tue, 24 Jul 2012 08:55:46 +0000 (10:55 +0200)]
Request Unity configuration attributes for IKEv1 only

8 years agoAdd Cisco Unity client support for Split-Include and Local-LAN
Martin Willi [Mon, 23 Jul 2012 15:14:47 +0000 (17:14 +0200)]
Add Cisco Unity client support for Split-Include and Local-LAN

8 years agoAdd a road-warrior test case requesting both an IPv4 and an IPv6 virtual address
Martin Willi [Tue, 18 Sep 2012 14:31:15 +0000 (16:31 +0200)]
Add a road-warrior test case requesting both an IPv4 and an IPv6 virtual address

8 years agoDerive a dynamic TS to multiple virtual IPs
Martin Willi [Tue, 18 Sep 2012 10:46:36 +0000 (12:46 +0200)]
Derive a dynamic TS to multiple virtual IPs

8 years agoUse the vararg list constructor in quick mode task
Martin Willi [Tue, 18 Sep 2012 10:44:59 +0000 (12:44 +0200)]
Use the vararg list constructor in quick mode task

8 years agoAdd a linked list constructor taking items from a vararg list
Martin Willi [Tue, 18 Sep 2012 10:43:31 +0000 (12:43 +0200)]
Add a linked list constructor taking items from a vararg list

8 years agoMake stroke user-creds work with XAuth configs
Tobias Brunner [Tue, 18 Sep 2012 14:56:17 +0000 (16:56 +0200)]
Make stroke user-creds work with XAuth configs

8 years agoFix Doxygen comment for proposal_keywords_t
Tobias Brunner [Tue, 18 Sep 2012 14:11:53 +0000 (16:11 +0200)]
Fix Doxygen comment for proposal_keywords_t

Two dots seem to mark the end of a list.

8 years agoNew Android release after fixing IDr problems
Tobias Brunner [Tue, 18 Sep 2012 13:29:29 +0000 (15:29 +0200)]
New Android release after fixing IDr problems

8 years agoUse random ports in NetworkManager backend
Tobias Brunner [Tue, 18 Sep 2012 12:57:05 +0000 (14:57 +0200)]
Use random ports in NetworkManager backend

8 years agoFix equality comparison of auth_cfg_t
Tobias Brunner [Tue, 18 Sep 2012 10:47:17 +0000 (12:47 +0200)]
Fix equality comparison of auth_cfg_t

We previously only confirmed that rules contained in the first config are also
contained in the second, but since the number of rules does not have to
be equal, it might be that the second config contains rules that the
first one doesn't.

8 years agoSet AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity>
Tobias Brunner [Tue, 18 Sep 2012 09:45:12 +0000 (11:45 +0200)]
Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity>

8 years agoUse AUTH_RULE_IDENTITY_LOOSE in NetworkManager backend
Tobias Brunner [Tue, 18 Sep 2012 12:39:45 +0000 (14:39 +0200)]
Use AUTH_RULE_IDENTITY_LOOSE in NetworkManager backend

8 years agoandroid: Use AUTH_RULE_IDENTITY_LOOSE
Tobias Brunner [Tue, 18 Sep 2012 09:21:49 +0000 (11:21 +0200)]
android: Use AUTH_RULE_IDENTITY_LOOSE

8 years agoAdd AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiator
Tobias Brunner [Tue, 18 Sep 2012 09:16:10 +0000 (11:16 +0200)]
Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiator

If it is set on an auth config IDr will not be sent, and later the configured
identity will not only be checked against the returned IDr, but also
against other identities contained in the responder's certificate.

8 years agoNew Android release after fixing Unicode conversion bug
Tobias Brunner [Mon, 17 Sep 2012 08:55:10 +0000 (10:55 +0200)]
New Android release after fixing Unicode conversion bug

8 years agoandroid: Fix conversion of actual Unicode strings (i.e. bytes!=chars)
Tobias Brunner [Mon, 17 Sep 2012 08:30:39 +0000 (10:30 +0200)]
android: Fix conversion of actual Unicode strings (i.e. bytes!=chars)

8 years agoRemoved the unneeded socket-raw plugin
Tobias Brunner [Fri, 14 Sep 2012 12:10:14 +0000 (14:10 +0200)]
Removed the unneeded socket-raw plugin

8 years agoChange traffic selectors during Quick Mode in case of a NAT in transport mode
Tobias Brunner [Fri, 14 Sep 2012 07:07:21 +0000 (09:07 +0200)]
Change traffic selectors during Quick Mode in case of a NAT in transport mode

Windows 7 sends its internal address as TSi.  While we don't support the
NAT-T drafts as used by Windows XP it is interesting to note that the
client there omits the TSi payload which then would automatically get set
to the public IP address of the client.

Fixes #220.

8 years agoMerge branch 'custom-crypto'
Tobias Brunner [Thu, 13 Sep 2012 13:50:52 +0000 (15:50 +0200)]
Merge branch 'custom-crypto'

This provides plugins with an interface to register keywords for
proposals (e.g. when parsing the esp and ike options from ipsec.conf)
and the possibility to register identifiers for kernel algorithms.

It is based on patches contributed by Nanoteq Pty Ltd.

8 years agoAdded algorithm lookup via kernel_interface_t to the various kernel interfaces
Tobias Brunner [Thu, 13 Sep 2012 13:22:37 +0000 (15:22 +0200)]
Added algorithm lookup via kernel_interface_t to the various kernel interfaces

8 years agoAdded possibility to register custom kernel algorithms to kernel interface
Tobias Brunner [Thu, 13 Sep 2012 12:36:04 +0000 (14:36 +0200)]
Added possibility to register custom kernel algorithms to kernel interface

8 years agoAdded possibility to register custom proposal keywords
Tobias Brunner [Thu, 13 Sep 2012 12:22:08 +0000 (14:22 +0200)]
Added possibility to register custom proposal keywords

Keyword lookup and registration are handled via the new lib->proposal object.

8 years agoRemoved len argument from proposal_get_token()
Tobias Brunner [Thu, 13 Sep 2012 11:39:33 +0000 (13:39 +0200)]
Removed len argument from proposal_get_token()

Also use enumerators instead of lexparser.h to parse proposal strings.

8 years agoMake arguments for enumerator_create_token|directory const
Tobias Brunner [Thu, 13 Sep 2012 10:30:22 +0000 (12:30 +0200)]
Make arguments for enumerator_create_token|directory const

8 years agoMoved proposal_keywords to proposal_keywords_static
Francois ten Krooden [Fri, 24 Aug 2012 12:56:42 +0000 (14:56 +0200)]
Moved proposal_keywords to proposal_keywords_static

Added new proposal keywords with function to reference the static keywords.

8 years agoOption added to enforce a configured destination address for DHCP packets
Tobias Brunner [Thu, 5 Jul 2012 17:06:44 +0000 (19:06 +0200)]
Option added to enforce a configured destination address for DHCP packets

8 years agoversion bump to 5.0.1rc1
Andreas Steffen [Wed, 12 Sep 2012 21:56:12 +0000 (23:56 +0200)]
version bump to 5.0.1rc1

8 years agoAllow calls to set_address() for any host-sized TS, not only dynamic ones
Tobias Brunner [Wed, 12 Sep 2012 16:10:04 +0000 (18:10 +0200)]
Allow calls to set_address() for any host-sized TS, not only dynamic ones

This fixes CHILD_SA updates (e.g. due to MOBIKE), which were broken
since 4cb0783.

8 years agoEnsure traffic selectors are dynamic before calling set_address() when deriving them
Tobias Brunner [Wed, 12 Sep 2012 16:07:41 +0000 (18:07 +0200)]
Ensure traffic selectors are dynamic before calling set_address() when deriving them

8 years agoConsistently log XFRM mark masks with 0 prefix in kernel-netlink plugin
Tobias Brunner [Wed, 12 Sep 2012 15:40:36 +0000 (17:40 +0200)]
Consistently log XFRM mark masks with 0 prefix in kernel-netlink plugin

8 years agostarter: Added --nolog option to suppress logging in starter itself
Tobias Brunner [Wed, 12 Sep 2012 15:11:54 +0000 (17:11 +0200)]
starter: Added --nolog option to suppress logging in starter itself

Fixes #224.

8 years agoUpdates to strongswan.conf(5) man page (added several missing options)
Tobias Brunner [Wed, 12 Sep 2012 14:52:56 +0000 (16:52 +0200)]
Updates to strongswan.conf(5) man page (added several missing options)

8 years agoSome updates to ipsec.conf(5) man page
Tobias Brunner [Wed, 12 Sep 2012 13:44:00 +0000 (15:44 +0200)]
Some updates to ipsec.conf(5) man page

8 years agostarter: Allow %any also for protocol in left|rightprotoport
Tobias Brunner [Wed, 12 Sep 2012 13:31:02 +0000 (15:31 +0200)]
starter: Allow %any also for protocol in left|rightprotoport

8 years agoDon't allow NULL encryption with PEAP
Martin Willi [Thu, 30 Aug 2012 09:13:02 +0000 (11:13 +0200)]
Don't allow NULL encryption with PEAP

8 years agoUse memmove on overlapping regions, and operate with correct sizeof()
Martin Willi [Thu, 30 Aug 2012 09:46:14 +0000 (11:46 +0200)]
Use memmove on overlapping regions, and operate with correct sizeof()

8 years agoWhitespace cleanups in tls_eap
Martin Willi [Thu, 30 Aug 2012 09:14:01 +0000 (11:14 +0200)]
Whitespace cleanups in tls_eap

8 years agoUse uintptr_t in mem pool to avoid compiler warning if sizeof(void*) != sizeof(int)
Martin Willi [Wed, 12 Sep 2012 10:02:11 +0000 (12:02 +0200)]
Use uintptr_t in mem pool to avoid compiler warning if sizeof(void*) != sizeof(int)

8 years agoikev1 hybrid authentication does not need client certificates
Andreas Steffen [Wed, 12 Sep 2012 10:42:24 +0000 (12:42 +0200)]
ikev1 hybrid authentication does not need client certificates

8 years agocorrected topology in ikev2/rw-radius-accounting scenario
Andreas Steffen [Wed, 12 Sep 2012 10:26:39 +0000 (12:26 +0200)]
corrected topology in ikev2/rw-radius-accounting scenario

8 years agoadded ikev2/rw-eap-dynamic scenario
Andreas Steffen [Wed, 12 Sep 2012 10:15:17 +0000 (12:15 +0200)]
added ikev2/rw-eap-dynamic scenario

8 years agoAlways send a configuration payload in IKEv1 TRANSACTIONs, even if it is empty
Martin Willi [Tue, 11 Sep 2012 15:20:17 +0000 (17:20 +0200)]
Always send a configuration payload in IKEv1 TRANSACTIONs, even if it is empty

8 years agoDon't use host address for dynamic TS in IKEv1 if a virtual IP was expected
Martin Willi [Tue, 11 Sep 2012 10:56:29 +0000 (12:56 +0200)]
Don't use host address for dynamic TS in IKEv1 if a virtual IP was expected

8 years agoDon't use host address for dynamic TS in IKEv2 if a virtual IP was expected
Martin Willi [Tue, 11 Sep 2012 10:38:45 +0000 (12:38 +0200)]
Don't use host address for dynamic TS in IKEv2 if a virtual IP was expected

8 years agoDon't return a subset for a dynamic TS unless set_address has been called
Martin Willi [Tue, 11 Sep 2012 10:46:31 +0000 (12:46 +0200)]
Don't return a subset for a dynamic TS unless set_address has been called

8 years agoSend FAILED_CP_REQUIRED if a configuration payload was expected, but not received
Martin Willi [Tue, 11 Sep 2012 10:20:37 +0000 (12:20 +0200)]
Send FAILED_CP_REQUIRED if a configuration payload was expected, but not received

8 years agoCheck for an existing lease in all stroke pools before creating a new one
Martin Willi [Tue, 11 Sep 2012 09:33:42 +0000 (11:33 +0200)]
Check for an existing lease in all stroke pools before creating a new one

8 years agoPass full pool list to release_address
Martin Willi [Tue, 11 Sep 2012 09:19:56 +0000 (11:19 +0200)]
Pass full pool list to release_address

8 years agoPass the full list of pools to acquire_address, enumerate in providers
Martin Willi [Tue, 11 Sep 2012 08:41:11 +0000 (10:41 +0200)]
Pass the full list of pools to acquire_address, enumerate in providers

If the provider has access to the full pool list, it can enumerate
them twice, for example to search for existing leases first, and
only search for new leases in a second step.

Fixes lease enumeration in attr-sql using multiple pools.

8 years agoAdd a linked list constructor initializing from an enumerator
Martin Willi [Tue, 11 Sep 2012 08:40:10 +0000 (10:40 +0200)]
Add a linked list constructor initializing from an enumerator

8 years agoAdd a responder narrow() hook to change TS in the kernel, but not on the wire
Martin Willi [Tue, 24 Jul 2012 10:40:45 +0000 (12:40 +0200)]
Add a responder narrow() hook to change TS in the kernel, but not on the wire

8 years agoSupport RADIUS accounting when using IKEv1 with xauth-eap and eap-radius
Martin Willi [Tue, 11 Sep 2012 13:21:25 +0000 (15:21 +0200)]
Support RADIUS accounting when using IKEv1 with xauth-eap and eap-radius

8 years agoFix leak while enumerating RADIUS Framed-IPs from IKE_SA
Martin Willi [Tue, 11 Sep 2012 13:20:33 +0000 (15:20 +0200)]
Fix leak while enumerating RADIUS Framed-IPs from IKE_SA

8 years agoAdd uniqueids=never to ignore INITIAL_CONTACT notifies
Tobias Brunner [Mon, 10 Sep 2012 15:24:21 +0000 (17:24 +0200)]
Add uniqueids=never to ignore INITIAL_CONTACT notifies

With uniqueids=no the daemon still deletes any existing IKE_SA with the
same peer if an INITIAL_CONTACT notify is received.  With this new option
it also ignores these notifies.

8 years agoAdd random plugin options to strongswan.conf.5
Martin Willi [Mon, 10 Sep 2012 15:07:28 +0000 (17:07 +0200)]
Add random plugin options to strongswan.conf.5

8 years agoAdd strongswan.conf runtime options for /dev/[u]random files
Martin Willi [Mon, 10 Sep 2012 14:47:36 +0000 (16:47 +0200)]
Add strongswan.conf runtime options for /dev/[u]random files

Fixes #221.

8 years agothis is the correct evaltest
Andreas Steffen [Mon, 10 Sep 2012 13:53:03 +0000 (15:53 +0200)]
this is the correct evaltest

8 years agorecovered ikev2/ip-two-pools-mixed evaltest
Andreas Steffen [Mon, 10 Sep 2012 13:46:50 +0000 (15:46 +0200)]
recovered ikev2/ip-two-pools-mixed evaltest

8 years agoadapted ip-pool evaltests
Andreas Steffen [Mon, 10 Sep 2012 13:41:19 +0000 (15:41 +0200)]
adapted ip-pool evaltests

8 years agoUse the proper types for comma separated attributes read from strongswan.conf
Tobias Brunner [Mon, 10 Sep 2012 13:17:17 +0000 (15:17 +0200)]
Use the proper types for comma separated attributes read from strongswan.conf

Attributes of different address families previously were mapped to
the same attribute type (the one derived from the address family of the
first address).

8 years agoPrint the name of mem pools instead of the confusing <base>/<size>
Tobias Brunner [Mon, 10 Sep 2012 10:37:31 +0000 (12:37 +0200)]
Print the name of mem pools instead of the confusing <base>/<size>

8 years agoProperly remove broadcast address from mem pools
Tobias Brunner [Mon, 10 Sep 2012 09:44:18 +0000 (11:44 +0200)]
Properly remove broadcast address from mem pools

8 years agouse base IMC ID if src IMC ID is not supported
Andreas Steffen [Sun, 9 Sep 2012 22:07:54 +0000 (00:07 +0200)]
use base IMC ID if src IMC ID is not supported

8 years agoadded libimcv.assessment_result to strongswan.conf man page
Andreas Steffen [Sun, 9 Sep 2012 21:50:32 +0000 (23:50 +0200)]
added libimcv.assessment_result to strongswan.conf man page

8 years agomake sending of IETF Assessment Result attributes configurable
Andreas Steffen [Sun, 9 Sep 2012 21:24:23 +0000 (23:24 +0200)]
make sending of IETF Assessment Result attributes configurable

8 years agointroduced sending of standard IETF Assessment Result PA-TNC attribute by IMVs
Andreas Steffen [Sun, 9 Sep 2012 03:13:13 +0000 (05:13 +0200)]
introduced sending of standard IETF Assessment Result PA-TNC attribute by IMVs

8 years agoOnly initiate an exchange from send_dpd() if a task was actually queued
Tobias Brunner [Fri, 7 Sep 2012 16:05:22 +0000 (18:05 +0200)]
Only initiate an exchange from send_dpd() if a task was actually queued

Otherwise, the initiator would prematurely initiate Quick Mode if it has
DPD enabled and XAuth is used.

8 years agoandroid: New release after adding certificate authentication and reauth fix
Tobias Brunner [Thu, 6 Sep 2012 12:54:37 +0000 (14:54 +0200)]
android: New release after adding certificate authentication and reauth fix

8 years agoTrigger ike_updown event caused by retransmits only after reestablish() has been...
Tobias Brunner [Wed, 5 Sep 2012 14:03:20 +0000 (16:03 +0200)]
Trigger ike_updown event caused by retransmits only after reestablish() has been called

This allows listeners to migrate to the new IKE_SA with the
ike_reestablish event without having to worry about an ike_updown event
for the old IKE_SA.

8 years agoandroid: Properly handle reauthentication initiated by the client
Tobias Brunner [Wed, 5 Sep 2012 09:36:59 +0000 (11:36 +0200)]
android: Properly handle reauthentication initiated by the client

8 years agoandroid: Create a new VpnService.Builder after VPN has been established
Tobias Brunner [Wed, 5 Sep 2012 09:36:00 +0000 (11:36 +0200)]
android: Create a new VpnService.Builder after VPN has been established

8 years agoAdd ike_reestablish() event that is triggered when an IKE_SA is reestablished
Tobias Brunner [Wed, 5 Sep 2012 09:34:50 +0000 (11:34 +0200)]
Add ike_reestablish() event that is triggered when an IKE_SA is reestablished

This is particularly useful during reauthentication to get the new
IKE_SA.

8 years agoAdd a new condition to mark IKE_SAs that are currently being reauthenticated
Tobias Brunner [Thu, 6 Sep 2012 09:23:11 +0000 (11:23 +0200)]
Add a new condition to mark IKE_SAs that are currently being reauthenticated

8 years agostarter: Load config again when restarting charon
Tobias Brunner [Wed, 5 Sep 2012 14:43:34 +0000 (16:43 +0200)]
starter: Load config again when restarting charon

This got lost in 041e763b.

8 years agoClear virtual IPs before storing assigned ones on the IKE_SA
Tobias Brunner [Wed, 5 Sep 2012 11:16:31 +0000 (13:16 +0200)]
Clear virtual IPs before storing assigned ones on the IKE_SA

Otherwise we'll end up with duplicate or invalid VIPs stored on the
IKE_SA.

8 years agoIn mode_config, destroy temporary pool list instead of the virtual IP list twice
Martin Willi [Wed, 5 Sep 2012 12:18:52 +0000 (14:18 +0200)]
In mode_config, destroy temporary pool list instead of the virtual IP list twice

8 years agoMerge branch 'android-client-cert'
Tobias Brunner [Tue, 4 Sep 2012 11:57:05 +0000 (13:57 +0200)]
Merge branch 'android-client-cert'

Introduces IKEv2 client certificate authentication for the Android App.

8 years agoandroid: Native parts handle ikev2-cert VPN type
Tobias Brunner [Tue, 28 Aug 2012 15:11:55 +0000 (17:11 +0200)]
android: Native parts handle ikev2-cert VPN type

8 years agoandroid: android_creds_t can provide a user's private key and certificate
Tobias Brunner [Tue, 28 Aug 2012 15:05:14 +0000 (17:05 +0200)]
android: android_creds_t can provide a user's private key and certificate

8 years agoandroid: Added JNI method to retrieve user certificate and private key
Tobias Brunner [Tue, 28 Aug 2012 15:02:53 +0000 (17:02 +0200)]
android: Added JNI method to retrieve user certificate and private key

To simplify things the private key, the user certificate and the CA
certificates are all put into the same list.

8 years agoandroid: Don't show the password dialog if not required
Tobias Brunner [Tue, 28 Aug 2012 15:01:37 +0000 (17:01 +0200)]
android: Don't show the password dialog if not required

8 years agoandroid: Enable pkcs8 plugin
Tobias Brunner [Tue, 28 Aug 2012 14:45:46 +0000 (16:45 +0200)]
android: Enable pkcs8 plugin