strongswan.git
11 years agocreate algorithmIdentifier dynamically from OID database
Martin Willi [Thu, 27 Aug 2009 11:14:01 +0000 (13:14 +0200)]
create algorithmIdentifier dynamically from OID database

11 years agouse subjectPublicKeyInfo encoding type directly
Martin Willi [Thu, 27 Aug 2009 11:09:31 +0000 (13:09 +0200)]
use subjectPublicKeyInfo encoding type directly

11 years agopkcs1 encoder supports subjectPublicKeyInfo encoding
Martin Willi [Thu, 27 Aug 2009 11:07:34 +0000 (13:07 +0200)]
pkcs1 encoder supports subjectPublicKeyInfo encoding

11 years agorevoked soon-to-expire carol certificate
Andreas Steffen [Thu, 27 Aug 2009 11:36:02 +0000 (13:36 +0200)]
revoked soon-to-expire carol certificate

11 years agorenewed expiring strongSwan certicates for UML scenarios
Andreas Steffen [Thu, 27 Aug 2009 11:20:48 +0000 (13:20 +0200)]
renewed expiring strongSwan certicates for UML scenarios

11 years agoimplemented fingerprinting support for PKI tool
Martin Willi [Thu, 27 Aug 2009 08:41:07 +0000 (10:41 +0200)]
implemented fingerprinting support for PKI tool

11 years agofixed memleak in openssl fingerprinting
Martin Willi [Thu, 27 Aug 2009 08:40:49 +0000 (10:40 +0200)]
fixed memleak in openssl fingerprinting

11 years agodo openssl fingerprinting/encoding directly, openssl provides all functions
Martin Willi [Thu, 27 Aug 2009 07:58:38 +0000 (09:58 +0200)]
do openssl fingerprinting/encoding directly, openssl provides all functions

11 years agokey encoding gained a cache() method, allows caching of externally created encodings
Martin Willi [Thu, 27 Aug 2009 07:57:49 +0000 (09:57 +0200)]
key encoding gained a cache() method, allows caching of externally created encodings

11 years agopgp plugin required in ikev1/net2net-pgp-v3|v4 scenarios
Andreas Steffen [Wed, 26 Aug 2009 21:42:05 +0000 (23:42 +0200)]
pgp plugin required in ikev1/net2net-pgp-v3|v4 scenarios

11 years agodnskey plugin required in ikev1/net2net-rsa scenario
Andreas Steffen [Wed, 26 Aug 2009 21:11:06 +0000 (23:11 +0200)]
dnskey plugin required in ikev1/net2net-rsa scenario

11 years agoikev1 psk scenarios don't need pkcs1 and pem plugins
Andreas Steffen [Wed, 26 Aug 2009 20:46:39 +0000 (22:46 +0200)]
ikev1 psk scenarios don't need pkcs1 and pem plugins

11 years agofixed typo
Andreas Steffen [Wed, 26 Aug 2009 20:25:24 +0000 (22:25 +0200)]
fixed typo

11 years agostreamlined file loading labels
Andreas Steffen [Wed, 26 Aug 2009 20:02:00 +0000 (22:02 +0200)]
streamlined file loading labels

11 years agouse --outform consistantly
Andreas Steffen [Wed, 26 Aug 2009 16:55:18 +0000 (18:55 +0200)]
use --outform consistantly

11 years agothe option has been changed to --outform
Andreas Steffen [Wed, 26 Aug 2009 16:41:19 +0000 (18:41 +0200)]
the option has been changed to --outform

11 years agoadded pki/.libs/pki to the libs
Andreas Steffen [Wed, 26 Aug 2009 16:27:04 +0000 (18:27 +0200)]
added pki/.libs/pki to the libs

11 years agofixed two typos
Andreas Steffen [Wed, 26 Aug 2009 15:29:57 +0000 (17:29 +0200)]
fixed two typos

11 years agoencoding public EC keys is not really possible without subjectPublicKeyInfo
Martin Willi [Wed, 26 Aug 2009 14:15:38 +0000 (16:15 +0200)]
encoding public EC keys is not really possible without subjectPublicKeyInfo

11 years agocomplain about build errors in non-recursive cases only
Martin Willi [Wed, 26 Aug 2009 12:44:05 +0000 (14:44 +0200)]
complain about build errors in non-recursive cases only

11 years agoopenac (and tools) do not depend on gmp anymore
Martin Willi [Wed, 26 Aug 2009 12:08:20 +0000 (14:08 +0200)]
openac (and tools) do not depend on gmp anymore

11 years agomoved chunk_increment() function to libstrongswan
Martin Willi [Wed, 26 Aug 2009 12:07:26 +0000 (14:07 +0200)]
moved chunk_increment() function to libstrongswan

11 years agopki tool supports public key extraction from private key, certificates
Martin Willi [Wed, 26 Aug 2009 11:05:17 +0000 (13:05 +0200)]
pki tool supports public key extraction from private key, certificates

11 years agoadded a BUILD_FROM_FD option, supporting credential parsing from stdin
Martin Willi [Wed, 26 Aug 2009 11:03:23 +0000 (13:03 +0200)]
added a BUILD_FROM_FD option, supporting credential parsing from stdin

11 years agostarted implementation of a PKI tool, currently supporting RSA|ECDSA key generation
Martin Willi [Wed, 26 Aug 2009 09:22:09 +0000 (11:22 +0200)]
started implementation of a PKI tool, currently supporting RSA|ECDSA key generation

11 years agoimplemented openssl EC key generation
Martin Willi [Wed, 26 Aug 2009 09:20:13 +0000 (11:20 +0200)]
implemented openssl EC key generation

11 years agofixed openssl RSA private key encoding
Martin Willi [Wed, 26 Aug 2009 09:19:06 +0000 (11:19 +0200)]
fixed openssl RSA private key encoding

11 years agokeyids in SQL use ID_KEY_ID type with subjectPublicKey SHA1 hash
Martin Willi [Tue, 25 Aug 2009 12:29:48 +0000 (14:29 +0200)]
keyids in SQL use ID_KEY_ID type with subjectPublicKey SHA1 hash

11 years agotests load pem/pkcs1 plugins, pubkey plugin not needed anymore
Martin Willi [Tue, 25 Aug 2009 11:21:50 +0000 (13:21 +0200)]
tests load pem/pkcs1 plugins, pubkey plugin not needed anymore

11 years agouse ./configured plugins in keyid scripts
Martin Willi [Tue, 25 Aug 2009 09:31:08 +0000 (11:31 +0200)]
use ./configured plugins in keyid scripts

11 years agoaccept PEM encoded keys in keyid scripts
Martin Willi [Tue, 25 Aug 2009 09:30:42 +0000 (11:30 +0200)]
accept PEM encoded keys in keyid scripts

11 years agomigrated scripts to new fingerprinting API
Martin Willi [Tue, 25 Aug 2009 09:29:51 +0000 (11:29 +0200)]
migrated scripts to new fingerprinting API

11 years agoupdated medsrv and test to new fingerprint/encoding API
Martin Willi [Tue, 25 Aug 2009 13:37:33 +0000 (15:37 +0200)]
updated medsrv and test to new fingerprint/encoding API

11 years agoupdated load-tester plugin to new fingerprinting API
Martin Willi [Mon, 24 Aug 2009 14:57:09 +0000 (16:57 +0200)]
updated load-tester plugin to new fingerprinting API

11 years agouse only KEY_ID_PUBKEY_SHA1 fingerprint charon internally
Martin Willi [Mon, 24 Aug 2009 14:06:59 +0000 (16:06 +0200)]
use only KEY_ID_PUBKEY_SHA1 fingerprint charon internally

11 years agoupdated nm plugin to new fingerprinting API
Martin Willi [Mon, 24 Aug 2009 14:06:21 +0000 (16:06 +0200)]
updated nm plugin to new fingerprinting API

11 years agoupdated agent plugin to new fingerprint/encoding API
Martin Willi [Mon, 24 Aug 2009 13:10:18 +0000 (15:10 +0200)]
updated agent plugin to new fingerprint/encoding API

11 years agoupdated stroke plugin to fingerprinting API
Martin Willi [Mon, 24 Aug 2009 12:20:59 +0000 (14:20 +0200)]
updated stroke plugin to fingerprinting API

11 years agoupdated charon to new fingerprinting API
Martin Willi [Mon, 24 Aug 2009 12:20:29 +0000 (14:20 +0200)]
updated charon to new fingerprinting API

11 years agoupdated pluto to new fingerprinting API
Martin Willi [Mon, 24 Aug 2009 12:19:51 +0000 (14:19 +0200)]
updated pluto to new fingerprinting API

11 years agoupdated scepclient to new encoding API
Martin Willi [Mon, 24 Aug 2009 12:19:16 +0000 (14:19 +0200)]
updated scepclient to new encoding API

11 years agoupdated pubkey plugin to new fingerprinting API
Martin Willi [Mon, 24 Aug 2009 12:15:03 +0000 (14:15 +0200)]
updated pubkey plugin to new fingerprinting API

11 years agoupdated x509 plugin to public key/x509 API changes
Martin Willi [Mon, 24 Aug 2009 12:11:44 +0000 (14:11 +0200)]
updated x509 plugin to public key/x509 API changes

11 years agoupdated x509/CRL/AC API to align with public key, authKeyIdentifier is a chunk
Martin Willi [Mon, 24 Aug 2009 12:10:26 +0000 (14:10 +0200)]
updated x509/CRL/AC API to align with public key, authKeyIdentifier is a chunk

11 years agoupdated openssl plugin to new private/public key API, use encoder framework
Martin Willi [Mon, 24 Aug 2009 12:09:18 +0000 (14:09 +0200)]
updated openssl plugin to new private/public key API, use encoder framework

11 years agoupdated gcrypt plugin to new private/public key API, use encoder framework
Martin Willi [Mon, 24 Aug 2009 12:07:32 +0000 (14:07 +0200)]
updated gcrypt plugin to new private/public key API, use encoder framework

11 years agoupdated gmp plugin to new private/public key API, use encoder framework
Martin Willi [Mon, 24 Aug 2009 12:06:41 +0000 (14:06 +0200)]
updated gmp plugin to new private/public key API, use encoder framework

11 years agochanged get_id/get_encoding API of private/public key to use new encoding framework
Martin Willi [Mon, 24 Aug 2009 12:04:23 +0000 (14:04 +0200)]
changed get_id/get_encoding API of private/public key to use new encoding framework

11 years agoremoved obsolete fingerprint identification types
Martin Willi [Mon, 24 Aug 2009 12:21:38 +0000 (14:21 +0200)]
removed obsolete fingerprint identification types

11 years agoadded generic implementation helpers for private_key_t.equals/belongs_to, public_key_...
Martin Willi [Mon, 24 Aug 2009 12:00:43 +0000 (14:00 +0200)]
added generic implementation helpers for private_key_t.equals/belongs_to, public_key_t.equals

11 years agoadded a seperate chache lookup, as encode() requires arguments expensive to build
Martin Willi [Mon, 24 Aug 2009 09:12:07 +0000 (11:12 +0200)]
added a seperate chache lookup, as encode() requires arguments expensive to build

11 years agouse credential builder API to parse trusted public keys
Martin Willi [Fri, 21 Aug 2009 11:53:19 +0000 (13:53 +0200)]
use credential builder API to parse trusted public keys

11 years agoimplemented PGP fingerprinting
Martin Willi [Wed, 19 Aug 2009 14:26:29 +0000 (16:26 +0200)]
implemented PGP fingerprinting

11 years agoimplemented pkcs1 private/public key encoding and fingerprinting
Martin Willi [Wed, 19 Aug 2009 14:10:08 +0000 (16:10 +0200)]
implemented pkcs1 private/public key encoding and fingerprinting

11 years agochunk_cat/cata/create_cat/length accept the sensitive data clearing mode 's'
Martin Willi [Wed, 19 Aug 2009 14:02:20 +0000 (16:02 +0200)]
chunk_cat/cata/create_cat/length accept the sensitive data clearing mode 's'

11 years agoin addition to 'm'/'c' mode, asn1_wrap accepts a 's' mode clearing sensitive information
Martin Willi [Wed, 19 Aug 2009 14:00:48 +0000 (16:00 +0200)]
in addition to 'm'/'c' mode, asn1_wrap accepts a 's' mode clearing sensitive information

11 years agoadded a facility to hand out fingerprinting/key encoding to the pkcs1/pgp/... plugins
Martin Willi [Tue, 18 Aug 2009 15:48:34 +0000 (17:48 +0200)]
added a facility to hand out fingerprinting/key encoding to the pkcs1/pgp/... plugins

11 years agogmp uses component builder to build public- from private-key
Martin Willi [Tue, 18 Aug 2009 07:58:12 +0000 (09:58 +0200)]
gmp uses component builder to build public- from private-key

11 years agogcrypt uses component builder to build public- from private-key
Martin Willi [Tue, 18 Aug 2009 07:47:41 +0000 (09:47 +0200)]
gcrypt uses component builder to build public- from private-key

11 years agomoved PGP code to pluto and gpg plugin
Martin Willi [Mon, 17 Aug 2009 13:56:08 +0000 (15:56 +0200)]
moved PGP code to pluto and gpg plugin

11 years agogmp plugin makes use of pkcs1/pgp/dnskey plugins
Martin Willi [Mon, 17 Aug 2009 12:58:42 +0000 (14:58 +0200)]
gmp plugin makes use of pkcs1/pgp/dnskey plugins

11 years agoenforce RSA_PRIME1 > RSA_PRIME2 (p > q) in PGP
Martin Willi [Mon, 17 Aug 2009 13:30:20 +0000 (15:30 +0200)]
enforce RSA_PRIME1 > RSA_PRIME2 (p > q) in PGP

11 years agoimplemented RFC3110 key builder in a plugin, added generic DNSKEY RR parsing
Martin Willi [Mon, 17 Aug 2009 12:45:52 +0000 (14:45 +0200)]
implemented RFC3110 key builder in a plugin, added generic DNSKEY RR parsing

11 years agorenamed BUILD_BLOB_RFC_3110 to BUILD_BLOB_DNSKEY, we potentially support other key...
Martin Willi [Mon, 17 Aug 2009 12:11:39 +0000 (14:11 +0200)]
renamed BUILD_BLOB_RFC_3110 to BUILD_BLOB_DNSKEY, we potentially support other key types

11 years agopluto uses KEY_ANY builder to parse PGP public keys
Martin Willi [Mon, 17 Aug 2009 11:48:50 +0000 (13:48 +0200)]
pluto uses KEY_ANY builder to parse PGP public keys

11 years agoimplemented a pgp plugin providing PGP key parsing builders
Martin Willi [Mon, 17 Aug 2009 11:46:04 +0000 (13:46 +0200)]
implemented a pgp plugin providing PGP key parsing builders

11 years agomake use of the pkcs1 plugin in gcrypt rsa key parsing
Martin Willi [Fri, 14 Aug 2009 15:21:03 +0000 (17:21 +0200)]
make use of the pkcs1 plugin in gcrypt rsa key parsing

11 years agoremoved subjectPublicKeyInfo parsing, provided by pkcs1 plugin
Martin Willi [Fri, 14 Aug 2009 14:51:12 +0000 (16:51 +0200)]
removed subjectPublicKeyInfo parsing, provided by pkcs1 plugin

11 years agoimplemented a pkcs1 plugin providing PKCS#1 key parsing builders
Martin Willi [Fri, 14 Aug 2009 14:48:40 +0000 (16:48 +0200)]
implemented a pkcs1 plugin providing PKCS#1 key parsing builders

11 years agoadded support for %prompt-ing private key passhprases in strokes "ipsec secrets"
Martin Willi [Fri, 14 Aug 2009 13:01:35 +0000 (15:01 +0200)]
added support for %prompt-ing private key passhprases in strokes "ipsec secrets"

11 years agoshow more information if building a credential fails
Martin Willi [Fri, 14 Aug 2009 11:19:47 +0000 (13:19 +0200)]
show more information if building a credential fails

11 years agolog loaded private key/certificates
Martin Willi [Thu, 13 Aug 2009 15:14:41 +0000 (17:14 +0200)]
log loaded private key/certificates

11 years agoadded getnetbyname/gethostbyname2 to leak detective whitelist, used by pluto
Martin Willi [Thu, 13 Aug 2009 14:47:57 +0000 (16:47 +0200)]
added getnetbyname/gethostbyname2 to leak detective whitelist, used by pluto

11 years agoclone blobs passed to parse functions, check before free
Martin Willi [Thu, 13 Aug 2009 14:47:27 +0000 (16:47 +0200)]
clone blobs passed to parse functions, check before free

11 years agofixed builder signature
Martin Willi [Thu, 13 Aug 2009 14:05:06 +0000 (16:05 +0200)]
fixed builder signature

11 years agodo not enumerate builders returning NULL
Martin Willi [Thu, 13 Aug 2009 14:04:45 +0000 (16:04 +0200)]
do not enumerate builders returning NULL

11 years agoupdated pubkey_speed test to use pem plugin
Martin Willi [Thu, 13 Aug 2009 13:39:29 +0000 (15:39 +0200)]
updated pubkey_speed test to use pem plugin

11 years agohandle pluto specific certificates under CRED_CERTIFICATE, not as own credential...
Martin Willi [Thu, 13 Aug 2009 13:05:14 +0000 (15:05 +0200)]
handle pluto specific certificates under CRED_CERTIFICATE, not as own credential kind

11 years agounified pluto builder implementations
Martin Willi [Thu, 13 Aug 2009 12:18:58 +0000 (14:18 +0200)]
unified pluto builder implementations

11 years agoremoved obsolete PEM code in pluto/libstrongswan
Martin Willi [Thu, 13 Aug 2009 11:47:31 +0000 (13:47 +0200)]
removed obsolete PEM code in pluto/libstrongswan

11 years agouse credential builder to build crls
Martin Willi [Thu, 13 Aug 2009 11:37:14 +0000 (13:37 +0200)]
use credential builder to build crls

11 years agouse credential builder to build attribute certificates
Martin Willi [Thu, 13 Aug 2009 09:15:31 +0000 (11:15 +0200)]
use credential builder to build attribute certificates

11 years agomoved builder hooks to a separate file
Martin Willi [Thu, 13 Aug 2009 08:48:22 +0000 (10:48 +0200)]
moved builder hooks to a separate file

11 years agouse a pluto specific credential builder to build pluto cert_t's
Martin Willi [Wed, 12 Aug 2009 15:27:15 +0000 (17:27 +0200)]
use a pluto specific credential builder to build pluto cert_t's

11 years agoremoved obsolete pgp private key parsing, done by libstrongswan
Martin Willi [Wed, 12 Aug 2009 14:14:26 +0000 (16:14 +0200)]
removed obsolete pgp private key parsing, done by libstrongswan

11 years agouse libstrongswan for private key loading, whack callback to read passphrase
Martin Willi [Wed, 12 Aug 2009 14:13:18 +0000 (16:13 +0200)]
use libstrongswan for private key loading, whack callback to read passphrase

11 years agopass along X509 flags when loading PEM encoded data
Martin Willi [Wed, 12 Aug 2009 13:34:14 +0000 (15:34 +0200)]
pass along X509 flags when loading PEM encoded data

11 years agomake use of the pem helper plugin to load credentials
Martin Willi [Wed, 12 Aug 2009 12:40:16 +0000 (14:40 +0200)]
make use of the pem helper plugin to load credentials

11 years agoadded file loading support to pem plugin, using mmap()
Martin Willi [Wed, 12 Aug 2009 11:26:02 +0000 (13:26 +0200)]
added file loading support to pem plugin, using mmap()

11 years agomoved PEM parsing functionality to its own plugin
Martin Willi [Tue, 11 Aug 2009 14:24:01 +0000 (16:24 +0200)]
moved PEM parsing functionality to its own plugin

11 years agomake boolean expression less enigmatic
Andreas Steffen [Tue, 25 Aug 2009 19:09:54 +0000 (21:09 +0200)]
make boolean expression less enigmatic

11 years agoset stroke connection flags to a clear TRUE/FALSE
Martin Willi [Tue, 25 Aug 2009 17:57:36 +0000 (19:57 +0200)]
set stroke connection flags to a clear TRUE/FALSE

11 years agodisable lifetimes of allocated SPIs
Martin Willi [Tue, 25 Aug 2009 16:15:25 +0000 (18:15 +0200)]
disable lifetimes of allocated SPIs

The default lifetime of 30 seconds is too short, as a tunnel
setup may need several minutes if we have high packet loss. Instead
of increasing the value, we disable lifetimes completely, as we handle
the removal of such SAs from userland just fine.

11 years agoremove incomplete SAs with PROTO_ESP
Martin Willi [Tue, 25 Aug 2009 16:12:55 +0000 (18:12 +0200)]
remove incomplete SAs with PROTO_ESP

11 years agoadded URL for git repository served over git:// protocol
Martin Willi [Fri, 21 Aug 2009 08:52:39 +0000 (10:52 +0200)]
added URL for git repository served over git:// protocol

11 years agoversion bump to 4.3.5
Andreas Steffen [Tue, 18 Aug 2009 16:35:37 +0000 (18:35 +0200)]
version bump to 4.3.5

11 years agopruned OID tree
Andreas Steffen [Tue, 18 Aug 2009 16:24:26 +0000 (18:24 +0200)]
pruned OID tree

11 years agofixed wrong emailAddress OID introduced by revision c31687da
Andreas Steffen [Tue, 18 Aug 2009 15:52:00 +0000 (17:52 +0200)]
fixed wrong emailAddress OID introduced by revision c31687da

11 years agoFixing address resolution via getaddrinfo in libfreeswan. 4.3.4
Tobias Brunner [Tue, 18 Aug 2009 10:30:11 +0000 (12:30 +0200)]
Fixing address resolution via getaddrinfo in libfreeswan.

11 years agocheck integrity of pool code file
Andreas Steffen [Mon, 17 Aug 2009 13:46:56 +0000 (15:46 +0200)]
check integrity of pool code file