diff options
| author | Martin Willi <martin@strongswan.org> | 2006-12-19 10:46:58 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2006-12-19 10:46:58 +0000 |
| commit | 2b4405a3e7a3e747ef39016365bbbcea24d442cc (patch) | |
| tree | d410c4bcb6d9c7338aa0dccf5ef5809855554cce /src | |
| parent | 532f2347dcad6d1dd553886fe4665ada99f30438 (diff) | |
| download | strongswan-2b4405a3e7a3e747ef39016365bbbcea24d442cc.tar.bz2 strongswan-2b4405a3e7a3e747ef39016365bbbcea24d442cc.tar.xz | |
added a roadmap of the strongSwan project (TODO)
added some NEWS
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon/doc/Todo-list.txt | 84 |
1 files changed, 0 insertions, 84 deletions
diff --git a/src/charon/doc/Todo-list.txt b/src/charon/doc/Todo-list.txt deleted file mode 100644 index a320a5454..000000000 --- a/src/charon/doc/Todo-list.txt +++ /dev/null @@ -1,84 +0,0 @@ -Todo-List for charon --------------------- - -+ = done, / = partial, - = todo, ordered by priority - - -+ private key loading: der, without passphrase -+ load all private keys from ipsec.d/private/ in stroke.c -+ handle leftcert and rightcert in starterstroke.c/stroke.c -+ load specified certs in stroke.c -+ extract public keys from certs -+ public key authentication -+ release for Andreas - -+ stroke loglevels -+ stroke up -+ ike_sa_manager checkout_by_hosts -+ stroke down -+ stroke output redirection -+ stroke status - -+ libx509 - + new charon build - libstrong? - + transforms - + utils (plus host) - + logger_manager instance in lib - + leak detective usable for charon and pluto and anything else - + integrate asn1 parser/oid (asn1/oid) - + integrate basic PEM loading - + port x509 stuff - -+ doxygen cleanup (charon/lib) -+ new build environment (autotools?) - -+ useable certificate support - + more id types (use atodn from pluto) - + rewrite certificate storage the clean way - + further subjectAltName support - + certificate validation/chaining - + certificate exchange - -+ Apply -W's from Makefile.program to charon -+ do ipsec status via starter - -+ stroke status should show configured connections -+ stroke loglevel update -+ stroke argument parsing via getopts/gperf? - -+ ipsec.secrets parsing - -+ trapping -+ proper delete messages -+ notifys on connection setup failure -+ create child sa message/rekeying -+ IKE_SA rekeying - + handle all simultaneous rekeying/delete/create cases - -+ replace state machine with something more transaction oriented -+ find existing IKE_SA on CHILD_SA initiation - -+ use dpdaction/dpddelay parameters from ipsec.conf -+ add firewall script support -+ do not link unneeded libraries in bins -+ include only a minimum of NATD payloads -+ implement 3DES to load encrypted pem files -+ implement a "event bus" mechanism - + add more output to to up/down, somehow... - - detach console after first keyingtry - - proper handling of CTRL+C console detach (SIG_PIPE) -- configure flag which allows to ommit vendor id in pluto -- ikelifetime should optionally enforce reauthentication -- cookies/DDoS prevention -- implement a mechanism against thread exhaustion - when a blocked IKE_SA receives a lot of messages -- add a crl fetch mechanism which synchronizes equal fetches -- add support for CERTREQs -- proper handling of multiple certificate payloads (import order) -- add a Rekey-Counter for SAs in "statusall" -- ipsec status: - + on one line: ip, id, spi - + no key age, rekey for IKE - - byte count -- retry transaction on failure while keyingtries > 1 -- reduce printf handlers count to 10, as uClibc does not support more |