aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* treat sig_alg and algorithm comparison in a consistent way over all ↵Andreas Steffen2008-03-262-3/+9
| | | | certificate types
* fixed rightca= constraint checkingMartin Willi2008-03-261-21/+58
| | | | implemented rightca= for intermediate CAs we do not have the certificate at config load
* fixed auth_info_t.equals()Martin Willi2008-03-261-1/+1
|
* splitted stroke plugin to several files:Martin Willi2008-03-2618-3285/+4155
| | | | | | | | | | | socket: reads messages from socket, dispatching config: process add/del conn, serves configs through backend_t control: controlling of the daemon (up/down/route/...( cred: credential loading, serves creds through credential_set_t ca: ca sections from ipsec.conf, serves cdp's through credential_set_t list: log status information to stroke console (status/statusall/list*) shared_key: shared key implementation for keys read from ipsec.secrets plugin: registers stroke plugin and starts socket w/ thread
* added equals() method to peer_cfg, ike_cfg, proposals, auth_infoMartin Willi2008-03-2618-261/+569
| | | | | | allows easier merging of ipsec.conf connections replaced some iterators through enumerators made proposals algorithm_t private using enumerator
* fixed compiler warningsMartin Willi2008-03-263-10/+15
|
* certificate factory can load certs from fileAndreas Steffen2008-03-2512-261/+481
|
* added component BUILD_FROM_FILEAndreas Steffen2008-03-253-2/+6
|
* renamed certificate field in x509_cert.c to encodingAndreas Steffen2008-03-251-9/+5
|
* added ac.cAndreas Steffen2008-03-251-0/+55
|
* defined *_create_from_file() constructors in ↵Andreas Steffen2008-03-257-106/+157
| | | | libstrongswan/credentials/certificates
* fixed refence counts before calling attribute certificate factoryAndreas Steffen2008-03-252-66/+24
|
* corrected some doxygen entriesAndreas Steffen2008-03-224-26/+13
|
* optimized self-signed certificate detectionAndreas Steffen2008-03-211-7/+6
|
* shortened debug outputAndreas Steffen2008-03-211-2/+2
|
* detect trusted self-signed before trust chain verificationAndreas Steffen2008-03-211-4/+14
|
* self-signed certificates were not marked by x509_cert.cAndreas Steffen2008-03-211-14/+22
|
* added ietf group attribute support to attibute certificate factoryAndreas Steffen2008-03-215-2/+11
|
* fixed memory allocation problem in openacAndreas Steffen2008-03-212-14/+10
|
* added BUILD_SERIAL component and fixed several ac bugsAndreas Steffen2008-03-215-9/+21
|
* added VALIDATION_UNKNOWN to cert_validation_namesAndreas Steffen2008-03-211-0/+1
|
* added credential factory support for BULD_NOT_BEFORE_TIME and ↵Andreas Steffen2008-03-214-24/+31
| | | | BUILD_NOT_AFTER_TIME
* added x509_ac_builder pluginAndreas Steffen2008-03-211-0/+5
|
* initialize library in openacAndreas Steffen2008-03-212-5/+24
|
* suppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko ↵Andreas Steffen2008-03-211-0/+8
| | | | Hund from Astaro.
* optimized debug output of credential_manager.cAndreas Steffen2008-03-211-21/+21
|
* removed build.h includeAndreas Steffen2008-03-201-2/+0
|
* refactored openac and its attribute certificate factoryAndreas Steffen2008-03-2012-275/+1542
|
* modified debug textAndreas Steffen2008-03-201-1/+1
|
* cert_cache_t caches subject-issuer relations and subject certificatesMartin Willi2008-03-204-3/+293
| | | | ocsp/crl do not benefit yet due missing lookup function
* fallback to random end entity certificate if trustchain building failsMartin Willi2008-03-201-3/+18
|
* (no commit message)Martin Willi2008-03-202-14/+86
|
* some C libraries need _GNU_SOURCE for rwlocksMartin Willi2008-03-201-0/+2
|
* added support for certificate requests for not yet known CAsMartin Willi2008-03-204-5/+31
|
* added $Andreas Steffen2008-03-201-0/+2
|
* fixed verification of preinstalled certificatesMartin Willi2008-03-201-1/+1
|
* included utils/linked_list.hAndreas Steffen2008-03-201-0/+1
|
* more trustchain verification improvementsMartin Willi2008-03-201-99/+103
| | | | should fix crl-revoked and two-certs scenarios
* cleaned up includesAndreas Steffen2008-03-201-1/+3
|
* CA certificates are allowed to sign OCSP responsed without OCSP_SIGNER flagMartin Willi2008-03-201-1/+2
|
* refactored trustchain verification, this should fix #33Martin Willi2008-03-197-329/+531
| | | | moved auth_info/ocsp_response credset wrapper to separate files
* increased debug level in trust chain verification for auditing purposesAndreas Steffen2008-03-191-31/+50
|
* removed unimplemented private/public key function declarationsMartin Willi2008-03-192-47/+0
|
* The introduced SHA1_NOFINAL hasher was not sufficient for EAP-AKA, Martin Willi2008-03-1910-109/+183
| | | | | | as it requires to XOR the key into the hashers state. A new SHA1 based keyed hash function, implemented as PRF, enables EAP-AKA and the FIPS-PRF function to properly use the existing SHA1 implementation.
* log nextUpdate of crls and ocsp responsesAndreas Steffen2008-03-191-12/+36
|
* fixed stupid bug in fetch_ocsp()Andreas Steffen2008-03-191-1/+1
|
* attempt to achieve consistent debugging outputAndreas Steffen2008-03-197-69/+79
|
* fixed shared key lookup in strokeMartin Willi2008-03-191-1/+1
|
* fixed peer_cfg lookup when omitting IDrMartin Willi2008-03-192-3/+18
|
* fixed CRL check return value on revoked certificatesMartin Willi2008-03-196-53/+32
| | | | | fixed possible refcounting bugs generic return_null() implementation
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 18:55:58 +0000