Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | | build libstrongswan if libimcv is built | Andreas Steffen | 2012-02-16 | 1 | -1/+1 | |
| | | ||||||
* | | version bump to 4.6.2 | Andreas Steffen | 2012-02-16 | 1 | -1/+1 | |
| | | ||||||
* | | fixed attest sql query in list_measurements() | Andreas Steffen | 2012-02-15 | 1 | -1/+1 | |
| | | ||||||
* | | Compiler warnings fixed. | Tobias Brunner | 2012-02-14 | 2 | -2/+2 | |
| | | ||||||
* | | pluto: Print expiry time more properly. | Tobias Brunner | 2012-02-14 | 1 | -2/+3 | |
| | | ||||||
* | | pluto: Drop support for legacy PSK format. | Tobias Brunner | 2012-02-08 | 1 | -15/+2 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Any line in ipsec.secrets starting with " or ' was treated as PSK without ID selectors by pluto. This prevented it from supporting DNs like "C=CH, O=Linux strongSwan, OU=Sales, CN=alice@strongswan.org" as ID selectors. PSKs defined in this legacy format can easily be updated by changing "thisIsASecret" into : PSK "thisIsASecret" | |||||
* | | completed imc/imv-attestation settings | Andreas Steffen | 2012-02-07 | 1 | -1/+20 | |
| | | ||||||
* | | adapted debug output check in openssl-ikev2/rw-eap-tls-only scenario | Andreas Steffen | 2012-02-07 | 1 | -1/+1 | |
| | | ||||||
* | | Double check if a cached suite is available, overwrite any old suite state | Martin Willi | 2012-02-07 | 1 | -2/+3 | |
| | | ||||||
* | | Some Doxygen fixes. | Tobias Brunner | 2012-02-07 | 3 | -11/+11 | |
| | | ||||||
* | | Fix TLS EAP-MSK derivation, uses different order of randoms than key expansion | Martin Willi | 2012-02-07 | 1 | -0/+1 | |
| | | ||||||
* | | Filter TLS suite MAC by HMAC algorithm, as the hash is not necessarily the same | Martin Willi | 2012-02-07 | 1 | -4/+4 | |
| | | ||||||
* | | open RADIUS accounting port in firewall | Andreas Steffen | 2012-02-06 | 1 | -0/+4 | |
| | | ||||||
* | | added ikev2/rw-radius-accounting scenario | Andreas Steffen | 2012-02-06 | 18 | -0/+406 | |
| | | ||||||
* | | Update usage for all children in RADIUS accounting just before sending Stop | Martin Willi | 2012-02-06 | 1 | -1/+12 | |
| | | ||||||
* | | Check if ClusterIP directory could be opened before enumerating it | Martin Willi | 2012-02-06 | 1 | -17/+26 | |
| | | ||||||
* | | version bump to 4.6.2rc1 | Andreas Steffen | 2012-02-05 | 1 | -1/+1 | |
| | | ||||||
* | | ipsec attest adds and deletes key/component pairs | Andreas Steffen | 2012-02-05 | 1 | -4/+21 | |
| | | ||||||
* | | check if TNC client has a valid and registered AIK | Andreas Steffen | 2012-02-05 | 5 | -25/+62 | |
| | | ||||||
* | | reformulated some NEWS entries | Andreas Steffen | 2012-02-03 | 1 | -4/+6 | |
| | | ||||||
* | | added openssl-ikev2/ecdsa-pkcs8 scenario | Andreas Steffen | 2012-02-03 | 23 | -0/+286 | |
| | | ||||||
* | | added ikev2/rw-pkcs8 scenario | Andreas Steffen | 2012-02-03 | 18 | -0/+238 | |
| | | ||||||
* | | version bump to 4.6.2dr4 | Andreas Steffen | 2012-02-02 | 1 | -1/+1 | |
| | | ||||||
* | | Trigger DPD not before IKE_SA state gets updated | Martin Willi | 2012-02-02 | 1 | -6/+8 | |
| | | ||||||
* | | Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE state | Martin Willi | 2012-02-02 | 1 | -0/+26 | |
| | | ||||||
* | | Moved and clarified NEWS about PKCS#8 plugin. | Tobias Brunner | 2012-02-01 | 1 | -3/+3 | |
| | | ||||||
* | | Moved log message for unexpected ASN.1 objects to level 2. | Tobias Brunner | 2012-02-01 | 1 | -1/+1 | |
| | | | | | | | | This avoids error messages if later builders can successfully decode something. | |||||
* | | Added support for PKCS#5 v2 schemes when decrypting PKCS#8 files. | Tobias Brunner | 2012-02-01 | 3 | -61/+323 | |
| | | ||||||
* | | NEWS about pkcs8 plugin added. | Tobias Brunner | 2012-02-01 | 1 | -0/+3 | |
| | | ||||||
* | | Added support for encrypted PKCS#8 files (for some PKCS#5 v1.5 schemes). | Tobias Brunner | 2012-02-01 | 3 | -4/+261 | |
| | | ||||||
* | | Added support to parse PKCS#8 encoded ECDSA private keys. | Tobias Brunner | 2012-02-01 | 3 | -12/+28 | |
| | | ||||||
* | | OpenSSL plugin parses ECDSA private keys with explicitly specified EC ↵ | Tobias Brunner | 2012-02-01 | 1 | -9/+30 | |
| | | | | | | | | | | | | | | parameters. This is needed in case the key itself does not contain the parameters, which is the case for PKCS#8. | |||||
* | | Add builder part for parameters from algorithmIdentifier. | Tobias Brunner | 2012-02-01 | 2 | -1/+4 | |
| | | ||||||
* | | Return parsed parameters from algorithmIdentifier if they are an OID (aka EC ↵ | Tobias Brunner | 2012-02-01 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | named curve). Explicit EC parameters are not supported with this function, but before this change no parameters were actually ever returned. | |||||
* | | Parse RSA private keys from PKCS#8 encoded blobs. | Tobias Brunner | 2012-02-01 | 4 | -1/+151 | |
| | | ||||||
* | | Added PKCS#8 stub plugin. | Tobias Brunner | 2012-02-01 | 5 | -0/+143 | |
| | | ||||||
* | | Added an option to load CA certificates without CA basic constraint. | Tobias Brunner | 2012-02-01 | 2 | -4/+38 | |
| | | | | | | | | | | | | Enabling this option treats all certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA certificates even if they do not contain a CA basic constraint. | |||||
* | | Added TLS session resumption NEWS | Martin Willi | 2012-02-01 | 1 | -0/+2 | |
| | | ||||||
* | | Added RADIUS accounting NEWS | Martin Willi | 2012-02-01 | 1 | -0/+3 | |
| | | ||||||
* | | Added RADIUS accounting option to strongswan.conf manual | Martin Willi | 2012-02-01 | 1 | -0/+3 | |
| | | ||||||
* | | Support RADIUS accounting messages containing Framed-IP and ↵ | Martin Willi | 2012-01-30 | 4 | -0/+376 | |
| | | | | | | | | Inbound/Outbound-Octets | |||||
* | | Open RADIUS accounting sockets to exchange accounting messages | Martin Willi | 2012-01-30 | 5 | -46/+91 | |
| | | ||||||
* | | Support signing of RADIUS accounting messages | Martin Willi | 2012-01-30 | 3 | -10/+26 | |
| | | ||||||
* | | RADIUS message constructor accepts a message code parameter | Martin Willi | 2012-01-30 | 3 | -7/+8 | |
| | | ||||||
* | | Disable crypto benchmarking if CLOCK_THREAD_CPUTIME_ID is not available. | Tobias Brunner | 2012-01-30 | 1 | -0/+10 | |
| | | ||||||
* | | Build libstrongswan if libfast gets built | Martin Willi | 2012-01-24 | 1 | -1/+1 | |
| | | ||||||
* | | Cache list of plugin names to further simplify its usage. | Tobias Brunner | 2012-01-19 | 8 | -73/+62 | |
| | | | | | | | | Also helpful for ipsec statusall to avoid having to enumerate plugins. | |||||
* | | Log list of loaded plugins in main PKI help output. | Tobias Brunner | 2012-01-19 | 1 | -0/+8 | |
| | | ||||||
* | | Simplified logging of list of loaded plugins. | Tobias Brunner | 2012-01-19 | 5 | -59/+22 | |
| | | ||||||
* | | Function added to plugin_loader to get a list of the names of loaded plugins. | Tobias Brunner | 2012-01-19 | 2 | -1/+34 | |
| | |