| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
The test runner deinit function often cancels all threads from the pool. This
operation might hang on error conditions, hence we should include that hook in
the test timeout to fail properly.
|
| |/
|
|
|
|
| |
A worker raises SIGUSR1 to inform the main thread that the test fails. The main
thread then starts cancelling workers, but the offending thread should be
terminated immediately to prevent it from test continuation.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The addresses can actually change as plugins are loaded/unloaded for
each test case.
Fixes #551.
|
| |
|
|
|
| |
In some situations we expect strongswan.conf to not exist, for instance,
when running the unit tests before installation.
|
| |
|
|
| |
Also adds several missing ones.
|
| |\
| |
| |
| |
| |
| | |
Adds AEAD support to the TLS stack, currently supporting AES-GCM. Brings fixes
for TLS record fragmentation, enforcing TLS versions < 1.2 and proper signature
scheme support indication.
|
| | | |
|
| | |
| |
| |
| |
| | |
It is important to have them mapped correctly, as we use these official TLS
identifiers to configure specific TLS suites.
|
| | |
| |
| |
| |
| |
| | |
While a hardcoded 1.2 version is fine when we offer that in Client Hello, we
should include the actually offered version if it has been reduced before
starting the exchange.
|
| | |
| |
| |
| |
| |
| | |
Fixes fragment reassembling if a buffer contains more than one record, but
the last record contains a partial TLS record header. Thanks to Nick Saunders
and Jamil Nimeh for identifying this issue and providing a fix for it.
|
| | | |
|
| | |
| |
| |
| |
| | |
Additionally, we now query plugin features to find out what schemes we exactly
support.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
To better separate the code path for different TLS versions and modes of
operation, we introduce a TLS AEAD abstraction. We provide three implementations
using traditional transforms, and get prepared for TLS AEAD modes.
|
| |/
|
|
|
|
|
|
|
| |
The salt, or often called implicit nonce, varies between AEAD algorithms and
their use in protocols. For IKE and ESP, GCM uses 4 bytes, while CCM uses
3 bytes. With TLS, however, AEAD mode uses 4 bytes for both GCM and CCM.
Our GCM backends currently support 4 bytes and CCM 3 bytes only. This is fine
until we go for CCM mode support in TLS, which requires 4 byte nonces.
|
| |
|
|
|
| |
Works around issues related to system time changes and kernel backends using
that system time, such as Linux XFRM.
|
| |
|
|
| |
Fixes evaluation of ikev2/ocsp-untrusted-cert.
|
| |\
| |
| |
| |
| |
| |
| | |
Limits cached OCSP verification to responses signed by the CA, a directly
delegated signer or a pre-installed OCSP responder certificate. Disables
auth config merge for revocation trust-chain strength checkin, as it breaks
CA constraints in some scenarios.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To avoid considering each cached OCSP response and evaluating its trustchain,
we limit the certificates considered for OCSP signing to:
- The issuing CA of the checked certificate
- A directly delegated signer by the same CA, having the OCSP signer constraint
- Any locally installed (trusted) certificate having the OCSP signer constraint
The first two options cover the requirements from RFC 6960 2.6. For
compatibility with non-conforming CAs, we allow the third option as exception,
but require the installation of such certificates locally.
|
| |/
|
|
|
|
|
|
|
|
| |
This behavior was introduced with 6840a6fb to avoid key/signature strength
checking for the revocation trustchain as we do it for end entity certificates.
Unfortunately this breaks CA constraint checking under certain conditions, as
we merge additional intermediate/CA certificates to the auth config.
As key/signature strength checking of the revocation trustchain is a rather
exotic requirement we drop support for that to properly enforce CA constraints.
|
| |
|
|
|
| |
This allows using const strings etc. for lookups without cast. And keys
are not modifiable anyway.
|
| |
|
|
|
| |
Simply using the pointer is not optimal for our hash table
implementation, which simply masks the key to determine the bucket.
|
| | |
|
| |
|
|
|
| |
More specific decoders might still be needed, but the x509
plugin should not care which ones.
|
| | |
|
| |
|
|
|
|
| |
accouting updates
Fixes #528.
|
| |
|
|
| |
Fixes #533.
|
| |
|
|
|
|
|
|
| |
The DH transform is optional for ESP/AH proposals. The initiator can
include NONE (0) in its proposal to indicate that while it prefers to
do a DH exchange, the responder may still decide to not do so.
Fixes #532.
|
| |
|
|
|
| |
For the config snippets the options are now explicitly ordered before
subsections.
|
| |\
| |
| |
| |
| |
| |
| | |
(Re-)Introduces X.509 Attribute Certificate support in IKE, and cleans up the
x509 AC parser/generator. ACs may be stored locally or exchanged in IKEv2
CERT payloads, Attribute Authorities must be installed locally. pki --acert
issues Attribute Certificates and replaces the removed openac utility.
|
| | | |
|
| | |
| |
| |
| | |
The same functionality is now provided by the pki --acert subcommand.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
