| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |\ |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
So far every "newer" CRL (higher serial or by date) replaced an existing
"older" CRL. This meant that delta CRLs replaced an existing base CRL
and that base CRLs weren't added if a delta CRL was already stored. So
the base had to be re-fetched every time after a delta CRL was added.
With this change one delta CRL to the latest base may be stored. A newer
delta CRL will replace an existing delta CRL (but not its base, older
base CRLs are removed, though). And a newer base will replace the existing
base and optional delta CRL.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
This was added a few years ago because pki --signcrl once encoded serials
incorrectly as eight byte blobs. But still ensure we have can handle
overflows in case the serial is encoded incorrectly without zero-prefix.
|
| |/
|
|
|
| |
According to RFC 5280 delta CRLs and complete CRLs MUST share one
numbering sequence.
|
| |
|
|
|
|
|
|
| |
BoringSSL only supports a limited list of (hard-coded) algorithms via
EVP_get_cipherbyname(), which does not include AES-GCM. While BoringSSL
deprecated these functions they are also supported by OpenSSL (in BoringSSL
a completely new interface for AEADs was added, which OpenSSL currently does
not support).
|
| |
|
|
| |
Fixes: 40f2589abfc8 ("gmp: Support of SHA-3 RSA signatures")
|
| |
|
|
| |
Fixes: 188b190a70c9 ("mgf1: Refactored MGF1 as an XOF")
|
| |
|
|
|
|
|
|
|
| |
In case of an empty LDAP result during a CRL fetch (for example, due to
a wrong filter attribute in the LDAP URI, or invalid LDAP configuration),
the call to ldap_result2error() with NULL value for "entry" lead to
a crash.
Closes strongswan/strongswan#52.
|
| | |
|
| |
|
|
|
|
|
|
| |
one retransmit
The counter is already increased when sending the original message.
Fixes: bd71ba0ffb03 ("task-manager: Add retransmit cleared alert")
|
| |\
| |
| |
| |
| |
| |
| |
| | |
Adds checks for proposals parsed from strings. For instance, the presence
of DH, PRF and encryption algorithms for IKE are now enforced and AEAD and
regular encryption algorithms are not allowed in the same proposal anymore.
Also fixed is the mapping of the aes*gmac keywords to an integrity algorithm
in AH proposals.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
We parse aes*gmac as encryption algorithm, which we have to map to an
integrity algorithm. We also make sure we remove all other encryption
algorithms and ensure there is an integrity algorithm.
|
| | | |
|
| | |
| |
| |
| | |
But filter PRFs from ESP proposals.
|
| | |
| |
| |
| | |
References #2051.
|
| |/
|
|
| |
Fixes #2051.
|
| |
|
|
| |
No default keys are generated anymore.
|
| | |
|
| |\
| |
| |
| |
| |
| |
| |
| | |
Adds the ability to parse KEY_ANY keys via the pkcs1 and openssl plugins.
This is then used in the pki utility, where private keys may now be
loaded via `priv` keyword instead of having to specify the type of the key
explicitly. And swanctl can load any type of key from the swanctl/private
directory.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
We try to detect the type of key by parsing the basic structure of the
passed ASN.1 blob.
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
| |
If a responder is natted it will usually be a static NAT (unless it's a
mediated connection) in which case adding these notifies makes not much
sense (if the initiator's NAT mapping had changed the responder wouldn't
be able to reach it anyway). It's also problematic as some clients refuse
to respond to DPDs if they contain such notifies.
Fixes #2126.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
charon-nm fails to find the private key when its CKA_ID doesn't match the
subjectKeyIdentifier of the X.509 certificate. In such cases, the private
key builder now falls back to enumerating all the certificates, looking for
one that matches the supplied subjectKeyIdentifier. It then uses the CKA_ID
of that certificate to find the corresponding private key.
It effectively means that PKCS#11 tokens where the only identifier to relate
the certificate, the public key, and the private key is the CKA_ID are now
supported by charon-nm.
Fixes #490.
|
| | |
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Sends a DELETE when rekeyed IKE_SAs are deleted. This fixes issues with
peers (e.g. Cisco) that continue to send DPDs on the old SA and then
delete all SAs if no response is received. But since the DELETE could get
dropped this might not fix the issue in all cases.
Also, when terminating an IKE_SA DELETES for all CHILD_SAs are now sent
before sending one for the IKE_SA and destroying it.
Fixes #2090.
|
| | |
| |
| |
| | |
It does not have any CHILD_SAs attached at that point.
|
| | |
| |
| |
| |
| | |
After the ISAKMP_DELETE task has been executed the IKE_SA is destroyed
so we wouldn't be able to send deletes for the Quick Mode SAs.
|
| |/
|
|
|
|
| |
If we silently delete the IKE_SA the other peer might still use it even
if only to send DPDs. If we don't answer to DPDs that might result in the
deletion of the new IKE_SA too.
|
| | |
|
| | |
|
| |
|
|
|
| |
Since the FD set could get rebuilt quite often this change avoids having
to allocate memory just to enumerate the registered FDs.
|
| |\
| |
| |
| |
| | |
This enables IKE fragmentation by default. And also increases the
default fragment size to 1280 bytes (the default for IPv6).
|
| | | |
|
| | | |
|
| |/
|
|
|
|
| |
This is the minimum size an IPv6 implementation must support. This makes
it the default for IPv4 too, which presumably is also generally routable
(otherwise, setting this to 0 falls back to the minimum of 576 for IPv4).
|
| |\
| |
| |
| |
| | |
Adds new listener hooks that work similar to the existing ike|child_keys
hooks but receive the derived IKE and CHILD_SA keys.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
