aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/stroke/stroke_cred.c
Commit message (Collapse)AuthorAgeFilesLines
* stroke: Allow specifying the ipsec.secrets location in strongswan.confShea Levy2014-10-021-2/+10
|
* stroke: Use thread-safe dirname(3)Tobias Brunner2014-02-241-6/+4
|
* stroke: Use dirname(3) correctlyTobias Brunner2014-02-241-5/+5
|
* libcharon: Use lib->ns instead of charon->nameTobias Brunner2014-02-121-1/+1
|
* stroke: Use chunk_map() instead of non-portable mmap()Martin Willi2014-01-231-30/+6
|
* chunk: Externalize error reporting in chunk_write()Martin Willi2014-01-231-1/+10
| | | | | This avoids passing that arbitrary label just for error messages, and gives greater flexibility in handling errors.
* stroke: Add certificates extracted from PKCS#12 files to correct credential setTobias Brunner2013-07-151-4/+4
| | | | | Only keys and shared secrets are moved from the temporary credential set after loading all secrets.
* Use strpfx() helper where appropriateTobias Brunner2013-07-081-7/+6
|
* stroke: Add second password if providedTobias Brunner2013-05-081-0/+13
|
* stroke: Fail silently if another builder calls PW callback after giving upTobias Brunner2013-05-081-9/+14
| | | | Also reduced the number of tries to 3.
* stroke: Cache passwords so the user is not prompted multiple times for the ↵Tobias Brunner2013-05-081-1/+13
| | | | | | | | | | same password To verify/decrypt a PKCS#12 container a password might be needed multiple times. If it was entered correctly we don't want to bother the user again with another password prompt. The passwords for MAC creation and encryption could be different so the user might be prompted multiple times after all.
* stroke: Fix prompt and error messages in passphrase callbackTobias Brunner2013-05-081-11/+13
|
* stroke: Load credentials from PKCS#12 files (P12 token)Tobias Brunner2013-05-081-15/+92
|
* Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-071-11/+13
|
* left|rightrsasigkey accepts SSH keys but the key format has to be specified ↵Tobias Brunner2013-05-071-12/+22
| | | | | | | explicitly The default is now PKCS#1. With the dns: and ssh: prefixes other formats can be selected.
* Try to load raw keys from ipsec.conf as PKCS#1 blob firstTobias Brunner2013-05-071-5/+12
| | | | | The DNSKEY builder is quite eager and parses pretty much anything as RSA key, so this has to be done before.
* Avoid a race condition when reloading secrets from ipsec.secretsTobias Brunner2013-03-201-18/+25
| | | | | | | With the previous implementation that cleared the secrets in the active credential set and then loaded the secrets, IKE SA establishment would fail (as initiator or responder) if secrets are concurrently reloaded and the required secret was not yet loaded.
* Don't try to mmap() empty ipsec.secret filesMartin Willi2013-03-191-1/+5
|
* Use proper buffer sizes for parse_smartcard()Tobias Brunner2013-01-241-7/+10
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Use explicit, larger buffer sizes for smartcard keyids and modulesMartin Willi2012-10-241-8/+8
|
* Support loading cacert certificates in ipsec.conf ca sections from smartcardMartin Willi2012-10-241-19/+37
|
* Refactored stroke smartcard token parsing, support module and slot in ↵Martin Willi2012-10-241-62/+101
| | | | leftcert option
* Load ipsec.conf %smartcard leftcerts with pkcs11 builderMartin Willi2012-10-241-8/+20
|
* Fix leak of PINs from ipsec.secretsMartin Willi2012-10-091-1/+2
|
* Make sure first argument is an int when using %.*s to print e.g. chunksTobias Brunner2012-09-281-1/+1
|
* Use name from initialization to access settings in libcharon.Tobias Brunner2012-05-031-1/+2
| | | | Also fixes several whitespace errors.
* Merge branch 'ikev1'Martin Willi2012-05-021-4/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-201-4/+4
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| | * Added a flag to register local credential sets exclusively, disabling all othersMartin Willi2012-03-201-4/+4
| | |
* | | added support for raw RSA public keys to strokeAndreas Steffen2012-04-301-0/+73
| | |
* | | Added method to add additional shared secrets to stroke_cred_t.Tobias Brunner2012-04-171-1/+8
|/ /
* / Added an option to load CA certificates without CA basic constraint.Tobias Brunner2012-02-011-4/+34
|/ | | | | | Enabling this option treats all certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA certificates even if they do not contain a CA basic constraint.
* Added fallback to ipsec.secrets parser if glob(3) is not available.Tobias Brunner2011-10-111-11/+22
|
* Migrated stroke_cred_t to INIT/METHOD macros.Tobias Brunner2011-10-031-40/+32
|
* Cast size_t len arguments to %.*s to intMartin Willi2011-04-201-5/+6
|
* Use strncpy when reading smartcard keyids from ipsec.secrets.Tobias Brunner2011-04-191-1/+1
|
* Proper cleanup if IDs in ipsec.secrets cannot be parsed.Tobias Brunner2011-04-141-0/+2
|
* Fix compiler warnings at creation of CRL cache filenames.Tobias Brunner2011-04-141-1/+1
| | | | | | This was not really a problem because ptr is the first member of a chunk_t and it contains a null-terminated string at that point. But it's clearer this way.
* Refactored stroke_cred_t to use mem_cred_t.Tobias Brunner2010-12-031-378/+30
|
* Avoid calling globfree twice on failure.Tobias Brunner2010-12-031-1/+0
|
* Respect key types in stroke key/certificate backendMartin Willi2010-09-021-15/+24
|
* Fixed loading of secrets with IDs.Tobias Brunner2010-08-041-1/+1
| | | | | Since the ID string is manually terminated by a null character, write permission is required for the mmapped ipsec.secrets.
* Fixed loading of private keys without password.Tobias Brunner2010-08-041-1/+1
| | | | | The chunk storing the password was not correctly initialized, resulting in a segmentation fault when no password was specified in ipsec.secrets.
* Pass type of requested key in the callback credential setMartin Willi2010-08-041-1/+12
|
* Obseleted BUILD_PASSPHRASE(_CALLBACK) for private key loading, use ↵Martin Willi2010-08-041-37/+77
| | | | credential sets
* Use credential sets to load smartcard keysMartin Willi2010-08-041-29/+82
|
* Implemented a callback based credential set, currently for shared keys onlyMartin Willi2010-08-041-61/+39
|
* mmap() ipsec.secrets instead malloc(), proper error checkingMartin Willi2010-08-041-18/+30
|
* Splitted up the load_secrets() functionMartin Willi2010-08-041-263/+301
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-30 16:47:52 +0000