| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | stroke: Load general PKCS#8 private keys | Andreas Steffen | 2016-12-17 | 1 | -3/+7 |
| | | |||||
| * | Save both base and delta CRLs to disk | Andreas Steffen | 2016-10-11 | 1 | -1/+5 |
| | | |||||
| * | vici: strongswan.conf cache_crls = yes saves fetched CRLs to disk | Andreas Steffen | 2016-10-11 | 1 | -1/+5 |
| | | |||||
| * | stroke: Permanently store PINs in credential set | Tobias Brunner | 2016-06-06 | 1 | -12/+35 |
| | | | | | | | | This fixes authentication with tokens that require the PIN for every signature. Fixes #1369. | ||||
| * | stroke: Change how CA certificates are stored | Tobias Brunner | 2015-08-20 | 1 | -25/+31 |
| | | | | | | | | | | | | Since 11c14bd2f5 CA certificates referenced in ca sections were enumerated by two credential sets if they were also stored in ipsec.d/cacerts. This caused duplicate certificate requests to get sent. All CA certificates, whether loaded automatically or via a ca section, are now stored in stroke_ca_t. Certificates referenced in ca sections are now also reloaded when `ipsec rereadcacerts` is used. | ||||
| * | stroke: Combine CA certificate load methods | Tobias Brunner | 2015-08-20 | 1 | -82/+74 |
| | | | | | | Also use the right credential set for CA cert references loaded from stroke_ca_t. | ||||
| * | stroke: Atomically replace CA and AA certificates when reloading them | Tobias Brunner | 2015-08-20 | 1 | -34/+45 |
| | | | | | | Previously it was possible that certificates were not found between the time the credential sets were cleared and the certificates got readded. | ||||
| * | stroke: Serve ca section CA certificates directly, not over central CA set | Martin Willi | 2015-03-03 | 1 | -1/+1 |
| | | | | | | | | This makes these CA certificates independent from the purge issued by reread commands. Certificates loaded by CA sections can be removed through ipsec.conf update/reread, while CA certificates loaded implicitly from ipsec.d/cacerts can individually be reread using ipsec rereadcacerts. | ||||
| * | stroke: Purge existing CA/AA certificates during reread | Martin Willi | 2015-03-03 | 1 | -0/+4 |
| | | |||||
| * | stroke: Use separate credential sets for CA/AA certificates | Martin Willi | 2015-03-03 | 1 | -3/+21 |
| | | |||||
| * | stroke: Refactor load_certdir function | Martin Willi | 2015-03-03 | 1 | -108/+158 |
| | | |||||
| * | Implemented full BLISS support for IKEv2 public key authentication and the ↵ | Andreas Steffen | 2014-11-29 | 1 | -5/+18 |
| | | | | | pki tool | ||||
| * | stroke: Allow specifying the ipsec.secrets location in strongswan.conf | Shea Levy | 2014-10-02 | 1 | -2/+10 |
| | | |||||
| * | stroke: Use thread-safe dirname(3) | Tobias Brunner | 2014-02-24 | 1 | -6/+4 |
| | | |||||
| * | stroke: Use dirname(3) correctly | Tobias Brunner | 2014-02-24 | 1 | -5/+5 |
| | | |||||
| * | libcharon: Use lib->ns instead of charon->name | Tobias Brunner | 2014-02-12 | 1 | -1/+1 |
| | | |||||
| * | stroke: Use chunk_map() instead of non-portable mmap() | Martin Willi | 2014-01-23 | 1 | -30/+6 |
| | | |||||
| * | chunk: Externalize error reporting in chunk_write() | Martin Willi | 2014-01-23 | 1 | -1/+10 |
| | | | | | | This avoids passing that arbitrary label just for error messages, and gives greater flexibility in handling errors. | ||||
| * | stroke: Add certificates extracted from PKCS#12 files to correct credential set | Tobias Brunner | 2013-07-15 | 1 | -4/+4 |
| | | | | | | Only keys and shared secrets are moved from the temporary credential set after loading all secrets. | ||||
| * | Use strpfx() helper where appropriate | Tobias Brunner | 2013-07-08 | 1 | -7/+6 |
| | | |||||
| * | stroke: Add second password if provided | Tobias Brunner | 2013-05-08 | 1 | -0/+13 |
| | | |||||
| * | stroke: Fail silently if another builder calls PW callback after giving up | Tobias Brunner | 2013-05-08 | 1 | -9/+14 |
| | | | | | Also reduced the number of tries to 3. | ||||
| * | stroke: Cache passwords so the user is not prompted multiple times for the ↵ | Tobias Brunner | 2013-05-08 | 1 | -1/+13 |
| | | | | | | | | | | | same password To verify/decrypt a PKCS#12 container a password might be needed multiple times. If it was entered correctly we don't want to bother the user again with another password prompt. The passwords for MAC creation and encryption could be different so the user might be prompted multiple times after all. | ||||
| * | stroke: Fix prompt and error messages in passphrase callback | Tobias Brunner | 2013-05-08 | 1 | -11/+13 |
| | | |||||
| * | stroke: Load credentials from PKCS#12 files (P12 token) | Tobias Brunner | 2013-05-08 | 1 | -15/+92 |
| | | |||||
| * | Load any type (RSA/ECDSA) of public key via left|rightsigkey | Tobias Brunner | 2013-05-07 | 1 | -11/+13 |
| | | |||||
| * | left|rightrsasigkey accepts SSH keys but the key format has to be specified ↵ | Tobias Brunner | 2013-05-07 | 1 | -12/+22 |
| | | | | | | | | explicitly The default is now PKCS#1. With the dns: and ssh: prefixes other formats can be selected. | ||||
| * | Try to load raw keys from ipsec.conf as PKCS#1 blob first | Tobias Brunner | 2013-05-07 | 1 | -5/+12 |
| | | | | | | The DNSKEY builder is quite eager and parses pretty much anything as RSA key, so this has to be done before. | ||||
| * | Avoid a race condition when reloading secrets from ipsec.secrets | Tobias Brunner | 2013-03-20 | 1 | -18/+25 |
| | | | | | | | | With the previous implementation that cleared the secrets in the active credential set and then loaded the secrets, IKE SA establishment would fail (as initiator or responder) if secrets are concurrently reloaded and the required secret was not yet loaded. | ||||
| * | Don't try to mmap() empty ipsec.secret files | Martin Willi | 2013-03-19 | 1 | -1/+5 |
| | | |||||
| * | Use proper buffer sizes for parse_smartcard() | Tobias Brunner | 2013-01-24 | 1 | -7/+10 |
| | | |||||
| * | Moved data structures to new collections subfolder | Tobias Brunner | 2012-10-24 | 1 | -1/+1 |
| | | |||||
| * | Use explicit, larger buffer sizes for smartcard keyids and modules | Martin Willi | 2012-10-24 | 1 | -8/+8 |
| | | |||||
| * | Support loading cacert certificates in ipsec.conf ca sections from smartcard | Martin Willi | 2012-10-24 | 1 | -19/+37 |
| | | |||||
| * | Refactored stroke smartcard token parsing, support module and slot in ↵ | Martin Willi | 2012-10-24 | 1 | -62/+101 |
| | | | | | leftcert option | ||||
| * | Load ipsec.conf %smartcard leftcerts with pkcs11 builder | Martin Willi | 2012-10-24 | 1 | -8/+20 |
| | | |||||
| * | Fix leak of PINs from ipsec.secrets | Martin Willi | 2012-10-09 | 1 | -1/+2 |
| | | |||||
| * | Make sure first argument is an int when using %.*s to print e.g. chunks | Tobias Brunner | 2012-09-28 | 1 | -1/+1 |
| | | |||||
| * | Use name from initialization to access settings in libcharon. | Tobias Brunner | 2012-05-03 | 1 | -1/+2 |
| | | | | | Also fixes several whitespace errors. | ||||
| * | Merge branch 'ikev1' | Martin Willi | 2012-05-02 | 1 | -4/+4 |
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c | ||||
| | * | Merge branch 'ikev1-clean' into ikev1-master | Martin Willi | 2012-03-20 | 1 | -4/+4 |
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins. | ||||
| | | * | Added a flag to register local credential sets exclusively, disabling all others | Martin Willi | 2012-03-20 | 1 | -4/+4 |
| | | | | |||||
| * | | | added support for raw RSA public keys to stroke | Andreas Steffen | 2012-04-30 | 1 | -0/+73 |
| | | | | |||||
| * | | | Added method to add additional shared secrets to stroke_cred_t. | Tobias Brunner | 2012-04-17 | 1 | -1/+8 |
| |/ / | |||||
| * / | Added an option to load CA certificates without CA basic constraint. | Tobias Brunner | 2012-02-01 | 1 | -4/+34 |
| |/ | | | | | | Enabling this option treats all certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA certificates even if they do not contain a CA basic constraint. | ||||
| * | Added fallback to ipsec.secrets parser if glob(3) is not available. | Tobias Brunner | 2011-10-11 | 1 | -11/+22 |
| | | |||||
| * | Migrated stroke_cred_t to INIT/METHOD macros. | Tobias Brunner | 2011-10-03 | 1 | -40/+32 |
| | | |||||
| * | Cast size_t len arguments to %.*s to int | Martin Willi | 2011-04-20 | 1 | -5/+6 |
| | | |||||
| * | Use strncpy when reading smartcard keyids from ipsec.secrets. | Tobias Brunner | 2011-04-19 | 1 | -1/+1 |
| | | |||||
| * | Proper cleanup if IDs in ipsec.secrets cannot be parsed. | Tobias Brunner | 2011-04-14 | 1 | -0/+2 |
| | | |||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |