aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/credentials/auth_cfg.c
Commit message (Collapse)AuthorAgeFilesLines
* auth-cfg: use array instead of linked listMartin Willi2013-07-171-35/+26
| | | | Saves another 4 linked lists (1KB) per IKE_SA
* Merge branch 'multi-cert'Martin Willi2013-03-011-11/+24
|\ | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * Make AUTH_RULE_SUBJECT cert multi-valuedMartin Willi2013-01-181-11/+24
| | | | | | | | | | Constraints having multiple subject certs defined are fulfilled if authentication used one of the listed certificates.
* | Fix auth_cfg_t.clone() for single-valued auth rulesTobias Brunner2013-02-281-10/+11
|/ | | | | | | | | | By using the default list enumerator and adding the rules with the public add() method, clones of auth_cfg_t objects would return the values for single-valued auth rules in the wrong order (i.e. the oldest instead of the newest value was returned). Using the internal enumerator (which the comment already suggested) fixes this, but the clone will not be a full clone as it does not contain any old values for single-valued auth rules. Since these will never be used anyway, this should be fine.
* Moved debug.[ch] to utils folderTobias Brunner2012-10-241-1/+1
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Fix equality comparison of auth_cfg_tTobias Brunner2012-09-181-2/+16
| | | | | | | We previously only confirmed that rules contained in the first config are also contained in the second, but since the number of rules does not have to be equal, it might be that the second config contains rules that the first one doesn't.
* Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiatorTobias Brunner2012-09-181-0/+23
| | | | | | If it is set on an auth config IDr will not be sent, and later the configured identity will not only be checked against the returned IDr, but also against other identities contained in the responder's certificate.
* Show which group would be required when failing in constraint checkMartin Willi2012-07-261-8/+10
|
* Support multiple different public key strength types in constraintsMartin Willi2012-06-121-41/+38
|
* Define auth_cfg rules for signature schemesMartin Willi2012-06-121-0/+51
|
* Merge branch 'ikev1'Martin Willi2012-05-021-1/+26
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Added an XAUTH identity to use or require for XAuth authenticationMartin Willi2012-03-201-0/+9
| |
| * Stop checking once a key size constraint is not fulfilledMartin Willi2012-03-201-0/+3
| |
| * Added missing XAuth auth_class enum nameMartin Willi2012-03-201-1/+2
| |
| * Added auth_cfg option to select XAUTH backend to useMartin Willi2012-03-201-0/+10
| |
* | Removed auth_cfg_t.replace_value() and replaced usages with add().Tobias Brunner2012-04-181-67/+35
| | | | | | | | | | replace_value() was used to replace identities. Since for these the latest is now returned by get(), adding the new identity with add() is sufficient.
* | Changed the order and semantics of rules we expect only once in auth_cfg_t.Tobias Brunner2012-04-181-113/+194
| | | | | | | | | | | | | | These rules are now inserted at the front of the internal list, this allows to retrieve the rule added last with get(). For other rules the order in which they are added is maintained (this allows to properly enumerate them).
* | Added a simple method to replace the value of a rule in auth_cfg_t.Tobias Brunner2012-04-161-31/+64
|/
* Migrated auth_cfg to INIT/METHOD macrosAndreas Steffen2011-10-021-40/+30
|
* Added missing auth_rule_namesMartin Willi2011-08-221-1/+6
|
* Moved auth_rule_names back to auth_cfg.cMartin Willi2011-08-221-0/+18
|
* Added an AUTH_HELPER for revocation certificatesMartin Willi2011-01-051-0/+8
|
* Added a certificate policy OID auth_cfg constraintMartin Willi2011-01-051-0/+29
|
* Key strength checking stores all key sizes in auth_cfg, verifies all in ↵Martin Willi2011-01-051-32/+68
| | | | complies()
* Added key strength constraints for RSA or ECDSA trustchainsMartin Willi2011-01-051-0/+28
|
* Added an AAA identity authentication config optionMartin Willi2010-08-311-0/+8
|
* Moved EAP type/code definitions to a seprate header file in libstrongswanMartin Willi2010-08-311-101/+1
|
* defined EAP-TNCAndreas Steffen2010-08-301-2/+7
|
* moved eap_from_string() fomr libcharon to libstrongswan to make it available ↵Andreas Steffen2010-08-131-0/+32
| | | | in starter
* added TTLS to EAP short names, tooAndreas Steffen2010-08-061-1/+3
|
* added EAP_TTLS methodAndreas Steffen2010-08-051-1/+3
|
* Moved eap-tls plugin to libcharon, updated to 4.4.1 APIsMartin Willi2010-08-031-1/+3
|
* Added EAP-TLS plugin stubMartin Willi2010-08-031-1/+3
|
* Moved credential manager to libstrongswanMartin Willi2010-07-131-0/+830
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 23:59:55 +0000