aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/credentials/credential_manager.c
Commit message (Collapse)AuthorAgeFilesLines
* credential-manager: Check cache queue when destroying trusted certificate ↵Tobias Brunner2016-03-101-1/+2
| | | | | | | | | | enumerator We already do this in the trusted public key enumerator (which internally uses the trusted certificate enumerator) but should do so also when this enumerator is used directly (since the public key enumerator has the read lock the additional call will just be skipped there).
* credential-manager: Make online revocation checks optional for public key ↵Tobias Brunner2016-03-101-2/+3
| | | | enumerator
* credential-manager: Store BLISS key strength in auth configTobias Brunner2015-03-041-0/+3
|
* credmgr: Fix copy and paste error in add_validatorThomas Egerer2014-08-291-1/+1
| | | | | | | | | This won't hurt as long as sets and validators are of the same class. But as soon as one of the object's class is changed this will cause either a compile error (best option), or result (most likely) in a crash. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* lib: All settings use configured namespaceTobias Brunner2014-02-121-1/+1
|
* credmgr: introduce a hook function to catch trust chain validation errorsMartin Willi2013-07-181-6/+39
|
* credmgr: stop querying for secrets once we get a perfect matchMartin Willi2013-07-181-0/+4
|
* credmgr: don't use pointers for id_match_t enum valuesMartin Willi2013-07-181-2/+2
|
* Merge branch 'multi-cert'Martin Willi2013-03-011-1/+53
|\ | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * After merging the used trustchain with config, move used certificate to frontMartin Willi2013-01-181-0/+24
| |
| * Try to build a trustchain for all configured certificates before enforcing oneMartin Willi2013-01-181-1/+29
| | | | | | | | | | This enables the daemon to select from multiple configured certificates by building trustchains against the received certificate requests.
* | Add a cert_validator hook allowing plugins to provide custom lifetime checkingMartin Willi2013-02-191-10/+48
| |
* | Make cert_validator_t.validate optional to implementMartin Willi2013-02-191-0/+4
|/
* Moved debug.[ch] to utils folderTobias Brunner2012-10-241-1/+1
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Add an option to disable libstrongswan certificate cachingMartin Willi2012-07-091-18/+29
|
* Add signature schemes to auth_cfg during trustchain validationMartin Willi2012-06-121-10/+14
|
* Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-201-39/+102
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| * Accept NULL auth_cfg_t passed to credential_manager_t.get_private()Martin Willi2012-03-201-26/+32
| |
| * Added a flag to register local credential sets exclusively, disabling all othersMartin Willi2012-03-201-15/+67
| |
| * Free list after removing the last local credential set, fixes a leak reportMartin Willi2012-03-201-0/+5
| |
* | Some documentation correctionsAdrian-Ken Rueegsegger2012-01-121-2/+2
|/
* Add missing AUTH_RULE for trusted self-signed peer certificatesMartin Willi2011-02-011-0/+5
|
* Verify trustchain for each candidate certificate only onceMartin Willi2011-01-051-0/+19
|
* Include subject cert to temporary auth info before completing trustchainMartin Willi2011-01-051-4/+1
|
* Pass an additional anchor flag to validate() hook if we reach the root CAMartin Willi2011-01-051-4/+5
|
* Always pass auth info to validate(), use pathlen to check for user certificateMartin Willi2011-01-051-2/+1
|
* Moved X509 pathlen constraint checking to constraints pluginMartin Willi2011-01-051-17/+0
|
* Key strength checking stores all key sizes in auth_cfg, verifies all in ↵Martin Willi2011-01-051-43/+16
| | | | complies()
* Added key strength constraints for RSA or ECDSA trustchainsMartin Willi2011-01-051-0/+65
|
* Build a trustchain even if no trust anchor is givenMartin Willi2010-08-231-14/+23
|
* Fixed compiler warnings.Tobias Brunner2010-08-031-2/+4
|
* Renamed key_encod{ing,der}_t and constants, prepare for generic credential ↵Martin Willi2010-07-131-1/+1
| | | | encoding
* Moved CRL/OCSP checking to a dedicated plugin called revocationMartin Willi2010-07-131-531/+0
|
* Made some useful methods in the credential manager publicMartin Willi2010-07-131-15/+18
|
* Moved X509 addrBlock validation to a separate addrblock pluginMartin Willi2010-07-131-59/+0
|
* Added a certificate validation hook to the credential managerMartin Willi2010-07-131-0/+39
|
* Migrated credential manager to INIT/METHOD macrosMartin Willi2010-07-131-161/+127
|
* Moved credential manager to libstrongswanMartin Willi2010-07-131-0/+1679
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-24 04:27:55 +0000