aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/credentials
Commit message (Collapse)AuthorAgeFilesLines
* Encode RSA public keys in RFC 3110 DNSKEY formatAndreas Steffen2013-02-191-0/+2
|
* Fix doxygen grouping regarding containers and PKCS#7Martin Willi2012-12-191-4/+4
|
* Allocate data returned by pkcs7_t.get_attribute()Martin Willi2012-12-191-1/+4
|
* Fix enum names for container_type_tMartin Willi2012-12-191-1/+1
|
* Add an enumerator for PKCS#7 contained certificatesMartin Willi2012-12-191-0/+7
|
* Add a getter for signed PKCS#7 attributesMartin Willi2012-12-191-0/+14
|
* Add builder parts to generate PKCS#7 containersMartin Willi2012-12-192-1/+10
|
* Add a generic interface for crypto containers and a more specific PKCS#7 ↵Martin Willi2012-12-195-5/+176
| | | | interface
* allow the optional sharing if RSA private keysAndreas Steffen2012-11-222-0/+6
|
* implemented generation of safe primesAndreas Steffen2012-11-182-0/+3
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-246-6/+6
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-2413-14/+14
|
* Fix equality comparison of auth_cfg_tTobias Brunner2012-09-181-2/+16
| | | | | | | We previously only confirmed that rules contained in the first config are also contained in the second, but since the number of rules does not have to be equal, it might be that the second config contains rules that the first one doesn't.
* Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiatorTobias Brunner2012-09-182-0/+26
| | | | | | If it is set on an auth config IDr will not be sent, and later the configured identity will not only be checked against the returned IDr, but also against other identities contained in the responder's certificate.
* Comment fixedTobias Brunner2012-08-131-1/+1
|
* Show which group would be required when failing in constraint checkMartin Willi2012-07-261-8/+10
|
* Add an option to disable libstrongswan certificate cachingMartin Willi2012-07-091-18/+29
|
* Support multiple different public key strength types in constraintsMartin Willi2012-06-121-41/+38
|
* Add signature schemes to auth_cfg during trustchain validationMartin Willi2012-06-124-17/+43
|
* certificate_t->issued_by takes an argument to receive signature schemeMartin Willi2012-06-122-2/+4
|
* Define auth_cfg rules for signature schemesMartin Willi2012-06-122-0/+53
|
* Merge branch 'ikev1'Martin Willi2012-05-025-42/+142
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-205-42/+140
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| | * Accept NULL auth_cfg_t passed to credential_manager_t.get_private()Martin Willi2012-03-201-26/+32
| | |
| | * Fixed create_shared_enumerator method descriptionMartin Willi2012-03-201-1/+1
| | |
| | * Added a flag to register local credential sets exclusively, disabling all othersMartin Willi2012-03-202-16/+72
| | |
| | * Added support for iKEIntermediate X.509 extended key usage flag.Tobias Brunner2012-03-201-0/+2
| | | | | | | | | | | | Mac OS X requires server certificates to have this flag set.
| | * Some whitespace fixes.Tobias Brunner2012-03-201-4/+4
| | |
| | * Added an XAUTH identity to use or require for XAuth authenticationMartin Willi2012-03-202-0/+11
| | |
| | * Stop checking once a key size constraint is not fulfilledMartin Willi2012-03-201-0/+3
| | |
| | * Free list after removing the last local credential set, fixes a leak reportMartin Willi2012-03-201-0/+5
| | |
| | * Added missing XAuth auth_class enum nameMartin Willi2012-03-201-1/+2
| | |
| | * Added auth_cfg option to select XAUTH backend to useMartin Willi2012-03-202-0/+12
| | |
| | * Use a second authentication config to configure XAUTH authenticationMartin Willi2012-03-201-4/+2
| | |
| | * Map auth_class to auth method and IKEv1 proposal attributeMartin Willi2012-03-201-0/+2
| | |
| | * IKEv1 XAUTH: Added ability to configure XAUTH+PSK. Added task to handle ↵Clavister OpenSource2012-03-201-0/+2
| | | | | | | | | | | | XAUTH requests. Modified task_manager_v1 to enable it to initiate new tasks immediately after finishing a response.
* | | Removed auth_cfg_t.replace_value() and replaced usages with add().Tobias Brunner2012-04-182-76/+35
| | | | | | | | | | | | | | | replace_value() was used to replace identities. Since for these the latest is now returned by get(), adding the new identity with add() is sufficient.
* | | Changed the order and semantics of rules we expect only once in auth_cfg_t.Tobias Brunner2012-04-182-114/+212
| | | | | | | | | | | | | | | | | | | | | These rules are now inserted at the front of the internal list, this allows to retrieve the rule added last with get(). For other rules the order in which they are added is maintained (this allows to properly enumerate them).
* | | Added a simple method to replace the value of a rule in auth_cfg_t.Tobias Brunner2012-04-162-32/+74
|/ /
* | Add builder part for parameters from algorithmIdentifier.Tobias Brunner2012-02-012-1/+4
| |
* | Fixed additional typos in comments and log messages.Tobias Brunner2012-01-121-1/+1
| |
* | Fix whitespacesAdrian-Ken Rueegsegger2012-01-121-4/+4
| |
* | Some documentation correctionsAdrian-Ken Rueegsegger2012-01-128-33/+32
| |
* | Reverse the changes made to openssl plugin for signature verificationSansar Choinyambuu2011-11-282-3/+0
| |
* | use openssl rsa_verify functionSansar Choinyambuu2011-11-282-0/+3
| |
* | Reverse the changes made to openssl plugin for signature verificationSansar Choinyambuu2011-11-282-3/+0
| |
* | use openssl rsa_verify functionSansar Choinyambuu2011-11-282-0/+3
| |
* | Fixed missing initializer compiler warning.Tobias Brunner2011-11-251-2/+2
| |
* | Fixed compiler warnings regarding enum comparison.Tobias Brunner2011-11-251-3/+3
|/ | | | | | | | | Warnings like comparison of unsigned expression < 0 is always false are reported with -Wextra when enum types that are compiled to an unsigned type (which is up to the compiler) are checked for negativity.
* Handle certificates being on hold in a CRLThomas Egerer2011-11-042-0/+3
| | | | | | | Certificates which are set on hold in a CRL might be removed from any subsequent CRL. Hence you cannot conclude that a certificate is revoked for good in this case, you would try to retrieve an update CRL to see if the certificate on hold is still on it or not.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 07:08:12 +0000