aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/credentials
Commit message (Collapse)AuthorAgeFilesLines
* lib: All settings use configured namespaceTobias Brunner2014-02-121-1/+1
|
* pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOBTobias Brunner2013-10-232-3/+0
| | | | This allows more than one builder to try parsing the data read from STDIN.
* sshkey: Add encoder for RSA keysTobias Brunner2013-09-131-0/+2
|
* Fix various API doc issues and typosTobias Brunner2013-07-181-1/+1
| | | | Partially based on an old patch by Adrian-Ken Rueegsegger.
* credmgr: introduce a hook function to catch trust chain validation errorsMartin Willi2013-07-183-6/+96
|
* credmgr: stop querying for secrets once we get a perfect matchMartin Willi2013-07-181-0/+4
|
* credmgr: don't use pointers for id_match_t enum valuesMartin Willi2013-07-181-2/+2
|
* auth-cfg: use array instead of linked listMartin Willi2013-07-171-35/+26
| | | | Saves another 4 linked lists (1KB) per IKE_SA
* Remove pluto specific certificate typesTobias Brunner2013-05-082-8/+1
|
* Add pkcs12 plugin which adds support for decoding PKCS#12 containersTobias Brunner2013-05-083-1/+31
|
* Add support for PKCS#7/CMS encrypted-dataTobias Brunner2013-05-082-5/+11
|
* Move PKCS#12 key derivation to a separate fileTobias Brunner2013-05-082-0/+224
|
* sshkey: Added builder for SSHKEY RSA keysTobias Brunner2013-05-072-0/+3
|
* Add a method to replace all secrets in a mem_cred_t objectTobias Brunner2013-03-202-5/+68
|
* Merge branch 'multi-cert'Martin Willi2013-03-012-12/+77
|\ | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * After merging the used trustchain with config, move used certificate to frontMartin Willi2013-01-181-0/+24
| |
| * Try to build a trustchain for all configured certificates before enforcing oneMartin Willi2013-01-181-1/+29
| | | | | | | | | | This enables the daemon to select from multiple configured certificates by building trustchains against the received certificate requests.
| * Make AUTH_RULE_SUBJECT cert multi-valuedMartin Willi2013-01-181-11/+24
| | | | | | | | | | Constraints having multiple subject certs defined are fulfilled if authentication used one of the listed certificates.
* | Merge branch 'systime'Martin Willi2013-03-012-10/+69
|\ \ | | | | | | | | | | | | | | | Add a systime-fix plugin allowing an embedded system to validate certificates if the system time has not been synchronized after boot. Certificates of established tunnels can be re-validated after the system time gets valid.
| * | Add a cert_validator hook allowing plugins to provide custom lifetime checkingMartin Willi2013-02-192-10/+64
| | |
| * | Make cert_validator_t.validate optional to implementMartin Willi2013-02-192-0/+5
| |/
* | Fix auth_cfg_t.clone() for single-valued auth rulesTobias Brunner2013-02-281-10/+11
| | | | | | | | | | | | | | | | | | | | By using the default list enumerator and adding the rules with the public add() method, clones of auth_cfg_t objects would return the values for single-valued auth rules in the wrong order (i.e. the oldest instead of the newest value was returned). Using the internal enumerator (which the comment already suggested) fixes this, but the clone will not be a full clone as it does not contain any old values for single-valued auth rules. Since these will never be used anyway, this should be fine.
* | Encode RSA public keys in RFC 3110 DNSKEY formatAndreas Steffen2013-02-191-0/+2
|/
* Fix doxygen grouping regarding containers and PKCS#7Martin Willi2012-12-191-4/+4
|
* Allocate data returned by pkcs7_t.get_attribute()Martin Willi2012-12-191-1/+4
|
* Fix enum names for container_type_tMartin Willi2012-12-191-1/+1
|
* Add an enumerator for PKCS#7 contained certificatesMartin Willi2012-12-191-0/+7
|
* Add a getter for signed PKCS#7 attributesMartin Willi2012-12-191-0/+14
|
* Add builder parts to generate PKCS#7 containersMartin Willi2012-12-192-1/+10
|
* Add a generic interface for crypto containers and a more specific PKCS#7 ↵Martin Willi2012-12-195-5/+176
| | | | interface
* allow the optional sharing if RSA private keysAndreas Steffen2012-11-222-0/+6
|
* implemented generation of safe primesAndreas Steffen2012-11-182-0/+3
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-246-6/+6
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-2413-14/+14
|
* Fix equality comparison of auth_cfg_tTobias Brunner2012-09-181-2/+16
| | | | | | | We previously only confirmed that rules contained in the first config are also contained in the second, but since the number of rules does not have to be equal, it might be that the second config contains rules that the first one doesn't.
* Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiatorTobias Brunner2012-09-182-0/+26
| | | | | | If it is set on an auth config IDr will not be sent, and later the configured identity will not only be checked against the returned IDr, but also against other identities contained in the responder's certificate.
* Comment fixedTobias Brunner2012-08-131-1/+1
|
* Show which group would be required when failing in constraint checkMartin Willi2012-07-261-8/+10
|
* Add an option to disable libstrongswan certificate cachingMartin Willi2012-07-091-18/+29
|
* Support multiple different public key strength types in constraintsMartin Willi2012-06-121-41/+38
|
* Add signature schemes to auth_cfg during trustchain validationMartin Willi2012-06-124-17/+43
|
* certificate_t->issued_by takes an argument to receive signature schemeMartin Willi2012-06-122-2/+4
|
* Define auth_cfg rules for signature schemesMartin Willi2012-06-122-0/+53
|
* Merge branch 'ikev1'Martin Willi2012-05-025-42/+142
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-205-42/+140
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| | * Accept NULL auth_cfg_t passed to credential_manager_t.get_private()Martin Willi2012-03-201-26/+32
| | |
| | * Fixed create_shared_enumerator method descriptionMartin Willi2012-03-201-1/+1
| | |
| | * Added a flag to register local credential sets exclusively, disabling all othersMartin Willi2012-03-202-16/+72
| | |
| | * Added support for iKEIntermediate X.509 extended key usage flag.Tobias Brunner2012-03-201-0/+2
| | | | | | | | | | | | Mac OS X requires server certificates to have this flag set.
| | * Some whitespace fixes.Tobias Brunner2012-03-201-4/+4
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 15:14:44 +0000