aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/credentials
Commit message (Collapse)AuthorAgeFilesLines
...
* Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiatorTobias Brunner2012-09-182-0/+26
| | | | | | If it is set on an auth config IDr will not be sent, and later the configured identity will not only be checked against the returned IDr, but also against other identities contained in the responder's certificate.
* Comment fixedTobias Brunner2012-08-131-1/+1
|
* Show which group would be required when failing in constraint checkMartin Willi2012-07-261-8/+10
|
* Add an option to disable libstrongswan certificate cachingMartin Willi2012-07-091-18/+29
|
* Support multiple different public key strength types in constraintsMartin Willi2012-06-121-41/+38
|
* Add signature schemes to auth_cfg during trustchain validationMartin Willi2012-06-124-17/+43
|
* certificate_t->issued_by takes an argument to receive signature schemeMartin Willi2012-06-122-2/+4
|
* Define auth_cfg rules for signature schemesMartin Willi2012-06-122-0/+53
|
* Merge branch 'ikev1'Martin Willi2012-05-025-42/+142
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-205-42/+140
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| | * Accept NULL auth_cfg_t passed to credential_manager_t.get_private()Martin Willi2012-03-201-26/+32
| | |
| | * Fixed create_shared_enumerator method descriptionMartin Willi2012-03-201-1/+1
| | |
| | * Added a flag to register local credential sets exclusively, disabling all othersMartin Willi2012-03-202-16/+72
| | |
| | * Added support for iKEIntermediate X.509 extended key usage flag.Tobias Brunner2012-03-201-0/+2
| | | | | | | | | | | | Mac OS X requires server certificates to have this flag set.
| | * Some whitespace fixes.Tobias Brunner2012-03-201-4/+4
| | |
| | * Added an XAUTH identity to use or require for XAuth authenticationMartin Willi2012-03-202-0/+11
| | |
| | * Stop checking once a key size constraint is not fulfilledMartin Willi2012-03-201-0/+3
| | |
| | * Free list after removing the last local credential set, fixes a leak reportMartin Willi2012-03-201-0/+5
| | |
| | * Added missing XAuth auth_class enum nameMartin Willi2012-03-201-1/+2
| | |
| | * Added auth_cfg option to select XAUTH backend to useMartin Willi2012-03-202-0/+12
| | |
| | * Use a second authentication config to configure XAUTH authenticationMartin Willi2012-03-201-4/+2
| | |
| | * Map auth_class to auth method and IKEv1 proposal attributeMartin Willi2012-03-201-0/+2
| | |
| | * IKEv1 XAUTH: Added ability to configure XAUTH+PSK. Added task to handle ↵Clavister OpenSource2012-03-201-0/+2
| | | | | | | | | | | | XAUTH requests. Modified task_manager_v1 to enable it to initiate new tasks immediately after finishing a response.
* | | Removed auth_cfg_t.replace_value() and replaced usages with add().Tobias Brunner2012-04-182-76/+35
| | | | | | | | | | | | | | | replace_value() was used to replace identities. Since for these the latest is now returned by get(), adding the new identity with add() is sufficient.
* | | Changed the order and semantics of rules we expect only once in auth_cfg_t.Tobias Brunner2012-04-182-114/+212
| | | | | | | | | | | | | | | | | | | | | These rules are now inserted at the front of the internal list, this allows to retrieve the rule added last with get(). For other rules the order in which they are added is maintained (this allows to properly enumerate them).
* | | Added a simple method to replace the value of a rule in auth_cfg_t.Tobias Brunner2012-04-162-32/+74
|/ /
* | Add builder part for parameters from algorithmIdentifier.Tobias Brunner2012-02-012-1/+4
| |
* | Fixed additional typos in comments and log messages.Tobias Brunner2012-01-121-1/+1
| |
* | Fix whitespacesAdrian-Ken Rueegsegger2012-01-121-4/+4
| |
* | Some documentation correctionsAdrian-Ken Rueegsegger2012-01-128-33/+32
| |
* | Reverse the changes made to openssl plugin for signature verificationSansar Choinyambuu2011-11-282-3/+0
| |
* | use openssl rsa_verify functionSansar Choinyambuu2011-11-282-0/+3
| |
* | Reverse the changes made to openssl plugin for signature verificationSansar Choinyambuu2011-11-282-3/+0
| |
* | use openssl rsa_verify functionSansar Choinyambuu2011-11-282-0/+3
| |
* | Fixed missing initializer compiler warning.Tobias Brunner2011-11-251-2/+2
| |
* | Fixed compiler warnings regarding enum comparison.Tobias Brunner2011-11-251-3/+3
|/ | | | | | | | | Warnings like comparison of unsigned expression < 0 is always false are reported with -Wextra when enum types that are compiled to an unsigned type (which is up to the compiler) are checked for negativity.
* Handle certificates being on hold in a CRLThomas Egerer2011-11-042-0/+3
| | | | | | | Certificates which are set on hold in a CRL might be removed from any subsequent CRL. Hence you cannot conclude that a certificate is revoked for good in this case, you would try to retrieve an update CRL to see if the certificate on hold is still on it or not.
* Include KEY_ANY in key_type_namesMartin Willi2011-10-141-1/+2
|
* Migrated cred_encoding to INIT/METHOD macrosAndreas Steffen2011-10-021-36/+28
|
* Migrated auth_cfg to INIT/METHOD macrosAndreas Steffen2011-10-021-40/+30
|
* Migrated ietf_attributes to INIT/METHOD macrosAndreas Steffen2011-09-291-40/+42
|
* Migrated shared_key to INIT/METHOD macrosAndreas Steffen2011-09-291-26/+21
|
* Migrated auth_cfg_wrapper to INIT/METHOD macrosAndreas Steffen2011-09-291-20/+19
|
* Migrated cert_cache to INIT/METHOD macrosAndreas Steffen2011-09-291-28/+24
|
* Migrated ocsp_response_wrapper to INIT/METHOD macrosAndreas Steffen2011-09-291-20/+20
|
* fixed typoAndreas Steffen2011-09-081-1/+1
|
* Remove obsolete values from builder_part_namesThomas Egerer2011-09-021-2/+0
| | | | | Adds removal of builder parts obsoleted with git commit 15177f5785bcec6700f2a1a698cd8392c9bba5e9.
* Added missing auth_rule_namesMartin Willi2011-08-221-1/+6
|
* Moved auth_rule_names back to auth_cfg.cMartin Willi2011-08-221-0/+18
|
* Readded docs for some arguments to global functions.Tobias Brunner2011-07-214-11/+17
| | | | Those were overzealously removed in 28623fc5389829858c78c759a214aa5c64ea26c6.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-01 18:05:26 +0000