aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/credentials
Commit message (Collapse)AuthorAgeFilesLines
...
* | Merge branch 'systime'Martin Willi2013-03-012-10/+69
|\ \ | | | | | | | | | | | | | | | Add a systime-fix plugin allowing an embedded system to validate certificates if the system time has not been synchronized after boot. Certificates of established tunnels can be re-validated after the system time gets valid.
| * | Add a cert_validator hook allowing plugins to provide custom lifetime checkingMartin Willi2013-02-192-10/+64
| | |
| * | Make cert_validator_t.validate optional to implementMartin Willi2013-02-192-0/+5
| |/
* | Fix auth_cfg_t.clone() for single-valued auth rulesTobias Brunner2013-02-281-10/+11
| | | | | | | | | | | | | | | | | | | | By using the default list enumerator and adding the rules with the public add() method, clones of auth_cfg_t objects would return the values for single-valued auth rules in the wrong order (i.e. the oldest instead of the newest value was returned). Using the internal enumerator (which the comment already suggested) fixes this, but the clone will not be a full clone as it does not contain any old values for single-valued auth rules. Since these will never be used anyway, this should be fine.
* | Encode RSA public keys in RFC 3110 DNSKEY formatAndreas Steffen2013-02-191-0/+2
|/
* Fix doxygen grouping regarding containers and PKCS#7Martin Willi2012-12-191-4/+4
|
* Allocate data returned by pkcs7_t.get_attribute()Martin Willi2012-12-191-1/+4
|
* Fix enum names for container_type_tMartin Willi2012-12-191-1/+1
|
* Add an enumerator for PKCS#7 contained certificatesMartin Willi2012-12-191-0/+7
|
* Add a getter for signed PKCS#7 attributesMartin Willi2012-12-191-0/+14
|
* Add builder parts to generate PKCS#7 containersMartin Willi2012-12-192-1/+10
|
* Add a generic interface for crypto containers and a more specific PKCS#7 ↵Martin Willi2012-12-195-5/+176
| | | | interface
* allow the optional sharing if RSA private keysAndreas Steffen2012-11-222-0/+6
|
* implemented generation of safe primesAndreas Steffen2012-11-182-0/+3
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-246-6/+6
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-2413-14/+14
|
* Fix equality comparison of auth_cfg_tTobias Brunner2012-09-181-2/+16
| | | | | | | We previously only confirmed that rules contained in the first config are also contained in the second, but since the number of rules does not have to be equal, it might be that the second config contains rules that the first one doesn't.
* Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiatorTobias Brunner2012-09-182-0/+26
| | | | | | If it is set on an auth config IDr will not be sent, and later the configured identity will not only be checked against the returned IDr, but also against other identities contained in the responder's certificate.
* Comment fixedTobias Brunner2012-08-131-1/+1
|
* Show which group would be required when failing in constraint checkMartin Willi2012-07-261-8/+10
|
* Add an option to disable libstrongswan certificate cachingMartin Willi2012-07-091-18/+29
|
* Support multiple different public key strength types in constraintsMartin Willi2012-06-121-41/+38
|
* Add signature schemes to auth_cfg during trustchain validationMartin Willi2012-06-124-17/+43
|
* certificate_t->issued_by takes an argument to receive signature schemeMartin Willi2012-06-122-2/+4
|
* Define auth_cfg rules for signature schemesMartin Willi2012-06-122-0/+53
|
* Merge branch 'ikev1'Martin Willi2012-05-025-42/+142
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-205-42/+140
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| | * Accept NULL auth_cfg_t passed to credential_manager_t.get_private()Martin Willi2012-03-201-26/+32
| | |
| | * Fixed create_shared_enumerator method descriptionMartin Willi2012-03-201-1/+1
| | |
| | * Added a flag to register local credential sets exclusively, disabling all othersMartin Willi2012-03-202-16/+72
| | |
| | * Added support for iKEIntermediate X.509 extended key usage flag.Tobias Brunner2012-03-201-0/+2
| | | | | | | | | | | | Mac OS X requires server certificates to have this flag set.
| | * Some whitespace fixes.Tobias Brunner2012-03-201-4/+4
| | |
| | * Added an XAUTH identity to use or require for XAuth authenticationMartin Willi2012-03-202-0/+11
| | |
| | * Stop checking once a key size constraint is not fulfilledMartin Willi2012-03-201-0/+3
| | |
| | * Free list after removing the last local credential set, fixes a leak reportMartin Willi2012-03-201-0/+5
| | |
| | * Added missing XAuth auth_class enum nameMartin Willi2012-03-201-1/+2
| | |
| | * Added auth_cfg option to select XAUTH backend to useMartin Willi2012-03-202-0/+12
| | |
| | * Use a second authentication config to configure XAUTH authenticationMartin Willi2012-03-201-4/+2
| | |
| | * Map auth_class to auth method and IKEv1 proposal attributeMartin Willi2012-03-201-0/+2
| | |
| | * IKEv1 XAUTH: Added ability to configure XAUTH+PSK. Added task to handle ↵Clavister OpenSource2012-03-201-0/+2
| | | | | | | | | | | | XAUTH requests. Modified task_manager_v1 to enable it to initiate new tasks immediately after finishing a response.
* | | Removed auth_cfg_t.replace_value() and replaced usages with add().Tobias Brunner2012-04-182-76/+35
| | | | | | | | | | | | | | | replace_value() was used to replace identities. Since for these the latest is now returned by get(), adding the new identity with add() is sufficient.
* | | Changed the order and semantics of rules we expect only once in auth_cfg_t.Tobias Brunner2012-04-182-114/+212
| | | | | | | | | | | | | | | | | | | | | These rules are now inserted at the front of the internal list, this allows to retrieve the rule added last with get(). For other rules the order in which they are added is maintained (this allows to properly enumerate them).
* | | Added a simple method to replace the value of a rule in auth_cfg_t.Tobias Brunner2012-04-162-32/+74
|/ /
* | Add builder part for parameters from algorithmIdentifier.Tobias Brunner2012-02-012-1/+4
| |
* | Fixed additional typos in comments and log messages.Tobias Brunner2012-01-121-1/+1
| |
* | Fix whitespacesAdrian-Ken Rueegsegger2012-01-121-4/+4
| |
* | Some documentation correctionsAdrian-Ken Rueegsegger2012-01-128-33/+32
| |
* | Reverse the changes made to openssl plugin for signature verificationSansar Choinyambuu2011-11-282-3/+0
| |
* | use openssl rsa_verify functionSansar Choinyambuu2011-11-282-0/+3
| |
* | Reverse the changes made to openssl plugin for signature verificationSansar Choinyambuu2011-11-282-3/+0
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 03:55:56 +0000