| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | constraints: Use a more specific FQDN/email name constraint matching | Martin Willi | 2014-10-30 | 1 | -22/+73 |
| | | | | | | | | While RFC 5280 is not very specific about the matching rules of subjectAltNames, it has some examples how to match email and FQDN constraints. We try to follow these examples, and restrict DNS names to subdomain matching and email to full email, host or domain matching. | ||||
| * | constraints: Don't reject certificates with invalid certificate policies | Martin Willi | 2014-10-30 | 1 | -25/+97 |
| | | | | | | | | | | | | | Instead of rejecting the certificate completely if a certificate has a policy OID that is actually not allowed by the issuer CA, we accept it. However, the certificate policy itself is still considered invalid, and is not returned in the auth config resulting from trust chain operations. A user must make sure to rely on the returned auth config certificate policies instead of the policies contained in the certificate; even if the certificate is valid, the policy OID itself in the certificate are not to be trusted anymore. | ||||
| * | plugins: Don't link with -rdynamic on Windows | Martin Willi | 2014-06-04 | 1 | -1/+1 |
| | | |||||
| * | credmgr: introduce a hook function to catch trust chain validation errors | Martin Willi | 2013-07-18 | 1 | -0/+8 |
| | | |||||
| * | automake: replace INCLUDES by AM_CPPFLAGS | Martin Willi | 2013-07-18 | 1 | -3/+4 |
| | | | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only. | ||||
| * | constraints: Use plugin features with soft dependency on X.509 decoding | Tobias Brunner | 2013-06-11 | 1 | -3/+31 |
| | | |||||
| * | Moved debug.[ch] to utils folder | Tobias Brunner | 2012-10-24 | 1 | -1/+1 |
| | | |||||
| * | Moved data structures to new collections subfolder | Tobias Brunner | 2012-10-24 | 1 | -1/+1 |
| | | |||||
| * | Added a (not yet implemented) plugin_t method to reload plugin configuration | Martin Willi | 2011-04-15 | 1 | -0/+1 |
| | | |||||
| * | Added a get_name() function to plugin_t, create_plugin_enumerator enumerates ↵ | Martin Willi | 2011-04-15 | 1 | -0/+7 |
| | | | | | over plugin_t | ||||
| * | [hopefully] fixed pathlen problem on ARM platforms | Andreas Steffen | 2011-02-10 | 1 | -4/+5 |
| | | |||||
| * | Check inhibitAnyPolicy in constraints plugin | Martin Willi | 2011-01-05 | 1 | -8/+53 |
| | | |||||
| * | Use a generic getter for all numerical X.509 constraints | Martin Willi | 2011-01-05 | 1 | -3/+3 |
| | | |||||
| * | Check inhibitPolicyMapping in constraints plugin | Martin Willi | 2011-01-05 | 1 | -3/+53 |
| | | |||||
| * | Check requireExplicitPolicy in constraints plugin | Martin Willi | 2011-01-05 | 1 | -19/+109 |
| | | |||||
| * | Pass an additional anchor flag to validate() hook if we reach the root CA | Martin Willi | 2011-01-05 | 1 | -1/+2 |
| | | |||||
| * | Always pass auth info to validate(), use pathlen to check for user certificate | Martin Willi | 2011-01-05 | 1 | -3/+4 |
| | | |||||
| * | Respect policy mappings in certificatePolicy validation | Martin Willi | 2011-01-05 | 1 | -24/+64 |
| | | |||||
| * | Validate simple certificatePolicy inheritance | Martin Willi | 2011-01-05 | 1 | -0/+54 |
| | | |||||
| * | Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for ↵ | Martin Willi | 2011-01-05 | 1 | -1/+1 |
| | | | | | PolicyConstraints, too | ||||
| * | Implemented NameConstraint matching in constraints plugin | Martin Willi | 2011-01-05 | 1 | -0/+208 |
| | | |||||
| * | Moved X509 pathlen constraint checking to constraints plugin | Martin Willi | 2011-01-05 | 1 | -0/+29 |
| | | |||||
| * | Added plugin stub for advanced X509 constraint checking | Martin Willi | 2011-01-05 | 5 | -0/+231 |
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |