aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
Commit message (Collapse)AuthorAgeFilesLines
...
* Check for issuer only if we actually got a CRLMartin Willi2011-01-051-7/+7
|
* Check inhibitAnyPolicy in constraints pluginMartin Willi2011-01-051-8/+53
|
* Slightly renamed different policyConstraints to distinguish them betterMartin Willi2011-01-053-32/+32
|
* Added support for inhibitAnyPolicy constraint to x509 pluginMartin Willi2011-01-054-33/+62
|
* Use a generic getter for all numerical X.509 constraintsMartin Willi2011-01-054-38/+42
|
* Check inhibitPolicyMapping in constraints pluginMartin Willi2011-01-051-3/+53
|
* Check requireExplicitPolicy in constraints pluginMartin Willi2011-01-051-19/+109
|
* Include subject cert to temporary auth info before completing trustchainMartin Willi2011-01-051-4/+1
|
* Fail silently when trying to convert IPv6 address to v4 family hostMartin Willi2011-01-051-0/+4
|
* Pass an additional anchor flag to validate() hook if we reach the root CAMartin Willi2011-01-054-8/+12
|
* Always pass auth info to validate(), use pathlen to check for user certificateMartin Willi2011-01-053-7/+9
|
* Added support for delta CRLs to x509 pluginMartin Willi2011-01-055-7/+130
|
* Moved CRL distribution point building to an exportable functionMartin Willi2011-01-051-29/+43
|
* Simplified format of x509 CRL URI parsing/enumeratorMartin Willi2011-01-056-212/+144
|
* Fail on critical extensions in openssl CRLsMartin Willi2011-01-051-1/+6
|
* Respect enforce_critical setting in x509 plugin CRLsMartin Willi2011-01-051-0/+8
|
* Parse CRL extensions in a switch statementMartin Willi2011-01-051-18/+24
|
* Respect policy mappings in certificatePolicy validationMartin Willi2011-01-051-24/+64
|
* Validate simple certificatePolicy inheritanceMartin Willi2011-01-051-0/+54
|
* Added a certificate policy OID auth_cfg constraintMartin Willi2011-01-052-0/+31
|
* Added support for policyConstraints to x509 pluginMartin Willi2011-01-056-8/+147
|
* Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for ↵Martin Willi2011-01-054-6/+6
| | | | PolicyConstraints, too
* Added policyMappings support to x509 pluginMartin Willi2011-01-055-3/+152
|
* Added policyMappings OID identifierMartin Willi2011-01-051-1/+1
|
* Added certificatePolicy support to x509 pluginMartin Willi2011-01-055-11/+188
|
* Added a null-safe strdup variantMartin Willi2011-01-052-1/+6
|
* Fail when parsing unsupported critical extensions in openssl_x509Martin Willi2011-01-051-1/+5
|
* Added CertificatePolicy OID identifierMartin Willi2011-01-051-3/+3
|
* Added conversion functions between string OIDs and its DER encodingMartin Willi2011-01-052-0/+110
|
* Do not parse certificates with invalid version in openssl pluginMartin Willi2011-01-051-0/+7
|
* Implemented NameConstraint matching in constraints pluginMartin Willi2011-01-051-0/+208
|
* Added support for generating NameConstraints in x509 pluginMartin Willi2011-01-053-4/+80
|
* Added support for parsing NameConstraints in x509 pluginMartin Willi2011-01-051-0/+59
|
* Added name constraint enumerator to x509 interfaceMartin Willi2011-01-053-1/+38
|
* Migrated x509_cert_t to INIT/METHOD macrosMartin Willi2011-01-051-144/+88
|
* Moved X509 pathlen constraint checking to constraints pluginMartin Willi2011-01-052-17/+29
|
* Added plugin stub for advanced X509 constraint checkingMartin Willi2011-01-056-0/+238
|
* Added a strncaseeq variant to the string comparison macrosMartin Willi2011-01-051-1/+6
|
* CRL/OCSP validation stores trustchain information in auth_cfgMartin Willi2011-01-051-17/+31
|
* Key strength checking stores all key sizes in auth_cfg, verifies all in ↵Martin Willi2011-01-052-75/+84
| | | | complies()
* Use subject, not issuer, of CRL issuing certificateMartin Willi2011-01-051-1/+1
|
* CRLSign keyUsage or CA basicConstraint are sufficient for CRL validationMartin Willi2011-01-051-1/+1
|
* Parse and encode crlSign keyUsage flag in x509 pluginMartin Willi2011-01-051-10/+71
|
* Added a flag for X509 CRLSign keyUsageMartin Willi2011-01-051-0/+2
|
* Remove x509_flag_names, flags do not work with ENUM()Martin Willi2011-01-053-35/+1
|
* Use certificate CRLIssuer information to look up cacched CRLs or CDPsMartin Willi2011-01-051-50/+88
|
* Added support for CRL Issuers to x509 and OpenSSL pluginsMartin Willi2011-01-056-65/+259
|
* Added key strength constraints for RSA or ECDSA trustchainsMartin Willi2011-01-053-0/+97
|
* Migrated psk/pubkey_authenticators to INIT/METHOD macrosMartin Willi2011-01-052-0/+13
|
* Load plugins only once, even if listed twiceMartin Willi2011-01-051-0/+27
|