| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | pki: Enable PSS padding if enabled in strongswan.conf | Tobias Brunner | 2017-11-08 | 1 | -1/+3 |
| | | |||||
| * | pki: Optionally generate RSA/PSS signatures | Tobias Brunner | 2017-11-08 | 1 | -6/+19 |
| | | |||||
| * | pki: Reset variable so error handling works properly | Tobias Brunner | 2017-04-19 | 1 | -0/+1 |
| | | | | | | If we jump to `end` without this we crash (not necessarily visibly) due to a double free and the actual error message is not printed. | ||||
| * | pki: Edited keyid parameter use in various pki man pages and usage outputs | Andreas Steffen | 2017-03-06 | 1 | -2/+2 |
| | | |||||
| * | pki: Support an --addrblock option for issued certificates | Martin Willi | 2017-02-27 | 1 | -1/+16 |
| | | |||||
| * | Added support of EdDSA signatures | Andreas Steffen | 2016-12-14 | 1 | -2/+7 |
| | | |||||
| * | pki: Add generic 'priv' key type that loads any type of private key | Tobias Brunner | 2016-10-05 | 1 | -1/+6 |
| | | |||||
| * | Support BLISS signatures with SHA-3 hash | Andreas Steffen | 2015-11-03 | 1 | -1/+2 |
| | | |||||
| * | pki: Add new type options to --issue command usage output | Tobias Brunner | 2015-08-27 | 1 | -2/+2 |
| | | |||||
| * | pki: Optionally extract public key from given private key in --issue | Tobias Brunner | 2015-08-10 | 1 | -4/+27 |
| | | | | | Fixes #618. | ||||
| * | pki: Choose default digest based on the signature key | Tobias Brunner | 2015-03-23 | 1 | -2/+6 |
| | | |||||
| * | pki: Use SHA-256 as default for signatures | Tobias Brunner | 2015-03-23 | 1 | -10/+2 |
| | | | | | | | Since the BLISS private key supports this we don't do any special handling anymore (if the user choses a digest that is not supported, signing will simply fail later because no signature scheme will be found). | ||||
| * | Allow SHA256 and SHA384 data hash for BLISS signatures. | Andreas Steffen | 2015-02-26 | 1 | -3/+7 |
| | | | | | | The default is SHA512 since this hash function is also used for the c_indices random oracle. | ||||
| * | Implemented full BLISS support for IKEv2 public key authentication and the ↵ | Andreas Steffen | 2014-11-29 | 1 | -0/+6 |
| | | | | | pki tool | ||||
| * | pki: Switch to binary mode on Windows when reading/writing DER to FDs | Martin Willi | 2014-06-04 | 1 | -0/+2 |
| | | |||||
| * | enum: Return boolean result for enum_from_name() lookup | Martin Willi | 2014-05-16 | 1 | -2/+1 |
| | | | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned. | ||||
| * | Added support for msSmartcardLogon EKU | Andreas Steffen | 2014-04-08 | 1 | -1/+5 |
| | | |||||
| * | pki: Support absolute --not-before/after issued certificate lifetimes | Martin Willi | 2014-03-31 | 1 | -6/+21 |
| | | |||||
| * | pki: Don't generate negative random serial numbers in X.509 certificates | Martin Willi | 2014-03-31 | 1 | -0/+1 |
| | | | | | According to RFC 5280 4.1.2.2 we MUST force non-negative serial numbers. | ||||
| * | chunk: Use dynamically allocated buffer in chunk_from_fd() | Martin Willi | 2014-01-23 | 1 | -3/+13 |
| | | | | | | | | | When acting on files, we can use fstat() to estimate the buffer size. On non-file FDs, we dynamically increase an allocated buffer. Additionally we slightly change the function signature to properly handle zero-length files and add appropriate unit tests. | ||||
| * | pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOB | Tobias Brunner | 2013-10-23 | 1 | -2/+10 |
| | | | | | This allows more than one builder to try parsing the data read from STDIN. | ||||
| * | pki: Add pki --issue man page | Tobias Brunner | 2013-09-13 | 1 | -6/+6 |
| | | |||||
| * | Moved debug.[ch] to utils folder | Tobias Brunner | 2012-10-24 | 1 | -1/+1 |
| | | |||||
| * | Moved data structures to new collections subfolder | Tobias Brunner | 2012-10-24 | 1 | -1/+1 |
| | | |||||
| * | Use centralized hasher names in pki utility | Martin Willi | 2012-07-17 | 1 | -2/+2 |
| | | |||||
| * | Check rng return value when generating serial numbers in pki utility | Tobias Brunner | 2012-07-16 | 1 | -4/+4 |
| | | |||||
| * | Merge branch 'ikev1-clean' into ikev1-master | Martin Willi | 2012-03-20 | 1 | -0/+4 |
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins. | ||||
| | * | Added support for iKEIntermediate flag to ipsec pki. | Tobias Brunner | 2012-03-20 | 1 | -0/+4 |
| | | | |||||
| * | | pki: Avoid integer overflow when calculating certificate lifetimes. | Tobias Brunner | 2011-12-23 | 1 | -1/+1 |
| |/ | | | | This only works properly if sizeof(time_t) > 4. | ||||
| * | use DN from pkcs10 request if it exists | Andreas Steffen | 2011-02-07 | 1 | -5/+6 |
| | | |||||
| * | Added support for empty subjects DNs to pki --issue | Martin Willi | 2011-01-05 | 1 | -8/+7 |
| | | |||||
| * | Slightly renamed different policyConstraints to distinguish them better | Martin Willi | 2011-01-05 | 1 | -6/+6 |
| | | |||||
| * | Added inhibitAnyPolicy constraint support to pki tool | Martin Willi | 2011-01-05 | 1 | -2/+7 |
| | | |||||
| * | Added support for delta CRLs to pki tool | Martin Willi | 2011-01-05 | 1 | -1/+1 |
| | | |||||
| * | Simplified format of x509 CRL URI parsing/enumerator | Martin Willi | 2011-01-05 | 1 | -9/+24 |
| | | |||||
| * | Added policyConstraints support to pki tool | Martin Willi | 2011-01-05 | 1 | -24/+36 |
| | | |||||
| * | Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for ↵ | Martin Willi | 2011-01-05 | 1 | -1/+1 |
| | | | | | PolicyConstraints, too | ||||
| * | Added policyMappings support to pki tool | Martin Willi | 2011-01-05 | 1 | -6/+51 |
| | | |||||
| * | Added certificatePolicy options to pki tool | Martin Willi | 2011-01-05 | 1 | -2/+50 |
| | | |||||
| * | pki --issue/self support permitted/excluded NameConstraints | Martin Willi | 2011-01-05 | 1 | -2/+21 |
| | | |||||
| * | pki tool shows and builds crlSign keyUsage | Martin Willi | 2011-01-05 | 1 | -1/+5 |
| | | |||||
| * | Added --crlissuer option to pki --issue | Martin Willi | 2011-01-05 | 1 | -18/+25 |
| | | |||||
| * | Added PKCS#11 private key support to the pki tool | Martin Willi | 2010-08-04 | 1 | -9/+25 |
| | | |||||
| * | Added pki PEM encoding support for certificates, CRLs and PKCS10 requests | Martin Willi | 2010-07-13 | 1 | -4/+12 |
| | | |||||
| * | Support different encoding types in certificate.get_encoding() | Martin Willi | 2010-07-13 | 1 | -2/+1 |
| | | |||||
| * | Changed default lifetime of certificates to 3 years | Martin Willi | 2010-05-31 | 1 | -2/+2 |
| | | |||||
| * | Adding DBG_LIB to all calls of libstrongswan's version of DBG*. | Tobias Brunner | 2010-04-06 | 1 | -4/+4 |
| | | |||||
| * | we don't accept a serial number with leading zeroes | Andreas Steffen | 2010-03-14 | 1 | -0/+5 |
| | | |||||
| * | Support TLS client authentication Extended Key Usage in x509 generation | Martin Willi | 2010-01-14 | 1 | -1/+5 |
| | | |||||
| * | ipsec pki --self|issue supports --pathlen option setting a path length ↵ | Andreas Steffen | 2009-12-31 | 1 | -2/+8 |
| | | | | | constraint | ||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |