aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* stroke: Load credentials from PKCS#12 files (P12 token)Tobias Brunner2013-05-081-15/+92
|
* openssl: Cleanup thread specific error bufferTobias Brunner2013-05-081-5/+38
|
* openssl: Don't use deprecated CRYPTO_set_id_callback() with OpenSSL >= 1.0.0Tobias Brunner2013-05-081-17/+29
|
* openssl: Add PKCS#12 parsing via OpenSSLTobias Brunner2013-05-084-0/+307
|
* openssl: Properly cleanup OpenSSL libraryTobias Brunner2013-05-082-9/+7
|
* charon-cmd: Add support for PKCS#12 filesTobias Brunner2013-05-084-1/+52
|
* PEM plugin loads PKCS#12 containers from (DER-encoded) filesTobias Brunner2013-05-083-0/+24
| | | | | It is not actually able to handle PEM encoded PKCS#12 files produced by OpenSSL.
* Remove pluto specific certificate typesTobias Brunner2013-05-083-14/+1
|
* charon-cmd: match_me/match_other are optional in callback credentialsTobias Brunner2013-05-081-1/+8
|
* charon-cmd: Request password for private keysTobias Brunner2013-05-081-0/+3
|
* Add support for untruncated HMAC-SHA-512Tobias Brunner2013-05-085-1/+13
|
* Also support 128-bit RC2Tobias Brunner2013-05-081-1/+2
|
* Add pkcs12 plugin which adds support for decoding PKCS#12 containersTobias Brunner2013-05-0810-1/+803
|
* Function added to convert a hash algorithm to an HMAC integrity algorithmTobias Brunner2013-05-082-0/+77
|
* Support the PKCS#5/PKCS#12 encryption scheme used by OpenSSL for private keysTobias Brunner2013-05-081-0/+6
|
* Register PKCS#8 builder for KEY_ANYTobias Brunner2013-05-081-0/+1
|
* Add support for PKCS#7/CMS encrypted-dataTobias Brunner2013-05-086-5/+267
|
* Move PKCS#12 key derivation to a separate fileTobias Brunner2013-05-085-147/+238
|
* PKCS#5 wrapper can decrypt PKCS#12-like schemesTobias Brunner2013-05-082-4/+180
|
* Add test vectors for RC2Tobias Brunner2013-05-083-0/+118
|
* Fix cleanup in crypto_tester if a crypter failsTobias Brunner2013-05-081-1/+4
|
* Add implementation of the RC2 block cipher (RFC 2268)Tobias Brunner2013-05-088-4/+555
|
* Extract function to convert ASN.1 INTEGER object to u_int64_tTobias Brunner2013-05-083-23/+28
|
* Extract PKCS#5 handling from pkcs8 plugin to separate helper classTobias Brunner2013-05-085-458/+710
|
* charon-cmd: Changed formatting of optional arguments in usage informationTobias Brunner2013-05-081-8/+10
| | | | Optional arguments have to be specified with = after the option.
* charon-cmd: --agent optionally takes the path to an ssh-agent socketTobias Brunner2013-05-083-16/+24
| | | | If not given it is read from the SSH_AUTH_SOCK environment variable.
* charon-cmd: Stop processing options if an argument is missing or an option ↵Tobias Brunner2013-05-081-0/+3
| | | | not recognized
* charon-cmd: Properly initialize options with no additional linesTobias Brunner2013-05-071-10/+10
|
* agent: Use sshkey plugin to parse keys, adds support for ECDSATobias Brunner2013-05-073-57/+69
|
* sshkey: Add support for ECDSA keysTobias Brunner2013-05-071-0/+70
|
* Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-075-22/+24
|
* left|rightrsasigkey accepts SSH keys but the key format has to be specified ↵Tobias Brunner2013-05-071-12/+22
| | | | | | | explicitly The default is now PKCS#1. With the dns: and ssh: prefixes other formats can be selected.
* sshkey: Added builder for SSHKEY RSA keysTobias Brunner2013-05-076-1/+142
|
* Add sshkey plugin stub that will parse RFC 4253 public keysTobias Brunner2013-05-074-0/+136
|
* Try to load raw keys from ipsec.conf as PKCS#1 blob firstTobias Brunner2013-05-071-5/+12
| | | | | The DNSKEY builder is quite eager and parses pretty much anything as RSA key, so this has to be done before.
* charon-cmd: Add --agent option to authenticate using ssh-agent(1)Tobias Brunner2013-05-074-0/+72
| | | | | | The socket path is read from the SSH_AUTH_SOCK environment variable. So using this with sudo might require the -E command line (or an appropriate sudoers config) to preserve the environment.
* charon-cmd: Use loose matching of gateway identityTobias Brunner2013-05-071-0/+1
|
* kernel-pfroute: allow only one thread to do a route look up simultaneouslyMartin Willi2013-05-061-1/+8
| | | | Otherwise we mess up the sequence number another thread is waiting for.
* kernel-interface: query SAD for last use time if SPD query didn't yield oneMartin Willi2013-05-0610-16/+50
|
* child-sa: query SAD/SPD just for what we actually need to update statisticsMartin Willi2013-05-061-2/+5
|
* kernel-pfkey: be less verbose about unexpected sequence numbersMartin Willi2013-05-061-1/+1
|
* kernel-pfkey: install exclude routes if kernel-net requires themMartin Willi2013-05-061-0/+152
|
* kernel-pfroute: add a feature flag requesting "exclude" routesMartin Willi2013-05-062-0/+9
| | | | | | | | If routes installed along with policies covering the peer address affect local IKE/ESP packets, they won't get routed correctly. To work around this issue, the kernel interface can install "exclude" routes for the IKE peer. Not all networking backends require this workaround, hence we export a flag for it if it is required.
* kernel-pfroute: remove unused interface address refcountingMartin Willi2013-05-061-11/+0
|
* kernel-pfroute: mark IPs installed on tun device as virtualMartin Willi2013-05-061-1/+24
|
* kernel-pfroute: install virtual IPs using dedicated tun devicesMartin Willi2013-05-061-5/+91
|
* kernel-pfkey: when installing a route for a virtual IP, use its interfaceMartin Willi2013-05-061-1/+10
| | | | | When installing a route over a tun device for a virtual IP, the route must be set over the tun, not the IKE interface.
* kernel-interface: get_address_by_ts() can tell if a returned IP is virtualMartin Willi2013-05-065-6/+31
|
* kernel-interface: support enumeration of virtual-only IPsMartin Willi2013-05-063-9/+20
|
* kernel-pfkey: refactor route installation to a dedicate functionMartin Willi2013-05-061-74/+81
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 11:46:36 +0000