| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | revocation: Restrict OCSP signing to specific certificates | Martin Willi | 2014-03-31 | 1 | -1/+1 |
| | | | | | | | | | | | | | | To avoid considering each cached OCSP response and evaluating its trustchain, we limit the certificates considered for OCSP signing to: - The issuing CA of the checked certificate - A directly delegated signer by the same CA, having the OCSP signer constraint - Any locally installed (trusted) certificate having the OCSP signer constraint The first two options cover the requirements from RFC 6960 2.6. For compatibility with non-conforming CAs, we allow the third option as exception, but require the installation of such certificates locally. | ||||
| * | upgraded ikev2 scenarios to 5.0.0 | Andreas Steffen | 2012-05-11 | 1 | -6/+6 |
| | | |||||
| * | due to a bug fix reverted to the previous RULE_CRL_VALIDATION check | Andreas Steffen | 2011-09-09 | 1 | -1/+1 |
| | | |||||
| * | adapted evaltest.dat to new RULE_OCSP_VALIDATION | Andreas Steffen | 2010-09-01 | 1 | -1/+1 |
| | | |||||
| * | merged multi-auth branch back into trunk | Martin Willi | 2009-04-14 | 1 | -1/+2 |
| | | |||||
| * | adapted ikev2 uml scenarios for the 4.2 version | Andreas Steffen | 2008-04-01 | 1 | -3/+4 |
| | | |||||
| * | ocsp-no-signer-cert added | Andreas Steffen | 2007-04-20 | 1 | -0/+5 |
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |