Todo-List for charon
======================

+ = done, / = partial, - = todo, ordered by priority


+ private key loading: der, without passphrase
+ load all private keys from ipsec.d/private/ in stroke.c
+ handle leftcert and rightcert in starterstroke.c/stroke.c
+ load specified certs in stroke.c
+ extract public keys from certs
+ public key authentication
+ release for Andreas

+ stroke loglevels
+ stroke up
+ ike_sa_manager checkout_by_hosts
+ stroke down
+ stroke output redirection
+ stroke status

+ libx509
  + new charon build - libstrong?
    + transforms
    + utils (plus host)
    + logger_manager instance in lib
    + leak detective usable for charon and pluto and anything else
  + integrate asn1 parser/oid (asn1/oid)
  + integrate basic PEM loading
  + port x509 stuff

+ doxygen cleanup (charon/lib)
+ new build environment (autotools?)

+ useable certificate support
  + more id types (use atodn from pluto)
  + rewrite certificate storage the clean way
  + further subjectAltName support
  + certificate validation/chaining
  + certificate exchange

+ Apply -W's from Makefile.program to charon
+ do ipsec status via starter
- add more output to to up/down, somehow...

+ stroke status should show configured connections
+ stroke loglevel update
+ stroke argument parsing via getopts/gperf?

- implement 3DES to load encrypted pem files
+ ipsec.secrets parsing

+ trapping
+ proper delete messages
- notifys on connection setup failure
+ create child sa message/rekeying
/ IKE_SA rekeying
  - handle all simultaneous rekeying/delete/create cases

- implement a mechanism against thread exhaustion
  when a blocked IKE_SA receives a lot of messages
- add a crl fetch mechanism which synchronizes equal fetches

+ replace state machine with something more transaction oriented
+ find existing IKE_SA on CHILD_SA initiation

- configure flag which allows to ommit vendor id in pluto