Todo-List for charon -------------------- + = done, / = partial, - = todo, ordered by priority + private key loading: der, without passphrase + load all private keys from ipsec.d/private/ in stroke.c + handle leftcert and rightcert in starterstroke.c/stroke.c + load specified certs in stroke.c + extract public keys from certs + public key authentication + release for Andreas + stroke loglevels + stroke up + ike_sa_manager checkout_by_hosts + stroke down + stroke output redirection + stroke status + libx509 + new charon build - libstrong? + transforms + utils (plus host) + logger_manager instance in lib + leak detective usable for charon and pluto and anything else + integrate asn1 parser/oid (asn1/oid) + integrate basic PEM loading + port x509 stuff + doxygen cleanup (charon/lib) + new build environment (autotools?) + useable certificate support + more id types (use atodn from pluto) + rewrite certificate storage the clean way + further subjectAltName support + certificate validation/chaining + certificate exchange + Apply -W's from Makefile.program to charon + do ipsec status via starter + stroke status should show configured connections + stroke loglevel update + stroke argument parsing via getopts/gperf? + ipsec.secrets parsing + trapping + proper delete messages + notifys on connection setup failure + create child sa message/rekeying + IKE_SA rekeying + handle all simultaneous rekeying/delete/create cases + replace state machine with something more transaction oriented + find existing IKE_SA on CHILD_SA initiation + use dpdaction/dpddelay parameters from ipsec.conf / add firewall script support - do not link unneeded libraries in bins - include only a minimum of NATD payloads - implement 3DES to load encrypted pem files - implement a "event bus" mechanism - add more output to to up/down, somehow... - configure flag which allows to ommit vendor id in pluto - ikelifetime should optionally enforce reauthentication - cookies/DDoS prevention - implement a mechanism against thread exhaustion when a blocked IKE_SA receives a lot of messages - add a crl fetch mechanism which synchronizes equal fetches - add support for CERTREQs - proper handling of multiple certificate payloads (import order) - add a Rekey-Counter for SAs in "statusall"