sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity
8,130 Commits 101 Branches 327 Tags
Commit Graph

8130 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Brunner
dcefa26787 Moved and clarified NEWS about PKCS#8 plugin. 2012-02-01 18:32:28 +01:00
Tobias Brunner
e81260d426 Moved log message for unexpected ASN.1 objects to level 2. 
This avoids error messages if later builders can successfully decode something.
 2012-02-01 18:27:46 +01:00
Tobias Brunner
fd1ff46f61 Added support for PKCS#5 v2 schemes when decrypting PKCS#8 files. 2012-02-01 18:27:46 +01:00
Tobias Brunner
1f2e036b3e NEWS about pkcs8 plugin added. 2012-02-01 18:27:46 +01:00
Tobias Brunner
cab127cba6 Added support for encrypted PKCS#8 files (for some PKCS#5 v1.5 schemes). 2012-02-01 18:27:46 +01:00
Tobias Brunner
db3334dc32 Added support to parse PKCS#8 encoded ECDSA private keys. 2012-02-01 18:27:45 +01:00
Tobias Brunner
27f8a61df3 OpenSSL plugin parses ECDSA private keys with explicitly specified EC parameters. 
This is needed in case the key itself does not contain the parameters,
which is the case for PKCS#8.
 2012-02-01 18:27:45 +01:00
Tobias Brunner
b20c54ff3f Add builder part for parameters from algorithmIdentifier. 2012-02-01 18:27:45 +01:00
Tobias Brunner
25c6d26c1d Return parsed parameters from algorithmIdentifier if they are an OID (aka EC named curve). 
Explicit EC parameters are not supported with this function, but before this
change no parameters were actually ever returned.
 2012-02-01 18:27:45 +01:00
Tobias Brunner
9255aa87ec Parse RSA private keys from PKCS#8 encoded blobs. 2012-02-01 18:27:45 +01:00
Tobias Brunner
5ec525c1d1 Added PKCS#8 stub plugin. 2012-02-01 18:27:45 +01:00
Tobias Brunner
9ec66bc1a5 Added an option to load CA certificates without CA basic constraint. 
Enabling this option treats all certificates in ipsec.d/cacerts and
ipsec.conf ca sections as CA certificates even if they do not contain a
CA basic constraint.
 2012-02-01 14:34:52 +01:00
Martin Willi
a895801270 Added TLS session resumption NEWS 2012-02-01 12:13:00 +01:00
Martin Willi
a345aa2639 Added RADIUS accounting NEWS 2012-02-01 12:07:32 +01:00
Martin Willi
503dee4d2f Added RADIUS accounting option to strongswan.conf manual 2012-02-01 11:35:13 +01:00
Martin Willi
0399edef71 Support RADIUS accounting messages containing Framed-IP and Inbound/Outbound-Octets 2012-01-30 19:16:49 +01:00
Martin Willi
8e5b4aa023 Open RADIUS accounting sockets to exchange accounting messages 2012-01-30 19:15:20 +01:00
Martin Willi
a69aff5f17 Support signing of RADIUS accounting messages 2012-01-30 19:13:20 +01:00
Martin Willi
370de553f8 RADIUS message constructor accepts a message code parameter 2012-01-30 19:11:08 +01:00
Tobias Brunner
7171d8765e Disable crypto benchmarking if CLOCK_THREAD_CPUTIME_ID is not available. 2012-01-30 11:04:55 +01:00
Martin Willi
023800ba62 Build libstrongswan if libfast gets built 2012-01-24 18:23:44 +01:00
Tobias Brunner
f1ba06c1c6 Cache list of plugin names to further simplify its usage. 
Also helpful for ipsec statusall to avoid having to enumerate plugins.
 2012-01-19 12:37:42 +01:00
Tobias Brunner
fdf1f239ef Log list of loaded plugins in main PKI help output. 2012-01-19 11:56:43 +01:00
Tobias Brunner
576298a3ef Simplified logging of list of loaded plugins. 2012-01-19 11:56:03 +01:00
Tobias Brunner
ad1aaf4be3 Function added to plugin_loader to get a list of the names of loaded plugins. 2012-01-19 11:51:51 +01:00
Martin Willi
498d172c33 Use correct time_t variables to store ARG_TIME options 2012-01-18 10:31:45 +01:00
Thomas Egerer
d68b8dfec4 Destroy active task list before queued tasks 
Since active task's destruction might result in adopting tasks from a
rekeyed ike sa it seems better to first destroy the active task list and
then destroy all queued tasks. This way adoption is possible at all,
while otherwise the queued task list would be empty.
 2012-01-18 10:06:54 +01:00
Adrian-Ken Rueegsegger
5ed3e3a7e6 Various style, typo and whitespace corrections 2012-01-13 16:27:35 +01:00
Tobias Brunner
9d17c1a679 Starter depends on whack/stroke on Android. 
With this change whack and stroke get installed automatically if starter is
enabled.
 2012-01-12 19:19:47 +01:00
Tobias Brunner
2e0b478a01 Android 4 requires LOCAL_MODULE_TAGS to be set for all modules. 
Because all packages are now marked as optional executables that are to
be installed on the final system have to be added to PRODUCT_PACKAGES in
build/target/product/core.mk.  Dependencies (such as libraries) are
installed automatically.
 2012-01-12 19:18:35 +01:00
Tobias Brunner
35a1986142 Fixed additional typos in comments and log messages. 2012-01-12 11:42:42 +01:00
Adrian-Ken Rueegsegger
d887b8e134 Fix whitespaces 2012-01-12 11:25:18 +01:00
Adrian-Ken Rueegsegger
2a375e62f3 Some documentation corrections 2012-01-12 11:25:12 +01:00
Tobias Brunner
17e3a92661 Fix gettid() on Android, which is defined in unistd.h there. 2012-01-12 11:08:22 +01:00
Tobias Brunner
66f16d9629 Use native gettid() if available (which is the case on Android). 2012-01-10 18:31:33 +01:00
Tobias Brunner
190cd8a475 pluto: Use srand() to initialize the C library PRNG. 
Otherwise rekey and DPD times would always be the same after a restart.
 2012-01-04 13:19:29 +01:00
Martin Willi
f8b2906929 Use the TLS socket splicing in tls_test script 2011-12-31 13:14:49 +01:00
Martin Willi
3a87c89b1b Added a tls_socket_t.splice method to wrap a file descriptor into TLS 2011-12-31 13:14:49 +01:00
Martin Willi
6a5c86b7ad Implemented TLS session resumption both as client and as server 2011-12-31 13:14:49 +01:00
Martin Willi
ca5767621b Implemented a TLS session cache 2011-12-31 13:14:49 +01:00
Martin Willi
703c0db894 Check for cipherspec changes after each handshake message 2011-12-31 13:14:49 +01:00
Martin Willi
4caa380625 Separated cipherspec checking and switching, allowing us to defer the second 2011-12-31 13:14:49 +01:00
Tobias Brunner
7c0c2349a9 Make number of concurrently handled stroke messages configurable. 2011-12-29 18:41:39 +01:00
Tobias Brunner
8ff513a863 Limit the number of concurrently handled stroke messages. 
This avoids clogging the thread pool with potentially blocking jobs.
 2011-12-29 18:39:34 +01:00
Andreas Steffen
cb4da3f610 register aik certificate via ipsec attest 2011-12-25 14:31:26 +01:00
Martin Willi
84da59f609 Be less verbose about TLS extensions 2011-12-24 14:14:25 +01:00
Martin Willi
ed57dfca3f In TLS 1.2, PRF and HASH function use at least SHA-256, not the MAC hash function 2011-12-24 12:42:28 +01:00
Martin Willi
6b01216422 Added a getter for the tls_socket file descriptor 2011-12-24 12:42:25 +01:00
Tobias Brunner
e86b685da5 Allow callers to force ASN.1 date encoding as GENERALIZEDTIME. 2011-12-23 18:07:39 +01:00
Tobias Brunner
f4095fdc8a Avoid integer overflow when parsing ASN.1 dates. 
This only works properly if sizeof(time_t) > 4.
 2011-12-23 16:38:28 +01:00