Andreas Steffen
d2976167af
CERT_TRUSTED_PUBKEY stores notBefore, notAfter and subject information
2012-04-25 20:53:08 +02:00
Tobias Brunner
7d85bebc49
pluto: Fix for null-terminated XAuth secrets (as sent by Android 4).
2012-04-24 09:25:38 +02:00
Andreas Steffen
5ff8fe5d48
activated cmac plugin in UML test suites
2012-04-22 22:22:25 +02:00
Andreas Steffen
86e50bd614
isolate a TNC client if an error occurs
2012-04-22 20:24:59 +02:00
Andreas Steffen
6c97b16333
version bump to 4.6.3rc2
2012-04-22 17:41:20 +02:00
Andreas Steffen
3092bf1090
exit if TBOOT dummy measurements are not defined
2012-04-22 17:40:59 +02:00
Tobias Brunner
5895c2e948
Option added to set identifier for syslog(3) logging.
...
This identifier is added to each log message by syslog.
2012-04-20 09:26:12 +02:00
Tobias Brunner
7e84c4275c
Removed auth_cfg_t.replace_value() and replaced usages with add().
...
replace_value() was used to replace identities. Since for these the latest is
now returned by get(), adding the new identity with add() is sufficient.
2012-04-18 18:50:14 +02:00
Tobias Brunner
ebc1ffe451
Changed the order and semantics of rules we expect only once in auth_cfg_t.
...
These rules are now inserted at the front of the internal list, this
allows to retrieve the rule added last with get(). For other rules the
order in which they are added is maintained (this allows to properly
enumerate them).
2012-04-18 18:50:14 +02:00
Tobias Brunner
80067cf9e6
Store password with remote ID to tie it stronger to a specific connection.
2012-04-18 13:32:49 +02:00
Tobias Brunner
9f1b303afc
Added stroke user-creds command, to set username/password for a connection.
2012-04-17 14:20:58 +02:00
Tobias Brunner
7b00fdeb84
Added method to add additional shared secrets to stroke_cred_t.
2012-04-17 14:20:58 +02:00
Tobias Brunner
ff5cb888f6
Additional prompt keyword added to stroke.
2012-04-17 14:20:58 +02:00
Tobias Brunner
4c31657d2c
Typo fixed.
2012-04-17 14:20:58 +02:00
Martin Willi
1b7debcc04
Keep COOKIEs enabled once threshold is hit, until we see no COOKIEs for a few secs
...
Toggling COOKIEs on/off is problematic: After doing a COOKIE exchange as
initiator, we can't know if the completing IKE_SA_INIT message is to our first
request or the one with the COOKIE. If the responder just enabled/disabled
COOKIEs and packets get retransmitted, both might be true. Avoiding COOKIE
behavior toggling improves the situation, but does not solve the problem during
the initial COOKIE activation.
2012-04-17 10:02:21 +02:00
Martin Willi
d0d600e1ef
Added a note about DH/keymat lifecycle for custom implementations
2012-04-17 10:02:21 +02:00
Martin Willi
a59a03670b
Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE
2012-04-17 10:02:21 +02:00
Martin Willi
4837d2a981
Fix iteration through half-open IKE_SA table
2012-04-16 16:47:17 +02:00
Tobias Brunner
7fd6c078b6
Use IP address as ID as responder if not configured or no IDr received.
2012-04-16 14:09:51 +02:00
Tobias Brunner
b241a37411
Fall back on IP address as IDi if none is configured at all.
2012-04-16 13:44:27 +02:00
Tobias Brunner
b447af658c
Use auth_cfg_t.replace_value where appropriate.
2012-04-16 13:44:27 +02:00
Tobias Brunner
68cca941cf
Added a simple method to replace the value of a rule in auth_cfg_t.
2012-04-16 13:44:27 +02:00
Tobias Brunner
4b32bde48e
Fixed IDi in case neither left nor leftid is configured.
2012-04-16 13:44:27 +02:00
Andreas Steffen
7b910ce274
fixed parsing of port ranges in Scanner IMV
2012-04-15 23:39:27 +02:00
Tobias Brunner
4e2e77d540
Typo fixed in NEWS.
2012-04-14 08:41:32 +02:00
Martin Willi
10f24e6599
Don't invoke child_updown hook twice as responder
2012-04-11 17:45:12 +02:00
Martin Willi
4ef867f578
Accept zero-length certificate request payloads
2012-04-11 17:22:23 +02:00
Tobias Brunner
ae9ce83511
Properly initialize src in ike_sa_t.is_any_path_valid().
2012-04-06 10:54:44 +02:00
Andreas Steffen
367e1e22b8
checksum need a libradius_init() symbol
2012-04-05 16:52:37 +02:00
Andreas Steffen
e90e106117
version bump to 4.6.3rc1
2012-04-05 09:11:47 +02:00
Andreas Steffen
4626e49ad9
remove leading zero in ASN.1 encoded serial numbers
2012-04-05 09:04:11 +02:00
Andreas Steffen
5ff99529e6
ASN.1 two's complement encoding prevents overflow in CRL serial number
2012-04-04 11:29:12 +02:00
Tobias Brunner
bad192069f
Make AES-CMAC actually usable for IKEv2.
2012-04-04 10:51:46 +02:00
Martin Willi
89a5881c63
Added another bunch of commonly used IKEv1 NATT vendor IDs
2012-04-04 10:32:15 +02:00
Andreas Steffen
4670661d6d
represent 0 as a single byte
2012-04-03 14:19:37 +02:00
Andreas Steffen
320fd5fe62
moved chunk_skip_zero to chunk.h
2012-04-03 14:12:50 +02:00
Andreas Steffen
4e5b7e09ee
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:49:05 +02:00
Andreas Steffen
5893d1b156
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:48:48 +02:00
Andreas Steffen
f54c4ed8d6
added GSPM IKEv2 payload
2012-04-03 12:21:39 +02:00
Andreas Steffen
d1391b8fdb
fixed typo
2012-04-03 12:07:13 +02:00
Tobias Brunner
37d43ebbde
Doxygen fixes.
2012-04-03 10:56:47 +02:00
Tobias Brunner
d7590217c3
Added NEWS about cmac plugin.
2012-04-03 10:48:03 +02:00
Tobias Brunner
811e7490f6
Added test vectors for AES-CMAC.
2012-04-03 10:45:09 +02:00
Tobias Brunner
c0d39c205c
Implemented AES-CMAC based PRF and signer.
...
The cmac plugin implements AES-CMAC as defined in RFC 4493 and the
signer and PRF based on it as defined in RFC 4494 and RFC 4615,
respectively.
2012-04-03 10:40:47 +02:00
Tobias Brunner
9a6b1cb412
Fixed GNU license header in hmac and xcbc plugins.
2012-04-03 10:33:59 +02:00
Martin Willi
4bc7577db2
More detailed NEWS about RADIUS extensions
2012-04-02 13:58:21 +02:00
Andreas Steffen
0293f09597
updated supported EAP methods
2012-03-30 11:15:10 +02:00
Tobias Brunner
ef511fc03d
Add support for dnQualifier in DNs.
2012-03-29 10:01:55 +02:00
Andreas Steffen
e464894e8b
remove leading zeros in ASN.1 encoded serial numbers
2012-03-27 15:05:36 +02:00
Tobias Brunner
a281494abd
Added NEWS about resolvconf support.
2012-03-27 10:44:21 +02:00
