Activity
From 04.08.2010 to 02.09.2010
Today
- 13:07 Revision dbb7c030: Support different hash/sig algorithms in handshake signing, including ECDSA
- Support different hash/sig algorithms in handshake signing, including ECDSA
- 13:07 Revision ea6d7cb4: Fixed typos in tls_writer method descriptions
- Fixed typos in tls_writer method descriptions
- 13:07 Revision 99dcaea9: Added TLS ClientCertificateType identifiers
- Added TLS ClientCertificateType identifiers
- 13:07 Revision 9dd2ca92: Added TLS specific Hash and Signature Algorithm identifiers
- Added TLS specific Hash and Signature Algorithm identifiers
- 13:07 Revision bbdc85b6: Respect key types in stroke key/certificate backend
- Respect key types in stroke key/certificate backend
- 10:49 Revision 0ac49c32: Added an enumerator for registered credential builders
- Added an enumerator for registered credential builders
- 10:49 Revision b0191365: Migrated credential_factory to INIT/METHOD macros
- Migrated credential_factory to INIT/METHOD macros
01.09.2010
- 22:22 Revision 4171cbd6: adapted evaltest.dat to new RULE_OCSP_VALIDATION
- adapted evaltest.dat to new RULE_OCSP_VALIDATION
- 14:30 Revision 54cba785: cosmetics in debug output
- cosmetics in debug output
- 00:16 Revision 873604dd: defined aaa_identity
- defined aaa_identity
- 00:11 Revision 3a019080: increase number of message due to large certificate payloads
- increase number of message due to large certificate payloads
31.08.2010
- 23:22 Revision 5fb1311b: clarified debug output
- clarified debug output
- 21:42 Revision c3024a08: fixed typo
- fixed typo
- 18:10 Revision 93709d10: Do not process any more TLS handshake messages on fatal alerts
- Do not process any more TLS handshake messages on fatal alerts
- 18:10 Revision 36eafea2: Use the AAA Identity for EAP authentication, if given
- Use the AAA Identity for EAP authentication, if given
- 18:10 Revision 33b1a256: Load a left/rightcert2 for EAP-TLS even if no left/rightauth2 is defined
- Load a left/rightcert2 for EAP-TLS even if no left/rightauth2 is defined
- 18:10 Revision c8114799: Strictly check if the server certificate matches the TLS server identity
- Strictly check if the server certificate matches the TLS server identity
- 17:52 Revision 64d7b073: Added support for the ipsec.conf aaa_identity keyword
- Added support for the ipsec.conf aaa_identity keyword
- 17:26 Revision 81137552: Added an AAA identity authentication config option
- Added an AAA identity authentication config option
- 16:17 Revision f9fc5f20: Added strongswan.conf options for EAP-TLS/TTLS fragment size
- Added strongswan.conf options for EAP-TLS/TTLS fragment size
- 16:17 Revision be751012: Migrated EAP-TLS to the generic TLS helper
- Migrated EAP-TLS to the generic TLS helper
- 16:17 Revision 743f9406: Support processing of partial TLS record headers
- Support processing of partial TLS record headers
- 16:17 Revision 1cf8c5f7: Migrated EAP-TTLS to the generic TLS helper
- Migrated EAP-TTLS to the generic TLS helper
- 16:16 Revision 877c910f: Implemented a generic TLS EAP helper to implement EAP-TLS, TTLS and other vari...
- Implemented a generic TLS EAP helper to implement EAP-TLS, TTLS and other variants
- 15:54 Revision ecd98efa: Support output fragmentation of TLS records
- Support output fragmentation of TLS records
- 15:35 Revision fd0bde9a: Added a TLS debug level option, use debugging hook
- Added a TLS debug level option, use debugging hook
- 15:35 Revision ce1af739: Implemented buffering of partial records in TLS stack
- Implemented buffering of partial records in TLS stack
- 15:35 Revision d169aab3: Log TLS handshake subtypes as handshakes
- Log TLS handshake subtypes as handshakes
- 15:35 Revision f13a03ad: Moved EAP type/code definitions to a seprate header file in libstrongswan
- Moved EAP type/code definitions to a seprate header file in libstrongswan
- 15:34 Revision 4332b5af: Do not strdup() zero length strings in identification_create_from_string()
- Do not strdup() zero length strings in identification_create_from_string()
- 14:46 Revision 64d24679: Corrected some URLs.
- Corrected some URLs.
30.08.2010
- 17:25 Revision 9b698a77: Enable the generation of unencrypted messages (e.g. ME connectivity checks).
- Enable the generation of unencrypted messages (e.g. ME connectivity checks).
- 16:22 Revision 68eb610d: fixed typos
- fixed typos
- 15:42 Revision 6ade82d5: fixed copy-and-paste errors
- fixed copy-and-paste errors
- 15:36 Revision 57789361: for the time being assume a single request/response exchange for a given EAP m...
- for the time being assume a single request/response exchange for a given EAP method
- 15:36 Revision d93e2e54: created an eap-tnc method hull
- created an eap-tnc method hull
- 14:54 Revision 2402dee1: Port floating patch partially reversed.
- Port floating patch partially reversed.
If MOBIKE is enabled, we do have to switch to port 4500 with the
IKE_AUTH re... - 13:42 Revision 277f02ce: Slightly refactored port floating.
- Slightly refactored port floating.
In case of MOBIKE, only float to port 4500 if the other peer actually supports MO... - 13:13 Revision be63a48c: defined EAP-TNC
- defined EAP-TNC
- 11:23 Revision 2291754d: Unwrap crlNumber INTEGER in openssl CRL parsing
- Unwrap crlNumber INTEGER in openssl CRL parsing
- 11:23 Revision 21f80e9d: Added crl support to pki --print
- Added crl support to pki --print
- 10:52 Revision a5f6c2a1: pluto: Fixed comparison of connections, if marks are specified.
- pluto: Fixed comparison of connections, if marks are specified.
- 10:52 Revision 17f13277: testing: Added ikev1 xfrm mark scenarios.
- testing: Added ikev1 xfrm mark scenarios.
- 10:52 Revision b74de94c: pluto: Make marks available in updown script.
- pluto: Make marks available in updown script.
- 10:52 Revision 7e0c9dfd: Do not install routes for pluto.
- Do not install routes for pluto.
There are some incompatibilities with e.g. passthrough policies.
Pluto installs req... - 10:52 Revision 575eceb4: pluto: Removed bare shunt table.
- pluto: Removed bare shunt table.
- 10:52 Revision ba8b6496: pluto: Return value fixed.
- pluto: Return value fixed.
- 10:52 Revision 971a74bc: pluto: Added PLUTO_UDP_ENC argument to updown script.
- pluto: Added PLUTO_UDP_ENC argument to updown script.
This contains the remote UDP port in case of UDP encapsulated ... - 10:52 Revision df88385a: starter: Some whitespace cleanup.
- starter: Some whitespace cleanup.
- 10:52 Revision 26195255: pluto: Store xfrm marks on connection and use them when installing SAs and pol...
- pluto: Store xfrm marks on connection and use them when installing SAs and policies.
- 10:52 Revision ff0735db: pluto: Removed references to KLIPS from documentation, log messages and comments.
- pluto: Removed references to KLIPS from documentation, log messages and comments.
- 10:52 Revision 131a9667: pluto: Handle changed NAT mappings via libhydra's kernel interface.
- pluto: Handle changed NAT mappings via libhydra's kernel interface.
- 10:52 Revision aa047fbf: pluto: Removed no_klips flag (--noklips option).
- pluto: Removed no_klips flag (--noklips option).
- 10:52 Revision d2a3ebf0: pluto: Refactored PF_KEY capabilities registration.
- pluto: Refactored PF_KEY capabilities registration.
Although we use the kernel interface from libhydra we still need... - 10:52 Revision fbd09690: pluto: Completely removed struct kernel_ops.
- pluto: Completely removed struct kernel_ops.
- 10:52 Revision a48e3a3c: pluto: Removed unneeded kernel abstractions.
- pluto: Removed unneeded kernel abstractions.
- 10:52 Revision 709624f5: pluto: Removed the KLIPS preprocessor flag.
- pluto: Removed the KLIPS preprocessor flag.
- 10:52 Revision 8ed3109e: pluto: Replaced DBG_KLIPS with DBG_KERNEL.
- pluto: Replaced DBG_KLIPS with DBG_KERNEL.
- 10:52 Revision 8e25105d: pluto: Added --debug-kernel as alias for --debug-klips.
- pluto: Added --debug-kernel as alias for --debug-klips.
- 10:52 Revision 154bbfc4: pluto: Removed unneeded functions from PF_KEY interface.
- pluto: Removed unneeded functions from PF_KEY interface.
We still use the algorithm registration. - 10:52 Revision 73e73484: Scheduler and processor have been moved to libstrongswan.
- Scheduler and processor have been moved to libstrongswan.
Also reverts 0c21dc000d3cd5c82eb22c4481e6459978456364 as t... - 10:52 Revision 0fdcc190: pluto: Completely removed orphaned_holds.
- pluto: Completely removed orphaned_holds.
- 10:52 Revision b8d78154: testing: Force the UML Kernel to x86.
- testing: Force the UML Kernel to x86.
- 10:52 Revision c958a319: testing: Build strongSwan a bit faster using make -j.
- testing: Build strongSwan a bit faster using make -j.
- 10:52 Revision 459156d2: testing: Only sleep after a host has actually been started.
- testing: Only sleep after a host has actually been started.
- 10:52 Revision b79efeb4: testing: Print output of 'make oldconfig' to STDOUT, besides logging it.
- testing: Print output of 'make oldconfig' to STDOUT, besides logging it.
- 10:52 Revision 1c948634: pluto: Fixed byte-order of ports in traffic selectors.
- pluto: Fixed byte-order of ports in traffic selectors.
- 10:52 Revision c2f9d461: pluto: Install IN policy of a shunt eroute with protocol.
- pluto: Install IN policy of a shunt eroute with protocol.
- 10:52 Revision 9b35c568: Fixing installation of trap policies (SPI=0) in kernel interface.
- Fixing installation of trap policies (SPI=0) in kernel interface.
- 10:52 Revision 88358959: testing: Added missing host alice to test.conf.
- testing: Added missing host alice to test.conf.
- 10:52 Revision 5b920d20: testing: Adding kernel-netlink to pluto.load statements.
- testing: Adding kernel-netlink to pluto.load statements.
- 10:52 Revision 1c6f060f: pluto: Fixed the reqid that is passed to the updown script.
- pluto: Fixed the reqid that is passed to the updown script.
- 10:52 Revision 6d2b873f: pluto: Added a generic event queue.
- pluto: Added a generic event queue.
This allows to easily execute arbitrary callbacks in the context of the pluto
ma... - 10:52 Revision b9ac6733: pluto: Do not close all file descriptors on startup, just redirect stdin, stdo...
- pluto: Do not close all file descriptors on startup, just redirect stdin, stdout and stderr to /dev/null.
Otherwise ... - 10:52 Revision 0b9ae784: Charon specific strongswan.conf options generalized.
- Charon specific strongswan.conf options generalized.
- 10:52 Revision a0bf6867: Adapted child_sa_t to changed kernel interface.
- Adapted child_sa_t to changed kernel interface.
- 10:52 Revision 15726526: pluto: Adapted kernel.c to changed kernel interface.
- pluto: Adapted kernel.c to changed kernel interface.
- 10:52 Revision c493e4f9: pluto: Listen for kernel events via libhydra's kernel interface.
- pluto: Listen for kernel events via libhydra's kernel interface.
- 10:52 Revision 73c22629: pluto: Migrated setup_half_ipsec_sa to libhydra's kernel interface.
- pluto: Migrated setup_half_ipsec_sa to libhydra's kernel interface.
- 10:52 Revision ec68ce88: pluto: Added missing return_on in out_sa.
- pluto: Added missing return_on in out_sa.
- 10:52 Revision 505c983e: pluto: Removed unneeded get_proto_reqid.
- pluto: Removed unneeded get_proto_reqid.
We will use the same reqid for all protocols, as in charon. - 10:52 Revision f97fd7cc: pluto: Functions to convert IKEv1 ESP algos to IKEv2 identifiers added.
- pluto: Functions to convert IKEv1 ESP algos to IKEv2 identifiers added.
- 10:52 Revision a3159f6f: pluto: Migrated update_ipsec_sa to libhydra's kernel interface.
- pluto: Migrated update_ipsec_sa to libhydra's kernel interface.
- 10:52 Revision 0ba5bb1e: pluto: Added a function to create a traffic_selector_t from an ip_subnet.
- pluto: Added a function to create a traffic_selector_t from an ip_subnet.
- 10:52 Revision 4fee90d6: pluto: Migrated raw_eroute to libhydra's kernel interface.
- pluto: Migrated raw_eroute to libhydra's kernel interface.
This introduces a new struct to pass the protocol informa... - 10:52 Revision 1e543115: pluto: Adapted sag_eroute to the new signature of eroute_connection.
- pluto: Adapted sag_eroute to the new signature of eroute_connection.
- 10:52 Revision 5a30f515: pluto: Migrated teardown_half_ipsec_sa to libhydra's kernel interface.
- pluto: Migrated teardown_half_ipsec_sa to libhydra's kernel interface.
- 10:52 Revision fc9eff87: pluto: Migrated get_sa_info to libhydra's kernel interface.
- pluto: Migrated get_sa_info to libhydra's kernel interface.
- 10:52 Revision c99ae76a: pluto: Removed KLIPS specific code from was_eroute_idle.
- pluto: Removed KLIPS specific code from was_eroute_idle.
- 10:52 Revision 61ba420c: pluto: Use time_monotonic() instead of time() for use time calculation.
- pluto: Use time_monotonic() instead of time() for use time calculation.
That's because get_sa_info now returns a mon... - 10:52 Revision 7b43e22e: pluto: Removed KLIPS specific algorithm detection.
- pluto: Removed KLIPS specific algorithm detection.
- 10:52 Revision 71a4457a: pluto: Refactored IKEv2/IKEv1 crypto algorithm conversion functions.
- pluto: Refactored IKEv2/IKEv1 crypto algorithm conversion functions.
- 10:52 Revision 2f2eae03: Do not overwrite the original mode when installing policies.
- Do not overwrite the original mode when installing policies.
The mode is later used to decide if a route has to be i... - 10:52 Revision 3714670a: Replaced the protocol argument in add_policy with an optional SPI for an AH SA.
- Replaced the protocol argument in add_policy with an optional SPI for an AH SA.
- 10:52 Revision 490f0d11: Added support for combined IPComp/ESP/AH policies in kernel_netlink plugin.
- Added support for combined IPComp/ESP/AH policies in kernel_netlink plugin.
- 10:52 Revision 5f32ed13: pluto: Migrated get_ipsec_spi to libhydra's kernel interface.
- pluto: Migrated get_ipsec_spi to libhydra's kernel interface.
- 10:52 Revision 4c50a8a9: pluto: Migrated get_my_cpi to libhydra's kernel interface.
- pluto: Migrated get_my_cpi to libhydra's kernel interface.
- 10:52 Revision 80492291: pluto: Removed KLIPS specific bare shunt scanning.
- pluto: Removed KLIPS specific bare shunt scanning.
- 10:52 Revision e2a6b517: Added support for different policy types in kernel_netlink plugin.
- Added support for different policy types in kernel_netlink plugin.
- 10:52 Revision 9938fc12: Added an option to specify the type of a policy to kernel_ipsec.add_policy.
- Added an option to specify the type of a policy to kernel_ipsec.add_policy.
This will later allow us to support plut... - 10:52 Revision ce43ad54: Moved all kernel plugins to libhydra.
- Moved all kernel plugins to libhydra.
- 10:52 Revision f51d58d1: Initialize the thread pool in pluto.
- Initialize the thread pool in pluto.
- 10:52 Revision d1ba2275: Refer to scheduler and processor via lib and not hydra.
- Refer to scheduler and processor via lib and not hydra.
- 10:52 Revision 3bc43d23: Removed references to protocol_id_t from kernel interface.
- Removed references to protocol_id_t from kernel interface.
Instead we use the actual IP protocol identifier (the con... - 10:52 Revision 469ac537: Moved kernel interface to libhydra.
- Moved kernel interface to libhydra.
- 10:52 Revision 41634e5c: Refer to kernel interface via hydra and not charon.
- Refer to kernel interface via hydra and not charon.
- 10:52 Revision dd45d8af: Moved ipsec_transform_t to kernel_ipsec.h in libhydra.
- Moved ipsec_transform_t to kernel_ipsec.h in libhydra.
Because of this libfreeswan, pluto, starter etc. now depend o... - 10:52 Revision b3d1440a: Moved scheduler and thread pool to libstrongswan.
- Moved scheduler and thread pool to libstrongswan.
- 10:52 Revision 9725fdd0: Moved update SA job creation to kernel event handler.
- Moved update SA job creation to kernel event handler.
- 10:52 Revision 102ec246: Moved roam job creation to kernel event handler.
- Moved roam job creation to kernel event handler.
- 10:52 Revision fbf3f30b: Migrated child_sa_t to INIT/METHOD macros.
- Migrated child_sa_t to INIT/METHOD macros.
- 10:52 Revision 1518571f: Refer to scheduler via hydra and not charon.
- Refer to scheduler via hydra and not charon.
- 10:52 Revision 7b55d1ac: Moved migrate job creation to kernel event handler.
- Moved migrate job creation to kernel event handler.
- 10:52 Revision 3c7f01ce: Moved scheduler_t to libhydra.
- Moved scheduler_t to libhydra.
- 10:52 Revision 9a7c96bb: Added listener handling to kernel interface.
- Added listener handling to kernel interface.
- 10:52 Revision 590be1bf: Moved acquire job creation to kernel event handler.
- Moved acquire job creation to kernel event handler.
- 10:52 Revision bf6ca505: Moved delete/rekey CHILD_SA job creation to kernel event handler.
- Moved delete/rekey CHILD_SA job creation to kernel event handler.
- 10:52 Revision e95e0f6b: All kernel listener hooks are optional.
- All kernel listener hooks are optional.
- 10:52 Revision d1317991: Do not include files from libcharon in libhydra.
- Do not include files from libcharon in libhydra.
- 10:52 Revision 1e157b78: Some whitespace and code style fixes.
- Some whitespace and code style fixes.
- 10:52 Revision ecf395c3: Some minor comment fixes.
- Some minor comment fixes.
- 10:52 Revision 6cfc1aca: Added an interface for kernel event listeners.
- Added an interface for kernel event listeners.
- 10:52 Revision 1f2b8e67: Added kernel event handler stub.
- Added kernel event handler stub.
- 10:52 Revision 68f888cd: Move callback_job_t to libhydra.
- Move callback_job_t to libhydra.
- 10:52 Revision b2c1765a: Fixing Doxygen groups after moving processor.
- Fixing Doxygen groups after moving processor.
- 10:52 Revision 093fd931: Refer to processor via hydra and not charon.
- Refer to processor via hydra and not charon.
- 10:52 Revision 739b6dae: Move processor_t (thread-pool) to libhydra.
- Move processor_t (thread-pool) to libhydra.
- 10:49 Revision 0433b417: Typo in doxygen comment fixed.
- Typo in doxygen comment fixed.
- 10:48 Revision fde2d34d: Fixed ME after introduction of AEAD wrapper.
- Fixed ME after introduction of AEAD wrapper.
- 10:14 Revision 45684ee6: Fixed pluto smartcard support after introducing encryption schemes
- Fixed pluto smartcard support after introducing encryption schemes
29.08.2010
- 21:52 Revision 1bc8690f: replaced ikev2/esp-alg-aes-ctr by ikev2/alg-aes-ctr
- replaced ikev2/esp-alg-aes-ctr by ikev2/alg-aes-ctr
- 21:11 Revision 6297dc39: added ctr ccm and gcm plugins to ikev2/rw-cert scenario
- added ctr ccm and gcm plugins to ikev2/rw-cert scenario
- 21:09 Revision 8eb74fac: added ctr ccm and gcm plugins to openssl-ikev2/rw-cert scenario
- added ctr ccm and gcm plugins to openssl-ikev2/rw-cert scenario
- 20:50 Revision 6aa82ec2: added ctr ccm and gcm plugins to gcrypt-ikev2/rw-cert scenario
- added ctr ccm and gcm plugins to gcrypt-ikev2/rw-cert scenario
- 20:39 Revision 4f2a0bd8: replaced ikev2/esp-alg-aes-gcm by ikev2/alg-aes-gcm
- replaced ikev2/esp-alg-aes-gcm by ikev2/alg-aes-gcm
- 20:24 Revision 8318d884: replaced ikev2/esp-alg-aes-ccm by ikev2/alg-aes-ccm
- replaced ikev2/esp-alg-aes-ccm by ikev2/alg-aes-ccm
27.08.2010
- 16:30 Revision 897c7a72: Win7 might send up to 7k of certificate requests
- Win7 might send up to 7k of certificate requests
26.08.2010
- 10:25 Revision cb7a0cef: Fixed documentation of XAUTH in ipsec.secrets.
- Fixed documentation of XAUTH in ipsec.secrets.
25.08.2010
- 18:30 Revision 2bf0e74c: Prefer AES/Camellia suites over 3DES/NULL encryption
- Prefer AES/Camellia suites over 3DES/NULL encryption
- 18:24 Revision a596006e: Send TLS alerts for errors in TLS handshake building
- Send TLS alerts for errors in TLS handshake building
- 18:04 Revision ee88ddd6: Refactored fragment building, use correct TLS content type for non-first fragm...
- Refactored fragment building, use correct TLS content type for non-first fragments
- 17:04 Revision dfde6570: Update delete_payload length when adding SPIs
- Update delete_payload length when adding SPIs
- 17:03 Revision 52997195: Migrated delete_payload to INIT/METHOD macros, replaced iterator
- Migrated delete_payload to INIT/METHOD macros, replaced iterator
- 15:29 Revision e5c6ebb6: Use different return values in payload decryption to distinguish between integ...
- Use different return values in payload decryption to distinguish between integrity and syntax errors
- 12:57 Revision f1a74a3c: Implemented a TLS utility to test on any TLS secured TCP connection
- Implemented a TLS utility to test on any TLS secured TCP connection
- 12:52 Revision 17102f7b: Added a simple high level TLS wrapper for sockets
- Added a simple high level TLS wrapper for sockets
- 12:43 Revision bd23b908: Initialize output chunk before appending data to it
- Initialize output chunk before appending data to it
- 10:28 Revision 3dd06bd4: Added private key support to in-memory credential set
- Added private key support to in-memory credential set
- 10:28 Revision 72c6335d: Added certificate support to in-memory credential set
- Added certificate support to in-memory credential set
- 10:16 Revision e54e86cb: Check if colliding rekey actually created an IKE_INIT
- Check if colliding rekey actually created an IKE_INIT
In some cases (especially if a child is half-open) the collidi... - 09:55 Revision 8427c786: Added a ike_name logger option to prefix the IKE_SA name on each line
- Added a ike_name logger option to prefix the IKE_SA name on each line
24.08.2010
- 19:19 Revision d9b85e28: removed tls_record_t definition
- removed tls_record_t definition
- 11:34 Revision 69e8bb2e: Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.reques...
- Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
- 10:30 Revision a2c12359: Skip the close notify if application layer completes successfully
- Skip the close notify if application layer completes successfully
- 10:12 Revision 421a529f: added ikev2/rw-eap-tls-fragments scenario
- added ikev2/rw-eap-tls-fragments scenario
- 10:09 Revision 234aa8ee: use correct network diagram
- use correct network diagram
- 09:02 Revision c1a929da: removed some redundant debug output
- removed some redundant debug output
- 09:02 Revision 79a5e391: support fragmentation in AVPs
- support fragmentation in AVPs
- 08:45 Revision f55f9c4e: Client sends empty EAP-TTLS packet on fatal alerts to properly shut down TLS
- Client sends empty EAP-TTLS packet on fatal alerts to properly shut down TLS
- 08:45 Revision bda7d9d9: Added generic TLS purposes
- Added generic TLS purposes
- 08:45 Revision c5142f11: Check if the application layer has completed successfully
- Check if the application layer has completed successfully
- 08:45 Revision 14758000: Moved TLS record parsing/generation to tls.c
- Moved TLS record parsing/generation to tls.c
23.08.2010
- 17:51 Revision 47765000: added debug-tls comand line option
- added debug-tls comand line option
- 15:13 Revision c310881a: Added a TLS purpose for EAP-TTLS with client authentication
- Added a TLS purpose for EAP-TTLS with client authentication
- 15:13 Revision 5ff8c627: EAP-TLS clients send an empty packet on failure to properly shut down a TLS se...
- EAP-TLS clients send an empty packet on failure to properly shut down a TLS session
- 15:13 Revision e6f3ef13: Implemented TLS Alert handling
- Implemented TLS Alert handling
- 12:01 Revision 908e7522: Rebuild library.lo after changing ./configure options
- Rebuild library.lo after changing ./configure options
- 12:01 Revision e0fcf43c: Build a trustchain even if no trust anchor is given
- Build a trustchain even if no trust anchor is given
- 11:30 Revision c49475da: Accept encryption payloads with no wrapped payloads
- Accept encryption payloads with no wrapped payloads
- 10:10 Revision 4f60466a: Fall back to shifting with 32-bit words if 64-bit byte order conversion functi...
- Fall back to shifting with 32-bit words if 64-bit byte order conversion function missing
- 09:47 Revision 835ec23a: Use enum mappings to resolve debug group
- Use enum mappings to resolve debug group
- 09:47 Revision 3c19b346: Introducing a dedicated debug message group for libtls
- Introducing a dedicated debug message group for libtls
- 09:47 Revision f154e304: Verify negotiated TLS version
- Verify negotiated TLS version
- 09:47 Revision f9efac2b: Implemented generic enum name to enum value mapping
- Implemented generic enum name to enum value mapping
- 09:45 Revision 0bcef5fe: Streamlined TLS debugging output
- Streamlined TLS debugging output
21.08.2010
- 12:52 Revision 56a1167b: fixed build_cipher_suite_list()
- fixed build_cipher_suite_list()
20.08.2010
- 20:57 Bug #117: IKE traffic for IKEv2 tunnels traversing NAT is UDP-encapsulated
- Ah ha... thank you.
Yes, there were error messages installing the bypass policies. I've addressed those now, ... - 15:09 Revision 6291fbed: Fixed compiler warning
- Fixed compiler warning
- 15:09 Revision 96b2fbcc: Introducing simple purposes for the TLS stack, switches various options
- Introducing simple purposes for the TLS stack, switches various options
- 12:47 Revision 90668002: enable the ccm and gcm plugins in the UML scenarios
- enable the ccm and gcm plugins in the UML scenarios
- 12:11 Revision cb3f0c9b: Register missing SHA256 authenticator with no truncation, as used by TLS
- Register missing SHA256 authenticator with no truncation, as used by TLS
- 12:11 Revision a2bfc45b: Build TLS cipher suite list in a generic fashion
- Build TLS cipher suite list in a generic fashion
- 12:11 Revision 6e413d9c: Added more TLS cipher suites we already support
- Added more TLS cipher suites we already support
- 10:13 Bug #117: IKE traffic for IKEv2 tunnels traversing NAT is UDP-encapsulated
- > It appears that StrongSwan is incorrectly UDP-encapsulating IKE traffic.
To prevent encapsulation of IKE traffic...
19.08.2010
- 20:17 Bug #117 (New): IKE traffic for IKEv2 tunnels traversing NAT is UDP-encapsulated
- I am trying to use StrongSwan as one endpoint for IKEv2 tunnels that traverse a NAT. I have configured an IKEv2 ho...
- 19:28 Revision 2e64455e: Fixed crypter keymat derivation bug
- Fixed crypter keymat derivation bug
- 19:09 Revision 44582075: Added ctr, ccm, gcm plugin NEWS
- Added ctr, ccm, gcm plugin NEWS
- 19:08 Revision 23cf9677: Improve GCM performance by factor 2-3 by shifting full 32/64 bit words
- Improve GCM performance by factor 2-3 by shifting full 32/64 bit words
- 19:05 Revision 026355af: Added AES-GCM test vectors
- Added AES-GCM test vectors
- 19:05 Revision 1a649810: Implemented a gcm plugin providing GCM mode based on CBC crypters
- Implemented a gcm plugin providing GCM mode based on CBC crypters
- 19:05 Revision 37e52c3f: Added a crypto transform stress test for profiling
- Added a crypto transform stress test for profiling
- 19:05 Revision 80a93a13: Implemented a ccm plugin providing CCM mode based on CBC crypters
- Implemented a ccm plugin providing CCM mode based on CBC crypters
- 19:05 Revision 9d3e174a: Give a benchmark point for each operation to compare different transforms
- Give a benchmark point for each operation to compare different transforms
- 19:05 Revision f9277ac4: Added AES-CCM test vectors
- Added AES-CCM test vectors
- 19:05 Revision 7ba89ccd: Added helper macros to define portable bitfields with gcc
- Added helper macros to define portable bitfields with gcc
- 19:05 Revision 8ca9e255: Added support for AEAD test vectors to test-vectors plugin
- Added support for AEAD test vectors to test-vectors plugin
- 19:05 Revision 08a5a708: Include CCM/GCM algorithms in IKEv2 proposals, if supported
- Include CCM/GCM algorithms in IKEv2 proposals, if supported
- 19:02 Revision 9d49f79f: List registered AEAD algorithms in listalgs
- List registered AEAD algorithms in listalgs
- 19:02 Revision 3f6a2d33: Added proposal strings for Camellia CCM algorithm identifiers
- Added proposal strings for Camellia CCM algorithm identifiers
- 19:02 Revision 84eb3aa4: Implemented IKEv2 keymat derivation for AEAD algorithms
- Implemented IKEv2 keymat derivation for AEAD algorithms
- 19:02 Revision 77b55e8a: Added support for AEAD algorithms to crypto factory
- Added support for AEAD algorithms to crypto factory
- 19:02 Revision b5190712: Use AEAD wrapper for encryption payload encryption/decryption
- Use AEAD wrapper for encryption payload encryption/decryption
- 19:02 Revision e09a87d6: Added AEAD support to crypto tester
- Added AEAD support to crypto tester
- 19:02 Revision 7fc4b081: Make function to test if an encryption algorithm is an AEAD alg public
- Make function to test if an encryption algorithm is an AEAD alg public
- 12:35 Revision df8d0d87: Implemented an AEAD wrapper for traditional crypter/signer transforms
- Implemented an AEAD wrapper for traditional crypter/signer transforms
- 12:35 Revision 5555b900: Migrated keymat to INIT/METHOD macros
- Migrated keymat to INIT/METHOD macros
- 12:35 Revision 6c620d5e: Test append mode for signers verify_signature
- Test append mode for signers verify_signature
- 12:35 Revision 7c9d8e14: Migrated message_t to INIT/METHOD macros
- Migrated message_t to INIT/METHOD macros
- 12:35 Revision 0cca7427: Migrated encryption_payload to INIT/METHOD macros
- Migrated encryption_payload to INIT/METHOD macros
- 12:35 Revision 92a4540a: Migrated generator_t to INIT/METHOD macros
- Migrated generator_t to INIT/METHOD macros
- 07:27 Revision fd86fb51: removed debug output for TLS application data
- removed debug output for TLS application data
18.08.2010
- 23:21 Revision 1894622d: added EAP-TTLS debug output
- added EAP-TTLS debug output
- 22:52 Revision 5ae4292c: added TLS record debug output
- added TLS record debug output
- 22:07 Revision ee346b54: add TLS handshake packet size to debug output
- add TLS handshake packet size to debug output
- 12:15 Revision ba31fe1f: Use a seperate section for each nested struct member in INIT macro
- Use a seperate section for each nested struct member in INIT macro
17.08.2010
- 20:09 Revision 53115857: some simplifications using the INIT macro
- some simplifications using the INIT macro
16.08.2010
- 23:26 Bug #116 (New): pluto dies after reading a certificate from a smartcard (Aladdin eToken)
- After reading a certificate from a smartcard, pluto dies with a segmentation fault in connection.c:874, function load...
- 19:29 Revision f9a2d4bf: describe EAP-TTLS phase2 start options using the phase2_piggyback parameter
- describe EAP-TTLS phase2 start options using the phase2_piggyback parameter
- 18:32 Revision cf95e162: added ikev2/rw-eap-ttls-phase2-piggyback scenario
- added ikev2/rw-eap-ttls-phase2-piggyback scenario
- 18:30 Revision f2b9b972: changed ikev2/rw-eap-ttls-only description
- changed ikev2/rw-eap-ttls-only description
- 18:30 Revision 9ba53310: implemented server-initiated phase2 of EAP-TTLS authentication
- implemented server-initiated phase2 of EAP-TTLS authentication
- 17:06 Revision 1b0eff58: Implemented algorithm benchmarking during registration
- Implemented algorithm benchmarking during registration
- 17:06 Revision a369a5ec: Do not free registered algorithms, plugins are responsible for unregistering
- Do not free registered algorithms, plugins are responsible for unregistering
- 17:06 Revision 806ec8b1: Properly handle zero length in chunk_alloc[a]/chunk_clone[a]
- Properly handle zero length in chunk_alloc[a]/chunk_clone[a]
- 17:06 Revision aed2bf0b: Migrated crypto_tester to INIT/METHOD macros
- Migrated crypto_tester to INIT/METHOD macros
- 17:06 Revision e8bf9d6e: Migrated crypto_factory to INIT/METHOD macros
- Migrated crypto_factory to INIT/METHOD macros
- 17:06 Revision e2c3b482: Variable key length crypters use default key length if zero given
- Variable key length crypters use default key length if zero given
- 16:44 Revision 79f2102c: implemented server side support for EAP-TTLS
- implemented server side support for EAP-TTLS
- 16:44 Revision 06a20748: fixed typo in eap-mschapv2 plugin
- fixed typo in eap-mschapv2 plugin
- 16:44 Revision d2be215a: added ikev2/rw-eap-ttls-only scenario
- added ikev2/rw-eap-ttls-only scenario
- 09:20 Revision 714d0bfd: Only include certificates with CA flag in TLS cert request
- Only include certificates with CA flag in TLS cert request
15.08.2010
- 13:02 Revision b51ac45c: optional certificate-based peer authentication on TLS server side
- optional certificate-based peer authentication on TLS server side
- 12:49 Revision 758d7283: used default ipsec.secrets
- used default ipsec.secrets
- 11:13 Revision d662a7ff: included bad case in ikev2/rw-eap-ttls-radius scenario
- included bad case in ikev2/rw-eap-ttls-radius scenario
14.08.2010
- 21:41 Revision eb4c9c60: version bumps in testing.conf
- version bumps in testing.conf
- 21:40 Revision 4618430f: enable the eap-ttls and ctr plugins in the uml scenarios
- enable the eap-ttls and ctr plugins in the uml scenarios
- 20:05 Revision e8f971ee: added rw-eap-ttls-radius scenario
- added rw-eap-ttls-radius scenario
- 12:01 Revision 16d8b4b6: removed some raw EAP debug output
- removed some raw EAP debug output
- 01:14 Revision 004b226b: use EAP plugin for tunneled client authentication
- use EAP plugin for tunneled client authentication
13.08.2010
- 22:45 Revision 6659c613: send tunneled EAP Identity response using eap-identity plugin
- send tunneled EAP Identity response using eap-identity plugin
- 22:41 Revision 486893ee: allow to send an EAP Identity response without matching request
- allow to send an EAP Identity response without matching request
- 21:21 Revision c4347aa8: do not dump tls application data any more
- do not dump tls application data any more
- 21:21 Revision 683a912e: implement AVP EAP message building and processing
- implement AVP EAP message building and processing
- 19:39 Revision 272f0e1a: Added a counter mode wrapper plugin operating on existing CBC crypters
- Added a counter mode wrapper plugin operating on existing CBC crypters
- 17:11 Revision c03b0d7e: Added support for Camellia cipher to xcbc
- Added support for Camellia cipher to xcbc
- 17:11 Revision c7776e0a: Support Camellia XCBC algorithms in proposal
- Support Camellia XCBC algorithms in proposal
- 17:11 Revision 00c7e9af: Migrated blowfish plugin to INIT/METHOD macros
- Migrated blowfish plugin to INIT/METHOD macros
- 17:11 Revision bfe4d08c: Report the symbol name of a failed test vector
- Report the symbol name of a failed test vector
- 17:11 Revision 619f9a4e: Migrated padlock plugin to INIT/METHOD macros
- Migrated padlock plugin to INIT/METHOD macros
- 17:11 Revision 1fff2afe: Migrated the aes plugin to INIT/METHOD macros
- Migrated the aes plugin to INIT/METHOD macros
- 17:11 Revision af403caf: Migrated des plugin to INIT/METHOD macros
- Migrated des plugin to INIT/METHOD macros
- 17:11 Revision 84135e77: Added Camellia-CTR test vectors
- Added Camellia-CTR test vectors
- 17:11 Revision 5ab7d9c2: Migrated hmac plugin to INIT/METHOD macros
- Migrated hmac plugin to INIT/METHOD macros
- 17:11 Revision 7156b951: Migrated xcbc plugin to INIT/METHOD macros
- Migrated xcbc plugin to INIT/METHOD macros
- 17:11 Revision f7c04c5b: Add dedicated getter for the IV size to the crypter_t interface
- Add dedicated getter for the IV size to the crypter_t interface
- 17:11 Revision 3102d866: Use IV length of a crypter instead of block size for IV calculations
- Use IV length of a crypter instead of block size for IV calculations
- 17:11 Revision 1ee98dbb: Added Camellia CTR mode proposal keywords
- Added Camellia CTR mode proposal keywords
- 17:11 Revision 3b77c27a: Added Camellia, AES-CTR to default IKE proposal, if supported
- Added Camellia, AES-CTR to default IKE proposal, if supported
- 17:11 Revision 42cbe87f: Implemented AES/Camellia counter mode in gcrypt
- Implemented AES/Camellia counter mode in gcrypt
- 17:11 Revision a57b63c9: Added Camellia XCBC test vectors
- Added Camellia XCBC test vectors
- 17:11 Revision 5a2dbd5c: Added private Camellia XCBC identifiers for PRFs and signers
- Added private Camellia XCBC identifiers for PRFs and signers
- 17:11 Revision bc4978c7: Added AES-CTR test vectors
- Added AES-CTR test vectors
- 16:57 Revision 71efe400: Migrated eap_identity plugin to INIT/METHOD macros
- Migrated eap_identity plugin to INIT/METHOD macros
- 16:33 Revision a5688970: Migrated eap_md5 plugin to INIT/METHOD macros
- Migrated eap_md5 plugin to INIT/METHOD macros
- 15:58 Revision 45c4021b: Migrated eap_authenticator to INIT/METHOD macros
- Migrated eap_authenticator to INIT/METHOD macros
- 15:32 Revision fe6ae23d: Migrated eap_manager to INIT/METHOD macros
- Migrated eap_manager to INIT/METHOD macros
- 15:07 Revision 87799b0c: moved eap_from_string() fomr libcharon to libstrongswan to make it available i...
- moved eap_from_string() fomr libcharon to libstrongswan to make it available in starter
- 12:24 Revision e643da58: fixed typo
- fixed typo
- 00:31 Revision 3a15a02a: set TLS record type before state change to STATE_FINISHED_SENT
- set TLS record type before state change to STATE_FINISHED_SENT
12.08.2010
- 23:58 Revision 4412ee86: recognize eap-ttls method
- recognize eap-ttls method
- 23:58 Revision 1327839d: added generic TLS application data handler and specific EAP-TTLS instantiation
- added generic TLS application data handler and specific EAP-TTLS instantiation
- 23:58 Revision b62e9a30: fixed sequence numbering and iv of TLS protection layer
- fixed sequence numbering and iv of TLS protection layer
- 16:07 Revision 123a84d3: Use an explicit plugin list instead of the unrealible "find" to build checksums
- Use an explicit plugin list instead of the unrealible "find" to build checksums
- 14:46 Revision 8f018151: Build dedicated plugin lists for each strongSwan component
- Build dedicated plugin lists for each strongSwan component
- 13:14 Revision 9e2c88b9: Use a m4 helper macro to build plugin lists
- Use a m4 helper macro to build plugin lists
11.08.2010
- 16:32 Revision 8bec0f51: Implemented Smartcard support in NetworkManager frontend
- Implemented Smartcard support in NetworkManager frontend
- 12:12 Revision 01e4f5f3: Implemented public key encryption/private key decryption in PKCS#11
- Implemented public key encryption/private key decryption in PKCS#11
- 10:52 Revision aea735ef: Discard a packet that exceeds the receive buffer
- Discard a packet that exceeds the receive buffer
- 10:48 Revision 10a2e09b: Added a strongswan.conf option to change socket receive buffer size
- Added a strongswan.conf option to change socket receive buffer size
- 10:12 Revision 4ec53e95: Double check that the OpenSSL RNG has been seeded, do so otherwise
- Double check that the OpenSSL RNG has been seeded, do so otherwise
- 09:53 Revision d775af9d: Implemented RSA en-/decryption in openssl plugin
- Implemented RSA en-/decryption in openssl plugin
10.08.2010
- 19:02 Revision 133accfc: differentiate between TLS messages and EAP-[T]TLS packets in the debug output
- differentiate between TLS messages and EAP-[T]TLS packets in the debug output
- 18:46 Revision 82f62a74: Added Microsoft OID for user principal name (UPN) subjectAltNames
- Added Microsoft OID for user principal name (UPN) subjectAltNames
- 18:46 Revision a0a8aaaf: Parse UPN subjectAltName in openssl plugin
- Parse UPN subjectAltName in openssl plugin
- 18:46 Revision 07d2b391: Parse important extendedKeyUsage flags in openssl plugin
- Parse important extendedKeyUsage flags in openssl plugin
- 18:46 Revision 772cba39: Parse UPN subjectAltNames in x509 plugin
- Parse UPN subjectAltNames in x509 plugin
- 18:46 Revision 876b61e1: Migrated gmp plugin to INIT/METHOD macros
- Migrated gmp plugin to INIT/METHOD macros
- 18:46 Revision 3547a9b8: Migrated agent plugin to INIT/METHOD macros
- Migrated agent plugin to INIT/METHOD macros
- 18:46 Revision 646babd3: Migraded gcrypt plugin to INIT/METHOD macros
- Migraded gcrypt plugin to INIT/METHOD macros
- 18:46 Revision 33ddaaab: Added support for different encryption schemes to private/public keys
- Added support for different encryption schemes to private/public keys
- 18:46 Revision a944d209: Use bits instead of bytes for a private/public key
- Use bits instead of bytes for a private/public key
- 18:46 Revision 3d711a68: Added a stroke command to export cached x509 certificates to the console
- Added a stroke command to export cached x509 certificates to the console
- 18:46 Revision 57202484: Migrated remaining classes in openssl plugin to INIT/METHOD macros
- Migrated remaining classes in openssl plugin to INIT/METHOD macros
- 13:00 Revision 6432669f: Added support for early and late calls to Vstr wrappers.
- Added support for early and late calls to Vstr wrappers.
That is, prevent a SIGSEGV if Vstr wrappers are called befo...
09.08.2010
- 14:54 Feature #23 (Closed): PKCS#11 based smartcard implementation
- 14:30 Revision 478eb660: Fixed settings lookup if the section/key contains dots, second try
- Fixed settings lookup if the section/key contains dots, second try
08.08.2010
- 19:14 Revision 3810afa9: log final TLS acknowledgement packet
- log final TLS acknowledgement packet
07.08.2010
- 11:26 Revision b4d30a42: support server authentication only for EAP-TTLS
- support server authentication only for EAP-TTLS
- 11:26 Revision a622c6d0: fixed typo
- fixed typo
- 11:26 Revision 26eb9b2d: added eap_ttls plugin configuration
- added eap_ttls plugin configuration
- 11:26 Revision ded59df4: added level 2 debug info on sent TLS packets
- added level 2 debug info on sent TLS packets
- 11:26 Revision a6444fcd: EAP-TLS and EAP-TTLS use different constant MSK PRF label
- EAP-TLS and EAP-TTLS use different constant MSK PRF label
- 11:26 Revision ab47a792: log EAP-TTLS version
- log EAP-TTLS version
06.08.2010
- 19:56 Revision fa9f1013: Properly initialize libstrongswan in _copyright.
- Properly initialize libstrongswan in _copyright.
This is required if libvstr is used. - 19:56 Revision 7c3dd613: Added missing Vstr wrappers for asprintf.
- Added missing Vstr wrappers for asprintf.
- 17:32 Revision 7c03d707: Create a PKCS#11 session public key if we don't find one
- Create a PKCS#11 session public key if we don't find one
- 17:02 Revision fed9407b: Implemented PKCS#11 RSA public key for keys found on a token
- Implemented PKCS#11 RSA public key for keys found on a token
- 17:02 Revision babed732: Export scheme_to_mechanism conversion function
- Export scheme_to_mechanism conversion function
- 17:00 Revision a02784da: Load certificate after enumeration
- Load certificate after enumeration
- 11:47 Revision 30d8e8d0: fix error-type range in parsing of NOTIFY payloads
- fix error-type range in parsing of NOTIFY payloads
- 06:06 Revision fd8ad419: added TTLS to EAP short names, too
- added TTLS to EAP short names, too
05.08.2010
- 21:01 Revision f32e56bb: added EAP_TTLS method
- added EAP_TTLS method
- 19:28 Revision 6ac797ad: added ikev2/rw-eap-tls-radius
- added ikev2/rw-eap-tls-radius
- 13:58 Revision 37d2d7e1: Whitespace cleanups
- Whitespace cleanups
- 13:13 Revision e85bca7f: Use certificate subject to get a public key of the TLS server
- Use certificate subject to get a public key of the TLS server
- 12:47 Revision 6b717cc2: no need for strongSwan VID since the EAP_ONLY notification has been officially...
- no need for strongSwan VID since the EAP_ONLY notification has been officially registered with IANA
- 11:53 Revision edb82ab8: Some Doxygen fixes.
- Some Doxygen fixes.
- 09:51 Revision 7ea87db0: added some more TLS debug output
- added some more TLS debug output
- 01:26 Revision 7030e395: fixed type in cipher suite list build
- fixed type in cipher suite list build
- 01:21 Revision 4657b3a4: log selected TLS version and cipher suite
- log selected TLS version and cipher suite
04.08.2010
- 16:55 Revision 289c9ac3: log TLS handshake messages in debug level 2
- log TLS handshake messages in debug level 2
- 16:03 Revision 744b83c7: Fixed loading of secrets with IDs.
- Fixed loading of secrets with IDs.
Since the ID string is manually terminated by a null character, write
permission ... - 14:22 Revision dca2d892: Fixed loading of private keys without password.
- Fixed loading of private keys without password.
The chunk storing the password was not correctly initialized, result... - 12:58 Revision 83628fd6: Accept EAP_ONLY_AUTHENTICATION notifies from any client, now that IANA allocat...
- Accept EAP_ONLY_AUTHENTICATION notifies from any client, now that IANA allocated an ID.
- 12:44 Revision 8e7920ee: generated aaa certificate
- generated aaa certificate
- 10:06 Revision 12549bed: IKEv2 notification types updated.
- IKEv2 notification types updated.
- 09:49 Revision e82186fb: Reimplemented mem pool to support multiple leases for a single identity
- Reimplemented mem pool to support multiple leases for a single identity
- 09:26 Revision 6e4f4d2f: Save/Load state of PKCS#11 hasher
- Save/Load state of PKCS#11 hasher
- 09:26 Revision 83e52fd1: Register hmac/xcbc algorithms after potentially underlying PKCS#11
- Register hmac/xcbc algorithms after potentially underlying PKCS#11
- 09:26 Revision a3aeb892: Do initial slot enumeration manually
- Do initial slot enumeration manually
- 09:26 Revision 0f0fc891: Implemented hasher_t using PKCS#11
- Implemented hasher_t using PKCS#11
- 09:26 Revision 62be9236: Implemented a callback based credential set, currently for shared keys only
- Implemented a callback based credential set, currently for shared keys only
- 09:26 Revision 0749e91b: Implemented a generic in-memory credential set, currently for shared keys only
- Implemented a generic in-memory credential set, currently for shared keys only
- 09:26 Revision efab7313: Added PKCS#11 private key support to the pki tool
- Added PKCS#11 private key support to the pki tool
- 09:26 Revision 70789d28: Handle PIN: as a magic keyword for prompt, use getpass() to silently read cred...
- Handle PIN: as a magic keyword for prompt, use getpass() to silently read credentials
- 09:26 Revision 0556667d: Use credential sets to load smartcard keys
- Use credential sets to load smartcard keys
- 09:26 Revision 3429be95: Use a dedicated build part for challenge passwords, BUILD_PASSPHRASE gets obso...
- Use a dedicated build part for challenge passwords, BUILD_PASSPHRASE gets obsolete
- 09:26 Revision 947298b3: Splitted up the load_secrets() function
- Splitted up the load_secrets() function
- 09:26 Revision 199b1712: Do not try to log in if we already have a user session
- Do not try to log in if we already have a user session
- 09:26 Revision af007ed6: Support PKCS#11 keys requiring reauthentication for each operation
- Support PKCS#11 keys requiring reauthentication for each operation
- 09:26 Revision 0d08ebe7: Pass type of requested key in the callback credential set
- Pass type of requested key in the callback credential set
- 09:26 Revision 089d554a: The pki tool uses a callback credential set to read in passphrase/PIN
- The pki tool uses a callback credential set to read in passphrase/PIN
- 09:26 Revision 15177f57: Obseleted BUILD_PASSPHRASE(_CALLBACK) for private key loading, use credential ...
- Obseleted BUILD_PASSPHRASE(_CALLBACK) for private key loading, use credential sets
- 09:26 Revision 5a27bf8a: Provide a public PKCS#11 mechanism enumerator
- Provide a public PKCS#11 mechanism enumerator
- 09:26 Revision 65858b83: Destroy IKE_SA Managers crypto primitives during flush, the plugins are gone i...
- Destroy IKE_SA Managers crypto primitives during flush, the plugins are gone in destroy
- 09:26 Revision 66267ea5: Defer certificate loading until all PKCS#11 modules are loaded
- Defer certificate loading until all PKCS#11 modules are loaded
- 09:26 Revision 1e4e2907: Updated ipsec.secrets.5 regarding IKEv2 smartcard support
- Updated ipsec.secrets.5 regarding IKEv2 smartcard support
- 09:26 Revision 9587ece5: mmap() ipsec.secrets instead malloc(), proper error checking
- mmap() ipsec.secrets instead malloc(), proper error checking
- 09:26 Revision a6d2ec33: Implemented a credential set on top of a PKCS#11 token
- Implemented a credential set on top of a PKCS#11 token
- 09:26 Revision 66033012: Reenabled dlclose
- Reenabled dlclose
- 09:26 Revision d007ce32: Extended the PKCS#11 object enumerator by attribute retrieval
- Extended the PKCS#11 object enumerator by attribute retrieval
- 09:26 Revision 36c852a0: Added enumerator for PKCS#11 tokens
- Added enumerator for PKCS#11 tokens
- 09:26 Revision 3479c279: Support module names in %smartcard specifier, streamlined smartcard building
- Support module names in %smartcard specifier, streamlined smartcard building
- 09:26 Revision cd251d9a: Unload plugins in reverse order
- Unload plugins in reverse order
- 09:26 Revision 9baa41c5: Implemented a generic PKCS#11 object enumerator
- Implemented a generic PKCS#11 object enumerator
- 09:26 Revision ddbac660: Use the PKCS#11 object enumerator
- Use the PKCS#11 object enumerator
- 09:26 Revision 50a9e845: Added NSPR PR_CallOnce to leak detective whitelist
- Added NSPR PR_CallOnce to leak detective whitelist
- 09:26 Revision 5f1e4438: Implemented private key on top of a PKCS#11 token
- Implemented private key on top of a PKCS#11 token
- 09:26 Revision 353d10d5: Reuse generic passphrase build part, not a dedicated PIN part
- Reuse generic passphrase build part, not a dedicated PIN part
- 09:26 Revision 0b8b6640: Pass the PKCS11 keyid as chunk, not as string
- Pass the PKCS11 keyid as chunk, not as string
- 09:26 Revision 7afc00d0: Implemented keyid discovery on all modules/slots
- Implemented keyid discovery on all modules/slots
- 09:26 Revision a0bdd5d6: Implemented callback PIN invocation for PKCS#11 login
- Implemented callback PIN invocation for PKCS#11 login
- 09:26 Revision 57522106: %prompt support for smartcard PIN via "ipsec secrets"
- %prompt support for smartcard PIN via "ipsec secrets"
- 09:26 Revision 044e0dd1: Added buffer checking variants of syslog functions to leak detective
- Added buffer checking variants of syslog functions to leak detective
- 09:26 Revision fe876b24: Handle NOT_SUPPORT return value from WaitForSlot
- Handle NOT_SUPPORT return value from WaitForSlot
- 09:26 Revision e328ef4f: Load PKCS#11 modules defined in strongswan.conf
- Load PKCS#11 modules defined in strongswan.conf
- 09:26 Revision a6456dd6: Added enum names for PKCS#11 return values
- Added enum names for PKCS#11 return values
- 09:26 Revision 50e1a710: Use locking, prefer our mutex abstraction layer
- Use locking, prefer our mutex abstraction layer
- 09:26 Revision 2e209bec: Moved PKCS#11 library loading to dedicated manager
- Moved PKCS#11 library loading to dedicated manager
- 09:26 Revision 71151d3c: Added a getter for the library alias
- Added a getter for the library alias
- 09:26 Revision b3b0e57c: Make the PKCS#11 padding string trimming public, add null terminator
- Make the PKCS#11 padding string trimming public, add null terminator
- 09:26 Revision 75451ac8: Add enum names for CK_MECHANISM_TYPE constants
- Add enum names for CK_MECHANISM_TYPE constants
- 09:26 Revision 0c21dc00: Depend on libcharon until we have a thread pool to use
- Depend on libcharon until we have a thread pool to use
- 09:26 Revision 6522d6c5: Enumerate tokens and their mechanisms, wait for slot events
- Enumerate tokens and their mechanisms, wait for slot events
- 09:26 Revision fdd7e212: Added a token add/remove callback function to the manager
- Added a token add/remove callback function to the manager
- 09:26 Revision c281a427: Moved gmp plugin before users of it
- Moved gmp plugin before users of it
- 09:26 Revision 34454dc3: Implemented an abstraction layer for PKCS#11 module loading
- Implemented an abstraction layer for PKCS#11 module loading
- 09:26 Revision fb85d619: Imported the free pkcs11.h header form the Scute project
- Imported the free pkcs11.h header form the Scute project
- 09:26 Revision 6e862e21: Added PKCS#11 token plugin stub
- Added PKCS#11 token plugin stub
- 08:36 Revision f8bb082f: added ikev2/rw-eap-tls-only scenario
- added ikev2/rw-eap-tls-only scenario
- 07:48 Revision 9dffc26b: --enable eap-tls and --disable-load-warning in uml build
- --enable eap-tls and --disable-load-warning in uml build
Also available in: Atom