git.ipfire.org Git - thirdparty/strongswan.git/commit

author	Martin Willi <martin@revosec.ch>
	Wed, 28 Jan 2015 15:55:33 +0000 (16:55 +0100)
committer	Martin Willi <martin@revosec.ch>
	Tue, 24 Feb 2015 16:13:57 +0000 (17:13 +0100)
commit	b360379fe4f2ca2b2139ffe30703d51b334d71d2
tree	e7a607e497e90daace870c0f41d6e504a085c337	tree
parent	f36e7a52dfe48e7dd80d84b403efbe75be896140	commit \| diff

cga: Provide a virtual trust anchor for CGA parameter certificates

To give CGA parameters trust, we must validate it as certificate. To do so, a
static credential set provides a CA certificate as virtual trust anchor. If
enabled, any valid CGA parameters certificate can authenticate a matching IPv6
CGA identity.

As this allows any user to successfully authenticate with an IPv6 CGA, care
must be taken to limit connections to make use of CGA authenticated identities.
This is achieved by requiring a "trust" option to be explicitly enabled by the
administrator.

conf/Makefile.am		diff \| blob \| blame \| history
conf/plugins/cga.opt	[new file with mode: 0644]	blob
src/libstrongswan/plugins/cga/Makefile.am		diff \| blob \| blame \| history
src/libstrongswan/plugins/cga/cga_plugin.c		diff \| blob \| blame \| history
src/libstrongswan/plugins/cga/cga_trust.c	[new file with mode: 0644]	blob
src/libstrongswan/plugins/cga/cga_trust.h	[new file with mode: 0644]	blob