src - OpenBSD base system

diff options


context:
space:
mode:

author	Niklas Hallqvist <niklas@cvs.openbsd.org>	1999-07-18 09:33:34 +0000
committer	Niklas Hallqvist <niklas@cvs.openbsd.org>	1999-07-18 09:33:34 +0000
commit	e8617bbad095b22f7f8198bbb4b26f099badf19a (patch)
tree	7196763c3c07f42e255cd00b85440d9a397421bb
parent	36e47efa8388a27af2c3a68358405baebd7200ec (diff)

samples/VPN-east.conf: Merge with EOM 1.7

samples/VPN-west.conf: Merge with EOM 1.7 samples/singlehost-west.conf: Merge with EOM 1.4 samples/singlehost-east.conf: Merge with EOM 1.4 README.PKI: Merge with EOM 1.3 ike_auth.c: Merge with EOM 1.33 isakmpd.conf.5: Merge with EOM 1.28 author: niklas Moving the PRIVKEY tag into the X509-certificates section, renaming it to Private-key. Also rename the keynote policy file.

Diffstat

-rw-r--r--

sbin/isakmpd/README.PKI

-rw-r--r--

sbin/isakmpd/ike_auth.c

-rw-r--r--

sbin/isakmpd/isakmpd.conf.5

-rw-r--r--

sbin/isakmpd/samples/VPN-east.conf

-rw-r--r--

sbin/isakmpd/samples/VPN-west.conf

-rw-r--r--

sbin/isakmpd/samples/singlehost-east.conf

-rw-r--r--

sbin/isakmpd/samples/singlehost-west.conf

7 files changed, 30 insertions, 38 deletions

diff --git a/sbin/isakmpd/README.PKI b/sbin/isakmpd/README.PKI
index 8606eb99a21..50a9fa6c259 100644
--- a/sbin/isakmpd/README.PKI
+++ b/sbin/isakmpd/README.PKI

@@ -1,5 +1,5 @@

-$OpenBSD: README.PKI,v 1.2 1999/07/17 22:00:19 niklas Exp $

-$EOM: README.PKI,v 1.2 1999/07/17 21:29:47 niklas Exp $

+$OpenBSD: README.PKI,v 1.3 1999/07/18 09:33:33 niklas Exp $

+$EOM: README.PKI,v 1.3 1999/07/18 09:25:33 niklas Exp $

1 Create your own CA as root.

@@ -55,6 +55,4 @@ $EOM: README.PKI,v 1.2 1999/07/17 21:29:47 niklas Exp $

[X509-certificates]

CA-directory= /etc/isakmpd/ca/

Cert-directory= /etc/isakmpd/certs/

- [RSA_SIG]

- PRIVKEY= /etc/isakmpd/private/local.key

+ Private-key= /etc/isakmpd/private/local.key

diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c
index 5b9859e309c..8d260b5c621 100644
--- a/sbin/isakmpd/ike_auth.c
+++ b/sbin/isakmpd/ike_auth.c

@@ -1,5 +1,5 @@

-/* $OpenBSD: ike_auth.c,v 1.15 1999/07/17 21:54:39 niklas Exp $ */

-/* $EOM: ike_auth.c,v 1.32 1999/07/17 20:44:10 niklas Exp $ */

+/* $OpenBSD: ike_auth.c,v 1.16 1999/07/18 09:33:33 niklas Exp $ */

+/* $EOM: ike_auth.c,v 1.33 1999/07/18 09:25:33 niklas Exp $ */

@@ -154,7 +154,7 @@ ike_auth_get_key (int type, char *id, size_t *keylen)

break;

case IKE_AUTH_RSA_SIG:

- keyfile = conf_get_str ("RSA_sig", "privkey");

+ keyfile = conf_get_str ("X509-certificates", "Private-key");

if ((keyh = BIO_new (BIO_s_file ())) == NULL)

{

diff --git a/sbin/isakmpd/isakmpd.conf.5 b/sbin/isakmpd/isakmpd.conf.5
index 0060d151e23..f127cd39254 100644
--- a/sbin/isakmpd/isakmpd.conf.5
+++ b/sbin/isakmpd/isakmpd.conf.5

@@ -1,5 +1,5 @@

-.\" $OpenBSD: isakmpd.conf.5,v 1.22 1999/07/17 21:54:39 niklas Exp $

-.\" $EOM: isakmpd.conf.5,v 1.27 1999/07/17 20:44:11 niklas Exp $

+.\" $OpenBSD: isakmpd.conf.5,v 1.23 1999/07/18 09:33:33 niklas Exp $

+.\" $EOM: isakmpd.conf.5,v 1.28 1999/07/18 09:25:33 niklas Exp $

.\"

@@ -143,6 +143,10 @@ are required to have a SubjectAltName extension.

If this tag is defined, whatever the value is, certificates that

do not originate from a trusted CA but are self-signed will be

accepted.

+.It Em Private-key

+The private key matching the public key of our certificate (which should be

+in the "Cert-directory", and have a subjectAltName matching our ID, so far

+that is our IP-address).

.El

.Ss Referred-to sections

@@ -351,7 +355,7 @@ An example of a configuration file:

# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.

[General]

-Policy-File= /etc/isakmpd.policy

+Policy-File= /etc/isakmpd/policy

Retransmits= 5

Exchange-max-time= 120

Listen-on= 10.1.0.2

@@ -407,6 +411,7 @@ Transforms= 3DES-SHA

[X509-certificates]

CA-directory= /etc/isakmpd/ca/

Cert-directory= /etc/isakmpd/certs/

+Private-key= /etc/isakmpd/private/local.key

# Main mode transforms

######################

@@ -661,9 +666,6 @@ LIFE_DURATION= 32768,16384:65536

[LIFE_4.5_GB]

LIFE_TYPE= KILOBYTES

LIFE_DURATION= 4608000,4096000:8192000

-[RSA_SIG]

-PRIVKEY= /etc/isakmpd/private/local.key

.Ed

.Sh SEE ALSO

.Xr ipsec 4 ,

diff --git a/sbin/isakmpd/samples/VPN-east.conf b/sbin/isakmpd/samples/VPN-east.conf
index f5a457a7982..7b19f84f77e 100644
--- a/sbin/isakmpd/samples/VPN-east.conf
+++ b/sbin/isakmpd/samples/VPN-east.conf

@@ -1,5 +1,5 @@

-# $OpenBSD: VPN-east.conf,v 1.5 1999/07/17 21:54:38 niklas Exp $

-# $EOM: VPN-east.conf,v 1.6 1999/07/17 20:44:14 niklas Exp $

+# $OpenBSD: VPN-east.conf,v 1.6 1999/07/18 09:33:33 niklas Exp $

+# $EOM: VPN-east.conf,v 1.7 1999/07/18 09:25:34 niklas Exp $

# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.

@@ -313,7 +313,5 @@ LIFE_DURATION= 4608000,4096000:8192000

[X509-certificates]

CA-directory= /etc/isakmpd/ca/

Cert-directory= /etc/isakmpd/certs/

-#Accept-self-signed=

-[RSA_SIG]

-PRIVKEY= /etc/isakmpd/private/local.key

+#Accept-self-signed= defined

+Private-key= /etc/isakmpd/private/local.key

diff --git a/sbin/isakmpd/samples/VPN-west.conf b/sbin/isakmpd/samples/VPN-west.conf
index c4ff9e69c49..7c93bad83ff 100644
--- a/sbin/isakmpd/samples/VPN-west.conf
+++ b/sbin/isakmpd/samples/VPN-west.conf

@@ -1,5 +1,5 @@

-# $OpenBSD: VPN-west.conf,v 1.5 1999/07/17 21:54:38 niklas Exp $

-# $EOM: VPN-west.conf,v 1.6 1999/07/17 20:44:14 niklas Exp $

+# $OpenBSD: VPN-west.conf,v 1.6 1999/07/18 09:33:33 niklas Exp $

+# $EOM: VPN-west.conf,v 1.7 1999/07/18 09:25:34 niklas Exp $

# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.

@@ -313,7 +313,5 @@ LIFE_DURATION= 4608000,4096000:8192000

[X509-certificates]

CA-directory= /etc/isakmpd/ca/

Cert-directory= /etc/isakmpd/certs/

-#Accept-self-signed=

-[RSA_SIG]

-PRIVKEY= /etc/isakmpd/private/local.key

+#Accept-self-signed= defined

+Private-key= /etc/isakmpd/private/local.key

diff --git a/sbin/isakmpd/samples/singlehost-east.conf b/sbin/isakmpd/samples/singlehost-east.conf
index 3c7263b4a59..3b115a385d0 100644
--- a/sbin/isakmpd/samples/singlehost-east.conf
+++ b/sbin/isakmpd/samples/singlehost-east.conf

@@ -1,5 +1,5 @@

-# $OpenBSD: singlehost-east.conf,v 1.3 1999/07/17 21:54:38 niklas Exp $

-# $EOM: singlehost-east.conf,v 1.3 1999/07/17 20:44:16 niklas Exp $

+# $OpenBSD: singlehost-east.conf,v 1.4 1999/07/18 09:33:33 niklas Exp $

+# $EOM: singlehost-east.conf,v 1.4 1999/07/18 09:25:34 niklas Exp $

# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.

@@ -347,7 +347,5 @@ LIFE_DURATION= 4608000,4096000:8192000

[X509-certificates]

CA-directory= /etc/isakmpd/ca/

Cert-directory= /etc/isakmpd/certs/

-#Accept-self-signed=

-[RSA_SIG]

-PRIVKEY= /etc/isakmpd/private/local.key

+#Accept-self-signed= defined

+Private-key= /etc/isakmpd/private/local.key

diff --git a/sbin/isakmpd/samples/singlehost-west.conf b/sbin/isakmpd/samples/singlehost-west.conf
index ce501155355..4c101a59ad3 100644
--- a/sbin/isakmpd/samples/singlehost-west.conf
+++ b/sbin/isakmpd/samples/singlehost-west.conf

@@ -1,5 +1,5 @@

-# $OpenBSD: singlehost-west.conf,v 1.3 1999/07/17 21:54:38 niklas Exp $

-# $EOM: singlehost-west.conf,v 1.3 1999/07/17 20:44:16 niklas Exp $

+# $OpenBSD: singlehost-west.conf,v 1.4 1999/07/18 09:33:33 niklas Exp $

+# $EOM: singlehost-west.conf,v 1.4 1999/07/18 09:25:35 niklas Exp $

# A configuration sample for the isakmpd ISAKMP/Oakley (aka IKE) daemon.

@@ -349,7 +349,5 @@ LIFE_DURATION= 4608000,4096000:8192000

[X509-certificates]

CA-directory= /etc/isakmpd/ca/

Cert-directory= /etc/isakmpd/certs/

-#Accept-self-signed=

-[RSA_SIG]

-PRIVKEY= /etc/isakmpd/private/local.key

+#Accept-self-signed= defined

+Private-key= /etc/isakmpd/private/local.key