diff options
author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-10-16 23:28:44 +0000 |
---|---|---|
committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-10-16 23:28:44 +0000 |
commit | 4ad5414175edeb24380006b59a3be893ff01651e (patch) | |
tree | 394f87d17d842472b49b13337eb47e0a172d08fc /sbin/isakmpd/policy.c | |
parent | 70a15fd38a1bc36c6e6248883c124fcc3bc36d7d (diff) |
Merge with EOM 1.48
author: angelos
Fix comment.
author: angelos
Add RIPEMD negotiation/configuration.
Diffstat (limited to 'sbin/isakmpd/policy.c')
-rw-r--r-- | sbin/isakmpd/policy.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c index b097d377b0a..0ab47e14ece 100644 --- a/sbin/isakmpd/policy.c +++ b/sbin/isakmpd/policy.c @@ -1,5 +1,5 @@ -/* $OpenBSD: policy.c,v 1.16 2000/10/09 23:27:31 niklas Exp $ */ -/* $EOM: policy.c,v 1.46 2000/10/09 22:08:29 angelos Exp $ */ +/* $OpenBSD: policy.c,v 1.17 2000/10/16 23:28:43 niklas Exp $ */ +/* $EOM: policy.c,v 1.48 2000/10/14 20:19:51 angelos Exp $ */ /* * Copyright (c) 1999, 2000 Angelos D. Keromytis. All rights reserved. @@ -290,6 +290,10 @@ policy_callback (char *name) ah_hash_alg = "sha"; break; + case IPSEC_AH_RIPEMD: + ah_hash_alg = "ripemd"; + break; + case IPSEC_AH_DES: ah_hash_alg = "des"; break; @@ -541,6 +545,10 @@ policy_callback (char *name) ah_auth_alg = "hmac-sha"; break; + case IPSEC_AUTH_HMAC_RIPEMD: + ah_auth_alg = "hmac-ripemd"; + break; + case IPSEC_AUTH_DES_MAC: ah_auth_alg = "des-mac"; break; @@ -562,6 +570,10 @@ policy_callback (char *name) esp_auth_alg = "hmac-sha"; break; + case IPSEC_AUTH_HMAC_RIPEMD: + esp_auth_alg = "hmac-ripemd"; + break; + case IPSEC_AUTH_DES_MAC: esp_auth_alg = "des-mac"; break; @@ -1521,9 +1533,8 @@ keynote_cert_get (u_int8_t *data, u_int32_t len) } /* - * We just verify the signature on the certificates. - * XXX Is this the right thing to do -- verify the signature on all - * XXX credentials ? + * We just verify the signature on the credentials. + * On signature failure, just drop the whole payload. */ int keynote_cert_validate (void *scert) |