summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/policy.c
diff options
context:
space:
mode:
authorNiklas Hallqvist <niklas@cvs.openbsd.org>2000-10-16 23:28:44 +0000
committerNiklas Hallqvist <niklas@cvs.openbsd.org>2000-10-16 23:28:44 +0000
commit4ad5414175edeb24380006b59a3be893ff01651e (patch)
tree394f87d17d842472b49b13337eb47e0a172d08fc /sbin/isakmpd/policy.c
parent70a15fd38a1bc36c6e6248883c124fcc3bc36d7d (diff)
Merge with EOM 1.48
author: angelos Fix comment. author: angelos Add RIPEMD negotiation/configuration.
Diffstat (limited to 'sbin/isakmpd/policy.c')
-rw-r--r--sbin/isakmpd/policy.c21
1 files changed, 16 insertions, 5 deletions
diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c
index b097d377b0a..0ab47e14ece 100644
--- a/sbin/isakmpd/policy.c
+++ b/sbin/isakmpd/policy.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: policy.c,v 1.16 2000/10/09 23:27:31 niklas Exp $ */
-/* $EOM: policy.c,v 1.46 2000/10/09 22:08:29 angelos Exp $ */
+/* $OpenBSD: policy.c,v 1.17 2000/10/16 23:28:43 niklas Exp $ */
+/* $EOM: policy.c,v 1.48 2000/10/14 20:19:51 angelos Exp $ */
/*
* Copyright (c) 1999, 2000 Angelos D. Keromytis. All rights reserved.
@@ -290,6 +290,10 @@ policy_callback (char *name)
ah_hash_alg = "sha";
break;
+ case IPSEC_AH_RIPEMD:
+ ah_hash_alg = "ripemd";
+ break;
+
case IPSEC_AH_DES:
ah_hash_alg = "des";
break;
@@ -541,6 +545,10 @@ policy_callback (char *name)
ah_auth_alg = "hmac-sha";
break;
+ case IPSEC_AUTH_HMAC_RIPEMD:
+ ah_auth_alg = "hmac-ripemd";
+ break;
+
case IPSEC_AUTH_DES_MAC:
ah_auth_alg = "des-mac";
break;
@@ -562,6 +570,10 @@ policy_callback (char *name)
esp_auth_alg = "hmac-sha";
break;
+ case IPSEC_AUTH_HMAC_RIPEMD:
+ esp_auth_alg = "hmac-ripemd";
+ break;
+
case IPSEC_AUTH_DES_MAC:
esp_auth_alg = "des-mac";
break;
@@ -1521,9 +1533,8 @@ keynote_cert_get (u_int8_t *data, u_int32_t len)
}
/*
- * We just verify the signature on the certificates.
- * XXX Is this the right thing to do -- verify the signature on all
- * XXX credentials ?
+ * We just verify the signature on the credentials.
+ * On signature failure, just drop the whole payload.
*/
int
keynote_cert_validate (void *scert)