Age | Commit message (Collapse) | Author |
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: niklas
more style
author: niklas
isakmpd style
author: angelos
Hopefully better wording of variables.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
regress/x509/x509test.c: Merge with EOM 1.7
DESIGN-NOTES: Merge with EOM 1.48
README.PKI: Merge with EOM 1.6
TO-DO: Merge with EOM 1.44
cert.c: Merge with EOM 1.12
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: ho
We want the exchange name if it's one of our (passive) connections.
author: angelos
Warning about RSA-specific code.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
author: angelos
When doing preshared key authentication, if the responder has the
initiator's ID (as is the case in aggressive mode) and a shared key
cannot be found for the initiator's address (as may be the case for a
roaming laptop user), try to find the password under using as a lookup
key the initiator's Phase 1 ID, if it's an IPv4 address, an FQDN
(host.domain), or a User-FQDN (user@host.domain). This allows us to
support roaming laptop users with preshared key authentication, using
aggressive mode (sick).
There is also a lot of experimental, insecure, and ifdef'd out code
for fetching credentials and secret passphrases from a remote server
if all else fails. Extremely experimental code. Don't use. You'll be
blinded and your hair will fall if you even think about using it. You
have been warned.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: ho
Compile without USE_LIBCRYPTO and HAVE_DLOPEN.
author: niklas
Missing dynamic link fixes
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: ho
style
author: ho
Don't accidentally overwrite files with the FIFO.
|
|
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: niklas
A working way to add a RCS Id to a keynote policy
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
regress/exchange/def-r.1: Merge with EOM
apps/certpatch/certpatch.c: Merge with EOM 1.2
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
regress/b2n/.cvsignore: Ignore me
regress/crypto/.cvsignore: Ignore me
regress/dh/.cvsignore: Ignore me
regress/ec2n/.cvsignore: Ignore me
regress/exchange/.cvsignore: Ignore me
regress/group/.cvsignore: Ignore me
regress/hmac/.cvsignore: Ignore me
regress/pkcs/.cvsignore: Ignore me
regress/prf/.cvsignore: Ignore me
regress/rsakeygen/.cvsignore: Ignore me
regress/x509/.cvsignore: Ignore me
apps/certpatch/.cvsignore: Ignore me
.cvsignore: Ignore me
|
|
author: angelos
Revert order of handling KE/NONCE and IDs, such that we can use the ID
to lookup for the shared secret...
|
|
author: angelos
Document the ID section/tag for Phase 1 exchanges.
|
|
author: niklas
typo
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
|
|
author: ho
Don't build w/o crypto support
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: ho
Compile without USE_LIBCRYPTO and HAVE_DLOPEN.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
message.c: Merge with EOM 1.135
message.h: Merge with EOM 1.48
sa.c: Merge with EOM 1.97
sa.h: Merge with EOM 1.53
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
|
|
|
|
|
|
|
|
|
|
to an attack pointed out by David Wagner.
|
|
to an attack pointed out by David Wagner.
|
|
|
|
Change strcpy to strlcpy and use 10 X's in _NAME_ARTMP
and _PATH_ARTMP; ok millert@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
provide memory maps editing through the machine memory command.
rearrange probing in machdep, so it provides less output,
also giving a shot for apm to fix the memory maps.
changes to kernel are minimal, only that is required due
to the api version bits addition and such cosmetic changes.
tested on all critical kernel,boot combinations; niklas@ ok
|
|
dlopen
and it is not there.
|
|
|
|
|
|
|
|
construct a null-terminated copy of the buffer returned by fgetln() and process
it as normal
|
|
|
|
|
|
Updated ioctls to match
Minor patches in anticipation of wd->sd translation layer
|
|
cross-compilers...
Yet another commit I forgot...
|
|
|