| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
there but relying on an indirect inclusion
|
|
author: angelos
Default value for [KeyNote]:Credential-directory.
|
|
author: angelos
Point back to isakmpd.conf(5)
author: angelos
Remove fixed item from BUGs section.
author: angelos
Talk about re-loading of policies on SIGHUP.
|
|
author: angelos
Some more support for KeyNote credential exchange (not yet done).
|
|
author: angelos
No need for NODEBUG actually...
author: angelos
Use LOG_DBG() instead of log_debug()
author: angelos
NODEBUG compile option, so regress doesn't barf.
author: angelos
No point adding a handling attribute for the generic session.
author: angelos
log_debug() for the action attributes.
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
Correct pointer handling.
author: angelos
A few more certificate handling routines for KeyNote.
author: angelos
Some more support for KeyNote credential exchange (not yet done).
author: angelos
Add a couple more KeyNote functions in the sym entries.
author: ho
Some systems do not define IPPROTO_ETHERIP (yet).
|
|
author: angelos
Add the -R option in getopt!!!
|
|
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
|
|
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
Cleanup.
|
|
author: angelos
Some more text.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: ho
Update re DOI:IPSEC and default p1/p2 lifetimes.
|
|
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
A few more definitions.
author: angelos
Some more support for KeyNote credential exchange (not yet done).
|
|
author: provos
typo
|
|
author: angelos
Initialize [Keynote]:Credential-directory.
author: ho
Autogenerated p1/p2 default lifetimes can be defined in config.
author: niklas
style
|
|
author: angelos
Be a bit more verbose when printing policy results.
author: angelos
Correct environment cleanup.
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
&&, not ||
author: angelos
Begin support for KeyNote credentials exchanged.
|
|
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
Begin support for KeyNote credentials exchanged.
|
|
author: angelos
Reset policy_id and recv_key after we've moved them over from the
exchange to the isakmp_sa, so they don't get free'ed.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
Add CERTENC_KEYNOTE.
author: ho
DOI IPSEC is default if not specified.
|
|
exchange.h: Merge with EOM 1.27
x509.h: Merge with EOM 1.10
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
|
|
author: angelos
Add CERTENC_KEYNOTE.
|
|
author: ho
Correct definition.
|
|
author: ho
DOI IPSEC is default if not specified.
|
|
author: ho
Use math_mp_t in prototype.
|
|
author: ho
Attempt to get GMP usable here.
|
|
author: angelos
Don't add the callback at initialization time, we must set it before
each invokation.
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(this has been required by kthread for ages)
|
|
|
|
|
|
|
|
|
|
which gives two advantages -- faster and smaller.
do not arc4_stir on pool overflow, it takes too much time, instead
just hash data in and keep entropy count trim.
some minor cleanups here and there.
fixes overdropping of entropy on non-idle system load.
provos@ ok
|
|
|
|
|
|
|
|
|
|
Fixes the "NFS mounting of exported cd-rom causes panic" bug. Apparently
when the checkexp vfs support was added cd9660 was left out.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
like other bsd loaders (defaults to -a -S).
|
