summaryrefslogtreecommitdiff
path: root/sbin/iked/ca.c
AgeCommit message (Expand)Author
2024-06-18iked: do not attempt to read multiple SANsTheo Buehler
2024-02-13Control startup of PROC_CERT and PROC_IKEV2.Tobias Heider
2024-02-06Pass struct iked directly to ca_reset() instead of passing it via psTobias Heider
2024-01-24Use per connection peerid for control repliesTobias Heider
2024-01-15Include cert_partial_chain in iked_static instead of sending a separateTobias Heider
2023-09-02Remove unneccessary id == NULL check after dereferencing it. id can neverTobias Heider
2023-08-04Convert calls to ibuf_length() where it is clear that the ibuf is notClaudio Jeker
2023-06-28Add support to verify X509 chain from CERT payloads.Tobias Heider
2023-06-25remove ca_sslinit()Omar Polo
2023-06-17Fix leak of key.id_buf in pubkey auth case.Tobias Heider
2023-05-23Replace ibuf_release() with ibuf_free() since the former just calls the latterClaudio Jeker
2023-03-05Fix clean process shutdown by storing env globally like vmd and httpd doTobias Heider
2023-03-04Sync proc.c from vmd(8) to enabled fork + exec for all processes. This givesTobias Heider
2022-11-07Free objects that were dynamically allocated in libcrypto with OPENSSL_free().Tobias Heider
2022-07-08Support sending certificate chains with intermediate CAs in multiple CERTTobias Heider
2021-12-14Move raw pubkey bytes to EVP_PKEY conversion to common function.Tobias Heider
2021-12-13Fix asprintf() error check. Portable code should check the returnTheo Buehler
2021-12-13Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamicallyTheo Buehler
2021-12-13Cleanup libcrypto memory management. Remove redundant NULL checksTobias Heider
2021-12-08The /etc/iked/certs/ directory is used for both local and peerTobias Heider
2021-12-07Fix locally stored peer certificates in /etc/iked/certs as documented inTobias Heider
2021-12-01whitespace cleanup during review readTheo de Raadt
2021-11-25Silence unitialized variable warnings.Tobias Heider
2021-11-21Add 'ikectl show certinfo' to show trusted CAs and certificates.Tobias Heider
2021-02-24Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().tobhe
2021-02-07Free X509_STOREs in ca_shutdown().tobhe
2021-02-04Upgrade to OpenSSL 1.1 compatible crypto API. Add additionaltobhe
2020-12-05Make len unsigned.tobhe
2020-11-04Add check for static id size.tobhe
2020-10-09More unused headers.tobhe
2020-10-09Remove unused "wait.h" includes.tobhe
2020-09-23Add new 'set cert_partial_chain' config option to allow verification oftobhe
2020-09-08Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matchingtobhe
2020-08-21Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid oftobhe
2020-08-18Add optional time-stamp validaten for ocsp. The new optional 'tolerate'tobhe
2020-08-16Clean up unused parameters.tobhe
2020-08-14Clean up unused variables.tobhe
2020-07-27Fix return value check for openssl API used during pubkey validation.tobhe
2020-07-15Make CERT and CERTREQ payloads optional for public key authentication.tobhe
2020-06-25Silence ca_validate_pubkey() error message for cert typetobhe
2020-06-17Fix length check in ca_getreq().tobhe
2020-05-08Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buftobhe
2020-04-12"could not open public key" is an error and should be log_info.tobhe
2020-04-10Only make the type part of the idstring lowercase when looking for certs intobhe
2020-04-08Prevent multiple ibuf leaks. Clean up on proccess shutdown.tobhe
2020-04-07Always prefer generic signature authentication (RFC 7427) , not just for RSA.tobhe
2020-04-06Fix pubkey leak in CA process for ASN1_DN IDs.tobhe
2020-04-01Properly handle multiple CERTREQ payloads in CA process. Only for thetobhe
2020-03-31Log summary of certificates in cert store when iked fails to find atobhe
2020-03-27Adjust cert type when choosing public key fallback.tobhe
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 01:16:27 +0000