index
:
src
cvs/HEAD
kms/intel
kms/radeon
master
OpenBSD base system
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
sbin
/
iked
/
ca.c
Age
Commit message (
Expand
)
Author
2023-03-05
Fix clean process shutdown by storing env globally like vmd and httpd do
Tobias Heider
2023-03-04
Sync proc.c from vmd(8) to enabled fork + exec for all processes. This gives
Tobias Heider
2022-11-07
Free objects that were dynamically allocated in libcrypto with OPENSSL_free().
Tobias Heider
2022-07-08
Support sending certificate chains with intermediate CAs in multiple CERT
Tobias Heider
2021-12-14
Move raw pubkey bytes to EVP_PKEY conversion to common function.
Tobias Heider
2021-12-13
Fix asprintf() error check. Portable code should check the return
Theo Buehler
2021-12-13
Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamically
Theo Buehler
2021-12-13
Cleanup libcrypto memory management. Remove redundant NULL checks
Tobias Heider
2021-12-08
The /etc/iked/certs/ directory is used for both local and peer
Tobias Heider
2021-12-07
Fix locally stored peer certificates in /etc/iked/certs as documented in
Tobias Heider
2021-12-01
whitespace cleanup during review read
Theo de Raadt
2021-11-25
Silence unitialized variable warnings.
Tobias Heider
2021-11-21
Add 'ikectl show certinfo' to show trusted CAs and certificates.
Tobias Heider
2021-02-24
Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().
tobhe
2021-02-07
Free X509_STOREs in ca_shutdown().
tobhe
2021-02-04
Upgrade to OpenSSL 1.1 compatible crypto API. Add additional
tobhe
2020-12-05
Make len unsigned.
tobhe
2020-11-04
Add check for static id size.
tobhe
2020-10-09
More unused headers.
tobhe
2020-10-09
Remove unused "wait.h" includes.
tobhe
2020-09-23
Add new 'set cert_partial_chain' config option to allow verification of
tobhe
2020-09-08
Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matching
tobhe
2020-08-21
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of
tobhe
2020-08-18
Add optional time-stamp validaten for ocsp. The new optional 'tolerate'
tobhe
2020-08-16
Clean up unused parameters.
tobhe
2020-08-14
Clean up unused variables.
tobhe
2020-07-27
Fix return value check for openssl API used during pubkey validation.
tobhe
2020-07-15
Make CERT and CERTREQ payloads optional for public key authentication.
tobhe
2020-06-25
Silence ca_validate_pubkey() error message for cert type
tobhe
2020-06-17
Fix length check in ca_getreq().
tobhe
2020-05-08
Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf
tobhe
2020-04-12
"could not open public key" is an error and should be log_info.
tobhe
2020-04-10
Only make the type part of the idstring lowercase when looking for certs in
tobhe
2020-04-08
Prevent multiple ibuf leaks. Clean up on proccess shutdown.
tobhe
2020-04-07
Always prefer generic signature authentication (RFC 7427) , not just for RSA.
tobhe
2020-04-06
Fix pubkey leak in CA process for ASN1_DN IDs.
tobhe
2020-04-01
Properly handle multiple CERTREQ payloads in CA process. Only for the
tobhe
2020-03-31
Log summary of certificates in cert store when iked fails to find a
tobhe
2020-03-27
Adjust cert type when choosing public key fallback.
tobhe
2020-03-24
Add ikev2_print_static_id() to print static IDs in log_debug() output.
tobhe
2020-03-24
Make our CERTREQ payload handling less strict. If we can not find a
tobhe
2020-01-15
Support multiple x509 extensions and extensions with multiple
tobhe
2020-01-15
If we don't find a certificate signed by a trusted CA
tobhe
2019-07-03
snprintf/vsnprintf return < 0 on error, rather than -1.
Theo de Raadt
2019-02-27
update RFC references, from tobias_heider at genua.de, ok claudio@
Stuart Henderson
2017-10-30
In the subjectAltName comparison, the bzero before the while-loop was
Patrick Wildt
2017-10-27
Support multiple subjectAltNames by trying each existing until there
Patrick Wildt
2017-03-28
Add helpful debug messages to tell us why public key authentication failed.
Reyk Floeter
2017-03-27
Add support for RFC4754 (ECDSA) and RFC7427 authentication.
Reyk Floeter
2017-01-20
Make sure to free reference to the public key after decoding
Mike Belopuhov
[next]