summaryrefslogtreecommitdiff
path: root/sbin/iked/ca.c
AgeCommit message (Expand)Author
2021-02-24Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().tobhe
2021-02-07Free X509_STOREs in ca_shutdown().tobhe
2021-02-04Upgrade to OpenSSL 1.1 compatible crypto API. Add additionaltobhe
2020-12-05Make len unsigned.tobhe
2020-11-04Add check for static id size.tobhe
2020-10-09More unused headers.tobhe
2020-10-09Remove unused "wait.h" includes.tobhe
2020-09-23Add new 'set cert_partial_chain' config option to allow verification oftobhe
2020-09-08Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matchingtobhe
2020-08-21Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid oftobhe
2020-08-18Add optional time-stamp validaten for ocsp. The new optional 'tolerate'tobhe
2020-08-16Clean up unused parameters.tobhe
2020-08-14Clean up unused variables.tobhe
2020-07-27Fix return value check for openssl API used during pubkey validation.tobhe
2020-07-15Make CERT and CERTREQ payloads optional for public key authentication.tobhe
2020-06-25Silence ca_validate_pubkey() error message for cert typetobhe
2020-06-17Fix length check in ca_getreq().tobhe
2020-05-08Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buftobhe
2020-04-12"could not open public key" is an error and should be log_info.tobhe
2020-04-10Only make the type part of the idstring lowercase when looking for certs intobhe
2020-04-08Prevent multiple ibuf leaks. Clean up on proccess shutdown.tobhe
2020-04-07Always prefer generic signature authentication (RFC 7427) , not just for RSA.tobhe
2020-04-06Fix pubkey leak in CA process for ASN1_DN IDs.tobhe
2020-04-01Properly handle multiple CERTREQ payloads in CA process. Only for thetobhe
2020-03-31Log summary of certificates in cert store when iked fails to find atobhe
2020-03-27Adjust cert type when choosing public key fallback.tobhe
2020-03-24Add ikev2_print_static_id() to print static IDs in log_debug() output.tobhe
2020-03-24Make our CERTREQ payload handling less strict. If we can not find atobhe
2020-01-15Support multiple x509 extensions and extensions with multipletobhe
2020-01-15If we don't find a certificate signed by a trusted CAtobhe
2019-07-03snprintf/vsnprintf return < 0 on error, rather than -1.Theo de Raadt
2019-02-27update RFC references, from tobias_heider at genua.de, ok claudio@Stuart Henderson
2017-10-30In the subjectAltName comparison, the bzero before the while-loop wasPatrick Wildt
2017-10-27Support multiple subjectAltNames by trying each existing until therePatrick Wildt
2017-03-28Add helpful debug messages to tell us why public key authentication failed.Reyk Floeter
2017-03-27Add support for RFC4754 (ECDSA) and RFC7427 authentication.Reyk Floeter
2017-01-20Make sure to free reference to the public key after decodingMike Belopuhov
2017-01-03Fix pledge of the ca process by calling the right function on startup.Reyk Floeter
2015-12-07Sync proc.c, use shorter proc_compose[v]()Reyk Floeter
2015-10-22iked hereby pledges that it will run with restricted systemReyk Floeter
2015-10-19Remove the ikev1 stub - Since I started iked, it has an empty privsepReyk Floeter
2015-10-01Fix interoperability with Apple iOS9: If we don't get a (valid)Reyk Floeter
2015-08-21Switch iked to C99-style fixed-width integer types.Reyk Floeter
2015-03-26initial support for RFC 7427 signatures, so we are no longerMarkus Friedl
2015-02-06unneeded getopt.hTheo de Raadt
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2014-12-05Specify correct number of iovecs when sending replies to the ikev2 procMike Belopuhov
2014-07-10add additional includes required to build with -DOPENSSL_NO_DEPRECATEDJonathan Gray
2014-05-07make authentication work with X509 certificates that don't have aMarkus Friedl
2014-05-05ca_x509_serialize: don't leak the bio buffer; ok reyk@Markus Friedl
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 01:48:52 +0000