summaryrefslogtreecommitdiff
path: root/sbin/iked/ca.c
AgeCommit message (Expand)Author
2017-10-30In the subjectAltName comparison, the bzero before the while-loop wasPatrick Wildt
2017-10-27Support multiple subjectAltNames by trying each existing until therePatrick Wildt
2017-03-28Add helpful debug messages to tell us why public key authentication failed.Reyk Floeter
2017-03-27Add support for RFC4754 (ECDSA) and RFC7427 authentication.Reyk Floeter
2017-01-20Make sure to free reference to the public key after decodingMike Belopuhov
2017-01-03Fix pledge of the ca process by calling the right function on startup.Reyk Floeter
2015-12-07Sync proc.c, use shorter proc_compose[v]()Reyk Floeter
2015-10-22iked hereby pledges that it will run with restricted systemReyk Floeter
2015-10-19Remove the ikev1 stub - Since I started iked, it has an empty privsepReyk Floeter
2015-10-01Fix interoperability with Apple iOS9: If we don't get a (valid)Reyk Floeter
2015-08-21Switch iked to C99-style fixed-width integer types.Reyk Floeter
2015-03-26initial support for RFC 7427 signatures, so we are no longerMarkus Friedl
2015-02-06unneeded getopt.hTheo de Raadt
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2014-12-05Specify correct number of iovecs when sending replies to the ikev2 procMike Belopuhov
2014-07-10add additional includes required to build with -DOPENSSL_NO_DEPRECATEDJonathan Gray
2014-05-07make authentication work with X509 certificates that don't have aMarkus Friedl
2014-05-05ca_x509_serialize: don't leak the bio buffer; ok reyk@Markus Friedl
2014-05-05make the ca_pubkey_serialize() code similar to the private key code, andMarkus Friedl
2014-04-22Update iked to use the same proc.c that relayd uses.Reyk Floeter
2014-02-17basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"'Markus Friedl
2014-02-17Fix compiler warnings in the format strings: use %zd for ssize_t andReyk Floeter
2013-11-28support raw pubkey authentication w/o x509 certificates;Markus Friedl
2013-11-14pass caller to ca_sslerror for better error messages; ok mikebMarkus Friedl
2013-03-21remove excessive includesTheo de Raadt
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-11-16promote some debug messages to warnings; ok reykMike Belopuhov
2012-10-09"If srcid is omitted, the default is to use the hostname of the localReyk Floeter
2012-09-18update email addresses to match reality.Reyk Floeter
2011-05-27spacingReyk Floeter
2011-05-09rename functions in proc.c to proc_* and move some code from imsg_util.c toReyk Floeter
2011-05-05Small tweak - add direct pointer to env instead of using an indirect one.Reyk Floeter
2011-05-05Move the proc.c-specific runtime state out of struct iked into a sub-struct.Reyk Floeter
2011-05-05rename iked_proc* to privsep_proc*. no functional change.Reyk Floeter
2010-12-22move and rename util.c:print_id() to ikev2.c:ikev2_print_id() becauseReyk Floeter
2010-09-30promote openssl errors to the warning level; ok reykMike Belopuhov
2010-06-29add code to lookup the RSA public keys in /etc/iked/pubkeys/ as anReyk Floeter
2010-06-27When a peer requests a certificate from the local gateway, we firstReyk Floeter
2010-06-27fix the length check for ASN1_ID Ids.Reyk Floeter
2010-06-27Verify that the subjectAltName extension is present and matches theReyk Floeter
2010-06-26Include the Id type in the generated SA tag that is passed to theReyk Floeter
2010-06-24unbreak the ikectl log verbose/brief commands.Reyk Floeter
2010-06-11tweak the code slightly so we can remove -lsslJonathan Gray
2010-06-10move a bzero of the x509 store context higher up so theJonathan Gray
2010-06-10i don't like splitting source code in too many source files but ikev2.cReyk Floeter
2010-06-03Import iked, a new implementation of the IKEv2 protocol.Reyk Floeter