Age | Commit message (Expand) | Author |
2019-08-16 | Fix segfault in parser when specifying an invalid transform. | tobhe |
2019-06-28 | When system calls indicate an error they return -1, not some arbitrary | Theo de Raadt |
2019-05-11 | Add support for IKEv2 Message Fragmentation as defined in RFC 7383. | Patrick Wildt |
2019-04-02 | When curve25519 was added to iked, it was based on the internet-draft and | Stuart Henderson |
2019-02-13 | (unsigned) means (unsigned int) which on ptrdiff_t or size_t or other | Theo de Raadt |
2018-11-07 | sync cmdline_symset() changes with src/usr.sbin; OK sashan@ claudio@ | miko |
2018-11-01 | - odd condition/test in PF lexer | Alexandr Nedvedicky |
2018-07-11 | Do for most running out of memory err() what was done for most running | Kenneth R Westerback |
2018-07-09 | No need to mention which memory allocation entry point failed (malloc, | Kenneth R Westerback |
2018-07-08 | Be consistent in warn() and log_warn() usage when | Kenneth R Westerback |
2018-06-11 | Fix an off-by-one line count when using include statements. | denis |
2018-04-26 | Plug leak in error case of the common 'varset' implementations. | Kenneth R Westerback |
2018-01-31 | Add support for specifying multiple transforms within a single proposal. | Patrick Wildt |
2018-01-24 | Implement support for specifying multiple proposals. This means we can | Patrick Wildt |
2017-12-01 | The RFC specifies that in an SA payload the proposals must be numbered | Patrick Wildt |
2017-11-27 | Implement MOBIKE (RFC 4555) support in iked(8), with us acting as | Patrick Wildt |
2017-11-15 | Reset the OCSP URL on config reload. Otherwise we end up not being | Patrick Wildt |
2017-04-24 | Fix configuration of ASN1_DN IDs. | Reyk Floeter |
2017-03-28 | Remove RSA from the list of keywords, lookup is now done in a table. | Reyk Floeter |
2017-03-27 | Factor out flows into separate configuration messages | Mike Belopuhov |
2017-03-27 | Add support for RFC4754 (ECDSA) and RFC7427 authentication. | Reyk Floeter |
2017-01-20 | Check bounds of the flows array when configuring traffic selectors | Mike Belopuhov |
2017-01-05 | Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ | Kenneth R Westerback |
2017-01-04 | Remove modular exponential groups specified in RFC5114 | Mike Belopuhov |
2016-09-03 | Add the missing bits to have NAT on enc(4) support in iked. | Vincent Gross |
2016-08-06 | Unbreak PSK authentication, broken by previous. | Pascal Stumpf |
2016-07-20 | When parsing the configuration. initialize the auth structure | Reyk Floeter |
2016-06-21 | do not allow whitespace in macro names, i.e. "this is" = "a variable". | Sebastian Benoit |
2015-12-09 | Remove plain DES encryption from IPsec. | Christian Weisgerber |
2015-11-04 | Support Chacha20-Poly1305 for Child SAs; ok reyk | Mike Belopuhov |
2015-10-31 | RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@ | Christian Weisgerber |
2015-10-02 | Remove MD5 from the default proposals. At least SHA1 seems to be the | Reyk Floeter |
2015-08-21 | Switch iked to C99-style fixed-width integer types. | Reyk Floeter |
2015-08-19 | spacing (no binary change, verified with checksums) | Reyk Floeter |
2015-07-03 | Terminate 'config' keyword array with a NULL element. | Mike Belopuhov |
2015-06-03 | Do not assume that asprintf() clears the pointer on failure, which | Todd C. Miller |
2015-02-08 | Use AI_ADDRCONFIG when resolv hosts on startup. | Reyk Floeter |
2015-01-19 | Remove unnecessary <netinet/ip_ipsp.h> includes | Mike Belopuhov |
2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt |
2015-01-12 | Don't forget about protocol specification when configuring flows. | Mike Belopuhov |
2014-11-20 | Don't allow embedded nul characters in strings. | Jonathan Gray |
2014-11-14 | Add gcc printf format attributes to iked's parse.y and remove unused | Doug Hogan |
2014-08-27 | Add support for Curve25519 using the public domain code that is found | Reyk Floeter |
2014-08-25 | Add support for DH groups 27-30 using the Brainpool curves which have | Reyk Floeter |
2014-05-06 | initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkey | Markus Friedl |
2014-02-17 | basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' | Markus Friedl |
2014-02-14 | initial support for IPComp | Markus Friedl |
2014-01-22 | relax the cfg file secrecy check slightly to allow group readability | Henning Brauer |
2013-12-03 | never cast to sockaddr_storage, always cast to the abstract 'class' sockaddr | Markus Friedl |
2013-11-28 | support raw pubkey authentication w/o x509 certificates; | Markus Friedl |