summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2020-09-19Add SHA2_384 and SHA2_512 to default proposals.tobhe
2020-09-18Fix memory leak in 'n->name'.tobhe
2020-09-17Set retransmit timeout for DELETE message on the replaced SA, not ontobhe
2020-09-17Do not send DELETE messages for closing SAs.tobhe
2020-09-17Merge IKEV2_EXCHANGE_CREATE_CHILD_SA and IKEV2_EXCHANGE_INFORMATIONALtobhe
2020-09-16Move all the EAP logic from a single branch in the message parsing code totobhe
2020-09-16Fix EAP authentication if the initiator sends no certificatetobhe
2020-09-09Delete dead code.tobhe
2020-09-08Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matchingtobhe
2020-09-06Drop redundant else for readability.tobhe
2020-09-05Use peer from policy, not from the acquire message.tobhe
2020-09-05Initialize flow_dir and flow_saproto so policy_test() can find the policytobhe
2020-09-04INFORMATIONAL and CREATE_CHILD_SA exchanges cannot be initiated at thetobhe
2020-09-03Log OCSP url on connection failure.tobhe
2020-09-02Add 30s timeout for OCSP requests.tobhe
2020-09-01Log SPIs to make it easier to map OCSP messages to SAs.tobhe
2020-09-01Make OCSP response status logging less verbose.tobhe
2020-08-31Do not register a read/write callback on fd -1 (e.g. if connection failed).tobhe
2020-08-31Both ocsp_req_ctx and ocsp_req must be freed. Don't free ocsp_id as ittobhe
2020-08-31Use SA header (SPIs) to map OCSP connect requests to their respectivetobhe
2020-08-28Rename ikev2_*_sa() functions to make clear they handle Child SAs.tobhe
2020-08-27Make sure to save certificate in the CERTINVALID case to fixtobhe
2020-08-26Allow disabling DPD liveness checks by setting dpd_check_interval to 0.tobhe
2020-08-25Fix undefined symbol.tobhe
2020-08-25Add dpd_check_interval configuration option. If for any IKE SA no IPsectobhe
2020-08-24Reduce the amount of boilerplate code and imsgs for config options bytobhe
2020-08-23Add a new configuration option to limit the number of connections fortobhe
2020-08-23Rename natt_mode to sc_nattmode for consistency.tobhe
2020-08-22Prevent concurrent CREATE_CHILD_SA and INFORMATIONAL exchanges.tobhe
2020-08-21Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid oftobhe
2020-08-20Remove redundant variable.tobhe
2020-08-19Restructure traffic selector payload parsing. Add additional size andtobhe
2020-08-18Add optional time-stamp validaten for ocsp. The new optional 'tolerate'tobhe
2020-08-17Fix possible leak of ocsp_id.tobhe
2020-08-16Clean up unused parameters.tobhe
2020-08-15Remove dead assignments.tobhe
2020-08-14Clean up unused variables.tobhe
2020-08-14Delete unused variable 'policy'.tobhe
2020-08-14Print local 'sa' variable instead of 'msg->msg_sa'.tobhe
2020-08-14Delete unused variable 'idtype'.tobhe
2020-08-14Delete unused variable 'certid'.tobhe
2020-08-13Properly set flow_saproto for aquire.tobhe
2020-08-12style(9).tobhe
2020-08-11Prioritize incoming certificate requests by the order of CERTEQ payloadstobhe
2020-08-10Reduce log spam.tobhe
2020-08-10Remove unused argument.tobhe
2020-08-06Delete commented out code.tobhe
2020-07-27Fix return value check for openssl API used during pubkey validation.tobhe
2020-07-23Fix ibuf leak in sa_localauth when SA is freed.tobhe
2020-07-21Provide GRE over transport mode examplekn