summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2020-11-07Implement 'from dynamic', which installs flows where 'dynamic' is replacedtobhe
2020-11-06Set correct netmask on patched addresses for debug printing.tobhe
2020-11-05Enable support for ASN1_DN ipsec identifiers.Peter Hessler
2020-11-04Add check for static id size.tobhe
2020-11-03Add 'any' keyword for request to allow 'request address any'.tobhe
2020-11-01Add 'dynamic' keyword to configure flows to dynamically assigned addresses.tobhe
2020-10-30Add missing bits to make 'request addr 0.0.0.0' accept ANY dynamic address.tobhe
2020-10-30style(9)tobhe
2020-10-30Whitespace fixes.tobhe
2020-10-30Fix key payload size. Use size from new SA.tobhe
2020-10-29Add initial support to request IP addresses as IKEv2 initiator.tobhe
2020-10-28Refactor parts of the dh_* API.tobhe
2020-10-24Don't modify sa in ikev2_pld_cp. Store cp_type in msg until message hastobhe
2020-10-22Handle NO_PROPOSAL_CHOSEN for initiator in IKE_SA_INIT exchange.tobhe
2020-10-22Add missing break.tobhe
2020-10-21Remove SAs from ike_dstid_sas on 'ikectl reset sa' to prevent use after free.tobhe
2020-10-19Handle NO_PROPOSAL_CHOSEN as IKE_AUTH initiator.tobhe
2020-10-09More unused headers.tobhe
2020-10-09Remove unused "wait.h" includes.tobhe
2020-10-06Always allocate hash_keylength() for buffers passed to hash_final() totobhe
2020-10-05Only handle AUTHENTICATION_FAILED for IKE_AUTH and INFORMATIONAL exchanges.tobhe
2020-10-03React to DELETE notifications only in INFORMATIONAL messagestobhe
2020-10-02Send AUTH_FAILED in ikev2_ike_auth_recv() if the message did not containtobhe
2020-10-01Skip DELETE payload responses only after they are validated.tobhe
2020-09-30Don't accept AUTH payloads with invalid auth_method 0.tobhe
2020-09-30Don't accept ID payloads with ID type IKEV2_ID_NONE.tobhe
2020-09-30Don't leak sa->sa_peerauth.id_buf.tobhe
2020-09-29Check ibuf_seek() return value.tobhe
2020-09-26Cleanup msg_eap in ikev2_msg_cleanup().tobhe
2020-09-25Simplify RB_TREE cleanup loops.tobhe
2020-09-24Cleanup logging, print SPIs where it makes sense.tobhe
2020-09-23Add new 'set cert_partial_chain' config option to allow verification oftobhe
2020-09-21Fix reassembly of out-of-order fragments. Always take the nextpld fieldtobhe
2020-09-19Add SHA2_384 and SHA2_512 to default proposals.tobhe
2020-09-18Fix memory leak in 'n->name'.tobhe
2020-09-17Set retransmit timeout for DELETE message on the replaced SA, not ontobhe
2020-09-17Do not send DELETE messages for closing SAs.tobhe
2020-09-17Merge IKEV2_EXCHANGE_CREATE_CHILD_SA and IKEV2_EXCHANGE_INFORMATIONALtobhe
2020-09-16Move all the EAP logic from a single branch in the message parsing code totobhe
2020-09-16Fix EAP authentication if the initiator sends no certificatetobhe
2020-09-09Delete dead code.tobhe
2020-09-08Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matchingtobhe
2020-09-06Drop redundant else for readability.tobhe
2020-09-05Use peer from policy, not from the acquire message.tobhe
2020-09-05Initialize flow_dir and flow_saproto so policy_test() can find the policytobhe
2020-09-04INFORMATIONAL and CREATE_CHILD_SA exchanges cannot be initiated at thetobhe
2020-09-03Log OCSP url on connection failure.tobhe
2020-09-02Add 30s timeout for OCSP requests.tobhe
2020-09-01Log SPIs to make it easier to map OCSP messages to SAs.tobhe
2020-09-01Make OCSP response status logging less verbose.tobhe
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-03 09:32:15 +0000