Age | Commit message (Expand) | Author |
2014-05-09 | get rid of redundant {csa,flow}_{src,dst}id pointers, so we don't need | Markus Friedl |
2014-05-09 | replace iked_transform pointer with xform id, since target of pointer | Markus Friedl |
2014-05-08 | match iked proc.c infrastructure with proc.c | Bret Lambert |
2014-05-07 | try postponed requests first, so we do in-order processing; ok mikeb@ | Markus Friedl |
2014-05-07 | print msgid for debugging; ok reyk & mikeb | Markus Friedl |
2014-05-07 | make authentication work with X509 certificates that don't have a | Markus Friedl |
2014-05-07 | factor out ikev2_ike_auth() (state machine; used multiple times via callbacks) | Markus Friedl |
2014-05-06 | change the create-child-sa responder code, so it does not store any | Markus Friedl |
2014-05-06 | zap stray word; ok markus | Jason McIntyre |
2014-05-06 | Explicitly zero out the ibufs before releasing the memory to make sure | Reyk Floeter |
2014-05-06 | initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkey | Markus Friedl |
2014-05-06 | cleanup IKE-SA tree handling (fixes repeated-insert & double-remove) | Markus Friedl |
2014-05-06 | don't sa_free() in the receive path (prevents use-after-free); ok mikeb@ | Markus Friedl |
2014-05-06 | send the delete with the locally allocated SPI in ikev2_init_create_child_sa() | Markus Friedl |
2014-05-06 | make sure some notify payloads are encrypted; ok mikeb@ | Markus Friedl |
2014-05-06 | initial support for PFS; ok reyk@ | Markus Friedl |
2014-05-06 | retire IKED_REQ_DELETE and fix delete parsing; ok reyk@ | Markus Friedl |
2014-05-06 | no need to include rand.h now the RAND_seed() calls are gone. | Jonathan Gray |
2014-05-05 | ca_x509_serialize: don't leak the bio buffer; ok reyk@ | Markus Friedl |
2014-05-05 | make the ca_pubkey_serialize() code similar to the private key code, and | Markus Friedl |
2014-05-05 | pfkey is unreliable, so add a select-timeout before MSG_PEEK; | Markus Friedl |
2014-05-05 | the caller of ikev2_msg_retransmit_response already frees the sa; ok mikeb | Markus Friedl |
2014-05-05 | don't leak on pid mismatch; ok mikeb | Markus Friedl |
2014-05-05 | validate the attribute length, too; from hshoexer; ok mikeb | Markus Friedl |
2014-05-05 | change surprisingly consistent mispelling of length ("lenght") | Bret Lambert |
2014-05-04 | With the recent change by deraadt@ to introduce kern.nosuidcoredump=3, | Reyk Floeter |
2014-04-29 | make sure the state machine only advances if the AUTH payload has | Markus Friedl |
2014-04-28 | macro fixes for previous; ok reyk | Jason McIntyre |
2014-04-28 | spacing | Reyk Floeter |
2014-04-28 | spacing | Reyk Floeter |
2014-04-28 | bump copyright | Reyk Floeter |
2014-04-28 | Add missing documentation for ipcomp(4) support and the configuration | Reyk Floeter |
2014-04-28 | It's about time to remove the infamous CAVEATS section in iked(8). | Reyk Floeter |
2014-04-25 | don't access a pointer till after the null check | Jonathan Gray |
2014-04-22 | Update iked to use the same proc.c that relayd uses. | Reyk Floeter |
2014-04-18 | round up some enemy sympathizers found calling RAND_seed(). | Ted Unangst |
2014-04-16 | More des_foo -> DES_foo | Miod Vallat |
2014-04-14 | Fix the following idiom in the following way: | Bret Lambert |
2014-04-10 | Add validation routines to ikev2_pld.c: For each payload type overall | Reyk Floeter |
2014-03-12 | don't leak an ibuf for each expired SA; ok mikeb@ | Markus Friedl |
2014-03-12 | unbreak config-address w/o pool; ok mikeb@ | Markus Friedl |
2014-02-26 | don't policy_ref an activate policy (policy_ref/unref are assymetrical), | Markus Friedl |
2014-02-21 | support rekeying for IPCOMP; ok mikeb@ | Markus Friedl |
2014-02-18 | check the error from ikev2_cp_setaddr | Markus Friedl |
2014-02-17 | interpret 'config address net/prefix' as a pool of addresses and | Markus Friedl |
2014-02-17 | basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' | Markus Friedl |
2014-02-17 | Fix compiler warnings in the format strings: use %zd for ssize_t and | Reyk Floeter |
2014-02-14 | remove unused function that distracts from cleaning up the imsg_flush() mess | Sebastian Benoit |
2014-02-14 | initial support for IPComp | Markus Friedl |
2014-02-12 | make sure to set the msg_responded flag on the original message; ok mikeb@ | Markus Friedl |