summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2015-11-18pledge exposed a simple bug: the unprivileged child tried to print theReyk Floeter
2015-11-04Support Chacha20-Poly1305 for Child SAs; ok reykMike Belopuhov
2015-11-01replace "can not" with "cannot";Jason McIntyre
2015-10-31pastoChristian Weisgerber
2015-10-31RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@Christian Weisgerber
2015-10-23push LDSTATIC line down so it's not overridden by makefile.inc. ok reykTed Unangst
2015-10-22iked hereby pledges that it will run with restricted systemReyk Floeter
2015-10-22Stop linking iked -static: It was inherited from isakmpd that isReyk Floeter
2015-10-20Fix ocsp by adding a missing TAILQ_INIT().Reyk Floeter
2015-10-19break long lines in examples; ok jmc@Christian Weisgerber
2015-10-19Fix control_imsg_forward() by changing imsg_compose() toReyk Floeter
2015-10-19Remove the ikev1 stub - Since I started iked, it has an empty privsepReyk Floeter
2015-10-15Remove some unnecessary NULL-checks before free(). Change two bzero()mmcc
2015-10-02Curve25519 is now specified in draft-ietf-ipsecme-safecurves-00 (alongReyk Floeter
2015-10-02RFC7634 specifies ChaCha20-Poly1305 for IKEv2 and IPsec and IANAReyk Floeter
2015-10-02Remove MD5 from the default proposals. At least SHA1 seems to be theReyk Floeter
2015-10-02If the policy certreqtype is 0, use the global one instead.Reyk Floeter
2015-10-01Don't reject an "empty" CERTREQ (one with no CA hashes), instead treat it asStuart Henderson
2015-10-01Fix interoperability with Apple iOS9: If we don't get a (valid)Reyk Floeter
2015-08-26use 0xffff not 0xfffff for a 16 bit port constantJonathan Gray
2015-08-21Switch iked to C99-style fixed-width integer types.Reyk Floeter
2015-08-19Add missing OpenBSD CVS tag - no binary changeReyk Floeter
2015-08-19spacing (no binary change, verified with checksums)Reyk Floeter
2015-07-17Assign correct destination port value for the destination netmask.Mike Belopuhov
2015-07-14clarification from trondd;Jason McIntyre
2015-07-07repair policy-ikesa-linking by replacing the broken RB_TREE w/TAILQMarkus Friedl
2015-07-03Terminate 'config' keyword array with a NULL element.Mike Belopuhov
2015-06-11Use "compliant" header guards by avoiding the reserved '_' namespace.Reyk Floeter
2015-06-05Fix coupling and decoupling operations.vgross
2015-06-03Do not assume that asprintf() clears the pointer on failure, whichTodd C. Miller
2015-03-26initial support for RFC 7427 signatures, so we are no longerMarkus Friedl
2015-02-28Reduce usage of predefined strings in manpages.Anthony J. Bentley
2015-02-15convert bcmp to memcmpTed Unangst
2015-02-08Use AI_ADDRCONFIG when resolv hosts on startup.Reyk Floeter
2015-02-06unneeded getopt.hTheo de Raadt
2015-01-19Remove unnecessary <netinet/ip_ipsp.h> includesMike Belopuhov
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2015-01-15tell the truth about DES.Igor Sobrado
2015-01-12Don't forget about protocol specification when configuring flows.Mike Belopuhov
2015-01-02PFS stands for Perfect Forward Secrecy.Igor Sobrado
2014-12-16Replace setpgrp(0, getpid()) with setpgid(0, 0). OK deraadt@ tedu@Todd C. Miller
2014-12-05Store return value of i2d_X509_NAME in a signed integer to makeMike Belopuhov
2014-12-05Specify correct number of iovecs when sending replies to the ikev2 procMike Belopuhov
2014-12-03Init SPI using arc4random_buf, rather than (r << 32) | rTheo de Raadt
2014-11-20Don't allow embedded nul characters in strings.Jonathan Gray
2014-11-20remove nt and lanman functions which aren't used. ok reyk yasuokaTed Unangst
2014-11-14Add gcc printf format attributes to iked's parse.y and remove unusedDoug Hogan
2014-11-10tweak previous; ok mikebJason McIntyre
2014-11-10copy pubkey section from isakmpd(8); ok reykMike Belopuhov
2014-11-07Fixup a few problems with EAP state transitionMike Belopuhov