Age | Commit message (Expand) | Author |
2018-03-22 | The iked(8) fuzzer did not fuzz encrypted payloads. With that changed | Patrick Wildt |
2018-03-16 | Consistently spell "IPsec" in comments and debug outputs. | Martin Pieuchot |
2018-03-05 | Outsource enabling/disabling the DPD and keepalive timers for SAs into | Patrick Wildt |
2018-01-31 | Add support for specifying multiple transforms within a single proposal. | Patrick Wildt |
2018-01-24 | Implement support for specifying multiple proposals. This means we can | Patrick Wildt |
2017-12-23 | Since ikev2_init_recv() is supposed to only handle responses to an | Patrick Wildt |
2017-12-13 | getsockname(2) needs to be passed the length of the input struct. | Patrick Wildt |
2017-12-07 | Change the SA payload parser to parse more than the first proposal. This | Patrick Wildt |
2017-12-05 | When sending out a proposal we create an SA/SPI for the Child SAs if we | Patrick Wildt |
2017-12-04 | Remove duplicate check that never could execute because the exact same | Patrick Wildt |
2017-12-04 | Consistently log "malformed payload" instead of "payload malformed", and | Patrick Wildt |
2017-12-04 | Remove check that is now a duplicate due to recent refactoring. | Patrick Wildt |
2017-12-04 | The payloads are layered like onions, so you can validate one layer and | Patrick Wildt |
2017-12-04 | Initialize variable, otherwise the pointer might contain stack garbage. | Patrick Wildt |
2017-12-03 | If we wanted to send out more proposals than just one, we need to set a | Patrick Wildt |
2017-12-03 | The RFC specifies that to accept a proposal, we must select a transform | Patrick Wildt |
2017-12-01 | The RFC specifies that in an SA payload the proposals must be numbered | Patrick Wildt |
2017-12-01 | Turns out that, as specified in the RFC, the initial Child SA does not | Patrick Wildt |
2017-11-30 | Add support for rejecting IKE SA messages. This means that we can reply | Patrick Wildt |
2017-11-29 | Print_host is used mainly in printf style functions. So do not return NULL | Claudio Jeker |
2017-11-27 | Implement MOBIKE (RFC 4555) support in iked(8), with us acting as | Patrick Wildt |
2017-11-15 | Reset the OCSP URL on config reload. Otherwise we end up not being | Patrick Wildt |
2017-11-08 | Do not accept superfluous arguments. | Patrick Wildt |
2017-11-08 | For IPcomp we need to load explicit ESP-flows for the IPIP or IPCOMP | Patrick Wildt |
2017-10-30 | In the subjectAltName comparison, the bzero before the while-loop was | Patrick Wildt |
2017-10-27 | Support multiple subjectAltNames by trying each existing until there | Patrick Wildt |
2017-10-27 | In the final RFC 5903 the computation for the DH shared secret changed. | Patrick Wildt |
2017-08-28 | fix char ** to const char ** conversion warning; ok mikeb@ | Otto Moerbeek |
2017-07-19 | more depends gc / yacc rules overhaul | Marc Espie |
2017-07-03 | no need to generate y.tab.h if nothing uses it, set YFLAGS to nothing | Marc Espie |
2017-06-01 | Expand $eapid in iked tags, allowing PF rules to be written based on EAP | Stuart Henderson |
2017-05-21 | A few more freezero() uses | Theo de Raadt |
2017-04-26 | cope with IP address changes. before, we were trying to resend the msg | Henning Brauer |
2017-04-24 | Fix configuration of ASN1_DN IDs. | Reyk Floeter |
2017-04-18 | use freezero() | Theo de Raadt |
2017-04-13 | Add a NAT-T keepalive timer in case we are behind a NAT gateway. | Patrick Wildt |
2017-03-30 | Only close the SA if an error happens before ikev2_msg_init() was called | Patrick Wildt |
2017-03-28 | Add helpful debug messages to tell us why public key authentication failed. | Reyk Floeter |
2017-03-28 | Remove RSA from the list of keywords, lookup is now done in a table. | Reyk Floeter |
2017-03-28 | Don't send informational responses before we're having the key material. | Reyk Floeter |
2017-03-28 | Returning -1 in an imsg handler like ikev2_dispatch_cert aborts iked. | Reyk Floeter |
2017-03-27 | Don't cache the DH group in the policy | Mike Belopuhov |
2017-03-27 | correct verb pattern; | Jason McIntyre |
2017-03-27 | Factor out flows into separate configuration messages | Mike Belopuhov |
2017-03-27 | spacing | Reyk Floeter |
2017-03-27 | Fix another iked leak of SAs in pfkey_sa(), copy tags correctly. | Reyk Floeter |
2017-03-27 | Add support to reflect the responder IKEv2 COOKIE. | Reyk Floeter |
2017-03-27 | Add support for RFC4754 (ECDSA) and RFC7427 authentication. | Reyk Floeter |
2017-03-23 | set ps_noaction to not fork uneeded children when checking config with -n | Jonathan Gray |
2017-03-21 | From a syslog perspective it does not make sense to log fatal and | Alexander Bluhm |