| Age | Commit message (Expand) | Author |
|---|
| 2017-12-07 | Change the SA payload parser to parse more than the first proposal. This | Patrick Wildt |
| 2017-12-05 | When sending out a proposal we create an SA/SPI for the Child SAs if we | Patrick Wildt |
| 2017-12-04 | Remove duplicate check that never could execute because the exact same | Patrick Wildt |
| 2017-12-04 | Consistently log "malformed payload" instead of "payload malformed", and | Patrick Wildt |
| 2017-12-04 | Remove check that is now a duplicate due to recent refactoring. | Patrick Wildt |
| 2017-12-04 | The payloads are layered like onions, so you can validate one layer and | Patrick Wildt |
| 2017-12-04 | Initialize variable, otherwise the pointer might contain stack garbage. | Patrick Wildt |
| 2017-12-03 | If we wanted to send out more proposals than just one, we need to set a | Patrick Wildt |
| 2017-12-03 | The RFC specifies that to accept a proposal, we must select a transform | Patrick Wildt |
| 2017-12-01 | The RFC specifies that in an SA payload the proposals must be numbered | Patrick Wildt |
| 2017-12-01 | Turns out that, as specified in the RFC, the initial Child SA does not | Patrick Wildt |
| 2017-11-30 | Add support for rejecting IKE SA messages. This means that we can reply | Patrick Wildt |
| 2017-11-29 | Print_host is used mainly in printf style functions. So do not return NULL | Claudio Jeker |
| 2017-11-27 | Implement MOBIKE (RFC 4555) support in iked(8), with us acting as | Patrick Wildt |
| 2017-11-15 | Reset the OCSP URL on config reload. Otherwise we end up not being | Patrick Wildt |
| 2017-11-08 | Do not accept superfluous arguments. | Patrick Wildt |
| 2017-11-08 | For IPcomp we need to load explicit ESP-flows for the IPIP or IPCOMP | Patrick Wildt |
| 2017-10-30 | In the subjectAltName comparison, the bzero before the while-loop was | Patrick Wildt |
| 2017-10-27 | Support multiple subjectAltNames by trying each existing until there | Patrick Wildt |
| 2017-10-27 | In the final RFC 5903 the computation for the DH shared secret changed. | Patrick Wildt |
| 2017-08-28 | fix char ** to const char ** conversion warning; ok mikeb@ | Otto Moerbeek |
| 2017-07-19 | more depends gc / yacc rules overhaul | Marc Espie |
| 2017-07-03 | no need to generate y.tab.h if nothing uses it, set YFLAGS to nothing | Marc Espie |
| 2017-06-01 | Expand $eapid in iked tags, allowing PF rules to be written based on EAP | Stuart Henderson |
| 2017-05-21 | A few more freezero() uses | Theo de Raadt |
| 2017-04-26 | cope with IP address changes. before, we were trying to resend the msg | Henning Brauer |
| 2017-04-24 | Fix configuration of ASN1_DN IDs. | Reyk Floeter |
| 2017-04-18 | use freezero() | Theo de Raadt |
| 2017-04-13 | Add a NAT-T keepalive timer in case we are behind a NAT gateway. | Patrick Wildt |
| 2017-03-30 | Only close the SA if an error happens before ikev2_msg_init() was called | Patrick Wildt |
| 2017-03-28 | Add helpful debug messages to tell us why public key authentication failed. | Reyk Floeter |
| 2017-03-28 | Remove RSA from the list of keywords, lookup is now done in a table. | Reyk Floeter |
| 2017-03-28 | Don't send informational responses before we're having the key material. | Reyk Floeter |
| 2017-03-28 | Returning -1 in an imsg handler like ikev2_dispatch_cert aborts iked. | Reyk Floeter |
| 2017-03-27 | Don't cache the DH group in the policy | Mike Belopuhov |
| 2017-03-27 | correct verb pattern; | Jason McIntyre |
| 2017-03-27 | Factor out flows into separate configuration messages | Mike Belopuhov |
| 2017-03-27 | spacing | Reyk Floeter |
| 2017-03-27 | Fix another iked leak of SAs in pfkey_sa(), copy tags correctly. | Reyk Floeter |
| 2017-03-27 | Add support to reflect the responder IKEv2 COOKIE. | Reyk Floeter |
| 2017-03-27 | Add support for RFC4754 (ECDSA) and RFC7427 authentication. | Reyk Floeter |
| 2017-03-23 | set ps_noaction to not fork uneeded children when checking config with -n | Jonathan Gray |
| 2017-03-21 | From a syslog perspective it does not make sense to log fatal and | Alexander Bluhm |
| 2017-03-13 | Resolve simultaneous Child SA rekeying | Mike Belopuhov |
| 2017-03-13 | Resolve simultaneous IKE SA rekeying | Mike Belopuhov |
| 2017-03-13 | Make sure that proposal contains a DH group when rekeying with PFS enabled | Reyk Floeter |
| 2017-03-13 | NAT-T improvements | Reyk Floeter |
| 2017-03-13 | Don't rekey acquired Child SAs | Mike Belopuhov |
| 2017-03-13 | Clarify iked.conf(5) manpage in regards to IP compression. | Patrick Wildt |
| 2017-03-13 | When setting up IPcomp flows for the networks 'A' and 'B' between | Patrick Wildt |
