summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2020-10-22Add missing break.tobhe
2020-10-21Remove SAs from ike_dstid_sas on 'ikectl reset sa' to prevent use after free.tobhe
2020-10-19Handle NO_PROPOSAL_CHOSEN as IKE_AUTH initiator.tobhe
2020-10-09More unused headers.tobhe
2020-10-09Remove unused "wait.h" includes.tobhe
2020-10-06Always allocate hash_keylength() for buffers passed to hash_final() totobhe
2020-10-05Only handle AUTHENTICATION_FAILED for IKE_AUTH and INFORMATIONAL exchanges.tobhe
2020-10-03React to DELETE notifications only in INFORMATIONAL messagestobhe
2020-10-02Send AUTH_FAILED in ikev2_ike_auth_recv() if the message did not containtobhe
2020-10-01Skip DELETE payload responses only after they are validated.tobhe
2020-09-30Don't accept AUTH payloads with invalid auth_method 0.tobhe
2020-09-30Don't accept ID payloads with ID type IKEV2_ID_NONE.tobhe
2020-09-30Don't leak sa->sa_peerauth.id_buf.tobhe
2020-09-29Check ibuf_seek() return value.tobhe
2020-09-26Cleanup msg_eap in ikev2_msg_cleanup().tobhe
2020-09-25Simplify RB_TREE cleanup loops.tobhe
2020-09-24Cleanup logging, print SPIs where it makes sense.tobhe
2020-09-23Add new 'set cert_partial_chain' config option to allow verification oftobhe
2020-09-21Fix reassembly of out-of-order fragments. Always take the nextpld fieldtobhe
2020-09-19Add SHA2_384 and SHA2_512 to default proposals.tobhe
2020-09-18Fix memory leak in 'n->name'.tobhe
2020-09-17Set retransmit timeout for DELETE message on the replaced SA, not ontobhe
2020-09-17Do not send DELETE messages for closing SAs.tobhe
2020-09-17Merge IKEV2_EXCHANGE_CREATE_CHILD_SA and IKEV2_EXCHANGE_INFORMATIONALtobhe
2020-09-16Move all the EAP logic from a single branch in the message parsing code totobhe
2020-09-16Fix EAP authentication if the initiator sends no certificatetobhe
2020-09-09Delete dead code.tobhe
2020-09-08Fix auth method negotiation for IKEV2_CERT_X509_CERT. If a cert matchingtobhe
2020-09-06Drop redundant else for readability.tobhe
2020-09-05Use peer from policy, not from the acquire message.tobhe
2020-09-05Initialize flow_dir and flow_saproto so policy_test() can find the policytobhe
2020-09-04INFORMATIONAL and CREATE_CHILD_SA exchanges cannot be initiated at thetobhe
2020-09-03Log OCSP url on connection failure.tobhe
2020-09-02Add 30s timeout for OCSP requests.tobhe
2020-09-01Log SPIs to make it easier to map OCSP messages to SAs.tobhe
2020-09-01Make OCSP response status logging less verbose.tobhe
2020-08-31Do not register a read/write callback on fd -1 (e.g. if connection failed).tobhe
2020-08-31Both ocsp_req_ctx and ocsp_req must be freed. Don't free ocsp_id as ittobhe
2020-08-31Use SA header (SPIs) to map OCSP connect requests to their respectivetobhe
2020-08-28Rename ikev2_*_sa() functions to make clear they handle Child SAs.tobhe
2020-08-27Make sure to save certificate in the CERTINVALID case to fixtobhe
2020-08-26Allow disabling DPD liveness checks by setting dpd_check_interval to 0.tobhe
2020-08-25Fix undefined symbol.tobhe
2020-08-25Add dpd_check_interval configuration option. If for any IKE SA no IPsectobhe
2020-08-24Reduce the amount of boilerplate code and imsgs for config options bytobhe
2020-08-23Add a new configuration option to limit the number of connections fortobhe
2020-08-23Rename natt_mode to sc_nattmode for consistency.tobhe
2020-08-22Prevent concurrent CREATE_CHILD_SA and INFORMATIONAL exchanges.tobhe
2020-08-21Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid oftobhe
2020-08-20Remove redundant variable.tobhe