summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2022-07-04Ignore any CERT payload after the first instead of failing the exchangeTobias Heider
2022-07-04Fix error in the comparison of the Child SA nonces to decide whichTobias Heider
2022-05-28Since 'sa' can be freed inside the loop, RB_FOREACH_SAFE is required.Gerhard Roth
2022-05-17Move towards OpenIKED 7.1Tobias Heider
2022-05-08Move ikev2_reset_alive_timer() to a place where it makes more sense. The ideaTobias Heider
2022-04-13IKED_LIFETIME_BYTES is > 2GB, and potentially used in strange place,Theo de Raadt
2022-04-13Document sntrup761x25519 key exchange.Tobias Heider
2022-04-11Fix leak of esnxf if esn ore noesn are configured explicitly.Tobias Heider
2022-03-16Make sure contents of vroute messages are aligned properly.Tobias Heider
2022-03-14Improve retransmission of message fragments. RFC 7383 states that loss ofTobias Heider
2022-02-13SKEEYSEED -> SKEYSEEDmbuhl
2022-02-06remove please from manual pagesJonathan Gray
2022-01-28When it's the possessive of 'it', it's spelled "its", without thePhilip Guenther
2021-12-23fix off by one in bounds testJonathan Gray
2021-12-14Move raw pubkey bytes to EVP_PKEY conversion to common function.Tobias Heider
2021-12-13Fix asprintf() error check. Portable code should check the returnTheo Buehler
2021-12-13Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamicallyTheo Buehler
2021-12-13Avoid a potential double free in group_free()Theo Buehler
2021-12-13Cleanup libcrypto memory management. Remove redundant NULL checksTobias Heider
2021-12-09Properly enable NAT-T without udpencap if mobike was negotiated without NAT.Tobias Heider
2021-12-09Move switch to NAT-T port and udpencap activation to ikev2_enable_natt().Tobias Heider
2021-12-08The /etc/iked/certs/ directory is used for both local and peerTobias Heider
2021-12-07Fix locally stored peer certificates in /etc/iked/certs as documented inTobias Heider
2021-12-06Logging received addresses and DNS configuration only makes sense forTobias Heider
2021-12-04Send out dstid as initiator if configured. This makes it easier forTobias Heider
2021-12-01whitespace cleanup during review readTheo de Raadt
2021-11-30whitespaceTobias Heider
2021-11-29add -V to usage(), and list it before -v in both SYNOPSIS and theJason McIntyre
2021-11-29Add command line option to show the versionTobias Heider
2021-11-29sys/param.h was included for MAX(), MIN() and roundup(). make localTheo de Raadt
2021-11-27Rename msg_id to msg_peerid now that we also have msg_localid.Tobias Heider
2021-11-26A peer sends both his local id and remote id he expects us to be. So far wePatrick Wildt
2021-11-26Fix ikev2_child_sa_rekey() warnings. The SPI can't be printed without aTobias Heider
2021-11-25Remove unused variable fd.Tobias Heider
2021-11-25Silence unitialized variable warnings.Tobias Heider
2021-11-24Unregister event on pfkey socket during pfkey_reply(). Using eventsTobias Heider
2021-11-24Pass env to pfkey API. Consistently call pfkey file descriptor fd.Tobias Heider
2021-11-23Add logging for rekey failures.Tobias Heider
2021-11-22MOBIKE is RFC 4555.Tobias Heider
2021-11-21Add 'ikectl show certinfo' to show trusted CAs and certificates.Tobias Heider
2021-11-20Fix some strdup() leaks in ocsp config option.Tobias Heider
2021-11-19Check stdrup() return value.Tobias Heider
2021-11-18iked: replace a conditional EVP_CIPHER_CTX_cleanup() + free() stanzaTheo Buehler
2021-11-18Check if encoding works in dsa_init(). This avoids calling fatal()Tobias Heider
2021-11-16Zero all copies of pre-shared key.Tobias Heider
2021-11-15styleTobias Heider
2021-11-13The key/nonce disclaimers were copied from ipsec.conf.5 but aren't relevantTobias Heider
2021-11-12Refactor order of checks when handling IKEv2 message fragments.Tobias Heider
2021-11-10Look for INVALID_KE group from IKE_SA_INIT in IKE transforms,Tobias Heider
2021-11-09Use more sensible transforms in example config.Tobias Heider
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-29 22:21:02 +0000