Age | Commit message (Expand) | Author |
2015-01-12 | Don't forget about protocol specification when configuring flows. | Mike Belopuhov |
2015-01-02 | PFS stands for Perfect Forward Secrecy. | Igor Sobrado |
2014-12-16 | Replace setpgrp(0, getpid()) with setpgid(0, 0). OK deraadt@ tedu@ | Todd C. Miller |
2014-12-05 | Store return value of i2d_X509_NAME in a signed integer to make | Mike Belopuhov |
2014-12-05 | Specify correct number of iovecs when sending replies to the ikev2 proc | Mike Belopuhov |
2014-12-03 | Init SPI using arc4random_buf, rather than (r << 32) | r | Theo de Raadt |
2014-11-20 | Don't allow embedded nul characters in strings. | Jonathan Gray |
2014-11-20 | remove nt and lanman functions which aren't used. ok reyk yasuoka | Ted Unangst |
2014-11-14 | Add gcc printf format attributes to iked's parse.y and remove unused | Doug Hogan |
2014-11-10 | tweak previous; ok mikeb | Jason McIntyre |
2014-11-10 | copy pubkey section from isakmpd(8); ok reyk | Mike Belopuhov |
2014-11-07 | Fixup a few problems with EAP state transition | Mike Belopuhov |
2014-11-07 | Run eap_parse on the actual message and only when the length is right | Mike Belopuhov |
2014-11-07 | Repair initiator with PSK auth | Mike Belopuhov |
2014-10-29 | convert simple cases of select() to poll() | Theo de Raadt |
2014-10-25 | Remove unnecessary netinet/in_systm.h include. | Lawrence Teo |
2014-10-18 | Simple malloc() to reallocarray() conversion to potentially avoid integer | Doug Hogan |
2014-10-12 | DH_compute_key() returns -1 on error but this was not | Jonathan Gray |
2014-10-08 | trivial use of reallocarray() | Theo de Raadt |
2014-08-27 | Add support for Curve25519 using the public domain code that is found | Reyk Floeter |
2014-08-25 | Add support for DH groups 27-30 using the Brainpool curves which have | Reyk Floeter |
2014-08-25 | Delete secret or secret-derived data with explicit_bzero. | Doug Hogan |
2014-08-18 | Sync proc.c with httpd. httpd needs SIGUSR1 but iked will ignore it | Reyk Floeter |
2014-08-05 | Fix an example, nat-to requires to specify the "out" direction in pf rules. | Reyk Floeter |
2014-07-12 | Sync msgbuf_write() changes from relayd. | Reyk Floeter |
2014-07-10 | add additional includes required to build with -DOPENSSL_NO_DEPRECATED | Jonathan Gray |
2014-07-09 | expire IPcomp SAs too; ok mikeb (some time ago) | Markus Friedl |
2014-06-03 | Handle the event parameter of libevent callback function as a bit | YASUOKA Masahiko |
2014-05-13 | pass SA initiator not the exchange initator to sa_address(); ok mikeb@ | Markus Friedl |
2014-05-09 | get rid of redundant {csa,flow}_{src,dst}id pointers, so we don't need | Markus Friedl |
2014-05-09 | replace iked_transform pointer with xform id, since target of pointer | Markus Friedl |
2014-05-08 | match iked proc.c infrastructure with proc.c | Bret Lambert |
2014-05-07 | try postponed requests first, so we do in-order processing; ok mikeb@ | Markus Friedl |
2014-05-07 | print msgid for debugging; ok reyk & mikeb | Markus Friedl |
2014-05-07 | make authentication work with X509 certificates that don't have a | Markus Friedl |
2014-05-07 | factor out ikev2_ike_auth() (state machine; used multiple times via callbacks) | Markus Friedl |
2014-05-06 | change the create-child-sa responder code, so it does not store any | Markus Friedl |
2014-05-06 | zap stray word; ok markus | Jason McIntyre |
2014-05-06 | Explicitly zero out the ibufs before releasing the memory to make sure | Reyk Floeter |
2014-05-06 | initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkey | Markus Friedl |
2014-05-06 | cleanup IKE-SA tree handling (fixes repeated-insert & double-remove) | Markus Friedl |
2014-05-06 | don't sa_free() in the receive path (prevents use-after-free); ok mikeb@ | Markus Friedl |
2014-05-06 | send the delete with the locally allocated SPI in ikev2_init_create_child_sa() | Markus Friedl |
2014-05-06 | make sure some notify payloads are encrypted; ok mikeb@ | Markus Friedl |
2014-05-06 | initial support for PFS; ok reyk@ | Markus Friedl |
2014-05-06 | retire IKED_REQ_DELETE and fix delete parsing; ok reyk@ | Markus Friedl |
2014-05-06 | no need to include rand.h now the RAND_seed() calls are gone. | Jonathan Gray |
2014-05-05 | ca_x509_serialize: don't leak the bio buffer; ok reyk@ | Markus Friedl |
2014-05-05 | make the ca_pubkey_serialize() code similar to the private key code, and | Markus Friedl |
2014-05-05 | pfkey is unreliable, so add a select-timeout before MSG_PEEK; | Markus Friedl |