summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2021-11-29Add command line option to show the versionTobias Heider
2021-11-29sys/param.h was included for MAX(), MIN() and roundup(). make localTheo de Raadt
2021-11-27Rename msg_id to msg_peerid now that we also have msg_localid.Tobias Heider
2021-11-26A peer sends both his local id and remote id he expects us to be. So far wePatrick Wildt
2021-11-26Fix ikev2_child_sa_rekey() warnings. The SPI can't be printed without aTobias Heider
2021-11-25Remove unused variable fd.Tobias Heider
2021-11-25Silence unitialized variable warnings.Tobias Heider
2021-11-24Unregister event on pfkey socket during pfkey_reply(). Using eventsTobias Heider
2021-11-24Pass env to pfkey API. Consistently call pfkey file descriptor fd.Tobias Heider
2021-11-23Add logging for rekey failures.Tobias Heider
2021-11-22MOBIKE is RFC 4555.Tobias Heider
2021-11-21Add 'ikectl show certinfo' to show trusted CAs and certificates.Tobias Heider
2021-11-20Fix some strdup() leaks in ocsp config option.Tobias Heider
2021-11-19Check stdrup() return value.Tobias Heider
2021-11-18iked: replace a conditional EVP_CIPHER_CTX_cleanup() + free() stanzaTheo Buehler
2021-11-18Check if encoding works in dsa_init(). This avoids calling fatal()Tobias Heider
2021-11-16Zero all copies of pre-shared key.Tobias Heider
2021-11-15styleTobias Heider
2021-11-13The key/nonce disclaimers were copied from ipsec.conf.5 but aren't relevantTobias Heider
2021-11-12Refactor order of checks when handling IKEv2 message fragments.Tobias Heider
2021-11-10Look for INVALID_KE group from IKE_SA_INIT in IKE transforms,Tobias Heider
2021-11-09Use more sensible transforms in example config.Tobias Heider
2021-11-05Clarify iface option.Tobias Heider
2021-11-04Clarify "aes" will accept keys which length is in 128:256 bits. AlsoYASUOKA Masahiko
2021-10-26Make proto config option accept a list to allow specifying multipleTobias Heider
2021-10-15Don't declare variables as "unsigned char *" that are passed toChristian Weisgerber
2021-10-12Change responder to prefer DH group from KE payload.Tobias Heider
2021-10-12Make sure all copies of MSCHAPv2 passphrase are zeroed after use.Tobias Heider
2021-09-18upon length check or other failure, explicit_bzero an object, because it mayTheo de Raadt
2021-09-18freezero() instead of free(), because the object may contain a passwordTheo de Raadt
2021-09-07Fix leak of msg_cert.id_buf. ikev2_msg_cleanup() frees id_buf if weTobias Heider
2021-09-07Fix leak of m if message initialization fails.Tobias Heider
2021-09-06Fix leaks in vroute addr and route caches.Tobias Heider
2021-09-02styleTobias Heider
2021-09-01Add client side support for DNS configuration. Use RTM_PROPOSAL_STATICTobias Heider
2021-08-03Increase default data bytes limit for Child SAs to 4 GB.tobhe
2021-06-29Send AUTHENTICATION_FAILED in case of unexpected auth method or authtobhe
2021-06-23Use print_host() to log destination, netmask and gateway. Add prettytobhe
2021-06-23Factor out vroute_addr().tobhe
2021-06-17Skip flows in ikev2_cp_addr() if they don't contain a dynamic (0.0.0.0)tobhe
2021-06-11Revert previous change in ikev2_cp_fixaddr().tobhe
2021-06-01Remember flow routes in addition to host routes and deletetobhe
2021-05-31Don't fail hard in ikev2_cp_fixaddr() if no address pool is found.tobhe
2021-05-31Prevent address underflow with /32 config address prefix.tobhe
2021-05-28Add experimental post-quantum hybrid key exchange methodtobhe
2021-05-17Avoid calling ibuf_add() with NULL and zero length.tobhe
2021-05-13Refactor iked process shutdown and cleanup. Remember configuredtobhe
2021-05-13Use field independent version of {get,set}_affine_coordinates.Theo Buehler
2021-04-20Move TAILQ initialization to files where they are used.dv
2021-04-11Document 'request' option to request additional configuration payloads.tobhe
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 05:11:21 +0000