summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2021-12-23fix off by one in bounds testJonathan Gray
2021-12-14Move raw pubkey bytes to EVP_PKEY conversion to common function.Tobias Heider
2021-12-13Fix asprintf() error check. Portable code should check the returnTheo Buehler
2021-12-13Fix a few leaks due to X509_NAME_oneline(name, NULL, 0) dynamicallyTheo Buehler
2021-12-13Avoid a potential double free in group_free()Theo Buehler
2021-12-13Cleanup libcrypto memory management. Remove redundant NULL checksTobias Heider
2021-12-09Properly enable NAT-T without udpencap if mobike was negotiated without NAT.Tobias Heider
2021-12-09Move switch to NAT-T port and udpencap activation to ikev2_enable_natt().Tobias Heider
2021-12-08The /etc/iked/certs/ directory is used for both local and peerTobias Heider
2021-12-07Fix locally stored peer certificates in /etc/iked/certs as documented inTobias Heider
2021-12-06Logging received addresses and DNS configuration only makes sense forTobias Heider
2021-12-04Send out dstid as initiator if configured. This makes it easier forTobias Heider
2021-12-01whitespace cleanup during review readTheo de Raadt
2021-11-30whitespaceTobias Heider
2021-11-29add -V to usage(), and list it before -v in both SYNOPSIS and theJason McIntyre
2021-11-29Add command line option to show the versionTobias Heider
2021-11-29sys/param.h was included for MAX(), MIN() and roundup(). make localTheo de Raadt
2021-11-27Rename msg_id to msg_peerid now that we also have msg_localid.Tobias Heider
2021-11-26A peer sends both his local id and remote id he expects us to be. So far wePatrick Wildt
2021-11-26Fix ikev2_child_sa_rekey() warnings. The SPI can't be printed without aTobias Heider
2021-11-25Remove unused variable fd.Tobias Heider
2021-11-25Silence unitialized variable warnings.Tobias Heider
2021-11-24Unregister event on pfkey socket during pfkey_reply(). Using eventsTobias Heider
2021-11-24Pass env to pfkey API. Consistently call pfkey file descriptor fd.Tobias Heider
2021-11-23Add logging for rekey failures.Tobias Heider
2021-11-22MOBIKE is RFC 4555.Tobias Heider
2021-11-21Add 'ikectl show certinfo' to show trusted CAs and certificates.Tobias Heider
2021-11-20Fix some strdup() leaks in ocsp config option.Tobias Heider
2021-11-19Check stdrup() return value.Tobias Heider
2021-11-18iked: replace a conditional EVP_CIPHER_CTX_cleanup() + free() stanzaTheo Buehler
2021-11-18Check if encoding works in dsa_init(). This avoids calling fatal()Tobias Heider
2021-11-16Zero all copies of pre-shared key.Tobias Heider
2021-11-15styleTobias Heider
2021-11-13The key/nonce disclaimers were copied from ipsec.conf.5 but aren't relevantTobias Heider
2021-11-12Refactor order of checks when handling IKEv2 message fragments.Tobias Heider
2021-11-10Look for INVALID_KE group from IKE_SA_INIT in IKE transforms,Tobias Heider
2021-11-09Use more sensible transforms in example config.Tobias Heider
2021-11-05Clarify iface option.Tobias Heider
2021-11-04Clarify "aes" will accept keys which length is in 128:256 bits. AlsoYASUOKA Masahiko
2021-10-26Make proto config option accept a list to allow specifying multipleTobias Heider
2021-10-15Don't declare variables as "unsigned char *" that are passed toChristian Weisgerber
2021-10-12Change responder to prefer DH group from KE payload.Tobias Heider
2021-10-12Make sure all copies of MSCHAPv2 passphrase are zeroed after use.Tobias Heider
2021-09-18upon length check or other failure, explicit_bzero an object, because it mayTheo de Raadt
2021-09-18freezero() instead of free(), because the object may contain a passwordTheo de Raadt
2021-09-07Fix leak of msg_cert.id_buf. ikev2_msg_cleanup() frees id_buf if weTobias Heider
2021-09-07Fix leak of m if message initialization fails.Tobias Heider
2021-09-06Fix leaks in vroute addr and route caches.Tobias Heider
2021-09-02styleTobias Heider
2021-09-01Add client side support for DNS configuration. Use RTM_PROPOSAL_STATICTobias Heider
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-03 13:26:22 +0000