summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2014-04-14Fix the following idiom in the following way:Bret Lambert
2014-04-10Add validation routines to ikev2_pld.c: For each payload type overallReyk Floeter
2014-03-12don't leak an ibuf for each expired SA; ok mikeb@Markus Friedl
2014-03-12unbreak config-address w/o pool; ok mikeb@Markus Friedl
2014-02-26don't policy_ref an activate policy (policy_ref/unref are assymetrical),Markus Friedl
2014-02-21support rekeying for IPCOMP; ok mikeb@Markus Friedl
2014-02-18check the error from ikev2_cp_setaddrMarkus Friedl
2014-02-17interpret 'config address net/prefix' as a pool of addresses andMarkus Friedl
2014-02-17basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"'Markus Friedl
2014-02-17Fix compiler warnings in the format strings: use %zd for ssize_t andReyk Floeter
2014-02-14remove unused function that distracts from cleaning up the imsg_flush() messSebastian Benoit
2014-02-14initial support for IPCompMarkus Friedl
2014-02-12make sure to set the msg_responded flag on the original message; ok mikeb@Markus Friedl
2014-01-24re-lookup the policy as soon as we have the ID of the peer (destid)Markus Friedl
2014-01-24enable format-string checks for log_*(); ok mikebMarkus Friedl
2014-01-24make sure sa_lookup() can actually find SAs; ok mikebMarkus Friedl
2014-01-24don't leak prv RSA key for each signature; ok mikebMarkus Friedl
2014-01-24use a bit saner timer apiMike Belopuhov
2014-01-22implement DPD similar to isakmpd, but only send DPD-messages 'on-demand'Markus Friedl
2014-01-22relax the cfg file secrecy check slightly to allow group readabilityHenning Brauer
2014-01-18Remove -Wbounded: it is now the compiler default.Martynas Venckus
2013-12-09distingush between sa_msgid not set and 0; otherwise we startMarkus Friedl
2013-12-04Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup.Mike Belopuhov
2013-12-03never cast to sockaddr_storage, always cast to the abstract 'class' sockaddrMarkus Friedl
2013-11-28mark replaced flows as 'not loaded'; this can happen if bothMarkus Friedl
2013-11-28don't leak duplicate flows; ok mikeb@Markus Friedl
2013-11-28drop duplicate requestsMarkus Friedl
2013-11-28document sa_msgid & sa_reqid; ok mikeb@Markus Friedl
2013-11-28sa_lookup: don't compare with sh_rspi if rspi is not setMarkus Friedl
2013-11-28sa_new(): discard & free duplicate IKESAs; ok mibek@Markus Friedl
2013-11-28include hexdump in debug output only for -vvv; ok mikeb@Markus Friedl
2013-11-28support raw pubkey authentication w/o x509 certificates;Markus Friedl
2013-11-25use u_char for buffers in yylex, for ctype callsSebastian Benoit
2013-11-22Whole bunch of (unsigned char) casts carefully added for ctype calls.Theo de Raadt
2013-11-21Make the bit string u_char * in print_bits(). In practice weTodd C. Miller
2013-11-15Cope with the EAGAIN API change for msgbuf_write()Mike Belopuhov
2013-11-14ignore messages for other daemons, like isakmpd does; ok mikebMarkus Friedl
2013-11-14setup pfkey timer before use; ok mikebMarkus Friedl
2013-11-14pass caller to ca_sslerror for better error messages; ok mikebMarkus Friedl
2013-11-14verify EC points; from hshoexer; ok mikebMarkus Friedl
2013-11-14not need to specify OBJDIR; ok mikebMarkus Friedl
2013-11-01altq -> new queue in examplesHenning Brauer
2013-10-24no need for netinet/ip_var.h (and friends)Theo de Raadt
2013-09-26After some manipulations with the buffer, ike message header (hdr)Mike Belopuhov
2013-07-16Add missing .Mt macros for AUTHORS email addresses.Ingo Schwarze
2013-06-29do not use Sx for sections outwith the page;Jason McIntyre
2013-06-13Add support for protected-subnet config types.Reyk Floeter
2013-05-22Move the gmac/null ciphers to a different table block, clearly labelled asStuart Henderson
2013-03-30Sync with latest IKEv2 Parameters from IANA. No functional change.Reyk Floeter
2013-03-21remove excessive includesTheo de Raadt