summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/exchange.h
AgeCommit message (Collapse)Author
2000-06-08cert.h: Merge with EOM 1.7Niklas Hallqvist
exchange.h: Merge with EOM 1.27 x509.h: Merge with EOM 1.10 author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol.
1999-07-17regress/rsakeygen/Makefile: Merge with EOM 1.4Niklas Hallqvist
regress/rsakeygen/rsakeygen.c: Merge with EOM 1.8 regress/x509/Makefile: Merge with EOM 1.6 regress/x509/x509test.c: Merge with EOM 1.6 regress/Makefile: Merge with EOM 1.8 samples/VPN-east.conf: Merge with EOM 1.6 samples/VPN-west.conf: Merge with EOM 1.6 samples/singlehost-east.conf: Merge with EOM 1.3 samples/singlehost-west.conf: Merge with EOM 1.3 sysdep/openbsd/Makefile.sysdep: Merge with EOM 1.5 x509.h: Merge with EOM 1.6 x509.c: Merge with EOM 1.17 DESIGN-NOTES: Merge with EOM 1.46 Makefile: Merge with EOM 1.55 cert.c: Merge with EOM 1.11 cert.h: Merge with EOM 1.6 exchange.c: Merge with EOM 1.109 exchange.h: Merge with EOM 1.26 ike_auth.c: Merge with EOM 1.32 ike_phase_1.c: Merge with EOM 1.7 init.c: Merge with EOM 1.16 isakmpd.conf.5: Merge with EOM 1.27 README.PKI: Merge with EOM 1.1 author: niklas From Niels Provos, edited by me: certificate support using SSLeay
1999-07-07exchange.h: Merge with EOM 1.25Niklas Hallqvist
ike_quick_mode.c: Merge with EOM 1.90 init.c: Merge with EOM 1.15 author: ho Add keynote policy support (with USE_KEYNOTE). angelos@openbsd.org
1999-04-30Merge with EOM 1.24Niklas Hallqvist
author: niklas Keep track of messages in the send queue from the exchange point of view.
1999-04-27Merge with EOM 1.23Niklas Hallqvist
author: niklas Simplify exchange life logic some. Some style too.
1999-04-19./exchange.h: Merge with EOM 1.22Niklas Hallqvist
Simplify the checks of existing exchanges by moving it into exchange_establish. This means we need to change the finalize API. Try to make PF_ENCAP support handle multiple connections to a single security gateway.
1999-04-05Merge with EOM 1.21Niklas Hallqvist
New finalize API so we can call it when failing too, so we do not leak resources. Plug memory leaks in general. More memory allocation error reporting.
1999-04-02Merge with EOM 1.20Niklas Hallqvist
refcounting on exchanges
1999-03-31Merge with EOM 1.19Niklas Hallqvist
Do not overwrite the last-sent-message of phase 1 with last-sent dittos of phase2. Add some debugging. Make exchange finalization accept added hooks to run. Try to protect better against multiple equal exchanges getting started concurrently. Set the SA names from the exchange name up early. Change "Attributes" to "Flags" to not be mistaken for ISAKMP attributes. Let phase 2 exchanges take finalization functions too.
1999-02-26Merge from the Ericsson repositoryNiklas Hallqvist
| revision 1.18 | date: 1999/02/06 14:57:52; author: niklas; state: Exp; lines: +2 -1 | Export exchange_lookup_by_name | ----------------------------
1998-12-21Last months worth of work on isakmpd, lots doneNiklas Hallqvist
1998-11-17Add RCS Ids from the EOM repositoryNiklas Hallqvist
1998-11-15openBSD RCS IDsNiklas Hallqvist
1998-11-15Initial import of isakmpd, an IKE (ISAKMP/Oakley) implementation for theNiklas Hallqvist
OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by Ericsson Radio Systems. It is not yet complete or usable in a real scenario but the missing pieces will soon be there. The early commit is for people who wants early access and who are not afraid of looking at source. isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so far, so it is not that incomplete. It is really mostly configuration that is lacking.