Age | Commit message (Collapse) | Author |
|
exchange.h: Merge with EOM 1.27
x509.h: Merge with EOM 1.10
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
|
|
regress/rsakeygen/rsakeygen.c: Merge with EOM 1.8
regress/x509/Makefile: Merge with EOM 1.6
regress/x509/x509test.c: Merge with EOM 1.6
regress/Makefile: Merge with EOM 1.8
samples/VPN-east.conf: Merge with EOM 1.6
samples/VPN-west.conf: Merge with EOM 1.6
samples/singlehost-east.conf: Merge with EOM 1.3
samples/singlehost-west.conf: Merge with EOM 1.3
sysdep/openbsd/Makefile.sysdep: Merge with EOM 1.5
x509.h: Merge with EOM 1.6
x509.c: Merge with EOM 1.17
DESIGN-NOTES: Merge with EOM 1.46
Makefile: Merge with EOM 1.55
cert.c: Merge with EOM 1.11
cert.h: Merge with EOM 1.6
exchange.c: Merge with EOM 1.109
exchange.h: Merge with EOM 1.26
ike_auth.c: Merge with EOM 1.32
ike_phase_1.c: Merge with EOM 1.7
init.c: Merge with EOM 1.16
isakmpd.conf.5: Merge with EOM 1.27
README.PKI: Merge with EOM 1.1
author: niklas
From Niels Provos, edited by me: certificate support using SSLeay
|
|
ike_quick_mode.c: Merge with EOM 1.90
init.c: Merge with EOM 1.15
author: ho
Add keynote policy support (with USE_KEYNOTE). angelos@openbsd.org
|
|
author: niklas
Keep track of messages in the send queue from the exchange point of view.
|
|
author: niklas
Simplify exchange life logic some. Some style too.
|
|
Simplify the checks of existing exchanges by moving it into
exchange_establish. This means we need to change the finalize API.
Try to make PF_ENCAP support handle multiple connections to a single
security gateway.
|
|
New finalize API so we can call it when failing too, so we do not leak
resources. Plug memory leaks in general. More memory allocation error
reporting.
|
|
refcounting on exchanges
|
|
Do not overwrite the last-sent-message of phase 1 with last-sent dittos
of phase2. Add some debugging. Make exchange finalization accept added
hooks to run. Try to protect better against multiple equal exchanges
getting started concurrently. Set the SA names from the exchange name up
early. Change "Attributes" to "Flags" to not be mistaken for ISAKMP
attributes. Let phase 2 exchanges take finalization functions too.
|
|
| revision 1.18
| date: 1999/02/06 14:57:52; author: niklas; state: Exp; lines: +2 -1
| Export exchange_lookup_by_name
| ----------------------------
|
|
|
|
|
|
|
|
OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by
Ericsson Radio Systems. It is not yet complete or usable in a real scenario
but the missing pieces will soon be there. The early commit is for people
who wants early access and who are not afraid of looking at source.
isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so
far, so it is not that incomplete. It is really mostly configuration that
is lacking.
|