| Age | Commit message (Collapse) | Author |
|---|
|
author: angelos
Allow for new versions of SSLeay
author: angelos
Remove evil experimental code, fix off-by-1 buffer allocation.
|
|
|
|
author: angelos
When doing preshared key authentication, if the responder has the
initiator's ID (as is the case in aggressive mode) and a shared key
cannot be found for the initiator's address (as may be the case for a
roaming laptop user), try to find the password under using as a lookup
key the initiator's Phase 1 ID, if it's an IPv4 address, an FQDN
(host.domain), or a User-FQDN (user@host.domain). This allows us to
support roaming laptop users with preshared key authentication, using
aggressive mode (sick).
There is also a lot of experimental, insecure, and ifdef'd out code
for fetching credentials and secret passphrases from a remote server
if all else fails. Extremely experimental code. Don't use. You'll be
blinded and your hair will fall if you even think about using it. You
have been warned.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: ho
Compile without USE_LIBCRYPTO and HAVE_DLOPEN.
author: niklas
Missing dynamic link fixes
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
samples/VPN-west.conf: Merge with EOM 1.7
samples/singlehost-west.conf: Merge with EOM 1.4
samples/singlehost-east.conf: Merge with EOM 1.4
README.PKI: Merge with EOM 1.3
ike_auth.c: Merge with EOM 1.33
isakmpd.conf.5: Merge with EOM 1.28
author: niklas
Moving the PRIVKEY tag into the X509-certificates section, renaming it to
Private-key. Also rename the keynote policy file.
|
|
regress/rsakeygen/rsakeygen.c: Merge with EOM 1.8
regress/x509/Makefile: Merge with EOM 1.6
regress/x509/x509test.c: Merge with EOM 1.6
regress/Makefile: Merge with EOM 1.8
samples/VPN-east.conf: Merge with EOM 1.6
samples/VPN-west.conf: Merge with EOM 1.6
samples/singlehost-east.conf: Merge with EOM 1.3
samples/singlehost-west.conf: Merge with EOM 1.3
sysdep/openbsd/Makefile.sysdep: Merge with EOM 1.5
x509.h: Merge with EOM 1.6
x509.c: Merge with EOM 1.17
DESIGN-NOTES: Merge with EOM 1.46
Makefile: Merge with EOM 1.55
cert.c: Merge with EOM 1.11
cert.h: Merge with EOM 1.6
exchange.c: Merge with EOM 1.109
exchange.h: Merge with EOM 1.26
ike_auth.c: Merge with EOM 1.32
ike_phase_1.c: Merge with EOM 1.7
init.c: Merge with EOM 1.16
isakmpd.conf.5: Merge with EOM 1.27
README.PKI: Merge with EOM 1.1
author: niklas
From Niels Provos, edited by me: certificate support using SSLeay
|
|
author: niklas
indent
|
|
doi.h: Merge with EOM 1.27
ike_auth.c: Merge with EOM 1.30
ike_quick_mode.c: Merge with EOM 1.85
ipsec.c: Merge with EOM 1.107
ipsec.h: Merge with EOM 1.36
isakmp_doi.c: Merge with EOM 1.39
author: niklas
Factor out keyed hashing of all payloads with SKEYID_a, and make DOI hooks
for informational exchanges to add such hashing. Use it from QM and the IKE
authentication module too. Remove some bogus XXX comments. Add error
reporting
|
|
Accept multiple CERT payloads. Some style nits.
Style. alloc error reporting. Math error propagation. Allocate right
sizes.
Memory alloc. error reporting
1999 copyrights
|
|
Only get the destination address when needed
RSA fixes and optimiations from Ilya Tsindlekht, via Niels Provos
|
|
| revision 1.23
| date: 1999/02/25 11:39:02; author: niklas; state: Exp; lines: +3 -1
| include sysdep.h everywhere
| ----------------------------
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by
Ericsson Radio Systems. It is not yet complete or usable in a real scenario
but the missing pieces will soon be there. The early commit is for people
who wants early access and who are not afraid of looking at source.
isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so
far, so it is not that incomplete. It is really mostly configuration that
is lacking.
|
