| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2008-02-06 | Fix possible memory leaks when sending phase 1 IDs. | Moritz Jodeit | |
| From Igor Zinovik <zinovik@cs.karelia.ru> ok hshoexer@ | |||
| 2007-08-05 | Allow key exchange with RSA signature authentication to work with | Tom Cosgrove | |
| Cisco IOS and other initiators that only send their certs in response to CERT_REQUEST. With input and help from cloder@, Stuart Henderson, mpf@, and several others who did lots of testing - thanks to all. ok hshoexer@ | |||
| 2007-05-07 | It was possible for phase 1 negotiation to fail due to lifetime duration | Chad Loder | |
| mismatch without any log message stating so. This diff makes sure that all phase 1 negotiation failures due to proposal attribute mismatch are logged. Also change these messages from LOG_NEGOTIATION debug level 70 to always be logged (not just with debug). General idea OK hshoexer, tested here in production. | |||
| 2007-04-22 | Use conf_free_list() after calling conf_get_list(). | Moritz Jodeit | |
| Otherwise we leak memory. ok ho@ | |||
| 2007-04-16 | There's no point in checking ptr for NULL before doing free(ptr) | Moritz Jodeit | |
| since free(NULL) is just fine. ok hshoexer@ | |||
| 2006-07-02 | Let isakmpd send out a vendor ID announcing isamkpds release version. | Hans-Joerg Hoexer | |
| Will be handy for release specific bug fixes, etc. Suggested by markus@ quite some time ago. ok markus@ | |||
| 2005-07-05 | fix comment | Hans-Joerg Hoexer | |
| 2005-06-25 | Use correct local ID in phase 1 when using IPV[46]_ADDR. | Hans-Joerg Hoexer | |
| Diff from st.sch at gmx.net | |||
| 2005-05-26 | Use TAILQ_FOREACH where possible, remove payload_last() | Hans-Joerg Hoexer | |
| ok markus | |||
| 2005-04-08 | Make deterministic randomness (only ever used for testing) a compile-time | Chad Loder | |
| option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer | |||
| 2005-04-08 | always enable aggressive, dpd, and isakmp_cfg | Theo de Raadt | |
| 2005-04-08 | nat-traversal always | Theo de Raadt | |
| 2005-04-04 | spacing; ok cloder | Theo de Raadt | |
| 2005-01-29 | some knf and space killing, no binary change. | Hans-Joerg Hoexer | |
| 2004-12-14 | Allow the Address, Network, or Netmask values of the <IPsec-ID> to be | Ryan Thomas McBride | |
| specified with an interface name (in which case the first address is used) or the keyword 'default' (in which case the address is selected based on the default route). eg: [roadwarrior-ip] ID-type= IPV4_ADDR Address= default ok ho@ hshoexer@ | |||
| 2004-08-08 | spacing | Theo de Raadt | |
| 2004-07-29 | Repair NAT-T using Aggressive mode, NAT-D checks were in the wrong place. | Hakan Olsson | |
| Noted by Yvan VANHULLEBUS. | |||
| 2004-07-05 | %lu and cast to unsigned long to print a size_t; ok ho | Peter Valchev | |
| 2004-06-23 | Support IPV{4,6}_ADDR_SUBNET IDs in Phase 1, just like the man page | Hakan Olsson | |
| says we do. Noted and tested by alex at vbone.net. Also avoid a potential SEGV here. hshoexer@ok | |||
| 2004-06-20 | Make the payload array in struct message dynamic, since we need to handle | Hakan Olsson | |
| payloads in the private range, such as the pre-RFC NAT-D/NAT-OA. Replace TAILQ_FIRST(&msg->payload[i]) instances with function calls. | |||
| 2004-06-20 | NAT-Traversal for isakmpd. Work in progress... | Hakan Olsson | |
| hshoexer@ ok. | |||
| 2004-06-14 | KNF, style, 80c, etc. hshoexer@ ok | Hakan Olsson | |
| 2004-06-10 | Mark authenticated messages explicitly. Better check for authentication before | Hans-Joerg Hoexer | |
| deleteing SAs. This fix is needed to solve the problems reported by Thomas Walpuski, previous diff was not sufficient. Pointed out by Thomas. Thanks! ok ho@ niklas@, testing and spellcheck by todd@ msf@ | |||
| 2004-06-09 | Style nits. hshoexer@ ok | Hakan Olsson | |
| 2004-06-06 | Style (KNF, 80c). No binary change. | Hakan Olsson | |
| 2004-04-15 | partial move to KNF. More to come. This has happened because there | Theo de Raadt | |
| are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer | |||
| 2004-04-07 | -Wsign-compare nits. hshoexer@ ok. | Hakan Olsson | |
| 2004-02-27 | (C)-2004 | Hakan Olsson | |
| 2004-02-27 | Follow RFC 2408 more closely regarding how to better check the proposal | Hakan Olsson | |
| returned by the other peer (the responder). Some implementations (notably the Cisco PIX) does not follow a SHOULD in section 4.2 of the RFC. With certain proposal combinations this caused us to setup the wrong SA resulting in us being unable to process incoming IPsec traffic (over this tunnel). Tested against a number of different IKE implementations. hshoexer@ ok. | |||
| 2003-12-04 | Typos | Miod Vallat | |
| 2003-10-14 | constant_lookup() to constant_name() cleanup. markus@ ok. | Hakan Olsson | |
| 2003-10-04 | Avoid crash on invalid config file (missing value for LIFE_DURATION). | Chad Loder | |
| OK ho@ | |||
| 2003-08-08 | Be more careful when using constant_lookup() in messages. Pointed out by | Hakan Olsson | |
| Jean-Francois Dive, although I opted for a slightly different patch. | |||
| 2003-06-10 | boring cleanups | Theo de Raadt | |
| 2003-06-04 | Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, Angelos | Hakan Olsson | |
| D. Keromytis and Niels Provos. | |||
| 2003-06-03 | Cleanup. Use 'sizeof variable' instead of magic constants. | Hakan Olsson | |
| 2002-09-11 | signed vs unsigned, some void * arithmetic, from -pedantic. niklas@ ok. | Hakan Olsson | |
| 2002-07-04 | style | Hakan Olsson | |
| 2002-06-06 | Style, and a few additional format/type mods. | Hakan Olsson | |
| 2002-06-01 | size_t must be cast to (unsigned long) and printed using %lu | Theo de Raadt | |
| 2001-10-26 | Just rename sockaddr_data/len functions to sockaddr_addrdata/addrlen. | Hakan Olsson | |
| 2001-07-01 | More Style police, but also sane checking of address | Niklas Hallqvist | |
| family vs stated ID-type. | |||
| 2001-07-01 | Set size correctly for IPv6 Phase 1 IDs. | Angelos D. Keromytis | |
| 2001-06-29 | Change get_src/get_dst API as we get the length with sa_len. | Hakan Olsson | |
| 2001-06-29 | Initial IPv6 support. (niklas@ ok) | Hakan Olsson | |
| 2001-06-05 | Print the correct expected Remote ID value | Angelos D. Keromytis | |
| 2001-06-05 | Don't use log_error() in vain. | Angelos D. Keromytis | |
| 2001-06-05 | Enforce Remote-ID specified in Phase 1 peer section (whether manually | Angelos D. Keromytis | |
| or dynamically specified). | |||
| 2001-03-13 | Add logging classes for Negotiation and Policy, and change a number of | Hakan Olsson | |
| debug messages to use these instead. Change a number of 'log_print' to debug messages to keep the noise down. Use 'log_error' instead of 'log_print' in some cases when we have errno. Some indentation fixes. (niklas@ ok) | |||
| 2001-03-07 | Add KEY_ID support (mostly from roland@digitalvampire.org) | Angelos D. Keromytis | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |