Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
family vs stated ID-type.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
debug messages to use these instead. Change a number of 'log_print'
to debug messages to keep the noise down. Use 'log_error' instead of
'log_print' in some cases when we have errno. Some indentation fixes.
(niklas@ ok)
|
|
|
|
|
|
|
|
|
|
author: niklas
Remove blank line
author: ho
Print warning with log_print, not log_error.
author: ho
Report if doi->get_spi() fails.
|
|
|
|
our address for Local-ID; useful for road-warrior scenarios
(adrian@lion.aba.net.au)
|
|
author: provos
better referencing. okay niklas@
author: angelos
Eliminate bogus freeing of static variable.
|
|
author: niklas
style and < that should be <=
author: angelos
If the initiator does not propose a Phase 2 ID, use the local/peer
addresses as implicit IDs; this was supported on the responder side,
but weirdly enough not on the initiator. Reported by itojun@
author: angelos
Handle 32-bit lifetimes (in generating them).
author: ho
(c)-2000
author: provos
style as pointed out by the code style pedant.
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
author: angelos
Be careful when there's no assertions.
|
|
author: angelos
Be a bit more verbose when printing policy results.
author: angelos
Correct environment cleanup.
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
&&, not ||
author: angelos
Begin support for KeyNote credentials exchanged.
|
|
author: niklas
log_fatal is only OK during initialization
author: ho
Missing #ifdef USE_X509 added
author: ho
typo
author: ho
Add #ifdef USE_X509
|
|
author: angelos
Move the check after we get rid of the unused protos.
author: niklas
Made debug logging a compile time selectable feature
|
|
crypto.c: Merge with EOM 1.27
exchange.c: Merge with EOM 1.115
ike_quick_mode.c: Merge with EOM 1.115
x509.c: Merge with EOM 1.35
features/ec: Merge with EOM 1.1
features/aggressive: Merge with EOM 1.1
features/policy: Merge with EOM 1.1
features/x509: Merge with EOM 1.1
author: niklas
Allow isakmpd builders to remove optional parts and save bytes.
|
|
author: angelos
Bad typo, the check should be inverted. Also, add a NOTIFY message
being sent to the Responder if policy check fails at the initiator
(and print a log message).
|
|
author: angelos
Rename the "CN:" tag to "DN:", after Jorgen's suggestion.
author: angelos
Do a policy check on the Initiator, when notified by the Responder on
the SA selection. For efficiency, we should replicate this check on
the first message sent by the Initiator (so we only send proposals we
know we'll eventually accept).
|
|
libcrypto.c: Merge with EOM 1.11
libcrypto.h: Merge with EOM 1.11
x509.c: Merge with EOM 1.33
author: angelos
Add Canonical Names as policy targets (so they can be specified in the
Licensees field), with the "CN:..." format.
|
|
apps/certpatch/certpatch.c: Merge with EOM 1.6
exchange.c: Merge with EOM 1.114
ike_quick_mode.c: Merge with EOM 1.110
ike_phase_1.c: Merge with EOM 1.16
ike_auth.c: Merge with EOM 1.41
ike_aggressive.c: Merge with EOM 1.4
libcrypto.c: Merge with EOM 1.10
libcrypto.h: Merge with EOM 1.10
isakmpd.8: Merge with EOM 1.19
isakmpd.c: Merge with EOM 1.42
ipsec.h: Merge with EOM 1.40
init.c: Merge with EOM 1.22
message.c: Merge with EOM 1.143
message.h: Merge with EOM 1.49
sa.c: Merge with EOM 1.98
sa.h: Merge with EOM 1.54
policy.c: Merge with EOM 1.14
pf_key_v2.c: Merge with EOM 1.36
x509.c: Merge with EOM 1.32
x509.h: Merge with EOM 1.9
udp.c: Merge with EOM 1.46
author: niklas
Angelos copyrights
|
|
isakmpd.conf.5: Merge with EOM 1.38
message.c: Merge with EOM 1.142
pf_key_v2.c: Merge with EOM 1.35
x509.c: Merge with EOM 1.31
author: niklas
(c) 2000
|
|
author: niklas
style
|
|
author: angelos
Fix part of the problem with X509 certificates (delegating to the CA
isn't working yet, but I know where the problem is -- upcoming commit
later today).
|
|
date: 2000/01/24 22:55:46; author: angelos; state: Exp; lines: +2 -2
Fix typo.
date: 2000/01/24 16:48:42; author: ho; state: Exp; lines: +12 -2
Log when check_policy() returns failure. (bitten by keynote once too often... sigh)
author: angelos
Typo.
author: angelos
Passphrases are encoded as "passphrase:xxxx" now, to distinguish
between passphrases and logic labels.
author: angelos
Oops on previous PFS-policy patch. Small fixes in the manpages.
author: angelos
Include files, in anticipation of the keynote.h changes.
|
|
|
|
author: niklas
AUTHENTICATION_ALGORITHM is a must in AH transforms. Better error reporting.
author: ho
More debugging output.
author: angelos
Remove evil experimental code, fix off-by-1 buffer allocation.
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: ho
We want the exchange name if it's one of our (passive) connections.
author: angelos
Warning about RSA-specific code.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
author: niklas
Fix no ID in QM, when acting as responder, bug
author: niklas
Fix bad size computation in last commit
author: niklas
Make ID-less QM really work. Forgot to allocate space for the
fake ID payloads.
|
|
ike_quick_mode.c: Merge with EOM 1.90
init.c: Merge with EOM 1.15
author: ho
Add keynote policy support (with USE_KEYNOTE). angelos@openbsd.org
|
|
author: ho
Remove early variable initialization.
|
|
author: niklas
Some extra error checking, documentation and style wrt connections
author: niklas
Some more #if 0 stuff for passive connections
author: niklas
Error handling looked over. Some restructuring of ID checks, but still no
coupling to names.
|
|
doi.h: Merge with EOM 1.27
ike_auth.c: Merge with EOM 1.30
ike_quick_mode.c: Merge with EOM 1.85
ipsec.c: Merge with EOM 1.107
ipsec.h: Merge with EOM 1.36
isakmp_doi.c: Merge with EOM 1.39
author: niklas
Factor out keyed hashing of all payloads with SKEYID_a, and make DOI hooks
for informational exchanges to add such hashing. Use it from QM and the IKE
authentication module too. Remove some bogus XXX comments. Add error
reporting
|
|
ike_quick_mode.c: Merge with EOM 1.84
message.h: Merge with EOM 1.46
author: niklas
New message_drop API. Generate real INVALID_COOKIE notification.
Generate informational exchanges in phase 1 too. Really get these
messages to the wire
|
|
author: niklas
Do not hold on to the exchange for post quick mode, it will be there.
|
|
./dh.h: Merge with EOM 1.4
./math_ec2n.c: Merge with EOM 1.8
./crypto.c: Merge with EOM 1.25
./ike_quick_mode.c: Merge with EOM 1.82
./math_group.c: Merge with EOM 1.16
./math_ec2n.h: Merge with EOM 1.4
Style. alloc error reporting. Math error propagation. Allocate right
sizes.
|
|
Too much removed in last commit
Actually save the DH values in inititor mode
Non-PFS case for initiators bailed out wrongly.
|
|
clear pointer when what is pointed to is freed
Fix PFS in initator mode. Improve commentary. Some more error reporting.
GC proto structures if we bail out on a message. Never free twice.
Error handling of group allocation.
Memory alloc. error reporting. Mem leak plugging.
|
|
refcount the exchange when delayed processing is scheduled for QM
1999 copyrights
|
|
Use SA refcounting where needed
|