src - OpenBSD base system

Age	Commit message (Collapse)	Author
2011-12-12	Allow using FQDN as a ID payload type. Some client (eg Windows XP)	YASUOKA Masahiko
	uses the FQDN type in NAT-T with transport mode. ok markus
2011-04-23	Indicate which side of the connection responded during phase 1 while using -v.	lum
	ok sthen@ markus@
2010-06-29	Replace the hand-crafted Diffie-Hellman implementation in isakmpd with	Reyk Floeter
	the smaller implementation from iked that is using libcrypto instead. This allows to remove a lot of code (which is always good), get rid of some custom crypto code by using libcrypto, theoretically adds support for many new MODP and EC2N/ECP modes (but it is not configurable yet), and allows to share the dh.c/dh.h code in different codebases (it is identical in isakmpd and iked, but could also be used elsewhere). ok deraadt@
2010-03-04	don't crash on invalid phase 2 IDs; from hshoexer; ok sthen@	Markus Friedl

2009-11-13	fix a few memory leaks found by parfait; ok hshoexer	Theo de Raadt

2008-11-11	Use rfc2409 conform notification message when client identities are	Hans-Joerg Hoexer
	not valid during phase 2. From Dirk Mast <condor2k at googlemail dot com>, thanks! ok markus@
2007-08-15	Remove a superflous debug fprintf.	Hans-Joerg Hoexer

2007-04-16	There's no point in checking ptr for NULL before doing free(ptr)	Moritz Jodeit
	since free(NULL) is just fine. ok hshoexer@
2006-06-10	Allow isakmpd to use a different private rsa key per isakmp ID. Hans wrote ↵	Mathieu Sauve-Frankel
	this a long time ago, I synced it to -current and tested. ok hshoexer@
2006-06-02	Big spelling cleanup, no binary change. From david@	Hans-Joerg Hoexer

2005-11-14	use snprintf; ok cloder. also looked at by a few other people	Theo de Raadt

2005-05-26	Use TAILQ_FOREACH where possible, remove payload_last()	Hans-Joerg Hoexer
	ok markus
2005-04-08	Make deterministic randomness (only ever used for testing) a compile-time	Chad Loder
	option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer
2005-04-08	keynote and policy always compiled in	Theo de Raadt

2005-04-06	knf, ok cloder	Theo de Raadt

2005-04-05	Always compile X509 support. Almost everyone uses it. Makes the code	Chad Loder
	much easier to read and to maintain. OK and testing by hshoexer@, more testing by me
2005-04-04	spacing; ok cloder	Theo de Raadt

2005-03-22	Do not leak keynote session in error path.	Hans-Joerg Hoexer
	ok cloder@
2005-03-05	No need to use a local hashsize. hshoexer@ ok.	Hakan Olsson

2005-02-10	ignore_policy should be ifdef USE_POLICY. hshoexer@ ok	Hakan Olsson

2004-09-17	Missing #ifdefs.	Hakan Olsson

2004-08-14	When using -K (keynote disabled), check peers' proposal against isakmpd.conf.	Hans-Joerg Hoexer
	ok ho@ henning@
2004-08-08	spacing	Theo de Raadt

2004-06-25	Keynote policy checking can now be disabled by "-K" switch and config tag	Hans-Joerg Hoexer
	"Use-Keynote". Default is to use keynote. ok henning@ ho@
2004-06-20	Make the payload array in struct message dynamic, since we need to handle	Hakan Olsson
	payloads in the private range, such as the pre-RFC NAT-D/NAT-OA. Replace TAILQ_FIRST(&msg->payload[i]) instances with function calls.
2004-06-15	also use MSG_AUTHENTICATED flag.	Hans-Joerg Hoexer
	ok ho@
2004-06-14	KNF, style, 80c, etc. hshoexer@ ok	Hakan Olsson

2004-06-10	Mark authenticated messages explicitly. Better check for authentication before	Hans-Joerg Hoexer
	deleteing SAs. This fix is needed to solve the problems reported by Thomas Walpuski, previous diff was not sufficient. Pointed out by Thomas. Thanks! ok ho@ niklas@, testing and spellcheck by todd@ msf@
2004-06-09	Style nits. hshoexer@ ok	Hakan Olsson

2004-04-28	remove unused variable and shorten names of two other. Removed some spaces	Hans-Joerg Hoexer
	while around. ok ho@ markus@
2004-04-15	partial move to KNF. More to come. This has happened because there	Theo de Raadt
	are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
2004-04-07	-Wsign-compare nits. hshoexer@ ok.	Hakan Olsson

2004-02-27	(C)-2004	Hakan Olsson

2004-02-27	Follow RFC 2408 more closely regarding how to better check the proposal	Hakan Olsson
	returned by the other peer (the responder). Some implementations (notably the Cisco PIX) does not follow a SHOULD in section 4.2 of the RFC. With certain proposal combinations this caused us to setup the wrong SA resulting in us being unable to process incoming IPsec traffic (over this tunnel). Tested against a number of different IKE implementations. hshoexer@ ok.
2004-02-20	More small adjustments of log messages.	Hans-Joerg Hoexer

2004-02-20	Fix some double free errors. While around, adjust a log message.	Hans-Joerg Hoexer
	ok ho@
2004-01-16	Added -v option. Enables logging of successful exchange completion.	Hans-Joerg Hoexer
	ok ho@
2003-06-10	boring cleanups	Theo de Raadt

2003-06-04	Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, Angelos	Hakan Olsson
	D. Keromytis and Niels Provos.
2003-06-03	Cleanup. Use 'sizeof variable' instead of magic constants.	Hakan Olsson

2002-09-11	signed vs unsigned, some void * arithmetic, from -pedantic. niklas@ ok.	Hakan Olsson

2002-06-14	Recognize the ECN_TUNNEL attribute.	Hakan Olsson

2002-06-11	Various IPComp-related mods	Hakan Olsson

2002-06-10	Zap a few remaining libkeynote refs.	Hakan Olsson

2002-06-10	The dlopen() stuff goes away.	Hakan Olsson

2002-06-07	Avoid some gcc3 warnings. From David Krause <openbsd@davidkrause.com>	Hakan Olsson

2002-06-06	Style, and a few additional format/type mods.	Hakan Olsson

2002-06-01	size_t must be cast to (unsigned long) and printed using %lu	Theo de Raadt

2002-03-06	Unbreak MD5 and SHA1 passphrases in policy check. From	Hakan Olsson
	<chris@stallion.oz.au>.
2002-01-23	the last few sprintf -> snprintf	Hakan Olsson