| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SAs), from bdallen@nps.navy.mil
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
failed SAs don't cause the default policy context to be free'ed (and
thus cause no end of trouble in establishing further Phase 1 SAs)
|
|
|
|
discovered to have rebooted, and old now invalid SAs had to be garbage-
collected.
|
|
|
|
|
|
by newsham@lava.net)
|
|
|
|
|
|
|
|
(newsham@lava.net)
|
|
author: niklas
style
author: angelos
Don't limit Phase 1 SA establishment -- while this does limit resource
consumption, it's neither foolproof nor entirely correct (it
introduces some synchronization problems).
|
|
author: provos
better referencing. okay niklas@
author: niklas
Allow new and old style configuration simultaneously
|
|
author: niklas
remove unnecessary include
|
|
author: provos
provide transport dependent ID decoding; hope indentation is right now ;)
author: provos
make a DOI specific decode_ids, but have isakmp doi decode point to
ipsec.
author: provos
introduce ipsec_decode_ids, also decodes FQDN and USER_FQDN now.
new ipsec_clone_id to copy IDs to phase 2 SAs for better status
reports. okay angelos@
|
|
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
Cleanup.
|
|
author: provos
fix arguments in debug message for sa_setup_expirations
|
|
gmp_util.c: Merge with EOM 1.5
gmp_util.h: Merge with EOM 1.3
math_mp.h: Merge with EOM 1.2
sa.c: Merge with EOM 1.101
ui.c: Merge with EOM 1.40
author: niklas
(c) 2000
|
|
isakmpd.c: Merge with EOM 1.46
sa.c: Merge with EOM 1.100
ui.c: Merge with EOM 1.39
author: niklas
error message style
|
|
regress/dh/Makefile: Merge with EOM 1.7
regress/group/Makefile: Merge with EOM 1.9
regress/prf/Makefile: Merge with EOM 1.4
regress/rsakeygen/Makefile: Merge with EOM 1.8
regress/x509/Makefile: Merge with EOM 1.10
Makefile: Merge with EOM 1.62
attribute.c: Merge with EOM 1.10
sa.c: Merge with EOM 1.99
conf.c: Merge with EOM 1.20
crypto.c: Merge with EOM 1.28
isakmpd.c: Merge with EOM 1.45
connection.c: Merge with EOM 1.19
doi.h: Merge with EOM 1.28
field.c: Merge with EOM 1.11
exchange.c: Merge with EOM 1.116
ike_auth.c: Merge with EOM 1.44
pf_key_v2.c: Merge with EOM 1.37
ike_phase_1.c: Merge with EOM 1.22
ipsec.c: Merge with EOM 1.118
isakmp_doi.c: Merge with EOM 1.40
log.c: Merge with EOM 1.26
log.h: Merge with EOM 1.18
math_group.c: Merge with EOM 1.23
message.c: Merge with EOM 1.144
pf_encap.c: Merge with EOM 1.70
policy.c: Merge with EOM 1.18
timer.c: Merge with EOM 1.13
transport.c: Merge with EOM 1.41
udp.c: Merge with EOM 1.47
ui.c: Merge with EOM 1.37
x509.c: Merge with EOM 1.36
author: niklas
Made debug logging a compile time selectable feature
|
|
apps/certpatch/certpatch.c: Merge with EOM 1.6
exchange.c: Merge with EOM 1.114
ike_quick_mode.c: Merge with EOM 1.110
ike_phase_1.c: Merge with EOM 1.16
ike_auth.c: Merge with EOM 1.41
ike_aggressive.c: Merge with EOM 1.4
libcrypto.c: Merge with EOM 1.10
libcrypto.h: Merge with EOM 1.10
isakmpd.8: Merge with EOM 1.19
isakmpd.c: Merge with EOM 1.42
ipsec.h: Merge with EOM 1.40
init.c: Merge with EOM 1.22
message.c: Merge with EOM 1.143
message.h: Merge with EOM 1.49
sa.c: Merge with EOM 1.98
sa.h: Merge with EOM 1.54
policy.c: Merge with EOM 1.14
pf_key_v2.c: Merge with EOM 1.36
x509.c: Merge with EOM 1.32
x509.h: Merge with EOM 1.9
udp.c: Merge with EOM 1.46
author: niklas
Angelos copyrights
|
|
message.c: Merge with EOM 1.135
message.h: Merge with EOM 1.48
sa.c: Merge with EOM 1.97
sa.h: Merge with EOM 1.53
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
author: ho
We no longer use flag "Stayalive"
|
|
author: niklas
Some extra error checking, documentation and style wrt connections
author: ho
New flag
author: niklas
SA expiration randomization is really only good on the soft timeout, early
hard expires may break more if we have a situation where our peer only
wants to act as initiator, and trusts the negotiated lifetime.
|
|
author: ho
seconds should have initial value
|
|
author: niklas
Do not decrease SA lifetime if we cannot act as initiator
|
|
sa.c: Merge with EOM 1.90
message.c: Merge with EOM 1.131
message.h: Merge with EOM 1.47
author: niklas
Send DELETE payloads in informational exchanges
|
|
author: niklas
Do not put multiple expirations on a single SA
|
|
sa.h: Merge with EOM 1.51
author: niklas
Handle leftover payloads, esp INITIAL CONTACT notifications.
Factor out SA expiration setting. Add commentary.
author: ho
Keep track of trailing retransmissions by keeping exchanges around longer.
Removed references to sa->last_sent_in_setup, use last_sent and
last_received in exchange instead. Free setup exchanges by expiration only.
author: ho
Backout last change. (Go with exchange directly instead of sa->msg)
author: ho
Handle phase 2 late retransmissions.
|
