| Age | Commit message (Collapse) | Author |
|---|
|
found for policy passphrases.
|
|
|
|
|
|
|
|
rpresented in ASN.1
|
|
|
|
<sakane@kame.net> for pointing out X509_verify_cert_error_string(). :)
|
|
|
|
coding late while half-asleep.
|
|
|
|
|
|
okay deraadt@
|
|
|
|
converted as needed, and the CA certs are irrelevant.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Found with ElectricFence.
|
|
|
|
|
|
debug messages to use these instead. Change a number of 'log_print'
to debug messages to keep the noise down. Use 'log_error' instead of
'log_print' in some cases when we have errno. Some indentation fixes.
(niklas@ ok)
|
|
|
|
generated on the fly.
For the record, this commit done at the beach in Cayman Islands :-)
|
|
|
|
|
|
looking up the certificate via the name. The lookup method already
guarantees a match. It is also a problem to look at the subjectAltName
should we have got the certificate with no such name in it. Prodded by
mickey@ although I solved the problem in a different way.
|
|
|
|
author: ho
Only include <gmp.h> with MP_FLAVOUR_GMP. Sync with OpenBSD.
|
|
|
|
|
|
author: niklas
more fascistoid style
author: angelos
Don't insert the *same* entry in two or more buckets! Thanks to
cedric@wireless-networks.com for reporting/debugging and coming up
with the patch.
author: angelos
Correct format string.
author: angelos
x509_hash() should also skip the cert length (willey@serasystems.com)
author: angelos
Add some error messages (ingham@ara.com)
|
|
|
|
-- willey@serasystems.co
|
|
author: niklas
style
author: angelos
Better ID matching, should solve (some?) of PGPnet interoperability
problems. From mickey@
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: provos
style as pointed out by the code style pedant.
author: ho
Compile without USE_KEYNOTE/USE_POLICY.
|
|
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
|
|
author: niklas
log_fatal is only OK during initialization, also style fixes
|
|
author: ho
Add missing #ifdef USE_X509/#endif
|
|
regress/dh/Makefile: Merge with EOM 1.7
regress/group/Makefile: Merge with EOM 1.9
regress/prf/Makefile: Merge with EOM 1.4
regress/rsakeygen/Makefile: Merge with EOM 1.8
regress/x509/Makefile: Merge with EOM 1.10
Makefile: Merge with EOM 1.62
attribute.c: Merge with EOM 1.10
sa.c: Merge with EOM 1.99
conf.c: Merge with EOM 1.20
crypto.c: Merge with EOM 1.28
isakmpd.c: Merge with EOM 1.45
connection.c: Merge with EOM 1.19
doi.h: Merge with EOM 1.28
field.c: Merge with EOM 1.11
exchange.c: Merge with EOM 1.116
ike_auth.c: Merge with EOM 1.44
pf_key_v2.c: Merge with EOM 1.37
ike_phase_1.c: Merge with EOM 1.22
ipsec.c: Merge with EOM 1.118
isakmp_doi.c: Merge with EOM 1.40
log.c: Merge with EOM 1.26
log.h: Merge with EOM 1.18
math_group.c: Merge with EOM 1.23
message.c: Merge with EOM 1.144
pf_encap.c: Merge with EOM 1.70
policy.c: Merge with EOM 1.18
timer.c: Merge with EOM 1.13
transport.c: Merge with EOM 1.41
udp.c: Merge with EOM 1.47
ui.c: Merge with EOM 1.37
x509.c: Merge with EOM 1.36
author: niklas
Made debug logging a compile time selectable feature
|
|
crypto.c: Merge with EOM 1.27
exchange.c: Merge with EOM 1.115
ike_quick_mode.c: Merge with EOM 1.115
x509.c: Merge with EOM 1.35
features/ec: Merge with EOM 1.1
features/aggressive: Merge with EOM 1.1
features/policy: Merge with EOM 1.1
features/x509: Merge with EOM 1.1
author: niklas
Allow isakmpd builders to remove optional parts and save bytes.
|
|
author: angelos
Rename the "CN:" tag to "DN:", after Jorgen's suggestion.
|
|
libcrypto.c: Merge with EOM 1.11
libcrypto.h: Merge with EOM 1.11
x509.c: Merge with EOM 1.33
author: angelos
Add Canonical Names as policy targets (so they can be specified in the
Licensees field), with the "CN:..." format.
|
|
apps/certpatch/certpatch.c: Merge with EOM 1.6
exchange.c: Merge with EOM 1.114
ike_quick_mode.c: Merge with EOM 1.110
ike_phase_1.c: Merge with EOM 1.16
ike_auth.c: Merge with EOM 1.41
ike_aggressive.c: Merge with EOM 1.4
libcrypto.c: Merge with EOM 1.10
libcrypto.h: Merge with EOM 1.10
isakmpd.8: Merge with EOM 1.19
isakmpd.c: Merge with EOM 1.42
ipsec.h: Merge with EOM 1.40
init.c: Merge with EOM 1.22
message.c: Merge with EOM 1.143
message.h: Merge with EOM 1.49
sa.c: Merge with EOM 1.98
sa.h: Merge with EOM 1.54
policy.c: Merge with EOM 1.14
pf_key_v2.c: Merge with EOM 1.36
x509.c: Merge with EOM 1.32
x509.h: Merge with EOM 1.9
udp.c: Merge with EOM 1.46
author: niklas
Angelos copyrights
|
|
isakmpd.conf.5: Merge with EOM 1.38
message.c: Merge with EOM 1.142
pf_key_v2.c: Merge with EOM 1.35
x509.c: Merge with EOM 1.31
author: niklas
(c) 2000
|
