summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/x509.h
AgeCommit message (Collapse)Author
2007-08-05Allow key exchange with RSA signature authentication to work withTom Cosgrove
Cisco IOS and other initiators that only send their certs in response to CERT_REQUEST. With input and help from cloder@, Stuart Henderson, mpf@, and several others who did lots of testing - thanks to all. ok hshoexer@
2004-05-23More KNF. Mainly spaces and line-wraps, no binary change.Hans-Joerg Hoexer
ok ho@
2004-04-15partial move to KNF. More to come. This has happened because thereTheo de Raadt
are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
2003-11-06Style nits.Hakan Olsson
2003-06-04Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, AngelosHakan Olsson
D. Keromytis and Niels Provos.
2002-08-07A rewrite of the CRL support code, also from <Thomas.Walpuski@gmx.net>.Hakan Olsson
Some style mods, and checks added for OpenSSL version 0.9.7 or later. Currently CRLs are not supported for earlier versions. Manual pages updated.
2002-08-02CRL support for isakmpd. From <Thomas.Walpuski@gmx.net> with some minorHakan Olsson
modifications by me. ok niklas@.
2002-06-09rm trailing whitespaceTodd T. Fries
2001-11-03Add stub for struct X509_STOREHakan Olsson
2001-08-25Add x509_DN_string API to get a printable DN component given oneNiklas Hallqvist
rpresented in ASN.1
2001-06-07Get rid of the main policy session (unnecessary).Angelos D. Keromytis
2001-05-31New routines for handling X509 cert representation.Angelos D. Keromytis
2001-01-27(c) 2001Niklas Hallqvist
2001-01-26There is no need to check the subjectAltName anymore, since we are in factNiklas Hallqvist
looking up the certificate via the name. The lookup method already guarantees a match. It is also a problem to look at the subjectAltName should we have got the certificate with no such name in it. Prodded by mickey@ although I solved the problem in a different way.
2000-10-07cert.c: Merge with EOM 1.18Niklas Hallqvist
cert.h: Merge with EOM 1.8 libcrypto.c: Merge with EOM 1.14 policy.h: Merge with EOM 1.12 x509.h: Merge with EOM 1.11 author: niklas Multiple subject name matching, makes certificate interop with PGPnet at least partly working. Added some error checking.
2000-06-08cert.h: Merge with EOM 1.7Niklas Hallqvist
exchange.h: Merge with EOM 1.27 x509.h: Merge with EOM 1.10 author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol.
2000-02-01apps/certpatch/certpatch.8: Merge with EOM 1.4Niklas Hallqvist
apps/certpatch/certpatch.c: Merge with EOM 1.6 exchange.c: Merge with EOM 1.114 ike_quick_mode.c: Merge with EOM 1.110 ike_phase_1.c: Merge with EOM 1.16 ike_auth.c: Merge with EOM 1.41 ike_aggressive.c: Merge with EOM 1.4 libcrypto.c: Merge with EOM 1.10 libcrypto.h: Merge with EOM 1.10 isakmpd.8: Merge with EOM 1.19 isakmpd.c: Merge with EOM 1.42 ipsec.h: Merge with EOM 1.40 init.c: Merge with EOM 1.22 message.c: Merge with EOM 1.143 message.h: Merge with EOM 1.49 sa.c: Merge with EOM 1.98 sa.h: Merge with EOM 1.54 policy.c: Merge with EOM 1.14 pf_key_v2.c: Merge with EOM 1.36 x509.c: Merge with EOM 1.32 x509.h: Merge with EOM 1.9 udp.c: Merge with EOM 1.46 author: niklas Angelos copyrights
1999-08-26Merge with EOM 1.8Niklas Hallqvist
author: angelos Complete policy work; tested for the shared-key case. Documentation needed. author: niklas Add support for dynamic loading of optional facilities, libcrypto first.
1999-07-17regress/rsakeygen/Makefile: Merge with EOM 1.4Niklas Hallqvist
regress/rsakeygen/rsakeygen.c: Merge with EOM 1.8 regress/x509/Makefile: Merge with EOM 1.6 regress/x509/x509test.c: Merge with EOM 1.6 regress/Makefile: Merge with EOM 1.8 samples/VPN-east.conf: Merge with EOM 1.6 samples/VPN-west.conf: Merge with EOM 1.6 samples/singlehost-east.conf: Merge with EOM 1.3 samples/singlehost-west.conf: Merge with EOM 1.3 sysdep/openbsd/Makefile.sysdep: Merge with EOM 1.5 x509.h: Merge with EOM 1.6 x509.c: Merge with EOM 1.17 DESIGN-NOTES: Merge with EOM 1.46 Makefile: Merge with EOM 1.55 cert.c: Merge with EOM 1.11 cert.h: Merge with EOM 1.6 exchange.c: Merge with EOM 1.109 exchange.h: Merge with EOM 1.26 ike_auth.c: Merge with EOM 1.32 ike_phase_1.c: Merge with EOM 1.7 init.c: Merge with EOM 1.16 isakmpd.conf.5: Merge with EOM 1.27 README.PKI: Merge with EOM 1.1 author: niklas From Niels Provos, edited by me: certificate support using SSLeay
1998-11-17Add RCS Ids from the EOM repositoryNiklas Hallqvist
1998-11-15openBSD RCS IDsNiklas Hallqvist
1998-11-15Initial import of isakmpd, an IKE (ISAKMP/Oakley) implementation for theNiklas Hallqvist
OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by Ericsson Radio Systems. It is not yet complete or usable in a real scenario but the missing pieces will soon be there. The early commit is for people who wants early access and who are not afraid of looking at source. isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so far, so it is not that incomplete. It is really mostly configuration that is lacking.
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-15 09:20:14 +0000