summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
AgeCommit message (Expand)Author
2014-08-25Sync dh.[ch] from iked. The files are identical, so any change inReyk Floeter
2014-08-25Fix a few fd leaks in isakmpd.Doug Hogan
2014-08-23Fix double free in ike_auth.cdoug
2014-08-22fix memory leak in isakmpddoug
2014-07-11add additional includes required to build with -DOPENSSL_NO_DEPRECATEDJonathan Gray
2014-05-01Correct a test for X509_get_notAfter() failing or returningJonathan Gray
2014-03-11For CA generation, go back to using a two-step procedure to create a CSR andStuart Henderson
2014-03-07If allocation of 'id' fails, don't try to deref it after 'goto fail'.Gerhard Roth
2014-01-23Remove a mid-layer which acts like arc4random isn't fairly standard.Theo de Raadt
2014-01-22regrand can die, from millertTheo de Raadt
2014-01-22improve randomization. remove some junk debugging features that areTheo de Raadt
2013-11-22Whole bunch of (unsigned char) casts carefully added for ctype calls.Theo de Raadt
2013-11-21Keep the flow until last IPsec SA is deleted, if the flow is shared byYASUOKA Masahiko
2013-11-14fix parameter types for x509 routinesTheo de Raadt
2013-11-14Add STANDARDS section to isakmpd(8).Anthony J. Bentley
2013-10-27If a constant string needs a name, use a static const array instead of aPhilip Guenther
2013-09-26Removed a break of a switch-case, which had not been removed in the last commit.Patrick Wildt
2013-07-14"r" logs to syslog; From: Anders BerggrenJason McIntyre
2013-04-24remove old backwards random junkTheo de Raadt
2013-04-16remove casts to time_t * which are not neededTheo de Raadt
2013-04-02Stop assuming time_t is longPhilip Guenther
2013-03-21remove excessive includesTheo de Raadt
2012-12-21remove makefile hacks that are no longer needed with t1 t2: working properlyMarc Espie
2012-10-29backout possible infinit-loop (from rev 1.5) when parsing nat_d;Markus Friedl
2012-09-25lost preposition "in"Otto Moerbeek
2012-08-24ikev2 is described in rfc 5996 now;Jason McIntyre
2012-08-12Use .Lk for HTTP hyperlinks, not .Pa.Ingo Schwarze
2012-07-13Support additional MODP DH groups in the Phase 1 and Phase 2.Mike Belopuhov
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2012-06-04Rounding up a number of bytes in a bignum returned by the BN_num_bytes()Mike Belopuhov
2012-03-24set the vendor string to OpenBSD-5.2; ok mikeb@Markus Friedl
2012-01-16import (and fix) net_addrcmp() from libc as a static function.Eric Faurot
2011-12-12Allow using FQDN as a ID payload type. Some client (eg Windows XP)YASUOKA Masahiko
2011-10-20For NAT-T with transport mode, use the ISAKMP's SA addresses for theYASUOKA Masahiko
2011-09-29ssl.8: Certifying Authority -> Certificate AuthorityJason McIntyre
2011-08-02add refcounting for "Configuration" section for acquire-mode SAsMarkus Friedl
2011-06-23Use a common text explaining how the various configuration parsers usingStuart Henderson
2011-06-15When BN_bn2bin converts a bignum to the binary representationMike Belopuhov
2011-06-06some improvements for the text on packet capture; from Lawrence TeoJason McIntyre
2011-05-13wrong id for UDP_ENCAP_TRANSPORT_DRAFT; ok mikeb@Markus Friedl
2011-04-23Indicate which side of the connection responded during phase 1 while using -v.lum
2011-04-16Allow -v (verbose logging) to work if a -D option is supplied.Stuart Henderson
2011-04-06Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'Miod Vallat
2011-02-03When binding to addresses, ignore any IP address not in the currentPeter Hessler
2010-12-09When looking up an SA based on peer address, also check the portMartin Hedenfal
2010-11-29make key exchange faster by not checking the predefined groups with DH_check()Markus Friedl
2010-10-19convert to fuse cast from the libcrypto. with a simplification nit fromMike Belopuhov
2010-10-18as determined 4 years ago, FortiGate needs DOI of 0 responses to DPDTodd T. Fries
2010-10-15Switch the remaining users of libdes in src to libcrypto,Jonathan Gray
2010-09-22Support for use of AES-GCM-16 (as AESGCM) and ENCR_NULL_AUTH_AES_GMACMike Belopuhov