| Age | Commit message (Collapse) | Author |
|---|
|
author: provos
better referencing. okay niklas@
author: angelos
Eliminate bogus freeing of static variable.
|
|
author: angelos
Just to be on the safe side, use a struct stat.
author: angelos
Only do the secrecy check and parse the configuration file if it
actually exists.
author: angelos
Actually create all the pre-configured Transforms and Suites, even if
the user doesn't actually define them in the configuration file; ugly
kludge, but it allows use of isakmpd without a configuration file.
author: angelos
Add RIPEMD negotiation/configuration.
|
|
author: angelos
Fix comment.
author: angelos
Add RIPEMD negotiation/configuration.
|
|
author: niklas
correct test for GMP feature
|
|
author: niklas
heh, backspace as a continuation character, yeah right!
author: angelos
Mention Remote-ID tag in ISAKMP-peer section, and also that it doesn't
currently work.
author: angelos
It's "Local-address", not "Listen-address" in the ISAKMP-peer section.
author: angelos
Mention RIPEMD.
|
|
author: angelos
Correct byte-order handling in encode/decode_128, add function prototypes.
|
|
author: niklas
missed some FEATURES-dependencies in the last commit
author: niklas
include crypto headers based on FEATURES
|
|
isakmpd.policy.5: Merge with EOM 1.22
author: angelos
Add RIPEMD negotiation/configuration.
|
|
author: provos
better referencing. okay niklas@
author: niklas
Allow new and old style configuration simultaneously
|
|
author: provos
better referencing. okay niklas@
|
|
author: niklas
ifdef HAVE_GETNAMINFO
author: angelos
That comment doesn't justify an XXX mark :-)
|
|
author: angelos
Add comment on where we could be checking the Remote-ID.
|
|
author: angelos
Correct byte-order handling in encode/decode_128, add function prototypes.
author: angelos
A few more auxiliary routines.
|
|
author: niklas
Add weak aliases for keynote symbols that have not always been there
|
|
author: niklas
conditionalize getnaminfo and add weak keynote syms
author: niklas
Add weak aliases for keynote symbols that have not always been there
|
|
author: niklas
Allow new and old style configuration simultaneously
author: niklas
use snprintf instead of strlcpy since it is more backwards compatible
author: niklas
Provide NI_MAXHOSTS for systems who do not have it
author: niklas
conditionalize getnaminfo and be a style pedant
author: angelos
Fix bounds checking for transforms to include AES (noticed by mickey@)
author: angelos
Add RIPEMD negotiation/configuration.
|
|
author: provos
better referencing. okay niklas@
author: niklas
Name collissions introduced by me, DOH!
author: niklas
Allow new and old style configuration simultaneously
author: niklas
Backward compatibility with old style configuration
author: niklas
remove redundant ifdefs
author: niklas
facistoid style and naming pedantery
author: angelos
Construct the ISAKMP-peer section such that it actually contains the
src/dst Phase 1 IDs (so we don't have to worry about configuration
conflicts). I should update the manpage....
author: angelos
Use local-address, not listen-address.
author: angelos
First cut of ACQUIRE handling, fully functional but not entirely
dynamic (it depends on the pre-defined Transforms and
Suites). Nonetheless, it is possible to use isakmpd without a
configuration file when using certificates for authentication.
author: angelos
Add RIPEMD negotiation/configuration.
|
|
ike_auth.c: Merge with EOM 1.57
author: ho
Add file permission check to private key file. Split out check function to util.c.
|
|
regress/ec2n/Makefile: Merge with EOM 1.9
conf.c: Merge with EOM 1.40
util.c: Merge with EOM 1.17
author: ho
Add file permission check to private key file. Split out check function to util.c.
|
|
author: ho
Revert. Be strict about file mode.
|
|
author: ho
Warn but continue on isakmpd.conf permissions.
|
|
author: provos
increase size of refcnt. okay niklas@
|
|
message.h: Merge with EOM 1.51
transport.c: Merge with EOM 1.43
author: provos
use message_send_expire for timeouts. okay niklas@
|
|
author: niklas
Very ugly, transient fix so isakmpd works in a backward compatible
way, instead of requiring the new undocumented ACQUIRE-based setup
|
|
samples/VPN-east.conf: Merge with EOM 1.12
samples/VPN-west.conf: Merge with EOM 1.13
samples/policy: Merge with EOM 1.6
samples/singlehost-west.conf: Merge with EOM 1.9
samples/singlehost-east.conf: Merge with EOM 1.9
conf.c: Merge with EOM 1.37
ipsec.c: Merge with EOM 1.133
ipsec_num.cst: Merge with EOM 1.4
isakmpd.conf.5: Merge with EOM 1.48
isakmpd.policy.5: Merge with EOM 1.21
policy.c: Merge with EOM 1.46
author: angelos
AES support.
|
|
author: angelos
Use Default entry for Phase 1 configuration if none is found.
|
|
author: niklas
properly ifdef PF_KEY extension
author: angelos
AES support.
|
|
author: niklas
style and < that should be <=
author: angelos
If the initiator does not propose a Phase 2 ID, use the local/peer
addresses as implicit IDs; this was supported on the responder side,
but weirdly enough not on the initiator. Reported by itojun@
author: angelos
Handle 32-bit lifetimes (in generating them).
author: ho
(c)-2000
author: provos
style as pointed out by the code style pedant.
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: angelos
No need to delete SPIs, they'll just expire.
author: provos
style as pointed out by the code style pedant.
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: ho
Read in FEATURES for proper operation
author: angelos
No need for NODEBUG.
author: angelos
Use NODEBUG compile flag, so policy.c doesn't barf.
|
|
author: ho
Nowadays we can use #include <openssl/...> instead of <ssl/...>
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: provos
style as pointed out by the code style pedant.
author: ho
Compile without USE_KEYNOTE/USE_POLICY.
|
|
author: niklas
style
author: niklas
spelling
author: ho
(c)-2000
author: niklas
style
author: provos
fail if exchange can not be created
author: angelos
Invalid payload may be because of passphrase mismatch, so warn about that.
author: provos
reference to freed object, move free down
author: ho
log_debug -> LOG_DBG (USE_DEBUG)
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
gmp_util.c: Merge with EOM 1.7
isakmpd.conf.5: Merge with EOM 1.47
author: ho
(c)-2000
|
|
author: angelos
Unsigned integers for most attributes.
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: ho
Nowadays we can use #include <openssl/...> instead of <ssl/...>
author: angelos
Typo on checking esp lifetimes.
author: angelos
Use the correct protocol from the IDi/IDr.
|
|
author: niklas
Obsolete commentary
|
|
author: itojun
need string.h for netbsd/alpha
|
|
author: ho
Add USE_KEYNOTE if policy feature is active
|
|
author: ho
ipsec_decode_ids is only used with USE_DEBUG
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: ho
Nowadays we can use #include <openssl/...> instead of <ssl/...>
|
|
author: niklas
Remove some spaces
author: niklas
do not crash on empty config files
author: ho
(c)-2000
author: provos
style as pointed out by the code style pedant.
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
author: niklas
Style
author: ho
Nowadays we can use #include <openssl/...> instead of <ssl/...>
|
|
author: niklas
style
author: angelos
Make sure the LIFE_DURATION length is 2 or 4 bytes (we don't handle
anything else, although we could extend it to handle anything up to 8
bytes).
author: provos
dont crash when isakmp sa keystate = 0; happens when encountering high
packet loss.
author: ho
ipsec_decode_ids is only used with USE_DEBUG
author: provos
style as pointed out by the code style pedant.
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
isakmpd.c: Merge with EOM 1.54
|
|
author: niklas
no need for sysdep.h in here. This promotes reuse of the log
module in other environments
author: ho
(c)-2000
|
|
author: ho
pconn variable only used with USE_DEBUG
author: ho
NetBSD wants <sys/socket.h> for AF_INET def.
|
|
author: niklas
style and < that should be <=
author: angelos
Handle 32-bit lifetimes (in generating them).
author: ho
Use log_print() instead of log_error here, no errno here.
|
|
author: niklas
style
author: angelos
No reserved1 field anymore.
author: angelos
Begining of ACQUIRE support.
author: angelos
No need to delete SPIs, they'll just expire.
author: angelos
Only play with flows if we're using the "old" IPsec code (the new
kernel code to be committed).
|
|
author: niklas
style
author: ho
(c)-2000
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
author: provos
remove previous timeout if adding a new one
|
