| Age | Commit message (Collapse) | Author |
|---|
|
author: angelos
When doing preshared key authentication, if the responder has the
initiator's ID (as is the case in aggressive mode) and a shared key
cannot be found for the initiator's address (as may be the case for a
roaming laptop user), try to find the password under using as a lookup
key the initiator's Phase 1 ID, if it's an IPv4 address, an FQDN
(host.domain), or a User-FQDN (user@host.domain). This allows us to
support roaming laptop users with preshared key authentication, using
aggressive mode (sick).
There is also a lot of experimental, insecure, and ifdef'd out code
for fetching credentials and secret passphrases from a remote server
if all else fails. Extremely experimental code. Don't use. You'll be
blinded and your hair will fall if you even think about using it. You
have been warned.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: ho
Compile without USE_LIBCRYPTO and HAVE_DLOPEN.
author: niklas
Missing dynamic link fixes
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: ho
style
author: ho
Don't accidentally overwrite files with the FIFO.
|
|
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: niklas
A working way to add a RCS Id to a keynote policy
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
regress/exchange/def-r.1: Merge with EOM
apps/certpatch/certpatch.c: Merge with EOM 1.2
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
regress/b2n/.cvsignore: Ignore me
regress/crypto/.cvsignore: Ignore me
regress/dh/.cvsignore: Ignore me
regress/ec2n/.cvsignore: Ignore me
regress/exchange/.cvsignore: Ignore me
regress/group/.cvsignore: Ignore me
regress/hmac/.cvsignore: Ignore me
regress/pkcs/.cvsignore: Ignore me
regress/prf/.cvsignore: Ignore me
regress/rsakeygen/.cvsignore: Ignore me
regress/x509/.cvsignore: Ignore me
apps/certpatch/.cvsignore: Ignore me
.cvsignore: Ignore me
|
|
author: angelos
Revert order of handling KE/NONCE and IDs, such that we can use the ID
to lookup for the shared secret...
|
|
author: angelos
Document the ID section/tag for Phase 1 exchanges.
|
|
author: niklas
typo
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
|
|
author: ho
Don't build w/o crypto support
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: ho
Compile without USE_LIBCRYPTO and HAVE_DLOPEN.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
message.c: Merge with EOM 1.135
message.h: Merge with EOM 1.48
sa.c: Merge with EOM 1.97
sa.h: Merge with EOM 1.53
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
author: niklas
EOM RCS Id
author: niklas
New regression test of exchanges, with timed events
=============================================================================
|
|
author: niklas
Fix no ID in QM, when acting as responder, bug
author: niklas
Fix bad size computation in last commit
author: niklas
Make ID-less QM really work. Forgot to allocate space for the
fake ID payloads.
|
|
BUGS: Merge with EOM 1.32
author: niklas
Up-to-date
|
|
author: niklas
typo
|
|
regress/exchange/mm-1-setup.sh: Merge with EOM 1.1
regress/exchange/mm-i-1.t: Merge with EOM 1.1
regress/exchange/mm-r-1.t: Merge with EOM 1.1
author: niklas
New regression test of exchanges, with timed events
=============================================================================
|
|
author: niklas
Fix no ID in QM, when acting as responder, bug
|
|
author: niklas
Moving the PRIVKEY tag into the X509-certificates section, renaming it to
Private-key. Also rename the keynote policy file.
author: niklas
From Niels Provos, edited by me: certificate support using SSLeay
|
|
conf.c: Merge with EOM 1.19
conf.h: Merge with EOM 1.10
ui.c: Merge with EOM 1.34
author: niklas
Dynamic updates of the configuration database is now possible, either through
ui, or through the new conf_* API described in DESIGN-NOTES
|
|
author: niklas
regrand is in util.h now. Use new conf_reinit API at SIGHUP time. Fix
timeout handling in deteerministic mode.
|
|
author: niklas
Fix isakmpd path
|
|
sysdep/openbsd/sysdep.c: Merge with EOM 1.8
cookie.c: Merge with EOM 1.21
util.c: Merge with EOM 1.15
util.h: Merge with EOM 1.7
author: niklas
Move regrand var to util.c, and get the decl from util.h, do not update the
cookie secret if in deterministic mode.
|
|
author: niklas
Add a manpage
|
|
author: niklas
Add a manpage
|
|
author: niklas
1999
|
|
|
|
author: niklas
More sync with OpenBSD version
|
|
author: niklas
Remove obsolete mkdirs
|
|
samples/VPN-west.conf: Merge with EOM 1.7
samples/singlehost-west.conf: Merge with EOM 1.4
samples/singlehost-east.conf: Merge with EOM 1.4
README.PKI: Merge with EOM 1.3
ike_auth.c: Merge with EOM 1.33
isakmpd.conf.5: Merge with EOM 1.28
author: niklas
Moving the PRIVKEY tag into the X509-certificates section, renaming it to
Private-key. Also rename the keynote policy file.
|
|
isakmpd.8: Merge with EOM 1.15
author: niklas
Moving /etc/isakmpd.conf to /etc/isakmpd/isakmpd.conf.
|
|
samples/policy: Merge with EOM 1.1
samples/isakmpd.policy: Merge with EOM 1.2
author: niklas
Moving the PRIVKEY tag into the X509-certificates section, renaming it to
Private-key. Also rename the keynote policy file.
|
|
author: niklas
More stuff to do
|
|
author: niklas
libdes not needed anymore
|
|
author: niklas
RCD Id
|
|
regress/rsakeygen/rsakeygen.c: Merge with EOM 1.8
regress/x509/Makefile: Merge with EOM 1.6
regress/x509/x509test.c: Merge with EOM 1.6
regress/Makefile: Merge with EOM 1.8
samples/VPN-east.conf: Merge with EOM 1.6
samples/VPN-west.conf: Merge with EOM 1.6
samples/singlehost-east.conf: Merge with EOM 1.3
samples/singlehost-west.conf: Merge with EOM 1.3
sysdep/openbsd/Makefile.sysdep: Merge with EOM 1.5
x509.h: Merge with EOM 1.6
x509.c: Merge with EOM 1.17
DESIGN-NOTES: Merge with EOM 1.46
Makefile: Merge with EOM 1.55
cert.c: Merge with EOM 1.11
cert.h: Merge with EOM 1.6
exchange.c: Merge with EOM 1.109
exchange.h: Merge with EOM 1.26
ike_auth.c: Merge with EOM 1.32
ike_phase_1.c: Merge with EOM 1.7
init.c: Merge with EOM 1.16
isakmpd.conf.5: Merge with EOM 1.27
README.PKI: Merge with EOM 1.1
author: niklas
From Niels Provos, edited by me: certificate support using SSLeay
|
|
apps/certpatch/Makefile: Merge with EOM 1.2
apps/Makefile: Merge with EOM 1.2
author: niklas
From Niels Provos, edited by me: certificate support using SSLeay
author: provos
add a tool that takes a certificate and private key in PEM format,
adds a subjectAltName extension to the certifcate and finally signs
it with the private key, writing back the result.
|
|
author: niklas
More stuff
|
|
asn_useful.h: Merge with EOM 1.7
asn.c: Merge with EOM 1.28
asn.h: Merge with EOM 1.19
asn_useful.c: Merge with EOM 1.12
pkcs.c: Merge with EOM 1.21
pkcs.h: Merge with EOM 1.9
author: niklas
From Niels Provos, edited by me: certificate support using SSLeay
|
|
author: niklas
From Niels Provos, edited by me: certificate support using SSLeay
author: ho
Initial.
author: ho
file VPN-3way-template.conf was initially added on branch RELEASE_1_0.
|
|
author: niklas
Bugs found when interoperating with KAME:
Inbound policy was not checked properly. Lifetime duration could be in
long format. Main mode can carry different DH-groups.
|
|
author: niklas
Do not try to establish an encryption key for AH
|
|
math_group.c: Merge with EOM 1.20
author: niklas
Really make group 5 work
|
|
author: ho
Oops.
|
|
* except when it is escaped with a `\' at the end of the line
- fix remaining .Nm usage as well
- this is from a patch I received from kwesterback@home.com, who has been
working on some scripts for fixing formatting errors in mdoc'd man pages
Ok, so there could be a cost/benefit debate with this commit, but since I have
the patch we might as well commit it...
|
|
pf_key_v2.c: Merge with EOM 1.18
author: niklas
Support building on older PF_KEY systems with non-standard-compliant SADB_-
constants.
|
|
|
|
x509.c: Merge with EOM 1.16
author: niklas
Start stab at supporting other IDs than IPV4_ADDR in main mode
|
|
TO-DO: Merge with EOM 1.40
author: niklas
Up-to-date
|
