summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
AgeCommit message (Collapse)Author
2001-06-27Keep track of the ACQUIRE sequence number, and pass it to the kernelAngelos D. Keromytis
along with the ADD message.
2001-06-27IPv6. Also avoid a couple of mem leaks.Hakan Olsson
2001-06-27A few more functions to help with IPv6 support. By Niklas and me.Hakan Olsson
2001-06-25Copyright update.Angelos D. Keromytis
2001-06-25Update copyright dates.Angelos D. Keromytis
2001-06-25Handle responder cookies same as initiator cookies.Hakan Olsson
2001-06-22fix for filesystems where readdir does not return d_type, use stat instead.Niels Provos
okay deraadt@
2001-06-20"hmac-sha", not "sha"Angelos D. Keromytis
2001-06-12more to doNiklas Hallqvist
2001-06-12comment styleNiklas Hallqvist
2001-06-12Link with libcrypto instead of libdesNiklas Hallqvist
2001-06-12Add printing of the ciphertextNiklas Hallqvist
2001-06-12styleNiklas Hallqvist
2001-06-11make #ifdef around x509_generate_kn() consistent.Jun-ichiro itojun Hagino
2001-06-07Print the right port on error message.Angelos D. Keromytis
2001-06-07Actually, using ACQUIRE can cause lowering of security policy levelAngelos D. Keromytis
for outgoing policies -- so, just use USE on the remote.
2001-06-07Ingress flows should be ACQUIRE, not REQUIRE.Angelos D. Keromytis
2001-06-07log_error -> log_printAngelos D. Keromytis
2001-06-07Actually, don't re-insert X509 certs which we acquired from our storeAngelos D. Keromytis
-- just translate them to KeyNote.
2001-06-07No need to allocate/free X509 policy information -- the certs areAngelos D. Keromytis
converted as needed, and the CA certs are irrelevant.
2001-06-07Get rid of useless x509_policy_asserts[]Angelos D. Keromytis
2001-06-07Get rid of the main policy session (unnecessary).Angelos D. Keromytis
2001-06-07Add an X509 cert in the policy session even if it was found in ourAngelos D. Keromytis
local repository.
2001-06-07Correctly initialize the policy_id field on SA structures, such thatAngelos D. Keromytis
failed SAs don't cause the default policy context to be free'ed (and thus cause no end of trouble in establishing further Phase 1 SAs)
2001-06-07Add some log_print()Angelos D. Keromytis
2001-06-06NUL-terminate passphrase.Angelos D. Keromytis
2001-06-05PF_KEY identity extensions are NUL-terminated. Now, also calculateHakan Olsson
the length properly.
2001-06-05Remove BUGS section, as the only bug mentioned there was removedAngelos D. Keromytis
earlier today :-)
2001-06-05Correctly initialize remote ID when using prefix.Angelos D. Keromytis
2001-06-05Print the correct expected Remote ID valueAngelos D. Keromytis
2001-06-05Oops, typo.Angelos D. Keromytis
2001-06-05Use pf_key_v2_convert_id() instead of repeating code for the IDs;Angelos D. Keromytis
log_error() cleanup.
2001-06-05Style.Angelos D. Keromytis
2001-06-05log_error() cleanupAngelos D. Keromytis
2001-06-05Don't use log_error() in vain.Angelos D. Keromytis
2001-06-05Don't use log_error() if it's an internal error.Angelos D. Keromytis
2001-06-05Enforce Remote-ID specified in Phase 1 peer section (whether manuallyAngelos D. Keromytis
or dynamically specified).
2001-06-05SADB_IDENTTYPE_PREFIX support (only for fully-specified hosts), plusAngelos D. Keromytis
punctuation. niklas@ ok
2001-06-05Bad niklas, re-committed redundant code.Angelos D. Keromytis
2001-06-05Style issues and commentaryNiklas Hallqvist
2001-06-05Add back check for found/not found public key to use for verificationAngelos D. Keromytis
(somehow was dropped during the previous commit).
2001-06-05License clarification from David Mazieres, ok deraadt@Peter Valchev
2001-06-05Dynamically allocate conn, as this is given to the exchange; cleanupAngelos D. Keromytis
conf space on failure to establish dynamic SA. ok niklas@
2001-06-05portability; unused function on non-openbsd platformJun-ichiro itojun Hagino
2001-06-05Make our pfkeyv2.h more RFC2367 compliant. Also fix some backwardsNiklas Hallqvist
compatibility problems in isakmpd, at least 2.8 stable can compile current isakmpd now. angelos@ ok
2001-06-05Deal with an unclear license by replacing the file with a PDNiklas Hallqvist
one, which also have a real implementation instead of stubs :-)
2001-05-31If we're passed keys and certs to use, put them in the conf space.Angelos D. Keromytis
Send back keys/certs the peer has sent us during Phase 1.
2001-05-31When trying to find the right certificate/key to use, first check inAngelos D. Keromytis
the conf space, as we may have been passed that information from the kernel. Likewise, store the peer's key and cert so we can send it back to the kernel when we establish the SA.
2001-05-31Store/retrieve the right information in terms of keys.Angelos D. Keromytis
2001-05-31Appropriately release the cert and key fields in the SA structure on free.Angelos D. Keromytis