| Age | Commit message (Collapse) | Author |
|---|
|
features/ec: Merge with EOM 1.2
author: niklas
Correct funders name
|
|
features/x509: Merge with EOM 1.3
author: niklas
add newline at eof
author: niklas
Correct funders name
|
|
author: niklas
Allow isakmpd builders to remove optional parts and save bytes.
|
|
ike_auth.c: Merge with EOM 1.43
ike_phase_1.c: Merge with EOM 1.21
init.c: Merge with EOM 1.24
ipsec.c: Merge with EOM 1.117
isakmpd.c: Merge with EOM 1.44
math_group.c: Merge with EOM 1.22
author: niklas
Copyright 2000
author: niklas
Allow isakmpd builders to remove optional parts and save bytes.
|
|
author: niklas
A new bug
|
|
author: niklas
Copyright 2000
|
|
crypto.c: Merge with EOM 1.27
exchange.c: Merge with EOM 1.115
ike_quick_mode.c: Merge with EOM 1.115
x509.c: Merge with EOM 1.35
features/ec: Merge with EOM 1.1
features/aggressive: Merge with EOM 1.1
features/policy: Merge with EOM 1.1
features/x509: Merge with EOM 1.1
author: niklas
Allow isakmpd builders to remove optional parts and save bytes.
|
|
author: angelos
Bad typo, the check should be inverted. Also, add a NOTIFY message
being sent to the Responder if policy check fails at the initiator
(and print a log message).
|
|
author: ho
style...
author: ho
Think-o. Reword log msg again to match what happens here.
author: ho
(struct constant_map *) is not (char *), plus reword the log msg.
|
|
author: angelos
Rename the "CN:" tag to "DN:", after Jorgen's suggestion.
author: angelos
Add an initiator attribute, and make the code amenable to be invoked
by the initiator as well (for policy compliance checking).
author: angelos
Fix typo, noted by Jorgen.Granstam@abc.se
|
|
author: angelos
Rename the "CN:" tag to "DN:", after Jorgen's suggestion.
|
|
author: angelos
Rename the "CN:" tag to "DN:", after Jorgen's suggestion.
author: angelos
Do a policy check on the Initiator, when notified by the Responder on
the SA selection. For efficiency, we should replicate this check on
the first message sent by the Initiator (so we only send proposals we
know we'll eventually accept).
|
|
author: angelos
Do a policy check on the Initiator, when notified by the Responder on
the SA selection. For efficiency, we should replicate this check on
the first message sent by the Initiator (so we only send proposals we
know we'll eventually accept).
author: angelos
Add an initiator attribute, and make the code amenable to be invoked
by the initiator as well (for policy compliance checking).
|
|
libcrypto.c: Merge with EOM 1.11
libcrypto.h: Merge with EOM 1.11
x509.c: Merge with EOM 1.33
author: angelos
Add Canonical Names as policy targets (so they can be specified in the
Licensees field), with the "CN:..." format.
|
|
author: angelos
Add Canonical Names as policy targets (so they can be specified in the
Licensees field), with the "CN:..." format.
author: angelos
Done.
author: angelos
One missing item left...
author: angelos
More text.
author: angelos
Passphrases are encoded as "passphrase:xxxx" now, to distinguish
between passphrases and logic labels.
author: angelos
Consistent references.
author: angelos
Minor tweak.
|
|
apps/certpatch/certpatch.c: Merge with EOM 1.6
exchange.c: Merge with EOM 1.114
ike_quick_mode.c: Merge with EOM 1.110
ike_phase_1.c: Merge with EOM 1.16
ike_auth.c: Merge with EOM 1.41
ike_aggressive.c: Merge with EOM 1.4
libcrypto.c: Merge with EOM 1.10
libcrypto.h: Merge with EOM 1.10
isakmpd.8: Merge with EOM 1.19
isakmpd.c: Merge with EOM 1.42
ipsec.h: Merge with EOM 1.40
init.c: Merge with EOM 1.22
message.c: Merge with EOM 1.143
message.h: Merge with EOM 1.49
sa.c: Merge with EOM 1.98
sa.h: Merge with EOM 1.54
policy.c: Merge with EOM 1.14
pf_key_v2.c: Merge with EOM 1.36
x509.c: Merge with EOM 1.32
x509.h: Merge with EOM 1.9
udp.c: Merge with EOM 1.46
author: niklas
Angelos copyrights
|
|
samples/VPN-west.conf: Merge with EOM 1.10
samples/singlehost-east.conf: Merge with EOM 1.7
samples/singlehost-west.conf: Merge with EOM 1.7
author: niklas
Remove volume-based lifetimes on phase 1 SAs
|
|
isakmpd.conf.5: Merge with EOM 1.38
message.c: Merge with EOM 1.142
pf_key_v2.c: Merge with EOM 1.35
x509.c: Merge with EOM 1.31
author: niklas
(c) 2000
|
|
libcrypto.h: Merge with EOM 1.9
author: angelos
Make x509_cert_init() able to re-initialize.
author: angelos
Add prototypes for a few more X509 SSL calls.
|
|
author: angelos
Remove empty line.
author: angelos
Change the order of initializing x509 and policy (x509 depends on policy).
|
|
author: angelos
Make x509_cert_init() able to re-initialize.
author: angelos
Reinitialize certificates as well.
|
|
author: angelos
Make x509_cert_init() able to re-initialize.
author: angelos
Fix delegating to a CA.
|
|
author: niklas
style
|
|
author: angelos
Fix part of the problem with X509 certificates (delegating to the CA
isn't working yet, but I know where the problem is -- upcoming commit
later today).
|
|
|
|
|
|
author: niklas
Also check that the exchange to be upgraded is phase 1
|
|
author: niklas
Oops in last commit
author: niklas
Only upgrade exchanges that are still without a responder cookie
|
|
author: angelos
Better logic.
author: angelos
Don't crash if Life is not present...
|
|
author: ho
Bugfix for IPSEC_ID_USER_FQDN from <<Jorgen.Granstam@abc.se>.
Apply similar to the IPSEC_ID_FQDN case plus fix the log messages.
|
|
author: ho
Bugfix. From <Jorgen.Granstam@abc.se>.
|
|
author: niklas
-Wall friendly
|
|
author: niklas
Fix cert ID hashing
|
|
author: niklas
style
author: ho
Lower the common {ADD,DEL}FLOW warnings to log_debug() on OpenBSD.
|
|
author: angelos
Oops on previous PFS-policy patch. Small fixes in the manpages.
|
|
author: angelos
GMTTimeOfDay and LocalTimeOfDay attributes, comment in x509.c.
author: angelos
Include files, in anticipation of the keynote.h changes.
|
|
date: 2000/01/25 13:35:24; author: niklas; state: Exp; lines: +8 -1
Do not assume ingress flows are available
date: 2000/01/25 01:24:38; author: angelos; state: Exp; lines: +40 -1
We also allow the remote gateway to talk to the local subnet and the
local gateway through the SAs setup.
date: 2000/01/25 01:09:20; author: angelos; state: Exp; lines: +2 -2
Don't use REPLACE for ingress flows.
date: 2000/01/24 23:28:39; author: angelos; state: Exp; lines: +30 -28
Delete ACL only for incoming SAs...
date: 2000/01/23 22:56:43; author: angelos; state: Exp; lines: +2 -2
Send SA payload when deleting ingress flow.
date: 2000/01/13 22:54:54; author: angelos; state: Exp; lines: +5 -1
Return on error from ingress flow establishment/deletion.
date: 2000/01/13 22:53:21; author: angelos; state: Exp; lines: +25 -5
Interim ingress flows.
date: 2000/01/13 06:48:27; author: angelos; state: Exp; lines: +37 -12
Establish (and delete) ingress flows.
author: ho
Unbreak.
author: ho
Compile under OpenBSD again.
author: niklas
Ugly KAME support, will be improved
author: angelos
Get rid of the LOCALFLOW flag.
author: ho
log_print -> log_debug for delete_spi: DELETE message. Plus log class typos.
|
|
author: ho
Add Blowfish-main-mode and Blowfish-quick-mode,
including suites, protocols and transforms for them.
Add a policy file default, currently set to /etc/isakmpd/policy.
Also, slightly more verbose comments for the quick mode transforms.
author: ho
Kill volume lifetimes for main mode.
Add AH-SHA tranforms for quick mode, and 3DES-MD5 transform for main mode.
|
|
date: 2000/01/25 02:21:10; author: angelos; state: Exp; lines: +2 -2
Move the policy file location
author: angelos
GMTTimeOfDay and LocalTimeOfDay attributes, comment in x509.c.
author: angelos
Oops on previous PFS-policy patch. Small fixes in the manpages.
author: angelos
Add pfs keynote attribute.
author: angelos
Include files, in anticipation of the keynote.h changes.
|
|
author: niklas
typo
|
|
author: angelos
Manpage support in the Makefiles, mention in README.
author: niklas
Up-to-date
author: niklas
Typo + mail change for ho
|
|
author: ho
Blowfish needs the KEY_LENGTH attribute accepted.
|
|
samples/singlehost-west.conf: Merge with EOM 1.6
samples/VPN-west.conf: Merge with EOM 1.9
samples/VPN-east.conf: Merge with EOM 1.9
author: niklas
Remove deprecated stayalive flags
author: niklas
Correct AH transform attributes
|
|
author: niklas
Be kind to libcrypto DES
|
|
date: 2000/01/25 11:19:34; author: niklas; state: Exp; lines: +3 -3
useable->usable; from openbsd
author: angelos
Oops on previous PFS-policy patch. Small fixes in the manpages.
author: angelos
Default value for policy-file.
|
|
date: 2000/01/10 22:02:00; author: angelos; state: Exp; lines: +2 -2
Fix wrong memcpy()
|
|
|
|
date: 2000/01/25 06:51:20; author: angelos; state: Exp; lines: +2 -3
Unneeded variable.
date: 2000/01/25 06:50:51; author: angelos; state: Exp; lines: +1 -27
Didn't realize there was a sysdep_cleartext() for setting the BYPASS
flags for socket security levels. Remove reduntant setsockopt() code.
date: 2000/01/11 04:47:41; author: angelos; state: Exp; lines: +30 -4
Set IPSEC_LEVEL_BYPASS on all our sockets, so IKE packets don't
accidentally get encrypted.
|
|
date: 2000/01/24 22:55:46; author: angelos; state: Exp; lines: +2 -2
Fix typo.
date: 2000/01/24 16:48:42; author: ho; state: Exp; lines: +12 -2
Log when check_policy() returns failure. (bitten by keynote once too often... sigh)
author: angelos
Typo.
author: angelos
Passphrases are encoded as "passphrase:xxxx" now, to distinguish
between passphrases and logic labels.
author: angelos
Oops on previous PFS-policy patch. Small fixes in the manpages.
author: angelos
Include files, in anticipation of the keynote.h changes.
|
|
author: niklas
Add FreeBSD support
author: angelos
Manpage support in the Makefiles, mention in README.
|
