| Age | Commit message (Collapse) | Author |
|---|
|
samples/VPN-east.conf: Merge with EOM 1.12
samples/VPN-west.conf: Merge with EOM 1.13
samples/policy: Merge with EOM 1.6
samples/singlehost-west.conf: Merge with EOM 1.9
samples/singlehost-east.conf: Merge with EOM 1.9
conf.c: Merge with EOM 1.37
ipsec.c: Merge with EOM 1.133
ipsec_num.cst: Merge with EOM 1.4
isakmpd.conf.5: Merge with EOM 1.48
isakmpd.policy.5: Merge with EOM 1.21
policy.c: Merge with EOM 1.46
author: angelos
AES support.
|
|
author: angelos
Use Default entry for Phase 1 configuration if none is found.
|
|
author: niklas
properly ifdef PF_KEY extension
author: angelos
AES support.
|
|
author: niklas
style and < that should be <=
author: angelos
If the initiator does not propose a Phase 2 ID, use the local/peer
addresses as implicit IDs; this was supported on the responder side,
but weirdly enough not on the initiator. Reported by itojun@
author: angelos
Handle 32-bit lifetimes (in generating them).
author: ho
(c)-2000
author: provos
style as pointed out by the code style pedant.
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: angelos
No need to delete SPIs, they'll just expire.
author: provos
style as pointed out by the code style pedant.
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: ho
Read in FEATURES for proper operation
author: angelos
No need for NODEBUG.
author: angelos
Use NODEBUG compile flag, so policy.c doesn't barf.
|
|
author: ho
Nowadays we can use #include <openssl/...> instead of <ssl/...>
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: provos
style as pointed out by the code style pedant.
author: ho
Compile without USE_KEYNOTE/USE_POLICY.
|
|
author: niklas
style
author: niklas
spelling
author: ho
(c)-2000
author: niklas
style
author: provos
fail if exchange can not be created
author: angelos
Invalid payload may be because of passphrase mismatch, so warn about that.
author: provos
reference to freed object, move free down
author: ho
log_debug -> LOG_DBG (USE_DEBUG)
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
gmp_util.c: Merge with EOM 1.7
isakmpd.conf.5: Merge with EOM 1.47
author: ho
(c)-2000
|
|
author: angelos
Unsigned integers for most attributes.
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: ho
Nowadays we can use #include <openssl/...> instead of <ssl/...>
author: angelos
Typo on checking esp lifetimes.
author: angelos
Use the correct protocol from the IDi/IDr.
|
|
author: niklas
Obsolete commentary
|
|
author: itojun
need string.h for netbsd/alpha
|
|
author: ho
Add USE_KEYNOTE if policy feature is active
|
|
author: ho
ipsec_decode_ids is only used with USE_DEBUG
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: ho
Nowadays we can use #include <openssl/...> instead of <ssl/...>
|
|
author: niklas
Remove some spaces
author: niklas
do not crash on empty config files
author: ho
(c)-2000
author: provos
style as pointed out by the code style pedant.
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
author: niklas
Style
author: ho
Nowadays we can use #include <openssl/...> instead of <ssl/...>
|
|
author: niklas
style
author: angelos
Make sure the LIFE_DURATION length is 2 or 4 bytes (we don't handle
anything else, although we could extend it to handle anything up to 8
bytes).
author: provos
dont crash when isakmp sa keystate = 0; happens when encountering high
packet loss.
author: ho
ipsec_decode_ids is only used with USE_DEBUG
author: provos
style as pointed out by the code style pedant.
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
isakmpd.c: Merge with EOM 1.54
|
|
author: niklas
no need for sysdep.h in here. This promotes reuse of the log
module in other environments
author: ho
(c)-2000
|
|
author: ho
pconn variable only used with USE_DEBUG
author: ho
NetBSD wants <sys/socket.h> for AF_INET def.
|
|
author: niklas
style and < that should be <=
author: angelos
Handle 32-bit lifetimes (in generating them).
author: ho
Use log_print() instead of log_error here, no errno here.
|
|
author: niklas
style
author: angelos
No reserved1 field anymore.
author: angelos
Begining of ACQUIRE support.
author: angelos
No need to delete SPIs, they'll just expire.
author: angelos
Only play with flows if we're using the "old" IPsec code (the new
kernel code to be committed).
|
|
author: niklas
style
author: ho
(c)-2000
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
author: provos
remove previous timeout if adding a new one
|
|
author: niklas
missing arg
author: ho
(c)-2000
|
|
author: niklas
Add back an example of empty FEATURES
author: niklas
Well, show how to add -g in different OSes
author: itojun
make -g really work
author: ho
Revert. Features should not depend on other stuff,
it should be the other way around.
author: ho
Ok, make it work this time.
author: ho
Only add 'policy' feature if USE_KEYNOTE is active.
|
|
cert.h: Merge with EOM 1.8
libcrypto.c: Merge with EOM 1.14
policy.h: Merge with EOM 1.12
x509.h: Merge with EOM 1.11
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
|
|
author: niklas
alphabeticize
|
|
|
|
|
|
author: niklas
style
|
|
author: niklas
From OpenBSD: be paranoid about the syslog format parameter
|
|
author: niklas
remove unnecessary include
|
|
author: provos
make a DOI specific decode_ids, but have isakmp doi decode point to
ipsec.
author: provos
introduce ipsec_decode_ids, also decodes FQDN and USER_FQDN now.
new ipsec_clone_id to copy IDs to phase 2 SAs for better status
reports. okay angelos@
author: provos
dont segfault on connection report when id is not set
|
|
author: provos
dont strdup exchange->recv_cert, it is not always a 0 terminated string
for CERTENC_NONE. we need to malloc and memcpy instead. found by
electric fence.
author: provos
provide transport dependent ID decoding; hope indentation is right now ;)
author: ho
ISAKMP peer transport defaults to UDP.
author: provos
make a DOI specific decode_ids, but have isakmp doi decode point to
ipsec.
author: provos
indent
author: provos
introduce ipsec_decode_ids, also decodes FQDN and USER_FQDN now.
new ipsec_clone_id to copy IDs to phase 2 SAs for better status
reports. okay angelos@
|
|
author: angelos
Get the right value.
author: angelos
Add "phase1_group_desc" attribute, and explain the various values.
|
|
author: angelos
Be more careful.
author: angelos
Oops, typo.
author: angelos
Avoid endless loop in INITIAL-CONTACT handling.
author: angelos
Don't delete the ISAKMP SA over which we received an INITIAL-CONTACT
payload.
author: provos
make a DOI specific decode_ids, but have isakmp doi decode point to
ipsec.
author: provos
indent
author: provos
introduce ipsec_decode_ids, also decodes FQDN and USER_FQDN now.
new ipsec_clone_id to copy IDs to phase 2 SAs for better status
reports. okay angelos@
|
|
author: provos
introduce ipsec_decode_ids, also decodes FQDN and USER_FQDN now.
new ipsec_clone_id to copy IDs to phase 2 SAs for better status
reports. okay angelos@
|
|
author: angelos
Add "phase1_group_desc" attribute, and explain the various values.
|
|
author: provos
provide transport dependent ID decoding; hope indentation is right now ;)
author: provos
make a DOI specific decode_ids, but have isakmp doi decode point to
ipsec.
author: provos
introduce ipsec_decode_ids, also decodes FQDN and USER_FQDN now.
new ipsec_clone_id to copy IDs to phase 2 SAs for better status
reports. okay angelos@
|
|
author: ho
Mention 'Default' tag in Phase 1 section, modify peer tag descriptions
to match. Phase 1 peer transport 'udp' is now a default value. The
'Stayalive' flag died long ago, remove it from the example. Also
remove reference to the likewise dead 'Next-hop' tag. Some minor cleanup.
|
|
author: ho
ISAKMP peer transport defaults to UDP.
|
|
transport.h: Merge with EOM 1.16
author: provos
provide transport dependent ID decoding; hope indentation is right now ;)
|
|
author: angelos
Be careful when there's no assertions.
|
|
author: provos
prevent isakmpd crashing when client gives an unknown ID in aggressive mode.
bug report from James Winquist <winquist@mail.cybernet.com>
|
|
author: angelos
Add sa_enter() prototype.
|
|
author: provos
prevent crashing when we receive an encrypted message as response to
our first packet as initiator. James Winquist <winquist@mail.cybernet.com>
|
|
doi.h: Merge with EOM 1.29
author: provos
make a DOI specific decode_ids, but have isakmp doi decode point to
ipsec.
|
