| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
author: angelos
Allow for new versions of SSLeay
author: angelos
Remove evil experimental code, fix off-by-1 buffer allocation.
|
|
README.PKI: Merge with EOM 1.7
author: niklas
OpenSSL 0.9.4 support
|
|
author: angelos
Fix typo
author: angelos
fqdn and ufqdn types
|
|
author: niklas
actually tv_sec is long, so use %ld
|
|
author: niklas
Typo fix from alex@openbsd.org
author: angelos
Allow "Life" to be ANY
author: angelos
Allow "ANY" in some fields
|
|
author: niklas
OpenSSL 0.9.4 support
author: angelos
blah
author: angelos
Oopsie...correction by Bob Beck on my previous patch.
author: angelos
lc_PEM_read_bio_RSAPrivateKey should be defined with the correct
number of arguments, depending on the SSLeay/OpenSSL version.
|
|
author: niklas
teardown could do more
author: ho
Even more bugs
author: ho
One more
author: ho
typo
author: ho
More bugs
|
|
isakmpd.c: Merge with EOM 1.38
author: angelos
Allow "-DA=xx" to mean "set all debug classes to level xx"
|
|
author: niklas
OpenSSL 0.9.4 support
author: angelos
blah
|
|
author: angelos
blah
author: angelos
fqdn and ufqdn types
|
|
author: niklas
OpenSSL 0.9.4 support
author: angelos
blah
author: angelos
Add handling of X509v3_RFC_NAME and X509v3_DNS_NAME as subjaltnames
|
|
author: niklas
Better error reporting.
|
|
author: niklas
Do not consider down interfaces or ones with bad addresses
|
|
author: ho
add some more debugging info
author: angelos
Allow "Life" to be ANY
author: angelos
Allow "ANY" in some fields
|
|
author: niklas
AUTHENTICATION_ALGORITHM is a must in AH transforms. Better error reporting.
author: ho
More debugging output.
author: angelos
Remove evil experimental code, fix off-by-1 buffer allocation.
|
|
|
|
|
|
|
|
author: niklas
Check that ISAKMP-peer's are phase 1
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
author: niklas
Recognize systems without dlopen(3). Enable keynote.
author: angelos
I shouldn't turn KeyNote on by default for everyone -- that's someone
else's decision (although we should, as soon as I've tested the X509
case).
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: niklas
Hmm, make compile in an ugly way. Dependencies that seem to be backwards.
author: ho
Don't build w/o crypto support
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
|
|
author: niklas
Ouch ho, that was ugly, make code portable
|
|
author: niklas
up-to-date
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: niklas
more style
author: niklas
isakmpd style
author: angelos
Hopefully better wording of variables.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
regress/x509/x509test.c: Merge with EOM 1.7
DESIGN-NOTES: Merge with EOM 1.48
README.PKI: Merge with EOM 1.6
TO-DO: Merge with EOM 1.44
cert.c: Merge with EOM 1.12
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: ho
We want the exchange name if it's one of our (passive) connections.
author: angelos
Warning about RSA-specific code.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
author: angelos
When doing preshared key authentication, if the responder has the
initiator's ID (as is the case in aggressive mode) and a shared key
cannot be found for the initiator's address (as may be the case for a
roaming laptop user), try to find the password under using as a lookup
key the initiator's Phase 1 ID, if it's an IPv4 address, an FQDN
(host.domain), or a User-FQDN (user@host.domain). This allows us to
support roaming laptop users with preshared key authentication, using
aggressive mode (sick).
There is also a lot of experimental, insecure, and ifdef'd out code
for fetching credentials and secret passphrases from a remote server
if all else fails. Extremely experimental code. Don't use. You'll be
blinded and your hair will fall if you even think about using it. You
have been warned.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: ho
Compile without USE_LIBCRYPTO and HAVE_DLOPEN.
author: niklas
Missing dynamic link fixes
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: ho
style
author: ho
Don't accidentally overwrite files with the FIFO.
|
|
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: niklas
A working way to add a RCS Id to a keynote policy
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
regress/exchange/def-r.1: Merge with EOM
apps/certpatch/certpatch.c: Merge with EOM 1.2
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
regress/b2n/.cvsignore: Ignore me
regress/crypto/.cvsignore: Ignore me
regress/dh/.cvsignore: Ignore me
regress/ec2n/.cvsignore: Ignore me
regress/exchange/.cvsignore: Ignore me
regress/group/.cvsignore: Ignore me
regress/hmac/.cvsignore: Ignore me
regress/pkcs/.cvsignore: Ignore me
regress/prf/.cvsignore: Ignore me
regress/rsakeygen/.cvsignore: Ignore me
regress/x509/.cvsignore: Ignore me
apps/certpatch/.cvsignore: Ignore me
.cvsignore: Ignore me
|
|
author: angelos
Revert order of handling KE/NONCE and IDs, such that we can use the ID
to lookup for the shared secret...
|
|
author: angelos
Document the ID section/tag for Phase 1 exchanges.
|
|
author: niklas
typo
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
|
|
author: ho
Don't build w/o crypto support
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: ho
Compile without USE_LIBCRYPTO and HAVE_DLOPEN.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
message.c: Merge with EOM 1.135
message.h: Merge with EOM 1.48
sa.c: Merge with EOM 1.97
sa.h: Merge with EOM 1.53
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
author: niklas
EOM RCS Id
author: niklas
New regression test of exchanges, with timed events
=============================================================================
|
|
author: niklas
Fix no ID in QM, when acting as responder, bug
author: niklas
Fix bad size computation in last commit
author: niklas
Make ID-less QM really work. Forgot to allocate space for the
fake ID payloads.
|
