src - OpenBSD base system

Age	Commit message (Collapse)	Author
2007-04-16	There's no point in checking ptr for NULL before doing free(ptr)	Moritz Jodeit
	since free(NULL) is just fine. ok hshoexer@
2007-04-15	Fix interop-issue with vpn peers that start reyking on port 4500 when	Hans-Joerg Hoexer
	NAT-T is used. Solves problems with cisco and openswan. Tested by todd@ (cisco interop), ok ho@ Original fix with Stefan Roth (stefan dot roth at siemens dot com), thanks!
2007-04-08	Fix lint comments. s/Fall through/FALLTHROUGH/.	Moritz Jodeit
	ok hshoexer@
2007-04-08	o Kill another strerror() from a call to log_error(),	Moritz Jodeit
	which already adds the errno string. o Avoid closing fd, if it's -1. o Don't replace illegal pathes with /dev/null in m_priv_local_sanitize_path(). All callers skip it anyways, in the failure case. ok hshoexer@
2007-04-02	Don't append the errno string in a log_error() call,	Moritz Jodeit
	since it will be automatically be appended. ok hshoexer@
2007-04-02	When setting all signals to their default handlers, start	Moritz Jodeit
	with signal 1, since there's no signal 0. ok hshoexer@
2007-04-02	Don't let -r fall through to the next case block,	Moritz Jodeit
	if INSECURE_RAND is defined. ok hshoexer@
2007-03-26	typo in initial RCS tag ($OpenBSD: -> $OpenBSD$)	Pedro Martelletto

2007-03-18	Fix usage of predefined lifetimes. "Default-phase-[12]-lifetime"	Hans-Joerg Hoexer
	just specifies the values to be used. However, the specifications are called "LIFE_MAIN_MODE" and "LIFE_QUICK_MODE". ok ho@ jmc@
2007-03-05	Set pointer to NULL after freeing it, so callers of	Moritz Jodeit
	key_from_printable() are not fooled into using it afterwards. OK hshoexer@
2007-03-03	There may be more than one item in the subjectAltName (cropping up	Tom Cosgrove
	with CACert certificates) so don't require the reported length to be exactly equal to the length of the data, but accept it if it's <= the length of the data (i.e. we just use the first alt name). The purpose of the check is to make sure we don't try to read beyond the data we actually have. ok cloder@ hshoexer@
2007-03-03	keynote_cert_obtain should not leak in case of error. OK moritz@	Chad Loder

2007-03-03	Make sure we can't accidentally free() a pointer that's been accepted	Tom Cosgrove
	by message_add_payload(), since we are no longer responsible for it. ok cloder@ hshoexer@ moritz@
2007-03-01	improve the description of -a. specifically, make it clear that	Jason McIntyre
	ipsec.conf users do not want to run isakmpd -a unless they are messing with manual flows; closes documentation/5399, from sthen original diff and feedback from sthen ok hshoexer
2007-02-22	Add a comment that explains, why the VID of draft 2 NAT-T includes	Hans-Joerg Hoexer
	a traling '\n'. suggested by and ok deraadt@, jmc@
2007-02-19	tweak;	Jason McIntyre

2007-02-19	Document NULL encryption.	Hans-Joerg Hoexer

2007-02-19	isakmpd bits for ESP+NULL encryption. This is useful, when AH can	Hans-Joerg Hoexer
	not be used (when being behind NAT). With Martin Hedenfalk <martin.hedenfalk at gmail.com>, thanks!
2006-12-05	plug memleak, noticed by jesus@mxtelecom.com	Hans-Joerg Hoexer
	ok moritz@, tested by jesus@mxtelecom.com (thanks!)
2006-12-05	some carp/sasyncd bits from msf and myself;	Jason McIntyre
	ok mpf
2006-12-05	Don't leak message structures, when we see unsupported payloads	Moritz Jodeit
	or if the payload node allocation fails. Also adjust a comment to make it more clear, who's responsible for freeing the message structs. Input from cloder@. OK hshoexer@
2006-11-30	new ui command 'rmv': removes an entry from a list, thus reversing an	Markus Friedl
	'add' operation; ok ho, hshoexer, jmc eVS: ----------------------------------------------------------------------
2006-11-29	no need to document generation of local.key 3 times;	Jason McIntyre
	spotted by mcbride, ok hshoexer;
2006-11-29	zap trailing spaces;	Jason McIntyre

2006-11-29	Document the new location of local.pub, and clarify the fact that local.key	Ryan Thomas McBride
	contains the entire keypair. ok deraadt jmc
2006-11-28	do not re-add existing entries; ok hshoexer	Markus Friedl

2006-11-24	add support to tag ipsec traffic belonging to specific IKE-initiated	Reyk Floeter
	phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@
2006-11-09	support public keys w/o SubjectPublicKeyInfo (format: BEGIN RSA PUBLIC KEY)	Markus Friedl
	ok ho, hshoexer
2006-10-29	Fix TAILQ usage, preventing crashes	Pedro Martelletto
	Okay henning@ krw@ millert@ hshoexer@
2006-10-18	do not name FILE * variables "fd" since it is confusing	Theo de Raadt

2006-10-05	Reword sentence to fix grammar nit.	Tom Cosgrove
	ok jmc@
2006-09-19	Use S_IS* macros insted of masking with S_IF* flags. The latter may	Otto Moerbeek
	have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@
2006-09-15	Remove "Delete-SAs" config option. This was needed for interaction	Hans-Joerg Hoexer
	with sasyncd(8). Now sasyncd(8) controls isakmpd(8) regarding SA deletion so this option is obsolete. ok mpf jmc
2006-09-09	point people towards ipsec.conf.5; after some discussion w/ reyk	Jason McIntyre
	ok hshoexer reyk
2006-09-01	use shell-independent examples;	Jason McIntyre

2006-09-01	Add a new UI command to force isakmpd into passive only mode.	Marco Pfatschbacher
	Will be used by sasyncd to prevent two talking isakmpd's in an HA setup. Based on a diff by ho@. OK ho@, hshoexer@, deraadt@
2006-08-31	document an issue with subjectAltName found by reyk;	Jason McIntyre
	ok hshoexer ho reyk
2006-08-31	remove a confusing sentence; ok hshoexer ho	Jason McIntyre

2006-08-30	fix isakmpd -Ka, as used by bgpd, or acquire flows set up via ipsecctl.	Henning Brauer
	acquire flows need to be recorded on the fly via connection_record_passive(), otherwise later lookups fail and the policy check fails. ok hshoexer ho markus msf deraadt
2006-08-30	rewording; from reyk cloder hshoexer	Jason McIntyre
	ok ho
2006-08-30	need to retry writing to pfkey socket on EAGAIN, ok theo hshoexer	Henning Brauer

2006-08-30	Make SA deletion on shutdown the default again. Use -S for failover	Hans-Joerg Hoexer
	situations where you do not want this. Discussed and agreed on with ho, mcbride, markus, cloder,... We will have to teach sasyncd to deal with this. Testing by msf and hshoexer with help from mtu ok markus cloder
2006-08-30	Back out r1.103, which caused SA's to leak until memory was exhausted.	Chad Loder
	OK hshoexer, nathanael, mpf, "get that in" deraadt
2006-08-30	do not call pf_key_v2_disable_sa twice; ok hshoexer, ho	Markus Friedl

2006-08-29	Properly define quick mode suites for AH. With naddy.	Hans-Joerg Hoexer
	ok ho
2006-08-22	correct function name in log message.	Hans-Joerg Hoexer

2006-07-24	Style; return is not a function. hshoexer@ ok.	Hakan Olsson

2006-07-02	Let isakmpd send out a vendor ID announcing isamkpds release version.	Hans-Joerg Hoexer
	Will be handy for release specific bug fixes, etc. Suggested by markus@ quite some time ago. ok markus@
2006-06-29	Document that pcap files can only be writen to the /var/run directory.	Hans-Joerg Hoexer

2006-06-18	clean up some gotos. Originally from Andrey Matveev <evol at online	Hans-Joerg Hoexer
	dot ptt dot ru>. Ok and help moritz@