summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
AgeCommit message (Collapse)Author
2003-11-08typos from Jonathon Gray;Jason McIntyre
2003-11-07adress -> address, and a few more; all from Jonathon Gray;Jason McIntyre
(mvme68k/mvme88k) vs.c and (vax) if_le.c ok miod@ isakmpd ones ok ho@
2003-11-06Style nits.Hakan Olsson
2003-11-06Require encrypted messages are soon as we have the keystate for it.Hakan Olsson
Require DELETE payloads to be accompanied by HASHes, and add validation for HASH payloads without active exchanges. From Hans-Joerg Hoexer with various modifications and suggestions from me and markus@. Ok markus@.
2003-11-06spis[] type tweak. From Hans-Joerg Hoexer.Hakan Olsson
2003-11-05PFS: Perfect Forward Secrecy (RFC 2409);Jason McIntyre
from misc@ and ok markus@
2003-11-05updated URL from Jared Yanovich;Jason McIntyre
2003-10-25OpenSSL generates DNs with emailAddress, not Email.Ryan Thomas McBride
2003-10-25receiveing -> receiving; from Jared Yanovich;Jason McIntyre
2003-10-14constant_lookup() to constant_name() cleanup. markus@ ok.Hakan Olsson
2003-10-13Add a UI FIFO debug class. ok markus@ plus I think henning@Hakan Olsson
2003-10-04Avoid crash on invalid config file (missing value for LIFE_DURATION).Chad Loder
OK ho@
2003-09-26Fix off-by-ones in format string for 's' specifier; millert@, deraadt@ okAaron Campbell
2003-09-26don't listen to INADDR_ANY if Listen-on is specified.Cedric Berger
patch from markus@, ok ho@
2003-09-25Fix off-by-one out-of-bounds write; millert@ okAaron Campbell
2003-09-25Fix one case of set length before realloc. Fix another case ofChad Loder
foo = realloc(foo...) and avoid possible memory leaks. Avoid leaving things pointing to freed memory on failure.
2003-09-24re-add AES, but without using EVP;Markus Friedl
patch from Hans-Joerg.Hoexer at yerbouti.franken.de; ok ho@ (interops with isakmpd+AES in OpenBSD 3.4)
2003-09-24back out EVP change; causes fd leaks; ok cedric@Markus Friedl
2003-09-05socket leak on error paths. from Patrick Latifi. ok deraadt@ ho@Ted Unangst
2003-09-02A couple of nits. deraadt@ ok.Hakan Olsson
2003-09-02Require ISAKMP_FLAGS_ENC on phase 2 messages. ok markus@, deraadt@.Hakan Olsson
2003-09-02For easier compilation on linux systems. Requested by Thomas Walpuski.Hakan Olsson
2003-08-28support AES in phase 1, too. switch to OpenSSL EVP interface;Markus Friedl
with Hans-Joerg.Hoexer at yerbouti.franken.de; ok ho@
2003-08-20Zap an old "Identification" tag in this sample config. I have no ideaHakan Olsson
what it was supposed to do and in any case there is no reference to this tag in current code. Pointed out by Fridtjof Busse.
2003-08-20certpatch(8) can be used to create FQDN X509v3 extensions too.Hakan Olsson
From Fridtjof Busse, via henning@. Thanks.
2003-08-18typos; ho@Markus Friedl
note that ping is still not working on -current; however, SA/SPD/flow setup works for testing isakmpd/ipsec on a signle machine.
2003-08-09new sentence, new line + small cleanup;Jason McIntyre
ok ho@
2003-08-08Be more careful when using constant_lookup() in messages. Pointed out byHakan Olsson
Jean-Francois Dive, although I opted for a slightly different patch.
2003-08-08Fine grained selectors for Linux native IPsec. From Jean-Francois Dive.Hakan Olsson
2003-08-06Remove some double semicolons (hmm, do two semis equal a maxi?).Todd C. Miller
I've skipped the GNU stuff for now. From Patrick Latifi.
2003-08-06support ESP with cast/blowfish in KAME plattformsMarkus Friedl
2003-08-06support ESP with cast/blowfish on KAME platformsMarkus Friedl
2003-07-29off-by-one in a printf %sAnil Madhavapeddy
markus@ ok a while back
2003-07-25add sha2Markus Friedl
2003-07-25add sha2 support; ok ho@Markus Friedl
2003-07-24conform to RFC2367 on SADB_xx naming (local name must be prefixed withJun-ichiro itojun Hagino
SADB_X_xx)
2003-07-09- remove some .Ss's that worked around the old blank line bugJason McIntyre
- remove some unnecessary .Pp's - mdoc a list ok ho@
2003-06-20Be a bit more verbose when we give up on ever seeing a response to theHakan Olsson
last message we sent out. In case we initiated the exchange, one possible and common reason is a network level problem (pf, routing, whatnot), if we're the responder, there is also the possibility we were scanned by something like ike-scan. markus@ ok.
2003-06-17Sync with share/misc/license.template and add missing DARPA creditTodd C. Miller
where applicable.
2003-06-15ID copying should happen earlier in exchange_finalize so that we won't loseHakan Olsson
data during rekeying. From Jean-Francois Dive.
2003-06-14allocate payload_node with calloc instead of mallocHakan Olsson
2003-06-10boring cleanupsTheo de Raadt
2003-06-10Do not crash on unsupported IPSec ID types, as noted by Eric Boudrand.Hakan Olsson
2003-06-04Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, AngelosHakan Olsson
D. Keromytis and Niels Provos.
2003-06-04Remove 3 and 4 from the "license to use"Hakan Olsson
2003-06-03Remove clause 3. Approved by niklas@ and Thomas Walpuski.Hakan Olsson
2003-06-03Obsolete.Hakan Olsson
2003-06-03Remove clauses 3 and 4. Approved by markus@ and niklas@.Hakan Olsson
2003-06-03Remove clauses 3 and 4. Approved by Niklas Hallqvist and Niels Provos.Hakan Olsson
2003-06-03Remove clauses 3 and 4. Approved by Niklas Hallqvist and Niels Provos.Hakan Olsson