summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
AgeCommit message (Collapse)Author
2005-11-26get rid of some leftovers from a cleanup during c2k5. From Andrey MatveevHans-Joerg Hoexer
<evol at online dot ptt dot ru>, thanks!
2005-11-17typo, ok hshoexer@Alexander von Gernler
2005-11-17add a free() which got lost in r1.104. ok hshoexer@ deraadt@Moritz Jodeit
2005-11-16Avoid printing a NULL string. ok hshoexerChad Loder
2005-11-15Be cleaner about signed vs. unsigned when it's easy to do so. OK hshoexerChad Loder
2005-11-15Add a new raw2hex function and yank out several pieces of code in otherChad Loder
places that were doing this. Prodding deraadt. OK hshoexer.
2005-11-14use snprintf; ok cloder. also looked at by a few other peopleTheo de Raadt
2005-11-13zap unused variable and silence gcc.Hans-Joerg Hoexer
From Mike Belopuhov <mkb at crypt dot org dot ru> Thanks!
2005-10-27Do not touch LIST_* macro internals.Hans-Joerg Hoexer
with otto@, ok ho@
2005-10-26don't send DPD messages before the exchange is finialized, otherwiseMarkus Friedl
we have a race between DPD and exchange timeouts and both will release the SA and corrupt the SA list. ok hshoexer@, ho@
2005-10-25some small knf, ok ho@Hans-Joerg Hoexer
2005-10-25Do not send a message when no transport is available.Hans-Joerg Hoexer
ok cloder ho
2005-10-06improve examples and show how to use KEY_LENGTH. Slightly different fix thanHans-Joerg Hoexer
proposed by sthen at spacehopper dot org, fixes pr 4522, thanks! ok and with jmc@
2005-09-23Document new UI commandsHans-Joerg Hoexer
ok and help jmc@
2005-09-23Provide UI commands to delete phase 1 SAs.Hans-Joerg Hoexer
Looks good mortiz@
2005-08-25read the information from the INADDR_ANY socket and do not loop ifMarkus Friedl
a new IP appears (cf udp.c, rev 1.74), ok ho@ hshoexer@ cloder@ deraadt@
2005-08-23note that RSA_SIG should be part of the "Transforms" tag when settingJason McIntyre
up key- and cert-based authentication; problem found by andrew fresh; help/ok hshoexer@
2005-08-23`DSS' is unsupported, so remove references to it;Jason McIntyre
ok hshoexer@
2005-08-09Normalize attribute values before comparison. Unbreaks interop with netscreen.Hans-Joerg Hoexer
Noticed by Sean Knox. Testing by msf@, Sean Knox and others. Thanks! ok cloder@ msf@
2005-08-02Make sure to always load at least the default configuration values. Fixes aHans-Joerg Hoexer
problem noticed by Yaron Wahl, who also pointed out that problem. Thanks! ok mpf@
2005-07-25Use payload NAT-D or NAT-D-DRAFT according to NAT-T vendor ID advertised by theHans-Joerg Hoexer
peer. looks good ho
2005-07-25output some more information on UI command "S"Hans-Joerg Hoexer
ok ho@
2005-07-22spacing and tiny knfHans-Joerg Hoexer
2005-07-20revert one TAILQ_FOREACH conversion from r1.112 which wasMoritz Jodeit
wrong and broke some isakmpd setups. ok hshoexer@
2005-07-14fix some memleaks. ok hshoexer@Moritz Jodeit
2005-07-05fix commentHans-Joerg Hoexer
2005-07-05use correct function name in log message, tiny KNFHans-Joerg Hoexer
2005-06-26indentation/white space cleanup, no binary changeHans-Joerg Hoexer
2005-06-25/* Fallthrough. */ -> /* FALLTHROUGH */Hans-Joerg Hoexer
now that's useable with lint
2005-06-25typo in commentHans-Joerg Hoexer
2005-06-25Use correct local ID in phase 1 when using IPV[46]_ADDR.Hans-Joerg Hoexer
Diff from st.sch at gmx.net
2005-06-14add ENCAP_UDP_{TUNNEL,TRANSPORT} types according to rfc 3947Hans-Joerg Hoexer
ok markus
2005-06-13Allow isakmpd to write a pid file when /var is a subdir (e.g. /usr/var)Todd C. Miller
and not a mount point.
2005-06-11grammar;Jason McIntyre
2005-06-04undo last commit, all memory is already freed by udp_remove()Hans-Joerg Hoexer
ok cloder
2005-06-04Clarify that for -i/-R only paths beginning with /var/run are valid.Hans-Joerg Hoexer
2005-06-02unbreak port floating, noticed by sean at obstacle9 dot comHans-Joerg Hoexer
ok cloder
2005-06-02expand the section on pki:Jason McIntyre
- list different methods available - document key-based method - move x509-based into its own section - add keynote stub section ok hshoexer@
2005-06-01Fix memory leak. OK hshoexerChad Loder
2005-06-01Fix memory leaks. OK hshoexerChad Loder
2005-06-01This file is outdated, everything needed for setting up PKI is in the man pagesHans-Joerg Hoexer
now. noticed by david@ ok ho markus
2005-05-31certpatch is gone, noticed by david@Hans-Joerg Hoexer
2005-05-28ooopsHans-Joerg Hoexer
2005-05-28Remove current state code, it's bogus. We'll redo this.Hans-Joerg Hoexer
suggested by and ok moritz
2005-05-28do sanity checking on directoy entries. ok hshoexer@Moritz Jodeit
2005-05-28Cleanup sample configurations a bit; more AES, less MD5, remove fields weHakan Olsson
no longer require etc. Also add a 9-line "default" config sample.
2005-05-28introduce new readdir implementation for the monitor.Moritz Jodeit
testing and ok hshoexer@
2005-05-28make path checking in the monitor a lot easier. ok hshoexer@Moritz Jodeit
2005-05-27Make monitor.c use unsigned lengths in messages. Makes this compileChad Loder
with -Wsign-compare. OK and a little testing by hshoexer, OK moritz Now it's anil's turn to do some of this somewhere else
2005-05-27Additional paranoia. OK hshoexerChad Loder