Age | Commit message (Expand) | Author |
2014-10-12 | DH_compute_key() returns -1 on error but this was not | Jonathan Gray |
2014-10-09 | obvious reallocarray() conversions | Theo de Raadt |
2014-08-25 | Sync dh.[ch] from iked. The files are identical, so any change in | Reyk Floeter |
2014-08-25 | Fix a few fd leaks in isakmpd. | Doug Hogan |
2014-08-23 | Fix double free in ike_auth.c | doug |
2014-08-22 | fix memory leak in isakmpd | doug |
2014-07-11 | add additional includes required to build with -DOPENSSL_NO_DEPRECATED | Jonathan Gray |
2014-05-01 | Correct a test for X509_get_notAfter() failing or returning | Jonathan Gray |
2014-03-11 | For CA generation, go back to using a two-step procedure to create a CSR and | Stuart Henderson |
2014-03-07 | If allocation of 'id' fails, don't try to deref it after 'goto fail'. | Gerhard Roth |
2014-01-23 | Remove a mid-layer which acts like arc4random isn't fairly standard. | Theo de Raadt |
2014-01-22 | regrand can die, from millert | Theo de Raadt |
2014-01-22 | improve randomization. remove some junk debugging features that are | Theo de Raadt |
2013-11-22 | Whole bunch of (unsigned char) casts carefully added for ctype calls. | Theo de Raadt |
2013-11-21 | Keep the flow until last IPsec SA is deleted, if the flow is shared by | YASUOKA Masahiko |
2013-11-14 | fix parameter types for x509 routines | Theo de Raadt |
2013-11-14 | Add STANDARDS section to isakmpd(8). | Anthony J. Bentley |
2013-10-27 | If a constant string needs a name, use a static const array instead of a | Philip Guenther |
2013-09-26 | Removed a break of a switch-case, which had not been removed in the last commit. | Patrick Wildt |
2013-07-14 | "r" logs to syslog; From: Anders Berggren | Jason McIntyre |
2013-04-24 | remove old backwards random junk | Theo de Raadt |
2013-04-16 | remove casts to time_t * which are not needed | Theo de Raadt |
2013-04-02 | Stop assuming time_t is long | Philip Guenther |
2013-03-21 | remove excessive includes | Theo de Raadt |
2012-12-21 | remove makefile hacks that are no longer needed with t1 t2: working properly | Marc Espie |
2012-10-29 | backout possible infinit-loop (from rev 1.5) when parsing nat_d; | Markus Friedl |
2012-09-25 | lost preposition "in" | Otto Moerbeek |
2012-08-24 | ikev2 is described in rfc 5996 now; | Jason McIntyre |
2012-08-12 | Use .Lk for HTTP hyperlinks, not .Pa. | Ingo Schwarze |
2012-07-13 | Support additional MODP DH groups in the Phase 1 and Phase 2. | Mike Belopuhov |
2012-06-30 | enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESP | Christian Weisgerber |
2012-06-04 | Rounding up a number of bytes in a bignum returned by the BN_num_bytes() | Mike Belopuhov |
2012-03-24 | set the vendor string to OpenBSD-5.2; ok mikeb@ | Markus Friedl |
2012-01-16 | import (and fix) net_addrcmp() from libc as a static function. | Eric Faurot |
2011-12-12 | Allow using FQDN as a ID payload type. Some client (eg Windows XP) | YASUOKA Masahiko |
2011-10-20 | For NAT-T with transport mode, use the ISAKMP's SA addresses for the | YASUOKA Masahiko |
2011-09-29 | ssl.8: Certifying Authority -> Certificate Authority | Jason McIntyre |
2011-08-02 | add refcounting for "Configuration" section for acquire-mode SAs | Markus Friedl |
2011-06-23 | Use a common text explaining how the various configuration parsers using | Stuart Henderson |
2011-06-15 | When BN_bn2bin converts a bignum to the binary representation | Mike Belopuhov |
2011-06-06 | some improvements for the text on packet capture; from Lawrence Teo | Jason McIntyre |
2011-05-13 | wrong id for UDP_ENCAP_TRANSPORT_DRAFT; ok mikeb@ | Markus Friedl |
2011-04-23 | Indicate which side of the connection responded during phase 1 while using -v. | lum |
2011-04-16 | Allow -v (verbose logging) to work if a -D option is supplied. | Stuart Henderson |
2011-04-06 | Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0' | Miod Vallat |
2011-02-03 | When binding to addresses, ignore any IP address not in the current | Peter Hessler |
2010-12-09 | When looking up an SA based on peer address, also check the port | Martin Hedenfal |
2010-11-29 | make key exchange faster by not checking the predefined groups with DH_check() | Markus Friedl |
2010-10-19 | convert to fuse cast from the libcrypto. with a simplification nit from | Mike Belopuhov |
2010-10-18 | as determined 4 years ago, FortiGate needs DOI of 0 responses to DPD | Todd T. Fries |