Age | Commit message (Collapse) | Author |
|
author: provos
better referencing. okay niklas@
author: angelos
Eliminate bogus freeing of static variable.
|
|
author: angelos
Just to be on the safe side, use a struct stat.
author: angelos
Only do the secrecy check and parse the configuration file if it
actually exists.
author: angelos
Actually create all the pre-configured Transforms and Suites, even if
the user doesn't actually define them in the configuration file; ugly
kludge, but it allows use of isakmpd without a configuration file.
author: angelos
Add RIPEMD negotiation/configuration.
|
|
author: angelos
Fix comment.
author: angelos
Add RIPEMD negotiation/configuration.
|
|
author: niklas
correct test for GMP feature
|
|
author: niklas
heh, backspace as a continuation character, yeah right!
author: angelos
Mention Remote-ID tag in ISAKMP-peer section, and also that it doesn't
currently work.
author: angelos
It's "Local-address", not "Listen-address" in the ISAKMP-peer section.
author: angelos
Mention RIPEMD.
|
|
author: angelos
Correct byte-order handling in encode/decode_128, add function prototypes.
|
|
author: niklas
missed some FEATURES-dependencies in the last commit
author: niklas
include crypto headers based on FEATURES
|
|
isakmpd.policy.5: Merge with EOM 1.22
author: angelos
Add RIPEMD negotiation/configuration.
|
|
author: provos
better referencing. okay niklas@
author: niklas
Allow new and old style configuration simultaneously
|
|
author: provos
better referencing. okay niklas@
|
|
author: niklas
ifdef HAVE_GETNAMINFO
author: angelos
That comment doesn't justify an XXX mark :-)
|
|
author: angelos
Add comment on where we could be checking the Remote-ID.
|
|
author: angelos
Correct byte-order handling in encode/decode_128, add function prototypes.
author: angelos
A few more auxiliary routines.
|
|
author: niklas
Add weak aliases for keynote symbols that have not always been there
|
|
author: niklas
conditionalize getnaminfo and add weak keynote syms
author: niklas
Add weak aliases for keynote symbols that have not always been there
|
|
author: niklas
Allow new and old style configuration simultaneously
author: niklas
use snprintf instead of strlcpy since it is more backwards compatible
author: niklas
Provide NI_MAXHOSTS for systems who do not have it
author: niklas
conditionalize getnaminfo and be a style pedant
author: angelos
Fix bounds checking for transforms to include AES (noticed by mickey@)
author: angelos
Add RIPEMD negotiation/configuration.
|
|
author: provos
better referencing. okay niklas@
author: niklas
Name collissions introduced by me, DOH!
author: niklas
Allow new and old style configuration simultaneously
author: niklas
Backward compatibility with old style configuration
author: niklas
remove redundant ifdefs
author: niklas
facistoid style and naming pedantery
author: angelos
Construct the ISAKMP-peer section such that it actually contains the
src/dst Phase 1 IDs (so we don't have to worry about configuration
conflicts). I should update the manpage....
author: angelos
Use local-address, not listen-address.
author: angelos
First cut of ACQUIRE handling, fully functional but not entirely
dynamic (it depends on the pre-defined Transforms and
Suites). Nonetheless, it is possible to use isakmpd without a
configuration file when using certificates for authentication.
author: angelos
Add RIPEMD negotiation/configuration.
|
|
|
|
|
|
|
|
Now the interface is specified as the first argument instead of with -i
|
|
- OpenBSD'ify somewhat (we don't use a .Sh OPTIONS section marker).
- Remove broken reference to spppcontrol(8).
- NetBSD 1.4 -> OpenBSD 2.8.
|
|
ok deraadt@
|
|
|
|
|
|
ike_auth.c: Merge with EOM 1.57
author: ho
Add file permission check to private key file. Split out check function to util.c.
|
|
regress/ec2n/Makefile: Merge with EOM 1.9
conf.c: Merge with EOM 1.40
util.c: Merge with EOM 1.17
author: ho
Add file permission check to private key file. Split out check function to util.c.
|
|
author: ho
Revert. Be strict about file mode.
|
|
author: ho
Warn but continue on isakmpd.conf permissions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
author: provos
increase size of refcnt. okay niklas@
|
|
message.h: Merge with EOM 1.51
transport.c: Merge with EOM 1.43
author: provos
use message_send_expire for timeouts. okay niklas@
|
|
author: niklas
Very ugly, transient fix so isakmpd works in a backward compatible
way, instead of requiring the new undocumented ACQUIRE-based setup
|
|
samples/VPN-east.conf: Merge with EOM 1.12
samples/VPN-west.conf: Merge with EOM 1.13
samples/policy: Merge with EOM 1.6
samples/singlehost-west.conf: Merge with EOM 1.9
samples/singlehost-east.conf: Merge with EOM 1.9
conf.c: Merge with EOM 1.37
ipsec.c: Merge with EOM 1.133
ipsec_num.cst: Merge with EOM 1.4
isakmpd.conf.5: Merge with EOM 1.48
isakmpd.policy.5: Merge with EOM 1.21
policy.c: Merge with EOM 1.46
author: angelos
AES support.
|
|
author: angelos
Use Default entry for Phase 1 configuration if none is found.
|
|
author: niklas
properly ifdef PF_KEY extension
author: angelos
AES support.
|
|
|
|
|
|
|
|
author: niklas
style and < that should be <=
author: angelos
If the initiator does not propose a Phase 2 ID, use the local/peer
addresses as implicit IDs; this was supported on the responder side,
but weirdly enough not on the initiator. Reported by itojun@
author: angelos
Handle 32-bit lifetimes (in generating them).
author: ho
(c)-2000
author: provos
style as pointed out by the code style pedant.
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: angelos
No need to delete SPIs, they'll just expire.
author: provos
style as pointed out by the code style pedant.
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: ho
Read in FEATURES for proper operation
author: angelos
No need for NODEBUG.
author: angelos
Use NODEBUG compile flag, so policy.c doesn't barf.
|
|
author: ho
Nowadays we can use #include <openssl/...> instead of <ssl/...>
|