| Age | Commit message (Collapse) | Author |
|---|
|
author: angelos
When doing preshared key authentication, if the responder has the
initiator's ID (as is the case in aggressive mode) and a shared key
cannot be found for the initiator's address (as may be the case for a
roaming laptop user), try to find the password under using as a lookup
key the initiator's Phase 1 ID, if it's an IPv4 address, an FQDN
(host.domain), or a User-FQDN (user@host.domain). This allows us to
support roaming laptop users with preshared key authentication, using
aggressive mode (sick).
There is also a lot of experimental, insecure, and ifdef'd out code
for fetching credentials and secret passphrases from a remote server
if all else fails. Extremely experimental code. Don't use. You'll be
blinded and your hair will fall if you even think about using it. You
have been warned.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: ho
Compile without USE_LIBCRYPTO and HAVE_DLOPEN.
author: niklas
Missing dynamic link fixes
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: ho
style
author: ho
Don't accidentally overwrite files with the FIFO.
|
|
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: niklas
A working way to add a RCS Id to a keynote policy
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
regress/exchange/def-r.1: Merge with EOM
apps/certpatch/certpatch.c: Merge with EOM 1.2
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
regress/b2n/.cvsignore: Ignore me
regress/crypto/.cvsignore: Ignore me
regress/dh/.cvsignore: Ignore me
regress/ec2n/.cvsignore: Ignore me
regress/exchange/.cvsignore: Ignore me
regress/group/.cvsignore: Ignore me
regress/hmac/.cvsignore: Ignore me
regress/pkcs/.cvsignore: Ignore me
regress/prf/.cvsignore: Ignore me
regress/rsakeygen/.cvsignore: Ignore me
regress/x509/.cvsignore: Ignore me
apps/certpatch/.cvsignore: Ignore me
.cvsignore: Ignore me
|
|
author: angelos
Revert order of handling KE/NONCE and IDs, such that we can use the ID
to lookup for the shared secret...
|
|
author: angelos
Document the ID section/tag for Phase 1 exchanges.
|
|
author: niklas
typo
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
|
|
author: ho
Don't build w/o crypto support
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: ho
Compile without USE_LIBCRYPTO and HAVE_DLOPEN.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
|
message.c: Merge with EOM 1.135
message.h: Merge with EOM 1.48
sa.c: Merge with EOM 1.97
sa.h: Merge with EOM 1.53
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
and not putting it into the man pages? What's the point of that?
|
|
|
|
author: niklas
EOM RCS Id
author: niklas
New regression test of exchanges, with timed events
=============================================================================
|
|
author: niklas
Fix no ID in QM, when acting as responder, bug
author: niklas
Fix bad size computation in last commit
author: niklas
Make ID-less QM really work. Forgot to allocate space for the
fake ID payloads.
|
|
BUGS: Merge with EOM 1.32
author: niklas
Up-to-date
|
|
author: niklas
typo
|
|
regress/exchange/mm-1-setup.sh: Merge with EOM 1.1
regress/exchange/mm-i-1.t: Merge with EOM 1.1
regress/exchange/mm-r-1.t: Merge with EOM 1.1
author: niklas
New regression test of exchanges, with timed events
=============================================================================
|
|
author: niklas
Fix no ID in QM, when acting as responder, bug
|
|
author: niklas
Moving the PRIVKEY tag into the X509-certificates section, renaming it to
Private-key. Also rename the keynote policy file.
author: niklas
From Niels Provos, edited by me: certificate support using SSLeay
|
|
conf.c: Merge with EOM 1.19
conf.h: Merge with EOM 1.10
ui.c: Merge with EOM 1.34
author: niklas
Dynamic updates of the configuration database is now possible, either through
ui, or through the new conf_* API described in DESIGN-NOTES
|
|
author: niklas
regrand is in util.h now. Use new conf_reinit API at SIGHUP time. Fix
timeout handling in deteerministic mode.
|
|
author: niklas
Fix isakmpd path
|
|
sysdep/openbsd/sysdep.c: Merge with EOM 1.8
cookie.c: Merge with EOM 1.21
util.c: Merge with EOM 1.15
util.h: Merge with EOM 1.7
author: niklas
Move regrand var to util.c, and get the decl from util.h, do not update the
cookie secret if in deterministic mode.
|
|
Sync manpage and fix a couple of typos.
|
|
|
|
Please note that you *must* follow the upgrade instructions at
http://www.cs.usask.ca/staff/oster/clabel_upgrade.html
before installing the new raidctl and new kernel using this code.
|
|
as deleting these will leave the SPIs behind. 'route flush -encap' will
still delete the flows. 'ipsecadm' should do this, and properly.
PF_KEY/AF_KEY nitpick. Sync man page. Add ref to ipsecadm(1).
|
|
synch with man page, which speaks of modifiers anyway.
|
|
|
|
|
|
without processing them.
|
|
have a map, use the first keyboard map as default (us). -moj
|
|
|
|
|
|
|
|
|
|
|
