Age | Commit message (Collapse) | Author |
|
author: itojun
synchronize with latest KAME PF_KEY interface. need more testing.
old: changes sadb_msg, which is bad
new: added sadb_x_sa2 for extra meat
|
|
author: niklas
Indentation, bad greek
|
|
author: ho
Recognize and handle reserved and private payloads differently.
A private payload in a message is ignored.
A message containing a reserved payload is dropped.
|
|
author: niklas
&& not &
|
|
|
|
|
|
|
|
|
|
- Clean up FILES section.
- s/BACKWARD COMPATIBILITY/COMPATIBILITY/
- Use standard options list introduction.
|
|
|
|
|
|
|
|
|
|
|
|
with soft-updates, but will leak free blocks. On non-softupdates filesystems
this option is strongly unrecommended. It also allows downgrades to readonly
by revoking files opened for writing. If the filesystem have mmap'ed files
writeable this is dangerous. Thus, we do *not* recommend its use!
|
|
OK millert
|
|
|
|
|
|
|
|
was 03/05 chimera.
ping6: -n by default due to too many false error report due to too long
reverse query delay.
|
|
|
|
|
|
author: angelos
Default value for [KeyNote]:Credential-directory.
|
|
author: angelos
Point back to isakmpd.conf(5)
author: angelos
Remove fixed item from BUGs section.
author: angelos
Talk about re-loading of policies on SIGHUP.
|
|
author: angelos
Some more support for KeyNote credential exchange (not yet done).
|
|
author: angelos
No need for NODEBUG actually...
author: angelos
Use LOG_DBG() instead of log_debug()
author: angelos
NODEBUG compile option, so regress doesn't barf.
author: angelos
No point adding a handling attribute for the generic session.
author: angelos
log_debug() for the action attributes.
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
Correct pointer handling.
author: angelos
A few more certificate handling routines for KeyNote.
author: angelos
Some more support for KeyNote credential exchange (not yet done).
author: angelos
Add a couple more KeyNote functions in the sym entries.
author: ho
Some systems do not define IPPROTO_ETHERIP (yet).
|
|
author: angelos
Add the -R option in getopt!!!
|
|
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
|
|
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
Cleanup.
|
|
author: angelos
Some more text.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: ho
Update re DOI:IPSEC and default p1/p2 lifetimes.
|
|
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
A few more definitions.
author: angelos
Some more support for KeyNote credential exchange (not yet done).
|
|
author: provos
typo
|
|
author: angelos
Initialize [Keynote]:Credential-directory.
author: ho
Autogenerated p1/p2 default lifetimes can be defined in config.
author: niklas
style
|
|
author: angelos
Be a bit more verbose when printing policy results.
author: angelos
Correct environment cleanup.
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
&&, not ||
author: angelos
Begin support for KeyNote credentials exchanged.
|
|
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
Begin support for KeyNote credentials exchanged.
|
|
author: angelos
Reset policy_id and recv_key after we've moved them over from the
exchange to the isakmp_sa, so they don't get free'ed.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
Add CERTENC_KEYNOTE.
author: ho
DOI IPSEC is default if not specified.
|
|
exchange.h: Merge with EOM 1.27
x509.h: Merge with EOM 1.10
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
|
|
author: angelos
Add CERTENC_KEYNOTE.
|
|
author: ho
Correct definition.
|
|
author: ho
DOI IPSEC is default if not specified.
|
|
author: ho
Use math_mp_t in prototype.
|
|
author: ho
Attempt to get GMP usable here.
|
|
author: angelos
Don't add the callback at initialization time, we must set it before
each invokation.
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
|
|
|
|
|
|
|
|
to zero out the partition table respectively.
|
|
|
|
We now check the return value of KREAD() which may solve PR 1254.
|
|
|