| Age | Commit message (Collapse) | Author |
|---|
|
resolvers.
OK kn
|
|
|
|
the CERTREQ is found, don't wait for more requests.
Correctly set type if cert was found as fallback.
ok patrick@
|
|
|
|
|
|
on acquire.
|
|
same time.
|
|
|
|
ok patrick@
|
|
|
|
|
|
|
|
is owned by ocsp_req and is cleaned up automatically.
|
|
responses. This fixes concurrent OCSP requests for different IKE SAs.
From Hans-Joerg Hoexer
ok patrick@
|
|
Lets unwind(8) run when another name server listens on the wildcard
address. Conflict with unbound(8) spotted by sthen@, ok florian@ deraadt@
|
|
Reported upstream.
|
|
all heavy lifting done by sthen in unbound
testing benno
|
|
ok patrick@
|
|
ikev2_log_cert_info().
ok patrick@
|
|
ok patrick@
|
|
|
|
or IKE message has been received within the specified time interval,
iked will start sending DPD messages.
ok patrick@
|
|
grouping fixed-size values in 'struct iked_static' which is sent in
a single message.
ok patrick@
|
|
i replaced the suggested Cm/Ql mix with simple Dq;
|
|
ifconfig(8)'s TRUNK (LINK AGGREGATION) nicely combines the two drivers, so
omit common stuff from the drives specific manuals.
This aids in the overall design of having options documented in ifconfig(8)
alone unless they're inherently driver specific, e.g. "trunkproto" which
stays in trunk(4).
OK jmc
|
|
each peer (identified by their 'dstid'). When 'set enforcesingleikesa'
is enabled, each peer can only have one active IKE SA at a time.
On successful authentication of a new connection, the old IKE SA is
automatically deleted.
ok patrick@
|
|
|
|
Make sure not to initiate new exchanges while waiting for an INFORMATIONAL
response.
ok markus@
|
|
/etc/iked/ocsp/issuer.crt.
Try to get the OCSP url from the CA/issuer certificate, otherwise
use the URL configured in 'set ocsp' in iked.conf.
ok patrick@
|
|
|
|
sanity checks.
Feedback and ok patrick@
|
|
the outgoing interface in the source link-layer address ICMPv6 option
instead of the address of the last configured autoconf interface.
It is not the most efficient way to first transform an if_index into
and interface name and then iterate over all addresses but this is
also not in the hot path. Under normal operations slaacd will send
one solicitation when an interface is set to autoconf and then
never again because it will see unsolicitated router advertisements
before addresses expire.
OK kn
|
|
parameter specifies how many seconds leeway are allowed in the check.
The optional maxage parameter indicates the allowed maximum age of
the `thisUpdate' OCSP attribute value.
ok patrick@
|
|
ok patrick@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ok patrick@
|
|
|
|
in the received message.
ok patrick@
|
|
|
|
ok patrick@
|
|
Some bridge options allow values bigger than the corresponding datatype
and thus pass overflowed values to the kernel, not all options to range
checks and setting invalid "portno" complains about "portidx" values.
Use the same, simpler strtonum() idiom across all options with consistent
error messages and proper [U]INT*_MAX defines as max values to match the
datatype and all option handlers to be consistent (in less code).
Keep deferring option dependent min/max value checking to the ioctl(2)
interface, i.e. values documented in ifconfig(8) are not duplicated in
strtonum() calls.
OK millert
|
|
|
|
|
|
This happens when there's only one component (e.g. "/foo"). This
bug has been present since June 1990 when it was commited to mountd.c
SCCS version 5.9.
Note: the bug is on the second changed line, the first line is changed
for visual consistency.
From CheriBSD via FreeBSD
ok millert@ deraadt@
|
