| Age | Commit message (Collapse) | Author |
|---|
|
author: ho
Warn but continue on isakmpd.conf permissions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
author: provos
increase size of refcnt. okay niklas@
|
|
message.h: Merge with EOM 1.51
transport.c: Merge with EOM 1.43
author: provos
use message_send_expire for timeouts. okay niklas@
|
|
author: niklas
Very ugly, transient fix so isakmpd works in a backward compatible
way, instead of requiring the new undocumented ACQUIRE-based setup
|
|
samples/VPN-east.conf: Merge with EOM 1.12
samples/VPN-west.conf: Merge with EOM 1.13
samples/policy: Merge with EOM 1.6
samples/singlehost-west.conf: Merge with EOM 1.9
samples/singlehost-east.conf: Merge with EOM 1.9
conf.c: Merge with EOM 1.37
ipsec.c: Merge with EOM 1.133
ipsec_num.cst: Merge with EOM 1.4
isakmpd.conf.5: Merge with EOM 1.48
isakmpd.policy.5: Merge with EOM 1.21
policy.c: Merge with EOM 1.46
author: angelos
AES support.
|
|
author: angelos
Use Default entry for Phase 1 configuration if none is found.
|
|
author: niklas
properly ifdef PF_KEY extension
author: angelos
AES support.
|
|
|
|
|
|
|
|
author: niklas
style and < that should be <=
author: angelos
If the initiator does not propose a Phase 2 ID, use the local/peer
addresses as implicit IDs; this was supported on the responder side,
but weirdly enough not on the initiator. Reported by itojun@
author: angelos
Handle 32-bit lifetimes (in generating them).
author: ho
(c)-2000
author: provos
style as pointed out by the code style pedant.
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: angelos
No need to delete SPIs, they'll just expire.
author: provos
style as pointed out by the code style pedant.
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: ho
Read in FEATURES for proper operation
author: angelos
No need for NODEBUG.
author: angelos
Use NODEBUG compile flag, so policy.c doesn't barf.
|
|
author: ho
Nowadays we can use #include <openssl/...> instead of <ssl/...>
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: provos
style as pointed out by the code style pedant.
author: ho
Compile without USE_KEYNOTE/USE_POLICY.
|
|
author: niklas
style
author: niklas
spelling
author: ho
(c)-2000
author: niklas
style
author: provos
fail if exchange can not be created
author: angelos
Invalid payload may be because of passphrase mismatch, so warn about that.
author: provos
reference to freed object, move free down
author: ho
log_debug -> LOG_DBG (USE_DEBUG)
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
gmp_util.c: Merge with EOM 1.7
isakmpd.conf.5: Merge with EOM 1.47
author: ho
(c)-2000
|
|
author: angelos
Unsigned integers for most attributes.
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: ho
Nowadays we can use #include <openssl/...> instead of <ssl/...>
author: angelos
Typo on checking esp lifetimes.
author: angelos
Use the correct protocol from the IDi/IDr.
|
|
author: niklas
Obsolete commentary
|
|
author: itojun
need string.h for netbsd/alpha
|
|
author: ho
Add USE_KEYNOTE if policy feature is active
|
|
author: ho
ipsec_decode_ids is only used with USE_DEBUG
|
|
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
author: ho
Nowadays we can use #include <openssl/...> instead of <ssl/...>
|
|
author: niklas
Remove some spaces
author: niklas
do not crash on empty config files
author: ho
(c)-2000
author: provos
style as pointed out by the code style pedant.
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
author: niklas
Style
author: ho
Nowadays we can use #include <openssl/...> instead of <ssl/...>
|
|
author: niklas
style
author: angelos
Make sure the LIFE_DURATION length is 2 or 4 bytes (we don't handle
anything else, although we could extend it to handle anything up to 8
bytes).
author: provos
dont crash when isakmp sa keystate = 0; happens when encountering high
packet loss.
author: ho
ipsec_decode_ids is only used with USE_DEBUG
author: provos
style as pointed out by the code style pedant.
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
isakmpd.c: Merge with EOM 1.54
|
|
author: niklas
no need for sysdep.h in here. This promotes reuse of the log
module in other environments
author: ho
(c)-2000
|
|
author: ho
pconn variable only used with USE_DEBUG
author: ho
NetBSD wants <sys/socket.h> for AF_INET def.
|
|
author: niklas
style and < that should be <=
author: angelos
Handle 32-bit lifetimes (in generating them).
author: ho
Use log_print() instead of log_error here, no errno here.
|
|
author: niklas
style
author: angelos
No reserved1 field anymore.
author: angelos
Begining of ACQUIRE support.
author: angelos
No need to delete SPIs, they'll just expire.
author: angelos
Only play with flows if we're using the "old" IPsec code (the new
kernel code to be committed).
|
|
author: niklas
style
author: ho
(c)-2000
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
author: provos
remove previous timeout if adding a new one
|
|
author: niklas
missing arg
author: ho
(c)-2000
|
|
author: niklas
Add back an example of empty FEATURES
author: niklas
Well, show how to add -g in different OSes
author: itojun
make -g really work
author: ho
Revert. Features should not depend on other stuff,
it should be the other way around.
author: ho
Ok, make it work this time.
author: ho
Only add 'policy' feature if USE_KEYNOTE is active.
|
|
cert.h: Merge with EOM 1.8
libcrypto.c: Merge with EOM 1.14
policy.h: Merge with EOM 1.12
x509.h: Merge with EOM 1.11
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
|
|
author: niklas
alphabeticize
|
|
|
|
|
|
millert@ ok
|
|
|
|
|
