Age | Commit message (Expand) | Author |
2017-11-08 | Since r1.41 the extensions are included in the CSR. Thus ca_request() | Patrick Wildt |
2017-06-08 | Invoke openssl with -passin file rather than -key in ca_revoke(). | Jonathan Gray |
2017-05-31 | ca_revoke() gets called two ways. Directly from ca_opt() with keyname | Jonathan Gray |
2017-05-24 | Set REQ_EXT in req section so ikectl ca certificate revoke will work again. | Jonathan Gray |
2017-05-21 | A few more freezero() uses | Theo de Raadt |
2017-03-29 | set REQ_EXT to x509v3_CA, fixing "ikectl ca XX create" inadvertently broken | Stuart Henderson |
2017-01-31 | Teach ikectl to include extensions in the CSR, rather than just adding them | Stuart Henderson |
2015-11-02 | switch from using sha1 to sha256 | Jonathan Gray |
2015-11-02 | sign csrs with openssl ca instead of x509 -req | Jonathan Gray |
2015-11-02 | Accept an ocsp option when creating certificates to set the extended | Jonathan Gray |
2015-08-19 | ca_hier() und ca_newpass() abort on failure, return void instead of int. | Reyk Floeter |
2015-08-19 | spacing | Reyk Floeter |
2015-08-19 | fcopy_env() should return void as it aborts on failure. | Reyk Floeter |
2015-08-19 | Use C99 integer types in ikectl(8). | Reyk Floeter |
2015-08-19 | Support for overwriting $ENV:: variables in OpenSSL .cnf files from | Reyk Floeter |
2015-08-15 | correct mode_t 644 to 0644 | Sebastien Marie |
2015-08-15 | corrects three err() to errx() calls | Sebastien Marie |
2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt |
2014-08-26 | Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not | Joel Sing |
2014-08-25 | Delete secret or secret-derived data with explicit_bzero. | Doug Hogan |
2014-07-20 | Make sure the correct errno is reported by warn* or err* and not | Philip Guenther |
2014-04-18 | round up some enemy sympathizers found calling RAND_seed(). | Ted Unangst |
2013-01-08 | Remove private CVS tag from an obsolete repository and bump copyright | Reyk Floeter |
2012-12-08 | don't forget to include a path separator after an SSLDIR; | Mike Belopuhov |
2012-10-23 | Allow to overwrite a few more definitions like file paths from the | Reyk Floeter |
2012-09-18 | update email addresses to match reality. | Reyk Floeter |
2012-07-08 | if you use nitems() in userland, you must define it yourself | Theo de Raadt |
2011-05-27 | spacing | Reyk Floeter |
2010-10-08 | set the client/server certificate options with all the common keyusage | Reyk Floeter |
2010-10-08 | check if a directory exists before trying to create it in the export | Jonathan Gray |
2010-10-08 | if non absolute paths are specified in install commands assume they | Jonathan Gray |
2010-10-08 | allow optional paths for the install commands so we can | Jonathan Gray |
2010-10-08 | Allow to show certificate details (show ca x cert [y]). | Reyk Floeter |
2010-10-07 | only try to setup a passfile when creating a CA | Jonathan Gray |
2010-10-07 | Allow to specify the export password on the command line (optionally, for | Reyk Floeter |
2010-10-07 | - add a -q (quiet) command line option that will be used by ikeca to | Reyk Floeter |
2010-10-07 | set saner permissions on the directory we export, so we don't change | Peter Hessler |
2010-10-07 | When we create a new CA, also create an empty (but valid) CRL list. | Peter Hessler |
2010-06-23 | fix the permissions on directories inside the exported tarball | Jonathan Gray |
2010-06-23 | More appropriate contents for the exported ca tarball. | Jonathan Gray |
2010-06-23 | Add a ca export command for EAP mode where we only require the CA cert, | Jonathan Gray |
2010-06-21 | use the full path to zip | Jonathan Gray |
2010-06-14 | Add commands to create/delete/install/import keys without | Jonathan Gray |
2010-06-10 | Add a command to revoke a certificate and generate a CRL; | Jonathan Gray |
2010-06-07 | switch iked pki files to /etc/iked, discussed with reyk. | Jonathan Gray |
2010-06-04 | Install the cert as well as the keys and make certs world | Jonathan Gray |
2010-06-03 | Import iked, a new implementation of the IKEv2 protocol. | Reyk Floeter |