summaryrefslogtreecommitdiff
path: root/usr.sbin/ikectl/ikeca.c
AgeCommit message (Expand)Author
2017-11-08Since r1.41 the extensions are included in the CSR. Thus ca_request()Patrick Wildt
2017-06-08Invoke openssl with -passin file rather than -key in ca_revoke().Jonathan Gray
2017-05-31ca_revoke() gets called two ways. Directly from ca_opt() with keynameJonathan Gray
2017-05-24Set REQ_EXT in req section so ikectl ca certificate revoke will work again.Jonathan Gray
2017-05-21A few more freezero() usesTheo de Raadt
2017-03-29set REQ_EXT to x509v3_CA, fixing "ikectl ca XX create" inadvertently brokenStuart Henderson
2017-01-31Teach ikectl to include extensions in the CSR, rather than just adding themStuart Henderson
2015-11-02switch from using sha1 to sha256Jonathan Gray
2015-11-02sign csrs with openssl ca instead of x509 -reqJonathan Gray
2015-11-02Accept an ocsp option when creating certificates to set the extendedJonathan Gray
2015-08-19ca_hier() und ca_newpass() abort on failure, return void instead of int.Reyk Floeter
2015-08-19spacingReyk Floeter
2015-08-19fcopy_env() should return void as it aborts on failure.Reyk Floeter
2015-08-19Use C99 integer types in ikectl(8).Reyk Floeter
2015-08-19Support for overwriting $ENV:: variables in OpenSSL .cnf files fromReyk Floeter
2015-08-15correct mode_t 644 to 0644Sebastien Marie
2015-08-15corrects three err() to errx() callsSebastien Marie
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2014-08-26Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is notJoel Sing
2014-08-25Delete secret or secret-derived data with explicit_bzero.Doug Hogan
2014-07-20Make sure the correct errno is reported by warn* or err* and notPhilip Guenther
2014-04-18round up some enemy sympathizers found calling RAND_seed().Ted Unangst
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-12-08don't forget to include a path separator after an SSLDIR;Mike Belopuhov
2012-10-23Allow to overwrite a few more definitions like file paths from theReyk Floeter
2012-09-18update email addresses to match reality.Reyk Floeter
2012-07-08if you use nitems() in userland, you must define it yourselfTheo de Raadt
2011-05-27spacingReyk Floeter
2010-10-08set the client/server certificate options with all the common keyusageReyk Floeter
2010-10-08check if a directory exists before trying to create it in the exportJonathan Gray
2010-10-08if non absolute paths are specified in install commands assume theyJonathan Gray
2010-10-08allow optional paths for the install commands so we canJonathan Gray
2010-10-08Allow to show certificate details (show ca x cert [y]).Reyk Floeter
2010-10-07only try to setup a passfile when creating a CAJonathan Gray
2010-10-07Allow to specify the export password on the command line (optionally, forReyk Floeter
2010-10-07- add a -q (quiet) command line option that will be used by ikeca toReyk Floeter
2010-10-07set saner permissions on the directory we export, so we don't changePeter Hessler
2010-10-07When we create a new CA, also create an empty (but valid) CRL list.Peter Hessler
2010-06-23fix the permissions on directories inside the exported tarballJonathan Gray
2010-06-23More appropriate contents for the exported ca tarball.Jonathan Gray
2010-06-23Add a ca export command for EAP mode where we only require the CA cert,Jonathan Gray
2010-06-21use the full path to zipJonathan Gray
2010-06-14Add commands to create/delete/install/import keys withoutJonathan Gray
2010-06-10Add a command to revoke a certificate and generate a CRL;Jonathan Gray
2010-06-07switch iked pki files to /etc/iked, discussed with reyk.Jonathan Gray
2010-06-04Install the cert as well as the keys and make certs worldJonathan Gray
2010-06-03Import iked, a new implementation of the IKEv2 protocol.Reyk Floeter