| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-09-07 | append a slash immediately after a file system path that is a directory; | Igor Sobrado | |
| uppercase the description of /var/run/iked.sock (found by jmc@); add missing full stop. ok jmc@ | |||
| 2015-08-19 | ca_hier() und ca_newpass() abort on failure, return void instead of int. | Reyk Floeter | |
| Based on previous observation by semarie@ | |||
| 2015-08-19 | spacing | Reyk Floeter | |
| 2015-08-19 | fcopy_env() should return void as it aborts on failure. | Reyk Floeter | |
| Pointed out by semarie@ | |||
| 2015-08-19 | Use C99 integer types in ikectl(8). | Reyk Floeter | |
| OK jsg@ | |||
| 2015-08-19 | Support for overwriting $ENV:: variables in OpenSSL .cnf files from | Reyk Floeter | |
| the environment has been removed in LibreSSL. This was a good step but it unintentionally broke the "ikectl ca" commands. Rework the implementation for copying the .cnf files and expanding the $ENV:: variables ourselves before passing the generated .cnf file to the "openssl" command. Reported and tested by Jona Joachim (thanks!) OK jsg@ | |||
| 2015-08-15 | correct mode_t 644 to 0644 | Sebastien Marie | |
| ok sthen@ | |||
| 2015-08-15 | corrects three err() to errx() calls | Sebastien Marie | |
| - a if condition don't set errno - strlcpy(3) don't set errno (no mention is man page) - ca_readpass() already manage errno error message with warn(3) ok sthen@ | |||
| 2015-07-27 | use file system path (.Pa) semantic markup macros where appropriate. | Igor Sobrado | |
| ok jmc@ | |||
| 2015-06-11 | Use "compliant" header guards by avoiding the reserved '_' namespace. | Reyk Floeter | |
| Pointed out by Markus Elfring OK mikeb@ millert@ | |||
| 2015-02-28 | Reduce usage of predefined strings in manpages. | Anthony J. Bentley | |
| Predefined strings are not very portable across troff implementations, and they make the source much harder to read. Usually the intended character can be written directly. No output changes, except for two instances where the incorrect escape was used in the first place. tweaks + ok schwarze@ | |||
| 2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt | |
| possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol) | |||
| 2014-11-22 | /dev/random has created the same effect as /dev/arandom (and /dev/urandom) | Theo de Raadt | |
| for quite some time. Mop up the last few, by using /dev/random where we actually want it, or not even mentioning arandom where it is irrelevant. | |||
| 2014-08-26 | Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is not | Joel Sing | |
| a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl. ok deraadt@ miod@ | |||
| 2014-08-25 | Delete secret or secret-derived data with explicit_bzero. | Doug Hogan | |
| concept ok deraadt@ diff looks ok tedu@ | |||
| 2014-07-20 | Make sure the correct errno is reported by warn* or err* and not | Philip Guenther | |
| the errno of an intervening cleanup operation like close/unlink/etc. Diff from Doug Hogan (doug (at) acyclic.org) | |||
| 2014-04-18 | round up some enemy sympathizers found calling RAND_seed(). | Ted Unangst | |
| ok beck reyk | |||
| 2014-01-18 | Remove -Wbounded: it is now the compiler default. | Martynas Venckus | |
| 2013-11-14 | cope with the EAGAIN API change for msgbuf_write() | Theo de Raadt | |
| ok benno | |||
| 2013-08-16 | Use %lld and cast to (long long) when printing time_t values | Philip Guenther | |
| otto@ millert@ lteo@ mikeb@ deraadt@ | |||
| 2013-07-16 | use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@ | Ingo Schwarze | |
| 2013-01-08 | Remove private CVS tag from an obsolete repository and bump copyright | Reyk Floeter | |
| to 2013 while I'm here... this is my way of saying "happy new year!". | |||
| 2012-12-08 | don't forget to include a path separator after an SSLDIR; | Mike Belopuhov | |
| reported by david hill | |||
| 2012-11-01 | Remove dead code that was a leftover from the initial code which was | Reyk Floeter | |
| based on snmpctl. Found and committed from the plane in 10km (35.000 feet). No functional change and this diff doesn't touch any crypto code so the current country below me cannot blame me for importing / exporting any crypto. ok benno@ | |||
| 2012-10-25 | Remove support email address from the example that is intended for | Reyk Floeter | |
| customers for an existing company. | |||
| 2012-10-23 | Allow to overwrite a few more definitions like file paths from the | Reyk Floeter | |
| Makefile. No functional change. | |||
| 2012-09-18 | update email addresses to match reality. | Reyk Floeter | |
| sure jsg@ mikeb@ | |||
| 2012-07-08 | if you use nitems() in userland, you must define it yourself | Theo de Raadt | |
| discussed with guenther | |||
| 2012-05-02 | s/snmpd/iked/ in comment | Gleydson Soares | |
| ok henning@ | |||
| 2011-05-27 | spacing | Reyk Floeter | |
| 2011-01-20 | more double word removal; | Jason McIntyre | |
| 2010-10-11 | and another one... s/10.4.5.6/10.3.4.5/, also from jy-p. | Stuart Henderson | |
| 2010-10-11 | typo, s/10.1.2.3/10.2.3.4/, from jy-p | Stuart Henderson | |
| 2010-10-08 | set the client/server certificate options with all the common keyusage | Reyk Floeter | |
| and extendedkeyusage and nscerttype flags. the ikectl CA can now be used with all kinds of other vpn tools in addition to iked and isakmpd. ok phessler@ | |||
| 2010-10-08 | check if a directory exists before trying to create it in the export | Jonathan Gray | |
| case as well, spotted by mikeb | |||
| 2010-10-08 | tweak for nroff | Jonathan Gray | |
| 2010-10-08 | if non absolute paths are specified in install commands assume they | Jonathan Gray | |
| are relative to /etc | |||
| 2010-10-08 | allow optional paths for the install commands so we can | Jonathan Gray | |
| install into the isakmpd directory hierarchy for example. | |||
| 2010-10-08 | Allow to show certificate details (show ca x cert [y]). | Reyk Floeter | |
| 2010-10-07 | only try to setup a passfile when creating a CA | Jonathan Gray | |
| 2010-10-07 | Allow to specify the export password on the command line (optionally, for | Reyk Floeter | |
| scripting). The "peer" argument now needs to be preceded with the "peer" keyword, eg. ... export peer 10.1.1.1 instead of export 10.1.1.1. | |||
| 2010-10-07 | sync usage(); | Jason McIntyre | |
| 2010-10-07 | nroff doesn't like long argument lists that work fine with mandoc. | Reyk Floeter | |
| split them into Xo/Xc blocks to make nroff happy again. | |||
| 2010-10-07 | - add a -q (quiet) command line option that will be used by ikeca to | Reyk Floeter | |
| set openssl batch mode: don't ask for x509 options, use the defaults. - allow to specify the initial ca password on the command line to also make it scriptable. - allow to create certificates for clientAuth or serverAuth only (eg. ikectl ca foo certificate bar server). - cosmetics: move double declarations of ca_*() functions to parser.h. ok phessler@ | |||
| 2010-10-07 | set saner permissions on the directory we export, so we don't change | Peter Hessler | |
| perms of /etc/iked when extracting OK jsg@ | |||
| 2010-10-07 | When we create a new CA, also create an empty (but valid) CRL list. | Peter Hessler | |
| While here, set our used defaults in the config file. OK reyk@, jsg@ | |||
| 2010-10-01 | tweak previous; | Jason McIntyre | |
| 2010-09-30 | Add jsg@ to the AUTHORS section of ikectl; he wrote the CA/PKI part. | Reyk Floeter | |
| 2010-09-30 | Add some examples about using the CA commands to create and install the | Reyk Floeter | |
| CA and peers certificates. With input from mikeb@ | |||
| 2010-06-23 | fix the permissions on directories inside the exported tarball | Jonathan Gray | |
| in the cert case. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |