summaryrefslogtreecommitdiff
path: root/usr.sbin/ikectl
AgeCommit message (Expand)Author
2020-03-22Add 'ikectl show sa' command to print information about the state oftobhe
2020-03-18Add 'ikectl reset id <ID>' command to reset all SAs from policies withtobhe
2019-05-08convert system() calls to an execv() like interface.Ted Unangst
2019-02-26ikectl's built-in CA command for simple configurations has a fixed certificateStuart Henderson
2018-06-18fix memory leak: freeaddrinfo() the data from getaddrinfo().Sebastian Benoit
2017-11-08Since r1.41 the extensions are included in the CSR. Thus ca_request()Patrick Wildt
2017-06-08Invoke openssl with -passin file rather than -key in ca_revoke().Jonathan Gray
2017-05-31ca_revoke() gets called two ways. Directly from ca_opt() with keynameJonathan Gray
2017-05-24Set REQ_EXT in req section so ikectl ca certificate revoke will work again.Jonathan Gray
2017-05-21A few more freezero() usesTheo de Raadt
2017-03-29set REQ_EXT to x509v3_CA, fixing "ikectl ca XX create" inadvertently brokenStuart Henderson
2017-01-31Teach ikectl to include extensions in the CSR, rather than just adding themStuart Henderson
2016-09-11Files in /etc/ssl belong to root. ok deraadtMartin Natano
2016-06-14Remove unused variable, found by clangReyk Floeter
2016-03-01add LIBCRYPTO to DPADDGleydson Soares
2015-12-05EAGAIN handling for imsg_read. OK henning@ benno@Claudio Jeker
2015-11-10With ikectl now requiring ca specific sections not present in theJonathan Gray
2015-11-06Use pledge in ikectl. For now one request for sending imsgs to ikedJonathan Gray
2015-11-02switch from using sha1 to sha256Jonathan Gray
2015-11-02sign csrs with openssl ca instead of x509 -reqJonathan Gray
2015-11-02sign csrs with openssl ca instead of x509 -reqJonathan Gray
2015-11-02Accept an ocsp option when creating certificates to set the extendedJonathan Gray
2015-09-07append a slash immediately after a file system path that is a directory;Igor Sobrado
2015-08-19ca_hier() und ca_newpass() abort on failure, return void instead of int.Reyk Floeter
2015-08-19spacingReyk Floeter
2015-08-19fcopy_env() should return void as it aborts on failure.Reyk Floeter
2015-08-19Use C99 integer types in ikectl(8).Reyk Floeter
2015-08-19Support for overwriting $ENV:: variables in OpenSSL .cnf files fromReyk Floeter
2015-08-15correct mode_t 644 to 0644Sebastien Marie
2015-08-15corrects three err() to errx() callsSebastien Marie
2015-07-27use file system path (.Pa) semantic markup macros where appropriate.Igor Sobrado
2015-06-11Use "compliant" header guards by avoiding the reserved '_' namespace.Reyk Floeter
2015-02-28Reduce usage of predefined strings in manpages.Anthony J. Bentley
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2014-11-22/dev/random has created the same effect as /dev/arandom (and /dev/urandom)Theo de Raadt
2014-08-26Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is notJoel Sing
2014-08-25Delete secret or secret-derived data with explicit_bzero.Doug Hogan
2014-07-20Make sure the correct errno is reported by warn* or err* and notPhilip Guenther
2014-04-18round up some enemy sympathizers found calling RAND_seed().Ted Unangst
2014-01-18Remove -Wbounded: it is now the compiler default.Martynas Venckus
2013-11-14cope with the EAGAIN API change for msgbuf_write()Theo de Raadt
2013-08-16Use %lld and cast to (long long) when printing time_t valuesPhilip Guenther
2013-07-16use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@Ingo Schwarze
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-12-08don't forget to include a path separator after an SSLDIR;Mike Belopuhov
2012-11-01Remove dead code that was a leftover from the initial code which wasReyk Floeter
2012-10-25Remove support email address from the example that is intended forReyk Floeter
2012-10-23Allow to overwrite a few more definitions like file paths from theReyk Floeter
2012-09-18update email addresses to match reality.Reyk Floeter
2012-07-08if you use nitems() in userland, you must define it yourselfTheo de Raadt