src - OpenBSD base system

Age	Commit message (Collapse)	Author
2012-05-02	s/snmpd/iked/ in comment	Gleydson Soares
	ok henning@
2011-05-27	spacing	Reyk Floeter

2011-01-20	more double word removal;	Jason McIntyre

2010-10-11	and another one... s/10.4.5.6/10.3.4.5/, also from jy-p.	Stuart Henderson

2010-10-11	typo, s/10.1.2.3/10.2.3.4/, from jy-p	Stuart Henderson

2010-10-08	set the client/server certificate options with all the common keyusage	Reyk Floeter
	and extendedkeyusage and nscerttype flags. the ikectl CA can now be used with all kinds of other vpn tools in addition to iked and isakmpd. ok phessler@
2010-10-08	check if a directory exists before trying to create it in the export	Jonathan Gray
	case as well, spotted by mikeb
2010-10-08	tweak for nroff	Jonathan Gray

2010-10-08	if non absolute paths are specified in install commands assume they	Jonathan Gray
	are relative to /etc
2010-10-08	allow optional paths for the install commands so we can	Jonathan Gray
	install into the isakmpd directory hierarchy for example.
2010-10-08	Allow to show certificate details (show ca x cert [y]).	Reyk Floeter

2010-10-07	only try to setup a passfile when creating a CA	Jonathan Gray

2010-10-07	Allow to specify the export password on the command line (optionally, for	Reyk Floeter
	scripting). The "peer" argument now needs to be preceded with the "peer" keyword, eg. ... export peer 10.1.1.1 instead of export 10.1.1.1.
2010-10-07	sync usage();	Jason McIntyre

2010-10-07	nroff doesn't like long argument lists that work fine with mandoc.	Reyk Floeter
	split them into Xo/Xc blocks to make nroff happy again.
2010-10-07	- add a -q (quiet) command line option that will be used by ikeca to	Reyk Floeter
	set openssl batch mode: don't ask for x509 options, use the defaults. - allow to specify the initial ca password on the command line to also make it scriptable. - allow to create certificates for clientAuth or serverAuth only (eg. ikectl ca foo certificate bar server). - cosmetics: move double declarations of ca_*() functions to parser.h. ok phessler@
2010-10-07	set saner permissions on the directory we export, so we don't change	Peter Hessler
	perms of /etc/iked when extracting OK jsg@
2010-10-07	When we create a new CA, also create an empty (but valid) CRL list.	Peter Hessler
	While here, set our used defaults in the config file. OK reyk@, jsg@
2010-10-01	tweak previous;	Jason McIntyre

2010-09-30	Add jsg@ to the AUTHORS section of ikectl; he wrote the CA/PKI part.	Reyk Floeter

2010-09-30	Add some examples about using the CA commands to create and install the	Reyk Floeter
	CA and peers certificates. With input from mikeb@
2010-06-23	fix the permissions on directories inside the exported tarball	Jonathan Gray
	in the cert case.
2010-06-23	More appropriate contents for the exported ca tarball.	Jonathan Gray

2010-06-23	Add a ca export command for EAP mode where we only require the CA cert,	Jonathan Gray
	and make both export commands optionally take an argument that will be added to a peer.txt file in the exported output. Additionally include any site specific notes from /usr/share/iked if present. man page bits and help with the parser from reyk
2010-06-21	use the full path to zip	Jonathan Gray

2010-06-15	fix an mdoc macro	Jonathan Gray

2010-06-14	Add commands to create/delete/install/import keys without	Jonathan Gray
	involving certificates as suggested by reyk and don't recreate private keys if a key already exists. ok reyk@
2010-06-10	Add a command to revoke a certificate and generate a CRL;	Jonathan Gray
	make the ca install command install the CRL as well. discussed with reyk@
2010-06-10	add new commands: the couple/decouple commands will set loading of the	Reyk Floeter
	learned flows and SAs to the kernel which is useful for testing and debugging. the active/passive commands are required to use iked with sasyncd(8); sasyncd just needs to call "ikectl active/passive" or send the appropriate imsg to support iked but this is not implemented yet.
2010-06-07	switch iked pki files to /etc/iked, discussed with reyk.	Jonathan Gray

2010-06-04	Install the cert as well as the keys and make certs world	Jonathan Gray
	readable as suggested by reyk@
2010-06-03	Import iked, a new implementation of the IKEv2 protocol.	Reyk Floeter
	iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder. with lots of help and debugging by jsg@ ok deraadt@
2010-06-03	Import iked, a new implementation of the IKEv2 protocol.	Reyk Floeter
	iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder. with lots of help and debugging by jsg@ ok deraadt@