summaryrefslogtreecommitdiff
path: root/usr.sbin/ikectl
AgeCommit message (Expand)Author
2024-05-21remove prototypes with no matching function and externs with no varJonathan Gray
2023-11-17Set "unique_subject = no" to allow renewing expired certificates.Tobias Heider
2022-12-04Rename sun to s_un for portability.Tobias Heider
2022-12-03Consistently use uintXX_t from <stdint.h> instead of u_intXX_t.Tobias Heider
2022-09-19Add iked connection statistics for successful and failed connections, commonTobias Heider
2022-03-31man pages: add missing commas between subordinate and main clausesChristian Weisgerber
2021-11-21Add 'ikectl show certinfo' to show trusted CAs and certificates.Tobias Heider
2021-01-23Handle write() errors.tobhe
2021-01-23Handle errors and truncated output from snprintf().tobhe
2020-06-10Cast imsg->data to char pointer to silence GCC warningkn
2020-04-25Document 'ikectl show sa'.tobhe
2020-03-22Add 'ikectl show sa' command to print information about the state oftobhe
2020-03-18Add 'ikectl reset id <ID>' command to reset all SAs from policies withtobhe
2019-05-08convert system() calls to an execv() like interface.Ted Unangst
2019-02-26ikectl's built-in CA command for simple configurations has a fixed certificateStuart Henderson
2018-06-18fix memory leak: freeaddrinfo() the data from getaddrinfo().Sebastian Benoit
2017-11-08Since r1.41 the extensions are included in the CSR. Thus ca_request()Patrick Wildt
2017-06-08Invoke openssl with -passin file rather than -key in ca_revoke().Jonathan Gray
2017-05-31ca_revoke() gets called two ways. Directly from ca_opt() with keynameJonathan Gray
2017-05-24Set REQ_EXT in req section so ikectl ca certificate revoke will work again.Jonathan Gray
2017-05-21A few more freezero() usesTheo de Raadt
2017-03-29set REQ_EXT to x509v3_CA, fixing "ikectl ca XX create" inadvertently brokenStuart Henderson
2017-01-31Teach ikectl to include extensions in the CSR, rather than just adding themStuart Henderson
2016-09-11Files in /etc/ssl belong to root. ok deraadtMartin Natano
2016-06-14Remove unused variable, found by clangReyk Floeter
2016-03-01add LIBCRYPTO to DPADDGleydson Soares
2015-12-05EAGAIN handling for imsg_read. OK henning@ benno@Claudio Jeker
2015-11-10With ikectl now requiring ca specific sections not present in theJonathan Gray
2015-11-06Use pledge in ikectl. For now one request for sending imsgs to ikedJonathan Gray
2015-11-02switch from using sha1 to sha256Jonathan Gray
2015-11-02sign csrs with openssl ca instead of x509 -reqJonathan Gray
2015-11-02sign csrs with openssl ca instead of x509 -reqJonathan Gray
2015-11-02Accept an ocsp option when creating certificates to set the extendedJonathan Gray
2015-09-07append a slash immediately after a file system path that is a directory;Igor Sobrado
2015-08-19ca_hier() und ca_newpass() abort on failure, return void instead of int.Reyk Floeter
2015-08-19spacingReyk Floeter
2015-08-19fcopy_env() should return void as it aborts on failure.Reyk Floeter
2015-08-19Use C99 integer types in ikectl(8).Reyk Floeter
2015-08-19Support for overwriting $ENV:: variables in OpenSSL .cnf files fromReyk Floeter
2015-08-15correct mode_t 644 to 0644Sebastien Marie
2015-08-15corrects three err() to errx() callsSebastien Marie
2015-07-27use file system path (.Pa) semantic markup macros where appropriate.Igor Sobrado
2015-06-11Use "compliant" header guards by avoiding the reserved '_' namespace.Reyk Floeter
2015-02-28Reduce usage of predefined strings in manpages.Anthony J. Bentley
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2014-11-22/dev/random has created the same effect as /dev/arandom (and /dev/urandom)Theo de Raadt
2014-08-26Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is notJoel Sing
2014-08-25Delete secret or secret-derived data with explicit_bzero.Doug Hogan
2014-07-20Make sure the correct errno is reported by warn* or err* and notPhilip Guenther
2014-04-18round up some enemy sympathizers found calling RAND_seed().Ted Unangst