Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-08-16 | Use %lld and cast to (long long) when printing time_t values | Philip Guenther | |
otto@ millert@ lteo@ mikeb@ deraadt@ | |||
2013-07-16 | use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@ | Ingo Schwarze | |
2013-01-08 | Remove private CVS tag from an obsolete repository and bump copyright | Reyk Floeter | |
to 2013 while I'm here... this is my way of saying "happy new year!". | |||
2012-12-08 | don't forget to include a path separator after an SSLDIR; | Mike Belopuhov | |
reported by david hill | |||
2012-11-01 | Remove dead code that was a leftover from the initial code which was | Reyk Floeter | |
based on snmpctl. Found and committed from the plane in 10km (35.000 feet). No functional change and this diff doesn't touch any crypto code so the current country below me cannot blame me for importing / exporting any crypto. ok benno@ | |||
2012-10-25 | Remove support email address from the example that is intended for | Reyk Floeter | |
customers for an existing company. | |||
2012-10-23 | Allow to overwrite a few more definitions like file paths from the | Reyk Floeter | |
Makefile. No functional change. | |||
2012-09-18 | update email addresses to match reality. | Reyk Floeter | |
sure jsg@ mikeb@ | |||
2012-07-08 | if you use nitems() in userland, you must define it yourself | Theo de Raadt | |
discussed with guenther | |||
2012-05-02 | s/snmpd/iked/ in comment | Gleydson Soares | |
ok henning@ | |||
2011-05-27 | spacing | Reyk Floeter | |
2011-01-20 | more double word removal; | Jason McIntyre | |
2010-10-11 | and another one... s/10.4.5.6/10.3.4.5/, also from jy-p. | Stuart Henderson | |
2010-10-11 | typo, s/10.1.2.3/10.2.3.4/, from jy-p | Stuart Henderson | |
2010-10-08 | set the client/server certificate options with all the common keyusage | Reyk Floeter | |
and extendedkeyusage and nscerttype flags. the ikectl CA can now be used with all kinds of other vpn tools in addition to iked and isakmpd. ok phessler@ | |||
2010-10-08 | check if a directory exists before trying to create it in the export | Jonathan Gray | |
case as well, spotted by mikeb | |||
2010-10-08 | tweak for nroff | Jonathan Gray | |
2010-10-08 | if non absolute paths are specified in install commands assume they | Jonathan Gray | |
are relative to /etc | |||
2010-10-08 | allow optional paths for the install commands so we can | Jonathan Gray | |
install into the isakmpd directory hierarchy for example. | |||
2010-10-08 | Allow to show certificate details (show ca x cert [y]). | Reyk Floeter | |
2010-10-07 | only try to setup a passfile when creating a CA | Jonathan Gray | |
2010-10-07 | Allow to specify the export password on the command line (optionally, for | Reyk Floeter | |
scripting). The "peer" argument now needs to be preceded with the "peer" keyword, eg. ... export peer 10.1.1.1 instead of export 10.1.1.1. | |||
2010-10-07 | sync usage(); | Jason McIntyre | |
2010-10-07 | nroff doesn't like long argument lists that work fine with mandoc. | Reyk Floeter | |
split them into Xo/Xc blocks to make nroff happy again. | |||
2010-10-07 | - add a -q (quiet) command line option that will be used by ikeca to | Reyk Floeter | |
set openssl batch mode: don't ask for x509 options, use the defaults. - allow to specify the initial ca password on the command line to also make it scriptable. - allow to create certificates for clientAuth or serverAuth only (eg. ikectl ca foo certificate bar server). - cosmetics: move double declarations of ca_*() functions to parser.h. ok phessler@ | |||
2010-10-07 | set saner permissions on the directory we export, so we don't change | Peter Hessler | |
perms of /etc/iked when extracting OK jsg@ | |||
2010-10-07 | When we create a new CA, also create an empty (but valid) CRL list. | Peter Hessler | |
While here, set our used defaults in the config file. OK reyk@, jsg@ | |||
2010-10-01 | tweak previous; | Jason McIntyre | |
2010-09-30 | Add jsg@ to the AUTHORS section of ikectl; he wrote the CA/PKI part. | Reyk Floeter | |
2010-09-30 | Add some examples about using the CA commands to create and install the | Reyk Floeter | |
CA and peers certificates. With input from mikeb@ | |||
2010-06-23 | fix the permissions on directories inside the exported tarball | Jonathan Gray | |
in the cert case. | |||
2010-06-23 | More appropriate contents for the exported ca tarball. | Jonathan Gray | |
2010-06-23 | Add a ca export command for EAP mode where we only require the CA cert, | Jonathan Gray | |
and make both export commands optionally take an argument that will be added to a peer.txt file in the exported output. Additionally include any site specific notes from /usr/share/iked if present. man page bits and help with the parser from reyk | |||
2010-06-21 | use the full path to zip | Jonathan Gray | |
2010-06-15 | fix an mdoc macro | Jonathan Gray | |
2010-06-14 | Add commands to create/delete/install/import keys without | Jonathan Gray | |
involving certificates as suggested by reyk and don't recreate private keys if a key already exists. ok reyk@ | |||
2010-06-10 | Add a command to revoke a certificate and generate a CRL; | Jonathan Gray | |
make the ca install command install the CRL as well. discussed with reyk@ | |||
2010-06-10 | add new commands: the couple/decouple commands will set loading of the | Reyk Floeter | |
learned flows and SAs to the kernel which is useful for testing and debugging. the active/passive commands are required to use iked with sasyncd(8); sasyncd just needs to call "ikectl active/passive" or send the appropriate imsg to support iked but this is not implemented yet. | |||
2010-06-07 | switch iked pki files to /etc/iked, discussed with reyk. | Jonathan Gray | |
2010-06-04 | Install the cert as well as the keys and make certs world | Jonathan Gray | |
readable as suggested by reyk@ | |||
2010-06-03 | Import iked, a new implementation of the IKEv2 protocol. | Reyk Floeter | |
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder. with lots of help and debugging by jsg@ ok deraadt@ | |||
2010-06-03 | Import iked, a new implementation of the IKEv2 protocol. | Reyk Floeter | |
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder. with lots of help and debugging by jsg@ ok deraadt@ |