From 68ebd76db77434f0d9435fc3d61bf59100e174b3 Mon Sep 17 00:00:00 2001 From: Niklas Hallqvist Date: Thu, 8 Jun 2000 20:51:12 +0000 Subject: Merge with EOM 1.104 author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: angelos Cleanup. --- sbin/isakmpd/sa.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c index 97decb07bf6..cfd79e3b571 100644 --- a/sbin/isakmpd/sa.c +++ b/sbin/isakmpd/sa.c @@ -1,5 +1,5 @@ -/* $OpenBSD: sa.c,v 1.28 2000/05/02 14:36:04 niklas Exp $ */ -/* $EOM: sa.c,v 1.102 2000/04/12 03:10:57 provos Exp $ */ +/* $OpenBSD: sa.c,v 1.29 2000/06/08 20:51:11 niklas Exp $ */ +/* $EOM: sa.c,v 1.104 2000/05/19 05:47:52 angelos Exp $ */ /* * Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. @@ -489,6 +489,12 @@ sa_release (struct sa *sa) else if (sa->recv_certtype == ISAKMP_CERTENC_NONE) free (sa->recv_cert); } + if (sa->recv_key) + free (sa->recv_key); +#if defined(POLICY) || defined(KEYNOTE) + if (sa->policy_id != -1) + LK (kn_close, (sa->policy-id)); +#endif if (sa->name) free (sa->name); if (sa->keystate) -- cgit v1.2.3