Cleanup. Do not store the private key in either the exchange or sa structs.

rm trailing whitespace

Add 'ikecfg' as a valid Flags= value.

Move SA_FILE definition to sa.h.

Add 'T' and 'S' commands (for tearing-down and reporting all Phase 2
SAs), from bdallen@nps.navy.mil

no static for sa_dump, explicit log cls/level

Keep track of the ACQUIRE sequence number, and pass it to the kernel
along with the ADD message.

comment style

Get rid of recv_certlen, add sent_* and keynote_key fields,
explanations added.

Correct SA refcounting. Fixes a bug where isakmpd could die when a peer was
discovered to have rebooted, and old now invalid SAs had to be garbage-
collected.

(c) 2001

Handling of Phase 1 DELETE and Phase 2 INVALID_SPI messages
(newsham@lava.net)

Merge with EOM 1.58

author: provos
increase size of refcnt. okay niklas@

Merge with EOM 1.57

author: angelos
Add sa_enter() prototype.

Merge with EOM 1.56

author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID

Merge with EOM 1.56

author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.

Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.

author: angelos
Begin support for KeyNote credentials exchanged.

show more ...

apps/certpatch/certpatch.8: Merge with EOM 1.4
apps/certpatch/certpatch.c: Merge with EOM 1.6
exchange.c: Merge with EOM 1.114
ike_quick_mode.c: Merge with EOM 1.110
ike_phase_1.c: Merge with EOM 1.1

apps/certpatch/certpatch.8: Merge with EOM 1.4
apps/certpatch/certpatch.c: Merge with EOM 1.6
exchange.c: Merge with EOM 1.114
ike_quick_mode.c: Merge with EOM 1.110
ike_phase_1.c: Merge with EOM 1.16
ike_auth.c: Merge with EOM 1.41
ike_aggressive.c: Merge with EOM 1.4
libcrypto.c: Merge with EOM 1.10
libcrypto.h: Merge with EOM 1.10
isakmpd.8: Merge with EOM 1.19
isakmpd.c: Merge with EOM 1.42
ipsec.h: Merge with EOM 1.40
init.c: Merge with EOM 1.22
message.c: Merge with EOM 1.143
message.h: Merge with EOM 1.49
sa.c: Merge with EOM 1.98
sa.h: Merge with EOM 1.54
policy.c: Merge with EOM 1.14
pf_key_v2.c: Merge with EOM 1.36
x509.c: Merge with EOM 1.32
x509.h: Merge with EOM 1.9
udp.c: Merge with EOM 1.46

author: niklas
Angelos copyrights

show more ...

ike_phase_1.c: Merge with EOM 1.8
message.c: Merge with EOM 1.135
message.h: Merge with EOM 1.48
sa.c: Merge with EOM 1.97
sa.h: Merge with EOM 1.53

author: angelos
Complete policy work; tested for

ike_phase_1.c: Merge with EOM 1.8
message.c: Merge with EOM 1.135
message.h: Merge with EOM 1.48
sa.c: Merge with EOM 1.97
sa.h: Merge with EOM 1.53

author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.

show more ...

Merge with EOM 1.52

author: ho
New flag

sa.c: Merge with EOM 1.88
sa.h: Merge with EOM 1.51

author: niklas
Handle leftover payloads, esp INITIAL CONTACT notifications.
Factor out SA expiration setting. Add commentary.

author: ho
Keep tr

sa.c: Merge with EOM 1.88
sa.h: Merge with EOM 1.51

author: niklas
Handle leftover payloads, esp INITIAL CONTACT notifications.
Factor out SA expiration setting. Add commentary.

author: ho
Keep track of trailing retransmissions by keeping exchanges around longer.
Removed references to sa->last_sent_in_setup, use last_sent and
last_received in exchange instead. Free setup exchanges by expiration only.

author: ho
Backout last change. (Go with exchange directly instead of sa->msg)

author: ho
Handle phase 2 late retransmissions.

show more ...

./sa.h: Merge with EOM 1.47

Remove SA_FLAG_REPLACED settings from various parts in preparation of a
grand unified setting in exchange_finalize. Fix sa_mark_replaced to not
release a referance to th

./sa.h: Merge with EOM 1.47

Remove SA_FLAG_REPLACED settings from various parts in preparation of a
grand unified setting in exchange_finalize. Fix sa_mark_replaced to not
release a referance to the sa, and adjust the API as it won't get called
as a finalize func anymore.

show more ...

Merge with EOM 1.46
New finalize API. Free keystate.

1999 copyrights

Merge with EOM 1.44
Add refcounting to SA's. Make phase 1 expirations be able to cause
renegotiations if configured to.

Merge with EOM 1.43
the SA replace flag

sa.c: Merge with EOM 1.67
Add SA attributes, specifically stayalive

sa.h: Merge with EOM 1.42
Add SA attributes, specifically stayalive

pf_encap.c: Merge with EOM 1.46
Add SA attributes, specifical

sa.c: Merge with EOM 1.67
Add SA attributes, specifically stayalive

sa.h: Merge with EOM 1.42
Add SA attributes, specifically stayalive

pf_encap.c: Merge with EOM 1.46
Add SA attributes, specifically stayalive

exchange.c: Merge with EOM 1.65
Add SA attributes, specifically stayalive

show more ...

ipsec.c: Merge with EOM 1.83
Only accept IPsec SAs when searching for such

sa.h: Merge with EOM 1.41
Stayalive connections as a default for now, init pf_encap_socket

pf_encap.c: Merge with EOM 1.45

ipsec.c: Merge with EOM 1.83
Only accept IPsec SAs when searching for such

sa.h: Merge with EOM 1.41
Stayalive connections as a default for now, init pf_encap_socket

pf_encap.c: Merge with EOM 1.45
Stayalive connections as a default for now, init pf_encap_socket

show more ...