#
6ff3914e |
| 15-May-2003 |
ho <ho@openbsd.org> |
Cleanup. Do not store the private key in either the exchange or sa structs.
|
#
401ae41b |
| 09-Jun-2002 |
todd <todd@openbsd.org> |
rm trailing whitespace
|
#
f1b6a806 |
| 07-Jun-2002 |
ho <ho@openbsd.org> |
Add 'ikecfg' as a valid Flags= value.
|
#
c45bbdf3 |
| 17-Mar-2002 |
angelos <angelos@openbsd.org> |
Move SA_FILE definition to sa.h.
|
#
0c6a08f2 |
| 17-Mar-2002 |
angelos <angelos@openbsd.org> |
Add 'T' and 'S' commands (for tearing-down and reporting all Phase 2 SAs), from bdallen@nps.navy.mil
|
#
4b460cdd |
| 25-Jan-2002 |
ho <ho@openbsd.org> |
no static for sa_dump, explicit log cls/level
|
#
45055671 |
| 27-Jun-2001 |
angelos <angelos@openbsd.org> |
Keep track of the ACQUIRE sequence number, and pass it to the kernel along with the ADD message.
|
#
81c9499d |
| 12-Jun-2001 |
niklas <niklas@openbsd.org> |
comment style
|
#
bf631b76 |
| 31-May-2001 |
angelos <angelos@openbsd.org> |
Get rid of recv_certlen, add sent_* and keynote_key fields, explanations added.
|
#
d19346c1 |
| 24-Apr-2001 |
niklas <niklas@openbsd.org> |
Correct SA refcounting. Fixes a bug where isakmpd could die when a peer was discovered to have rebooted, and old now invalid SAs had to be garbage- collected.
|
#
42af7185 |
| 27-Jan-2001 |
niklas <niklas@openbsd.org> |
(c) 2001
|
#
8350e7ee |
| 14-Jan-2001 |
angelos <angelos@openbsd.org> |
Handling of Phase 1 DELETE and Phase 2 INVALID_SPI messages (newsham@lava.net)
|
#
8f1655bc |
| 10-Oct-2000 |
niklas <niklas@openbsd.org> |
Merge with EOM 1.58
author: provos increase size of refcnt. okay niklas@
|
#
3ee968a9 |
| 03-Aug-2000 |
niklas <niklas@openbsd.org> |
Merge with EOM 1.57
author: angelos Add sa_enter() prototype.
|
#
82a95d7a |
| 08-Jun-2000 |
niklas <niklas@openbsd.org> |
Merge with EOM 1.56
author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID
Merge with EOM 1.56
author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol.
author: angelos Begin support for KeyNote credentials exchanged.
show more ...
|
#
bdbf6df3 |
| 01-Feb-2000 |
niklas <niklas@openbsd.org> |
apps/certpatch/certpatch.8: Merge with EOM 1.4 apps/certpatch/certpatch.c: Merge with EOM 1.6 exchange.c: Merge with EOM 1.114 ike_quick_mode.c: Merge with EOM 1.110 ike_phase_1.c: Merge with EOM 1.1
apps/certpatch/certpatch.8: Merge with EOM 1.4 apps/certpatch/certpatch.c: Merge with EOM 1.6 exchange.c: Merge with EOM 1.114 ike_quick_mode.c: Merge with EOM 1.110 ike_phase_1.c: Merge with EOM 1.16 ike_auth.c: Merge with EOM 1.41 ike_aggressive.c: Merge with EOM 1.4 libcrypto.c: Merge with EOM 1.10 libcrypto.h: Merge with EOM 1.10 isakmpd.8: Merge with EOM 1.19 isakmpd.c: Merge with EOM 1.42 ipsec.h: Merge with EOM 1.40 init.c: Merge with EOM 1.22 message.c: Merge with EOM 1.143 message.h: Merge with EOM 1.49 sa.c: Merge with EOM 1.98 sa.h: Merge with EOM 1.54 policy.c: Merge with EOM 1.14 pf_key_v2.c: Merge with EOM 1.36 x509.c: Merge with EOM 1.32 x509.h: Merge with EOM 1.9 udp.c: Merge with EOM 1.46
author: niklas Angelos copyrights
show more ...
|
#
b4d6e506 |
| 26-Aug-1999 |
niklas <niklas@openbsd.org> |
ike_phase_1.c: Merge with EOM 1.8 message.c: Merge with EOM 1.135 message.h: Merge with EOM 1.48 sa.c: Merge with EOM 1.97 sa.h: Merge with EOM 1.53
author: angelos Complete policy work; tested for
ike_phase_1.c: Merge with EOM 1.8 message.c: Merge with EOM 1.135 message.h: Merge with EOM 1.48 sa.c: Merge with EOM 1.97 sa.h: Merge with EOM 1.53
author: angelos Complete policy work; tested for the shared-key case. Documentation needed.
show more ...
|
#
21ec818b |
| 02-Jun-1999 |
niklas <niklas@openbsd.org> |
Merge with EOM 1.52
author: ho New flag
|
#
ae80164b |
| 27-Apr-1999 |
niklas <niklas@openbsd.org> |
sa.c: Merge with EOM 1.88 sa.h: Merge with EOM 1.51
author: niklas Handle leftover payloads, esp INITIAL CONTACT notifications. Factor out SA expiration setting. Add commentary.
author: ho Keep tr
sa.c: Merge with EOM 1.88 sa.h: Merge with EOM 1.51
author: niklas Handle leftover payloads, esp INITIAL CONTACT notifications. Factor out SA expiration setting. Add commentary.
author: ho Keep track of trailing retransmissions by keeping exchanges around longer. Removed references to sa->last_sent_in_setup, use last_sent and last_received in exchange instead. Free setup exchanges by expiration only.
author: ho Backout last change. (Go with exchange directly instead of sa->msg)
author: ho Handle phase 2 late retransmissions.
show more ...
|
#
6e959cc4 |
| 19-Apr-1999 |
niklas <niklas@openbsd.org> |
./sa.h: Merge with EOM 1.47
Remove SA_FLAG_REPLACED settings from various parts in preparation of a grand unified setting in exchange_finalize. Fix sa_mark_replaced to not release a referance to th
./sa.h: Merge with EOM 1.47
Remove SA_FLAG_REPLACED settings from various parts in preparation of a grand unified setting in exchange_finalize. Fix sa_mark_replaced to not release a referance to the sa, and adjust the API as it won't get called as a finalize func anymore.
show more ...
|
#
76ca92a8 |
| 05-Apr-1999 |
niklas <niklas@openbsd.org> |
Merge with EOM 1.46 New finalize API. Free keystate.
1999 copyrights
|
#
3ad8fb0c |
| 31-Mar-1999 |
niklas <niklas@openbsd.org> |
Merge with EOM 1.44 Add refcounting to SA's. Make phase 1 expirations be able to cause renegotiations if configured to.
|
#
23ee5a1e |
| 31-Mar-1999 |
niklas <niklas@openbsd.org> |
Merge with EOM 1.43 the SA replace flag
|
#
19a5b5f4 |
| 02-Mar-1999 |
niklas <niklas@openbsd.org> |
sa.c: Merge with EOM 1.67 Add SA attributes, specifically stayalive
sa.h: Merge with EOM 1.42 Add SA attributes, specifically stayalive
pf_encap.c: Merge with EOM 1.46 Add SA attributes, specifical
sa.c: Merge with EOM 1.67 Add SA attributes, specifically stayalive
sa.h: Merge with EOM 1.42 Add SA attributes, specifically stayalive
pf_encap.c: Merge with EOM 1.46 Add SA attributes, specifically stayalive
exchange.c: Merge with EOM 1.65 Add SA attributes, specifically stayalive
show more ...
|
#
10a439e7 |
| 27-Feb-1999 |
niklas <niklas@openbsd.org> |
ipsec.c: Merge with EOM 1.83 Only accept IPsec SAs when searching for such
sa.h: Merge with EOM 1.41 Stayalive connections as a default for now, init pf_encap_socket
pf_encap.c: Merge with EOM 1.45
ipsec.c: Merge with EOM 1.83 Only accept IPsec SAs when searching for such
sa.h: Merge with EOM 1.41 Stayalive connections as a default for now, init pf_encap_socket
pf_encap.c: Merge with EOM 1.45 Stayalive connections as a default for now, init pf_encap_socket
show more ...
|