#
ce7279d8 |
| 21-May-2024 |
jsg <jsg@openbsd.org> |
remove prototypes with no matching function and externs with no var partly checked by millert@
|
#
05442ddf |
| 05-Aug-2007 |
tom <tom@openbsd.org> |
Allow key exchange with RSA signature authentication to work with Cisco IOS and other initiators that only send their certs in response to CERT_REQUEST.
With input and help from cloder@, Stuart Hend
Allow key exchange with RSA signature authentication to work with Cisco IOS and other initiators that only send their certs in response to CERT_REQUEST.
With input and help from cloder@, Stuart Henderson, mpf@, and several others who did lots of testing - thanks to all.
ok hshoexer@
show more ...
|
#
8f479359 |
| 05-Apr-2005 |
cloder <cloder@openbsd.org> |
Now that X509 is de-featurized, no need for USE_X509 in regress tests. Start compiling the X509 regress test again, for the first time since 2002 when DLOPEN stuff was removed. Kill remnants of DLOP
Now that X509 is de-featurized, no need for USE_X509 in regress tests. Start compiling the X509 regress test again, for the first time since 2002 when DLOPEN stuff was removed. Kill remnants of DLOPEN defines left around in other Makefiles. Allow isakmpd to compile if USE_KEYNOTE is not defined.
show more ...
|
#
b6e0b5cb |
| 25-Jun-2004 |
hshoexer <hshoexer@openbsd.org> |
Keynote policy checking can now be disabled by "-K" switch and config tag "Use-Keynote". Default is to use keynote.
ok henning@ ho@
|
#
8648096c |
| 28-Apr-2004 |
hshoexer <hshoexer@openbsd.org> |
remove unused variable and shorten names of two other. Removed some spaces while around.
ok ho@ markus@
|
#
fb9475d6 |
| 15-Apr-2004 |
deraadt <deraadt@openbsd.org> |
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
show more ...
|
#
f3571e78 |
| 04-Jun-2003 |
ho <ho@openbsd.org> |
Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, Angelos D. Keromytis and Niels Provos.
|
#
f89ef103 |
| 14-May-2003 |
ho <ho@openbsd.org> |
Policy file default defined twice, kill the local copy.
|
#
f61a65ac |
| 10-Jun-2002 |
ho <ho@openbsd.org> |
The dlopen() stuff goes away.
|
#
e1920bd8 |
| 15-Aug-2001 |
ho <ho@openbsd.org> |
Some more style...
|
#
8d5e60fb |
| 31-May-2001 |
angelos <angelos@openbsd.org> |
Routines for handling KeyNote cert representation.
|
#
23d41768 |
| 07-Oct-2000 |
niklas <niklas@openbsd.org> |
cert.c: Merge with EOM 1.18 cert.h: Merge with EOM 1.8 libcrypto.c: Merge with EOM 1.14 policy.h: Merge with EOM 1.12 x509.h: Merge with EOM 1.11
author: niklas Multiple subject name matching, makes
cert.c: Merge with EOM 1.18 cert.h: Merge with EOM 1.8 libcrypto.c: Merge with EOM 1.14 policy.h: Merge with EOM 1.12 x509.h: Merge with EOM 1.11
author: niklas Multiple subject name matching, makes certificate interop with PGPnet at least partly working. Added some error checking.
show more ...
|
#
8716d930 |
| 08-Jun-2000 |
niklas <niklas@openbsd.org> |
Merge with EOM 1.11
author: angelos Different policy/Keynote sessions per Phase 1 SA.
author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single
Merge with EOM 1.11
author: angelos Different policy/Keynote sessions per Phase 1 SA.
author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol.
author: angelos A few more definitions.
author: angelos Some more support for KeyNote credential exchange (not yet done).
show more ...
|
#
602f0718 |
| 02-May-2000 |
niklas <niklas@openbsd.org> |
Merge with EOM 1.7
author: angelos Move POLICY_FILE_DEFAULT definition to the .h file.
|
#
f06afa72 |
| 07-Apr-2000 |
niklas <niklas@openbsd.org> |
Merge with EOM 1.6
author: niklas Hmm keynote does not exist in a dynamically linked version
|
#
2a5dd72e |
| 20-Feb-2000 |
niklas <niklas@openbsd.org> |
Merge with EOM 1.5
author: niklas Allow isakmpd builders to remove optional parts and save bytes.
|
#
4f85a33e |
| 26-Aug-1999 |
niklas <niklas@openbsd.org> |
Merge with EOM 1.4
author: niklas typo
author: niklas Support dynamic loading of libkeynote too. Build isakmpd static by default. Stylistic cleanup of keynote policy code. Correct some libcrypto
Merge with EOM 1.4
author: niklas typo
author: niklas Support dynamic loading of libkeynote too. Build isakmpd static by default. Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
show more ...
|
#
d2c95615 |
| 07-Jul-1999 |
niklas <niklas@openbsd.org> |
policy.h: Merge with EOM 1.2 policy.c: Merge with EOM 1.2
author: niklas Remove $EOM$ from Eom repository version
author: niklas New file, for keynote policy handling. By angelos@openbsd.org
|