![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / iked
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.25 / (download) - annotate - [select for diffs], Wed Jan 17 08:25:02 2024 UTC (4 months, 3 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.24: +9 -9 lines
Diff to previous 1.24 (colored)
Convert to use imsg_get_fd() proc_forward_imsg() does not need to forward file descriptors so just use -1 there. In other places shuffle debug messages around or use a helper variable since imsg_get_fd() can only be called once. OK tb@ tobhe@
Revision 1.24 / (download) - annotate - [select for diffs], Sat Dec 3 22:34:35 2022 UTC (18 months, 1 week ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)
Consistently use uintXX_t from <stdint.h> instead of u_intXX_t.
Revision 1.23 / (download) - annotate - [select for diffs], Mon Dec 13 17:35:34 2021 UTC (2 years, 5 months ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.22: +16 -32 lines
Diff to previous 1.22 (colored)
Cleanup libcrypto memory management. Remove redundant NULL checks before calling *_free() functions. Use 'get0' functions where it makes sense to avoid some frees. Feedback and ok tb@
Revision 1.22 / (download) - annotate - [select for diffs], Fri Nov 19 21:16:25 2021 UTC (2 years, 6 months ago) by tobhe
Branch: MAIN
Changes since 1.21: +5 -1 lines
Diff to previous 1.21 (colored)
Check stdrup() return value.
Revision 1.21 / (download) - annotate - [select for diffs], Tue Dec 22 21:01:55 2020 UTC (3 years, 5 months ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.20: +10 -9 lines
Diff to previous 1.20 (colored)
Log SPI with SPI_SH() wherever possible.
Revision 1.20 / (download) - annotate - [select for diffs], Thu Sep 3 14:50:40 2020 UTC (3 years, 9 months ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.19: +10 -2 lines
Diff to previous 1.19 (colored)
Log OCSP url on connection failure.
Revision 1.19 / (download) - annotate - [select for diffs], Wed Sep 2 16:39:59 2020 UTC (3 years, 9 months ago) by tobhe
Branch: MAIN
Changes since 1.18: +28 -4 lines
Diff to previous 1.18 (colored)
Add 30s timeout for OCSP requests. ok patrick@
Revision 1.18 / (download) - annotate - [select for diffs], Tue Sep 1 17:06:11 2020 UTC (3 years, 9 months ago) by tobhe
Branch: MAIN
Changes since 1.17: +14 -11 lines
Diff to previous 1.17 (colored)
Log SPIs to make it easier to map OCSP messages to SAs.
Revision 1.17 / (download) - annotate - [select for diffs], Tue Sep 1 08:38:42 2020 UTC (3 years, 9 months ago) by tobhe
Branch: MAIN
Changes since 1.16: +24 -19 lines
Diff to previous 1.16 (colored)
Make OCSP response status logging less verbose.
Revision 1.16 / (download) - annotate - [select for diffs], Mon Aug 31 21:05:49 2020 UTC (3 years, 9 months ago) by tobhe
Branch: MAIN
Changes since 1.15: +6 -2 lines
Diff to previous 1.15 (colored)
Do not register a read/write callback on fd -1 (e.g. if connection failed).
Revision 1.15 / (download) - annotate - [select for diffs], Mon Aug 31 21:02:22 2020 UTC (3 years, 9 months ago) by tobhe
Branch: MAIN
Changes since 1.14: +3 -5 lines
Diff to previous 1.14 (colored)
Both ocsp_req_ctx and ocsp_req must be freed. Don't free ocsp_id as it is owned by ocsp_req and is cleaned up automatically.
Revision 1.14 / (download) - annotate - [select for diffs], Mon Aug 31 17:45:30 2020 UTC (3 years, 9 months ago) by tobhe
Branch: MAIN
Changes since 1.13: +61 -17 lines
Diff to previous 1.13 (colored)
Use SA header (SPIs) to map OCSP connect requests to their respective responses. This fixes concurrent OCSP requests for different IKE SAs. From Hans-Joerg Hoexer ok patrick@
Revision 1.13 / (download) - annotate - [select for diffs], Fri Aug 21 14:30:17 2020 UTC (3 years, 9 months ago) by tobhe
Branch: MAIN
Changes since 1.12: +40 -18 lines
Diff to previous 1.12 (colored)
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of /etc/iked/ocsp/issuer.crt. Try to get the OCSP url from the CA/issuer certificate, otherwise use the URL configured in 'set ocsp' in iked.conf. ok patrick@
Revision 1.12 / (download) - annotate - [select for diffs], Tue Aug 18 21:02:49 2020 UTC (3 years, 9 months ago) by tobhe
Branch: MAIN
Changes since 1.11: +15 -10 lines
Diff to previous 1.11 (colored)
Add optional time-stamp validaten for ocsp. The new optional 'tolerate' parameter specifies how many seconds leeway are allowed in the check. The optional maxage parameter indicates the allowed maximum age of the `thisUpdate' OCSP attribute value. ok patrick@
Revision 1.11 / (download) - annotate - [select for diffs], Mon Aug 17 16:49:28 2020 UTC (3 years, 9 months ago) by tobhe
Branch: MAIN
Changes since 1.10: +9 -3 lines
Diff to previous 1.10 (colored)
Fix possible leak of ocsp_id. ok patrick@
Revision 1.10 / (download) - annotate - [select for diffs], Sun Aug 16 09:09:17 2020 UTC (3 years, 9 months ago) by tobhe
Branch: MAIN
Changes since 1.9: +3 -3 lines
Diff to previous 1.9 (colored)
Clean up unused parameters.
Revision 1.9 / (download) - annotate - [select for diffs], Fri Jun 28 13:32:44 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.8 / (download) - annotate - [select for diffs], Mon Dec 7 12:46:37 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.7: +5 -7 lines
Diff to previous 1.7 (colored)
Sync proc.c, use shorter proc_compose[v]()
Revision 1.7 / (download) - annotate - [select for diffs], Mon Nov 23 19:28:34 2015 UTC (8 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.6: +2 -3 lines
Diff to previous 1.6 (colored)
Replace socket_set_blockmode() and fcntl(fd, F_SETFL, O_NONBLOCK) calls with the SOCK_NONBLOCK flag to socket() and accept4(). OK claudio@ jung@
Revision 1.6 / (download) - annotate - [select for diffs], Fri Aug 21 11:59:27 2015 UTC (8 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.5: +3 -3 lines
Diff to previous 1.5 (colored)
Switch iked to C99-style fixed-width integer types. OK mikeb@
Revision 1.5 / (download) - annotate - [select for diffs], Wed Aug 19 19:31:59 2015 UTC (8 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.4: +2 -0 lines
Diff to previous 1.4 (colored)
Add missing OpenBSD CVS tag - no binary change
Revision 1.4 / (download) - annotate - [select for diffs], Fri Jan 16 06:39:58 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.3: +1 -1 lines
Diff to previous 1.3 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.3 / (download) - annotate - [select for diffs], Mon Apr 28 11:19:22 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.2: +3 -3 lines
Diff to previous 1.2 (colored)
spacing
Revision 1.2 / (download) - annotate - [select for diffs], Tue Apr 22 12:00:03 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.1: +9 -7 lines
Diff to previous 1.1 (colored)
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit. ok mikeb@
Revision 1.1 / (download) - annotate - [select for diffs], Mon Feb 17 15:07:23 2014 UTC (10 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@