![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / isakmpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.126 / (download) - annotate - [select for diffs], Sun Apr 28 16:43:42 2024 UTC (5 weeks, 6 days ago) by florian
Branch: MAIN
CVS Tags: HEAD
Changes since 1.125: +18 -4 lines
Diff to previous 1.125 (colored)
gmtime(3) / locatime(3) can fail when timestamps are way off. Add missing error checks to all calls under sbin/ Input & OK millert
Revision 1.125 / (download) - annotate - [select for diffs], Sun Jan 16 14:30:11 2022 UTC (2 years, 4 months ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.124: +2 -4 lines
Diff to previous 1.124 (colored)
isakmpd: fix -Wunused-but-set-variable warnings ok guenther@
Revision 1.124 / (download) - annotate - [select for diffs], Fri Nov 19 23:15:59 2021 UTC (2 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.123: +3 -3 lines
Diff to previous 1.123 (colored)
isakmpd: stop reaching into EVP_PKEY. Straightforward conversion to the OpenSSL 1.1 API as a step towards making EVP_PKEY opaque. EVP_PKEY_get0_RSA() can't fail if we know that the pkey type is RSA. ok sthen
Revision 1.123 / (download) - annotate - [select for diffs], Sun Oct 31 16:45:04 2021 UTC (2 years, 7 months ago) by tb
Branch: MAIN
Changes since 1.122: +14 -6 lines
Diff to previous 1.122 (colored)
Now that X509_OBJECT is opaque, we need to allocate it on the heap instead of having it on the stack. Adjust code accordingly.
Revision 1.122 / (download) - annotate - [select for diffs], Thu Oct 21 14:01:00 2021 UTC (2 years, 7 months ago) by tb
Branch: MAIN
Changes since 1.121: +36 -20 lines
Diff to previous 1.121 (colored)
isakmpd: prepare for opaque X509_STORE_CTX struct. ok benno
Revision 1.121 / (download) - annotate - [select for diffs], Thu Oct 21 13:58:02 2021 UTC (2 years, 7 months ago) by tb
Branch: MAIN
Changes since 1.120: +10 -9 lines
Diff to previous 1.120 (colored)
isakmpd: prepare for opaque X509_EXTENSION struct. This needs to use an accessor instead of reaching directly into the struct. ok benno
Revision 1.120 / (download) - annotate - [select for diffs], Wed Oct 13 16:57:43 2021 UTC (2 years, 7 months ago) by tb
Branch: MAIN
Changes since 1.119: +1 -17 lines
Diff to previous 1.119 (colored)
isakmpd: remove #ifdefs for ancient OPENSSL_VERSIONs. No-one is going to build this with OpenSSL 0.9.7 or earlier, so we can remove this code. ok bluhm sthen (as part of a larger diff)
Revision 1.119 / (download) - annotate - [select for diffs], Fri Jul 2 11:15:12 2021 UTC (2 years, 11 months ago) by schwarze
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.118: +3 -3 lines
Diff to previous 1.118 (colored)
call the API function X509_NAME_cmp(3) instead of the obsolete, undocumented macro alias X509_name_cmp(3); no binary change; OK tb@
Revision 1.118 / (download) - annotate - [select for diffs], Fri Jan 16 06:39:59 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.117: +2 -3 lines
Diff to previous 1.117 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.117 / (download) - annotate - [select for diffs], Thu May 1 07:35:57 2014 UTC (10 years, 1 month ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.116: +2 -2 lines
Diff to previous 1.116 (colored)
Correct a test for X509_get_notAfter() failing or returning an unsupported time type when passing data to keynote. Problem introduced by angelos in 1.41 though the code has been reformatted a few times since then. ok otto@ miod@
Revision 1.116 / (download) - annotate - [select for diffs], Fri Mar 7 07:19:42 2014 UTC (10 years, 3 months ago) by gerhard
Branch: MAIN
Changes since 1.115: +2 -1 lines
Diff to previous 1.115 (colored)
If allocation of 'id' fails, don't try to deref it after 'goto fail'. ok millert@
Revision 1.115 / (download) - annotate - [select for diffs], Thu Nov 14 15:44:06 2013 UTC (10 years, 6 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.114: +4 -3 lines
Diff to previous 1.114 (colored)
fix parameter types for x509 routines ok mikeb
Revision 1.114 / (download) - annotate - [select for diffs], Sun Oct 27 18:54:03 2013 UTC (10 years, 7 months ago) by guenther
Branch: MAIN
Changes since 1.113: +3 -3 lines
Diff to previous 1.113 (colored)
If a constant string needs a name, use a static const array instead of a pointer or non-const array, as that minimizes the symbols, maximizes the placement into read-only memory, and avoids warnings from gcc -Wformat=2 when they're used as format strings. ok deraadt@
Revision 1.113 / (download) - annotate - [select for diffs], Tue Jun 29 19:50:16 2010 UTC (13 years, 11 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.112: +2 -2 lines
Diff to previous 1.112 (colored)
Replace the hand-crafted Diffie-Hellman implementation in isakmpd with the smaller implementation from iked that is using libcrypto instead. This allows to remove a lot of code (which is always good), get rid of some custom crypto code by using libcrypto, theoretically adds support for many new MODP and EC2N/ECP modes (but it is not configurable yet), and allows to share the dh.c/dh.h code in different codebases (it is identical in isakmpd and iked, but could also be used elsewhere). ok deraadt@
Revision 1.112 / (download) - annotate - [select for diffs], Sat Sep 6 12:22:57 2008 UTC (15 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.111: +8 -2 lines
Diff to previous 1.111 (colored)
adapt to API changes in OpenSSL 0.9.8h
Revision 1.111 / (download) - annotate - [select for diffs], Sun Sep 2 15:19:24 2007 UTC (16 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.110: +3 -3 lines
Diff to previous 1.110 (colored)
use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg
Revision 1.110 / (download) - annotate - [select for diffs], Sun Aug 5 09:43:09 2007 UTC (16 years, 10 months ago) by tom
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.109: +24 -10 lines
Diff to previous 1.109 (colored)
Allow key exchange with RSA signature authentication to work with Cisco IOS and other initiators that only send their certs in response to CERT_REQUEST. With input and help from cloder@, Stuart Henderson, mpf@, and several others who did lots of testing - thanks to all. ok hshoexer@
Revision 1.109 / (download) - annotate - [select for diffs], Mon Apr 16 13:01:39 2007 UTC (17 years, 1 month ago) by moritz
Branch: MAIN
Changes since 1.108: +13 -24 lines
Diff to previous 1.108 (colored)
There's no point in checking ptr for NULL before doing free(ptr) since free(NULL) is just fine. ok hshoexer@
Revision 1.106.2.1 / (download) - annotate - [select for diffs], Fri Apr 6 08:07:19 2007 UTC (17 years, 2 months ago) by mbalmer
Branch: OPENBSD_4_0
Changes since 1.106: +9 -4 lines
Diff to previous 1.106 (colored) next main 1.107 (colored)
Make isakmpd(8) useable with CaCert signed certificates and add a fix from -current. MFC: revision 1.108 date: 2007/03/03 20:03:03; author: tom; state: Exp; lines: +7 -2 There may be more than one item in the subjectAltName (cropping up with CACert certificates) so don't require the reported length to be exactly equal to the length of the data, but accept it if it's <= the length of the data (i.e. we just use the first alt name). The purpose of the check is to make sure we don't try to read beyond the data we actually have. ok cloder@ hshoexer@
Revision 1.105.2.1 / (download) - annotate - [select for diffs], Fri Apr 6 08:07:05 2007 UTC (17 years, 2 months ago) by mbalmer
Branch: OPENBSD_3_9
Changes since 1.105: +9 -4 lines
Diff to previous 1.105 (colored) next main 1.106 (colored)
Make isakmpd(8) usable with CaCert signed certificates and add a fix from -current. MFC: revision 1.108 date: 2007/03/03 20:03:03; author: tom; state: Exp; lines: +7 -2 There may be more than one item in the subjectAltName (cropping up with CACert certificates) so don't require the reported length to be exactly equal to the length of the data, but accept it if it's <= the length of the data (i.e. we just use the first alt name). The purpose of the check is to make sure we don't try to read beyond the data we actually have. ok cloder@ hshoexer@
Revision 1.108 / (download) - annotate - [select for diffs], Sat Mar 3 20:03:03 2007 UTC (17 years, 3 months ago) by tom
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.107: +7 -2 lines
Diff to previous 1.107 (colored)
There may be more than one item in the subjectAltName (cropping up with CACert certificates) so don't require the reported length to be exactly equal to the length of the data, but accept it if it's <= the length of the data (i.e. we just use the first alt name). The purpose of the check is to make sure we don't try to read beyond the data we actually have. ok cloder@ hshoexer@
Revision 1.107 / (download) - annotate - [select for diffs], Tue Sep 19 10:48:41 2006 UTC (17 years, 8 months ago) by otto
Branch: MAIN
Changes since 1.106: +3 -3
lines
Diff to previous 1.106 (colored)
Use S_IS* macros insted of masking with S_IF* flags. The latter may have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@ Use S_IS* macros insted of masking with S_IF* flags. The latter may have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@ Use S_IS* macros insted of masking with S_IF* flags. The latter may have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@
Revision 1.107 / (download) - annotate - [select for diffs], Tue Sep 19 10:48:41 2006 UTC (17 years, 8 months ago) by otto
Branch: MAIN
Changes since 1.106: +3 -3
lines
Diff to previous 1.106 (colored)
Use S_IS* macros insted of masking with S_IF* flags. The latter may have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@ Use S_IS* macros insted of masking with S_IF* flags. The latter may have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@ Use S_IS* macros insted of masking with S_IF* flags. The latter may have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@
Revision 1.107 / (download) - annotate - [select for diffs], Tue Sep 19 10:48:41 2006 UTC (17 years, 8 months ago) by otto
Branch: MAIN
Changes since 1.106: +3 -3
lines
Diff to previous 1.106 (colored)
Use S_IS* macros insted of masking with S_IF* flags. The latter may have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@ Use S_IS* macros insted of masking with S_IF* flags. The latter may have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@ Use S_IS* macros insted of masking with S_IF* flags. The latter may have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@
Revision 1.106 / (download) - annotate - [select for diffs], Fri Jun 2 19:35:55 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE
Branch point for: OPENBSD_4_0
Changes since 1.105: +2 -2 lines
Diff to previous 1.105 (colored)
Big spelling cleanup, no binary change. From david@
Revision 1.105 / (download) - annotate - [select for diffs], Tue Nov 15 21:49:04 2005 UTC (18 years, 6 months ago) by cloder
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE
Branch point for: OPENBSD_3_9
Changes since 1.104: +3 -11 lines
Diff to previous 1.104 (colored)
Add a new raw2hex function and yank out several pieces of code in other places that were doing this. Prodding deraadt. OK hshoexer.
Revision 1.104 / (download) - annotate - [select for diffs], Mon Nov 14 23:25:11 2005 UTC (18 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.103: +11 -18 lines
Diff to previous 1.103 (colored)
use snprintf; ok cloder. also looked at by a few other people
Revision 1.103 / (download) - annotate - [select for diffs], Sat May 28 17:42:50 2005 UTC (19 years ago) by moritz
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.102: +15 -51 lines
Diff to previous 1.102 (colored)
introduce new readdir implementation for the monitor. testing and ok hshoexer@
Revision 1.102 / (download) - annotate - [select for diffs], Thu May 26 00:58:52 2005 UTC (19 years ago) by cloder
Branch: MAIN
Changes since 1.101: +46 -67 lines
Diff to previous 1.101 (colored)
Clean up some cleanup code. Fixes at least one leak, possibly more. OK hshoexer
Revision 1.101 / (download) - annotate - [select for diffs], Fri Apr 8 22:32:10 2005 UTC (19 years, 2 months ago) by cloder
Branch: MAIN
Changes since 1.100: +1 -3 lines
Diff to previous 1.100 (colored)
Make deterministic randomness (only ever used for testing) a compile-time option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer
Revision 1.100 / (download) - annotate - [select for diffs], Fri Apr 8 17:15:01 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.99: +1 -7 lines
Diff to previous 1.99 (colored)
keynote and policy always compiled in
Revision 1.99 / (download) - annotate - [select for diffs], Fri Apr 8 16:24:12 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.98: +1 -9 lines
Diff to previous 1.98 (colored)
privsep always
Revision 1.98 / (download) - annotate - [select for diffs], Tue Apr 5 20:46:20 2005 UTC (19 years, 2 months ago) by cloder
Branch: MAIN
Changes since 1.97: +2 -3 lines
Diff to previous 1.97 (colored)
Always compile X509 support. Almost everyone uses it. Makes the code much easier to read and to maintain. OK and testing by hshoexer@, more testing by me
Revision 1.97 / (download) - annotate - [select for diffs], Tue Mar 15 16:49:05 2005 UTC (19 years, 2 months ago) by mpf
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored)
small log message fix. ok hshoexer@, markus@
Revision 1.96 / (download) - annotate - [select for diffs], Sun Feb 27 13:12:12 2005 UTC (19 years, 3 months ago) by hshoexer
Branch: MAIN
Changes since 1.95: +2 -2 lines
Diff to previous 1.95 (colored)
where possible, use bzero instead of memset ok cloder henning
Revision 1.95 / (download) - annotate - [select for diffs], Tue Aug 10 19:21:01 2004 UTC (19 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.94: +62 -65 lines
Diff to previous 1.94 (colored)
spacing
Revision 1.94 / (download) - annotate - [select for diffs], Sun Aug 8 19:11:06 2004 UTC (19 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.93: +6 -6 lines
Diff to previous 1.93 (colored)
spacing
Revision 1.93 / (download) - annotate - [select for diffs], Thu Jun 17 19:32:06 2004 UTC (19 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.92: +13 -4 lines
Diff to previous 1.92 (colored)
Evaluate result of X509_verify_cert() more carefully. ok cloder@
Revision 1.92 / (download) - annotate - [select for diffs], Mon Jun 14 13:53:31 2004 UTC (19 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.91: +49 -26 lines
Diff to previous 1.91 (colored)
avoid stat before open ok ho@
Revision 1.91 / (download) - annotate - [select for diffs], Mon Jun 14 09:55:42 2004 UTC (19 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.90: +31 -19 lines
Diff to previous 1.90 (colored)
KNF, style, 80c, etc. hshoexer@ ok
Revision 1.90 / (download) - annotate - [select for diffs], Wed Jun 2 16:19:16 2004 UTC (20 years ago) by hshoexer
Branch: MAIN
Changes since 1.89: +5 -45 lines
Diff to previous 1.89 (colored)
remove unused BIO-functions. ok markus@ ho@
Revision 1.89 / (download) - annotate - [select for diffs], Sun May 23 18:17:56 2004 UTC (20 years ago) by hshoexer
Branch: MAIN
Changes since 1.88: +106 -77 lines
Diff to previous 1.88 (colored)
More KNF. Mainly spaces and line-wraps, no binary change. ok ho@
Revision 1.88 / (download) - annotate - [select for diffs], Thu Apr 15 18:39:26 2004 UTC (20 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.87: +1118 -1283 lines
Diff to previous 1.87 (colored)
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
Revision 1.87 / (download) - annotate - [select for diffs], Wed Apr 7 22:45:49 2004 UTC (20 years, 2 months ago) by ho
Branch: MAIN
Changes since 1.86: +3 -4 lines
Diff to previous 1.86 (colored)
-Wsign-compare nits. hshoexer@ ok.
Revision 1.86 / (download) - annotate - [select for diffs], Fri Mar 19 14:04:43 2004 UTC (20 years, 2 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.85: +52 -11 lines
Diff to previous 1.85 (colored)
Add missing bits to make already present privsep code work. Enable privsep. ok ho@ deraadt@ markus@
Revision 1.85 / (download) - annotate - [select for diffs], Tue Jan 6 00:09:19 2004 UTC (20 years, 5 months ago) by hshoexer
Branch: MAIN
Changes since 1.84: +4 -10 lines
Diff to previous 1.84 (colored)
Remove redundant test for file types. Noted by Stefan Paletta. While around, fix typos in log messages. Both ok markus@
Revision 1.84 / (download) - annotate - [select for diffs], Fri Nov 7 10:16:44 2003 UTC (20 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.83: +2 -2 lines
Diff to previous 1.83 (colored)
adress -> address, and a few more; all from Jonathon Gray; (mvme68k/mvme88k) vs.c and (vax) if_le.c ok miod@ isakmpd ones ok ho@
Revision 1.83 / (download) - annotate - [select for diffs], Thu Nov 6 16:12:08 2003 UTC (20 years, 7 months ago) by ho
Branch: MAIN
Changes since 1.82: +3 -3 lines
Diff to previous 1.82 (colored)
Style nits.
Revision 1.82 / (download) - annotate - [select for diffs], Tue Jun 10 16:41:29 2003 UTC (21 years ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.81: +4 -4 lines
Diff to previous 1.81 (colored)
boring cleanups
Revision 1.81 / (download) - annotate - [select for diffs], Wed Jun 4 07:31:17 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.80: +1 -6 lines
Diff to previous 1.80 (colored)
Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, Angelos D. Keromytis and Niels Provos.
Revision 1.80 / (download) - annotate - [select for diffs], Tue Jun 3 12:51:39 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.79: +7 -7 lines
Diff to previous 1.79 (colored)
Cleanup. Use 'sizeof variable' instead of magic constants.
Revision 1.79 / (download) - annotate - [select for diffs], Wed Apr 9 15:46:48 2003 UTC (21 years, 2 months ago) by ho
Branch: MAIN
Changes since 1.78: +2 -2 lines
Diff to previous 1.78 (colored)
Less noise for missing crl dir, demoted to debug message.
Revision 1.78 / (download) - annotate - [select for diffs], Tue Dec 3 16:08:13 2002 UTC (21 years, 6 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.77: +7 -4 lines
Diff to previous 1.77 (colored)
LOG_DBG for missing ca/, certs/, crls/ dirs, not log_error(). Suggested by markus@.
Revision 1.77 / (download) - annotate - [select for diffs], Wed Sep 11 09:50:44 2002 UTC (21 years, 9 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored)
signed vs unsigned, some void * arithmetic, from -pedantic. niklas@ ok.
Revision 1.76 / (download) - annotate - [select for diffs], Thu Sep 5 15:47:22 2002 UTC (21 years, 9 months ago) by ho
Branch: MAIN
Changes since 1.75: +60 -53 lines
Diff to previous 1.75 (colored)
Do not require the presence of subjectAltName in certificates used for IKE auth. Should make interoperating with for example FreeS/WAN easier (Pluto).
Revision 1.75 / (download) - annotate - [select for diffs], Thu Aug 29 12:13:19 2002 UTC (21 years, 9 months ago) by ho
Branch: MAIN
Changes since 1.74: +21 -5 lines
Diff to previous 1.74 (colored)
Work around arguably correct OpenSSL behaviour and only ask for CRL checks when we actually have CRLs to check against. Problem pointed out by <sturm@sec.informatik.tu-darmstadt.de>.
Revision 1.74 / (download) - annotate - [select for diffs], Wed Aug 7 13:19:20 2002 UTC (21 years, 10 months ago) by ho
Branch: MAIN
Changes since 1.73: +118 -33 lines
Diff to previous 1.73 (colored)
A rewrite of the CRL support code, also from <Thomas.Walpuski@gmx.net>. Some style mods, and checks added for OpenSSL version 0.9.7 or later. Currently CRLs are not supported for earlier versions. Manual pages updated.
Revision 1.73 / (download) - annotate - [select for diffs], Fri Aug 2 13:10:41 2002 UTC (21 years, 10 months ago) by ho
Branch: MAIN
Changes since 1.72: +42 -1 lines
Diff to previous 1.72 (colored)
CRL support for isakmpd. From <Thomas.Walpuski@gmx.net> with some minor modifications by me. ok niklas@.
Revision 1.72 / (download) - annotate - [select for diffs], Mon Jun 10 20:45:35 2002 UTC (22 years ago) by ho
Branch: MAIN
Changes since 1.71: +7 -11 lines
Diff to previous 1.71 (colored)
Zap a few remaining libkeynote refs.
Revision 1.71 / (download) - annotate - [select for diffs], Mon Jun 10 18:08:59 2002 UTC (22 years ago) by ho
Branch: MAIN
Changes since 1.70: +71 -83 lines
Diff to previous 1.70 (colored)
The dlopen() stuff goes away.
Revision 1.70 / (download) - annotate - [select for diffs], Sat Jun 1 07:44:22 2002 UTC (22 years ago) by deraadt
Branch: MAIN
Changes since 1.69: +11 -10 lines
Diff to previous 1.69 (colored)
size_t must be cast to (unsigned long) and printed using %lu
Revision 1.69 / (download) - annotate - [select for diffs], Wed Mar 6 10:02:32 2002 UTC (22 years, 3 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.68: +4 -4 lines
Diff to previous 1.68 (colored)
Fix a couple of snprintf length bugs. Same problem <chris@stallion.oz.au> found for policy passphrases.
Revision 1.68 / (download) - annotate - [select for diffs], Wed Jan 23 18:44:48 2002 UTC (22 years, 4 months ago) by ho
Branch: MAIN
Changes since 1.67: +2 -2 lines
Diff to previous 1.67 (colored)
the last few sprintf -> snprintf
Revision 1.67 / (download) - annotate - [select for diffs], Wed Jan 23 17:26:21 2002 UTC (22 years, 4 months ago) by ho
Branch: MAIN
Changes since 1.66: +20 -20 lines
Diff to previous 1.66 (colored)
strcpy->strlcpy, sprintf->snprintf
Revision 1.66 / (download) - annotate - [select for diffs], Thu Jan 3 09:24:02 2002 UTC (22 years, 5 months ago) by ho
Branch: MAIN
Changes since 1.65: +3 -3 lines
Diff to previous 1.65 (colored)
strftime format fixes. From Christo Butcher <christo@fox-it.com>.
Revision 1.65 / (download) - annotate - [select for diffs], Sat Aug 25 22:17:13 2001 UTC (22 years, 9 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE,
OPENBSD_3_0
Changes since 1.64: +26 -1 lines
Diff to previous 1.64 (colored)
Add x509_DN_string API to get a printable DN component given one rpresented in ASN.1
Revision 1.64 / (download) - annotate - [select for diffs], Thu Aug 16 14:23:21 2001 UTC (22 years, 9 months ago) by ho
Branch: MAIN
Changes since 1.63: +2 -2 lines
Diff to previous 1.63 (colored)
Don't right-justify this debug message.
Revision 1.63 / (download) - annotate - [select for diffs], Fri Jul 13 14:16:39 2001 UTC (22 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.62: +21 -6 lines
Diff to previous 1.62 (colored)
Be more verbose about why X509_verify_cert() failed. Thanks to <sakane@kame.net> for pointing out X509_verify_cert_error_string(). :)
Revision 1.62 / (download) - annotate - [select for diffs], Thu Jul 5 12:37:00 2001 UTC (22 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.61: +11 -6 lines
Diff to previous 1.61 (colored)
Add prototypes and some other various cleanup.
Revision 1.61 / (download) - annotate - [select for diffs], Thu Jul 5 07:28:00 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.60: +2 -56 lines
Diff to previous 1.60 (colored)
On closer inspection, freeing the X509 names is bad. I should stop coding late while half-asleep.
Revision 1.60 / (download) - annotate - [select for diffs], Thu Jul 5 07:16:52 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.59: +57 -3 lines
Diff to previous 1.59 (colored)
Free X509 names in case of failure and when done.
Revision 1.59 / (download) - annotate - [select for diffs], Sun Jul 1 19:48:44 2001 UTC (22 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.58: +2 -2 lines
Diff to previous 1.58 (colored)
Style
Revision 1.58 / (download) - annotate - [select for diffs], Fri Jun 22 16:21:43 2001 UTC (22 years, 11 months ago) by provos
Branch: MAIN
Changes since 1.57: +17 -4 lines
Diff to previous 1.57 (colored)
fix for filesystems where readdir does not return d_type, use stat instead. okay deraadt@
Revision 1.57 / (download) - annotate - [select for diffs], Thu Jun 7 07:35:15 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)
log_error -> log_print
Revision 1.56 / (download) - annotate - [select for diffs], Thu Jun 7 04:46:45 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.55: +20 -149 lines
Diff to previous 1.55 (colored)
No need to allocate/free X509 policy information -- the certs are converted as needed, and the CA certs are irrelevant.
Revision 1.55 / (download) - annotate - [select for diffs], Thu Jun 7 04:23:35 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.54: +120 -68 lines
Diff to previous 1.54 (colored)
Get rid of the main policy session (unnecessary).
Revision 1.54 / (download) - annotate - [select for diffs], Tue Jun 5 10:11:42 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.53: +3 -3 lines
Diff to previous 1.53 (colored)
log_error() cleanup
Revision 1.53 / (download) - annotate - [select for diffs], Tue Jun 5 06:51:05 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.52: +1 -10 lines
Diff to previous 1.52 (colored)
Bad niklas, re-committed redundant code.
Revision 1.52 / (download) - annotate - [select for diffs], Tue Jun 5 05:59:43 2001 UTC (23 years ago) by niklas
Branch: MAIN
Changes since 1.51: +20 -11 lines
Diff to previous 1.51 (colored)
Style issues and commentary
Revision 1.51 / (download) - annotate - [select for diffs], Thu May 31 20:20:59 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.50: +84 -11 lines
Diff to previous 1.50 (colored)
New routines for handling X509 cert representation.
Revision 1.50 / (download) - annotate - [select for diffs], Sat May 12 06:46:58 2001 UTC (23 years, 1 month ago) by angelos
Branch: MAIN
Changes since 1.49: +2 -2 lines
Diff to previous 1.49 (colored)
size_t -> u_int32_t (mcmahill@mtl.mit.edu)
Revision 1.29.2.2 / (download) - annotate - [select for diffs], Tue May 8 12:45:26 2001 UTC (23 years, 1 month ago) by ho
Branch: OPENBSD_2_8
Changes since 1.29.2.1: +401 -205 lines
Diff to previous 1.29.2.1 (colored) to branchpoint 1.29 (colored) next main 1.30 (colored)
Pull in isakmpd from 2.9 to 2.8 branch.
Revision 1.49 / (download) - annotate - [select for diffs], Thu Apr 12 15:50:02 2001 UTC (23 years, 2 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.48: +20 -3 lines
Diff to previous 1.48 (colored)
Correct various faulty x509 deallocations. By Niklas and me.
Revision 1.48 / (download) - annotate - [select for diffs], Mon Apr 9 22:09:53 2001 UTC (23 years, 2 months ago) by ho
Branch: MAIN
Changes since 1.47: +5 -5 lines
Diff to previous 1.47 (colored)
More style fixes...
Revision 1.47 / (download) - annotate - [select for diffs], Tue Apr 3 13:59:12 2001 UTC (23 years, 2 months ago) by ho
Branch: MAIN
Changes since 1.46: +1 -2 lines
Diff to previous 1.46 (colored)
Don't free reallocated memory.
Revision 1.46 / (download) - annotate - [select for diffs], Tue Mar 27 16:50:35 2001 UTC (23 years, 2 months ago) by ho
Branch: MAIN
Changes since 1.45: +4 -5 lines
Diff to previous 1.45 (colored)
Allocate a buffer large enough to contain the generated assertion. Found with ElectricFence.
Revision 1.45 / (download) - annotate - [select for diffs], Wed Mar 14 21:13:24 2001 UTC (23 years, 3 months ago) by tholo
Branch: MAIN
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)
Make these compile again...
Revision 1.44 / (download) - annotate - [select for diffs], Wed Mar 14 12:15:46 2001 UTC (23 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.43: +104 -102 lines
Diff to previous 1.43 (colored)
Indentation and style fascism
Revision 1.43 / (download) - annotate - [select for diffs], Tue Mar 13 14:05:19 2001 UTC (23 years, 3 months ago) by ho
Branch: MAIN
Changes since 1.42: +70 -66 lines
Diff to previous 1.42 (colored)
Add logging classes for Negotiation and Policy, and change a number of debug messages to use these instead. Change a number of 'log_print' to debug messages to keep the noise down. Use 'log_error' instead of 'log_print' in some cases when we have errno. Some indentation fixes. (niklas@ ok)
Revision 1.42 / (download) - annotate - [select for diffs], Fri Feb 23 15:29:55 2001 UTC (23 years, 3 months ago) by angelos
Branch: MAIN
Changes since 1.41: +3 -2 lines
Diff to previous 1.41 (colored)
Allocate larger buffer for generated policies.
Revision 1.41 / (download) - annotate - [select for diffs], Sun Feb 18 23:16:14 2001 UTC (23 years, 3 months ago) by angelos
Branch: MAIN
Changes since 1.40: +242 -5 lines
Diff to previous 1.40 (colored)
Encode the X509 expiration in the KeyNote credential/policies generated on the fly. For the record, this commit done at the beach in Cayman Islands :-)
Revision 1.40 / (download) - annotate - [select for diffs], Thu Feb 8 22:37:45 2001 UTC (23 years, 4 months ago) by angelos
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
Typo.
Revision 1.39 / (download) - annotate - [select for diffs], Sat Jan 27 12:03:36 2001 UTC (23 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.38: +5 -8 lines
Diff to previous 1.38 (colored)
(c) 2001
Revision 1.38 / (download) - annotate - [select for diffs], Fri Jan 26 16:40:52 2001 UTC (23 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.37: +4 -79 lines
Diff to previous 1.37 (colored)
There is no need to check the subjectAltName anymore, since we are in fact looking up the certificate via the name. The lookup method already guarantees a match. It is also a problem to look at the subjectAltName should we have got the certificate with no such name in it. Prodded by mickey@ although I solved the problem in a different way.
Revision 1.37 / (download) - annotate - [select for diffs], Fri Jan 26 12:12:52 2001 UTC (23 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.36: +6 -4 lines
Diff to previous 1.36 (colored)
Pedantic style police
Revision 1.36 / (download) - annotate - [select for diffs], Fri Jan 26 11:09:12 2001 UTC (23 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.35: +6 -2 lines
Diff to previous 1.35 (colored)
Merge with EOM 1.54 author: ho Only include <gmp.h> with MP_FLAVOUR_GMP. Sync with OpenBSD.
Revision 1.35 / (download) - annotate - [select for diffs], Wed Jan 10 20:31:24 2001 UTC (23 years, 5 months ago) by angelos
Branch: MAIN
Changes since 1.34: +9 -1 lines
Diff to previous 1.34 (colored)
Some more debug logging.
Revision 1.34 / (download) - annotate - [select for diffs], Tue Dec 19 19:03:06 2000 UTC (23 years, 5 months ago) by mickey
Branch: MAIN
Changes since 1.33: +1 -2 lines
Diff to previous 1.33 (colored)
gmp is gone, make it build again; cvs retard
Revision 1.33 / (download) - annotate - [select for diffs], Tue Dec 12 01:46:39 2000 UTC (23 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.32: +63 -64 lines
Diff to previous 1.32 (colored)
Merge with EOM 1.51 author: niklas more fascistoid style author: angelos Don't insert the *same* entry in two or more buckets! Thanks to cedric@wireless-networks.com for reporting/debugging and coming up with the patch. author: angelos Correct format string. author: angelos x509_hash() should also skip the cert length (willey@serasystems.com) author: angelos Add some error messages (ingham@ara.com)
Revision 1.29.2.1 / (download) - annotate - [select for diffs], Mon Dec 11 05:25:41 2000 UTC (23 years, 6 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.29: +15 -8 lines
Diff to previous 1.29 (colored)
Pull in patches from current: Fixes (niklas,angelos): -- x509_hash() should also ignore the id length (for matching purposes) -- willey@serasystems.co -- Merge with EOM 1.45 author: niklas style author: angelos Better ID matching, should solve (some?) of PGPnet interoperability problems. From mickey@
Revision 1.32 / (download) - annotate - [select for diffs], Sat Dec 2 02:10:58 2000 UTC (23 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.31: +4 -1 lines
Diff to previous 1.31 (colored)
Error messages.
Revision 1.31 / (download) - annotate - [select for diffs], Thu Nov 30 06:36:37 2000 UTC (23 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)
x509_hash() should also ignore the id length (for matching purposes) -- willey@serasystems.co
Revision 1.30 / (download) - annotate - [select for diffs], Thu Nov 23 12:57:07 2000 UTC (23 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.29: +15 -8 lines
Diff to previous 1.29 (colored)
Merge with EOM 1.45 author: niklas style author: angelos Better ID matching, should solve (some?) of PGPnet interoperability problems. From mickey@
Revision 1.29 / (download) - annotate - [select for diffs], Sat Oct 7 07:00:34 2000 UTC (23 years, 8 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.28: +161 -89 lines
Diff to previous 1.28 (colored)
Merge with EOM 1.43 author: niklas Multiple subject name matching, makes certificate interop with PGPnet at least partly working. Added some error checking. author: provos style as pointed out by the code style pedant. author: ho Compile without USE_KEYNOTE/USE_POLICY.
Revision 1.28 / (download) - annotate - [select for diffs], Thu Jun 8 20:51:21 2000 UTC (24 years ago) by niklas
Branch: MAIN
Changes since 1.27: +61 -4 lines
Diff to previous 1.27 (colored)
Merge with EOM 1.40 author: angelos Different policy/Keynote sessions per Phase 1 SA. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol.
Revision 1.27 / (download) - annotate - [select for diffs], Fri Apr 7 22:04:16 2000 UTC (24 years, 2 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE,
OPENBSD_2_7
Changes since 1.26: +39 -20 lines
Diff to previous 1.26 (colored)
Merge with EOM 1.38 author: niklas log_fatal is only OK during initialization, also style fixes
Revision 1.26 / (download) - annotate - [select for diffs], Wed Mar 8 08:42:15 2000 UTC (24 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.25: +6 -2 lines
Diff to previous 1.25 (colored)
Merge with EOM 1.37 author: ho Add missing #ifdef USE_X509/#endif
Revision 1.25 / (download) - annotate - [select for diffs], Fri Feb 25 17:23:42 2000 UTC (24 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.24: +22 -21 lines
Diff to previous 1.24 (colored)
regress/crypto/Makefile: Merge with EOM 1.5 regress/dh/Makefile: Merge with EOM 1.7 regress/group/Makefile: Merge with EOM 1.9 regress/prf/Makefile: Merge with EOM 1.4 regress/rsakeygen/Makefile: Merge with EOM 1.8 regress/x509/Makefile: Merge with EOM 1.10 Makefile: Merge with EOM 1.62 attribute.c: Merge with EOM 1.10 sa.c: Merge with EOM 1.99 conf.c: Merge with EOM 1.20 crypto.c: Merge with EOM 1.28 isakmpd.c: Merge with EOM 1.45 connection.c: Merge with EOM 1.19 doi.h: Merge with EOM 1.28 field.c: Merge with EOM 1.11 exchange.c: Merge with EOM 1.116 ike_auth.c: Merge with EOM 1.44 pf_key_v2.c: Merge with EOM 1.37 ike_phase_1.c: Merge with EOM 1.22 ipsec.c: Merge with EOM 1.118 isakmp_doi.c: Merge with EOM 1.40 log.c: Merge with EOM 1.26 log.h: Merge with EOM 1.18 math_group.c: Merge with EOM 1.23 message.c: Merge with EOM 1.144 pf_encap.c: Merge with EOM 1.70 policy.c: Merge with EOM 1.18 timer.c: Merge with EOM 1.13 transport.c: Merge with EOM 1.41 udp.c: Merge with EOM 1.47 ui.c: Merge with EOM 1.37 x509.c: Merge with EOM 1.36 author: niklas Made debug logging a compile time selectable feature
Revision 1.24 / (download) - annotate - [select for diffs], Sat Feb 19 19:31:33 2000 UTC (24 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.23: +10 -48 lines
Diff to previous 1.23 (colored)
Makefile: Merge with EOM 1.61 crypto.c: Merge with EOM 1.27 exchange.c: Merge with EOM 1.115 ike_quick_mode.c: Merge with EOM 1.115 x509.c: Merge with EOM 1.35 features/ec: Merge with EOM 1.1 features/aggressive: Merge with EOM 1.1 features/policy: Merge with EOM 1.1 features/x509: Merge with EOM 1.1 author: niklas Allow isakmpd builders to remove optional parts and save bytes.
Revision 1.23 / (download) - annotate - [select for diffs], Fri Feb 11 10:21:54 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.22: +3 -3 lines
Diff to previous 1.22 (colored)
Merge with EOM 1.34 author: angelos Rename the "CN:" tag to "DN:", after Jorgen's suggestion.
Revision 1.22 / (download) - annotate - [select for diffs], Mon Feb 7 01:32:54 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.21: +23 -6 lines
Diff to previous 1.21 (colored)
ike_quick_mode.c: Merge with EOM 1.111 libcrypto.c: Merge with EOM 1.11 libcrypto.h: Merge with EOM 1.11 x509.c: Merge with EOM 1.33 author: angelos Add Canonical Names as policy targets (so they can be specified in the Licensees field), with the "CN:..." format.
Revision 1.21 / (download) - annotate - [select for diffs], Tue Feb 1 02:46:19 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.20: +3 -2 lines
Diff to previous 1.20 (colored)
apps/certpatch/certpatch.8: Merge with EOM 1.4 apps/certpatch/certpatch.c: Merge with EOM 1.6 exchange.c: Merge with EOM 1.114 ike_quick_mode.c: Merge with EOM 1.110 ike_phase_1.c: Merge with EOM 1.16 ike_auth.c: Merge with EOM 1.41 ike_aggressive.c: Merge with EOM 1.4 libcrypto.c: Merge with EOM 1.10 libcrypto.h: Merge with EOM 1.10 isakmpd.8: Merge with EOM 1.19 isakmpd.c: Merge with EOM 1.42 ipsec.h: Merge with EOM 1.40 init.c: Merge with EOM 1.22 message.c: Merge with EOM 1.143 message.h: Merge with EOM 1.49 sa.c: Merge with EOM 1.98 sa.h: Merge with EOM 1.54 policy.c: Merge with EOM 1.14 pf_key_v2.c: Merge with EOM 1.36 x509.c: Merge with EOM 1.32 x509.h: Merge with EOM 1.9 udp.c: Merge with EOM 1.46 author: niklas Angelos copyrights
Revision 1.20 / (download) - annotate - [select for diffs], Mon Jan 31 08:38:29 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.19: +3 -3 lines
Diff to previous 1.19 (colored)
ike_quick_mode.c: Merge with EOM 1.109 isakmpd.conf.5: Merge with EOM 1.38 message.c: Merge with EOM 1.142 pf_key_v2.c: Merge with EOM 1.35 x509.c: Merge with EOM 1.31 author: niklas (c) 2000
Revision 1.19 / (download) - annotate - [select for diffs], Mon Jan 31 08:18:41 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.18: +84 -39 lines
Diff to previous 1.18 (colored)
Merge with EOM 1.30 author: angelos Make x509_cert_init() able to re-initialize. author: angelos Fix delegating to a CA.
Revision 1.18 / (download) - annotate - [select for diffs], Thu Jan 27 08:49:24 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored)
Merge with EOM 1.28 author: niklas -Wall friendly
Revision 1.17 / (download) - annotate - [select for diffs], Thu Jan 27 08:43:06 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.16: +8 -6 lines
Diff to previous 1.16 (colored)
Merge with EOM 1.27 author: niklas Fix cert ID hashing
Revision 1.16 / (download) - annotate - [select for diffs], Wed Jan 26 15:24:52 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.15: +10 -2 lines
Diff to previous 1.15 (colored)
Merge with EOM 1.26 author: angelos GMTTimeOfDay and LocalTimeOfDay attributes, comment in x509.c. author: angelos Include files, in anticipation of the keynote.h changes.
Revision 1.15 / (download) - annotate - [select for diffs], Tue Oct 26 22:32:28 1999 UTC (24 years, 7 months ago) by angelos
Branch: MAIN
Changes since 1.14: +2 -1 lines
Diff to previous 1.14 (colored)
sync with latest libkeynote (include file changes only)
Revision 1.14 / (download) - annotate - [select for diffs], Fri Oct 1 14:08:40 1999 UTC (24 years, 8 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.13: +55 -4 lines
Diff to previous 1.13 (colored)
Merge with EOM 1.24 author: niklas OpenSSL 0.9.4 support author: angelos blah author: angelos Add handling of X509v3_RFC_NAME and X509v3_DNS_NAME as subjaltnames
Revision 1.13 / (download) - annotate - [select for diffs], Thu Aug 26 22:28:15 1999 UTC (24 years, 9 months ago) by niklas
Branch: MAIN
Changes since 1.12: +224 -54 lines
Diff to previous 1.12 (colored)
Merge with EOM 1.21 author: niklas Support dynamic loading of libkeynote too. Build isakmpd static by default. Stylistic cleanup of keynote policy code. Correct some libcrypto calls. author: angelos Complete policy work; tested for the shared-key case. Documentation needed. author: ho Compile without USE_LIBCRYPTO and HAVE_DLOPEN. author: niklas Add support for dynamic loading of optional facilities, libcrypto first.
Revision 1.12 / (download) - annotate - [select for diffs], Sat Jul 17 21:54:39 1999 UTC (24 years, 10 months ago) by niklas
Branch: MAIN
Changes since 1.11: +503 -660 lines
Diff to previous 1.11 (colored)
regress/rsakeygen/Makefile: Merge with EOM 1.4 regress/rsakeygen/rsakeygen.c: Merge with EOM 1.8 regress/x509/Makefile: Merge with EOM 1.6 regress/x509/x509test.c: Merge with EOM 1.6 regress/Makefile: Merge with EOM 1.8 samples/VPN-east.conf: Merge with EOM 1.6 samples/VPN-west.conf: Merge with EOM 1.6 samples/singlehost-east.conf: Merge with EOM 1.3 samples/singlehost-west.conf: Merge with EOM 1.3 sysdep/openbsd/Makefile.sysdep: Merge with EOM 1.5 x509.h: Merge with EOM 1.6 x509.c: Merge with EOM 1.17 DESIGN-NOTES: Merge with EOM 1.46 Makefile: Merge with EOM 1.55 cert.c: Merge with EOM 1.11 cert.h: Merge with EOM 1.6 exchange.c: Merge with EOM 1.109 exchange.h: Merge with EOM 1.26 ike_auth.c: Merge with EOM 1.32 ike_phase_1.c: Merge with EOM 1.7 init.c: Merge with EOM 1.16 isakmpd.conf.5: Merge with EOM 1.27 README.PKI: Merge with EOM 1.1 author: niklas From Niels Provos, edited by me: certificate support using SSLeay
Revision 1.11 / (download) - annotate - [select for diffs], Wed Jul 7 22:15:42 1999 UTC (24 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.10: +34 -36 lines
Diff to previous 1.10 (colored)
ike_phase_1.c: Merge with EOM 1.5 x509.c: Merge with EOM 1.16 author: niklas Start stab at supporting other IDs than IPV4_ADDR in main mode
Revision 1.10 / (download) - annotate - [select for diffs], Sat Jun 5 19:04:32 1999 UTC (25 years ago) by niklas
Branch: MAIN
Changes since 1.9: +8 -8 lines
Diff to previous 1.9 (colored)
Merge with EOM 1.15 author: niklas More error checking of certs
Revision 1.9 / (download) - annotate - [select for diffs], Sat Jun 5 18:01:42 1999 UTC (25 years ago) by niklas
Branch: MAIN
Changes since 1.8: +38 -4 lines
Diff to previous 1.8 (colored)
Merge with EOM 1.14 author: niklas Add some error checking
Revision 1.8 / (download) - annotate - [select for diffs], Mon Apr 19 19:57:29 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.7: +167 -152 lines
Diff to previous 1.7 (colored)
./cert.c: Merge with EOM 1.10 ./x509.c: Merge with EOM 1.13 Style Style. alloc error reporting. Math error propagation. Allocate right sizes. 1999 copyrights
Revision 1.7 / (download) - annotate - [select for diffs], Wed Mar 24 15:00:36 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_5_BASE,
OPENBSD_2_5
Changes since 1.6: +4 -4 lines
Diff to previous 1.6 (colored)
Merge with EOM 1.10 RSA fixes and optimiations from Ilya Tsindlekht, via Niels Provos
Revision 1.6 / (download) - annotate - [select for diffs], Fri Feb 26 03:53:16 1999 UTC (25 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.5: +4 -2 lines
Diff to previous 1.5 (colored)
Merge from the Ericsson repository | revision 1.9 | date: 1999/02/25 11:39:29; author: niklas; state: Exp; lines: +3 -1 | include sysdep.h everywhere | ----------------------------
Revision 1.5 / (download) - annotate - [select for diffs], Tue Nov 17 11:10:22 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)
Add RCS Ids from the EOM repository
Revision 1.4 / (download) - annotate - [select for diffs], Mon Nov 16 21:07:18 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.3: +0 -0 lines
Diff to previous 1.3 (colored)
Reinstate X509 signature code except for RSA code
Revision 1.3, Sun Nov 15 00:52:26 1998 UTC (25 years, 7 months ago) by niklas
Branch: MAIN
Changes since 1.2: +1 -1 lines
FILE REMOVED
Not clean enough yet
Revision 1.2 / (download) - annotate - [select for diffs], Sun Nov 15 00:44:05 1998 UTC (25 years, 7 months ago) by niklas
Branch: MAIN
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
openBSD RCS IDs
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Nov 15 00:03:49 1998 UTC (25 years, 7 months ago) by niklas
Branch: NIKLAS
CVS Tags: NIKLAS_981114
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Initial import of isakmpd, an IKE (ISAKMP/Oakley) implementation for the OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by Ericsson Radio Systems. It is not yet complete or usable in a real scenario but the missing pieces will soon be there. The early commit is for people who wants early access and who are not afraid of looking at source. isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so far, so it is not that incomplete. It is really mostly configuration that is lacking.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Nov 15 00:03:49 1998 UTC (25 years, 7 months ago) by niklas
Branch: MAIN
Initial revision