![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / isakmpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.22 / (download) - annotate - [select for diffs], Sun Aug 5 09:43:09 2007 UTC (16 years, 10 months ago) by tom
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7,
OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
HEAD
Changes since 1.21: +4 -3 lines
Diff to previous 1.21 (colored)
Allow key exchange with RSA signature authentication to work with Cisco IOS and other initiators that only send their certs in response to CERT_REQUEST. With input and help from cloder@, Stuart Henderson, mpf@, and several others who did lots of testing - thanks to all. ok hshoexer@
Revision 1.21 / (download) - annotate - [select for diffs], Sun May 23 18:17:56 2004 UTC (20 years ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0,
OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8,
OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.20: +3 -2 lines
Diff to previous 1.20 (colored)
More KNF. Mainly spaces and line-wraps, no binary change. ok ho@
Revision 1.20 / (download) - annotate - [select for diffs], Thu Apr 15 18:39:27 2004 UTC (20 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.19: +29 -29 lines
Diff to previous 1.19 (colored)
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
Revision 1.19 / (download) - annotate - [select for diffs], Thu Nov 6 16:12:08 2003 UTC (20 years, 7 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)
Style nits.
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jun 4 07:31:17 2003 UTC (21 years ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.17: +1 -6 lines
Diff to previous 1.17 (colored)
Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, Angelos D. Keromytis and Niels Provos.
Revision 1.17 / (download) - annotate - [select for diffs], Wed Aug 7 13:19:20 2002 UTC (21 years, 10 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3,
OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.16: +3 -2 lines
Diff to previous 1.16 (colored)
A rewrite of the CRL support code, also from <Thomas.Walpuski@gmx.net>. Some style mods, and checks added for OpenSSL version 0.9.7 or later. Currently CRLs are not supported for earlier versions. Manual pages updated.
Revision 1.16 / (download) - annotate - [select for diffs], Fri Aug 2 13:10:41 2002 UTC (21 years, 10 months ago) by ho
Branch: MAIN
Changes since 1.15: +2 -1 lines
Diff to previous 1.15 (colored)
CRL support for isakmpd. From <Thomas.Walpuski@gmx.net> with some minor modifications by me. ok niklas@.
Revision 1.15 / (download) - annotate - [select for diffs], Sun Jun 9 08:13:07 2002 UTC (21 years, 11 months ago) by todd
Branch: MAIN
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)
rm trailing whitespace
Revision 1.14 / (download) - annotate - [select for diffs], Sat Nov 3 13:15:35 2001 UTC (22 years, 7 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.13: +2 -1 lines
Diff to previous 1.13 (colored)
Add stub for struct X509_STORE
Revision 1.13 / (download) - annotate - [select for diffs], Sat Aug 25 22:17:13 2001 UTC (22 years, 9 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE,
OPENBSD_3_0
Changes since 1.12: +2 -1 lines
Diff to previous 1.12 (colored)
Add x509_DN_string API to get a printable DN component given one rpresented in ASN.1
Revision 1.12 / (download) - annotate - [select for diffs], Thu Jun 7 04:23:35 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
Get rid of the main policy session (unnecessary).
Revision 1.11 / (download) - annotate - [select for diffs], Thu May 31 20:20:59 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.10: +5 -1 lines
Diff to previous 1.10 (colored)
New routines for handling X509 cert representation.
Revision 1.8.2.1 / (download) - annotate - [select for diffs], Tue May 8 12:45:26 2001 UTC (23 years ago) by ho
Branch: OPENBSD_2_8
Changes since 1.8: +2 -3 lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
Pull in isakmpd from 2.9 to 2.8 branch.
Revision 1.10 / (download) - annotate - [select for diffs], Sat Jan 27 12:03:36 2001 UTC (23 years, 4 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
(c) 2001
Revision 1.9 / (download) - annotate - [select for diffs], Fri Jan 26 16:40:52 2001 UTC (23 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.8: +1 -2 lines
Diff to previous 1.8 (colored)
There is no need to check the subjectAltName anymore, since we are in fact looking up the certificate via the name. The lookup method already guarantees a match. It is also a problem to look at the subjectAltName should we have got the certificate with no such name in it. Prodded by mickey@ although I solved the problem in a different way.
Revision 1.8 / (download) - annotate - [select for diffs], Sat Oct 7 06:57:08 2000 UTC (23 years, 8 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.7: +13 -15 lines
Diff to previous 1.7 (colored)
cert.c: Merge with EOM 1.18 cert.h: Merge with EOM 1.8 libcrypto.c: Merge with EOM 1.14 policy.h: Merge with EOM 1.12 x509.h: Merge with EOM 1.11 author: niklas Multiple subject name matching, makes certificate interop with PGPnet at least partly working. Added some error checking.
Revision 1.7 / (download) - annotate - [select for diffs], Thu Jun 8 20:49:44 2000 UTC (23 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)
cert.h: Merge with EOM 1.7 exchange.h: Merge with EOM 1.27 x509.h: Merge with EOM 1.10 author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol.
Revision 1.6 / (download) - annotate - [select for diffs], Tue Feb 1 02:46:19 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE,
OPENBSD_2_7
Changes since 1.5: +3 -2 lines
Diff to previous 1.5 (colored)
apps/certpatch/certpatch.8: Merge with EOM 1.4 apps/certpatch/certpatch.c: Merge with EOM 1.6 exchange.c: Merge with EOM 1.114 ike_quick_mode.c: Merge with EOM 1.110 ike_phase_1.c: Merge with EOM 1.16 ike_auth.c: Merge with EOM 1.41 ike_aggressive.c: Merge with EOM 1.4 libcrypto.c: Merge with EOM 1.10 libcrypto.h: Merge with EOM 1.10 isakmpd.8: Merge with EOM 1.19 isakmpd.c: Merge with EOM 1.42 ipsec.h: Merge with EOM 1.40 init.c: Merge with EOM 1.22 message.c: Merge with EOM 1.143 message.h: Merge with EOM 1.49 sa.c: Merge with EOM 1.98 sa.h: Merge with EOM 1.54 policy.c: Merge with EOM 1.14 pf_key_v2.c: Merge with EOM 1.36 x509.c: Merge with EOM 1.32 x509.h: Merge with EOM 1.9 udp.c: Merge with EOM 1.46 author: niklas Angelos copyrights
Revision 1.5 / (download) - annotate - [select for diffs], Thu Aug 26 22:29:49 1999 UTC (24 years, 9 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.4: +5 -2 lines
Diff to previous 1.4 (colored)
Merge with EOM 1.8 author: angelos Complete policy work; tested for the shared-key case. Documentation needed. author: niklas Add support for dynamic loading of optional facilities, libcrypto first.
Revision 1.4 / (download) - annotate - [select for diffs], Sat Jul 17 21:54:39 1999 UTC (24 years, 10 months ago) by niklas
Branch: MAIN
Changes since 1.3: +28 -42 lines
Diff to previous 1.3 (colored)
regress/rsakeygen/Makefile: Merge with EOM 1.4 regress/rsakeygen/rsakeygen.c: Merge with EOM 1.8 regress/x509/Makefile: Merge with EOM 1.6 regress/x509/x509test.c: Merge with EOM 1.6 regress/Makefile: Merge with EOM 1.8 samples/VPN-east.conf: Merge with EOM 1.6 samples/VPN-west.conf: Merge with EOM 1.6 samples/singlehost-east.conf: Merge with EOM 1.3 samples/singlehost-west.conf: Merge with EOM 1.3 sysdep/openbsd/Makefile.sysdep: Merge with EOM 1.5 x509.h: Merge with EOM 1.6 x509.c: Merge with EOM 1.17 DESIGN-NOTES: Merge with EOM 1.46 Makefile: Merge with EOM 1.55 cert.c: Merge with EOM 1.11 cert.h: Merge with EOM 1.6 exchange.c: Merge with EOM 1.109 exchange.h: Merge with EOM 1.26 ike_auth.c: Merge with EOM 1.32 ike_phase_1.c: Merge with EOM 1.7 init.c: Merge with EOM 1.16 isakmpd.conf.5: Merge with EOM 1.27 README.PKI: Merge with EOM 1.1 author: niklas From Niels Provos, edited by me: certificate support using SSLeay
Revision 1.3 / (download) - annotate - [select for diffs], Tue Nov 17 11:10:22 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_5_BASE,
OPENBSD_2_5
Changes since 1.2: +2 -1 lines
Diff to previous 1.2 (colored)
Add RCS Ids from the EOM repository
Revision 1.2 / (download) - annotate - [select for diffs], Sun Nov 15 00:44:05 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
openBSD RCS IDs
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Nov 15 00:03:49 1998 UTC (25 years, 6 months ago) by niklas
Branch: NIKLAS
CVS Tags: NIKLAS_981114
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Initial import of isakmpd, an IKE (ISAKMP/Oakley) implementation for the OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by Ericsson Radio Systems. It is not yet complete or usable in a real scenario but the missing pieces will soon be there. The early commit is for people who wants early access and who are not afraid of looking at source. isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so far, so it is not that incomplete. It is really mostly configuration that is lacking.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Nov 15 00:03:49 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Initial revision