| #
1.18 |
|
21-May-2024 |
jsg |
remove prototypes with no matching function and externs with no var
partly checked by millert@
|
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE OPENBSD_7_5_BASE
|
|
| #
1.17 |
|
05-Aug-2007 |
tom |
Allow key exchange with RSA signature authentication to work with
Cisco IOS and other initiators that only send their certs in response
to CERT_REQUEST.
With input and help from cloder@, Stuart Henderson, mpf@, and several
others who did lots of testing - thanks to all.
ok hshoexer@
|
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
|
| #
1.16 |
|
05-Apr-2005 |
cloder |
Now that X509 is de-featurized, no need for USE_X509 in regress tests.
Start compiling the X509 regress test again, for the first time since
2002 when DLOPEN stuff was removed. Kill remnants of DLOPEN defines
left around in other Makefiles. Allow isakmpd to compile if USE_KEYNOTE
is not defined.
|
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
|
| #
1.15 |
|
25-Jun-2004 |
hshoexer |
Keynote policy checking can now be disabled by "-K" switch and config tag
"Use-Keynote". Default is to use keynote.
ok henning@ ho@
|
| #
1.14 |
|
28-Apr-2004 |
hshoexer |
remove unused variable and shorten names of two other. Removed some spaces
while around.
ok ho@ markus@
|
| #
1.13 |
|
15-Apr-2004 |
deraadt |
partial move to KNF. More to come. This has happened because there
are a raft of source code auditors who are willing to help improve this
code only if this is done, and hey, isakmpd does need our standard
auditing process. ok ho hshoexer
|
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
|
| #
1.12 |
|
04-Jun-2003 |
ho |
Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, Angelos
D. Keromytis and Niels Provos.
|
| #
1.11 |
|
14-May-2003 |
ho |
Policy file default defined twice, kill the local copy.
|
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
|
| #
1.10 |
|
10-Jun-2002 |
ho |
The dlopen() stuff goes away.
|
|
Revision tags: OPENBSD_3_0_BASE OPENBSD_3_1_BASE
|
|
| #
1.9 |
|
15-Aug-2001 |
ho |
Some more style...
|
| #
1.8 |
|
31-May-2001 |
angelos |
Routines for handling KeyNote cert representation.
|
|
Revision tags: OPENBSD_2_8_BASE OPENBSD_2_9_BASE
|
|
| #
1.7 |
|
07-Oct-2000 |
niklas |
cert.c: Merge with EOM 1.18
cert.h: Merge with EOM 1.8
libcrypto.c: Merge with EOM 1.14
policy.h: Merge with EOM 1.12
x509.h: Merge with EOM 1.11
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
|
| #
1.6 |
|
08-Jun-2000 |
niklas |
Merge with EOM 1.11
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
A few more definitions.
author: angelos
Some more support for KeyNote credential exchange (not yet done).
|
|
Revision tags: OPENBSD_2_7_BASE
|
|
| #
1.5 |
|
02-May-2000 |
niklas |
Merge with EOM 1.7
author: angelos
Move POLICY_FILE_DEFAULT definition to the .h file.
|
| #
1.4 |
|
07-Apr-2000 |
niklas |
Merge with EOM 1.6
author: niklas
Hmm keynote does not exist in a dynamically linked version
|
| #
1.3 |
|
20-Feb-2000 |
niklas |
Merge with EOM 1.5
author: niklas
Allow isakmpd builders to remove optional parts and save bytes.
|
|
Revision tags: OPENBSD_2_6_BASE
|
|
| #
1.2 |
|
26-Aug-1999 |
niklas |
Merge with EOM 1.4
author: niklas
typo
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
|
| #
1.1 |
|
07-Jul-1999 |
niklas |
policy.h: Merge with EOM 1.2
policy.c: Merge with EOM 1.2
author: niklas
Remove $EOM$ from Eom repository version
author: niklas
New file, for keynote policy handling. By angelos@openbsd.org
|
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
|
| #
1.17 |
|
05-Aug-2007 |
tom |
Allow key exchange with RSA signature authentication to work with
Cisco IOS and other initiators that only send their certs in response
to CERT_REQUEST.
With input and help from cloder@, Stuart Henderson, mpf@, and several
others who did lots of testing - thanks to all.
ok hshoexer@
|
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
|
| #
1.16 |
|
05-Apr-2005 |
cloder |
Now that X509 is de-featurized, no need for USE_X509 in regress tests.
Start compiling the X509 regress test again, for the first time since
2002 when DLOPEN stuff was removed. Kill remnants of DLOPEN defines
left around in other Makefiles. Allow isakmpd to compile if USE_KEYNOTE
is not defined.
|
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE
|
|
| #
1.15 |
|
25-Jun-2004 |
hshoexer |
Keynote policy checking can now be disabled by "-K" switch and config tag
"Use-Keynote". Default is to use keynote.
ok henning@ ho@
|
| #
1.14 |
|
28-Apr-2004 |
hshoexer |
remove unused variable and shorten names of two other. Removed some spaces
while around.
ok ho@ markus@
|
| #
1.13 |
|
15-Apr-2004 |
deraadt |
partial move to KNF. More to come. This has happened because there
are a raft of source code auditors who are willing to help improve this
code only if this is done, and hey, isakmpd does need our standard
auditing process. ok ho hshoexer
|
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
|
| #
1.12 |
|
04-Jun-2003 |
ho |
Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, Angelos
D. Keromytis and Niels Provos.
|
| #
1.11 |
|
14-May-2003 |
ho |
Policy file default defined twice, kill the local copy.
|
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
|
| #
1.10 |
|
10-Jun-2002 |
ho |
The dlopen() stuff goes away.
|
|
Revision tags: OPENBSD_3_0_BASE OPENBSD_3_1_BASE
|
|
| #
1.9 |
|
15-Aug-2001 |
ho |
Some more style...
|
| #
1.8 |
|
31-May-2001 |
angelos |
Routines for handling KeyNote cert representation.
|
|
Revision tags: OPENBSD_2_8_BASE OPENBSD_2_9_BASE
|
|
| #
1.7 |
|
07-Oct-2000 |
niklas |
cert.c: Merge with EOM 1.18
cert.h: Merge with EOM 1.8
libcrypto.c: Merge with EOM 1.14
policy.h: Merge with EOM 1.12
x509.h: Merge with EOM 1.11
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
|
| #
1.6 |
|
08-Jun-2000 |
niklas |
Merge with EOM 1.11
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
A few more definitions.
author: angelos
Some more support for KeyNote credential exchange (not yet done).
|
|
Revision tags: OPENBSD_2_7_BASE
|
|
| #
1.5 |
|
02-May-2000 |
niklas |
Merge with EOM 1.7
author: angelos
Move POLICY_FILE_DEFAULT definition to the .h file.
|
| #
1.4 |
|
07-Apr-2000 |
niklas |
Merge with EOM 1.6
author: niklas
Hmm keynote does not exist in a dynamically linked version
|
| #
1.3 |
|
20-Feb-2000 |
niklas |
Merge with EOM 1.5
author: niklas
Allow isakmpd builders to remove optional parts and save bytes.
|
|
Revision tags: OPENBSD_2_6_BASE
|
|
| #
1.2 |
|
26-Aug-1999 |
niklas |
Merge with EOM 1.4
author: niklas
typo
author: niklas
Support dynamic loading of libkeynote too. Build isakmpd static by default.
Stylistic cleanup of keynote policy code. Correct some libcrypto calls.
|
| #
1.1 |
|
07-Jul-1999 |
niklas |
policy.h: Merge with EOM 1.2
policy.c: Merge with EOM 1.2
author: niklas
Remove $EOM$ from Eom repository version
author: niklas
New file, for keynote policy handling. By angelos@openbsd.org
|