|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
|
| #
1.22 |
|
05-Aug-2007 |
tom |
Allow key exchange with RSA signature authentication to work with
Cisco IOS and other initiators that only send their certs in response
to CERT_REQUEST.
With input and help from cloder@, Stuart Henderson, mpf@, and several
others who did lots of testing - thanks to all.
ok hshoexer@
|
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
|
| #
1.21 |
|
23-May-2004 |
hshoexer |
More KNF. Mainly spaces and line-wraps, no binary change.
ok ho@
|
| #
1.20 |
|
15-Apr-2004 |
deraadt |
partial move to KNF. More to come. This has happened because there
are a raft of source code auditors who are willing to help improve this
code only if this is done, and hey, isakmpd does need our standard
auditing process. ok ho hshoexer
|
|
Revision tags: OPENBSD_3_5_BASE
|
|
| #
1.19 |
|
06-Nov-2003 |
ho |
Style nits.
|
|
Revision tags: OPENBSD_3_4_BASE
|
|
| #
1.18 |
|
04-Jun-2003 |
ho |
Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, Angelos
D. Keromytis and Niels Provos.
|
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE
|
|
| #
1.17 |
|
07-Aug-2002 |
ho |
A rewrite of the CRL support code, also from <Thomas.Walpuski@gmx.net>.
Some style mods, and checks added for OpenSSL version 0.9.7 or later.
Currently CRLs are not supported for earlier versions.
Manual pages updated.
|
| #
1.16 |
|
02-Aug-2002 |
ho |
CRL support for isakmpd. From <Thomas.Walpuski@gmx.net> with some minor
modifications by me. ok niklas@.
|
| #
1.15 |
|
09-Jun-2002 |
todd |
rm trailing whitespace
|
|
Revision tags: OPENBSD_3_1_BASE
|
|
| #
1.14 |
|
03-Nov-2001 |
ho |
Add stub for struct X509_STORE
|
|
Revision tags: OPENBSD_3_0_BASE
|
|
| #
1.13 |
|
25-Aug-2001 |
niklas |
Add x509_DN_string API to get a printable DN component given one
rpresented in ASN.1
|
| #
1.12 |
|
07-Jun-2001 |
angelos |
Get rid of the main policy session (unnecessary).
|
| #
1.11 |
|
31-May-2001 |
angelos |
New routines for handling X509 cert representation.
|
|
Revision tags: OPENBSD_2_9_BASE
|
|
| #
1.10 |
|
27-Jan-2001 |
niklas |
(c) 2001
|
| #
1.9 |
|
26-Jan-2001 |
niklas |
There is no need to check the subjectAltName anymore, since we are in fact
looking up the certificate via the name. The lookup method already
guarantees a match. It is also a problem to look at the subjectAltName
should we have got the certificate with no such name in it. Prodded by
mickey@ although I solved the problem in a different way.
|
|
Revision tags: OPENBSD_2_8_BASE
|
|
| #
1.8 |
|
07-Oct-2000 |
niklas |
branches: 1.8.2;
cert.c: Merge with EOM 1.18
cert.h: Merge with EOM 1.8
libcrypto.c: Merge with EOM 1.14
policy.h: Merge with EOM 1.12
x509.h: Merge with EOM 1.11
author: niklas
Multiple subject name matching, makes certificate interop with PGPnet at least
partly working. Added some error checking.
|
| #
1.7 |
|
08-Jun-2000 |
niklas |
cert.h: Merge with EOM 1.7
exchange.h: Merge with EOM 1.27
x509.h: Merge with EOM 1.10
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
|
|
Revision tags: OPENBSD_2_7_BASE
|
|
| #
1.6 |
|
01-Feb-2000 |
niklas |
apps/certpatch/certpatch.8: Merge with EOM 1.4
apps/certpatch/certpatch.c: Merge with EOM 1.6
exchange.c: Merge with EOM 1.114
ike_quick_mode.c: Merge with EOM 1.110
ike_phase_1.c: Merge with EOM 1.16
ike_auth.c: Merge with EOM 1.41
ike_aggressive.c: Merge with EOM 1.4
libcrypto.c: Merge with EOM 1.10
libcrypto.h: Merge with EOM 1.10
isakmpd.8: Merge with EOM 1.19
isakmpd.c: Merge with EOM 1.42
ipsec.h: Merge with EOM 1.40
init.c: Merge with EOM 1.22
message.c: Merge with EOM 1.143
message.h: Merge with EOM 1.49
sa.c: Merge with EOM 1.98
sa.h: Merge with EOM 1.54
policy.c: Merge with EOM 1.14
pf_key_v2.c: Merge with EOM 1.36
x509.c: Merge with EOM 1.32
x509.h: Merge with EOM 1.9
udp.c: Merge with EOM 1.46
author: niklas
Angelos copyrights
|
|
Revision tags: OPENBSD_2_6_BASE
|
|
| #
1.5 |
|
26-Aug-1999 |
niklas |
Merge with EOM 1.8
author: angelos
Complete policy work; tested for the shared-key case. Documentation needed.
author: niklas
Add support for dynamic loading of optional facilities, libcrypto first.
|
| #
1.4 |
|
17-Jul-1999 |
niklas |
regress/rsakeygen/Makefile: Merge with EOM 1.4
regress/rsakeygen/rsakeygen.c: Merge with EOM 1.8
regress/x509/Makefile: Merge with EOM 1.6
regress/x509/x509test.c: Merge with EOM 1.6
regress/Makefile: Merge with EOM 1.8
samples/VPN-east.conf: Merge with EOM 1.6
samples/VPN-west.conf: Merge with EOM 1.6
samples/singlehost-east.conf: Merge with EOM 1.3
samples/singlehost-west.conf: Merge with EOM 1.3
sysdep/openbsd/Makefile.sysdep: Merge with EOM 1.5
x509.h: Merge with EOM 1.6
x509.c: Merge with EOM 1.17
DESIGN-NOTES: Merge with EOM 1.46
Makefile: Merge with EOM 1.55
cert.c: Merge with EOM 1.11
cert.h: Merge with EOM 1.6
exchange.c: Merge with EOM 1.109
exchange.h: Merge with EOM 1.26
ike_auth.c: Merge with EOM 1.32
ike_phase_1.c: Merge with EOM 1.7
init.c: Merge with EOM 1.16
isakmpd.conf.5: Merge with EOM 1.27
README.PKI: Merge with EOM 1.1
author: niklas
From Niels Provos, edited by me: certificate support using SSLeay
|
|
Revision tags: OPENBSD_2_5_BASE
|
|
| #
1.3 |
|
17-Nov-1998 |
niklas |
Add RCS Ids from the EOM repository
|
| #
1.2 |
|
15-Nov-1998 |
niklas |
openBSD RCS IDs
|
| #
1.1 |
|
15-Nov-1998 |
niklas |
branches: 1.1.1;
Initial revision
|