christos
1db63daa9d
fix compilation after des.h change. The countdown to krb4 has started.
2006-03-20 02:18:59 +00:00
christos
e4547e1148
Coverity CID 1904: Don't leak memory on error.
2006-03-19 22:49:59 +00:00
christos
a09bebd7da
Don't forget to free reply on failure.
2006-03-19 22:45:03 +00:00
christos
5ebcdaa51a
Add casts to compile again.
2006-03-19 21:45:33 +00:00
christos
4ea32734dc
Make this compile again, before I nuke it from orbit.
2006-03-19 21:01:17 +00:00
elad
2ff3564ba8
fix memory leak, coverity cid 2032.
2006-03-19 16:48:36 +00:00
elad
0a2d3f7a19
fix memory leaks, coverity cid 2016.
2006-03-19 16:47:09 +00:00
elad
f6bc7e7627
fix memory leaks, coverity cids 2028, 2029.
2006-03-19 16:40:32 +00:00
elad
2741a951b4
fix fd leak, coverity cid 2015.
2006-03-19 16:33:26 +00:00
elad
be71d6bbfd
fix null deref, coverity cid 1341.
2006-03-19 16:29:43 +00:00
elad
8a41610291
fix null deref, coverity cid 1339.
2006-03-19 16:23:19 +00:00
elad
28788b89c7
fix null deref, coverity cid 1340.
2006-03-19 16:20:47 +00:00
christos
d5b9c02e8c
add a semi colon.
2006-03-19 08:00:19 +00:00
christos
4fcb2eb6de
Coveriry CID 1998: Fix memory leak.
2006-03-18 22:17:48 +00:00
elad
6c6e841e30
Don't dereference NULL pointer, found by Coverity, CID 954.
2006-03-18 21:09:57 +00:00
dan
ccd53bd92b
reform a loop to be prettier and appease coverity CID 2618
2006-03-18 10:41:24 +00:00
jnemeth
79787ff03b
Fix Coverity run 5, issue 2021 -- memory leak.
...
Approved by christos@.
2006-03-18 10:22:46 +00:00
jnemeth
1f89beeb43
Fix Coverity run 5, issue 1966 -- memory leak
...
Approved by christos@.
2006-03-18 10:19:09 +00:00
is
2de2502171
Make sure the right error is reported later, if all socket() calls fail.
...
If we close the invalid sock, we'll report EBADF later in that case.
2006-03-01 15:39:00 +00:00
is
6aece482c0
On non-fatal errors (identified: EPROTONOTSUPPORT), don't output the
...
error message unless debugging - the error for the last address tried
will be shown anyway, and earlier errors without context are only confusing
the user.
2006-03-01 15:18:09 +00:00
christos
dd8ccf5b99
Add a namespace.h to rename the most conflict inducing names from libssh.
...
Idea from thorpej.
2006-02-13 16:49:33 +00:00
he
e245f48109
The sig_atomic_t type is not guaranteed to be printf-compatible
...
with %d, so cast to int before printing it.
2006-02-08 23:08:13 +00:00
christos
55c58b142d
bring in new file needed from the portable openssh.
2006-02-04 22:32:54 +00:00
christos
fab0e5bf66
resolve conflicts
2006-02-04 22:32:13 +00:00
christos
c7a1af8c71
From ftp.openbsd.org.
2006-02-04 22:22:31 +00:00
elad
ef2fdd1d7f
qsieve(6) -> qsieve(1)
2006-01-24 19:16:53 +00:00
wiz
7e91ac6596
Sort SEE ALSO.
2006-01-22 00:33:27 +00:00
elad
7db6fc6be2
xref qsieve(6).
2006-01-19 23:31:09 +00:00
manu
7f50c0a531
make software behave as the documentation advertise for INTERNAL_NETMASK4.
...
Keep the old INTERNAL_MASK4 to avoid breaking backward compatibility.
2006-01-07 23:51:50 +00:00
christos
aa419ec271
enable cryptodev.
2005-12-31 00:08:34 +00:00
christos
e1a76ccb7e
netbsd has issetugid()
2005-12-31 00:07:26 +00:00
jmc
06b42f5e66
Redo previous rework to generate yacc/lex output again and remove generated
...
copies from the import as they don't compile clean across all archs.
2005-12-16 16:25:07 +00:00
martin
07c3097258
Allow archs to override BF_PTR
2005-12-13 09:50:52 +00:00
martin
3804e42335
Back out bn/bn.h rev. 1.9:
...
> use explicitly sized types for U_LLONG U_LONG and LONG; otherwise bn
> breaks on 64 bit platforms. The "LONG" openssl wants is really a 32 bit int.
Instead define SIXTY_FOUR_BIT_LONG where apropriate.
Regression tests still pass on sparc64 and i386. Furthermore this allows
us to finaly close PR 28935 (thanks to christos for removing the local
hacks on last import).
2005-12-12 19:50:26 +00:00
manu
a5b1c92448
Add NAT ports to SAD in setkey so that NAT SAD entries generated by
...
racoon can be removed by hand.
2005-12-04 20:46:40 +00:00
christos
cb9321f06d
use intptr_t not U_LONG to cast from a pointer to an int.
2005-11-28 19:08:30 +00:00
christos
bfae00e6c7
use explicitly sized types for U_LLONG U_LONG and LONG; otherwise bn
...
breaks on 64 bit platforms. The "LONG" openssl wants is really a 32 bit int.
2005-11-28 19:07:42 +00:00
christos
ea39e380db
Adjust to the new openssl
2005-11-26 02:32:58 +00:00
christos
b1d8541f7b
Add casts.
2005-11-25 22:28:31 +00:00
christos
859fae516a
change back to match the openssl original prototype.
2005-11-25 22:22:44 +00:00
christos
c4bfa0c238
XXX: This file does not really belong here.
...
Add ENGINESDIR define
2005-11-25 20:35:41 +00:00
christos
50a9cbc98b
Resolve conflicts:
...
1. Instead of trying to cleanup the ugly ifdefs, we leave them alone so that
there are going to be fewer conflicts in the future.
2. Where we make changes to override things #ifdef __NetBSD__ around them
so that it is clear what we are changing. This is still missing in some
places, notably in opensslconf.h because it would make things messier.
2005-11-25 19:14:11 +00:00
christos
8dc8acfeef
from http://www.openssl.org/source
2005-11-25 03:02:45 +00:00
wiz
11cf64bdd7
New sentence, new line. Remove trailing whitespace.
...
Mark up paths with .Pa.
2005-11-24 20:23:02 +00:00
manu
7fc03cd9fa
Merge ipsec-tools 0.6.3 import
2005-11-21 14:20:29 +00:00
manu
6e7df3c68b
From Yves-Alexis Perez: use sysdep_sa_len to make it compile on Linux
2005-11-21 14:20:28 +00:00
manu
c263eb3142
Merge ipsec-tools 0.6.3 import
2005-11-21 14:20:28 +00:00
manu
fdc9ad890d
Import IPsec-tools 0.6.3. This fixes several bugs, including bugs that
...
caused DoS.
2005-11-21 14:11:59 +00:00
manu
982fc9c517
Merge ipsec-tools 0.6.2 import.
2005-10-14 14:01:34 +00:00
manu
a37873eef0
Import ipsec-tools-0.6.2. Here is the ChangeLog since 0.6.1 (most of them
...
have already been pulled up in NetBSD CVS)
---------------------------------------------
0.6.2 released
2005-10-14 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/ipsec_doi.c: don't allow NULL or empty FQDNs or
USER_FQDNs (problem reported by Bernhard Suttner).
---------------------------------------------
0.6.2.beta3 released
2005-09-05 Emmanuel Dreyfus <manu@netbsd.org>
From Andreas Hasenack <ahasenack@terra.com.br>
* configure.ac: More build fixes for Linux
---------------------------------------------
0.6.2.beta2 released
2005-09-04 Emmanuel Dreyfus <manu@netbsd.org>
From Wilfried Weissmann
* src/libipsec/policy_parse.y src/racoon/{ipsec_doi.c|oakley.c}
src/racoon/{sockmisc.c|sockmisc.h}: build fixes
---------------------------------------------
0.6.2.beta1 released
2005-09-03 Emmanuel Dreyfus <manu@netbsd.org>
From Francis Dupont <Francis.Dupont@enst-bretagne.fr>
* src/libipsec/pfkey.c src/racoon/pfkey.c: Cope with extensions
2005-08-26 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/cfparse.y: handle xauth_login correctly
* src/racoon/isakmp.c: catch internal error
* src/raccon/isakmp_agg.c: fix racoon as Xauth client
* src/raccon/{isakmp_agg.c|isakmp_base.c}: Proposal safety checks
* src/racoon/evt.c: Fix memory leak when event queue overflows
2005-08-23 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{isakmp_agg.c|isakmp_ident.c|isakmp_base.c}: Correctly
initialize NAT-T VID to avoid freeing unallocated stuff.
2005-08-21 Emmanuel Dreyfus <manu@netbsd.org>
From Matthias Scheler <matthias.scheler@tadpole.com>
* src/racoon/{isakmp_cfg.c|racoon.conf.5}: enable the use of
ISAKMP mode config without Xauth.
2005-09-16 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/policy.c: Do not parse all sptree in inssp() if we
don't use Policies priority.
2005-08-15 Emmanuel Dreyfus <manu@netbsd.org>
From: Thomas Klausner <wiz@netbsd.org>
src/setkey/setkey.8: Drop trailing spaces
2005-10-14 13:21:42 +00:00
gendalia
decff3d730
Add a preprocessor symbol so we can distinguish fixed openssl
...
from the vanilla openssl. Thanks <jlam>.
2005-10-11 21:17:17 +00:00
gendalia
ed304be38e
fix openssl 2.0 rollback, CAN-2005-2969
...
approved by: agc
2005-10-11 18:07:40 +00:00
rpaulo
e3886d37ea
Add "openssl_" to man page references if they are available.
...
Fixes part of PR security/13953. Fixing the rest of the PR requires
adding more man pages.
2005-10-05 23:47:30 +00:00
manu
c557aaf18f
Fix bug when using hybrid auth in client mode
...
make xauth_login work again
add safety checks
2005-09-26 16:24:57 +00:00
christos
e83e36d896
fix spelling from Liam Foy.
2005-09-24 22:45:51 +00:00
christos
b9301b48d0
fix typos.
2005-09-24 17:34:17 +00:00
christos
2192079ea8
use get*_r()
2005-09-24 14:40:59 +00:00
christos
54a773e9d7
Can we please stop using caddr_t?
2005-09-24 14:40:39 +00:00
wiz
e904ea2e97
Drop trailing whitespace.
2005-09-23 19:58:28 +00:00
manu
7e2e2c16ff
Correctly initialize NAT-T VID to avoid freeing unallocated space
2005-09-23 14:22:27 +00:00
tron
3cc3e3c7a3
Correct documentation about Mode Config. It now works without XAuth, too.
...
Patch supplied by Emmanuel Dreyfus on the "ipsec-tools" mailing list.
2005-09-21 15:06:22 +00:00
tron
dc5127a31e
Make "Mode Config" work if XAuth is not used.
2005-09-21 12:46:08 +00:00
christos
a6040f634b
PR/13738: Johan Danielsson: ssh doesn't look at $HOME
2005-09-18 18:39:05 +00:00
christos
5391e24af6
Make -D behave like -L (obey GatewayPorts). Before it defaulted to listen
...
to wildcard which is not secure.
2005-09-18 18:27:28 +00:00
christos
218a95c0f2
Document that -D takes bind_address.
2005-09-18 16:22:35 +00:00
wiz
e6f32f6f02
Drop trailing whitespace.
2005-09-15 08:42:09 +00:00
christos
5db1262f0e
PR/31261: Mark Davies: ssh invokes xauth with bogus argument
2005-09-09 12:24:37 +00:00
christos
453555bc8b
PR/31243: Mark Davies: sshd uses pipes rather than socketpairs, making bash
...
not execute .bashrc. Since socketpairs work on all NetBSD systems, make it
the default.
2005-09-09 12:20:12 +00:00
elad
8f1a245ebd
Use default_md = sha1 in ``req'' section too, so we don't fallback to MD5.
...
Noted by smb@.
2005-09-01 21:35:25 +00:00
elad
98e0d8f19f
SHA1 is a better default than MD5.
...
Discussed with Steven M. Bellovin.
Closes PR/30395.
2005-08-27 12:32:15 +00:00
manu
0b97cbeb71
Update to ipsec-tools 0.6.1
2005-08-20 00:57:06 +00:00
manu
96ae7759c9
Import ipsec-tools 0.6.1
2005-08-20 00:40:43 +00:00
wiz
c8f5575b45
End sentence with a dot.
2005-08-14 09:25:08 +00:00
wiz
c91d1d213a
Drop trailing whitespace.
2005-08-07 11:19:35 +00:00
manu
111c13fe24
Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering
...
the newer software. Some useful local change might have been overwritten,
we'll take care of this soon.
2005-08-07 09:38:45 +00:00
manu
df08b9e74a
Update ipsec-tools to 0.6.1rc1
...
Most of the changes since 0.6b4 have already been committed to the NetBSD
tree. This upgrade fixes some IPcomp and NAT-T related problems that were
left unadressed in the NetBSD tree.
2005-08-07 08:46:11 +00:00
christos
1a191ad79e
PR/29862: Denis Lagno: sshd segfaults with long keys
...
The problem was that the rsa fips validation code did not allocate long
enough buffers, so it was trashing the stack.
2005-07-30 00:38:40 +00:00
he
182dc837b5
Move a variable declaration to the variable declaration section of
...
the enclosing block from within the middle of active code, so that
this compiles with older gcc. Fixes build problem for vax.
2005-07-14 11:26:57 +00:00
manu
b0602a2f44
Add safety checks for informational messages
2005-07-12 21:33:01 +00:00
tron
50c09443b0
Backout botched patch, approved by Emmanuel Dreyfus.
2005-07-12 19:17:37 +00:00
manu
132d72e25b
Add SHA2 support
2005-07-12 16:49:52 +00:00
manu
7736ad81cf
Add comments on how to use the hook scripts without NAT-T
2005-07-12 16:33:27 +00:00
manu
ecb971f5f8
Don't wipe out IKE ports for SA update as it breaks things: the SA is taken
...
from an existing SA and already has matching IKE ports.
2005-07-12 16:24:29 +00:00
manu
91b9c188b3
Add support for alrogithms with non OpenSSL default key sizes
2005-07-12 14:51:07 +00:00
manu
e0dd78cfbd
Don't use adminport when it is disabled
2005-07-12 14:15:39 +00:00
manu
4c94bccce3
Set IKE ports to 0 in SA when NAT-T is not in use. This fixes problems
...
when NAT-T is disabled
2005-07-12 14:14:46 +00:00
manu
929f80643d
Safety checks on informational messages
2005-07-12 14:13:10 +00:00
manu
8bc1e3c0ac
pkcs7 support
2005-07-12 14:12:20 +00:00
tron
d3544c4e45
Document that "aes" can be used for IKE and ESP encryption.
2005-07-07 12:34:17 +00:00
christos
eb8e3b9ad4
Add proper casts. Fix a problem where (uint32_t < ~0). Cast both ~0's to
...
u_int, since this is what the author intended.
2005-06-28 16:12:41 +00:00
christos
ca496ece2e
- Add lint comments
...
- Fix bad casts.
- Comment out unused variables.
2005-06-28 16:04:54 +00:00
christos
a1625e9ee8
Fix an error I introduced in the previous commit. The length could be 0.
...
Also parenthesize an expression properly.
2005-06-28 16:03:09 +00:00
christos
444efb36db
deal with casting/caddr_t stupidity. It is not 1980 anymore and people should
...
start using void *, instead of caddr_t.
2005-06-27 03:19:45 +00:00
christos
983e538712
Collect externs into one file instead of duplicating them everywhere.
2005-06-26 23:49:31 +00:00
christos
dd8cdde018
Fix compiler warnings.
2005-06-26 23:34:26 +00:00
christos
fba8d9ce60
Fix some of the pointer abuse, and add some const. Not done yet.
2005-06-26 21:14:08 +00:00
manu
dd3259cec0
NAT-T fix: We treat null ports in SPD as wildcard so that IKE ports
...
are used instead. This was done on phase 2 initiation from the kernel
(acquire message), but not on phase 2 initiation retries when the
phase 2 had been queued for a phase 1.
2005-06-22 21:28:18 +00:00
manu
13ca728372
Consume NAT-T packets that have already been seen through MSG_PEEK
2005-06-15 07:29:20 +00:00
chs
7bbdd188e1
appease gcc -Wuninitialized on hp700.
2005-06-05 19:08:28 +00:00
manu
6ec5a5a9b7
Fix Xauth login with PAM authentication
2005-06-04 22:09:27 +00:00
manu
2c39301c40
Endianness bug fix
2005-06-04 21:55:05 +00:00
manu
311dff8be0
Missing 0th element in rm_idtype2doi array
2005-06-03 22:27:06 +00:00
lukem
d687f4502c
appease gcc -Wuninitialized
2005-06-02 04:59:17 +00:00
lukem
936a4cd73f
Don't attempt to close a random file descriptor upon error.
...
Detected with gcc -Wuninitialized.
2005-06-02 04:57:33 +00:00
lukem
08ef6270ca
appease gcc -Wuninitialized
2005-06-02 04:56:14 +00:00
lukem
89f4d29f7d
Appease gcc -Wuninitialized, in a similar method used elsewhere in the
...
same function.
2005-06-02 04:43:45 +00:00
lukem
6e3cdc676d
appease gcc -Wuninitialized
2005-06-01 12:07:00 +00:00
wiz
8bf012821a
Drop trailing whitespace.
2005-05-25 16:57:39 +00:00
wiz
bf77c4e4b3
Drop trailing whitespace and a grammar fix.
2005-05-25 10:09:36 +00:00
manu
bd592e6e99
Really delete phase 1 on Xauth failure
2005-05-20 07:34:47 +00:00
manu
48fade8581
Fix NAT-T plus IPcomp
2005-05-20 01:28:13 +00:00
manu
c6660c31c6
Fix parse bug in IPsec policies
2005-05-20 00:57:33 +00:00
manu
2e090d4afb
When altering the lifetime, don't modify to configured proposal, duplicate
...
it instead.
2005-05-20 00:54:55 +00:00
christos
137ea645ec
PR/30198: Lubomir Sedlacik: The forwarding listening host is optional; don't
...
try to free it.
2005-05-18 16:11:11 +00:00
manu
6add206c2f
- Fix a double free
...
- For acquire messages, when NAT-T is in use, consider null port as a
wildcard and use IKE port
2005-05-13 14:09:44 +00:00
manu
a5a80e2b4d
Update sample config file to higher security settings
2005-05-10 10:22:03 +00:00
manu
aed94b2d22
Add two Cisco extensions for pushing PFS group and save password
...
setting throug ISAKMP mode config
2005-05-10 09:54:43 +00:00
manu
db7c068992
proposal_check fixes:
...
- fix claim behavior in phase 1
- also check lifebyte
2005-05-10 09:23:36 +00:00
lukem
56b6919254
Remove a stale #endif, and add one missing at EOF.
...
Noticed by code inspection and confirming by diffing against the vendor source.
The previous code compiled, but it certainly wouldn't have DTRT ...
2005-05-08 23:30:46 +00:00
christos
0a3fafc305
Update PAM from the "portable openssh" 4.0p1
2005-05-08 21:15:04 +00:00
he
8d29e11e90
Add a prototype for getph2bysaddr(), fixes build problem for isakmp.c.
2005-05-08 14:14:18 +00:00
manu
873e8e21a9
More NAT-T fixes for the situation where racoon acts as a VPN client
...
Flush SA and generated SP on DPD timeout and deletion payloads
2005-05-08 08:57:26 +00:00
manu
63a609062e
From Manisha Malla <mmanisha@novell.com>:
...
fix unsigned int checked for being negative
2005-05-04 17:23:10 +00:00
manu
8bf053b3f3
on phase 2 acquire, lookup phase 2 by (src, dst, policy id) so that
...
multiple SA can be used in transport mode
While I'm there, patch ipsec-tools ChangeLog to reflect the changes we
took from ipsec-tools-0_6-branch
2005-05-03 21:08:47 +00:00
uwe
f3b48582e5
return statements in void functions make lint very confused.
2005-04-27 22:38:56 +00:00
manu
10802677c9
Bug fixes from the ipsec-tools 0.6 branch:
...
- Fix NAT-T problems that prevented multiple peers behind the same NAT
to talk to the same machine outside the NAT. This also require kernel
fixes (already committed eralier)
- Fix a LP64 bug
- Fix NAT-T RFC conformance bugs (missing non ESP marker in packets)
- Add a -p option to setkey to display ports that could be used for ESP
over UDP when printing policies
2005-04-27 05:19:49 +00:00
matt
d627c3edde
Don't emit struct units [] anymore. emit a struct units * const foo and
...
in the C file initialize that to the static list.
2005-04-25 17:20:51 +00:00
matt
5ac7f26c22
Emit headers with #include <parse_units.h> so that struct units is defined
...
so that extern struct units <foo> will not cause errors with gcc4.x
2005-04-25 01:25:25 +00:00
kleink
14fc3b7ba8
Fix printf format/argument mismatch.
2005-04-24 13:31:01 +00:00
christos
a8090b3963
add back moduli
2005-04-23 21:12:47 +00:00
christos
31ed567522
resolve conflicts.
2005-04-23 19:31:14 +00:00
christos
ed314b4eb0
from www.openssl.org
2005-04-23 19:10:56 +00:00
christos
0df7655544
bring back files that this update removed.
2005-04-23 16:55:03 +00:00
christos
8471a3b7da
resolve conflicts.
2005-04-23 16:53:28 +00:00
christos
70917d9a4b
Import OpenSSH 4.0 from ftp.openbsd.org
2005-04-23 16:28:01 +00:00
manu
6845962b31
Fix simple DES support (security problems for racoon to racoon setups)
...
Fix broken generated policies flush
2005-04-19 19:42:08 +00:00
christos
97b2d3b1c8
check for pwd != NULL in getpwnam_r. From John Nemeth.
2005-04-19 12:55:31 +00:00
manu
d3e5d568cd
Fix SA lifebyte check
2005-04-18 11:15:01 +00:00
wiz
e35111eeee
Some more minor changes, ok manu@.
2005-04-17 01:03:46 +00:00
wiz
1390e25dcf
Some more English improvements after feedback from manu@; more formatting.
2005-04-15 13:23:58 +00:00
wiz
6e35cd769e
Improve English in comments.
2005-04-15 11:10:32 +00:00
wiz
0f822df19c
Improve english, improve formatting, sort options.
2005-04-15 10:58:11 +00:00
wiz
c0259e4629
Grammar fixes & improvements.
2005-04-14 11:47:26 +00:00
wiz
57066c3ab7
Grammar improvements.
2005-04-14 11:41:53 +00:00
wiz
097b641d74
kerberos -> Kerberos.
2005-04-14 11:35:08 +00:00
wiz
1b303684c3
Fix typo.
2005-04-14 11:34:37 +00:00
wiz
6b53ca1794
all SA -> all SAs.
2005-04-14 10:31:35 +00:00
wiz
6e903fbf59
New sentence, new line; some other dot fixes found during line breaking.
2005-04-14 10:30:28 +00:00
wiz
1131da3fb1
Use capitalized spelling of NetBSD.
2005-04-14 10:26:40 +00:00
wiz
6e8a3f159a
Add LIBRARY section.
2005-04-14 10:25:58 +00:00
wiz
863b095e57
Punctuation nits.
2005-04-14 10:24:43 +00:00
wiz
0fb9995f39
Use Bq instead of [].
2005-04-14 10:24:18 +00:00
wiz
75b3bff7ae
Punctuation nits.
2005-04-14 10:23:38 +00:00
wiz
dd317f6217
Use .In for header files.
2005-04-14 10:22:11 +00:00
wiz
9e8d46e23b
No dot at end of SEE ALSO; Xr fixes.
2005-04-14 10:21:22 +00:00
wiz
9582558bf7
Mostly punctuation nits; break line after Xr arguments.
2005-04-14 10:20:01 +00:00
wiz
954b6abb72
Fix Dd and Dt arguments; fix two more typos; add comma in SEE ALSO;
...
format author with An/Aq.
2005-04-14 10:15:58 +00:00
wiz
2299aab679
We want .Os without argument.
2005-04-14 10:13:10 +00:00
wiz
f6b271af05
Add missing .Os.
2005-04-14 10:13:03 +00:00
wiz
472d87499c
Uncomment xref to racoonctl.
2005-04-14 10:11:32 +00:00
wiz
acc79b78a6
hexa-decimal -> hexadecimal.
2005-04-14 10:07:35 +00:00
wiz
db0843b173
Add an article, and 2nd -> second.
2005-04-14 10:07:10 +00:00
wiz
f7c1b62f03
Use Xr for chroot.
2005-04-14 10:06:32 +00:00
wiz
d0e3ae6a43
oakley -> Oakley.
2005-04-14 10:05:45 +00:00
wiz
caf942511e
aspell
2005-04-14 10:04:17 +00:00
wiz
2ea3f3fa43
Drop trailing whitespace.
2005-04-14 09:47:12 +00:00
wiz
03a7a7234a
New sentence, new line. Remove Os argument (we are not KAME).
...
NetBSD -> Nx. Use Sx for section cross-references.
2005-04-13 23:12:01 +00:00
wiz
6cd6ff42d8
Drop trailing whitespace.
2005-04-13 23:09:35 +00:00
manu
5a6c417352
Resurrect TCP-MD5 support. This fixes bin/29915
2005-04-10 21:20:55 +00:00
manu
09a5230af6
Fix a buffer overrun in ISAKMP mode config SET handler
2005-04-04 21:43:26 +00:00
christos
55ef051c47
s/u_int32_t/uint32_t/
...
kill the rest of u32,u16,u8
2005-03-26 03:48:44 +00:00
christos
9b98d82f76
s/u32/u_int32_t/
2005-03-26 02:23:06 +00:00
christos
c6a84da3bd
Don't define FIPS_selftest_failed locally.
2005-03-26 02:22:42 +00:00
christos
514fe26b5c
The last broken merge.
2005-03-25 23:03:47 +00:00
christos
2674f87be1
Fix merge issue.
2005-03-25 21:54:20 +00:00
christos
db19fc60e2
Missed 2 #ifdef OPENSSL_FIPS...
2005-03-25 20:19:51 +00:00
christos
684dfceb07
Resolve conflicts.
2005-03-25 20:14:24 +00:00
christos
e72fb54032
import openssl-0.9.7f from ftp.openssl.org
2005-03-25 19:05:51 +00:00
kleink
ac37001e7f
As observed in other modules, pull in <sys/queue.h> explicitly rather
...
than relying on namespace pollution to do so.
2005-03-17 20:40:42 +00:00
manu
d658ac5976
Updated ipsec-tools:
...
2005-03-16 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
src/racoon/remoteconf.c: When running in privsep mode, check that
private key and script paths match those given in the path section.
2005-03-15 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{isakmp_cfg|isakmp_cfg.h|isakmp_xauth.c}: initialize
RADIUS accounting at startup
* src/racoon/privsep.c: fix minor bug in PAM cleanup
* src/racoon/isakmp_cfg.c: only call cleanup_pam if PAM is used
2005-03-14 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac: handle correctly dynamic libradius
* src/racoon/cfparse.y: correctly initialize address pool
2005-03-16 23:53:12 +00:00
manu
8a98c83667
Updated ipsec-tools:
...
2005-03-16 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
src/racoon/remoteconf.c: When running in privsep mode, check that
private key and script paths match those given in the path section.
2005-03-15 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{isakmp_cfg|isakmp_cfg.h|isakmp_xauth.c}: initialize
RADIUS accounting at startup
* src/racoon/privsep.c: fix minor bug in PAM cleanup
* src/racoon/isakmp_cfg.c: only call cleanup_pam if PAM is used
2005-03-14 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac: handle correctly dynamic libradius
* src/racoon/cfparse.y: correctly initialize address pool
2005-03-16 23:52:42 +00:00
manu
e4563075a5
Updated ipsec-tools:
...
2005-03-16 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5}
src/racoon/remoteconf.c: When running in privsep mode, check that
private key and script paths match those given in the path section.
2005-03-15 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{isakmp_cfg|isakmp_cfg.h|isakmp_xauth.c}: initialize
RADIUS accounting at startup
* src/racoon/privsep.c: fix minor bug in PAM cleanup
* src/racoon/isakmp_cfg.c: only call cleanup_pam if PAM is used
2005-03-14 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac: handle correctly dynamic libradius
* src/racoon/cfparse.y: correctly initialize address pool
2005-03-16 23:51:44 +00:00
manu
e298dc4582
Import ipsec-tools ipsec-tools-0_6-20050314
2005-03-14 08:14:24 +00:00
christos
daee9fbceb
Add UsePam yes
2005-02-28 02:35:10 +00:00
manu
519aeb19a0
Resolve conflict
2005-02-24 20:59:24 +00:00
manu
6159f46a8d
Import ipsec-tools ipsec-tools-0_6-20050224
2005-02-24 20:52:25 +00:00
manu
88856e235d
Resolve conficts and remove autoconf files that were committed by mistake
2005-02-23 15:17:50 +00:00
manu
8006965b1b
Import ipsec-tools 0.6 branch as of 2005/02/23. News from last imported version
...
according to ipsec-tools' ChangeLog:
2005-02-23 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal
support for patented algorithms: IDEA and RC5.
* src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it
is not required in the configuration
* src/racoon/isakmp.c: do not reject addresses for which kernel
refused UDP encapsulation, they can still be used for non NAT-T
traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel)
2005-02-18 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{main.c|eaytest.c|plairsa-gen.c}
src/setkey/setkey.c: don't use fuzzy paths for package_version.h
2005-02-18 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/isakmp_inf.c: Purge generated SPDs when getting a
related DELETE_SA
* src/racoon/pfkey.c: do NOT unbindph12() when SA acquire
2005-02-17 Emmanuel Dreyfus <manu@netbsd.org>
From Fred Senault <fred.letter@lacave.net>
* src/racoon/remoteconf.c: Fix a bug in script init
2005-02-17 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks
2005-02-15 Michal Ludvig <michal@logix.cz>
* configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN
2005-02-23 14:53:33 +00:00
elric
3e9f769ad6
Turn protocol 1 krb5 support back on.
2005-02-22 02:29:32 +00:00
wiz
0e4368712b
Fix Xref.
2005-02-20 21:10:54 +00:00
wiz
54c5fce210
Sort sections, whitespace nit, use .In.
2005-02-20 21:10:04 +00:00
manu
a7d348371a
Remove KAME racoon distribution, which is not used anymore
2005-02-20 15:50:02 +00:00
onoe
9bd25f488a
re-enable smime encrypt. fix from openssl-0.9.7e
2005-02-20 03:33:47 +00:00
thorpej
3029ac0bc4
Use __inline instead of inline.
2005-02-19 22:02:59 +00:00
christos
c4362dc746
Move duplicate block for pam to the 1.5 dispatch block where it belongs.
...
Restore KRB4 and KRB5 blocks to the 1.5 dispatch block.
XXX: Should we remove the KRB4 block from the 2.0 dispatch block?
2005-02-19 03:08:23 +00:00
thorpej
2a7ae5ee05
Fix package_version.h include path so it has a chance of working in
...
our source tree.
2005-02-18 06:28:52 +00:00
thorpej
b4668e17e3
Alter the include path for package_version.h so that it has a chance
...
of working in our source tree.
2005-02-18 06:24:38 +00:00
elric
48f369dafd
Put Kerberos configuration options back into client config parsing
...
routines.
2005-02-16 05:04:05 +00:00
he
e4afa5eb28
A sig_atomic_t isn't necessarily compatible with a %d printf format;
...
on evbsh5 sig_atomic_t is an __int64_t. Since this only stores a
signal number, cast to int before printing.
2005-02-15 16:22:12 +00:00
christos
0b6f3b5222
add moduli from openssh-3.9p1
2005-02-13 19:34:24 +00:00