c91d1d213a
Drop trailing whitespace.
2005-08-07 11:19:35 +00:00
111c13fe24
Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering
...
the newer software. Some useful local change might have been overwritten,
we'll take care of this soon.
2005-08-07 09:38:45 +00:00
df08b9e74a
Update ipsec-tools to 0.6.1rc1
...
Most of the changes since 0.6b4 have already been committed to the NetBSD
tree. This upgrade fixes some IPcomp and NAT-T related problems that were
left unadressed in the NetBSD tree.
2005-08-07 08:46:11 +00:00
1a191ad79e
PR/29862: Denis Lagno: sshd segfaults with long keys
...
The problem was that the rsa fips validation code did not allocate long
enough buffers, so it was trashing the stack.
2005-07-30 00:38:40 +00:00
182dc837b5
Move a variable declaration to the variable declaration section of
...
the enclosing block from within the middle of active code, so that
this compiles with older gcc. Fixes build problem for vax.
2005-07-14 11:26:57 +00:00
b0602a2f44
Add safety checks for informational messages
2005-07-12 21:33:01 +00:00
50c09443b0
Backout botched patch, approved by Emmanuel Dreyfus.
2005-07-12 19:17:37 +00:00
132d72e25b
Add SHA2 support
2005-07-12 16:49:52 +00:00
7736ad81cf
Add comments on how to use the hook scripts without NAT-T
2005-07-12 16:33:27 +00:00
ecb971f5f8
Don't wipe out IKE ports for SA update as it breaks things: the SA is taken
...
from an existing SA and already has matching IKE ports.
2005-07-12 16:24:29 +00:00
91b9c188b3
Add support for alrogithms with non OpenSSL default key sizes
2005-07-12 14:51:07 +00:00
e0dd78cfbd
Don't use adminport when it is disabled
2005-07-12 14:15:39 +00:00
4c94bccce3
Set IKE ports to 0 in SA when NAT-T is not in use. This fixes problems
...
when NAT-T is disabled
2005-07-12 14:14:46 +00:00
929f80643d
Safety checks on informational messages
2005-07-12 14:13:10 +00:00
8bc1e3c0ac
pkcs7 support
2005-07-12 14:12:20 +00:00
d3544c4e45
Document that "aes" can be used for IKE and ESP encryption.
2005-07-07 12:34:17 +00:00
eb8e3b9ad4
Add proper casts. Fix a problem where (uint32_t < ~0). Cast both ~0's to
...
u_int, since this is what the author intended.
2005-06-28 16:12:41 +00:00
ca496ece2e
- Add lint comments
...
- Fix bad casts.
- Comment out unused variables.
2005-06-28 16:04:54 +00:00
a1625e9ee8
Fix an error I introduced in the previous commit. The length could be 0.
...
Also parenthesize an expression properly.
2005-06-28 16:03:09 +00:00
444efb36db
deal with casting/caddr_t stupidity. It is not 1980 anymore and people should
...
start using void *, instead of caddr_t.
2005-06-27 03:19:45 +00:00
983e538712
Collect externs into one file instead of duplicating them everywhere.
2005-06-26 23:49:31 +00:00
dd8cdde018
Fix compiler warnings.
2005-06-26 23:34:26 +00:00
fba8d9ce60
Fix some of the pointer abuse, and add some const. Not done yet.
2005-06-26 21:14:08 +00:00
dd3259cec0
NAT-T fix: We treat null ports in SPD as wildcard so that IKE ports
...
are used instead. This was done on phase 2 initiation from the kernel
(acquire message), but not on phase 2 initiation retries when the
phase 2 had been queued for a phase 1.
2005-06-22 21:28:18 +00:00
13ca728372
Consume NAT-T packets that have already been seen through MSG_PEEK
2005-06-15 07:29:20 +00:00
7bbdd188e1
appease gcc -Wuninitialized on hp700.
2005-06-05 19:08:28 +00:00
6ec5a5a9b7
Fix Xauth login with PAM authentication
2005-06-04 22:09:27 +00:00
2c39301c40
Endianness bug fix
2005-06-04 21:55:05 +00:00
311dff8be0
Missing 0th element in rm_idtype2doi array
2005-06-03 22:27:06 +00:00
d687f4502c
appease gcc -Wuninitialized
2005-06-02 04:59:17 +00:00
936a4cd73f
Don't attempt to close a random file descriptor upon error.
...
Detected with gcc -Wuninitialized.
2005-06-02 04:57:33 +00:00
08ef6270ca
appease gcc -Wuninitialized
2005-06-02 04:56:14 +00:00
89f4d29f7d
Appease gcc -Wuninitialized, in a similar method used elsewhere in the
...
same function.
2005-06-02 04:43:45 +00:00
6e3cdc676d
appease gcc -Wuninitialized
2005-06-01 12:07:00 +00:00
8bf012821a
Drop trailing whitespace.
2005-05-25 16:57:39 +00:00
bf77c4e4b3
Drop trailing whitespace and a grammar fix.
2005-05-25 10:09:36 +00:00
bd592e6e99
Really delete phase 1 on Xauth failure
2005-05-20 07:34:47 +00:00
48fade8581
Fix NAT-T plus IPcomp
2005-05-20 01:28:13 +00:00
c6660c31c6
Fix parse bug in IPsec policies
2005-05-20 00:57:33 +00:00
2e090d4afb
When altering the lifetime, don't modify to configured proposal, duplicate
...
it instead.
2005-05-20 00:54:55 +00:00
137ea645ec
PR/30198: Lubomir Sedlacik: The forwarding listening host is optional; don't
...
try to free it.
2005-05-18 16:11:11 +00:00
6add206c2f
- Fix a double free
...
- For acquire messages, when NAT-T is in use, consider null port as a
wildcard and use IKE port
2005-05-13 14:09:44 +00:00
a5a80e2b4d
Update sample config file to higher security settings
2005-05-10 10:22:03 +00:00
aed94b2d22
Add two Cisco extensions for pushing PFS group and save password
...
setting throug ISAKMP mode config
2005-05-10 09:54:43 +00:00
db7c068992
proposal_check fixes:
...
- fix claim behavior in phase 1
- also check lifebyte
2005-05-10 09:23:36 +00:00
56b6919254
Remove a stale #endif, and add one missing at EOF.
...
Noticed by code inspection and confirming by diffing against the vendor source.
The previous code compiled, but it certainly wouldn't have DTRT ...
2005-05-08 23:30:46 +00:00
0a3fafc305
Update PAM from the "portable openssh" 4.0p1
2005-05-08 21:15:04 +00:00
8d29e11e90
Add a prototype for getph2bysaddr(), fixes build problem for isakmp.c.
2005-05-08 14:14:18 +00:00
873e8e21a9
More NAT-T fixes for the situation where racoon acts as a VPN client
...
Flush SA and generated SP on DPD timeout and deletion payloads
2005-05-08 08:57:26 +00:00
63a609062e
From Manisha Malla <mmanisha@novell.com>:
...
fix unsigned int checked for being negative
2005-05-04 17:23:10 +00:00
wiz