e3886d37ea
Add "openssl_" to man page references if they are available.
...
Fixes part of PR security/13953. Fixing the rest of the PR requires
adding more man pages.
2005-10-05 23:47:30 +00:00
c557aaf18f
Fix bug when using hybrid auth in client mode
...
make xauth_login work again
add safety checks
2005-09-26 16:24:57 +00:00
e83e36d896
fix spelling from Liam Foy.
2005-09-24 22:45:51 +00:00
b9301b48d0
fix typos.
2005-09-24 17:34:17 +00:00
2192079ea8
use get*_r()
2005-09-24 14:40:59 +00:00
54a773e9d7
Can we please stop using caddr_t?
2005-09-24 14:40:39 +00:00
e904ea2e97
Drop trailing whitespace.
2005-09-23 19:58:28 +00:00
7e2e2c16ff
Correctly initialize NAT-T VID to avoid freeing unallocated space
2005-09-23 14:22:27 +00:00
3cc3e3c7a3
Correct documentation about Mode Config. It now works without XAuth, too.
...
Patch supplied by Emmanuel Dreyfus on the "ipsec-tools" mailing list.
2005-09-21 15:06:22 +00:00
dc5127a31e
Make "Mode Config" work if XAuth is not used.
2005-09-21 12:46:08 +00:00
a6040f634b
PR/13738: Johan Danielsson: ssh doesn't look at $HOME
2005-09-18 18:39:05 +00:00
5391e24af6
Make -D behave like -L (obey GatewayPorts). Before it defaulted to listen
...
to wildcard which is not secure.
2005-09-18 18:27:28 +00:00
218a95c0f2
Document that -D takes bind_address.
2005-09-18 16:22:35 +00:00
e6f32f6f02
Drop trailing whitespace.
2005-09-15 08:42:09 +00:00
5db1262f0e
PR/31261: Mark Davies: ssh invokes xauth with bogus argument
2005-09-09 12:24:37 +00:00
453555bc8b
PR/31243: Mark Davies: sshd uses pipes rather than socketpairs, making bash
...
not execute .bashrc. Since socketpairs work on all NetBSD systems, make it
the default.
2005-09-09 12:20:12 +00:00
8f1a245ebd
Use default_md = sha1 in ``req'' section too, so we don't fallback to MD5.
...
Noted by smb@.
2005-09-01 21:35:25 +00:00
98e0d8f19f
SHA1 is a better default than MD5.
...
Discussed with Steven M. Bellovin.
Closes PR/30395.
2005-08-27 12:32:15 +00:00
0b97cbeb71
Update to ipsec-tools 0.6.1
2005-08-20 00:57:06 +00:00
96ae7759c9
Import ipsec-tools 0.6.1
2005-08-20 00:40:43 +00:00
c8f5575b45
End sentence with a dot.
2005-08-14 09:25:08 +00:00
c91d1d213a
Drop trailing whitespace.
2005-08-07 11:19:35 +00:00
111c13fe24
Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering
...
the newer software. Some useful local change might have been overwritten,
we'll take care of this soon.
2005-08-07 09:38:45 +00:00
df08b9e74a
Update ipsec-tools to 0.6.1rc1
...
Most of the changes since 0.6b4 have already been committed to the NetBSD
tree. This upgrade fixes some IPcomp and NAT-T related problems that were
left unadressed in the NetBSD tree.
2005-08-07 08:46:11 +00:00
1a191ad79e
PR/29862: Denis Lagno: sshd segfaults with long keys
...
The problem was that the rsa fips validation code did not allocate long
enough buffers, so it was trashing the stack.
2005-07-30 00:38:40 +00:00
182dc837b5
Move a variable declaration to the variable declaration section of
...
the enclosing block from within the middle of active code, so that
this compiles with older gcc. Fixes build problem for vax.
2005-07-14 11:26:57 +00:00
b0602a2f44
Add safety checks for informational messages
2005-07-12 21:33:01 +00:00
50c09443b0
Backout botched patch, approved by Emmanuel Dreyfus.
2005-07-12 19:17:37 +00:00
132d72e25b
Add SHA2 support
2005-07-12 16:49:52 +00:00
7736ad81cf
Add comments on how to use the hook scripts without NAT-T
2005-07-12 16:33:27 +00:00
ecb971f5f8
Don't wipe out IKE ports for SA update as it breaks things: the SA is taken
...
from an existing SA and already has matching IKE ports.
2005-07-12 16:24:29 +00:00
91b9c188b3
Add support for alrogithms with non OpenSSL default key sizes
2005-07-12 14:51:07 +00:00
e0dd78cfbd
Don't use adminport when it is disabled
2005-07-12 14:15:39 +00:00
4c94bccce3
Set IKE ports to 0 in SA when NAT-T is not in use. This fixes problems
...
when NAT-T is disabled
2005-07-12 14:14:46 +00:00
929f80643d
Safety checks on informational messages
2005-07-12 14:13:10 +00:00
8bc1e3c0ac
pkcs7 support
2005-07-12 14:12:20 +00:00
d3544c4e45
Document that "aes" can be used for IKE and ESP encryption.
2005-07-07 12:34:17 +00:00
eb8e3b9ad4
Add proper casts. Fix a problem where (uint32_t < ~0). Cast both ~0's to
...
u_int, since this is what the author intended.
2005-06-28 16:12:41 +00:00
ca496ece2e
- Add lint comments
...
- Fix bad casts.
- Comment out unused variables.
2005-06-28 16:04:54 +00:00
a1625e9ee8
Fix an error I introduced in the previous commit. The length could be 0.
...
Also parenthesize an expression properly.
2005-06-28 16:03:09 +00:00
444efb36db
deal with casting/caddr_t stupidity. It is not 1980 anymore and people should
...
start using void *, instead of caddr_t.
2005-06-27 03:19:45 +00:00
983e538712
Collect externs into one file instead of duplicating them everywhere.
2005-06-26 23:49:31 +00:00
dd8cdde018
Fix compiler warnings.
2005-06-26 23:34:26 +00:00
fba8d9ce60
Fix some of the pointer abuse, and add some const. Not done yet.
2005-06-26 21:14:08 +00:00
dd3259cec0
NAT-T fix: We treat null ports in SPD as wildcard so that IKE ports
...
are used instead. This was done on phase 2 initiation from the kernel
(acquire message), but not on phase 2 initiation retries when the
phase 2 had been queued for a phase 1.
2005-06-22 21:28:18 +00:00
13ca728372
Consume NAT-T packets that have already been seen through MSG_PEEK
2005-06-15 07:29:20 +00:00
7bbdd188e1
appease gcc -Wuninitialized on hp700.
2005-06-05 19:08:28 +00:00
6ec5a5a9b7
Fix Xauth login with PAM authentication
2005-06-04 22:09:27 +00:00
2c39301c40
Endianness bug fix
2005-06-04 21:55:05 +00:00
311dff8be0
Missing 0th element in rm_idtype2doi array
2005-06-03 22:27:06 +00:00
rpaulo