Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Jan 10, 2000
  1. added commit bit proccesing. (not tested)

    sakane authored
    XXX don't initiate commit bit.  should be fixed in the future.
    
    add a question:
    	Is it forbidden to clear commit bit during phase2 negotiation ?
Commits on Jan 9, 2000
  1. remove unused static function prototype.

    itojun authored
  2. add isakmp_ase.c for everyone

    itojun authored
  3. o What's proto_id in notify message of responder 2nd message with com…

    sakane authored
    …mit bit
    
      processing when multiple different SA applyed ?
  4. If there was no phase 2 negotiation under phase 1, phase 1 will be ne…

    sakane authored
    …gotiated
    
    only one time.  But the next time is deleted.
  5. the commit bit on Phase 1 is forbidden.

    sakane authored
    respond notify message with INVALID-FLAGS.
  6. added base mode. (not tested)

    sakane authored
    delete isakmp_kn2isa().
    alternatively added isakmp_p2ph() to copy payload buffer without isakmp_gen header.
  7. s/-DSSLVERNUM/-DSSLVER/

    itojun authored
  8. add 'question' file.

    sakane authored
  9. move 'HOW DO I DO' to doc/question.

    sakane authored
  10. removed a file.

    sakane authored
  11. don't include tcpip.h (not necessary)

    itojun authored
  12. improve libipsec lookup.

    itojun authored
  13. don't include netinet6/in6.h (not necessary

    itojun authored
  14. sync with FreeBSD-current.

    sumikawa authored
  15. forgot to add, sorry.

    sumikawa authored
  16. sync with FreeBSD-current.

    sumikawa authored
  17. sync with latest racoon directory.

    itojun authored
    XXX racoon/racoon not tested, other directories tested with freebsd2
  18. sync again

    itojun authored
  19. remove duplicated signing.o

    itojun authored
  20. adapt to new racoon directory.

    itojun authored
  21. massive clarification to racoon ISAKMP daemon.

    itojun authored
    - Merged Eric Lemiere's code for limited certificate support.
    - There are two management hander.
    	"Phase 1 handler" is to manage ISAKMP SA.  It is created when
    	phase 1 exchange on both initiator and responder side will be
    	started.
    	"Phase 2 handler" is to manage IPsec SAs.  It is created when
    	pfkey acquire message will be received, and when 1st message
    	in phase 2 will be received on responder side.
    - Vendor id will be sent after negotiating hasn algorithm.
      When we receive vendor id before negotiating it, we use default hash
      algorithm MD5 to check.
    - Post command deleted.
    - msgid_t delted.
    - don't release management handler.  do it only if retry will be
      timed up.
    - separate the function of isakmp exchange.  one is to check received
      data.  other is to reply.  the reason is for handling to resend.
    - change name "dir" to "side" in order to distinguish from policy
      direction.
    - If initiator request PFS, but responder is not ready to do that,
      responder stops the negotiation.  If initiator don't request PFS,
      but responder require it, also responder stops the negotiation.
  22. missing from merger

    itojun authored
  23. - Merged Eric Lemiere's code for limited certificate support.

    itojun authored
    - There are two management hander.
    	"Phase 1 handler" is to manage ISAKMP SA.  It is created when phase 1
    	exchange on both initiator and responder side will be started.
    	"Phase 2 handler" is to manage IPsec SAs.  It is created when pfkey
    	acquire message will be received, and when 1st message in phase 2 will
    	be received on responder side.
    - Vendor id will be sent after negotiating hasn algorithm.
      When we receive vendor id before negotiating it, we use default hash algorithm
      MD5 to check.
    - Post command deleted.
    - msgid_t delted.
    - don't release management handler.  do it only if retry will be timed up.
    - separate the function of isakmp exchange.  one is to check received data.
      other is to reply.  the reason is for handling to resend.
    - change name "dir" to "side" in order to distinguish from policy direction.
    - If initiator request PFS, but responder is not ready to do that,
      responder stops the negotiation.  If initiator don't request PFS,
      but responder require it, also responder stops the negotiation.
    
    From: sakane (with minor clarifications)
    
    XXX
    - unnecessary files should be nuked.  are isakmp_base.[ch] necessary?
    - TODO.jp needs to be incorporated into TODO (not imported).
  24. rename crypto.[ch] into crypto_openssl.[ch]

    itojun authored
  25. mv to racoon/doc/*

    itojun authored
Commits on Jan 8, 2000
  1. * freebsd3/usr.sbin/inetd: support IDENT.

    sumikawa authored
  2. Sync with FreeBSD-current.

    sumikawa authored
  3. support IDENT.

    sumikawa authored
    From: Hajimu UMEMOTO <ume@mahoroba.org>
  4. * freebsd3/ports/heimdal: upgrade to 0.2l.

    sumikawa authored
  5. Upgrade to 0.2l.

    sumikawa authored
  6. * kame/sys/netkey/key.c:

    sakane authored
      - fix kenrel crash when flushing SAD.
      - for stability, increment refcnt of SA when key_getsavbyspi() called.
      - add some error message
  7. - fix kenrel crash when flushing SAD. don't delete SA when refcnt > 1.

    sakane authored
    - for stability, increment refcnt of SA when key_getsavbyspi() called.
    - add some error message
    - fix errno at key_update().
Something went wrong with that request. Please try again.