Permalink
Commits on Aug 27, 2000
  1. make sure we have IV that is random enough. memory allocator on

    itojun committed Aug 27, 2000
    some of platforms give us almost constant number (oops).
  2. repair iv initialization on encryption.

    itojun committed Aug 27, 2000
  3. esp internal API change - algo->{en,de}crypt reclaims the mbuf on

    itojun committed Aug 27, 2000
    encryption error.
    
    use m_copyback() to initialize IV, and remove too strong mbuf assumption.
  4. s/$/CBC/ for rijndael/twofish, for consistency

    itojun committed Aug 27, 2000
  5. declare SADB_X_EALG_{RIJNDAEL,TWOFISH}, based on

    itojun committed Aug 27, 2000
    draft-ietf-ipsec-ciph-aes-cbc-00.txt.
  6. "contact KAME guys" warning on setsockopt #s

    itojun committed Aug 27, 2000
Commits on Aug 26, 2000
  1. do not use MALLOC() to allocate variable length memory region.

    itojun committed Aug 26, 2000
    see sys/malloc.h.
  2. RFC2893 obsoletes 1933

    itojun committed Aug 26, 2000
Commits on Aug 25, 2000
  1. remove #if 0 portion

    itojun committed Aug 25, 2000
  2. fixed a comment.

    sakane committed Aug 25, 2000
  3. 2000-08-25 JINMEI, Tatuya <jinmei@isl.rdc.toshiba.co.jp>

    jinmei committed Aug 25, 2000
    	* kame/sys/netinet6/in6.c (in6_lifaddr_ioctl): made
    	SIOC[DG]LIFADDR scope-aware; fe80::/64 (not /10) will be accepted
    	to specify a link-local address.
    	In response to a report from Francis Dupont
    	<Francis.Dupont@enst-bretagne.fr>.
  4. made SIOC[DG]LIFADDR scope-aware; fe80::/64 (not /10) will be accepted

    jinmei committed Aug 25, 2000
    to specify a link-local address.
    report from Francis Dupont.
Commits on Aug 24, 2000
  1. * kame/kame/racoon:

    sakane committed Aug 24, 2000
    It is possible to verify the signer chain in the certificate.
    You must have all of the certificate of each authorities before
    the certificate verification.
    Also racoon can output a readable certificate to the logfile during
    debugging.
    XXX the caomparison between ID value and Subject{,Alt}Name is not yet.
  2. enabled to check all of authorities of the certificate.

    sakane committed Aug 24, 2000
    print a certificate for debugging.
  3. improved certificate test.

    sakane committed Aug 24, 2000
  4. * netbsd/pkgsrc/net/bind9, freebsd3/ports/bind9: use bind

    sumikawa committed Aug 24, 2000
      9.0.0rc4.
  5. upgrade to rc4 and fix PLIST.

    sumikawa committed Aug 24, 2000
  6. * netbsd/pkgsrc/net/bind9: use bind 9.0.0rc4.

    itojun committed Aug 24, 2000
  7. upgrade to 9.0.0rc4. install manpages.

    itojun committed Aug 24, 2000
  8. * kame/kame/racoon:

    sakane committed Aug 24, 2000
    Fixed IV processing.  IV mismatching happened when a peer sent a
    encrypted informational exchange on phase 1.  Also added a comment
    about IV processing in handler.h.  And deleted ivd in IV hander
    because it is useless.
  9. fixed IV processing. IV mismatching happened when a peer sent a encry…

    sakane committed Aug 24, 2000
    …pted
    
    informational exchange on phase 1.  Also added a comment about IV processing
    in handler.h.  And deleted ivd in IV hander because it is useless.
  10. adujst the length of phase 2 IV.

    sakane committed Aug 24, 2000
  11. - clarified some message.

    sakane committed Aug 24, 2000
    - added a code in order to check authenticator, but not enabled.
  12. clarified status message.

    sakane committed Aug 24, 2000
  13. ping6 change for netbsd

    itojun committed Aug 24, 2000
  14. make it frendly to openssl0.9.4.

    sakane committed Aug 24, 2000
  15. modified a augument of eay_check_x509cert. The type of the path of

    sakane committed Aug 24, 2000
    the CA directory is char *, not vchar_t *.
Commits on Aug 23, 2000
  1. updated.

    sakane committed Aug 23, 2000
  2. change contact address to snap-users@kame.net.

    sakane committed Aug 23, 2000
  3. * kame/kame/racoon:

    sakane committed Aug 23, 2000
    Added the behavior of PFS selection in the case of "strict"/"claim".
    If PFS is not required by the responder, the responder obeys the
    proposal.  If PFS is required by both sides and if the responder's
    group is not equal to the initiator's one, then the responder reject
    the proposal.