Skip to content
Commits on Jan 9, 2000
  1. remove unused static function prototype.

    itojun committed
  2. add isakmp_ase.c for everyone

    itojun committed
  3. o What's proto_id in notify message of responder 2nd message with com…

    sakane committed
    …mit bit
    
      processing when multiple different SA applyed ?
  4. If there was no phase 2 negotiation under phase 1, phase 1 will be ne…

    sakane committed
    …gotiated
    
    only one time.  But the next time is deleted.
  5. the commit bit on Phase 1 is forbidden.

    sakane committed
    respond notify message with INVALID-FLAGS.
  6. added base mode. (not tested)

    sakane committed
    delete isakmp_kn2isa().
    alternatively added isakmp_p2ph() to copy payload buffer without isakmp_gen header.
  7. s/-DSSLVERNUM/-DSSLVER/

    itojun committed
  8. add 'question' file.

    sakane committed
  9. move 'HOW DO I DO' to doc/question.

    sakane committed
  10. removed a file.

    sakane committed
  11. don't include tcpip.h (not necessary)

    itojun committed
  12. improve libipsec lookup.

    itojun committed
  13. don't include netinet6/in6.h (not necessary

    itojun committed
  14. sync with FreeBSD-current.

    sumikawa committed
  15. forgot to add, sorry.

    sumikawa committed
  16. sync with FreeBSD-current.

    sumikawa committed
  17. sync with latest racoon directory.

    itojun committed
    XXX racoon/racoon not tested, other directories tested with freebsd2
  18. sync again

    itojun committed
  19. remove duplicated signing.o

    itojun committed
  20. adapt to new racoon directory.

    itojun committed
  21. massive clarification to racoon ISAKMP daemon.

    itojun committed
    - Merged Eric Lemiere's code for limited certificate support.
    - There are two management hander.
    	"Phase 1 handler" is to manage ISAKMP SA.  It is created when
    	phase 1 exchange on both initiator and responder side will be
    	started.
    	"Phase 2 handler" is to manage IPsec SAs.  It is created when
    	pfkey acquire message will be received, and when 1st message
    	in phase 2 will be received on responder side.
    - Vendor id will be sent after negotiating hasn algorithm.
      When we receive vendor id before negotiating it, we use default hash
      algorithm MD5 to check.
    - Post command deleted.
    - msgid_t delted.
    - don't release management handler.  do it only if retry will be
      timed up.
    - separate the function of isakmp exchange.  one is to check received
      data.  other is to reply.  the reason is for handling to resend.
    - change name "dir" to "side" in order to distinguish from policy
      direction.
    - If initiator request PFS, but responder is not ready to do that,
      responder stops the negotiation.  If initiator don't request PFS,
      but responder require it, also responder stops the negotiation.
  22. missing from merger

    itojun committed
  23. - Merged Eric Lemiere's code for limited certificate support.

    itojun committed
    - There are two management hander.
    	"Phase 1 handler" is to manage ISAKMP SA.  It is created when phase 1
    	exchange on both initiator and responder side will be started.
    	"Phase 2 handler" is to manage IPsec SAs.  It is created when pfkey
    	acquire message will be received, and when 1st message in phase 2 will
    	be received on responder side.
    - Vendor id will be sent after negotiating hasn algorithm.
      When we receive vendor id before negotiating it, we use default hash algorithm
      MD5 to check.
    - Post command deleted.
    - msgid_t delted.
    - don't release management handler.  do it only if retry will be timed up.
    - separate the function of isakmp exchange.  one is to check received data.
      other is to reply.  the reason is for handling to resend.
    - change name "dir" to "side" in order to distinguish from policy direction.
    - If initiator request PFS, but responder is not ready to do that,
      responder stops the negotiation.  If initiator don't request PFS,
      but responder require it, also responder stops the negotiation.
    
    From: sakane (with minor clarifications)
    
    XXX
    - unnecessary files should be nuked.  are isakmp_base.[ch] necessary?
    - TODO.jp needs to be incorporated into TODO (not imported).
  24. rename crypto.[ch] into crypto_openssl.[ch]

    itojun committed
  25. mv to racoon/doc/*

    itojun committed
Commits on Jan 8, 2000
  1. * freebsd3/usr.sbin/inetd: support IDENT.

    sumikawa committed
  2. Sync with FreeBSD-current.

    sumikawa committed
  3. support IDENT.

    sumikawa committed
    From: Hajimu UMEMOTO <ume@mahoroba.org>
  4. * freebsd3/ports/heimdal: upgrade to 0.2l.

    sumikawa committed
  5. Upgrade to 0.2l.

    sumikawa committed
  6. * kame/sys/netkey/key.c:

    sakane committed
      - fix kenrel crash when flushing SAD.
      - for stability, increment refcnt of SA when key_getsavbyspi() called.
      - add some error message
  7. - fix kenrel crash when flushing SAD. don't delete SA when refcnt > 1.

    sakane committed
    - for stability, increment refcnt of SA when key_getsavbyspi() called.
    - add some error message
    - fix errno at key_update().
  8. make it look like openbsd port directory.

    itojun committed
    mark it broken (this does not probe libinet6 correctly - fix committed
    to zebra repository)
Something went wrong with that request. Please try again.