Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Jun 17, 2015
Commits on May 21, 2015
  1. (Jonathan Bennett) added console-qr.sh script to create QR codes from…

    authored
    … fwknopd access.conf keys
Commits on May 20, 2015
Commits on Apr 19, 2015
  1. minor docs update

    authored
Commits on Feb 18, 2015
Commits on Dec 4, 2014
  1. add Grant Pannell

    authored
Commits on Sep 28, 2014
  1. Use the fwknop User-Agent for wget SSL external IP resolutions

    authored
    Bug fix to ensure that a User-Agent string can be specified when the
    fwknop client uses wget via SSL to resolve the external IP address. This
    closes issue #134 on github reported by Barry Allard. The fwknop now
    uses the wget '-U' option to specify the User-Agent string with a
    default of "Fwknop/<version>". In addition, a new command line argument
    "--use-wget-user-agent" to allow the default wget User-Agent string to
    apply instead.
Commits on Sep 4, 2014
Commits on Aug 22, 2014
  1. ChangeLog update for FCS bug fix

    authored
Commits on Jul 19, 2014
  1. [server] Bug fix for PF firewalls without ALTQ support on FreeBSD.

    authored
    With this commit PF rules are added correctly regardless of whether ALTQ support
    is available or not. Thanks to Barry Allard for discovering and reporting this
    issue. Closes issue #121 on github.
Commits on Apr 14, 2014
Commits on Mar 4, 2014
  1. Updated authorship and copyright information

    authored
    This commit updates all authorship and copyright information to include a
    standard header that references the AUTHORS and CREDITS file. This standard
    header was written by the Debian legal team at the request of Franck Joncourt.
Commits on Jan 11, 2014
  1. merged android4.4_support branch

    authored
Commits on Jan 3, 2014
  1. (Marek Wrzosek) Update docs to reflect random 'digits' use instead of…

    authored
    … 'bytes'
    
    Suggested doc update to fwknop man pages to accurately describe the usage
    of digits instead of bytes for SPA random data.  About 53 bits of entropy
    are actually used, although this is in addition to the 64-bit random salt
    in for key derivation used by PBKDF1 in Rjindael CBC mode.
Commits on Dec 23, 2013
  1. added Gerry Reno

    authored
Commits on Dec 12, 2013
  1. Added Les Aker to credits file

    authored
Commits on Aug 19, 2013
Commits on Aug 11, 2013
Commits on Aug 10, 2013
Commits on Jul 18, 2013
  1. Revert "[libfko] Have 'make install' run ldconfig if basic fwknop/fwk…

    authored
    …nopd -h exec fails"
    
    This reverts commit f55b89c.
    
    Damien recommended not having 'make install' run ldconfig since it breaks an RPM
    build of fwknop, and most package managers should be doing this step anyway.
Commits on Jul 10, 2013
  1. [client] in '-M legacy' mode truncate the key to 16 bytes

    authored
    This change helps to maintain backwards compatibility with older fwknopd daemons
    that cannot handle Rijndael keys greater than 16 bytes.  Blair Zajac suggested
    printing a warning in '-M legacy' mode when keys are attempted > 16 bytes long,
    and this warning is included in this commit.
Commits on Jun 30, 2013
  1. [libfko] Have 'make install' run ldconfig if basic fwknop/fwknopd -h …

    authored
    …exec fails
    
    This commit makes sure that if running 'fwknop -h' or 'fwknopd -h' appears to
    fail then run ldconfig under the 'make install' step.  George Herlin reported
    that on some systems ldconfig was not automatically getting executed via the
    autoconf Makefile config, and since fwknop/fwknopd depend on a shared library
    (libfko), ldconfig needs to be executed by 'make install' if it wasn't already
    done.
Commits on Jun 11, 2013
  1. [libfko] handle endian detection on PPC (and other) systems

    authored
    Blair Zajac contributed a patch to handle endian detection on PPC systems
    and issue a compile time error if it cannot be determined.  This commit affects
    the BYTEORDER macro.
Commits on Jun 3, 2013
  1. Merge remote-tracking branch 'fjoncourt/master'

    authored
    Closes #74 - allows a passphrase to be read from STDIN or from a file descriptor
    via --fd.
Commits on Jun 2, 2013
Commits on Jun 1, 2013
  1. [libfko] HMAC comparison timing bug fix

    authored
    Ryman reported a timing attack bug in the HMAC comparison operation (#85) and
    suggested a fix derived from YaSSL:
    http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg320402.html
Commits on May 18, 2013
Commits on May 4, 2013
  1. Merge remote-tracking branch 'ag4ve/master'

    authored
    (Shawn Wilson) This adds better source IP logging for fwknopd log messages.
    Closes #70.
Commits on Apr 30, 2013
Commits on Apr 19, 2013
  1. credits and changelog updates

    authored
Commits on Feb 23, 2013
Commits on Jan 23, 2013
  1. [libfko] Don't trundate > 16 byte Rijndael keys

    authored
    Significant bug fix to honor the full encryption key length for
    user-supplied Rijndael keys > 16 bytes long.  Previous to this bug fix,
    only the first 16 bytes of a key were actually used in the encryption/
    decryption process even if the supplied key was longer.  The result was
    a weakening of expected security for users that had keys > 16 bytes,
    although this is probably not too common.  Note that "passphrase" is
    perhaps technically a better word for "user-supplied key" in this
    context since Rijndael in CBC mode derives a real encryption/decryption
    key from the passphrase through a series of applications of md5 against
    the passphrase and a random salt.  This issue was reported by Michael T.
    Dean.  Closes issue #18 on github.
Commits on Jan 20, 2013
Commits on Nov 9, 2012
  1. [client] (Franck Joncourt) Fixed Ctrl-C problem where SPA packets wer…

    authored
    …e sent anyway
    
    [client] (Franck Joncourt) Contributed a patch to allow the fwknop
    client to be stopped during the password entry prompt with Ctrl-C before
    any SPA packet is sent on the wire.
Something went wrong with that request. Please try again.