| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Sort the Makefile a bit. Install a default configuration file in place.
Bump PKGREVISION to 1.
|
|
+ move the patch digest/checksum values from files/patch-sum to distinfo
|
|
sync up with majority interpretation on tunnel mode bundle proposal.
lots of IKE implementation proposes "IP AH ESP IP payload" as
"AH tunnel and ESP tunnel".
couple of other minor fixes
|
|
key changes:
-B flag, DH shared secret length handling fix, logging level fix,
gssapi support (not enabled, may not work on plain 1.5 due to issue in
kerberos library)
|
|
sync with kame
|
|
versions had DoS possiblity, due to insufficient length check.
|
|
and IPv6 address properties (deprecated, tentative).
|
|
- validate initial contact better.
- more fine-grained control over pre-shared key configuration.
- cert fixes.
|
|
from shigeru@iij.ad.jp. sync with KAME.
|
|
- always use random number from /dev/urandom, instead of random(3).
- OpenSSL dependency is simplified - just use USE_SSL, and assume that
RSA function is there. pkgsrc does not really support intermediate
netbsd-current codebase. per discussion on packages@netbsd.org.
approved by packages@netbsd.org
|
|
- disable idea/rc5 in phase 1 by default
- use official DOI # for AES (= rijndael)
- be more careful about parsing variable-length packet content
- have __attribute__((__packed__)), be friendly with align-picky arch
(confirmed to be working on i386, sh3 and alpha)
|
|
|
|
changes: lots of stabilization (made during interop tests with bunch of
other implementations), certificate support improvement, security issue fix
(admin tcp port, without authentication, was open previously)
|
|
|
|
certificate improvements. bug fix in policy matching. make pfs/policy
matching strictness configurable. other logs can be found at
http://www.kame.net/dev/cvsweb.cgi/kame/CHANGELOG.
|
|
explicitly specified in a Phase-1 proposal statement.
Patch sent to sakane@kame.net.
|
|
- improvements in multiple address case
- sync with improvements in INET2000 bakeoff
|
|
changes: basically, result from TAHI 2nd interop test (www.tahi.org)
- phase 1/2 SA removal corrections
- remove possible memory leak
- no notify message on information exchange
- correct isakmp payload manipulation on duplicated payload types
|
|
changes:
- RFC2367 conformance for SADB_[AE]ALG_xxx.
- implement initial contact
- runs in background by default
- delete notification
- improve error handling
|
|
changes from 6/14:
- improved internal data garbage collection
- avoid sending packet that constitutes invalid exchange
- "non_auth" setting will avoid negotiating ESP authentication
- improve notify message
|
|
-- full changelog
Mon Jun 19 18:23:15 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
A path name in configuration file is always complemented if it is
not begin from slash(/). If it's begin from slash, a path name
never be complemented.
Mon Jun 19 16:51:24 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
If "non_auth" is defined in racoon.conf, any transform of AH proposal
including "non_auth" is not sent to the peer.
Thu Jun 15 14:44:30 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon:
CR payload is only made if signature authentication method is applied.
Thu Jun 15 13:29:29 JST 2000 sakane@ydc.co.jp
* kame/kame/racoon/cfparse.y:
In racoon.conf, the path of configuration file is complemented by
include directive only if there is no '/' in the path.
|
|
- SA bundle (AH + ESP) negotiation is corrected
- be more picky about permission of pre-shared key file (don't open it
it it looks vulnerable).
|
|
|
|
(does not use anoncvs any more).
changes in racoon itself is way too many to mention. for full changelog refer
http://www.kame.net/dev/cvsweb.cgi/kame/CHANGELOG.
|
|
|
