wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Age	Files	Lines
*	Add experimental support for PQC XMSS keys (Extended Hash-Based Signatures)	markus	2018-02-23	1	-2/+3
\| \| \| \| \| \| \|	The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@
*	Revert commitid: gJtIN6rRTS3CHy9b.	djm	2017-09-14	1	-2/+1
\| \| \| \| \| \| \| \| \| \| \| \| \|	------------- identify the case where SSHFP records are missing but other DNS RR types are present and display a more useful error message for this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ ------------- This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results are missing but the user already has the key in known_hosts Spotted by dtucker@
*	identify the case where SSHFP records are missing but other DNS RR	djm	2017-09-01	1	-1/+2
\| \| \| \| \|	types are present and display a more useful error message for this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
*	moar whitespace at eol	djm	2015-05-08	1	-2/+2
\|
*	sync ssh-keysign, ssh-keygen and some dependencies to the new	djm	2015-01-15	1	-3/+4
\| \| \| \|	buffer/key API; mostly mechanical, ok markus@
*	Add support for SSHFP DNS records for ED25519 key types.	logan	2014-04-20	1	-2/+3
\| \| \| \|	OK from djm@
*	add support for RFC6594 SSHFP DNS records for ECDSA key types.	djm	2012-05-23	1	-6/+9
\| \| \| \|	patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
*	Add support for certificate key types for users and hosts.	djm	2010-02-26	1	-3/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
*	almost entirely get rid of the culture of ".h files that include .h files"	deraadt	2006-08-03	1	-8/+1
\| \| \| \| \|	ok djm, sort of ok stevesk makes the pain stop in one easy step
*	move #include <stdio.h> out of includes.h	stevesk	2006-08-01	1	-1/+3
\|
*	move #include <sys/socket.h> out of includes.h	stevesk	2006-07-08	1	-1/+4
\|
*	standardise spacing in $OpenBSD$ tags; requested by deraadt@	djm	2006-03-25	1	-1/+1
\|
*	more cleanups; ok jakob@	stevesk	2005-10-17	1	-3/+1
\|
*	update SSHFP validation. ok markus@	jakob	2003-11-12	1	-6/+7
\|
*	include SSHFP lookup code (not enabled by default). ok markus@	jakob	2003-10-14	1	-3/+1
\|
*	rename enum	jakob	2003-05-14	1	-8/+8
\|
*	update license, remove 3rd clause. ok author (me)	jakob	2003-05-14	1	-3/+1
\|
*	add experimental support for verifying hos keys using DNS as described	jakob	2003-05-14	1	-0/+59
	in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@