wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Age	Files	Lines
*	Add 'ikectl show sa' command to print information about the state of	tobhe	2020-03-22	1	-1/+2
\| \| \| \| \| \|	negotiated IKE SAs, their Child SAs and resulting IPsec flows. ok patrick@
*	Add 'ikectl reset id <ID>' command to reset all SAs from policies with	tobhe	2020-03-18	1	-2/+4
\| \| \| \| \| \|	matching destination ID. ok patrick@ markus@
*	Accept an ocsp option when creating certificates to set the extended	jsg	2015-11-02	1	-1/+2
\| \| \| \| \| \|	key usage for OCSP signing. Requested by and ok reyk@
*	Use "compliant" header guards by avoiding the reserved '_' namespace.	reyk	2015-06-11	1	-4/+4
\| \| \| \| \| \|	Pointed out by Markus Elfring OK mikeb@ millert@
*	Remove private CVS tag from an obsolete repository and bump copyright	reyk	2013-01-08	1	-2/+2
\| \| \| \|	to 2013 while I'm here... this is my way of saying "happy new year!".
*	update email addresses to match reality.	reyk	2012-09-18	1	-2/+2
\| \| \| \|	sure jsg@ mikeb@
*	spacing	reyk	2011-05-27	1	-2/+2
\|
*	allow optional paths for the install commands so we can	jsg	2010-10-08	1	-5/+5
\| \| \| \|	install into the isakmpd directory hierarchy for example.
*	Allow to show certificate details (show ca x cert [y]).	reyk	2010-10-08	1	-2/+2
\|
*	Allow to specify the export password on the command line (optionally, for	reyk	2010-10-07	1	-2/+2
\| \| \| \| \|	scripting). The "peer" argument now needs to be preceded with the "peer" keyword, eg. ... export peer 10.1.1.1 instead of export 10.1.1.1.
*	- add a -q (quiet) command line option that will be used by ikeca to	reyk	2010-10-07	1	-1/+25
\| \| \| \| \| \| \| \| \| \| \|	set openssl batch mode: don't ask for x509 options, use the defaults. - allow to specify the initial ca password on the command line to also make it scriptable. - allow to create certificates for clientAuth or serverAuth only (eg. ikectl ca foo certificate bar server). - cosmetics: move double declarations of ca_*() functions to parser.h. ok phessler@
*	Add a ca export command for EAP mode where we only require the CA cert,	jsg	2010-06-23	1	-1/+3
\| \| \| \| \| \| \| \|	and make both export commands optionally take an argument that will be added to a peer.txt file in the exported output. Additionally include any site specific notes from /usr/share/iked if present. man page bits and help with the parser from reyk
*	Add commands to create/delete/install/import keys without	jsg	2010-06-14	1	-1/+5
\| \| \| \| \| \| \|	involving certificates as suggested by reyk and don't recreate private keys if a key already exists. ok reyk@
*	Add a command to revoke a certificate and generate a CRL;	jsg	2010-06-10	1	-1/+2
\| \| \| \| \| \|	make the ca install command install the CRL as well. discussed with reyk@
*	add new commands: the couple/decouple commands will set loading of the	reyk	2010-06-10	1	-1/+5
\| \| \| \| \| \| \|	learned flows and SAs to the kernel which is useful for testing and debugging. the active/passive commands are required to use iked with sasyncd(8); sasyncd just needs to call "ikectl active/passive" or send the appropriate imsg to support iked but this is not implemented yet.
*	Import iked, a new implementation of the IKEv2 protocol.	reyk	2010-06-03	1	-0/+56
	iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder. with lots of help and debugging by jsg@ ok deraadt@