Lines Matching full:src
6 * src/racoon{cfparse.y|cftoken.l|isakmp_cfg.c|isakmp_cfg.h}
7 src/racoon{isdakmp_quick.c|isakmp_xauth.c|isakmp_xauth.h}
8 src/racoon/racoon.conf.5: Add a group check option
13 * src/racoon/ipsec_doi.c: fixed an ASN1 size in
19 * src/racoon/ipsec_doi.[ch]: fixed and public ipsecdoi_id2str()
20 * src/racoon/isakmp_quick.c: text fix
21 * src/racoon/pfkey.c: sainfo debug
22 * src/racoon/sainfo.c: sainfo debug
27 * src/racoon/isakmp_quick.c: Fixed iph2->id / id_p checks in
29 * src/racoon/racoon.conf.5: updated man page for sainfo logic.
33 * src/racoon/{cfparse.y|isakmp_cfg.c|isakmp_cfg.h}
34 src/racoon/{isakmp_unity.c|isakmp_unity.h}: splinet support
39 * src/racoon/samples/roadwarrior/client/phase1-up.sh: add missing
43 * configure.ac src/racoon/isakmp_xauth.c: update the LDAP API usage
46 * src/racoon/{cfparse.y|cftoken.l|isakmp_cfg.c|isakmp_cfg.h}
47 src/racoon/{isakmp_cfg.c|isakmp_unity.c|racoon.conf.5}: Split DNS
52 * src/libipsec/pfkey.c: Fixed SADB_X_EXT_SEC_CTX support in pfkey_align().
57 * src/racoon/isakmp_cfg.c: fix a typo that rendered DNS4 / WINS4
63 * src/racoon{cfparse.y|cftoken.l|isakmp_quick.c|isakmp_xauth.c}
64 src/racoon{isakmp_xauth.h|racoon.conf.5|sainfo.c|sainfo.h}:
69 * src/racoon/nattraversal.c: fixed a malloc check in
74 * src/racoon/{cfparse.l|cftoken.l}: meaningful error message when
79 * src/racoon{cfparse.y|cftoken.l|isakmp_cfg.c|isakmp_cfg.h}
80 src/racoon/{isakmp_xauth.c|isakmp_xauth.h|racoon.conf.5}: network
88 * src/racoon/evt.c: build fix
93 * src/racoon/evt.c: Do not record events if admin socket is
101 * configure.ac src/racoon/{cfparse.y|cftoken.l}
102 src/racoon/{isakmp_cfg.h|isakmp_xauth.c|isakmp_xauth.h}
103 src/racoon/{main.c|racoon.conf.5}: Use LDAP for Xauth
109 * src/racoon/{cfparse.y|cftoken.l|plog.[ch]|racoon.conf.5}:
114 * src/racoon/main.c: make sure RADIUS is correctly initialized
118 * Makefile.am, src/Makefile.am: fixed make dist on *BSD
121 * src/racoon/isakmp_cfg.c: Fix build.
125 * src/racoon/handler.c: Fix a crash caused by a NULL pointer
126 * src/racoon/oakley.c: Typos
127 * src/racoon/isakmp_base.c: Fix uninitialized buffer
128 * src/racoon/isakmp_base.c: Do send DPD VID in resp case (base mode)
131 * src/racoon/isakmp_cfg.c: Mode cfg can be used without Xauth, so
134 * src/racoon/{algorithm.c|oakley.c|gssapi.c|ipsec_doi.c}: Fix amd64
136 * src/racoon/ipsec_doi.c: Don't free a referenced buffer
138 * src/racoon/isakmp_cfg.c: Fix for unity local_lan support
141 * src/racoon/{isakmp.c|session.c|sockmisc.c|racoon.conf.5}: Do
144 * src/racoon/racoonctl.8: Do not tell config reload is completely
149 * src/racoon/{remoteconf.c|remoteconf.h|isakmp.c|cfparse.y}: Fix
151 * src/racoon/pfkey.c: Fix memory leak (Coverity)
152 * src/racoon/ipsec_doi.c: Fix memory leak (Coverity)
153 * src/racoon/isakmp.c: Fix memory leak (Coverity)
154 * src/racoon/dnssec.c: Fix memory leak (Coverity)
155 * src/racoon/backupsa.c: Fix memory leak (Coverity)
156 * src/racoon/{nattraversal.c|isakmp.c|cfparse.y}: Check for non NULL
158 * src/racoon/isakmp_quick.c: Remove dead code (Coverity)
159 * src/racoon/oakley.c: Remove dead code (Coverity)
160 * src/racoon/crypto_openssl.c: Remove dead code (Coverity)
164 * src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT
169 * src/racoon/schedule.h: fixed gnuc.h include.
170 * src/racoon/{cfparse.y|cftoken.l}: Address range sainfos support.
171 * src/racoon/ipsec_doi.[ch]: ipsecdoi_sockrange2id() function.
176 * src/libipsec/{pfkey.c|pfkey_dump.c}:
178 * src/setkey/{parse.ytoken.l}: parses optionnal security context
179 * src/setkey/setkey.8: security context syntax
183 * src/racoon/{remoteconf.c|proposal.c}: fix memory leak (Coverity)
187 * src/racoon/isakmp.c: style cleanup in delete_spd()
191 * src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT
196 * src/racoon/ipsec_doi.c: fix memory leaks (Coverity)
200 * src/racoon/{admin.c|cfparse.y|cftoken.l|debugrm.c|debugrm.h}
201 src/racoon/{gcmalloc.h|isakmp.c|isakmp_inf.c|isakmp_xauth.c}
202 src/racoon/{logger.c|misc.h|plog.c|racoonctl.c|sockmisc.c}: Add
205 * src/racoon/admin.c: Do not use an unallocated pointer (Coverity)
206 * src/racoon/schedule.c: Check for NULL pointer
207 * src/racoon/{grabmyaddr.c|handler.c|isakmp.c|isakmp_cfg.c}
208 src/racoon/{isakmp_inf.c|isakmp_quick.c|nattraversal.c}: Check
210 * src/racoon/isakmp_quick.c: Ignore multiple notifications in the
212 * src/racoon/{isakmp_agg.c|isakmp_ident.c}: Fix memory leak in
214 * src/racoon/racoonctl.c: fix minor memory leak (Coverity)
215 * src/racoon/isakmp.c: fix memory leak (Coverity)
216 * src/racoon{isakmp.c|isakmp_inf.c}: fix phase 1 handler leak (Coverity)
220 * src/racoon/isakmp_xauth.c: fix unitialized variable, found by
222 * src/racoon/{isakmp_cfg.c|isakmp_xauth.h|isakmp_xauth.c}: Do not
224 * src/racoon/main.c: tell which config file we use
225 * src/racoon/isakmp_cfg.c: Do not use deleted phase 1 handler, found
227 * src/racoon/{isakmp_agg.c|isakmp_ident.c}: Do not use deleted phase 1
229 * src/racoon/dnssec.c: do not return a free'ed certificate, found by
231 * src/racoon/oakley.c: fix stale pointer alias, found by Coverity
232 * src/racoon/throttle.c: do not free current item while walking a
234 * src/racoon/vmbuf.c: handle NULL argument for vdup, found by Coverity
239 * src/racoon/isakmp_xauth.c: fix memory leak
244 * src/racoon/{cfparse.y|handler.h}: typos
248 * src/racoon/main.c: do not reset isakmp_cfg structure after
253 * src/racoon/vendorid.c: Fixed Vendor IDs order (well, should not
258 * src/racoon/{cfparse.y|sainfo.c}: Support for "semi anonymous"
260 * src/racoon/racoon.conf.5: updated sainfos syntax
261 * src/racoon/vendorid.[ch]: IPSec-Tools Vendor ID
265 * src/racoon/{cfparse.y|cftoken.l}: Parse new generate_policy
267 * src/racoon/remoteconf.h: defines for REQUIRE/UNIQUE/NONE
269 * src/racoon/proposal.c: Sets optionnal reqid for generated
271 * src/racoon/pfkey.c: sends UNIQUE policies to kernel if reqid
273 * src/racoon/racoon.conf.5: updated generate_policy syntax
277 * src/racoon/isakmp.c: Fixed zombie PH1 handler when isakmp_send()
282 * src/racoon/cfparse.y: Add the keyid [ (tag|file) ] semantics to the
285 * src/racoon/{evt.h|isakmp.c|racoonctl.c}: Send a message to the
291 * src/racoon/isakmp_cfg.c: make software behave as the documentation
297 * src/racoon/session.c: Fixed / cleaned up signal handling.
301 * src/libipsec/samples/*: replaced "obey" mode by "strict" mode.
305 * src/libipsec/pfkey_dump.c: fixed compilation when NAT_T
307 * src/racoon/session.c: Calls isakmp_cfg_init() only if
312 * src/libipsec/{libpfkey.h|pfkey_dump.c}: add a sadump_withports
314 * src/setkey/{parse.y|setkey.c|setkey.8}: allow to use setkey -p flag
320 * src/racoon/session.c: fix possible race conditions in signal handlers
321 * src/racoon/{isakmp_cfg.c|isakmp_cfg.h|main.c|session.c}: when
328 * src/racoon/racoon.conf.5: Style changes
332 * src/racoon/isakmp_[ident|agg].c: Check if natt is available when
338 * src/racoon/isakmp_agg.c: Check that we got some needed payloads
346 * src/libipsec/key_debug.c: SADB_X_EXT_PACKET support
347 * src/libipsec/{libpfkey.h|pfkey.c}: pfkey_send_migrate() function
348 * src/setkey/parse.y: IPPROTO_MH support
349 * src/racoon/pfkey.c: fixed some logs
350 * src/racoon/strnames.c: fixed a typo for SADB_X_PROMISC,
356 * src/racoon/main.c, src/racoon/session.c: moved .pid file writing
358 * src/racoon/localconf.h, src/racoon/cftoken.l: introduced
360 * src/racoon/racoon.conf.5: documented above
364 * src/racoon/misc.h: define strlcat function for systems without one
365 * src/racoon/remoteconf.c: strncat -> strlcat
369 * src/racoon/isakmp_inf.c: repeated gcc-4.0 build fix. Thanks
376 * src/libipsec/key_debug.c: include stdint.h if HAVE_STDINT_H
377 * src/racoon/isakmp_cfg.c: some includes and some %zu
378 * src/racoon/isakmp_unity.c: fixed a %zu
379 * src/racoon/vmbuf.h: vfree already defined for Apple
384 * src/racoon/cftoken.l: new token "subnet"
385 * src/racoon/cfparse.y: added address/subnet diferentiation logic
386 * src/racoon/ipsec-doi.h: new constant
387 * src/racoon/ipsec-doi.c: adopted to above
388 * src/racoon/racoon.conf.5: documented above
392 * src/libipsec/pfkey.c: One forgotten cast caddr_t -> void *
396 * src/racoon/ipsec_doi.c: don't allow NULL or empty FQDNs or
401 * src/racoon[isakmp.c|isakmp_cfg.c|isakmp_inf.c}
402 src/racoon/doc/FAQ configure.ac: Add --enable-broken-natt for
409 * src/libipsec/policy_parse.y src/racoon/oakley.c
410 src/racoon/{sockmisc.c|sockmisc.h}: build fixes
416 * src/libipsec/pfkey.c src/racoon/pfkey.c: Cope with extensions
420 * src/racoon/evt.c: Fix memory leak when event queue overflows
424 * src/racoon/{isakmp_agg.c|isakmp_ident.c|isakmp_base.c}: Correctly
430 * src/racoon/{isakmp_cfg.c|racoon.conf.5}: enable the use of
436 * src/setkey/setkey.8: remove trailing whitespaces
440 * src/racoon/policy.c: Do not parse all sptree in inssp() if we
445 * src/racoon/handler.c: Fixed a possible crash in
451 * src/racoon/dnssec.c: fix bogus test on function result
455 * src/racoon/isakmp.c: Improved in/out SA addresses check in
460 * src/libipsec/{key_debug.c|pfkey.c|pfkey_dump.c}: de-lint, warnings
464 * src/racoon/privsep.c: Fixed a %d -> %zu in
473 * src/racoon/isakmp_inf.c: First fix to
478 * src/racoon/isakmp.c: Fixed purge_remote()
482 * src/racoon/isakmp.c: Do not purge IPSec SAs in purge_remote() if
491 * src/racoon/isakmp_quick.c: Ignore NATOA payloads in
494 * src/racoon/session.c: new code optional code when flushing SAs,
500 * src/racoon/isakmp.c: Checks in isakmp_ph1begin_r() if we got the
507 * src/racoon/grabmyaddr.c: fixed file descriptor leak. Thanks to
509 * src/racoon/setkey.c: disabled readline's filename completion
511 * src/racoon/proposal.c: fixed mode selection for SAs with
516 * src/racoon/handler.c: - Clears the DPD schedule in delph1()
520 * src/racoon/isakmp.c: Added sanity checks in script_hook()
521 * src/racoon/oakley.c: Sanity check in save_certbuf()
526 * src/setkey/Makefile.am: missing file in distribution
530 * src/racoon/isakmp.c: Fixed a mem leak in isakmp_send().
534 * src/racoon/pfkey.c: Set IKE ports to 0 in the SA when NAT-T is not
536 * src/racoon/{crypto_openssl.c|ipsec_doi.c|oakley.c} configure.ac
537 src/racoon/missing/crypto/sha2/sha2.h: Support OpenSSL-0.9.8
538 * src/racoon/{admin.c|session.c}: Don't use the adminport if it is
540 * src/racoon/samples/roadwarrior/client/{pahse1-up.sh|phase1-down.sh}:
545 * src/racoon/ipsec_doi.c configure.ac: More build fixes on Linux.
550 * src/racoon/ipsec_doi.c configure.ac: build fixes on Linux.
555 * src/racoon/crypto_openssl.c: Fixed evp_crypt when using crypto
562 * src/racoon/raccon.conf.5: Document that aes can be used in
567 * src/setkey/setkey.c: fix compilation with readline.
568 * src/racoon/oakley.c: move declarations to fix compilation issues
574 * src/racoon/isakmp_inf.c: safety checks on informational messages
575 * src/racoon/{pfkey.c|proposal.c}: IPcomp fixes
580 * src/racoon/{ipsec_doi.c|Makefile.am}: Linux build fixes
581 * src/racoon/oakley.c: pkcs7 support
586 * configure.ac src/setkey/{parse.y|setkey.c|token.l}
587 src/libipsec/{ipsec_dump_policy.c|ipsec_get_policylen.c|key_debug.c}
588 src/libipsec/{libpfkey.h|pfkey_dump.c|policy_parse.y}: de-lint,
590 * src/setkey/extern.h: new file
591 * src/libipsec/{pfkey.c|pfkey_dump.c|policy_parse.y}
592 src/racoon/{sockmisc.c|sockmisc.h}: de-lint signed/unsigned,
597 * src/racoon/handler.c: Fixed phase2 enc algo check when reloading
602 * src/racoon/{admin.c|handler.c|handler.h|racoonctl.c|racoonctl.h}
603 src/racoon/racoonctl.8:
608 * src/racoon/isakmp.c: NAT-T fix: We treat null ports in SPD as
616 * src/libipsec/pfkey_dump.c src/setkey/test-pfkey.c
617 src/racoon/{algorithm.c|cftoken.l|eaytest.c|ipsec_doi.c}
618 src/racoon/{ipsec_doi.h|pfkey.c|strnames.c}: Add SHA2 support
619 * src/setkey/setkey.8 src/racoon/racoon.conf.5: update doc for SHA2
620 * src/setkey/token.l: Add aliases shaxxx for sha2_xxx
625 * src/racoon/isakmp.c: consume NAT keepalive data already seen
630 * configure.ac src/racoon/{cfparse.y|isakmp_cfg.h|isakmp_cfg.c}
631 src/racoon/{handler.c|privsep.c|privsep.h|racoon.conf.5}: Add
635 * src/privsep.c: Bug fixes in the xauth password handling code.
639 * src/racoon/isakmp_quick.c: endianness bug fix
644 * src/setkey/setkey.8 src/racoon/racoon.conf.5: remove trailing
649 * src/racoon/ipsec_doi.c: Inserted missing 0th element of
654 * src/racoon/oakley.h: Fix a typo in the RMAUTHMETHOD macro
657 * src/racoon/isakmp_cfg.c: Fix the switch so that the phase1 script
663 * src/racoon/admin.c: build fix
668 * src/racoon/isakmp_xauth.c: really delete phase 1 on Xauth failure
670 * src/libipsec/pfkey.c src/racoon/ipsec_doi.c: Fix NAT-T + IPcomp
673 * src/racoon/proposal.c: fix SPI size test for IPcomp
676 * src/racoon/{handler.c|ipsec_doi.c}: When altering lifetime,
681 * configure.ac src/racoon/plog.c: Fix the logging functions to work
684 * src/racoon/{isakmp.c|pfkey.c}: Put sockets in non-blocking mode to
687 * src/racoon/{isakmp_inf.c|isakmp_unity.h|strnames.c}: Recognize a
689 * src/racoon/isakmp_inf.c: Reorganize switch statement in
694 * src/racoon/handler.c: Fixed exchange type check in
696 * src/racoon/pfkey.c: changed includes order to fix compilation.
700 * src/libipsec/policy_parse.y: Fix parse problem
704 * src/racoon/sockmisc.c: Debug message said it will send to
709 * src/racoon/isakmp_inf.c: fix build problem
713 * src/racoon/isakmp.c: Fixed a double ph2handler free in
718 * src/racoon/isakmp_quick.c: fix build problem on some platforms
720 * src/racoon/isakmp.c: For acquire messages, when NAT-T is in use,
725 * src/racoon/samples/roadwarrior/server/{racoon.conf|racoon.conf-radius}
726 src/racoon/samples/roadwarrior/server/phase1-down.sh: removed file
727 src/racoon/samples/roadwarrior/client/racoon.conf: update config
734 * src/racoon/{cftoken.l|cfparse.y|isakmp_cfg.c|isakmp_cfg.h}
735 src/racoon/{isakmp_unity.c|racoon.conf.5}: Add PFS group and
740 * src/racoon/{handler.c|ipsec_doi.c|proposal.c}: check for lifebyte
742 * src/racoon/ipsec_doi.c: fix a bug in proposal_check claim for phase 1
743 * src/racoon/handler.c: style
745 * src/racoon/isakmp_xauth.c: fix build with shadow passwords
749 * configure.ac src/racoon/isakmp_xauth.c: support shadow passwords
750 * src/racoon/{isakmp_inf.c|isakmp_inf.h}: missing prototype
751 * src/racoon/{handler.h|isakmp_inf.c|isakmp_quick.c|isakmp_var.h}
752 src/racoon/pfkey.c: Move purge_remote() and delete_spd() prototypes
757 * src/racoon/{admin.c|isakmp.c|isakmp_inf.c}: factor various
760 * src/racoon/{handler.c|handler.h}: Introduce getph1byaddrwop() and
762 * src/racoon/{isakmp.c|isakmp_var.h|isakmp_inf.c|isakmp_inf.h}: make
764 * src/racoon/isakmp_quick.c: remove duplicated setscopeid()
765 * src/racoon/{sockmisc.c|sockmisc.h} introduce a CMPSADDR() macro
770 * src/racoon/isakmp_inf.c: Only print the contents of an informative
776 * src/racoon/isakmp_inf.c: Fix a bug causing informational message
781 * src/racoon/isakmp_inf.c: Fixed some potential crashes in
786 * src/libipsec/{policy_parse.y|policy_token.l}
787 src/setkey/{setkey.8|token.l}: Allow ports to be supplied in SP
789 * src/racoon/{isakmp.c|racoon.conf.5}: Send IKE local and remote
791 * src/racoon/remoteconf.c: do not honour ports when looking up
793 * src/racoon/samples/roadwarrior/client/{phase1-up.sh|phase1-down.sh}:
799 * src/racoon/isakmp_inf.c: code cleanup for SPD remove, generated
805 * src/racoon/isakmp_cfg.c: fix unsigned int checked for being negative
808 * src/setkey/{parse.y|token.l}: build on system that do not have
817 * src/racoon/{cfparse.y|cftoken.l|isakmp_inf.c|racoon.conf.5}
818 src/racoon/{remoteconf.c|remoteconf.h}: Add a weak_phase1_check
821 * src/racoon/plog.c: Use of isgraph in binsanitize.
823 * src/racoon/rfc/rfc3706.txt: new file: Dead Peer Detection RFC.
825 * src/racoon/isakmp_inf.c: Unused code cleanup.
832 * src/racoon/nattraversal.c: Fix NAT-T for initiator
835 * src/racoon/{misc.h|throttle.c|remoteconf.c|sockmisc.c|privsep.c}
836 src/racoon/{pfkey.c|isakmp.c|grabmyaddr.c|getcertsbyname.c}
837 src/racoon/configure.ac src/libipsec/policy_token.l
838 src/setkey/token.l: Build on Darwin
842 * src/racoon/handler.h: ifdef DPD and NAT-T data in data structures
844 * src/libipsec/{ipsec_dump_policy.c|pfkey_dump.c|libpfkey.h}
845 src/setkey/{setkey.8|setkey.c}: add a -p option to setkey to
848 * src/racoon/ipsec_doi.c: fix LP64 bug
851 * src/racoon/isakmp.c: build without NAT-T
854 * src/racoon/{evt.h|isakmp.h|isakmp_inf.c|plog.c|plog.h|racoonctl.c}
855 src/racoon/isakmp_xauth.c: Take into account payloads bundled after
859 * src/racoon/{handler.c|handler.h|pfkey.c}: When handling acquire
860 message, lookup phase 2 by (src, dst, id) instead of only id.
864 * src/libipsec/ipsec_dump_policy.c: display port numbers in policies
865 * src/racoon/{isakmp.c|isakmp_cfg.c|isakmp_inf.c|pfkey.c}: don't
870 * src/racoon/{isakmp.c|nattraversal.c|isakmp_quick.c|nattraversal.h}:
875 * src/libipsec/policy.parse.y, src/racoon/cfparse.y,
876 src/libipsec/policy_parse.y, src/racoon/cfparse.y,
877 src/racoon/cftoken.l, src/racoon/crypto_openssl.c,
878 src/racoon/getcertsbyname.c, src/racoon/grabmyaddr.c,
879 src/racoon/ipsec_doi.c, src/racoon/isakmp.c,
880 src/racoon/isakmp_inf.c, src/racoon/pfkey.c,
881 src/racoon/plainrsa-gen.c, src/racoon/sockmisc.c,
882 src/racoon/sockmisc.h, src/racoon/racoonctl.c: made compile
892 * src/racoon/remoteconf.c: fixed dupisakmpsa() and dhgroup.
896 * src/racoon/crypto_openssl.c: fixed single DES support;
901 * src/racoon/isakmp_base.c: DPD support, fix memory leak
904 * src/libipsec/{ipsec_set_policy.3|ipsec_strerror.3}
905 src/racoon/{admin.c|plainrsa-gen.8|racoon.8|racoon.conf.5|racoonctl.8}
906 src/racoon/samples/{racoon.conf.in|racoon.conf.sample}
907 src/racoon/samples/racoon.conf.sample-gssapi
908 src/racoon/samples/racoon.conf.sample-inherit
909 src/racoon/samples/racoon.conf.sample-natt
910 src/racoon/samples/racoon.conf.sample-plainrsa
911 src/racoon/samples/roadwarrior/README
912 src/racoon/samples/roadwarrior/server/phase1-down.sh
913 src/setkey/setkey.8: docmumentation fixes
916 * src/racoon/ipsec_doi.c: wrong check on SA lifebyte
919 * src/racoon/{cfparse.y|cftoken.l} drop split_net_type directive,
921 * src/raccon/{isakmp.c|isakmp_cfg.c|isakmp_cfg.h|isakmp_xauth.c}
922 src/racoon/isakmp_xauth.h: support login and password sent
925 * src/racoon/{strnames.c|strnames.h}: more debug strings for Xauth
929 * src/racoon/handler.c: Configuration reload validation code
930 * src/racoon/handler.h:revalidate_ph12() function
931 * src/racoon/ipsec_doi.c: duplicates iph1->approval in
933 * src/racoon/isakmp_inf.[ch]: purge_ipsec_spi() is now public
934 * src/racoon/localconf.[ch]: save/restore_params() functions
935 * src/racoon/main.c: moved restore_params functions to localconf
936 * src/racoon/remoteconf.c: save_rmconf() functions, dupisakmpsa()
938 * src/racoon/remoteconf.h: save_rmconf() functions, dupisakmpsa()
940 * src/racoon/sainfo.[ch]: save_sainfotree() functions
941 * src/racoon/session.c: Reloads conf on a SIGHUP without loosing
952 * src/racoon/isakmp.c: fix compilation when hybrid disabled.
956 * src/racoon/rfc/{rfc2407.txt|rfc2408.txt: new files
961 * src/racoon/isakmp_base.c: resurect RSASIG support
962 * src/racoon/isakmp_ident.c: missing support for hybrid auth
963 * src/racoon/{isakmp_base.c|oakley.c}: missing bits for hybrid/base mode
967 * src/racoon/{algorithm.c|algorithm.h|cftoken.l|ipsec_doi.c}
968 src/racoon/{isakmp.c|isakmp_agg.c|isakmp_ident.c|isakmp_base.c}
969 src/racoon/{isakmp_frag.h|isakmp_xauth.c|oakley.c|racoon.conf.5}:
972 * src/libipsec/{pfkey.c|pfkey_dump.c}
973 src/setkey/parse.y: more missing TCP_MD5 bits from KAME
977 * src/racoon/cfparse.y: a list of network can be specified for split
979 * src/racoon/{isakmp_cfg.c|racoon.conf.5}: add INTERNAL_CIDR4, the
981 * src/setkey/{token.l|parse.y|setkey.8}: KAME backport of missing
985 * src/racoon/{cfparse.y|cftoken.l|ipsec_doi.c|ipsec_doi.h}
986 src/racoon/racoon.conf.5: KEYID identifier can be taken from
992 * src/racoon/admin.c: fix the admin interface that was left behind
994 * src/racoon/{cfparse.y|isakmp_xauth.c|isakmp_xauth.h|oakley.c}
995 src/racoon/{remoteconf.c|remoteconf.h}: factor Xauth info in
997 * src/racoon/{isakmp.c|isakmp_cfg.c}: on client side, do not run
999 * src/racoon/isakmp_inf.c: log a buggy condition
1000 * src/racoon/{isakmp.c|isakmp_agg.c|isakmp_base.c|isakmp_ident.c}
1001 src/racoon/{oakley.c|oakley.h}: Use the AUTHMETHOD macro to
1003 * src/racoon/{oakley.c|remoteconf.c}: set a default for certificate
1005 * src/racoon/isakmp_xauth.c: Fix serious security bug introduced
1009 * src/racoon/vendorid.c: dump unknown VIDs
1014 * src/racoon/crypto_openssl.c: Disable OpenSSL padding in
1020 * src/racoon/main.c: build with hybrid but without libradius
1024 * src/racoon/handler.h: added a flag to identify generated policies
1025 * src/racoon/isakmp.c: changed logging in isakmp_ph1expire()
1026 * src/racoon/isakmp_inf.c: use iph2->generated_spidx to check if
1028 * src/racoon/isakmp_quick.c: sets iph2->generated_spidx for
1030 * src/racoon/pfkey.c: reactivated the unbindph12() in pk_recvupdate()
1034 * src/racoon/isakmp_cfg.c: fix a buffer overrun in mode config SET
1052 * src/racoon/privsep.c: check for NULL path in unsafe_path()
1053 * src/racoon/privsep.c: missing space
1057 * src/racoon/{cfparse.y|cftoken.l|isakmp.c|isakmp_cfg.c|isakmp_cfg.h}
1058 src/racoon/{isakmp_var.h|isakmp_xauth.c|localconf.h|privsep.c}
1059 src/racoon/{privsep.h|racoon.conf.5|remoteconf.c|remoteconf.h}
1060 src/racoon/main.c: Remove most of config dependency from
1062 * src/racoon/isakmp_cfg.h: fix the application version for Xauth
1063 * src/racoon/isakmp_cfg.c: only call cleanup_pam when PAM is used
1068 * src/racoon/cfparse.y: correctly initialize address pool
1072 * src/racoon/isakmp.c: Fixed a buffer underrun (CAN-2005-0398)
1077 * src/racoon/cfparse.y: endainness bugfix
1078 * src/racoon/isakmp_xauth.c: off by one bugs in strings
1079 * src/racoon/oakley.h: missing parenthesis causing bugs
1083 * src/racoon/isakmp_xauth.c: fix a crash when using RADIUS auth
1088 * src/racoon/{algorithm.c|algorithm.h|cfparse.y|cftoken.l}
1089 src/racoon/{handler.c|ipsec_doi.c|ipsec_doi.h|isakmp.c}
1090 src/racoon/{isakmp_agg.c|isakmp_base.c|isakmp_cfg.c|isakmp_cfg.h}
1091 src/racoon/{isakmp_ident.c|isakmp_inf.c|isakmp_quick.c}
1092 src/racoon/{isakmp_unity.c|isakmp_xauth.c|kmpstat.c|oakley.c}
1093 src/racoon/{oakley.h|plainrsa-gen.8|privsep.c|racoon.conf.5}
1094 src/racoon/{racoonctl.c|remoteconf.c|remoteconf.h|strnames.c}
1095 src/racoon/{strnames.h|throttle.c}: Support plain Xauth, split
1100 * src/racoon/isakmp_quick.c: tunnel_mode_prop() is now public
1101 * src/racoon/isakmp_inf.c: fixed compilation if HAVE_POLICY_FWD.
1105 * src/racoon/oakley.c: fixed oakley_newiv2() when errors
1109 * src/racoon/privsep.c: safety check port numbers given by the
1111 * src/racoon/racoonctl.8: display fixes in racoonctl(8)
1115 * configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal
1117 * src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it
1119 * src/racoon/isakmp.c: do not reject addresses for which kernel
1122 * src/libipsec/libpfkey.h: prefer __inline to inline
1123 * src/racoon/{cfparse.y|cftoken.l|localconf.c|localconf.h|privsep.c}
1124 src/racoon/racoon.conf.5: Add chroot capability
1128 * src/racoon/{main.c|eaytest.c|plairsa-gen.c}
1129 src/setkey/setkey.c: don't use fuzzy paths for package_version.h
1136 * src/racoon/Makefile.am: Allow parallel cluster build.
1141 * src/racoon/remoteconf.c: Fix a bug in script init
1145 * src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks
1149 * src/racoon/isakmp_inf.c: Purge generated SPDs when getting a
1151 * src/racoon/pfkey.c: do NOT unbindph12() when SA acquire
1164 * src/raccon/samples/racoon.conf.sample-gssapi
1165 src/racoon/{cfparse.y|cftoken.l|gssapi.c|gssapi.h|ipsec_doi.c}
1166 src/racoon/{localconf.c|localconf.h|racoon.conf.5}
1172 * src/racoon/{cfparse.y|isakmp_cfg.c|isakmp_cfg.h|isakmp_xauth.c}
1173 src/racoon/{isakmp_xauth.h|main.c|privsep.c|privsep.h}
1174 src/racoon/racoon.conf.5: Make PAM work with privilege separation
1179 * src/racoon/cfparse.y: Allocate correct space for "struct sockaddr".
1183 * src/racoon/vmbuf.c: bugfix in vrealloc()
1184 * src/racoon/oakley.c: mem leak fix in INITDHVAL()
1185 * src/racoon/session.c: mem leak fix in check_flushsa()
1189 * src/racoon/isakmp_{ident|agg}.c: NAT-T cleanup
1190 * src/racoon/pfkey.c: Uses NATT encaps_type in pk_sendupdate()
1191 * src/racoon/vendorid.[ch]: NAT-T cleanup, NATT_01 VID
1192 * src/racoon/nattraversal.[ch]: NATT cleanup, support for all
1194 * src/racoon/isakmp.h: NATT cleanup for NATT RFC support
1195 * src/racoon/ipsec_doi.h: updated comments about NATT
1197 * src/racoon/isakmp.c: set UDP_ENCAPS_ESPINUDP_NON_IKE option when needed
1203 * src/racoon/pfkey.c: Update SAD even if NAT-T is disabled, so that
1208 * src/setkey/{sekkey.8|setkey.c|token.l|parse.y}: implement NetBSD's
1214 * src/racoon/{cftoken.l|cfparse.y|raccon.conf.5}
1215 src/racoon/samples/roadwarrior/README: change "my_identifier login"
1221 * src/racoon/samples/roadwarrior/client/{phase1-up.sh|phase1-down.sh}:
1226 * src/racoon/privsep.c: build without ENABLE_HYBRID
1230 * src/raccon/rfc/{rfc3947.txt|rfc3948.txt}: new files (NAT-T)
1234 * src/racoon/ipsec_doi.c: Uses proposal_check value to check phase
1236 * src/racoon/racoon.conf.5: Updated racoon man page for phase 1
1241 * src/racoon/isakjmp_quick.c: endianness bugfix from KAME
1245 * src/racoon/{cfparse.y|cftoken.l|nattraversal.h|pfkey.c}
1246 src/racoon/{racoon.conf.5|remoteconf.c|remoteconf.h}
1247 src/libipsec/{libpfkey.h|pfkey.c}: ESP fragmentation size is
1252 * src/racoon/privsep.c: Build again on Linux with privsep
1256 * src/racoon/{isakmp_cfg.c|isakmp_cfg.h|isakmp_xauth.c|isakmp_xauth.h}
1257 src/racoon/{cfparse.y|cftoken.l|racoon.conf.5}
1258 src/racoon/doc/FAQ
1264 * src/racoon/admin.c: never fork, it buys nothing an break on some
1269 * src/racoon/{Makefile.am|admin.h|cfparse.y|cftoken.l|isakmp.c}
1270 src/racoon/{isakmp_cfg.c|isakmp_cfg.h|isakmp_var.h| isakmp_xauth.c}
1271 src/racoon/{localconf.c|localconf.h|main.c|oakley.c|pfkey.c}
1272 src/racoon/{racoon.conf.5|remoteconf.c|remoteconf.h|session.c}
1273 src/racoon/{privsep.c|privsep.h}: new files
1276 * src/racoon/{Makefile.am|admin.h|admin_var.h|kmpstat.c}
1277 src/racoon/{racoonctl.c|racoonctl.h}: new files
1281 * src/racoon/{racoonctl.c|racoonctl.h|kmpstat.c}: Add interface
1284 * src/racoon/admin.h: make sure no / will be missing in adminsock path
1292 * src/racoon/crypto_openssl.c: Indentation
1296 * src/racoon/crypto_openssl.c: Fixed eay_get_x509subjectaltname()
1302 * src/racoon/session.c: remove outdated comment
1310 * src/racoon/pfkey.c: Fix AES vs Rijndael defines.
1314 * configure.ac, src/racoon/isakmp.c, src/racoon/pfkey.c:
1319 * src/racoon/isakmp.c: only IPv4 NAT-T is supported, so skip IPv6 here.
1320 * src/racoon/pfkey.c: Restore AES support on NetBSD.
1324 * src/racoon/crypto_openssl.c: Uses sprintf() instead of
1327 * src/racoon/oakley.c: just take the first cert in
1332 * src/racoon/crypto_openssl.c: Build again on NetBSD
1333 * src/racoon/samples/roadwarrior/server/racoon
1334 src/racoon/samples/roadwarrior/server/racoon.conf-radius
1335 src/racoon/samples/roadwarrior/README: Use DPD in sample files.
1339 * src/racoon/crypto_openssl.c: Fixed eay_get_x509subjectaltname()
1350 * src/racoon/Makefile.am, src/setkey/Makefile.am: Fix compilation
1355 * src/racoon/oakley.c: takes the first certificate which matches
1360 * src/racoon/isakmp_inf.c: Set spi_size for R-U-THERE/R-U-THERE-ACK.
1364 * src/libipsec/pfkey_dump.c: distinguish per-socket policies from
1366 * src/racoon/pfkey.c: dito, do not negotiate policies if racoon
1371 * src/racoon/isakmp_agg.c: code cleanup in NATT / DPD VIDs
1376 * src/racoon/remoteconf.{c|h}: DPD support option (enabled by default)
1377 * src/racoon/{cfparse.y|cftoken.l}: DPD token, yyerror if DPD
1379 * src/racoon/isakmp_{agg|ident}.c: Send DPD VID only if DPD
1384 * src/racoon{evt.c|evt.h|admin.c}: init event queue at compile time,
1386 * src/racoon/{throttle.c|throttle.h}: new files
1387 src/racoon/{Makefile.am|isakmp_cfg.c|isakmp_xauth.c|racoon.conf.5}
1390 * src/racoon/kmpstat.c: default with no hexdump of the packet
1391 * src/racoon/admin.c: don't remove admin socket after first request,
1394 * src/racoon/samples/roadwarrior/README
1395 src/racoon/kmpstat.c: fix option parsing problem on Linux
1399 * src/racoon/session.c: Only listen on pfkey socket when received
1404 * src/racoon/{cfparse.y|cftoken.l|isakmp_cfg.c|isakmp_cfg.h}
1405 src/racoon/{isakmp_xauth.c|racoon.conf.5}: Add a one second throttle
1410 * src/racoon/samples/roadwarrior/README
1411 src/racoon/samples/roadwarrior/client{phase1-up.sh|phase1-down.sh}
1412 src/racoon/samples/roadwarrior/client/{racoon.conf|racoon.conf-radius}
1413 src/racoon/samples/roadwarrior/server/{racoon.conf|phase1-down.sh}:
1420 * src/racoon/cfparse.y: missing bits for DPD support
1424 * src/setkey/parse.y: generate require fwd policies for unique in
1426 * src/setkey/setkey.c: made -r/-k options awailable only when
1428 * src/setkey/setkey.8: updated docs about change above.
1432 * src/racoon/{admin.c,pfkey.c}: Wrap adminport-parts to
1438 * src/racoon/Makefile.am: install sample racoon.conf and psk.txt.
1439 * src/setkey/Makefile.am: Install setkey.conf.
1443 * src/raccon/{isakmp_cfg.c|isakmp_cfg.h|isakmp_xauth.c}: defer phase 1
1445 * src/racoon/{evt.h|isakmp.c|isakmp_agg.c|isakmp_base.c|session.c}
1446 src/racoon/{isakmp_ident.c|isakmp_inf.c|kmpstat.c}: report more
1451 * src/racoon/doc/FAQ: NAT-T kernel patch for NetBSD is now on
1453 * src/racoon/{kmpstat.c|racoonctl.8}: New racoonctl command to
1455 * src/racoon/isakmp_cfg.c: don't send ISAKMP mode config message
1457 * src/racoon/kmpstat.c: racoonctl vd awaits phase 1 to get down
1461 * src/racoon/isakmp_agg.c: for hybrid auth client, advertise ourself
1463 * src/racoon/{evt.c|evt.h}: new files
1464 src/racoon/{Makefile.am|admin.c|admin.h|isakmp.c|isakmp_cfg.c}
1465 src/racoon/{isakmp_xauth.c|kmpstat.c|pfkey.c}: framework for
1470 * src/racoon/grabmyaddr.c: Prevent doubling addresses and error messages
1473 * src/racoon/{var.h|sockmisc.c}: Fixed compilation with gcc-3.4.2+
1478 * src/racoon/doc/FAQ: more options and warn about software patents.
1482 * src/racoon/vmbuf.c: don't allocate zero-length buffer
1483 * src/racoon/samples/roadwarrior/client/phase1-down.sh
1484 src/racoon/samples/roadwarrior/server/phase1-down.sh: Also
1486 * src/racoon/admin.c: Send a notification when deleting ISAKMP SA
1487 * src/racoon/samples/roadwarrior/README: accommodate the recent
1492 * src/racoon/Makefile.am: Fix adminsocket dir, install sample
1494 * src/racoon/localconf.h: Look for racoon.conf in $(SYSCONFDIR),
1496 * src/racoon/algorithm.h, src/racoon/eaytest.c,
1497 src/racoon/schedule.h, src/racoon/gnuc.h: Build fixes for really
1499 * src/setkey/setkey.conf: Yet another sample config file.
1500 * src/setkey/Makefile.am: Install setkey.conf.
1509 * src/racon/{isakmp_quick.c|policy.c|strnames.c}: fwd policy support
1514 * src/racoon/racoonctl.8: racoonctl man page (new file)
1519 * src/racoon/ipsec_doi.c: fix free'd memory access
1524 * configure.ac, src/racoon/cfparse.y, src/racoon/cftoken.l,
1525 src/racoon/handler.c, src/racoon/handler.h,
1526 src/racoon/isakmp.c, src/racoon/isakmp.h,
1527 src/racoon/isakmp_agg.c, src/racoon/isakmp_ident.c,
1528 src/racoon/isakmp_inf.c, src/racoon/isakmp_inf.h,
1529 src/racoon/racoon.conf.5 src/racoon/remoteconf.c,
1530 src/racoon/remoteconf.h, src/racoon/vendorid.c,
1531 src/racoon/vendorid.h: Dead Peer Detection (DPD) support.
1536 * src/racoon/grabmyaddr.c: FreeBSD fix for headers.
1541 * src/racoon/Makefile.am: Compile cftoken.l from $(srcdir),
1548 * src/racoon/doc/FAQ: update the docs
1553 * src/racoon/cfparse.y: ensure that returns from rules are
1555 * src/racoon/admin_var.h: changed management socket location
1556 * src/racoon/Makefile.am: ditto, added rule to install directory
1558 * src/setkey/{setkey.c|parse.y}: introduced rfc/kernel modes,
1560 * src/setkey/setkey.8,src/libipsec/ipsec_set_policy.3: updated docs
1561 * src/setkey/policy_token.l: return something reasonable when
1567 * src/racoon/isakmp.c: avoid a double free when using IKE fragmentation
1568 * src/racoon/{backupsa.c|ipsec_doi.c|localconf.c|str2val.c}
1569 src/{libipsec/key_debug.c|setkey/parse.y}: fix build warnings
1570 * configure.ac src/racoon/{admin.c|admin_var.h}
1571 src/racoon/racoon.conf.5 src/racoon/samples/roadwarrior/README
1572 src/racoon/samples/roadwarrior/client/racoon.conf: make the default
1577 * src/racoon/{cfparse.y|remoteconf.c|crypto_openssl.c|crypto_openssl.h}
1578 src/racoon/{eaytest.c|oakley.c|racoon.conf.5|cftoken.l|remoteconf.h}
1579 src/racoon/samples/roadwarrior/README
1580 src/racoon/samples/roadwarrior/client/racoon.conf: Make the root
1582 * src/racoon/isakmp_frag.c: fix unallocated memory access
1583 * src/racoon/isakmp_agg.c: fix incorrect queue deallocation
1584 * src/racoon/remoteconf.c: fix uninitialized data
1585 * src/racoon/{admin.c|isakmp_xauth.c}: fix free'ed memory access
1589 * src/racoon/{Makefile.am|kmpstat.c}: Make racoonctl vc and vd
1591 * src/racoon/{admin.c|admin.h|handler.c|handler.h|kmpstat.c}:
1594 * src/racoon/{admin.c|kmpstat.c|cftoken.l|cfparse.y}
1595 src/racoon/{admin_var.h|admin.h|raccon.conf.5}: Enable the
1597 * src/racoon/sample/roadwarrior: complete config files for
1603 * src/racoon/Makefile.am: Distribute only yacc/lex source files,
1608 * src/racoon/samples/racoon.conf.sample-cvpn: more complete setup
1610 * src/racoon/racoon.conf.5: fix documentation
1611 * src/racoon/isakmp_cfg.c: get the internal IPv4 address in script
1616 * src/racoon/{ipsec_doi.c|remoteconf.c}: fix LP64 problems
1621 * src/racoon/Makefile.am: Add isakmp_frag.h into noints_HEADERS
1624 * src/racoon/{isakmp_cfg.c,isakmp_frag.c,isakmp_unity.c}: Make
1629 * src/libipsec/policy_parse.y: Define INT32_MAX/INT32_MIN.
1630 * src/libipsec/policy_token.l, src/racoon/kmpstat.c,
1631 src/racoon/{pfkey.c,prsa_par.y,rsalist.c,token.l}: Small
1637 * src/setkey/setkey.c(stdin_loop): Fix newlines and comments
1642 * src/racoon/isakmp_quick.c: generated policy refresh patch
1649 * src/libipsec/{ipsec_dump_policy.c,policy_token.l}: Use
1652 * src/racoon/kmpstat.c: Fix compilation on Linux.
1653 * src/racoon/ipsec_doi.h: Ditto.
1654 * src/racoon/Makefile.am, src/setkey/Makefile.am: Update
1659 * src/racoon/{isakmp_cfg.h,grabmyaddr.c,handler.c,handler.h}:
1662 * src/racoon/{isakmp.c,isakmp_cfg.c,isakmp_xauth.c}: On authentication
1665 * src/racoon/{admin.c,admin.h,isakmp_xauth.c,kmpstat.c,remoteconf.h}:
1669 * src/racoon/{admin.c,kmpstat.c}: implement delete-sa and
1671 * src/racoon/{cfparse.y,cftoken.l,handler.c,isakmp.c,isakmp_cfg.c}
1672 src/racoon/{isakmp_var.h,racoon.conf.5,remoteconf.c,remoteconf.h}:
1678 * src/racoon/nattraversal.c: Use macros instead of magic numbers
1679 * src/racoon/kmpstat.c: pull up fixes from KAME so that racoonctl
1681 * src/racoon/{cfparse.y,cftoken.l,handler.c,isakmp.c,isakmp_cfg.c}
1682 src/racoon/{isakmp_var.h,racoon.conf.5,remoteconf.c,remoteconf.h}:
1687 * src/racoon/rfc/draft-ietf-ipsec-isakmp-hybrid-auth-05.txt: removed
1688 src/racoon/rfc/draft-ietf-ipsec-isakmp-mode-cfg-04.txt: removed
1689 src/racoon/rfc/draft-beaulieu-ike-xauth-02.txt: new file
1690 src/racoon/rfc/draft-dukes-ike-mode-cfg-02.txt: new file
1695 * src/racoon/rfc/draft-ietf-ipsec-isakmp-hybrid-auth-05.txt: new file
1696 src/racoon/rfc/draft-ietf-ipsec-isakmp-mode-cfg-04.txt: new file
1697 src/racoon/rfc/draft-ietf-ipsec-isakmp-xauth-07.txt: new file
1699 * src/racoon/cftoken.l: fix build problem, add an error message
1701 * src/racoon/isakmp_cfg.c: build without RADIUS support too
1705 * src/racoon/{algorithm.c,algorithm.h,cfparse.y,cftoken.l}
1706 src/racoon/{ipsec_doi.c,ipsec_doi.h,isakmp.c,isakmp_agg.c}
1707 src/racoon/{isakmp_cfg.c,isakmp_cfg.h,isakmp_xauth.c,isakmp_xauth.h}
1708 src/racoon/{oakley.c,oakley.h,racoon.conf.5}
1709 src/racoon/{remoteconf.c,remoteconf.h,strnames.c}: Client side
1714 * src/racoon/{cfparse.y,cftoken.l,handler.h,isakmp.c}
1715 src/racoon/{isakmp_agg.c,isakmp_base.c,isakmp_frag.c,isakmp_frag.h}
1716 src/racoon/{isakmp_inf.c,racoon.conf.5,remoteconf.c,remoteconf.h}:
1721 * src/racoon/isakmp_cfg.c: Fix read buffer overflow
1722 * src/racoon/isakmp_xauth.c: Fix weak authentication
1723 * src/racoon/{oakley.c,oakley.h}: Fix weak authentication
1728 * src/racoon/{isakmp_frag.c,isakmp_frag.h}: New files.
1729 * src/racoon/isakmp_cfg.c: Fix endianness.
1734 * src/racoon/{cfparse.y,cftoken.l,handler.c},
1735 src/racoon/{isakmp_cfg.c,isakmp_cfg.h,isakmp_xauth.c},
1736 src/racoon/racoon.conf.5: RADIUS IP addresses allocation
1739 src/racoon/{Makefile.am,handler.h,isakmp.c,isakmp.h},
1740 src/racoon/{isakmp_agg.c,isakmp_base.c,isakmp_inf.c},
1741 src/racoon/{vendorid.c,vendorid.h}: IKE Fragmentation patch.
1745 * src/racoon/isakmp_cfg.c: Fixes from Emmanuel Dreyfus.
1749 * src/racoon/remoteconf.c: dupidvl(), dupetypes() - new functions
1753 * src/racoon/remoteconf.c: declaration for dupetypes().
1757 * src/racoon/cfparse.y: check inherited_from dereferencing
1758 * src/racoon/crypto_openssl.c: prevent crash on incorect DNs
1763 * src/racoon/sockmisc.c(sendfromto): Set src address.
1768 * src/racoon/grabmyaddr.c: added missing <linux/types.h> include
1774 src/racoon/.cvsignore, src/racoon/cfparse.y,
1775 src/racoon/crypto_openssl.c, src/racoon/crypto_openssl.h,
1776 src/racoon/ipsec_doi.c, src/racoon/isakmp.c,
1777 src/racoon/isakmp_agg.c, src/racoon/isakmp_base.c,
1778 src/racoon/isakmp_cfg.c, src/racoon/isakmp_ident.c,
1779 src/racoon/isakmp_unity.c, src/racoon/main.c,
1780 src/racoon/nattraversal.c, src/racoon/oakley.c,
1781 src/racoon/oakley.h, src/racoon/sockmisc.c,
1782 src/racoon/missing/crypto/sha2/sha2.c: Modified (see ChangeLog
1784 * acracoon.m4, src/racoon/Makefile.am: New files.
1785 * src/racoon/Makefile.in, src/racoon/aclocal.m4,
1786 src/racoon/client-puzzle.c, src/racoon/config.guess,
1787 src/racoon/config.sub, src/racoon/configure.in,
1788 src/racoon/install-sh, src/racoon/doc/SantaBarbara-result.jp,
1789 src/racoon/doc/helsinki-result.jp, src/racoon/doc/ibm-result.jp,
1790 src/racoon/doc/pattern, src/racoon/doc/question,
1791 src/racoon/doc/racoonquestion.sh, src/racoon/doc/redmond.txt,
1792 src/racoon/doc/rules.jp, src/racoon/doc/sandiego-result.en,
1793 src/racoon/doc/sandiego-result.jp,
1794 src/racoon/doc/sandiego0009-result.en,
1795 src/racoon/missing/addrinfo.h, src/racoon/missing/getaddrinfo.c,
1796 src/racoon/missing/getnameinfo.c, src/racoon/samples/Makefile,
1797 src/racoon/samples/sandiego.pl: Removed.
1801 * src/racoon/vendorid.[ch]: Rewrote the VendorID handling.
1805 * src/racoon/{isakmp_agg.c,isakmp_base.c,isakmp_ident.c},
1806 src/racoon/nattraversal.c: Updated to the new VID model.
1807 * src/racoon/main.c(main): Precompute VendorIDs.
1808 * src/racoon/arc4random.h, src/racoon/missing/arc4random.c:
1811 * src/racoon/pfkey.c, src/racoon/oakley.c, src/racoon/main.c,
1812 src/racoon/isakmp.c: Updated to the above change.
1813 * src/racoon/Makefile.in, src/racoon/configure.in: Remove
1815 * src/racoon/crypto_openssl.[ch](eay_random): New function.
1816 * src/racoon/isakmp_cfg.c, src/racoon/isakmp_unity.c,
1817 src/racoon/isakmp_xauth.c: Cleaned up headers.
1821 * src/racoon/crypto_openssl.c (base64_encode): Terminate
1827 * src/include-glibc/glibc-bugs.h: Define _XOPEN_SOURCE
1829 * src/racoon/isakmp_cfg.c, src/racoon/isakmp_unity.c,
1830 src/racoon/isakmp_xauth.c: Don't include <netkey/key_var.h>
1831 * src/racoon/Makefile.in: Add new files to distribution.
1832 * src/racoon/configure.in: Fix linux kernel NATT detection.
1833 * src/setkey/parse.y: Fix types.
1834 * src/racoon/backupsa.c, src/racoon/ipsec_doi.c,
1835 src/racoon/isakmp_inf.c, src/racoon/isakmp_quick.c,
1836 src/racoon/pfkey.c, src/racoon/remoteconf.c,
1837 src/racoon/session.c, src/racoon/sockmisc.c: Fix headers
1839 * src/racoon/isakmp_cfg.c: Use %z for size_t.
1840 * src/racoon/configure.in: Clean up IPv6 stack check.
1845 * src/racoon/isakmp_cfg.h, src/racoon/isakmp_cfg.c,
1846 src/racoon/isakmp_unity.c, src/racoon/isakmp_unity.h,
1847 src/racoon/isakmp_xauth.c, src/racoon/isakmp_xauth.h,
1848 src/racoon/samples/racoon.conf.sample-cvpn: New files.
1849 * src/racoon/algorithm.c, src/racoon/algorithm.h,
1850 src/racoon/cfparse.y, src/racoon/cftoken.l,
1851 src/racoon/handler.c, src/racoon/handler.h,
1852 src/racoon/ipsec_doi.c, src/racoon/isakmp.c,
1853 src/racoon/isakmp.h, src/racoon/isakmp_agg.c,
1854 src/racoon/isakmp_inf.c, src/racoon/oakley.c,
1855 src/racoon/oakley.h, src/racoon/strnames.c,
1856 src/racoon/vendorid.c, src/racoon/vendorid.h: Added
1858 * src/racoon/racoon.conf.5: Documentation for XAUTH.
1859 * src/racoon/isakmp_base.c, src/racoon/isakmp_ident.c,
1860 src/racoon/nattraversal.c: Added NATT VID "02\n"
1861 * src/racoon/configure.in: New config option --enable-hybrid
1866 * src/racoon/configure.in: Preset LDFLAGS instead of CFLAGS on NetBSD,
1868 * src/racoon/isakmp_agg.c(agg_i1send): Place #endif correctly.
1869 * src/setkey/parse.y(fix_portstr): Init 'p2'.
1870 * src/setkey/setkey.c: Add required prototypes.
1874 * src/racoon/gssapi.c: sa_len -> sysdep_sa_len. Patch by Andreas.
1878 * src/racoon/configure.in: Check for NetBSD NAT-T kernel support.
1882 * src/racoon/configure.in: Check for <openssl/engine.h>
1883 * src/racoon/crypto_openssl.c: Only use OpenSSL engines if available.
1884 * src/racoon/plainrsa-gen.c: Ditto.
1891 * src/Makefile.am: Build include-glibc only on Linux
1892 * src/libipsec/{ipsec_dump_policy.c,ipsec_get_policylen.c,
1895 src/racoon/{cfparse.y,cftoken.l,grabmyaddr.c,isakmp.c,
1898 src/setkey/{parse.y,setkey.c,token.l}: Fix headers and some
1900 * src/racoon/sockmisc.c(sendfromto): Wrap for Linux only.
1901 * src/racoon/configure.in: Check for kernel NAT-T support,
1903 * src/racoon/eaytest.c(certtest): Use %z for size_t.
1907 * src/racoon/grabmyaddr.c: improoved socket selection algorithm for
1912 * src/racoon/session.c: fix for SIGHUP handler for case when config
1917 * src/racoon/grabmyaddr.c: added scope id handling for link-local
1922 * src/racoon/crypto_openssl.c: hmac memory leak fix by R. Ganesan
1923 * src/racoon/eaytest.c: eay_init_error() -> eay_init() due to
1924 2004-06-01 changes in src/racoon/crypto_openssl.c
1928 * src/racoon/cfparse.y src/racoon/crypto_openssl.c
1929 src/racoon/eaytest.c src/racoon/genlist.h src/racoon/ipsec_doi.c
1930 src/racoon/racoon.conf.5 src/racoon/remoteconf.c
1931 src/racoon/remoteconf.h: peers_identifier wildcard and
1947 * src/racoon/stringlist.c src/racoon/stringlist.h: Removed.
1948 * src/racoon/genlist.c src/racoon/genlist.h
1949 src/racoon/plainrsa-gen.8 src/racoon/plainrsa-gen.c
1950 src/racoon/prsa_par.y src/racoon/prsa_tok.l
1951 src/racoon/rsalist.c src/racoon/rsalist.h
1952 src/racoon/samples/racoon.conf.sample-plainrsa: New files.
1953 * src/racoon/Makefile.in src/racoon/configure.in
1954 src/racoon/cfparse.y src/racoon/cftoken.l
1955 src/racoon/crypto_openssl.c src/racoon/crypto_openssl.h
1956 src/racoon/handler.h src/racoon/ipsec_doi.c
1957 src/racoon/ipsec_doi.h src/racoon/isakmp.h src/racoon/main.c
1958 src/racoon/oakley.c src/racoon/plog.c src/racoon/remoteconf.c
1959 src/racoon/remoteconf.h src/racoon/sockmisc.c
1960 src/racoon/sockmisc.h src/racoon/eaytest.c: Updated.
1964 * src/racoon/main.c, src/racoon/eaytest.c, src/racoon/plog.c: Move
1966 * src/racoon/proposal.c (cmpsaprop_alloc): Fix printing of encmode
1968 * src/racoon/ipsec_doi.c, src/racoon/isakmp.c, src/racoon/isakmp_quick.c,
1969 src/racoon/oakley.c: Fix typos, newlines and printf() format strings.
1973 * src/racoon/crypto_openssl.c (eay_get_x509cert): small memory
1975 * src/racoon/crypto_openssl.c (eay_aes_{en|de}crypt, evp_crypt):
1981 * src/racoon/crypto_openssl.[ch] (cb_check_cert_local,
1984 * src/racoon/crypto_openssl.[ch] (eay_check_x509cert): new parameter
1986 * src/racoon/oakley.c, src/racoon/eaytest.c: adjust to use above
1990 * src/racoon/nattraversal.c (natt_vendorid, natt_fill_options): Support
1996 * src/racoon/stringlist.c, src/racoon/stringlist.h: New files.
1997 * src/racoon/Makefile.in: Compile stringlist.o.
2002 * src/{racoon,setkey,libipsec}/*.h: Wrap headers between
2014 * src/setkey/setkey.c: -n (no action) support.
2016 * src/setkey/setkey.8: Documentation for above.
2017 * src/racoon/doc/README.certificate: updated link to more recent
2022 * src/racoon/algorithm.c: Enable compilation without SHA2 support.
2023 * src/racoon/crypto_openssl.c: Ditto.
2027 * src/racoon/crypto_openssl.c: Remove unneeded workarounds for older
2031 * src/racoon/crypto_openssl.h: Reflect the above changes.
2032 * src/racoon/main.c: Call eay_init() instead of eay_init_error().
2037 * src/racoon/cftoken.l: New keyword 'inherit'.
2038 * src/racoon/cfparse.y: Support for 'inherit', remove
2040 * src/racoon/remoteconf.c (rmtree): Changed from
2046 * src/racoon/remoteconf.h: Prototypes for the above.
2048 * src/racoon/sockmisc.c (saddr2str): Can print anonymous entries.
2049 * src/racoon/algorithm.c (alg_oakley_encdef_name)
2052 * src/racoon/algorithm.h: Prototpes for the above.
2053 * src/racoon/strnames.c (num2str): Make extern.
2055 * src/racoon/strnames.h: Prototpes for the above.
2056 * src/racoon/main.c: New parameter -C for dumping the parsed config.
2057 * src/racoon/racoon.conf.5: Document inheritance.
2058 * src/racoon/samples/racoon.conf.sample-inherit: Sample config file.
2059 * src/racoon/Makefile.in: Distribute racoon.conf.sample-inherit
2069 * src/racoon/crypto_openssl.[ch]: Use EVP_*() instead of
2075 * src/libipsec/ipsec_set_policy.3
2076 * src/setkey/setkey.8
2077 * src/libipsec/test-policy-priority.c: new file from policy
2083 * src/libipsec/ipsec_strerror.c
2084 * src/libipsec/ipsec_strerror.h
2085 * src/libipsec/libpfkey.h
2086 * src/libipsec/policy_parse.y
2087 * src/libipsec/test-policy-priority.c
2089 * src/libipsec/ipsec_set_policy.3
2090 * src/setkey/setkey.8
2095 except src/libipsec/Makefile.am is modified instead of
2096 src/libipsec/Makefile.in as found in the patch.
2101 * src/racoon/gssapi.[ch]: Update to 3-clause BSD license.
2106 * src/include-glibc/sys/queue.h: Update to 3-clause BSD license.
2110 * src/racoon/grabmyaddr.c (update_myaddrs): Only trust kernel to
2115 * src/racoon/grabmyaddr.c (recvaddrs): Only trust kernel to send
2122 * src/racoon/isakmp.c (isakmp_handler): Reject too big
2133 * src/racoon/Makefile.in: Use install-sh instead of mkinstalldirs.
2134 * src/racoon/remoteconf.c (foreachrmconf): Avoid warning about
2136 * src/racoon/samples/racoon.conf.in: Cleaned up to work with Linux
2141 * src/racoon/grabmyaddr.c (suitable_ifaddr6): Anycast addresses are
2146 * src/racoon/crypto_openssl.c (cb_check_cert): Warn if no CRL is found.
2147 * src/racoon/isakmp_ident.c (ident_r2recv): Removed debug plog().
2148 * src/racoon/proposal.c (cmpsatrns): Downgrade severity of trns_id
2150 * src/libipsec/pfkey_dump.c, src/racoon/algorithm.c
2151 src/racoon/algorithm.h src/racoon/cftoken.l
2152 src/racoon/ipsec_doi.c src/racoon/ipsec_doi.h
2153 src/racoon/oakley.h src/racoon/pfkey.c src/racoon/strnames.c
2154 src/setkey/token.l: Renamed Rijndael to AES.
2155 * src/setkey/token.l: Recognize exit/quit/bye tokens.
2156 * src/setkey/parse.y (exit_command): New.
2157 * src/setkey/setkey.c (stdin_loop): Exit when exit_now is set
2162 * src/setkey/setkey.c (main): Call get_supported() in interactive mode.
2167 * src/racoon/nattraversal.c (natt_keepalive_send): Log sending KA
2172 * src/racoon/Makefile.in: eaytest now links plog.o
2173 * src/racoon/crypto_openssl.c: Remove all #ifdef EAYDEBUG/#endif
2175 * src/racoon/eaytest.c (rsatest): Enabled RSA tests again, now
2190 * src/racoon/crypto_openssl.c (eay_check_x509sign): Directly generate
2193 * src/racoon/crypto_openssl.h: Update prototypes for the above.
2194 * src/racoon/eaytest.c: Disabled RSA tests because of the API change.
2198 * src/racoon/pfkey.c (pfkey_handler): Safety check before accessing
2201 * src/racoon/strnames.c (name_pfkey_type): Ditto.
2205 * src/racoon/eaytest.c (ciphertest_1): Correct padlen.
2209 * src/racoon/ipsec_doi.c (setph2proposal0): Move proposal encmode
2216 * src/racoon/crypto_openssl.c (eay_3des_expand_key): New function.
2218 * src/racoon/eaytest.c (ciphertest_1): New function.
2228 * src/setkey/setkey.c: Call stdin_loop() when '-c' was given.
2230 * src/setkey/token.l (parse_string): New function.
2240 * src/racoon/cfparse.y (algorithm): Hint about missing module.
2241 * src/racoon/crypto_openssl.c (eay_3des_*): Check for strict key
2244 * src/racoon/eaytest.c: Make the testsuite useful, i.e. exit with
2247 * src/racoon/Makefile.in: Run eaytest in 'make check'.
2251 * src/racoon/isakmp_agg.c (agg_i2recv): Copy remote cookie before
2253 * src/racoon/crypto_openssl.c: Avoid type-punned warnings.
2254 * src/racoon/eaytest.c: Disable 'cert' tests.
2255 * src/racoon/crypto_openssl.c (eay_des_encrypt): No need to check
2261 * src/setkey/parse.y (ALG_ENC_NOKEY, ALG_ENC_OLD): Use "" for key
2272 * src/racoon/cftoken.l: Add 'null' as an alias for 'null_enc'.
2273 * src/racoon/proposal.c (cmpsatrns): New parameter proto_id,
2275 * src/racoon/proposal.h (cmpsatrns): Update prototype.
2276 * src/setkey/setkey.c: Change option -h to -H (for hexdump), new
2278 * src/setkey/setkey.8: Document the above changes.
2279 * src/racoon/rfc/*: Many standards related to IPsec/IKE/NAT-T/...
2283 * src/racoon/configure.in: Prevent compilation error with
2294 * src/racoon/aclocal.m4 (RACOON_CHECK_VA_COPY): New test.
2295 * src/racoon/configure.in: Call RACOON_CHECK_VA_COPY
2296 * src/racoon/plog.c (plogv): Replace va_copy() with VA_COPY.
2297 * src/racoon/racoon.conf.5: Note that NAT-T support is a compile
2302 * src/racoon/racoon.conf.5: Document nat_traversal option.
2303 * src/racoon/racoon.8: DOcument new options (-L and -P).
2307 * src/racoon/grabmyaddr.c (autoconf_myaddrsport): Prepare addrs for
2310 * src/racoon/grabmyaddr.h: Prototype for dupmyaddr().
2311 * src/racoon/isakmp.c (isakmp_open): Complain if NAT-T is enabled, but
2313 * src/racoon/isakmp_var.h (PORT_ISAKMP_NATT): New define.
2314 * src/racoon/localconf.c, src/racoon/localconf.h: Define and setup
2316 * src/racoon/main.c (main): Print nicer banner,
2319 * src/racoon/nattraversal.c (natt_fill_options): Don't use hardcoded
2322 * src/racoon/nattraversal.h: Prototype for natt_enabled_in_rmconf().
2323 * src/racoon/plog.c: Don't print source:line:function by default.
2324 * src/racoon/remoteconf.c (foreachrmconf): New helper function.
2325 * src/racoon/remoteconf.h: Prototype for the above.
2331 * src/racoon/configure.in: Don't put -O into OPTFLAGS,
2333 * src/racoon/cfparse.y, src/racoon/handler.c,
2334 src/racoon/ipsec_doi.c, src/racoon/isakmp.c,
2335 src/racoon/isakmp_agg.c, src/racoon/isakmp_base.c,
2336 src/racoon/isakmp_ident.c, src/racoon/pfkey.c,
2337 src/racoon/proposal.c, src/racoon/session.c: Replace WITH_NATT
2339 * src/racoon/crypto_openssl.c: Replace %d with %zd for size_t arguments.
2345 * src/racoon/configure.in: renamed --with-ssleay to --with-openssl.
2358 * src/racoon/samples/racoon.conf.sample-natt: New sample config file.
2359 * src/racoon/Makefile.in: Tweak file lists to make 'distcheck' happy,
2366 * src/racoon/Makefile.in, src/racoon/cfparse.y,
2367 src/racoon/cftoken.l, src/racoon/grabmyaddr.c,
2368 src/racoon/grabmyaddr.h, src/racoon/handler.c,
2369 src/racoon/handler.h, src/racoon/ipsec_doi.c,
2370 src/racoon/ipsec_doi.h, src/racoon/isakmp.c, src/racoon/isakmp.h,
2371 src/racoon/isakmp_agg.c, src/racoon/isakmp_base.c,
2372 src/racoon/isakmp_ident.c, src/racoon/isakmp_quick.c,
2373 src/racoon/localconf.c, src/racoon/localconf.h,
2374 src/racoon/pfkey.c, src/racoon/proposal.c, src/racoon/proposal.h,
2375 src/racoon/racoon.conf.5, src/racoon/remoteconf.c,
2376 src/racoon/remoteconf.h, src/racoon/session.c,
2377 src/racoon/strnames.c, src/racoon/vendorid.h
2378 src/libipsec/pfkey.c,
2379 src/racoon/nattraversal.c, src/racoon/nattraversal.h,
2380 src/racoon/sockmisc.c: Affected files.
2384 * src/racoon/isakmp.c (set_isakmp_header1): Renamed from
2390 * src/racoon/isakmp_var.h: Prototypes for the above.
2391 * src/racoon/isakmp.h (struct payload_list): New structure.
2392 * src/racoon/isakmp_agg.c, src/racoon/isakmp_base.c,
2393 src/racoon/isakmp_ident.c: Use isakmp_plist_* functions.
2397 * src/racoon/Makefile.in: Fix install to $(sbindir)
2398 * src/setkey/parse.y: Avoid GCC 3.3 warning (type-punned pointer).
2407 * src/racoon/isakmp_inf.c: endian mismatch fix. From iij seil team
2411 * src/racoon/isakmp_inf.c: Prevent unauthorized deletion of SA
2413 * src/racoon/isakmp.c: Don't try to bind to IPv6 multicast addresses.
2417 * src/racoon/plog.c: Fix segfault on AMD64 (va_list can be used
2425 * src/racoon/configure.in: Fix AC_DEFINEs to make autoheader happy,
2430 * src/racoon/*.[cyl]: Include autogenerated "config.h"
2431 * src/racoon/missing/crypto/*/*.c: Ditto.
2432 * src/racoon/.cvsignore: Add config.h, config.h.in
2436 * src/racoon/.cvsignore: Add "autom4te.cache" and "configure".
2441 * src/libipsec/pfkey.c: memory leak fix; comment typo fixes
2442 * src/libipsec/{pfkey.c,pfkey_dump.c}: allow compilation even
2444 * src/libipsec/pfkey_dump.c: information about algorithms
2446 * src/libipsec/policy_parse.y: memory leak
2447 * src/libipsec/policy_token.l: memory leak
2448 * src/libipsec/test-policy.c: unneeded \n removed
2449 * src/racoon/Makefile.in: $(sbindir) support
2450 * src/racoon/admin.c: interface changes due to proxy support
2451 * src/racoon/algorithm.c: SHA2 #ifdefs
2452 * src/racoon/{cfparse.y,cftoken.l}: license text added
2453 * src/racoon/cfparse.y: mip6 obsoleted by proxy support
2454 * src/racoon/cfparse.y: from directive support; new algorithms
2455 * src/racoon/cftoken.l: support for globbing of include files
2456 * src/racoon/configure.in: more verbose information about problems
2458 * src/racoon/crypto_openssl.c: use new DES API if supported; algorithm
2460 * src/racoon/eaytest.c: SHA2 #ifdefs; keysize len check
2461 * src/racoon/ipsec_doi.c: use VPTRINIT; ESP parameter validity checks;
2463 * src/racoon/isakmp.c: use VPTRINIT; interface changes due to
2465 * src/racoon/isakmp_inf.c: use VPTRINIT
2466 * src/racoon/isakmp_quick.c: mip6->proxy
2467 * src/racoon/kmpstat.c: not used variables removed
2468 * src/racoon/pfkey.c: mip6->proxy; schedule leak
2469 * src/racoon/proposal.c: style
2470 * src/racoon/remoteconf.c: mip6->proxy
2471 * src/racoon/sainfo.c: from directive support
2472 * src/racoon/sockmisc.c: side correction; addrinfo leak
2473 * src/racoon/strnames.c: typo in descriptions; wrong upper bound check
2474 * src/racoon/missing/crypto/sha2/sha2.c: wrong size
2475 * src/setkey/parse.y: extra algorithms; tagged; not needed periods
2477 * src/setkey/setkey.8: typos; tagged; new algorithms
2478 * src/setkey/setkey.c: standard argument names for main(); hexdump
2480 * src/setkey/token.l: new algorithms; memory shortage checks
2487 * src/racoon/config.{sub,guess}: Update from automake 1.7.
2492 * src/racoon/configure.in: Check for openssl/aes.h.
2493 * src/racoon/crypto_openssl.c: Use OpenSSL AES functions if available.
2497 * src/racoon/configure: Remove, should be regenerated by bootstrap.
2501 * src/racoon/crypto_openssl.c: Update to work with OpenSSL 0.9.7
2504 * src/racoon/proposal.c: Be more verbose. (Michal Ludvig)
2505 * src/libipsec/ipsec_dump_policy.c: Dump FWD policies correctly
2507 * src/setkey/token.l, src/setkey/parse.y: Add support for lifetime
2509 * src/setkey/setkey.8: Document -bh/-bs options for the above feature.
2510 * src/libipsec/pfkey.c: Don't include 'sadb_key' in SADB_UPDATE
2512 * src/racoon/cfparse.y: Flush SA on SIGHUP
2514 * src/racoon/pfkey.c: IPcomp fixes
2516 * src/racoon/proposal.c: Fix typo lifebyte -> lifetime.
2517 * src/racoon/grabmyaddr.c: Prevent segfault if getifaddrs() returns
2520 from /usr/src/devel-2.5/devel to /usr/src/linux
2521 * bootstrap: Use default tools, reconfigure src/racoon
2522 * src/racoon/configure.in: Change LIBOBJS -> AC_LIBOBJ,
2527 * src/racoon/aclocal.m4:
2528 * src/racoon/configure:
2534 * src/setkey/parse.y: change the NAT-T Type to use UDP_ENCAP_ESPINUDP
2539 * src/libipsec/key_debug.c: use ntohs() before printing port
2540 * src/libipsec/pfkey.c: convert port# to network byte order
2541 * src/libipsec/pfkey_dump.c: use ntohs() before printing ports
2542 * src/setkey/parse.y: convert port#'s to network byte order
2546 * src/libipsec/pfkey.c: Don't switch off NAT-T extensions
2549 * src/racoon/sockmisc.c: use '34' for IPV6_IPSEC_POLICY,
2556 * src/libipsec/key_debug.c: add support to print information
2558 * src/libipsec/libpfkey.h: add two new APIs to support NAT-T
2560 * src/libipsec/pfkey.c:
2564 * src/libipsec/pfkey_dump.c: Extend the SADB output to include
2568 * src/setkey/parse.y:
2577 * src/setkey/token.l: add "esp-udp" token
2597 * src/racoon/Makefile.in: add @LEXLIB@ to the LIBS line to make
2614 * src/racoon/configure.in: change "CFLAGS" to "CPPFLAGS" for
2619 * src/racoon/kmpstat.c: fix gcc-3.2.2 compiler warning
2621 * src/racoon/configure.in: look for krb5-config and don't