[Ipsec-tools-commits] ipsec-tools ChangeLog,1.110,1.111

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/ipsec-tools/ipsec-tools
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13793

Modified Files:
	ChangeLog 
Log Message:
SECURITY: Certificate authentication bugfix.


Index: ChangeLog
===================================================================
RCS file: /cvsroot/ipsec-tools/ipsec-tools/ChangeLog,v
retrieving revision 1.110
retrieving revision 1.111
diff -u -d -r1.110 -r1.111

--- ChangeLog	11 Jun 2004 16:03:44 -0000	1.110
+++ ChangeLog	15 Jun 2004 13:02:12 -0000	1.111
@@ -1,3 +1,13 @@
+2004-06-15  Aidas Kasparas  <a.k...@gm...>
+
+	SECURITY
+	* src/racoon/crypto_openssl.[ch] (cb_check_cert_local, 
+	  cb_check_cert_remote): split cb_check_cert() due to stricter
+	  requirements for certificates received from network.
+	* src/racoon/crypto_openssl.[ch] (eay_check_x509cert): new parameter
+	  local to specify how strict cert check should be
+	* src/racoon/oakley.c, src/racoon/eaytest.c: adjust to use above
+	
 2004-06-11  Michal Ludvig  <ml...@su...>
 
 	* src/racoon/nattraversal.c (natt_vendorid, natt_fill_options): Support 
@@ -27,6 +37,8 @@
 	* src/setkey/setkey.c: -n (no action) support. 
 	  Thanks Thomas Habets.
 	* src/setkey/setkey.8: Documentation for above.
+	* src/racoon/doc/README.certificate: updated link to more recent
+	  version of document. Debian bug #252513 by Jose Luis Domingo Lopez
 
 2004-06-01  Michal Ludvig  <ml...@su...>
 



