summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-04-01 20:56:41 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-04-01 20:56:41 +0000
commitf46b6f36ae2a46f92f69b096a58d6ff96726a9ed (patch)
tree370b1aa2e1f2f4b5c3dd8ee9a4749c9c6e79575f
parent188bacbfe68aa6cbbaaa6cbd26b334f634f23871 (diff)
downloadvyos-strongswan-f46b6f36ae2a46f92f69b096a58d6ff96726a9ed.tar.gz
vyos-strongswan-f46b6f36ae2a46f92f69b096a58d6ff96726a9ed.zip
- New upstream release to hopefully compile on sid.
-rw-r--r--Doxyfile.in1530
-rw-r--r--Makefile.am2
-rw-r--r--Makefile.in1
-rw-r--r--NEWS26
-rwxr-xr-xconfigure84
-rw-r--r--configure.in13
-rw-r--r--debian/changelog6
-rwxr-xr-xdebian/rules1
-rw-r--r--src/charon/Makefile.am5
-rw-r--r--src/charon/Makefile.in31
-rw-r--r--src/charon/bus/bus.h4
-rw-r--r--src/charon/bus/listeners/file_logger.h4
-rw-r--r--src/charon/bus/listeners/sys_logger.h4
-rw-r--r--src/charon/config/attributes/attribute_manager.h2
-rw-r--r--src/charon/config/attributes/attribute_provider.h2
-rw-r--r--src/charon/config/backend.h4
-rw-r--r--src/charon/config/backend_manager.h5
-rw-r--r--src/charon/config/child_cfg.h10
-rw-r--r--src/charon/config/ike_cfg.h5
-rw-r--r--src/charon/config/peer_cfg.h7
-rw-r--r--src/charon/config/proposal.h4
-rw-r--r--src/charon/config/traffic_selector.h6
-rw-r--r--src/charon/control/controller.h4
-rw-r--r--src/charon/credentials/auth_info.h2
-rw-r--r--src/charon/credentials/credential_manager.h4
-rw-r--r--src/charon/credentials/credential_set.h4
-rw-r--r--src/charon/credentials/sets/auth_info_wrapper.h2
-rw-r--r--src/charon/credentials/sets/cert_cache.h2
-rw-r--r--src/charon/credentials/sets/ocsp_response_wrapper.h2
-rw-r--r--src/charon/daemon.h4
-rw-r--r--src/charon/encoding/generator.h4
-rw-r--r--src/charon/encoding/message.h4
-rw-r--r--src/charon/encoding/parser.h4
-rw-r--r--src/charon/encoding/payloads/auth_payload.h4
-rw-r--r--src/charon/encoding/payloads/cert_payload.h5
-rw-r--r--src/charon/encoding/payloads/certreq_payload.h4
-rw-r--r--src/charon/encoding/payloads/configuration_attribute.h4
-rw-r--r--src/charon/encoding/payloads/cp_payload.h4
-rw-r--r--src/charon/encoding/payloads/delete_payload.h4
-rw-r--r--src/charon/encoding/payloads/eap_payload.h4
-rw-r--r--src/charon/encoding/payloads/encodings.h4
-rw-r--r--src/charon/encoding/payloads/encryption_payload.h4
-rw-r--r--src/charon/encoding/payloads/endpoint_notify.h4
-rw-r--r--src/charon/encoding/payloads/id_payload.h4
-rw-r--r--src/charon/encoding/payloads/ike_header.h4
-rw-r--r--src/charon/encoding/payloads/ke_payload.h4
-rw-r--r--src/charon/encoding/payloads/nonce_payload.h4
-rw-r--r--src/charon/encoding/payloads/notify_payload.h4
-rw-r--r--src/charon/encoding/payloads/payload.h4
-rw-r--r--src/charon/encoding/payloads/proposal_substructure.h4
-rw-r--r--src/charon/encoding/payloads/sa_payload.h4
-rw-r--r--src/charon/encoding/payloads/traffic_selector_substructure.h4
-rw-r--r--src/charon/encoding/payloads/transform_attribute.h4
-rw-r--r--src/charon/encoding/payloads/transform_substructure.h4
-rw-r--r--src/charon/encoding/payloads/ts_payload.h4
-rw-r--r--src/charon/encoding/payloads/unknown_payload.h4
-rw-r--r--src/charon/encoding/payloads/vendor_id_payload.h4
-rw-r--r--src/charon/kernel/kernel_interface.c2
-rw-r--r--src/charon/kernel/kernel_interface.h4
-rw-r--r--src/charon/kernel/kernel_ipsec.h4
-rw-r--r--src/charon/kernel/kernel_net.h4
-rw-r--r--src/charon/network/packet.h4
-rw-r--r--src/charon/network/receiver.h4
-rw-r--r--src/charon/network/sender.h4
-rw-r--r--src/charon/network/socket.h4
-rw-r--r--src/charon/plugins/eap_aka/eap_aka.h6
-rw-r--r--src/charon/plugins/eap_aka/eap_aka_plugin.h4
-rw-r--r--src/charon/plugins/eap_gtc/eap_gtc.h2
-rw-r--r--src/charon/plugins/eap_gtc/eap_gtc_plugin.h2
-rw-r--r--src/charon/plugins/eap_identity/eap_identity.h4
-rw-r--r--src/charon/plugins/eap_identity/eap_identity_plugin.h4
-rw-r--r--src/charon/plugins/eap_md5/eap_md5.h4
-rw-r--r--src/charon/plugins/eap_md5/eap_md5_plugin.h4
-rw-r--r--src/charon/plugins/eap_mschapv2/eap_mschapv2.h4
-rw-r--r--src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h4
-rw-r--r--src/charon/plugins/eap_radius/Makefile.am14
-rw-r--r--src/charon/plugins/eap_radius/Makefile.in506
-rw-r--r--src/charon/plugins/eap_radius/eap_radius.c276
-rw-r--r--src/charon/plugins/eap_radius/eap_radius.h50
-rw-r--r--src/charon/plugins/eap_radius/eap_radius_plugin.c56
-rw-r--r--src/charon/plugins/eap_radius/eap_radius_plugin.h52
-rw-r--r--src/charon/plugins/eap_radius/radius_client.c495
-rw-r--r--src/charon/plugins/eap_radius/radius_client.h90
-rw-r--r--src/charon/plugins/eap_radius/radius_message.c477
-rw-r--r--src/charon/plugins/eap_radius/radius_message.h278
-rw-r--r--src/charon/plugins/eap_sim/eap_sim.h2
-rw-r--r--src/charon/plugins/eap_sim/eap_sim_plugin.h4
-rw-r--r--src/charon/plugins/eap_sim_file/eap_sim_file_card.h2
-rw-r--r--src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h2
-rw-r--r--src/charon/plugins/eap_sim_file/eap_sim_file_provider.h2
-rw-r--r--src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h2
-rw-r--r--src/charon/plugins/kernel_klips/kernel_klips_ipsec.h4
-rw-r--r--src/charon/plugins/kernel_klips/kernel_klips_plugin.h4
-rw-r--r--src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c2
-rw-r--r--src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h4
-rw-r--r--src/charon/plugins/kernel_netlink/kernel_netlink_net.h4
-rw-r--r--src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h4
-rw-r--r--src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h4
-rw-r--r--src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h4
-rw-r--r--src/charon/plugins/load_tester/load_tester_config.h2
-rw-r--r--src/charon/plugins/load_tester/load_tester_creds.h2
-rw-r--r--src/charon/plugins/load_tester/load_tester_diffie_hellman.h2
-rw-r--r--src/charon/plugins/load_tester/load_tester_ipsec.h2
-rw-r--r--src/charon/plugins/load_tester/load_tester_listener.h2
-rw-r--r--src/charon/plugins/load_tester/load_tester_plugin.h2
-rw-r--r--src/charon/plugins/medcli/medcli_config.h2
-rw-r--r--src/charon/plugins/medcli/medcli_creds.h2
-rw-r--r--src/charon/plugins/medcli/medcli_listener.h2
-rw-r--r--src/charon/plugins/medcli/medcli_plugin.h2
-rw-r--r--src/charon/plugins/medsrv/medsrv_config.h2
-rw-r--r--src/charon/plugins/medsrv/medsrv_creds.h4
-rw-r--r--src/charon/plugins/medsrv/medsrv_plugin.h4
-rw-r--r--src/charon/plugins/nm/nm_creds.h2
-rw-r--r--src/charon/plugins/nm/nm_plugin.h2
-rw-r--r--src/charon/plugins/nm/nm_service.h2
-rw-r--r--src/charon/plugins/smp/smp.h4
-rw-r--r--src/charon/plugins/sql/sql_attribute.h2
-rw-r--r--src/charon/plugins/sql/sql_config.h4
-rw-r--r--src/charon/plugins/sql/sql_cred.h2
-rw-r--r--src/charon/plugins/sql/sql_logger.h2
-rw-r--r--src/charon/plugins/sql/sql_plugin.h4
-rw-r--r--src/charon/plugins/stroke/stroke_attribute.h2
-rw-r--r--src/charon/plugins/stroke/stroke_ca.h2
-rw-r--r--src/charon/plugins/stroke/stroke_config.h2
-rw-r--r--src/charon/plugins/stroke/stroke_control.h2
-rw-r--r--src/charon/plugins/stroke/stroke_cred.h2
-rw-r--r--src/charon/plugins/stroke/stroke_list.h2
-rw-r--r--src/charon/plugins/stroke/stroke_plugin.h2
-rw-r--r--src/charon/plugins/stroke/stroke_shared_key.h2
-rw-r--r--src/charon/plugins/stroke/stroke_socket.h2
-rw-r--r--src/charon/plugins/uci/uci_config.h2
-rw-r--r--src/charon/plugins/uci/uci_control.h13
-rw-r--r--src/charon/plugins/uci/uci_creds.h2
-rw-r--r--src/charon/plugins/uci/uci_parser.h3
-rw-r--r--src/charon/plugins/uci/uci_plugin.h2
-rw-r--r--src/charon/plugins/unit_tester/tests.h4
-rw-r--r--src/charon/plugins/unit_tester/unit_tester.h4
-rw-r--r--src/charon/plugins/updown/updown_listener.h2
-rw-r--r--src/charon/plugins/updown/updown_plugin.h2
-rw-r--r--src/charon/processing/jobs/acquire_job.h4
-rw-r--r--src/charon/processing/jobs/callback_job.h4
-rw-r--r--src/charon/processing/jobs/delete_child_sa_job.h4
-rw-r--r--src/charon/processing/jobs/delete_ike_sa_job.h4
-rw-r--r--src/charon/processing/jobs/initiate_mediation_job.h4
-rw-r--r--src/charon/processing/jobs/job.h4
-rw-r--r--src/charon/processing/jobs/mediation_job.h4
-rw-r--r--src/charon/processing/jobs/migrate_job.h4
-rw-r--r--src/charon/processing/jobs/process_message_job.h4
-rw-r--r--src/charon/processing/jobs/rekey_child_sa_job.h4
-rw-r--r--src/charon/processing/jobs/rekey_ike_sa_job.h4
-rw-r--r--src/charon/processing/jobs/retransmit_job.h4
-rw-r--r--src/charon/processing/jobs/roam_job.h4
-rw-r--r--src/charon/processing/jobs/send_dpd_job.h4
-rw-r--r--src/charon/processing/jobs/send_keepalive_job.h4
-rw-r--r--src/charon/processing/jobs/update_sa_job.h2
-rw-r--r--src/charon/processing/processor.h4
-rw-r--r--src/charon/processing/scheduler.h4
-rw-r--r--src/charon/sa/authenticators/authenticator.h4
-rw-r--r--src/charon/sa/authenticators/eap/eap_manager.h4
-rw-r--r--src/charon/sa/authenticators/eap/eap_method.c5
-rw-r--r--src/charon/sa/authenticators/eap/eap_method.h6
-rw-r--r--src/charon/sa/authenticators/eap/sim_manager.h2
-rw-r--r--src/charon/sa/authenticators/eap_authenticator.c9
-rw-r--r--src/charon/sa/authenticators/eap_authenticator.h4
-rw-r--r--src/charon/sa/authenticators/psk_authenticator.h4
-rw-r--r--src/charon/sa/authenticators/pubkey_authenticator.h4
-rw-r--r--src/charon/sa/child_sa.h6
-rw-r--r--src/charon/sa/connect_manager.h4
-rw-r--r--src/charon/sa/ike_sa.h4
-rw-r--r--src/charon/sa/ike_sa_id.h4
-rw-r--r--src/charon/sa/ike_sa_manager.c6
-rw-r--r--src/charon/sa/ike_sa_manager.h4
-rw-r--r--src/charon/sa/keymat.h2
-rw-r--r--src/charon/sa/mediation_manager.h4
-rw-r--r--src/charon/sa/task_manager.h6
-rw-r--r--src/charon/sa/tasks/child_create.h4
-rw-r--r--src/charon/sa/tasks/child_delete.h4
-rw-r--r--src/charon/sa/tasks/child_rekey.h4
-rw-r--r--src/charon/sa/tasks/ike_auth.h4
-rw-r--r--src/charon/sa/tasks/ike_auth_lifetime.h4
-rw-r--r--src/charon/sa/tasks/ike_cert_post.h4
-rw-r--r--src/charon/sa/tasks/ike_cert_pre.h4
-rw-r--r--src/charon/sa/tasks/ike_config.h4
-rw-r--r--src/charon/sa/tasks/ike_delete.h4
-rw-r--r--src/charon/sa/tasks/ike_dpd.h4
-rw-r--r--src/charon/sa/tasks/ike_init.h4
-rw-r--r--src/charon/sa/tasks/ike_me.h4
-rw-r--r--src/charon/sa/tasks/ike_mobike.h4
-rw-r--r--src/charon/sa/tasks/ike_natd.c6
-rw-r--r--src/charon/sa/tasks/ike_natd.h4
-rw-r--r--src/charon/sa/tasks/ike_reauth.h4
-rw-r--r--src/charon/sa/tasks/ike_rekey.h4
-rw-r--r--src/charon/sa/tasks/task.h4
-rw-r--r--src/libfast/context.h4
-rw-r--r--src/libfast/controller.h4
-rw-r--r--src/libfast/dispatcher.h4
-rw-r--r--src/libfast/request.h4
-rw-r--r--src/libfast/session.h4
-rw-r--r--src/libstrongswan/asn1/asn1.c23
-rw-r--r--src/libstrongswan/asn1/asn1.h10
-rw-r--r--src/libstrongswan/asn1/asn1_parser.h4
-rw-r--r--src/libstrongswan/chunk.h16
-rw-r--r--src/libstrongswan/credentials/builder.h2
-rw-r--r--src/libstrongswan/credentials/certificates/ac.h3
-rw-r--r--src/libstrongswan/credentials/certificates/certificate.h2
-rw-r--r--src/libstrongswan/credentials/certificates/crl.h4
-rw-r--r--src/libstrongswan/credentials/certificates/ocsp_request.h2
-rw-r--r--src/libstrongswan/credentials/certificates/ocsp_response.h2
-rw-r--r--src/libstrongswan/credentials/certificates/x509.h4
-rw-r--r--src/libstrongswan/credentials/credential_factory.h2
-rw-r--r--src/libstrongswan/credentials/keys/private_key.h4
-rw-r--r--src/libstrongswan/credentials/keys/public_key.h4
-rw-r--r--src/libstrongswan/crypto/crypters/crypter.h4
-rw-r--r--src/libstrongswan/crypto/crypto_factory.h2
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.h4
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.h4
-rw-r--r--src/libstrongswan/crypto/pkcs9.h5
-rw-r--r--src/libstrongswan/crypto/prf_plus.h4
-rw-r--r--src/libstrongswan/crypto/prfs/prf.h4
-rw-r--r--src/libstrongswan/crypto/rngs/rng.h2
-rw-r--r--src/libstrongswan/crypto/signers/signer.h6
-rw-r--r--src/libstrongswan/database/database.h2
-rw-r--r--src/libstrongswan/database/database_factory.h2
-rw-r--r--src/libstrongswan/debug.h4
-rw-r--r--src/libstrongswan/enum.h4
-rw-r--r--src/libstrongswan/fetcher/fetcher.h2
-rw-r--r--src/libstrongswan/fetcher/fetcher_manager.h2
-rw-r--r--src/libstrongswan/fips/fips.h4
-rw-r--r--src/libstrongswan/library.h4
-rw-r--r--src/libstrongswan/plugins/aes/aes_crypter.h2
-rw-r--r--src/libstrongswan/plugins/aes/aes_plugin.h2
-rw-r--r--src/libstrongswan/plugins/agent/agent_plugin.h2
-rw-r--r--src/libstrongswan/plugins/agent/agent_private_key.h2
-rw-r--r--src/libstrongswan/plugins/curl/curl_fetcher.h2
-rw-r--r--src/libstrongswan/plugins/curl/curl_plugin.h2
-rw-r--r--src/libstrongswan/plugins/des/des_crypter.h2
-rw-r--r--src/libstrongswan/plugins/des/des_plugin.h2
-rw-r--r--src/libstrongswan/plugins/fips_prf/fips_prf.h2
-rw-r--r--src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h2
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h2
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_plugin.h2
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h2
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h4
-rw-r--r--src/libstrongswan/plugins/hmac/hmac.h2
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_plugin.c4
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_plugin.h2
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_prf.h2
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_signer.c6
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_signer.h2
-rw-r--r--src/libstrongswan/plugins/ldap/ldap_fetcher.h2
-rw-r--r--src/libstrongswan/plugins/ldap/ldap_plugin.h2
-rw-r--r--src/libstrongswan/plugins/md4/md4_hasher.h2
-rw-r--r--src/libstrongswan/plugins/md4/md4_plugin.h2
-rw-r--r--src/libstrongswan/plugins/md5/md5_hasher.h2
-rw-r--r--src/libstrongswan/plugins/md5/md5_plugin.h2
-rw-r--r--src/libstrongswan/plugins/mysql/mysql_database.h4
-rw-r--r--src/libstrongswan/plugins/mysql/mysql_plugin.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crypter.h4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_private_key.h4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_public_key.h4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_hasher.h5
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.h4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_util.h4
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_aes_crypter.h2
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_plugin.h2
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_rng.h4
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h4
-rw-r--r--src/libstrongswan/plugins/plugin.h2
-rw-r--r--src/libstrongswan/plugins/plugin_loader.h2
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_cert.h2
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_plugin.h2
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_public_key.h4
-rw-r--r--src/libstrongswan/plugins/random/random_plugin.h2
-rw-r--r--src/libstrongswan/plugins/random/random_rng.h4
-rw-r--r--src/libstrongswan/plugins/sha1/sha1_hasher.h2
-rw-r--r--src/libstrongswan/plugins/sha1/sha1_plugin.h2
-rw-r--r--src/libstrongswan/plugins/sha1/sha1_prf.h2
-rw-r--r--src/libstrongswan/plugins/sha2/sha2_hasher.h2
-rw-r--r--src/libstrongswan/plugins/sha2/sha2_plugin.h2
-rw-r--r--src/libstrongswan/plugins/sqlite/sqlite_database.h2
-rw-r--r--src/libstrongswan/plugins/sqlite/sqlite_plugin.h2
-rw-r--r--src/libstrongswan/plugins/x509/ietf_attr_list.h2
-rw-r--r--src/libstrongswan/plugins/x509/x509_ac.h2
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.h4
-rw-r--r--src/libstrongswan/plugins/x509/x509_crl.h2
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_request.h2
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_response.h2
-rw-r--r--src/libstrongswan/plugins/x509/x509_plugin.h2
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc.h2
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_plugin.h2
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_prf.h2
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_signer.h6
-rw-r--r--src/libstrongswan/printf_hook.h4
-rw-r--r--src/libstrongswan/settings.h2
-rw-r--r--src/libstrongswan/utils.h4
-rw-r--r--src/libstrongswan/utils/backtrace.h3
-rw-r--r--src/libstrongswan/utils/enumerator.h6
-rw-r--r--src/libstrongswan/utils/hashtable.h4
-rw-r--r--src/libstrongswan/utils/host.h2
-rw-r--r--src/libstrongswan/utils/identification.c36
-rw-r--r--src/libstrongswan/utils/identification.h10
-rw-r--r--src/libstrongswan/utils/iterator.h4
-rw-r--r--src/libstrongswan/utils/leak_detective.h2
-rw-r--r--src/libstrongswan/utils/lexparser.h6
-rw-r--r--src/libstrongswan/utils/linked_list.h4
-rw-r--r--src/libstrongswan/utils/mutex.h4
-rw-r--r--src/libstrongswan/utils/optionsfrom.h4
-rw-r--r--src/manager/controller/auth_controller.h4
-rw-r--r--src/manager/controller/config_controller.h4
-rw-r--r--src/manager/controller/control_controller.h4
-rw-r--r--src/manager/controller/gateway_controller.h4
-rw-r--r--src/manager/controller/ikesa_controller.h4
-rw-r--r--src/manager/gateway.h14
-rw-r--r--src/manager/manager.h4
-rw-r--r--src/manager/storage.h4
-rw-r--r--src/manager/xml.h4
-rw-r--r--src/pluto/asn1.c13
-rw-r--r--src/pluto/ipsec_doi.c10
-rw-r--r--src/pluto/vendor.c6
-rw-r--r--src/pluto/vendor.h4
-rw-r--r--src/starter/Makefile.am8
-rw-r--r--src/starter/Makefile.in6
-rw-r--r--src/starter/confread.c11
-rw-r--r--src/starter/invokecharon.c4
-rw-r--r--src/starter/invokepluto.c44
-rw-r--r--src/starter/ipsec.conf.514
-rw-r--r--testing/INSTALL6
-rwxr-xr-xtesting/hosts/winnetou/etc/openssl/generate-crl5
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/crlnumber1
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/index.txt2
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/index.txt.attr1
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/index.txt.attr.old1
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/index.txt.old1
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/newcerts/01.pem46
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/newcerts/02.pem46
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/openssl.cnf184
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/serial1
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/serial.old1
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/strongswanCert-monster.pem55
-rw-r--r--testing/hosts/winnetou/etc/openssl/monster/strongswanKey-monster.pem99
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/index.txt2
-rw-r--r--testing/hosts/winnetou/etc/openssl/research/newcerts/04.pem42
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/index.txt2
-rw-r--r--testing/hosts/winnetou/etc/openssl/sales/newcerts/04.pem44
-rwxr-xr-xtesting/scripts/build-umlrootfs7
-rwxr-xr-xtesting/testing.conf11
-rw-r--r--testing/tests/ikev1/after-2038-certs/description.txt13
-rw-r--r--testing/tests/ikev1/after-2038-certs/evaltest.dat6
-rwxr-xr-xtesting/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf22
-rw-r--r--testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem55
-rw-r--r--testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem46
-rw-r--r--testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem51
-rw-r--r--testing/tests/ikev1/after-2038-certs/hosts/carol/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf21
-rw-r--r--testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem55
-rw-r--r--testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem46
-rw-r--r--testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem51
-rw-r--r--testing/tests/ikev1/after-2038-certs/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev1/after-2038-certs/posttest.dat (renamed from testing/tests/ikev2/rw-eap-aka-identity/posttest.dat)0
-rw-r--r--testing/tests/ikev1/after-2038-certs/pretest.dat6
-rw-r--r--testing/tests/ikev1/after-2038-certs/test.conf21
-rw-r--r--testing/tests/ikev2/after-2038-certs/description.txt13
-rw-r--r--testing/tests/ikev2/after-2038-certs/evaltest.dat6
-rwxr-xr-xtesting/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf23
-rw-r--r--testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem55
-rw-r--r--testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem46
-rw-r--r--testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem51
-rw-r--r--testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf22
-rw-r--r--testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem55
-rw-r--r--testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem46
-rw-r--r--testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem51
-rw-r--r--testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/after-2038-certs/posttest.dat (renamed from testing/tests/ikev2/rw-eap-mschapv2-rsa/posttest.dat)0
-rw-r--r--testing/tests/ikev2/after-2038-certs/pretest.dat6
-rw-r--r--testing/tests/ikev2/after-2038-certs/test.conf21
-rw-r--r--testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.d/certs/carolCert-ifuri.pem42
-rw-r--r--testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.d/certs/daveCert-ifuri.pem44
-rw-r--r--testing/tests/ikev2/rw-eap-aka-id-rsa/description.txt (renamed from testing/tests/ikev2/rw-eap-aka-identity/description.txt)5
-rw-r--r--testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat (renamed from testing/tests/ikev2/rw-eap-aka-identity/evaltest.dat)2
-rwxr-xr-xtesting/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.conf (renamed from testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/ipsec.conf)0
-rw-r--r--testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.secrets (renamed from testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf (renamed from testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/strongswan.conf)0
-rwxr-xr-xtesting/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/ipsec.conf)2
-rw-r--r--testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.secrets (renamed from testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf (renamed from testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/strongswan.conf)0
-rw-r--r--testing/tests/ikev2/rw-eap-aka-id-rsa/posttest.dat4
-rw-r--r--testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat (renamed from testing/tests/ikev2/rw-eap-aka-identity/pretest.dat)0
-rw-r--r--testing/tests/ikev2/rw-eap-aka-id-rsa/test.conf (renamed from testing/tests/ikev2/rw-eap-aka-identity/test.conf)0
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/description.txt10
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat12
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/clients.conf4
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/eap.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/proxy.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/radiusd.conf120
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/sites-available/default61
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/users1
-rwxr-xr-xtesting/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf23
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.secrets3
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/init.d/iptables84
-rwxr-xr-xtesting/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf26
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.secrets3
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/posttest.dat5
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat12
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/test.conf (renamed from testing/tests/ikev2/rw-eap-mschapv2-rsa/test.conf)0
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/description.txt8
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat11
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/clients.conf4
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/eap.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf120
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default61
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/users1
-rwxr-xr-xtesting/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf22
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.secrets3
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/init.d/iptables84
-rwxr-xr-xtesting/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf25
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.secrets3
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/posttest.dat5
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/pretest.dat12
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/test.conf21
-rw-r--r--testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.secrets2
-rwxr-xr-xtesting/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.secrets2
-rw-r--r--testing/tests/ikev2/rw-eap-mschapv2-id-rsa/description.txt (renamed from testing/tests/ikev2/rw-eap-mschapv2-rsa/description.txt)0
-rw-r--r--testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat (renamed from testing/tests/ikev2/rw-eap-mschapv2-rsa/evaltest.dat)0
-rwxr-xr-xtesting/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.conf (renamed from testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.conf)0
-rw-r--r--testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.secrets (renamed from testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf (renamed from testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/strongswan.conf)0
-rwxr-xr-xtesting/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.secrets (renamed from testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf (renamed from testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/strongswan.conf)0
-rw-r--r--testing/tests/ikev2/rw-eap-mschapv2-id-rsa/posttest.dat4
-rw-r--r--testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat (renamed from testing/tests/ikev2/rw-eap-mschapv2-rsa/pretest.dat)0
-rw-r--r--testing/tests/ikev2/rw-eap-mschapv2-id-rsa/test.conf21
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/description.txt13
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat12
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/clients.conf4
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/eap.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/proxy.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/radiusd.conf123
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/sites-available/default62
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/triplets.dat3
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/users0
-rwxr-xr-xtesting/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf23
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.d/triplets.dat3
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.secrets1
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/init.d/iptables84
-rwxr-xr-xtesting/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf26
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.secrets3
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat5
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat12
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/test.conf21
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/description.txt14
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat15
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/clients.conf4
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/eap.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/proxy.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/radiusd.conf123
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/sites-available/default62
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/triplets.dat7
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/users0
-rwxr-xr-xtesting/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf21
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.d/triplets.dat3
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.secrets1
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf21
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.d/triplets.dat3
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.secrets1
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf5
-rwxr-xr-xtesting/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/init.d/iptables84
-rwxr-xr-xtesting/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf25
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.secrets3
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/posttest.dat7
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/pretest.dat15
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/test.conf21
488 files changed, 7526 insertions, 877 deletions
diff --git a/Doxyfile.in b/Doxyfile.in
index fb746a61d..54f6596f0 100644
--- a/Doxyfile.in
+++ b/Doxyfile.in
@@ -1,220 +1,1420 @@
-# Doxyfile 1.4.1-KDevelop
+# Doxyfile 1.5.6
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+# TAG = value [value, ...]
+# For lists items can also be appended using:
+# TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
#---------------------------------------------------------------------------
# Project related configuration options
#---------------------------------------------------------------------------
-PROJECT_NAME = "@PACKAGE_NAME@"
-PROJECT_NUMBER = "@PACKAGE_VERSION@"
-OUTPUT_DIRECTORY = apidoc
-CREATE_SUBDIRS = NO
-OUTPUT_LANGUAGE = English
-USE_WINDOWS_ENCODING = NO
-BRIEF_MEMBER_DESC = YES
-REPEAT_BRIEF = YES
-ABBREVIATE_BRIEF =
-ALWAYS_DETAILED_SEC = NO
-INLINE_INHERITED_MEMB = NO
-FULL_PATH_NAMES = YES
-STRIP_FROM_PATH =
-STRIP_FROM_INC_PATH =
-SHORT_NAMES = NO
-JAVADOC_AUTOBRIEF = YES
+
+# This tag specifies the encoding used for all characters in the config file
+# that follow. The default is UTF-8 which is also the encoding used for all
+# text before the first occurrence of this tag. Doxygen uses libiconv (or the
+# iconv built into libc) for the transcoding. See
+# http://www.gnu.org/software/libiconv for the list of possible encodings.
+
+DOXYFILE_ENCODING = UTF-8
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
+# by quotes) that should identify the project.
+
+PROJECT_NAME = "@PACKAGE_NAME@"
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number.
+# This could be handy for archiving the generated documentation or
+# if some version control system is used.
+
+PROJECT_NUMBER = "@PACKAGE_VERSION@"
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
+# base path where the generated documentation will be put.
+# If a relative path is entered, it will be relative to the location
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY = apidoc
+
+# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
+# 4096 sub-directories (in 2 levels) under the output directory of each output
+# format and will distribute the generated files over these directories.
+# Enabling this option can be useful when feeding doxygen a huge amount of
+# source files, where putting all generated files in the same directory would
+# otherwise cause performance problems for the file system.
+
+CREATE_SUBDIRS = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all
+# documentation generated by doxygen is written. Doxygen will use this
+# information to generate all constant output in the proper language.
+# The default language is English, other supported languages are:
+# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional,
+# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek,
+# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages),
+# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish,
+# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish,
+# and Ukrainian.
+
+OUTPUT_LANGUAGE = English
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
+# include brief member descriptions after the members that are listed in
+# the file and class documentation (similar to JavaDoc).
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
+# the brief description of a member or function before the detailed description.
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF = YES
+
+# This tag implements a quasi-intelligent brief description abbreviator
+# that is used to form the text in various listings. Each string
+# in this list, if found as the leading text of the brief description, will be
+# stripped from the text and the result after processing the whole list, is
+# used as the annotated text. Otherwise, the brief description is used as-is.
+# If left blank, the following values are used ("$name" is automatically
+# replaced with the name of the entity): "The $name class" "The $name widget"
+# "The $name file" "is" "provides" "specifies" "contains"
+# "represents" "a" "an" "the"
+
+ABBREVIATE_BRIEF =
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
+# Doxygen will generate a detailed section even if there is only a brief
+# description.
+
+ALWAYS_DETAILED_SEC = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
+# inherited members of a class in the documentation of that class as if those
+# members were ordinary class members. Constructors, destructors and assignment
+# operators of the base classes will not be shown.
+
+INLINE_INHERITED_MEMB = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
+# path before files name in the file list and in the header files. If set
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES = YES
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
+# can be used to strip a user-defined part of the path. Stripping is
+# only done if one of the specified strings matches the left-hand part of
+# the path. The tag can be used to show relative paths in the file list.
+# If left blank the directory from which doxygen is run is used as the
+# path to strip.
+
+STRIP_FROM_PATH =
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
+# the path mentioned in the documentation of a class, which tells
+# the reader which header file to include in order to use a class.
+# If left blank only the name of the header file containing the class
+# definition is used. Otherwise one should specify the include paths that
+# are normally passed to the compiler using the -I flag.
+
+STRIP_FROM_INC_PATH =
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
+# (but less readable) file names. This can be useful is your file systems
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
+# will interpret the first line (until the first dot) of a JavaDoc-style
+# comment as the brief description. If set to NO, the JavaDoc
+# comments will behave just like regular Qt-style comments
+# (thus requiring an explicit @brief command for a brief description.)
+
+JAVADOC_AUTOBRIEF = YES
+
+# If the QT_AUTOBRIEF tag is set to YES then Doxygen will
+# interpret the first line (until the first dot) of a Qt-style
+# comment as the brief description. If set to NO, the comments
+# will behave just like regular Qt-style comments (thus requiring
+# an explicit \brief command for a brief description.)
+
+QT_AUTOBRIEF = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
+# treat a multi-line C++ special comment block (i.e. a block of //! or ///
+# comments) as a brief description. This used to be the default behaviour.
+# The new default is to treat a multi-line C++ comment block as a detailed
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
MULTILINE_CPP_IS_BRIEF = NO
-DETAILS_AT_TOP = YES
-INHERIT_DOCS = YES
-DISTRIBUTE_GROUP_DOC = NO
-TAB_SIZE = 1
-ALIASES =
-OPTIMIZE_OUTPUT_FOR_C = NO
-OPTIMIZE_OUTPUT_JAVA = NO
-SUBGROUPING = YES
+
+# If the DETAILS_AT_TOP tag is set to YES then Doxygen
+# will output the detailed description near the top, like JavaDoc.
+# If set to NO, the detailed description appears after the member
+# documentation.
+
+DETAILS_AT_TOP = YES
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
+# member inherits the documentation from any documented member that it
+# re-implements.
+
+INHERIT_DOCS = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce
+# a new page for each member. If set to NO, the documentation of a member will
+# be part of the file/class/namespace that contains it.
+
+SEPARATE_MEMBER_PAGES = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab.
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE = 4
+
+# This tag can be used to specify a number of aliases that acts
+# as commands in the documentation. An alias has the form "name=value".
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to
+# put the command \sideeffect (or @sideeffect) in the documentation, which
+# will result in a user-defined paragraph with heading "Side Effects:".
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES =
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
+# sources only. Doxygen will then generate output that is more tailored for C.
+# For instance, some of the names that are used will be different. The list
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C = NO
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java
+# sources only. Doxygen will then generate output that is more tailored for
+# Java. For instance, namespaces will be presented as packages, qualified
+# scopes will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA = NO
+
+# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran
+# sources only. Doxygen will then generate output that is more tailored for
+# Fortran.
+
+OPTIMIZE_FOR_FORTRAN = NO
+
+# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL
+# sources. Doxygen will then generate output that is tailored for
+# VHDL.
+
+OPTIMIZE_OUTPUT_VHDL = NO
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want
+# to include (a tag file for) the STL sources as input, then you should
+# set this tag to YES in order to let doxygen match functions declarations and
+# definitions whose arguments contain STL classes (e.g. func(std::string); v.s.
+# func(std::string) {}). This also make the inheritance and collaboration
+# diagrams that involve STL classes more complete and accurate.
+
+BUILTIN_STL_SUPPORT = NO
+
+# If you use Microsoft's C++/CLI language, you should set this option to YES to
+# enable parsing support.
+
+CPP_CLI_SUPPORT = NO
+
+# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only.
+# Doxygen will parse them like normal C++ but will assume all classes use public
+# instead of private inheritance when no explicit protection keyword is present.
+
+SIP_SUPPORT = NO
+
+# For Microsoft's IDL there are propget and propput attributes to indicate getter
+# and setter methods for a property. Setting this option to YES (the default)
+# will make doxygen to replace the get and set methods by a property in the
+# documentation. This will only work if the methods are indeed getting or
+# setting a simple type. If this is not the case, or you want to show the
+# methods anyway, you should set this option to NO.
+
+IDL_PROPERTY_SUPPORT = YES
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
+# tag is set to YES, then doxygen will reuse the documentation of the first
+# member in the group (if any) for the other members of the group. By default
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC = NO
+
+# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
+# the same type (for instance a group of public functions) to be put as a
+# subgroup of that type (e.g. under the Public Functions section). Set it to
+# NO to prevent subgrouping. Alternatively, this can be done per class using
+# the \nosubgrouping command.
+
+SUBGROUPING = YES
+
+# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum
+# is documented as struct, union, or enum with the name of the typedef. So
+# typedef struct TypeS {} TypeT, will appear in the documentation as a struct
+# with name TypeT. When disabled the typedef will appear as a member of a file,
+# namespace, or class. And the struct will be named TypeS. This can typically
+# be useful for C code in case the coding convention dictates that all compound
+# types are typedef'ed and only the typedef is referenced, never the tag name.
+
+TYPEDEF_HIDES_STRUCT = YES
+
#---------------------------------------------------------------------------
# Build related configuration options
#---------------------------------------------------------------------------
-EXTRACT_ALL = NO
-EXTRACT_PRIVATE = NO
-EXTRACT_STATIC = NO
-EXTRACT_LOCAL_CLASSES = NO
-EXTRACT_LOCAL_METHODS = NO
-HIDE_UNDOC_MEMBERS = NO
-HIDE_UNDOC_CLASSES = NO
-HIDE_FRIEND_COMPOUNDS = NO
-HIDE_IN_BODY_DOCS = NO
-INTERNAL_DOCS = NO
-CASE_SENSE_NAMES = YES
-HIDE_SCOPE_NAMES = NO
-SHOW_INCLUDE_FILES = YES
-INLINE_INFO = YES
-SORT_MEMBER_DOCS = YES
-SORT_BRIEF_DOCS = NO
-SORT_BY_SCOPE_NAME = NO
-GENERATE_TODOLIST = YES
-GENERATE_TESTLIST = NO
-GENERATE_BUGLIST = YES
-GENERATE_DEPRECATEDLIST = YES
-ENABLED_SECTIONS =
-MAX_INITIALIZER_LINES = 30
-SHOW_USED_FILES = YES
-SHOW_DIRECTORIES = NO
-FILE_VERSION_FILTER =
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
+# documentation are documented, even if no documentation was available.
+# Private class members and static file members will be hidden unless
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+EXTRACT_ALL = NO
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
+# will be included in the documentation.
+
+EXTRACT_PRIVATE = NO
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file
+# will be included in the documentation.
+
+EXTRACT_STATIC = NO
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
+# defined locally in source files will be included in the documentation.
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES = NO
+
+# This flag is only useful for Objective-C code. When set to YES local
+# methods, which are defined in the implementation section but not in
+# the interface are included in the documentation.
+# If set to NO (the default) only methods in the interface are included.
+
+EXTRACT_LOCAL_METHODS = NO
+
+# If this flag is set to YES, the members of anonymous namespaces will be
+# extracted and appear in the documentation as a namespace called
+# 'anonymous_namespace{file}', where file will be replaced with the base
+# name of the file that contains the anonymous namespace. By default
+# anonymous namespace are hidden.
+
+EXTRACT_ANON_NSPACES = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
+# undocumented members of documented classes, files or namespaces.
+# If set to NO (the default) these members will be included in the
+# various overviews, but no documentation section is generated.
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS = NO
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
+# undocumented classes that are normally visible in the class hierarchy.
+# If set to NO (the default) these classes will be included in the various
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
+# friend (class|struct|union) declarations.
+# If set to NO (the default) these declarations will be included in the
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
+# documentation blocks found inside the body of a function.
+# If set to NO (the default) these blocks will be appended to the
+# function's detailed documentation block.
+
+HIDE_IN_BODY_DOCS = NO
+
+# The INTERNAL_DOCS tag determines if documentation
+# that is typed after a \internal command is included. If the tag is set
+# to NO (the default) then the documentation will be excluded.
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
+# file names in lower-case letters. If set to YES upper-case letters are also
+# allowed. This is useful if you have classes or files whose names only differ
+# in case and if your file system supports case sensitive file names. Windows
+# and Mac users are advised to set this option to NO.
+
+CASE_SENSE_NAMES = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
+# will show members with their full class and namespace scopes in the
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES = NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
+# will put a list of the files that are included by a file in the documentation
+# of that file.
+
+SHOW_INCLUDE_FILES = NO
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
+# is inserted in the documentation for inline members.
+
+INLINE_INFO = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
+# will sort the (detailed) documentation of file and class members
+# alphabetically by member name. If set to NO the members will appear in
+# declaration order.
+
+SORT_MEMBER_DOCS = NO
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
+# brief documentation of file, namespace and class members alphabetically
+# by member name. If set to NO (the default) the members will appear in
+# declaration order.
+
+SORT_BRIEF_DOCS = NO
+
+# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the
+# hierarchy of group names into alphabetical order. If set to NO (the default)
+# the group names will appear in their defined order.
+
+SORT_GROUP_NAMES = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
+# sorted by fully-qualified names, including namespaces. If set to
+# NO (the default), the class list will be sorted only by class name,
+# not including the namespace part.
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the
+# alphabetical list.
+
+SORT_BY_SCOPE_NAME = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or
+# disable (NO) the todo list. This list is created by putting \todo
+# commands in the documentation.
+
+GENERATE_TODOLIST = NO
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or
+# disable (NO) the test list. This list is created by putting \test
+# commands in the documentation.
+
+GENERATE_TESTLIST = NO
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or
+# disable (NO) the bug list. This list is created by putting \bug
+# commands in the documentation.
+
+GENERATE_BUGLIST = NO
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
+# disable (NO) the deprecated list. This list is created by putting
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= NO
+
+# The ENABLED_SECTIONS tag can be used to enable conditional
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS =
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
+# the initial value of a variable or define consists of for it to appear in
+# the documentation. If the initializer consists of more lines than specified
+# here it will be hidden. Use a value of 0 to hide initializers completely.
+# The appearance of the initializer of individual variables and defines in the
+# documentation can be controlled using \showinitializer or \hideinitializer
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
+# at the bottom of the documentation of classes and structs. If set to YES the
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES = NO
+
+# If the sources in your project are distributed over multiple directories
+# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy
+# in the documentation. The default is NO.
+
+SHOW_DIRECTORIES = YES
+
+# Set the SHOW_FILES tag to NO to disable the generation of the Files page.
+# This will remove the Files entry from the Quick Index and from the
+# Folder Tree View (if specified). The default is YES.
+
+SHOW_FILES = NO
+
+# Set the SHOW_NAMESPACES tag to NO to disable the generation of the
+# Namespaces page. This will remove the Namespaces entry from the Quick Index
+# and from the Folder Tree View (if specified). The default is YES.
+
+SHOW_NAMESPACES = YES
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that
+# doxygen should invoke to get the current version for each file (typically from
+# the version control system). Doxygen will invoke the program by executing (via
+# popen()) the command <command> <input-file>, where <command> is the value of
+# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file
+# provided by doxygen. Whatever the program writes to standard output
+# is used as the file version. See the manual for examples.
+
+FILE_VERSION_FILTER =
+
#---------------------------------------------------------------------------
# configuration options related to warning and progress messages
#---------------------------------------------------------------------------
-QUIET = NO
-WARNINGS = YES
-WARN_IF_UNDOCUMENTED = YES
-WARN_IF_DOC_ERROR = YES
-WARN_NO_PARAMDOC = NO
-WARN_FORMAT = "$file:$line: $text"
-WARN_LOGFILE =
+
+# The QUIET tag can be used to turn on/off the messages that are generated
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are
+# generated by doxygen. Possible values are YES and NO. If left blank
+# NO is used.
+
+WARNINGS = YES
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED = NO
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
+# potential errors in the documentation, such as not documenting some
+# parameters in a documented function, or documenting parameters that
+# don't exist or using markup commands wrongly.
+
+WARN_IF_DOC_ERROR = YES
+
+# This WARN_NO_PARAMDOC option can be abled to get warnings for
+# functions that are documented, but have no documentation for their parameters
+# or return value. If set to NO (the default) doxygen will only warn about
+# wrong or incomplete parameter documentation, but not about the absence of
+# documentation.
+
+WARN_NO_PARAMDOC = NO
+
+# The WARN_FORMAT tag determines the format of the warning messages that
+# doxygen can produce. The string should contain the $file, $line, and $text
+# tags, which will be replaced by the file and line number from which the
+# warning originated and the warning text. Optionally the format may contain
+# $version, which will be replaced by the version of the file (if it could
+# be obtained via FILE_VERSION_FILTER)
+
+WARN_FORMAT = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning
+# and error messages should be written. If left blank the output is written
+# to stderr.
+
+WARN_LOGFILE =
+
#---------------------------------------------------------------------------
# configuration options related to the input files
#---------------------------------------------------------------------------
-INPUT = src/libstrongswan src/charon src/libfast src/manager
-FILE_PATTERNS = *.h
-RECURSIVE = YES
-EXCLUDE =
-EXCLUDE_SYMLINKS = NO
-EXCLUDE_PATTERNS = */.svn/*
-EXAMPLE_PATH =
-EXAMPLE_PATTERNS =
-EXAMPLE_RECURSIVE = NO
-IMAGE_PATH =
-INPUT_FILTER =
-FILTER_PATTERNS =
-FILTER_SOURCE_FILES = NO
+
+# The INPUT tag can be used to specify the files and/or directories that contain
+# documented source files. You may enter file names like "myfile.cpp" or
+# directories like "/usr/src/myproject". Separate the files or directories
+# with spaces.
+
+INPUT = src/libstrongswan \
+ src/charon \
+ src/libfast \
+ src/manager
+
+# This tag can be used to specify the character encoding of the source files
+# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
+# also the default input encoding. Doxygen uses libiconv (or the iconv built
+# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for
+# the list of possible encodings.
+
+INPUT_ENCODING = UTF-8
+
+# If the value of the INPUT tag contains directories, you can use the
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank the following patterns are tested:
+# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx
+# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90
+
+FILE_PATTERNS = *.h
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories
+# should be searched for input files as well. Possible values are YES and NO.
+# If left blank NO is used.
+
+RECURSIVE = YES
+
+# The EXCLUDE tag can be used to specify files and/or directories that should
+# excluded from the INPUT source files. This way you can easily exclude a
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE =
+
+# The EXCLUDE_SYMLINKS tag can be used select whether or not files or
+# directories that are symbolic links (a Unix filesystem feature) are excluded
+# from the input.
+
+EXCLUDE_SYMLINKS = NO
+
+# If the value of the INPUT tag contains directories, you can use the
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
+# certain files from those directories. Note that the wildcards are matched
+# against the file with absolute path, so to exclude all test directories
+# for example use the pattern */test/*
+
+EXCLUDE_PATTERNS = */.svn/*
+
+# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
+# (namespaces, classes, functions, etc.) that should be excluded from the
+# output. The symbol name can be a fully qualified name, a word, or if the
+# wildcard * is used, a substring. Examples: ANamespace, AClass,
+# AClass::ANamespace, ANamespace::*Test
+
+EXCLUDE_SYMBOLS =
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or
+# directories that contain example code fragments that are included (see
+# the \include command).
+
+EXAMPLE_PATH =
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank all files are included.
+
+EXAMPLE_PATTERNS =
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
+# searched for input files to be used with the \include or \dontinclude
+# commands irrespective of the value of the RECURSIVE tag.
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or
+# directories that contain image that are included in the documentation (see
+# the \image command).
+
+IMAGE_PATH =
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should
+# invoke to filter for each input file. Doxygen will invoke the filter program
+# by executing (via popen()) the command <filter> <input-file>, where <filter>
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
+# input file. Doxygen will then use the output that the filter program writes
+# to standard output. If FILTER_PATTERNS is specified, this tag will be
+# ignored.
+
+INPUT_FILTER =
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
+# basis. Doxygen will compare the file name with each pattern and apply the
+# filter if there is a match. The filters are a list of the form:
+# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further
+# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER
+# is applied to all files.
+
+FILTER_PATTERNS =
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
+# INPUT_FILTER) will be used to filter the input files when producing source
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES = NO
+
#---------------------------------------------------------------------------
# configuration options related to source browsing
#---------------------------------------------------------------------------
-SOURCE_BROWSER = NO
-INLINE_SOURCES = NO
-STRIP_CODE_COMMENTS = NO
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will
+# be generated. Documented entities will be cross-referenced with these sources.
+# Note: To get rid of all source code in the generated output, make sure also
+# VERBATIM_HEADERS is set to NO.
+
+SOURCE_BROWSER = NO
+
+# Setting the INLINE_SOURCES tag to YES will include the body
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
+# doxygen to hide any special comment blocks from generated source code
+# fragments. Normal C and C++ comments will always remain visible.
+
+STRIP_CODE_COMMENTS = NO
+
+# If the REFERENCED_BY_RELATION tag is set to YES
+# then for each documented function all documented
+# functions referencing it will be listed.
+
REFERENCED_BY_RELATION = NO
-REFERENCES_RELATION = NO
-VERBATIM_HEADERS = YES
+
+# If the REFERENCES_RELATION tag is set to YES
+# then for each documented function all documented entities
+# called/used by that function will be listed.
+
+REFERENCES_RELATION = NO
+
+# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
+# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
+# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
+# link to the source code. Otherwise they will link to the documentstion.
+
+REFERENCES_LINK_SOURCE = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code
+# will point to the HTML generated by the htags(1) tool instead of doxygen
+# built-in source browser. The htags tool is part of GNU's global source
+# tagging system (see http://www.gnu.org/software/global/global.html). You
+# will need version 4.8.6 or higher.
+
+USE_HTAGS = NO
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
+# will generate a verbatim copy of the header file for each class for
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS = YES
+
#---------------------------------------------------------------------------
# configuration options related to the alphabetical class index
#---------------------------------------------------------------------------
-ALPHABETICAL_INDEX = NO
-COLS_IN_ALPHA_INDEX = 5
-IGNORE_PREFIX =
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
+# of all compounds will be generated. Enable this if the project
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX = NO
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX = 5
+
+# In case all classes in a project start with a common prefix, all
+# classes will be put under the same header in the alphabetical index.
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX =
+
#---------------------------------------------------------------------------
# configuration options related to the HTML output
#---------------------------------------------------------------------------
-GENERATE_HTML = YES
-HTML_OUTPUT = .
-HTML_FILE_EXTENSION = .html
-HTML_HEADER =
-HTML_FOOTER =
-HTML_STYLESHEET =
-HTML_ALIGN_MEMBERS = YES
-GENERATE_HTMLHELP = NO
-CHM_FILE =
-HHC_LOCATION =
-GENERATE_CHI = NO
-BINARY_TOC = NO
-TOC_EXPAND = NO
-DISABLE_INDEX = YES
-ENUM_VALUES_PER_LINE = 1
-GENERATE_TREEVIEW = YES
-TREEVIEW_WIDTH = 250
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
+# generate HTML output.
+
+GENERATE_HTML = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT = .
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard header.
+
+HTML_HEADER =
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard footer.
+
+HTML_FOOTER =
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
+# style sheet that is used by each HTML page. It can be used to
+# fine-tune the look of the HTML output. If the tag is left blank doxygen
+# will generate a default style sheet. Note that doxygen will try to copy
+# the style sheet file to the HTML output directory, so don't put your own
+# stylesheet in the HTML output directory as well, or it will be erased!
+
+HTML_STYLESHEET =
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
+# files or namespaces will be aligned in HTML using tables. If set to
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS = YES
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files
+# will be generated that can be used as input for tools like the
+# Microsoft HTML help workshop to generate a compiled HTML help file (.chm)
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP = NO
+
+# If the GENERATE_DOCSET tag is set to YES, additional index files
+# will be generated that can be used as input for Apple's Xcode 3
+# integrated development environment, introduced with OSX 10.5 (Leopard).
+# To create a documentation set, doxygen will generate a Makefile in the
+# HTML output directory. Running make will produce the docset in that
+# directory and running "make install" will install the docset in
+# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find
+# it at startup.
+
+GENERATE_DOCSET = NO
+
+# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the
+# feed. A documentation feed provides an umbrella under which multiple
+# documentation sets from a single provider (such as a company or product suite)
+# can be grouped.
+
+DOCSET_FEEDNAME = "Doxygen generated docs"
+
+# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that
+# should uniquely identify the documentation set bundle. This should be a
+# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen
+# will append .docset to the name.
+
+DOCSET_BUNDLE_ID = org.doxygen.Project
+
+# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
+# documentation will contain sections that can be hidden and shown after the
+# page has loaded. For this to work a browser that supports
+# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox
+# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari).
+
+HTML_DYNAMIC_SECTIONS = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
+# be used to specify the file name of the resulting .chm file. You
+# can add a path in front of the file if the result should not be
+# written to the html output directory.
+
+CHM_FILE =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
+# be used to specify the location (absolute path including file name) of
+# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
+# the HTML help compiler on the generated index.hhp.
+
+HHC_LOCATION =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
+# controls if a separate .chi index file is generated (YES) or that
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING
+# is used to encode HtmlHelp index (hhk), content (hhc) and project file
+# content.
+
+CHM_INDEX_ENCODING =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
+# controls whether a binary table of contents is generated (YES) or a
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members
+# to the contents of the HTML help documentation and to the tree view.
+
+TOC_EXPAND = NO
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
+# top of each HTML page. The value NO (the default) enables the index and
+# the value YES disables it.
+
+DISABLE_INDEX = YES
+
+# This tag can be used to set the number of enum values (range [1..20])
+# that doxygen will group on one line in the generated HTML documentation.
+
+ENUM_VALUES_PER_LINE = 1
+
+# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index
+# structure should be generated to display hierarchical information.
+# If the tag value is set to FRAME, a side panel will be generated
+# containing a tree-like index structure (just like the one that
+# is generated for HTML Help). For this to work a browser that supports
+# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+,
+# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are
+# probably better off using the HTML help feature. Other possible values
+# for this tag are: HIERARCHIES, which will generate the Groups, Directories,
+# and Class Hiererachy pages using a tree view instead of an ordered list;
+# ALL, which combines the behavior of FRAME and HIERARCHIES; and NONE, which
+# disables this behavior completely. For backwards compatibility with previous
+# releases of Doxygen, the values YES and NO are equivalent to FRAME and NONE
+# respectively.
+
+GENERATE_TREEVIEW = YES
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
+# used to set the initial width (in pixels) of the frame in which the tree
+# is shown.
+
+TREEVIEW_WIDTH = 250
+
+# Use this tag to change the font size of Latex formulas included
+# as images in the HTML documentation. The default is 10. Note that
+# when you change the font size after a successful doxygen run you need
+# to manually remove any form_*.png images from the HTML output directory
+# to force them to be regenerated.
+
+FORMULA_FONTSIZE = 10
+
#---------------------------------------------------------------------------
# configuration options related to the LaTeX output
#---------------------------------------------------------------------------
-GENERATE_LATEX = NO
-LATEX_OUTPUT = latex
-LATEX_CMD_NAME = latex
-MAKEINDEX_CMD_NAME = makeindex
-COMPACT_LATEX = NO
-PAPER_TYPE = a4wide
-EXTRA_PACKAGES =
-LATEX_HEADER =
-PDF_HYPERLINKS = NO
-USE_PDFLATEX = NO
-LATEX_BATCHMODE = NO
-LATEX_HIDE_INDICES = NO
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
+# generate Latex output.
+
+GENERATE_LATEX = NO
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
+# invoked. If left blank `latex' will be used as the default command name.
+
+LATEX_CMD_NAME = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
+# generate index for LaTeX. If left blank `makeindex' will be used as the
+# default command name.
+
+MAKEINDEX_CMD_NAME = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
+# LaTeX documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_LATEX = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used
+# by the printer. Possible values are: a4, a4wide, letter, legal and
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES =
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
+# the generated latex document. The header should contain everything until
+# the first chapter. If it is left blank doxygen will generate a
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER =
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will
+# contain links (just like the HTML output) instead of page references
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS = NO
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
+# plain latex in the generated Makefile. Set this option to YES to get a
+# higher quality PDF documentation.
+
+USE_PDFLATEX = NO
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
+# command to the generated LaTeX files. This will instruct LaTeX to keep
+# running if errors occur, instead of asking the user for help.
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE = NO
+
+# If LATEX_HIDE_INDICES is set to YES then doxygen will not
+# include the index chapters (such as File Index, Compound Index, etc.)
+# in the output.
+
+LATEX_HIDE_INDICES = NO
+
#---------------------------------------------------------------------------
# configuration options related to the RTF output
#---------------------------------------------------------------------------
-GENERATE_RTF = NO
-RTF_OUTPUT = rtf
-COMPACT_RTF = NO
-RTF_HYPERLINKS = NO
-RTF_STYLESHEET_FILE =
-RTF_EXTENSIONS_FILE =
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
+# The RTF output is optimized for Word 97 and may not look very pretty with
+# other RTF readers or editors.
+
+GENERATE_RTF = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
+# RTF documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_RTF = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
+# will contain hyperlink fields. The RTF file will
+# contain links (just like the HTML output) instead of page references.
+# This makes the output suitable for online browsing using WORD or other
+# programs which support those fields.
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS = NO
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's
+# config file, i.e. a series of assignments. You only have to provide
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE =
+
+# Set optional variables used in the generation of an rtf document.
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE =
+
#---------------------------------------------------------------------------
# configuration options related to the man page output
#---------------------------------------------------------------------------
-GENERATE_MAN = NO
-MAN_OUTPUT = man
-MAN_EXTENSION = .3
-MAN_LINKS = YES
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
+# generate man pages
+
+GENERATE_MAN = NO
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT = man
+
+# The MAN_EXTENSION tag determines the extension that is added to
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
+# then it will generate one additional man file for each entity
+# documented in the real man page(s). These additional files
+# only source the real man page, but without them the man command
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS = YES
+
#---------------------------------------------------------------------------
# configuration options related to the XML output
#---------------------------------------------------------------------------
-GENERATE_XML = NO
-XML_OUTPUT = xml
-XML_SCHEMA =
-XML_DTD =
-XML_PROGRAMLISTING = YES
+
+# If the GENERATE_XML tag is set to YES Doxygen will
+# generate an XML file that captures the structure of
+# the code including all documentation.
+
+GENERATE_XML = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `xml' will be used as the default path.
+
+XML_OUTPUT = xml
+
+# The XML_SCHEMA tag can be used to specify an XML schema,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_SCHEMA =
+
+# The XML_DTD tag can be used to specify an XML DTD,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_DTD =
+
+# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
+# dump the program listings (including syntax highlighting
+# and cross-referencing information) to the XML output. Note that
+# enabling this will significantly increase the size of the XML output.
+
+XML_PROGRAMLISTING = YES
+
#---------------------------------------------------------------------------
# configuration options for the AutoGen Definitions output
#---------------------------------------------------------------------------
-GENERATE_AUTOGEN_DEF = NO
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
+# generate an AutoGen Definitions (see autogen.sf.net) file
+# that captures the structure of the code including all
+# documentation. Note that this feature is still experimental
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF = NO
+
#---------------------------------------------------------------------------
# configuration options related to the Perl module output
#---------------------------------------------------------------------------
-GENERATE_PERLMOD = NO
-PERLMOD_LATEX = NO
-PERLMOD_PRETTY = YES
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will
+# generate a Perl module file that captures the structure of
+# the code including all documentation. Note that this
+# feature is still experimental and incomplete at the
+# moment.
+
+GENERATE_PERLMOD = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able
+# to generate PDF and DVI output from the Perl module output.
+
+PERLMOD_LATEX = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
+# nicely formatted so it can be parsed by a human reader. This is useful
+# if you want to understand what is going on. On the other hand, if this
+# tag is set to NO the size of the Perl module output will be much smaller
+# and Perl will parse it just the same.
+
+PERLMOD_PRETTY = YES
+
+# The names of the make variables in the generated doxyrules.make file
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
+# This is useful so different doxyrules.make files included by the same
+# Makefile don't overwrite each other's variables.
+
PERLMOD_MAKEVAR_PREFIX =
+
#---------------------------------------------------------------------------
# Configuration options related to the preprocessor
#---------------------------------------------------------------------------
-ENABLE_PREPROCESSING = YES
-MACRO_EXPANSION = YES
-EXPAND_ONLY_PREDEF = NO
-SEARCH_INCLUDES = YES
-INCLUDE_PATH =
-INCLUDE_FILE_PATTERNS =
-PREDEFINED = LEAK_DETECTIVE
-EXPAND_AS_DEFINED =
-SKIP_FUNCTION_MACROS = YES
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
+# evaluate all C-preprocessor directives found in the sources and include
+# files.
+
+ENABLE_PREPROCESSING = YES
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
+# names in the source code. If set to NO (the default) only conditional
+# compilation will be performed. Macro expansion can be done in a controlled
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION = YES
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
+# then the macro expansion is limited to the macros specified with the
+# PREDEFINED and EXPAND_AS_DEFINED tags.
+
+EXPAND_ONLY_PREDEF = NO
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that
+# contain include files that are not input files but should be processed by
+# the preprocessor.
+
+INCLUDE_PATH =
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
+# patterns (like *.h and *.hpp) to filter out the header-files in the
+# directories. If left blank, the patterns specified with FILE_PATTERNS will
+# be used.
+
+INCLUDE_FILE_PATTERNS =
+
+# The PREDEFINED tag can be used to specify one or more macro names that
+# are defined before the preprocessor is started (similar to the -D option of
+# gcc). The argument of the tag is a list of macros of the form: name
+# or name=definition (no spaces). If the definition and the = are
+# omitted =1 is assumed. To prevent a macro definition from being
+# undefined via #undef or recursively expanded use the := operator
+# instead of the = operator.
+
+PREDEFINED = LEAK_DETECTIVE
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
+# this tag can be used to specify a list of macro names that should be expanded.
+# The macro definition that is found in the sources will be used.
+# Use the PREDEFINED tag if you want to use a different macro definition.
+
+EXPAND_AS_DEFINED =
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
+# doxygen's preprocessor will remove all function-like macros that are alone
+# on a line, have an all uppercase name, and do not end with a semicolon. Such
+# function macros are typically used for boiler-plate code, and will confuse
+# the parser if not removed.
+
+SKIP_FUNCTION_MACROS = YES
+
#---------------------------------------------------------------------------
# Configuration::additions related to external references
#---------------------------------------------------------------------------
-TAGFILES =
-GENERATE_TAGFILE =
-ALLEXTERNALS = NO
-EXTERNAL_GROUPS = YES
-PERL_PATH = /usr/bin/perl
+
+# The TAGFILES option can be used to specify one or more tagfiles.
+# Optionally an initial location of the external documentation
+# can be added for each tagfile. The format of a tag file without
+# this location is as follows:
+# TAGFILES = file1 file2 ...
+# Adding location for the tag files is done as follows:
+# TAGFILES = file1=loc1 "file2 = loc2" ...
+# where "loc1" and "loc2" can be relative or absolute paths or
+# URLs. If a location is present for each tag, the installdox tool
+# does not have to be run to correct the links.
+# Note that each tag file must have a unique name
+# (where the name does NOT include the path)
+# If a tag file is not located in the directory in which doxygen
+# is run, you must also specify the path to the tagfile here.
+
+TAGFILES =
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE =
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed
+# in the class index. If set to NO only the inherited external classes
+# will be listed.
+
+ALLEXTERNALS = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
+# in the modules index. If set to NO, only the current project's groups will
+# be listed.
+
+EXTERNAL_GROUPS = YES
+
+# The PERL_PATH should be the absolute path and name of the perl script
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH = /usr/bin/perl
+
#---------------------------------------------------------------------------
# Configuration options related to the dot tool
#---------------------------------------------------------------------------
-CLASS_DIAGRAMS = YES
-HIDE_UNDOC_RELATIONS = YES
-HAVE_DOT = NO
-CLASS_GRAPH = YES
-COLLABORATION_GRAPH = YES
-GROUP_GRAPHS = YES
-UML_LOOK = NO
-TEMPLATE_RELATIONS = NO
-INCLUDE_GRAPH = YES
-INCLUDED_BY_GRAPH = YES
-CALL_GRAPH = NO
-GRAPHICAL_HIERARCHY = YES
-DIRECTORY_GRAPH = YES
-DOT_IMAGE_FORMAT = png
-DOT_PATH =
-DOTFILE_DIRS =
-MAX_DOT_GRAPH_WIDTH = 1024
-MAX_DOT_GRAPH_HEIGHT = 1024
-MAX_DOT_GRAPH_DEPTH = 0
-DOT_TRANSPARENT = NO
-DOT_MULTI_TARGETS = NO
-GENERATE_LEGEND = YES
-DOT_CLEANUP = YES
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
+# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base
+# or super classes. Setting the tag to NO turns the diagrams off. Note that
+# this option is superseded by the HAVE_DOT option below. This is only a
+# fallback. It is recommended to install and use dot, since it yields more
+# powerful graphs.
+
+CLASS_DIAGRAMS = YES
+
+# You can define message sequence charts within doxygen comments using the \msc
+# command. Doxygen will then run the mscgen tool (see
+# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the
+# documentation. The MSCGEN_PATH tag allows you to specify the directory where
+# the mscgen tool resides. If left empty the tool is assumed to be found in the
+# default search path.
+
+MSCGEN_PATH =
+
+# If set to YES, the inheritance and collaboration graphs will hide
+# inheritance and usage relations if the target is undocumented
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
+# available from the path. This tool is part of Graphviz, a graph visualization
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT = NO
+
+# By default doxygen will write a font called FreeSans.ttf to the output
+# directory and reference it in all dot files that doxygen generates. This
+# font does not include all possible unicode characters however, so when you need
+# these (or just want a differently looking font) you can specify the font name
+# using DOT_FONTNAME. You need need to make sure dot is able to find the font,
+# which can be done by putting it in a standard location or by setting the
+# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory
+# containing the font.
+
+DOT_FONTNAME = FreeSans
+
+# By default doxygen will tell dot to use the output directory to look for the
+# FreeSans.ttf font (which doxygen will put there itself). If you specify a
+# different font using DOT_FONTNAME you can set the path where dot
+# can find it using this tag.
+
+DOT_FONTPATH =
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect inheritance relations. Setting this tag to YES will force the
+# the CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH = YES
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect implementation dependencies (inheritance, containment, and
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH = YES
+
+# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for groups, showing the direct groups dependencies
+
+GROUP_GRAPHS = YES
+
+# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
+# collaboration diagrams in a style similar to the OMG's Unified Modeling
+# Language.
+
+UML_LOOK = NO
+
+# If set to YES, the inheritance and collaboration graphs will show the
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
+# tags are set to YES then doxygen will generate a graph for each documented
+# file showing the direct and indirect include dependencies of the file with
+# other documented files.
+
+INCLUDE_GRAPH = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
+# documented header file showing the documented files that directly or
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH = YES
+
+# If the CALL_GRAPH and HAVE_DOT options are set to YES then
+# doxygen will generate a call dependency graph for every global function
+# or class method. Note that enabling this option will significantly increase
+# the time of a run. So in most cases it will be better to enable call graphs
+# for selected functions only using the \callgraph command.
+
+CALL_GRAPH = NO
+
+# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then
+# doxygen will generate a caller dependency graph for every global function
+# or class method. Note that enabling this option will significantly increase
+# the time of a run. So in most cases it will be better to enable caller
+# graphs for selected functions only using the \callergraph command.
+
+CALLER_GRAPH = NO
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
+# will graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY = YES
+
+# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES
+# then doxygen will show the dependencies a directory has on other directories
+# in a graphical way. The dependency relations are determined by the #include
+# relations between the files in the directories.
+
+DIRECTORY_GRAPH = YES
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
+# generated by dot. Possible values are png, jpg, or gif
+# If left blank png will be used.
+
+DOT_IMAGE_FORMAT = png
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be
+# found. If left blank, it is assumed the dot tool can be found in the path.
+
+DOT_PATH =
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that
+# contain dot files that are included in the documentation (see the
+# \dotfile command).
+
+DOTFILE_DIRS =
+
+# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of
+# nodes that will be shown in the graph. If the number of nodes in a graph
+# becomes larger than this value, doxygen will truncate the graph, which is
+# visualized by representing a node as a red box. Note that doxygen if the
+# number of direct children of the root node in a graph is already larger than
+# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note
+# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
+
+DOT_GRAPH_MAX_NODES = 50
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the
+# graphs generated by dot. A depth value of 3 means that only nodes reachable
+# from the root by following a path via at most 3 edges will be shown. Nodes
+# that lay further from the root node will be omitted. Note that setting this
+# option to 1 or 2 may greatly reduce the computation time needed for large
+# code bases. Also note that the size of a graph can be further restricted by
+# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
+
+MAX_DOT_GRAPH_DEPTH = 0
+
+# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
+# background. This is enabled by default, which results in a transparent
+# background. Warning: Depending on the platform used, enabling this option
+# may lead to badly anti-aliased labels on the edges of a graph (i.e. they
+# become hard to read).
+
+DOT_TRANSPARENT = NO
+
+# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
+# files in one run (i.e. multiple -o and -T options on the command line). This
+# makes dot run faster, but since only newer versions of dot (>1.8.10)
+# support this, this feature is disabled by default.
+
+DOT_MULTI_TARGETS = NO
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
+# generate a legend page explaining the meaning of the various boxes and
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
+# remove the intermediate dot files that are used to generate
+# the various graphs.
+
+DOT_CLEANUP = YES
+
#---------------------------------------------------------------------------
# Configuration::additions related to the search engine
#---------------------------------------------------------------------------
-SEARCHENGINE = NO
+
+# The SEARCHENGINE tag specifies whether or not a search engine should be
+# used. If set to NO the values of all tags below this one will be ignored.
+
+SEARCHENGINE = NO
diff --git a/Makefile.am b/Makefile.am
index e6a73e996..b8c380cb3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,6 +2,8 @@ SUBDIRS = src testing scripts
EXTRA_DIST = Doxyfile.in CREDITS
CLEANFILES = apidoc Doxyfile
+ACLOCAL_AMFLAGS = -I m4
+
Doxyfile : Doxyfile.in
sed \
-e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \
diff --git a/Makefile.in b/Makefile.in
index dfe5a2eca..5d298a7ee 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -208,6 +208,7 @@ xml_LIBS = @xml_LIBS@
SUBDIRS = src testing scripts
EXTRA_DIST = Doxyfile.in CREDITS
CLEANFILES = apidoc Doxyfile
+ACLOCAL_AMFLAGS = -I m4
all: all-recursive
.SUFFIXES:
diff --git a/NEWS b/NEWS
index 4709b07df..83308c772 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,29 @@
+strongswan-4.2.14
+-----------------
+
+- The new server-side EAP RADIUS plugin (--enable-eap-radius)
+ relays EAP messages to and from a RADIUS server. Succesfully
+ tested with with a freeradius server using EAP-MD5 and EAP-SIM.
+
+- A vulnerability in the Dead Peer Detection (RFC 3706) code was found by
+ Gerd v. Egidy <gerd.von.egidy@intra2net.com> of Intra2net AG affecting
+ all Openswan and strongSwan releases. A malicious (or expired ISAKMP)
+ R_U_THERE or R_U_THERE_ACK Dead Peer Detection packet can cause the
+ pluto IKE daemon to crash and restart. No authentication or encryption
+ is required to trigger this bug. One spoofed UDP packet can cause the
+ pluto IKE daemon to restart and be unresponsive for a few seconds while
+ restarting. This DPD null state vulnerability has been officially
+ registered as CVE-2009-0790 and is fixed by this release.
+
+- ASN.1 to time_t conversion caused a time wrap-around for
+ dates after Jan 18 03:14:07 UTC 2038 on 32-bit platforms.
+ As a workaround such dates are set to the maximum representable
+ time, i.e. Jan 19 03:14:07 UTC 2038.
+
+- Distinguished Names containing wildcards (*) are not sent in the
+ IDr payload anymore.
+
+
strongswan-4.2.13
-----------------
diff --git a/configure b/configure
index 59692f4a3..b3e1792e3 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for strongSwan 4.2.13.
+# Generated by GNU Autoconf 2.61 for strongSwan 4.2.14.
#
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
# 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
@@ -721,8 +721,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
# Identity of this package.
PACKAGE_NAME='strongSwan'
PACKAGE_TARNAME='strongswan'
-PACKAGE_VERSION='4.2.13'
-PACKAGE_STRING='strongSwan 4.2.13'
+PACKAGE_VERSION='4.2.14'
+PACKAGE_STRING='strongSwan 4.2.14'
PACKAGE_BUGREPORT=''
# Factoring default headers for most tests.
@@ -965,6 +965,8 @@ USE_EAP_AKA_TRUE
USE_EAP_AKA_FALSE
USE_EAP_MSCHAPV2_TRUE
USE_EAP_MSCHAPV2_FALSE
+USE_EAP_RADIUS_TRUE
+USE_EAP_RADIUS_FALSE
USE_KERNEL_NETLINK_TRUE
USE_KERNEL_NETLINK_FALSE
USE_KERNEL_PFKEY_TRUE
@@ -1536,7 +1538,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures strongSwan 4.2.13 to adapt to many kinds of systems.
+\`configure' configures strongSwan 4.2.14 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1606,7 +1608,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of strongSwan 4.2.13:";;
+ short | recursive ) echo "Configuration of strongSwan 4.2.14:";;
esac
cat <<\_ACEOF
@@ -1682,6 +1684,8 @@ Optional Features:
NO).
--enable-eap-mschapv2 build MS-CHAPv2 authenication module for EAP
(default is NO).
+ --enable-eap-radius build RADIUS proxy authenication module for EAP
+ (default is NO).
--disable-kernel-netlink
disable the netlink kernel interface. (default is
NO).
@@ -1856,7 +1860,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-strongSwan configure 4.2.13
+strongSwan configure 4.2.14
generated by GNU Autoconf 2.61
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1870,7 +1874,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by strongSwan $as_me 4.2.13, which was
+It was created by strongSwan $as_me 4.2.14, which was
generated by GNU Autoconf 2.61. Invocation command line was
$ $0 $@
@@ -2560,7 +2564,7 @@ fi
# Define the identity of the package.
PACKAGE='strongswan'
- VERSION='4.2.13'
+ VERSION='4.2.14'
cat >>confdefs.h <<_ACEOF
@@ -2787,6 +2791,7 @@ echo "${ECHO_T}$am_cv_prog_tar_ustar" >&6; }
+
DEPDIR="${am__leading_dot}deps"
ac_config_commands="$ac_config_commands depfiles"
@@ -5480,6 +5485,15 @@ if test "${enable_eap_mschapv2+set}" = set; then
fi
+# Check whether --enable-eap-radius was given.
+if test "${enable_eap_radius+set}" = set; then
+ enableval=$enable_eap_radius; if test x$enableval = xyes; then
+ eap_radius=true
+ fi
+
+fi
+
+
# Check whether --enable-kernel-netlink was given.
if test "${enable_kernel_netlink+set}" = set; then
enableval=$enable_kernel_netlink; if test x$enableval = xyes; then
@@ -6398,13 +6412,13 @@ if test "${lt_cv_nm_interface+set}" = set; then
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:6401: $ac_compile\"" >&5)
+ (eval echo "\"\$as_me:6415: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
- (eval echo "\"\$as_me:6404: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval echo "\"\$as_me:6418: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
- (eval echo "\"\$as_me:6407: output\"" >&5)
+ (eval echo "\"\$as_me:6421: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
@@ -7514,7 +7528,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 7517 "configure"' > conftest.$ac_ext
+ echo '#line 7531 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -8887,11 +8901,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8890: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8904: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:8894: \$? = $ac_status" >&5
+ echo "$as_me:8908: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -9211,11 +9225,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9214: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9228: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9218: \$? = $ac_status" >&5
+ echo "$as_me:9232: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -9316,11 +9330,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9319: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9333: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9323: \$? = $ac_status" >&5
+ echo "$as_me:9337: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -9371,11 +9385,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9374: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9388: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9378: \$? = $ac_status" >&5
+ echo "$as_me:9392: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -12132,7 +12146,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12135 "configure"
+#line 12149 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -12232,7 +12246,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12235 "configure"
+#line 12249 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -17077,6 +17091,14 @@ else
USE_EAP_MSCHAPV2_FALSE=
fi
+ if test x$eap_radius = xtrue; then
+ USE_EAP_RADIUS_TRUE=
+ USE_EAP_RADIUS_FALSE='#'
+else
+ USE_EAP_RADIUS_TRUE='#'
+ USE_EAP_RADIUS_FALSE=
+fi
+
if test x$kernel_netlink = xtrue; then
USE_KERNEL_NETLINK_TRUE=
USE_KERNEL_NETLINK_FALSE='#'
@@ -17286,7 +17308,7 @@ _ACEOF
fi
-ac_config_files="$ac_config_files Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/fips/Makefile src/libcrypto/Makefile src/libfreeswan/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile src/charon/plugins/eap_aka/Makefile src/charon/plugins/eap_identity/Makefile src/charon/plugins/eap_md5/Makefile src/charon/plugins/eap_gtc/Makefile src/charon/plugins/eap_sim/Makefile src/charon/plugins/eap_sim_file/Makefile src/charon/plugins/eap_mschapv2/Makefile src/charon/plugins/kernel_netlink/Makefile src/charon/plugins/kernel_pfkey/Makefile src/charon/plugins/kernel_klips/Makefile src/charon/plugins/smp/Makefile src/charon/plugins/sql/Makefile src/charon/plugins/medsrv/Makefile src/charon/plugins/medcli/Makefile src/charon/plugins/nm/Makefile src/charon/plugins/uci/Makefile src/charon/plugins/stroke/Makefile src/charon/plugins/updown/Makefile src/charon/plugins/unit_tester/Makefile src/charon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/dumm/Makefile src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile scripts/Makefile testing/Makefile"
+ac_config_files="$ac_config_files Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/fips/Makefile src/libcrypto/Makefile src/libfreeswan/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile src/charon/plugins/eap_aka/Makefile src/charon/plugins/eap_identity/Makefile src/charon/plugins/eap_md5/Makefile src/charon/plugins/eap_gtc/Makefile src/charon/plugins/eap_sim/Makefile src/charon/plugins/eap_sim_file/Makefile src/charon/plugins/eap_mschapv2/Makefile src/charon/plugins/eap_radius/Makefile src/charon/plugins/kernel_netlink/Makefile src/charon/plugins/kernel_pfkey/Makefile src/charon/plugins/kernel_klips/Makefile src/charon/plugins/smp/Makefile src/charon/plugins/sql/Makefile src/charon/plugins/medsrv/Makefile src/charon/plugins/medcli/Makefile src/charon/plugins/nm/Makefile src/charon/plugins/uci/Makefile src/charon/plugins/stroke/Makefile src/charon/plugins/updown/Makefile src/charon/plugins/unit_tester/Makefile src/charon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/dumm/Makefile src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile scripts/Makefile testing/Makefile"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
@@ -17694,6 +17716,13 @@ echo "$as_me: error: conditional \"USE_EAP_MSCHAPV2\" was never defined.
Usually this means the macro was only invoked conditionally." >&2;}
{ (exit 1); exit 1; }; }
fi
+if test -z "${USE_EAP_RADIUS_TRUE}" && test -z "${USE_EAP_RADIUS_FALSE}"; then
+ { { echo "$as_me:$LINENO: error: conditional \"USE_EAP_RADIUS\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"USE_EAP_RADIUS\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+ { (exit 1); exit 1; }; }
+fi
if test -z "${USE_KERNEL_NETLINK_TRUE}" && test -z "${USE_KERNEL_NETLINK_FALSE}"; then
{ { echo "$as_me:$LINENO: error: conditional \"USE_KERNEL_NETLINK\" was never defined.
Usually this means the macro was only invoked conditionally." >&5
@@ -18162,7 +18191,7 @@ exec 6>&1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by strongSwan $as_me 4.2.13, which was
+This file was extended by strongSwan $as_me 4.2.14, which was
generated by GNU Autoconf 2.61. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -18209,7 +18238,7 @@ Report bugs to <bug-autoconf@gnu.org>."
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-strongSwan config.status 4.2.13
+strongSwan config.status 4.2.14
configured by $0, generated by GNU Autoconf 2.61,
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
@@ -18606,6 +18635,7 @@ do
"src/charon/plugins/eap_sim/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_sim/Makefile" ;;
"src/charon/plugins/eap_sim_file/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_sim_file/Makefile" ;;
"src/charon/plugins/eap_mschapv2/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_mschapv2/Makefile" ;;
+ "src/charon/plugins/eap_radius/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_radius/Makefile" ;;
"src/charon/plugins/kernel_netlink/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_netlink/Makefile" ;;
"src/charon/plugins/kernel_pfkey/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_pfkey/Makefile" ;;
"src/charon/plugins/kernel_klips/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_klips/Makefile" ;;
@@ -18980,6 +19010,8 @@ USE_EAP_AKA_TRUE!$USE_EAP_AKA_TRUE$ac_delim
USE_EAP_AKA_FALSE!$USE_EAP_AKA_FALSE$ac_delim
USE_EAP_MSCHAPV2_TRUE!$USE_EAP_MSCHAPV2_TRUE$ac_delim
USE_EAP_MSCHAPV2_FALSE!$USE_EAP_MSCHAPV2_FALSE$ac_delim
+USE_EAP_RADIUS_TRUE!$USE_EAP_RADIUS_TRUE$ac_delim
+USE_EAP_RADIUS_FALSE!$USE_EAP_RADIUS_FALSE$ac_delim
USE_KERNEL_NETLINK_TRUE!$USE_KERNEL_NETLINK_TRUE$ac_delim
USE_KERNEL_NETLINK_FALSE!$USE_KERNEL_NETLINK_FALSE$ac_delim
USE_KERNEL_PFKEY_TRUE!$USE_KERNEL_PFKEY_TRUE$ac_delim
@@ -19032,7 +19064,7 @@ LIBOBJS!$LIBOBJS$ac_delim
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 60; then
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 62; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
diff --git a/configure.in b/configure.in
index 81909c078..e5b3f76e2 100644
--- a/configure.in
+++ b/configure.in
@@ -16,8 +16,9 @@ dnl ===========================
dnl initialize & set some vars
dnl ===========================
-AC_INIT(strongSwan,4.2.13)
+AC_INIT(strongSwan,4.2.14)
AM_INIT_AUTOMAKE(tar-ustar)
+AC_CONFIG_MACRO_DIR([m4])
AC_C_BIGENDIAN
AC_SUBST(confdir, '${sysconfdir}')
PKG_PROG_PKG_CONFIG
@@ -466,6 +467,14 @@ AC_ARG_ENABLE(
)
AC_ARG_ENABLE(
+ [eap-radius],
+ AS_HELP_STRING([--enable-eap-radius],[build RADIUS proxy authenication module for EAP (default is NO).]),
+ [if test x$enableval = xyes; then
+ eap_radius=true
+ fi]
+)
+
+AC_ARG_ENABLE(
[kernel-netlink],
AS_HELP_STRING([--disable-kernel-netlink],[disable the netlink kernel interface. (default is NO).]),
[if test x$enableval = xyes; then
@@ -963,6 +972,7 @@ AM_CONDITIONAL(USE_EAP_MD5, test x$eap_md5 = xtrue)
AM_CONDITIONAL(USE_EAP_GTC, test x$eap_gtc = xtrue)
AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue)
AM_CONDITIONAL(USE_EAP_MSCHAPV2, test x$eap_mschapv2 = xtrue)
+AM_CONDITIONAL(USE_EAP_RADIUS, test x$eap_radius = xtrue)
AM_CONDITIONAL(USE_KERNEL_NETLINK, test x$kernel_netlink = xtrue)
AM_CONDITIONAL(USE_KERNEL_PFKEY, test x$kernel_pfkey = xtrue)
AM_CONDITIONAL(USE_KERNEL_KLIPS, test x$kernel_klips = xtrue)
@@ -1044,6 +1054,7 @@ AC_OUTPUT(
src/charon/plugins/eap_sim/Makefile
src/charon/plugins/eap_sim_file/Makefile
src/charon/plugins/eap_mschapv2/Makefile
+ src/charon/plugins/eap_radius/Makefile
src/charon/plugins/kernel_netlink/Makefile
src/charon/plugins/kernel_pfkey/Makefile
src/charon/plugins/kernel_klips/Makefile
diff --git a/debian/changelog b/debian/changelog
index 71d2f2061..4930bb2c4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+strongswan (4.2.14-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Rene Mayrhofer <rmayr@debian.org> Wed, 01 Apr 2009 22:17:52 +0200
+
strongswan (4.2.13-2) unstable; urgency=low
* Fix DoS issue via malicious Dead Peer Detection packet. Thanks to the
diff --git a/debian/rules b/debian/rules
index 2ab2b68de..d5f60230d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -18,6 +18,7 @@ CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
--with-default-pkcs11=/usr/lib/opensc-pkcs11.so \
--enable-mediation --enable-medsrv --enable-medcli \
--enable-openssl --enable-agent \
+ --enable-eap-radius \
--disable-aes --disable-des --disable-fips-prf --disable-gmp \
--disable-md5 --disable-sha1 --disable-sha2 \
--enable-nm
diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am
index 3393b4516..9da2b238a 100644
--- a/src/charon/Makefile.am
+++ b/src/charon/Makefile.am
@@ -221,6 +221,11 @@ if USE_EAP_MSCHAPV2
PLUGINS += eapmschapv2
endif
+if USE_EAP_RADIUS
+ SUBDIRS += plugins/eap_radius
+ PLUGINS += eapradius
+endif
+
if USE_MEDSRV
SUBDIRS += plugins/medsrv
PLUGINS += medsrv
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index 33098d4a7..f74577c8c 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -80,16 +80,18 @@ ipsec_PROGRAMS = charon$(EXEEXT)
@USE_EAP_AKA_TRUE@am__append_34 = eapaka
@USE_EAP_MSCHAPV2_TRUE@am__append_35 = plugins/eap_mschapv2
@USE_EAP_MSCHAPV2_TRUE@am__append_36 = eapmschapv2
-@USE_MEDSRV_TRUE@am__append_37 = plugins/medsrv
-@USE_MEDSRV_TRUE@am__append_38 = medsrv
-@USE_MEDCLI_TRUE@am__append_39 = plugins/medcli
-@USE_MEDCLI_TRUE@am__append_40 = medcli
-@USE_NM_TRUE@am__append_41 = plugins/nm
-@USE_NM_TRUE@am__append_42 = nm
-@USE_UCI_TRUE@am__append_43 = plugins/uci
-@USE_UCI_TRUE@am__append_44 = uci
-@USE_UNIT_TESTS_TRUE@am__append_45 = plugins/unit_tester
-@USE_UNIT_TESTS_TRUE@am__append_46 = unit-tester
+@USE_EAP_RADIUS_TRUE@am__append_37 = plugins/eap_radius
+@USE_EAP_RADIUS_TRUE@am__append_38 = eapradius
+@USE_MEDSRV_TRUE@am__append_39 = plugins/medsrv
+@USE_MEDSRV_TRUE@am__append_40 = medsrv
+@USE_MEDCLI_TRUE@am__append_41 = plugins/medcli
+@USE_MEDCLI_TRUE@am__append_42 = medcli
+@USE_NM_TRUE@am__append_43 = plugins/nm
+@USE_NM_TRUE@am__append_44 = nm
+@USE_UCI_TRUE@am__append_45 = plugins/uci
+@USE_UCI_TRUE@am__append_46 = uci
+@USE_UNIT_TESTS_TRUE@am__append_47 = plugins/unit_tester
+@USE_UNIT_TESTS_TRUE@am__append_48 = unit-tester
subdir = src/charon
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -311,8 +313,8 @@ DIST_SUBDIRS = . plugins/load_tester plugins/kernel_pfkey \
plugins/smp plugins/sql plugins/updown plugins/eap_identity \
plugins/eap_sim plugins/eap_sim_file plugins/eap_md5 \
plugins/eap_gtc plugins/eap_aka plugins/eap_mschapv2 \
- plugins/medsrv plugins/medcli plugins/nm plugins/uci \
- plugins/unit_tester
+ plugins/eap_radius plugins/medsrv plugins/medcli plugins/nm \
+ plugins/uci plugins/unit_tester
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -587,14 +589,15 @@ SUBDIRS = . $(am__append_7) $(am__append_9) $(am__append_11) \
$(am__append_25) $(am__append_27) $(am__append_29) \
$(am__append_31) $(am__append_33) $(am__append_35) \
$(am__append_37) $(am__append_39) $(am__append_41) \
- $(am__append_43) $(am__append_45)
+ $(am__append_43) $(am__append_45) $(am__append_47)
PLUGINS = ${libstrongswan_plugins} $(am__append_8) $(am__append_10) \
$(am__append_12) $(am__append_14) $(am__append_16) \
$(am__append_18) $(am__append_20) $(am__append_22) \
$(am__append_24) $(am__append_26) $(am__append_28) \
$(am__append_30) $(am__append_32) $(am__append_34) \
$(am__append_36) $(am__append_38) $(am__append_40) \
- $(am__append_42) $(am__append_44) $(am__append_46)
+ $(am__append_42) $(am__append_44) $(am__append_46) \
+ $(am__append_48)
all: all-recursive
.SUFFIXES:
diff --git a/src/charon/bus/bus.h b/src/charon/bus/bus.h
index 383678488..fe7d1e53d 100644
--- a/src/charon/bus/bus.h
+++ b/src/charon/bus/bus.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: bus.h 4622 2008-11-11 10:52:37Z martin $
+ * $Id: bus.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -350,4 +350,4 @@ struct bus_t {
*/
bus_t *bus_create();
-#endif /* BUS_H_ @} */
+#endif /** BUS_H_ @}*/
diff --git a/src/charon/bus/listeners/file_logger.h b/src/charon/bus/listeners/file_logger.h
index 18a7c9765..5cd37adc0 100644
--- a/src/charon/bus/listeners/file_logger.h
+++ b/src/charon/bus/listeners/file_logger.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: file_logger.h 4434 2008-10-14 08:52:13Z martin $
+ * $Id: file_logger.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -59,4 +59,4 @@ struct file_logger_t {
*/
file_logger_t *file_logger_create(FILE *out);
-#endif /* FILE_LOGGER_H_ @} */
+#endif /** FILE_LOGGER_H_ @}*/
diff --git a/src/charon/bus/listeners/sys_logger.h b/src/charon/bus/listeners/sys_logger.h
index 08cf4dd63..50301924e 100644
--- a/src/charon/bus/listeners/sys_logger.h
+++ b/src/charon/bus/listeners/sys_logger.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: sys_logger.h 4434 2008-10-14 08:52:13Z martin $
+ * $Id: sys_logger.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -61,4 +61,4 @@ struct sys_logger_t {
*/
sys_logger_t *sys_logger_create(int facility);
-#endif /* SYS_LOGGER_H_ @} */
+#endif /** SYS_LOGGER_H_ @}*/
diff --git a/src/charon/config/attributes/attribute_manager.h b/src/charon/config/attributes/attribute_manager.h
index d2b69e02d..aef6e7b6e 100644
--- a/src/charon/config/attributes/attribute_manager.h
+++ b/src/charon/config/attributes/attribute_manager.h
@@ -80,4 +80,4 @@ struct attribute_manager_t {
*/
attribute_manager_t *attribute_manager_create();
-#endif /* ATTRIBUTE_MANAGER_H_ @}*/
+#endif /** ATTRIBUTE_MANAGER_H_ @}*/
diff --git a/src/charon/config/attributes/attribute_provider.h b/src/charon/config/attributes/attribute_provider.h
index 9810c0354..5d563e86b 100644
--- a/src/charon/config/attributes/attribute_provider.h
+++ b/src/charon/config/attributes/attribute_provider.h
@@ -58,4 +58,4 @@ struct attribute_provider_t {
char *pool, host_t *address, identification_t *id);
};
-#endif /* ATTRIBUTE_PROVIDER_H_ @}*/
+#endif /** ATTRIBUTE_PROVIDER_H_ @}*/
diff --git a/src/charon/config/backend.h b/src/charon/config/backend.h
index ec2c481bd..3a22f61ac 100644
--- a/src/charon/config/backend.h
+++ b/src/charon/config/backend.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: backend.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: backend.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -72,4 +72,4 @@ struct backend_t {
peer_cfg_t *(*get_peer_cfg_by_name)(backend_t *this, char *name);
};
-#endif /* BACKEND_H_ @} */
+#endif /** BACKEND_H_ @}*/
diff --git a/src/charon/config/backend_manager.h b/src/charon/config/backend_manager.h
index 17df26dad..657e5af94 100644
--- a/src/charon/config/backend_manager.h
+++ b/src/charon/config/backend_manager.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: backend_manager.h 4132 2008-07-01 09:05:20Z martin $
+ * $Id: backend_manager.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -119,5 +119,4 @@ struct backend_manager_t {
*/
backend_manager_t* backend_manager_create(void);
-#endif /*BACKEND_MANAGER_H_ @} */
-
+#endif /** BACKEND_MANAGER_H_ @}*/
diff --git a/src/charon/config/child_cfg.h b/src/charon/config/child_cfg.h
index 787324dca..6e3b0ba00 100644
--- a/src/charon/config/child_cfg.h
+++ b/src/charon/config/child_cfg.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: child_cfg.h 4611 2008-11-11 06:29:25Z andreas $
+ * $Id: child_cfg.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -234,10 +234,10 @@ struct child_cfg_t {
/**
* Sets two options needed for Mobile IPv6 interoperability
*
- * @proxy_mode use IPsec transport proxy mode (default FALSE)
- * @install_policy install IPsec kernel policies (default TRUE)
+ * @param proxy_mode use IPsec transport proxy mode (default FALSE)
+ * @param install_policy install IPsec kernel policies (default TRUE)
*/
- void (*set_mipv6_options)(child_cfg_t *this, bool proxy_mod,
+ void (*set_mipv6_options)(child_cfg_t *this, bool proxy_mode,
bool install_policy);
/**
@@ -299,4 +299,4 @@ child_cfg_t *child_cfg_create(char *name, u_int32_t lifetime,
char *updown, bool hostaccess, ipsec_mode_t mode,
action_t dpd_action, action_t close_action, bool ipcomp);
-#endif /* CHILD_CFG_H_ @} */
+#endif /** CHILD_CFG_H_ @}*/
diff --git a/src/charon/config/ike_cfg.h b/src/charon/config/ike_cfg.h
index 6169af96b..c2f1f2867 100644
--- a/src/charon/config/ike_cfg.h
+++ b/src/charon/config/ike_cfg.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_cfg.h 4044 2008-06-06 15:05:54Z martin $
+ * $Id: ike_cfg.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -133,7 +133,6 @@ struct ike_cfg_t {
*
* Supplied hosts become owned by ike_cfg, the name gets cloned.
*
- * @param name ike_cfg identifier
* @param certreq TRUE to send a certificate request
* @param force_encap enforce UDP encapsulation by faking NATD notify
* @param me address/DNS name of local peer
@@ -143,4 +142,4 @@ struct ike_cfg_t {
ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
char *me, char *other);
-#endif /* IKE_CFG_H_ @} */
+#endif /** IKE_CFG_H_ @}*/
diff --git a/src/charon/config/peer_cfg.h b/src/charon/config/peer_cfg.h
index 473cdfd04..93bc7d495 100644
--- a/src/charon/config/peer_cfg.h
+++ b/src/charon/config/peer_cfg.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: peer_cfg.h 4276 2008-08-22 10:44:51Z martin $
+ * $Id: peer_cfg.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -340,7 +340,6 @@ struct peer_cfg_t {
* @param reauth_time timeout before starting reauthentication
* @param jitter_time timerange to randomly substract from rekey/reauth time
* @param over_time maximum overtime before closing a rekeying/reauth SA
- * @param reauth sould be done reauthentication instead of rekeying?
* @param mobike use MOBIKE (RFC4555) if peer supports it
* @param dpd DPD check interval, 0 to disable
* @param virtual_ip virtual IP for local host, or NULL
@@ -350,7 +349,7 @@ struct peer_cfg_t {
* @param peer_id ID that identifies our peer at the mediation server
* @return peer_cfg_t object
*/
-peer_cfg_t *peer_cfg_create(char *name, u_int ikev_version, ike_cfg_t *ike_cfg,
+peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg,
identification_t *my_id, identification_t *other_id,
cert_policy_t cert_policy, unique_policy_t unique,
u_int32_t keyingtries, u_int32_t rekey_time,
@@ -360,4 +359,4 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ikev_version, ike_cfg_t *ike_cfg,
bool mediation, peer_cfg_t *mediated_by,
identification_t *peer_id);
-#endif /* PEER_CFG_H_ @} */
+#endif /** PEER_CFG_H_ @}*/
diff --git a/src/charon/config/proposal.h b/src/charon/config/proposal.h
index ea01120f9..6096158e6 100644
--- a/src/charon/config/proposal.h
+++ b/src/charon/config/proposal.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: proposal.h 4936 2009-03-12 18:07:32Z tobias $
+ * $Id: proposal.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -243,4 +243,4 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs
int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
const void *const *args);
-#endif /* PROPOSAL_H_ @} */
+#endif /** PROPOSAL_H_ @}*/
diff --git a/src/charon/config/traffic_selector.h b/src/charon/config/traffic_selector.h
index fcec4e50b..2721f8993 100644
--- a/src/charon/config/traffic_selector.h
+++ b/src/charon/config/traffic_selector.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: traffic_selector.h 4936 2009-03-12 18:07:32Z tobias $
+ * $Id: traffic_selector.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -264,6 +264,8 @@ traffic_selector_t *traffic_selector_create_from_bytes(
*
* @param net subnet to use
* @param netbits size of the subnet, as used in e.g. 192.168.0.0/24 notation
+ * @param protocol protocol for this ts, such as TCP or UDP
+ * @param port port number, host order
* @return
* - traffic_selector_t object
* - NULL if address family of net not supported
@@ -301,4 +303,4 @@ traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
const void *const *args);
-#endif /* TRAFFIC_SELECTOR_H_ @} */
+#endif /** TRAFFIC_SELECTOR_H_ @}*/
diff --git a/src/charon/control/controller.h b/src/charon/control/controller.h
index 4609d7a8b..b2eaf480b 100644
--- a/src/charon/control/controller.h
+++ b/src/charon/control/controller.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: controller.h 4624 2008-11-11 13:11:44Z tobias $
+ * $Id: controller.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -171,4 +171,4 @@ struct controller_t {
*/
controller_t *controller_create(void);
-#endif /* CONTROLLER_H_ @} */
+#endif /** CONTROLLER_H_ @}*/
diff --git a/src/charon/credentials/auth_info.h b/src/charon/credentials/auth_info.h
index 161698a65..f480a6e08 100644
--- a/src/charon/credentials/auth_info.h
+++ b/src/charon/credentials/auth_info.h
@@ -195,4 +195,4 @@ struct auth_info_t {
*/
auth_info_t *auth_info_create();
-#endif /* AUTH_INFO_H_ @}*/
+#endif /** AUTH_INFO_H_ @}*/
diff --git a/src/charon/credentials/credential_manager.h b/src/charon/credentials/credential_manager.h
index 3a64437e6..ff2dc3645 100644
--- a/src/charon/credentials/credential_manager.h
+++ b/src/charon/credentials/credential_manager.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: credential_manager.h 3835 2008-04-18 10:11:41Z tobias $
+ * $Id: credential_manager.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -204,4 +204,4 @@ struct credential_manager_t {
*/
credential_manager_t *credential_manager_create();
-#endif /* CREDENTIAL_MANAGER_H_ @} */
+#endif /** CREDENTIAL_MANAGER_H_ @}*/
diff --git a/src/charon/credentials/credential_set.h b/src/charon/credentials/credential_set.h
index 4166d05a3..14b2a8ebd 100644
--- a/src/charon/credentials/credential_set.h
+++ b/src/charon/credentials/credential_set.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: credential_set.h 4229 2008-07-30 11:38:44Z martin $
+ * $Id: credential_set.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -107,4 +107,4 @@ struct credential_set_t {
void (*cache_cert)(credential_set_t *this, certificate_t *cert);
};
-#endif /* CREDENTIAL_SET_H_ @} */
+#endif /** CREDENTIAL_SET_H_ @}*/
diff --git a/src/charon/credentials/sets/auth_info_wrapper.h b/src/charon/credentials/sets/auth_info_wrapper.h
index c382e9870..9186715f0 100644
--- a/src/charon/credentials/sets/auth_info_wrapper.h
+++ b/src/charon/credentials/sets/auth_info_wrapper.h
@@ -52,4 +52,4 @@ struct auth_info_wrapper_t {
*/
auth_info_wrapper_t *auth_info_wrapper_create(auth_info_t *auth);
-#endif /* AUTH_INFO_WRAPPER_H_ @}*/
+#endif /** AUTH_INFO_WRAPPER_H_ @}*/
diff --git a/src/charon/credentials/sets/cert_cache.h b/src/charon/credentials/sets/cert_cache.h
index 281189d53..40e38e913 100644
--- a/src/charon/credentials/sets/cert_cache.h
+++ b/src/charon/credentials/sets/cert_cache.h
@@ -70,4 +70,4 @@ struct cert_cache_t {
*/
cert_cache_t *cert_cache_create();
-#endif /* CERT_CACHE_H_ @}*/
+#endif /** CERT_CACHE_H_ @}*/
diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.h b/src/charon/credentials/sets/ocsp_response_wrapper.h
index 6d32c2ca8..068035884 100644
--- a/src/charon/credentials/sets/ocsp_response_wrapper.h
+++ b/src/charon/credentials/sets/ocsp_response_wrapper.h
@@ -52,4 +52,4 @@ struct ocsp_response_wrapper_t {
*/
ocsp_response_wrapper_t *ocsp_response_wrapper_create(ocsp_response_t *response);
-#endif /* OCSP_RESPONSE_WRAPPER_H_ @}*/
+#endif /** OCSP_RESPONSE_WRAPPER_H_ @}*/
diff --git a/src/charon/daemon.h b/src/charon/daemon.h
index 1b9392f8e..d70a88010 100644
--- a/src/charon/daemon.h
+++ b/src/charon/daemon.h
@@ -15,7 +15,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: daemon.h 4797 2008-12-12 09:13:06Z martin $
+ * $Id: daemon.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -330,4 +330,4 @@ struct daemon_t {
*/
extern daemon_t *charon;
-#endif /*DAEMON_H_ @} */
+#endif /** DAEMON_H_ @}*/
diff --git a/src/charon/encoding/generator.h b/src/charon/encoding/generator.h
index d1d3522d0..5c8755d04 100644
--- a/src/charon/encoding/generator.h
+++ b/src/charon/encoding/generator.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: generator.h 4702 2008-11-26 10:42:54Z martin $
+ * $Id: generator.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -84,4 +84,4 @@ struct generator_t {
*/
generator_t *generator_create(void);
-#endif /*GENERATOR_H_ @} */
+#endif /** GENERATOR_H_ @}*/
diff --git a/src/charon/encoding/message.h b/src/charon/encoding/message.h
index 8cc604ea7..40941c2c9 100644
--- a/src/charon/encoding/message.h
+++ b/src/charon/encoding/message.h
@@ -15,7 +15,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: message.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: message.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -353,4 +353,4 @@ message_t * message_create_from_packet(packet_t *packet);
*/
message_t * message_create(void);
-#endif /*MESSAGE_H_ @} */
+#endif /** MESSAGE_H_ @}*/
diff --git a/src/charon/encoding/parser.h b/src/charon/encoding/parser.h
index 58778b57a..222e328d1 100644
--- a/src/charon/encoding/parser.h
+++ b/src/charon/encoding/parser.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: parser.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: parser.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -78,4 +78,4 @@ struct parser_t {
*/
parser_t *parser_create(chunk_t data);
-#endif /*PARSER_H_ @} */
+#endif /** PARSER_H_ @}*/
diff --git a/src/charon/encoding/payloads/auth_payload.h b/src/charon/encoding/payloads/auth_payload.h
index bdbba9e35..26375a398 100644
--- a/src/charon/encoding/payloads/auth_payload.h
+++ b/src/charon/encoding/payloads/auth_payload.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: auth_payload.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: auth_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -101,4 +101,4 @@ struct auth_payload_t {
*/
auth_payload_t *auth_payload_create(void);
-#endif /* AUTH_PAYLOAD_H_ @} */
+#endif /** AUTH_PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/cert_payload.h b/src/charon/encoding/payloads/cert_payload.h
index aa16104a8..d6e328850 100644
--- a/src/charon/encoding/payloads/cert_payload.h
+++ b/src/charon/encoding/payloads/cert_payload.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: cert_payload.h 3838 2008-04-18 11:24:45Z tobias $
+ * $Id: cert_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -115,7 +115,6 @@ struct cert_payload_t {
/**
* Creates an empty certificate payload.
*
- * @param cert certificate to embed
* @return cert_payload_t object
*/
cert_payload_t *cert_payload_create(void);
@@ -137,4 +136,4 @@ cert_payload_t *cert_payload_create_from_cert(certificate_t *cert);
*/
cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url);
-#endif /* CERT_PAYLOAD_H_ @} */
+#endif /** CERT_PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/certreq_payload.h b/src/charon/encoding/payloads/certreq_payload.h
index b835d7ad6..a246f0e93 100644
--- a/src/charon/encoding/payloads/certreq_payload.h
+++ b/src/charon/encoding/payloads/certreq_payload.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: certreq_payload.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: certreq_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -89,4 +89,4 @@ certreq_payload_t *certreq_payload_create(void);
*/
certreq_payload_t *certreq_payload_create_type(certificate_type_t type);
-#endif /* CERTREQ_PAYLOAD_H_ @} */
+#endif /** CERTREQ_PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/configuration_attribute.h b/src/charon/encoding/payloads/configuration_attribute.h
index 4c8673a26..13aaa0e90 100644
--- a/src/charon/encoding/payloads/configuration_attribute.h
+++ b/src/charon/encoding/payloads/configuration_attribute.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: configuration_attribute.h 4844 2009-01-20 22:55:13Z andreas $
+ * $Id: configuration_attribute.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -127,4 +127,4 @@ struct configuration_attribute_t {
*/
configuration_attribute_t *configuration_attribute_create(void);
-#endif /* CONFIGURATION_ATTRIBUTE_H_ @} */
+#endif /** CONFIGURATION_ATTRIBUTE_H_ @}*/
diff --git a/src/charon/encoding/payloads/cp_payload.h b/src/charon/encoding/payloads/cp_payload.h
index 0ca75e71d..c31b1667d 100644
--- a/src/charon/encoding/payloads/cp_payload.h
+++ b/src/charon/encoding/payloads/cp_payload.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: cp_payload.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: cp_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -110,4 +110,4 @@ struct cp_payload_t {
*/
cp_payload_t *cp_payload_create(void);
-#endif /*CP_PAYLOAD_H_ @} */
+#endif /** CP_PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/delete_payload.h b/src/charon/encoding/payloads/delete_payload.h
index 2c1a596b9..862deb9dc 100644
--- a/src/charon/encoding/payloads/delete_payload.h
+++ b/src/charon/encoding/payloads/delete_payload.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: delete_payload.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: delete_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -83,4 +83,4 @@ struct delete_payload_t {
*/
delete_payload_t *delete_payload_create(protocol_id_t protocol_id);
-#endif /* DELETE_PAYLOAD_H_ @} */
+#endif /** DELETE_PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/eap_payload.h b/src/charon/encoding/payloads/eap_payload.h
index 23558053d..337f82e12 100644
--- a/src/charon/encoding/payloads/eap_payload.h
+++ b/src/charon/encoding/payloads/eap_payload.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_payload.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: eap_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -128,4 +128,4 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier);
*/
eap_payload_t *eap_payload_create_nak(u_int8_t identifier);
-#endif /* EAP_PAYLOAD_H_ @} */
+#endif /** EAP_PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/encodings.h b/src/charon/encoding/payloads/encodings.h
index 73c5f9c36..ad98874a2 100644
--- a/src/charon/encoding/payloads/encodings.h
+++ b/src/charon/encoding/payloads/encodings.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: encodings.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: encodings.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -527,4 +527,4 @@ struct encoding_rule_t {
u_int32_t offset;
};
-#endif /*ENCODINGS_H_ @} */
+#endif /** ENCODINGS_H_ @}*/
diff --git a/src/charon/encoding/payloads/encryption_payload.h b/src/charon/encoding/payloads/encryption_payload.h
index e20ff6acc..1d3eeb793 100644
--- a/src/charon/encoding/payloads/encryption_payload.h
+++ b/src/charon/encoding/payloads/encryption_payload.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: encryption_payload.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: encryption_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -172,4 +172,4 @@ struct encryption_payload_t {
*/
encryption_payload_t *encryption_payload_create(void);
-#endif /*ENCRYPTION_PAYLOAD_H_ @} */
+#endif /** ENCRYPTION_PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/endpoint_notify.h b/src/charon/encoding/payloads/endpoint_notify.h
index 9a4a4d7a1..36f483c67 100644
--- a/src/charon/encoding/payloads/endpoint_notify.h
+++ b/src/charon/encoding/payloads/endpoint_notify.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: endpoint_notify.h 3701 2008-03-31 10:56:49Z tobias $
+ * $Id: endpoint_notify.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -172,4 +172,4 @@ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type,
*/
endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify);
-#endif /*ENDPOINT_NOTIFY_H_ @} */
+#endif /** ENDPOINT_NOTIFY_H_ @}*/
diff --git a/src/charon/encoding/payloads/id_payload.h b/src/charon/encoding/payloads/id_payload.h
index 49e6c214b..9de21cc6a 100644
--- a/src/charon/encoding/payloads/id_payload.h
+++ b/src/charon/encoding/payloads/id_payload.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: id_payload.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: id_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -121,4 +121,4 @@ id_payload_t *id_payload_create(payload_type_t payload_type);
id_payload_t *id_payload_create_from_identification(payload_type_t payload_type,
identification_t *identification);
-#endif /* ID_PAYLOAD_H_ @} */
+#endif /** ID_PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/ike_header.h b/src/charon/encoding/payloads/ike_header.h
index 5568f081b..7292c2c9c 100644
--- a/src/charon/encoding/payloads/ike_header.h
+++ b/src/charon/encoding/payloads/ike_header.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_header.h 3666 2008-03-26 18:40:19Z tobias $
+ * $Id: ike_header.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -227,4 +227,4 @@ struct ike_header_t {
*/
ike_header_t *ike_header_create(void);
-#endif /*IKE_HEADER_H_ @} */
+#endif /** IKE_HEADER_H_ @}*/
diff --git a/src/charon/encoding/payloads/ke_payload.h b/src/charon/encoding/payloads/ke_payload.h
index 222d2ec7c..bc5c9224a 100644
--- a/src/charon/encoding/payloads/ke_payload.h
+++ b/src/charon/encoding/payloads/ke_payload.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ke_payload.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: ke_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -103,4 +103,4 @@ ke_payload_t *ke_payload_create(void);
ke_payload_t *ke_payload_create_from_diffie_hellman(
diffie_hellman_t *diffie_hellman);
-#endif /* KE_PAYLOAD_H_ @} */
+#endif /** KE_PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/nonce_payload.h b/src/charon/encoding/payloads/nonce_payload.h
index f1e49491d..b433c7023 100644
--- a/src/charon/encoding/payloads/nonce_payload.h
+++ b/src/charon/encoding/payloads/nonce_payload.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: nonce_payload.h 4819 2008-12-31 08:58:49Z martin $
+ * $Id: nonce_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -77,4 +77,4 @@ struct nonce_payload_t {
*/
nonce_payload_t *nonce_payload_create(void);
-#endif /*NONCE_PAYLOAD_H_ @} */
+#endif /** NONCE_PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/notify_payload.h b/src/charon/encoding/payloads/notify_payload.h
index 6ee137543..9f7577c26 100644
--- a/src/charon/encoding/payloads/notify_payload.h
+++ b/src/charon/encoding/payloads/notify_payload.h
@@ -15,7 +15,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: notify_payload.h 4842 2009-01-19 12:32:42Z andreas $
+ * $Id: notify_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -215,4 +215,4 @@ notify_payload_t *notify_payload_create(void);
notify_payload_t *notify_payload_create_from_protocol_and_type(
protocol_id_t protocol_id, notify_type_t type);
-#endif /*NOTIFY_PAYLOAD_H_ @} */
+#endif /** NOTIFY_PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/payload.h b/src/charon/encoding/payloads/payload.h
index 7a19cc76c..7cb1b7735 100644
--- a/src/charon/encoding/payloads/payload.h
+++ b/src/charon/encoding/payloads/payload.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: payload.h 4875 2009-02-17 17:14:15Z tobias $
+ * $Id: payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -271,4 +271,4 @@ struct payload_t {
*/
payload_t *payload_create(payload_type_t type);
-#endif /*PAYLOAD_H_ @} */
+#endif /** PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/proposal_substructure.h b/src/charon/encoding/payloads/proposal_substructure.h
index 85daadddc..212366d77 100644
--- a/src/charon/encoding/payloads/proposal_substructure.h
+++ b/src/charon/encoding/payloads/proposal_substructure.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: proposal_substructure.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: proposal_substructure.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -172,4 +172,4 @@ proposal_substructure_t *proposal_substructure_create(void);
proposal_substructure_t *proposal_substructure_create_from_proposal(
proposal_t *proposal);
-#endif /*PROPOSAL_SUBSTRUCTURE_H_ @} */
+#endif /** PROPOSAL_SUBSTRUCTURE_H_ @}*/
diff --git a/src/charon/encoding/payloads/sa_payload.h b/src/charon/encoding/payloads/sa_payload.h
index 34906c889..237432422 100644
--- a/src/charon/encoding/payloads/sa_payload.h
+++ b/src/charon/encoding/payloads/sa_payload.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: sa_payload.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: sa_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -114,4 +114,4 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals);
*/
sa_payload_t *sa_payload_create_from_proposal(proposal_t *proposal);
-#endif /*SA_PAYLOAD_H_ @} */
+#endif /** SA_PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.h b/src/charon/encoding/payloads/traffic_selector_substructure.h
index 2a2769fb6..9179d1478 100644
--- a/src/charon/encoding/payloads/traffic_selector_substructure.h
+++ b/src/charon/encoding/payloads/traffic_selector_substructure.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: traffic_selector_substructure.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: traffic_selector_substructure.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -150,4 +150,4 @@ traffic_selector_substructure_t *traffic_selector_substructure_create(void);
traffic_selector_substructure_t *traffic_selector_substructure_create_from_traffic_selector(
traffic_selector_t *traffic_selector);
-#endif /* /TRAFFIC_SELECTOR_SUBSTRUCTURE_H_ @} */
+#endif /** TRAFFIC_SELECTOR_SUBSTRUCTURE_H_ @}*/
diff --git a/src/charon/encoding/payloads/transform_attribute.h b/src/charon/encoding/payloads/transform_attribute.h
index 891155913..6755ff74c 100644
--- a/src/charon/encoding/payloads/transform_attribute.h
+++ b/src/charon/encoding/payloads/transform_attribute.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: transform_attribute.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: transform_attribute.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -131,4 +131,4 @@ transform_attribute_t *transform_attribute_create(void);
*/
transform_attribute_t *transform_attribute_create_key_length(u_int16_t key_length);
-#endif /*TRANSFORM_ATTRIBUTE_H_ @} */
+#endif /** TRANSFORM_ATTRIBUTE_H_ @}*/
diff --git a/src/charon/encoding/payloads/transform_substructure.h b/src/charon/encoding/payloads/transform_substructure.h
index 6be4b6d1e..cc8adc38a 100644
--- a/src/charon/encoding/payloads/transform_substructure.h
+++ b/src/charon/encoding/payloads/transform_substructure.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: transform_substructure.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: transform_substructure.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -173,4 +173,4 @@ transform_substructure_t *transform_substructure_create_type(
transform_type_t transform_type, u_int16_t transform_id,
u_int16_t key_length);
-#endif /*TRANSFORM_SUBSTRUCTURE_H_ @} */
+#endif /** TRANSFORM_SUBSTRUCTURE_H_ @}*/
diff --git a/src/charon/encoding/payloads/ts_payload.h b/src/charon/encoding/payloads/ts_payload.h
index d8a108ddd..91f26f55d 100644
--- a/src/charon/encoding/payloads/ts_payload.h
+++ b/src/charon/encoding/payloads/ts_payload.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ts_payload.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: ts_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -126,4 +126,4 @@ ts_payload_t *ts_payload_create(bool is_initiator);
ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator,
linked_list_t *traffic_selectors);
-#endif /* TS_PAYLOAD_H_ @} */
+#endif /** TS_PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/unknown_payload.h b/src/charon/encoding/payloads/unknown_payload.h
index 045448f06..03894c619 100644
--- a/src/charon/encoding/payloads/unknown_payload.h
+++ b/src/charon/encoding/payloads/unknown_payload.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: unknown_payload.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: unknown_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -78,4 +78,4 @@ struct unknown_payload_t {
*/
unknown_payload_t *unknown_payload_create(void);
-#endif /* UNKNOWN_PAYLOAD_H_ @} */
+#endif /** UNKNOWN_PAYLOAD_H_ @}*/
diff --git a/src/charon/encoding/payloads/vendor_id_payload.h b/src/charon/encoding/payloads/vendor_id_payload.h
index e489bfd5a..b8798f24e 100644
--- a/src/charon/encoding/payloads/vendor_id_payload.h
+++ b/src/charon/encoding/payloads/vendor_id_payload.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: vendor_id_payload.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: vendor_id_payload.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -86,4 +86,4 @@ struct vendor_id_payload_t {
*/
vendor_id_payload_t *vendor_id_payload_create(void);
-#endif /* VENDOR_ID_PAYLOAD_H_ @} */
+#endif /** VENDOR_ID_PAYLOAD_H_ @}*/
diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c
index f078f3a00..f099a94ac 100644
--- a/src/charon/kernel/kernel_interface.c
+++ b/src/charon/kernel/kernel_interface.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: kernel_interface.c 4655 2008-11-14 13:04:22Z martin $
+ * $Id: kernel_interface.c 4997 2009-03-24 10:24:58Z martin $
*/
#include "kernel_interface.h"
diff --git a/src/charon/kernel/kernel_interface.h b/src/charon/kernel/kernel_interface.h
index 3c3b05c81..29a07f74f 100644
--- a/src/charon/kernel/kernel_interface.h
+++ b/src/charon/kernel/kernel_interface.h
@@ -15,7 +15,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: kernel_interface.h 4618 2008-11-11 09:22:00Z tobias $
+ * $Id: kernel_interface.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -379,4 +379,4 @@ struct kernel_interface_t {
*/
kernel_interface_t *kernel_interface_create(void);
-#endif /* KERNEL_INTERFACE_H_ @} */
+#endif /** KERNEL_INTERFACE_H_ @}*/
diff --git a/src/charon/kernel/kernel_ipsec.h b/src/charon/kernel/kernel_ipsec.h
index de7068fb9..24834c4b1 100644
--- a/src/charon/kernel/kernel_ipsec.h
+++ b/src/charon/kernel/kernel_ipsec.h
@@ -15,7 +15,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: kernel_ipsec.h 4618 2008-11-11 09:22:00Z tobias $
+ * $Id: kernel_ipsec.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -258,4 +258,4 @@ struct kernel_ipsec_t {
void (*destroy) (kernel_ipsec_t *this);
};
-#endif /* KERNEL_IPSEC_H_ @} */
+#endif /** KERNEL_IPSEC_H_ @}*/
diff --git a/src/charon/kernel/kernel_net.h b/src/charon/kernel/kernel_net.h
index 80a71ebc6..df73bc1f9 100644
--- a/src/charon/kernel/kernel_net.h
+++ b/src/charon/kernel/kernel_net.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: kernel_net.h 4386 2008-10-08 08:23:46Z martin $
+ * $Id: kernel_net.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -142,4 +142,4 @@ struct kernel_net_t {
void (*destroy) (kernel_net_t *this);
};
-#endif /* KERNEL_NET_H_ @} */
+#endif /** KERNEL_NET_H_ @}*/
diff --git a/src/charon/network/packet.h b/src/charon/network/packet.h
index 2f126d465..8c1a07ab5 100644
--- a/src/charon/network/packet.h
+++ b/src/charon/network/packet.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: packet.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: packet.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -114,4 +114,4 @@ struct packet_t {
*/
packet_t *packet_create(void);
-#endif /*PACKET_H_ @} */
+#endif /** PACKET_H_ @}*/
diff --git a/src/charon/network/receiver.h b/src/charon/network/receiver.h
index 810a51849..36a57df79 100644
--- a/src/charon/network/receiver.h
+++ b/src/charon/network/receiver.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: receiver.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: receiver.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -69,4 +69,4 @@ struct receiver_t {
*/
receiver_t * receiver_create(void);
-#endif /*RECEIVER_H_ @} */
+#endif /** RECEIVER_H_ @}*/
diff --git a/src/charon/network/sender.h b/src/charon/network/sender.h
index 4a67c7e72..0c92017e4 100644
--- a/src/charon/network/sender.h
+++ b/src/charon/network/sender.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: sender.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: sender.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -61,4 +61,4 @@ struct sender_t {
*/
sender_t * sender_create(void);
-#endif /*SENDER_H_ @} */
+#endif /** SENDER_H_ @}*/
diff --git a/src/charon/network/socket.h b/src/charon/network/socket.h
index 4e967f721..af5d64edf 100644
--- a/src/charon/network/socket.h
+++ b/src/charon/network/socket.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: socket.h 4647 2008-11-13 07:48:27Z martin $
+ * $Id: socket.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -101,4 +101,4 @@ struct socket_t {
*/
socket_t *socket_create();
-#endif /*SOCKET_H_ @} */
+#endif /** SOCKET_H_ @}*/
diff --git a/src/charon/plugins/eap_aka/eap_aka.h b/src/charon/plugins/eap_aka/eap_aka.h
index 118f2c44f..196eaf429 100644
--- a/src/charon/plugins/eap_aka/eap_aka.h
+++ b/src/charon/plugins/eap_aka/eap_aka.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_aka.h 3491 2008-02-22 14:04:00Z martin $
+ * $Id: eap_aka.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -49,7 +49,7 @@ typedef struct eap_aka_t eap_aka_t;
* a sequence number derived from time. It is initialized to the startup
* time of the daemon. As long as the (UTC) time of the system is not
* turned back while the daemon is not running, this method is secure.
- * To enable time based SEQs, #define SEQ_CHECK as 1. Default is to accept
+ * To enable time based SEQs, define SEQ_CHECK as 1. Default is to accept
* any SEQ numbers. This allows an attacker to do replay attacks. But since
* the server has proven his identity via IKE, such an attack is only
* possible between server and AAA (if any).
@@ -80,4 +80,4 @@ eap_aka_t *eap_aka_create_server(identification_t *server, identification_t *pee
*/
eap_aka_t *eap_aka_create_peer(identification_t *server, identification_t *peer);
-#endif /* EAP_AKA_H_ @}*/
+#endif /** EAP_AKA_H_ @}*/
diff --git a/src/charon/plugins/eap_aka/eap_aka_plugin.h b/src/charon/plugins/eap_aka/eap_aka_plugin.h
index 506d47f98..5fdc5c768 100644
--- a/src/charon/plugins/eap_aka/eap_aka_plugin.h
+++ b/src/charon/plugins/eap_aka/eap_aka_plugin.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_aka_plugin.h 3491 2008-02-22 14:04:00Z martin $
+ * $Id: eap_aka_plugin.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct eap_aka_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* EAP_AKA_PLUGIN_H_ @}*/
+#endif /** EAP_AKA_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_gtc/eap_gtc.h b/src/charon/plugins/eap_gtc/eap_gtc.h
index 478ac81cf..722881249 100644
--- a/src/charon/plugins/eap_gtc/eap_gtc.h
+++ b/src/charon/plugins/eap_gtc/eap_gtc.h
@@ -59,4 +59,4 @@ eap_gtc_t *eap_gtc_create_server(identification_t *server, identification_t *pee
*/
eap_gtc_t *eap_gtc_create_peer(identification_t *server, identification_t *peer);
-#endif /* EAP_GTC_H_ @}*/
+#endif /** EAP_GTC_H_ @}*/
diff --git a/src/charon/plugins/eap_gtc/eap_gtc_plugin.h b/src/charon/plugins/eap_gtc/eap_gtc_plugin.h
index 8b2f5435f..f858f0d15 100644
--- a/src/charon/plugins/eap_gtc/eap_gtc_plugin.h
+++ b/src/charon/plugins/eap_gtc/eap_gtc_plugin.h
@@ -46,4 +46,4 @@ struct eap_gtc_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* EAP_GTC_PLUGIN_H_ @}*/
+#endif /** EAP_GTC_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_identity/eap_identity.h b/src/charon/plugins/eap_identity/eap_identity.h
index 27b04b7d5..60f62e17c 100644
--- a/src/charon/plugins/eap_identity/eap_identity.h
+++ b/src/charon/plugins/eap_identity/eap_identity.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_identity.h 4276 2008-08-22 10:44:51Z martin $
+ * $Id: eap_identity.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -58,4 +58,4 @@ eap_identity_t *eap_identity_create_server(identification_t *server,
eap_identity_t *eap_identity_create_peer(identification_t *server,
identification_t *peer);
-#endif /* EAP_IDENTITY_H_ @}*/
+#endif /** EAP_IDENTITY_H_ @}*/
diff --git a/src/charon/plugins/eap_identity/eap_identity_plugin.h b/src/charon/plugins/eap_identity/eap_identity_plugin.h
index d7fa525ce..ddb3ed457 100644
--- a/src/charon/plugins/eap_identity/eap_identity_plugin.h
+++ b/src/charon/plugins/eap_identity/eap_identity_plugin.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_identity_plugin.h 3491 2008-02-22 14:04:00Z martin $
+ * $Id: eap_identity_plugin.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct eap_identity_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* EAP_IDENTITY_PLUGIN_H_ @}*/
+#endif /** EAP_IDENTITY_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_md5/eap_md5.h b/src/charon/plugins/eap_md5/eap_md5.h
index 421e1e602..2617b9aea 100644
--- a/src/charon/plugins/eap_md5/eap_md5.h
+++ b/src/charon/plugins/eap_md5/eap_md5.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_md5.h 3491 2008-02-22 14:04:00Z martin $
+ * $Id: eap_md5.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -56,4 +56,4 @@ eap_md5_t *eap_md5_create_server(identification_t *server, identification_t *pee
*/
eap_md5_t *eap_md5_create_peer(identification_t *server, identification_t *peer);
-#endif /* EAP_MD5_H_ @}*/
+#endif /** EAP_MD5_H_ @}*/
diff --git a/src/charon/plugins/eap_md5/eap_md5_plugin.h b/src/charon/plugins/eap_md5/eap_md5_plugin.h
index d13794f2e..3adbcfe27 100644
--- a/src/charon/plugins/eap_md5/eap_md5_plugin.h
+++ b/src/charon/plugins/eap_md5/eap_md5_plugin.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_md5_plugin.h 3491 2008-02-22 14:04:00Z martin $
+ * $Id: eap_md5_plugin.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct eap_md5_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* EAP_MD5_PLUGIN_H_ @}*/
+#endif /** EAP_MD5_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.h b/src/charon/plugins/eap_mschapv2/eap_mschapv2.h
index 4b6e4531a..d5638db00 100644
--- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.h
+++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_mschapv2.h 4882 2009-02-18 19:57:15Z tobias $
+ * $Id: eap_mschapv2.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -56,4 +56,4 @@ eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identificat
*/
eap_mschapv2_t *eap_mschapv2_create_peer(identification_t *server, identification_t *peer);
-#endif /* EAP_MSCHAPV2_H_ @}*/
+#endif /** EAP_MSCHAPV2_H_ @}*/
diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h b/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h
index 97177947b..0e671c3d6 100644
--- a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h
+++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_mschapv2_plugin.h 4882 2009-02-18 19:57:15Z tobias $
+ * $Id: eap_mschapv2_plugin.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct eap_mschapv2_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* EAP_MSCHAPV2_PLUGIN_H_ @}*/
+#endif /** EAP_MSCHAPV2_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_radius/Makefile.am b/src/charon/plugins/eap_radius/Makefile.am
new file mode 100644
index 000000000..f7de2f14f
--- /dev/null
+++ b/src/charon/plugins/eap_radius/Makefile.am
@@ -0,0 +1,14 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+
+AM_CFLAGS = -rdynamic
+
+plugin_LTLIBRARIES = libstrongswan-eapradius.la
+
+libstrongswan_eapradius_la_SOURCES = \
+ eap_radius_plugin.h eap_radius_plugin.c \
+ eap_radius.h eap_radius.c \
+ radius_client.h radius_client.c \
+ radius_message.h radius_message.c
+libstrongswan_eapradius_la_LDFLAGS = -module
+
diff --git a/src/charon/plugins/eap_radius/Makefile.in b/src/charon/plugins/eap_radius/Makefile.in
new file mode 100644
index 000000000..329ff981b
--- /dev/null
+++ b/src/charon/plugins/eap_radius/Makefile.in
@@ -0,0 +1,506 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/charon/plugins/eap_radius
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(plugindir)"
+pluginLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(plugin_LTLIBRARIES)
+libstrongswan_eapradius_la_LIBADD =
+am_libstrongswan_eapradius_la_OBJECTS = eap_radius_plugin.lo \
+ eap_radius.lo radius_client.lo radius_message.lo
+libstrongswan_eapradius_la_OBJECTS = \
+ $(am_libstrongswan_eapradius_la_OBJECTS)
+libstrongswan_eapradius_la_LINK = $(LIBTOOL) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_eapradius_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_eapradius_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_eapradius_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@
+IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+confdir = @confdir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libstrongswan_plugins = @libstrongswan_plugins@
+linuxdir = @linuxdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+resolv_conf = @resolv_conf@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+simreader = @simreader@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+AM_CFLAGS = -rdynamic
+plugin_LTLIBRARIES = libstrongswan-eapradius.la
+libstrongswan_eapradius_la_SOURCES = \
+ eap_radius_plugin.h eap_radius_plugin.c \
+ eap_radius.h eap_radius.c \
+ radius_client.h radius_client.c \
+ radius_message.h radius_message.c
+
+libstrongswan_eapradius_la_LDFLAGS = -module
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_radius/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/charon/plugins/eap_radius/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-eapradius.la: $(libstrongswan_eapradius_la_OBJECTS) $(libstrongswan_eapradius_la_DEPENDENCIES)
+ $(libstrongswan_eapradius_la_LINK) -rpath $(plugindir) $(libstrongswan_eapradius_la_OBJECTS) $(libstrongswan_eapradius_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_radius.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_radius_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/radius_client.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/radius_message.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-pluginLTLIBRARIES ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-pluginLTLIBRARIES \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/charon/plugins/eap_radius/eap_radius.c b/src/charon/plugins/eap_radius/eap_radius.c
new file mode 100644
index 000000000..1a02c5acf
--- /dev/null
+++ b/src/charon/plugins/eap_radius/eap_radius.c
@@ -0,0 +1,276 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "eap_radius.h"
+
+#include "radius_message.h"
+#include "radius_client.h"
+
+#include <daemon.h>
+
+
+typedef struct private_eap_radius_t private_eap_radius_t;
+
+/**
+ * Private data of an eap_radius_t object.
+ */
+struct private_eap_radius_t {
+
+ /**
+ * Public authenticator_t interface.
+ */
+ eap_radius_t public;
+
+ /**
+ * ID of the server
+ */
+ identification_t *server;
+
+ /**
+ * ID of the peer
+ */
+ identification_t *peer;
+
+ /**
+ * EAP method type we are proxying
+ */
+ eap_type_t type;
+
+ /**
+ * EAP vendor, if any
+ */
+ u_int32_t vendor;
+
+ /**
+ * EAP MSK, if method established one
+ */
+ chunk_t msk;
+
+ /**
+ * RADIUS client instance
+ */
+ radius_client_t *client;
+};
+
+/**
+ * Add EAP-Identity to RADIUS message
+ */
+static void add_eap_identity(private_eap_radius_t *this,
+ radius_message_t *request)
+{
+ struct {
+ /** EAP code (REQUEST/RESPONSE) */
+ u_int8_t code;
+ /** unique message identifier */
+ u_int8_t identifier;
+ /** length of whole message */
+ u_int16_t length;
+ /** EAP type */
+ u_int8_t type;
+ /** identity data */
+ u_int8_t data[];
+ } __attribute__((__packed__)) *hdr;
+ chunk_t id;
+ size_t len;
+
+ id = this->peer->get_encoding(this->peer);
+ len = sizeof(*hdr) + id.len;
+
+ hdr = alloca(len);
+ hdr->code = EAP_RESPONSE;
+ hdr->identifier = 0;
+ hdr->length = htons(len);
+ hdr->type = EAP_IDENTITY;
+ memcpy(hdr->data, id.ptr, id.len);
+
+ request->add(request, RAT_EAP_MESSAGE, chunk_create((u_char*)hdr, len));
+}
+
+/**
+ * Copy EAP-Message attribute from RADIUS message to an new EAP payload
+ */
+static bool radius2ike(private_eap_radius_t *this,
+ radius_message_t *msg, eap_payload_t **out)
+{
+ enumerator_t *enumerator;
+ eap_payload_t *payload;
+ chunk_t data;
+ int type;
+
+ enumerator = msg->create_enumerator(msg);
+ while (enumerator->enumerate(enumerator, &type, &data))
+ {
+ if (type == RAT_EAP_MESSAGE)
+ {
+ *out = payload = eap_payload_create_data(data);
+ /* apply EAP method selected by RADIUS server */
+ this->type = payload->get_type(payload, &this->vendor);
+ enumerator->destroy(enumerator);
+ return TRUE;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return FALSE;
+}
+
+/**
+ * Implementation of eap_method_t.initiate
+ */
+static status_t initiate(private_eap_radius_t *this, eap_payload_t **out)
+{
+ radius_message_t *request, *response;
+ status_t status = FAILED;
+
+ request = radius_message_create_request();
+ request->add(request, RAT_USER_NAME, this->peer->get_encoding(this->peer));
+ add_eap_identity(this, request);
+ response = this->client->request(this->client, request);
+ if (response)
+ {
+ if (radius2ike(this, response, out))
+ {
+ status = NEED_MORE;
+ }
+ response->destroy(response);
+ }
+ request->destroy(request);
+ return status;
+}
+
+/**
+ * Implementation of eap_method_t.process
+ */
+static status_t process(private_eap_radius_t *this,
+ eap_payload_t *in, eap_payload_t **out)
+{
+ radius_message_t *request, *response;
+ status_t status = FAILED;
+
+ request = radius_message_create_request();
+ request->add(request, RAT_USER_NAME, this->peer->get_encoding(this->peer));
+ request->add(request, RAT_EAP_MESSAGE, in->get_data(in));
+
+ response = this->client->request(this->client, request);
+ if (response)
+ {
+ switch (response->get_code(response))
+ {
+ case RMC_ACCESS_CHALLENGE:
+ if (radius2ike(this, response, out))
+ {
+ status = NEED_MORE;
+ break;
+ }
+ status = FAILED;
+ break;
+ case RMC_ACCESS_ACCEPT:
+ this->msk = this->client->decrypt_msk(this->client,
+ response, request);
+ status = SUCCESS;
+ break;
+ case RMC_ACCESS_REJECT:
+ default:
+ DBG1(DBG_CFG, "received %N from RADIUS server",
+ radius_message_code_names, response->get_code(response));
+ status = FAILED;
+ break;
+ }
+ response->destroy(response);
+ }
+ request->destroy(request);
+ return status;
+}
+
+/**
+ * Implementation of eap_method_t.get_type.
+ */
+static eap_type_t get_type(private_eap_radius_t *this, u_int32_t *vendor)
+{
+ *vendor = this->vendor;
+ return this->type;
+}
+
+/**
+ * Implementation of eap_method_t.get_msk.
+ */
+static status_t get_msk(private_eap_radius_t *this, chunk_t *msk)
+{
+ if (this->msk.ptr)
+ {
+ *msk = this->msk;
+ return SUCCESS;
+ }
+ return FAILED;
+}
+
+/**
+ * Implementation of eap_method_t.is_mutual.
+ */
+static bool is_mutual(private_eap_radius_t *this)
+{
+ switch (this->type)
+ {
+ case EAP_AKA:
+ case EAP_SIM:
+ return TRUE;
+ default:
+ return FALSE;
+ }
+}
+
+/**
+ * Implementation of eap_method_t.destroy.
+ */
+static void destroy(private_eap_radius_t *this)
+{
+ this->peer->destroy(this->peer);
+ this->server->destroy(this->server);
+ this->client->destroy(this->client);
+ chunk_clear(&this->msk);
+ free(this);
+}
+
+/**
+ * Generic constructor
+ */
+eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer)
+{
+ private_eap_radius_t *this = malloc_thing(private_eap_radius_t);
+
+ this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate;
+ this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*,eap_payload_t**))process;
+ this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type;
+ this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual;
+ this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk;
+ this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy;
+
+ this->client = radius_client_create();
+ if (!this->client)
+ {
+ free(this);
+ return NULL;
+ }
+ this->peer = peer->clone(peer);
+ this->server = server->clone(server);
+ /* initially EAP_RADIUS, but is set to the method selected by RADIUS */
+ this->type = EAP_RADIUS;
+ this->vendor = 0;
+ this->msk = chunk_empty;
+
+ return &this->public;
+}
+
diff --git a/src/charon/plugins/eap_radius/eap_radius.h b/src/charon/plugins/eap_radius/eap_radius.h
new file mode 100644
index 000000000..7cb0a8615
--- /dev/null
+++ b/src/charon/plugins/eap_radius/eap_radius.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup eap_radius_i eap_radius
+ * @{ @ingroup eap_radius
+ */
+
+#ifndef EAP_RADIUS_H_
+#define EAP_RADIUS_H_
+
+typedef struct eap_radius_t eap_radius_t;
+
+#include <sa/authenticators/eap/eap_method.h>
+
+/**
+ * Implementation of the eap_method_t interface using a RADIUS server.
+ */
+struct eap_radius_t {
+
+ /**
+ * Implemented eap_method_t interface.
+ */
+ eap_method_t eap_method_interface;
+};
+
+/**
+ * Create a EAP RADIUS proxy.
+ *
+ * @param server ID of the EAP server
+ * @param peer ID of the EAP client
+ * @return eap_radius_t object
+ */
+eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer);
+
+#endif /** EAP_RADIUS_H_ @}*/
diff --git a/src/charon/plugins/eap_radius/eap_radius_plugin.c b/src/charon/plugins/eap_radius/eap_radius_plugin.c
new file mode 100644
index 000000000..a429859a7
--- /dev/null
+++ b/src/charon/plugins/eap_radius/eap_radius_plugin.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "eap_radius_plugin.h"
+
+#include "eap_radius.h"
+#include "radius_client.h"
+
+#include <daemon.h>
+
+/**
+ * Implementation of plugin_t.destroy
+ */
+static void destroy(eap_radius_plugin_t *this)
+{
+ charon->eap->remove_method(charon->eap, (eap_constructor_t)eap_radius_create);
+ radius_client_cleanup();
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *plugin_create()
+{
+ eap_radius_plugin_t *this;
+
+ if (!radius_client_init())
+ {
+ DBG1(DBG_CFG, "RADIUS plugin initialization failed");
+ return NULL;
+ }
+
+ this = malloc_thing(eap_radius_plugin_t);
+ this->plugin.destroy = (void(*)(plugin_t*))destroy;
+
+ charon->eap->add_method(charon->eap, EAP_RADIUS, 0,
+ EAP_SERVER, (eap_constructor_t)eap_radius_create);
+
+ return &this->plugin;
+}
+
diff --git a/src/charon/plugins/eap_radius/eap_radius_plugin.h b/src/charon/plugins/eap_radius/eap_radius_plugin.h
new file mode 100644
index 000000000..3ed194619
--- /dev/null
+++ b/src/charon/plugins/eap_radius/eap_radius_plugin.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup eap_radius eap_radius
+ * @ingroup cplugins
+ *
+ * @defgroup eap_radius_plugin eap_radius_plugin
+ * @{ @ingroup eap_radius
+ */
+
+#ifndef EAP_RADIUS_PLUGIN_H_
+#define EAP_RADIUS_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct eap_radius_plugin_t eap_radius_plugin_t;
+
+/**
+ * EAP RADIUS proxy plugin.
+ *
+ * This plugin provides not a single EAP method, but a proxy to forwared
+ * EAP packets to a RADIUS server. It only provides server implementations.
+ */
+struct eap_radius_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+/**
+ * Create a eap_radius_plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /** EAP_RADIUS_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_radius/radius_client.c b/src/charon/plugins/eap_radius/radius_client.c
new file mode 100644
index 000000000..a3ab1dd78
--- /dev/null
+++ b/src/charon/plugins/eap_radius/radius_client.c
@@ -0,0 +1,495 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "radius_client.h"
+
+#include <unistd.h>
+#include <errno.h>
+
+#include <daemon.h>
+#include <utils/host.h>
+#include <utils/linked_list.h>
+#include <utils/mutex.h>
+
+/**
+ * Default RADIUS server port, when not configured
+ */
+#define RADIUS_PORT 1812
+
+/**
+ * Vendor-Id of Microsoft specific attributes
+ */
+#define VENDOR_ID_MICROSOFT 311
+
+/**
+ * Microsoft specific vendor attributes
+ */
+#define MS_MPPE_SEND_KEY 16
+#define MS_MPPE_RECV_KEY 17
+
+typedef struct private_radius_client_t private_radius_client_t;
+
+typedef struct entry_t entry_t;
+
+/**
+ * A socket pool entry.
+ */
+struct entry_t {
+ /** socket file descriptor */
+ int fd;
+ /** current RADIUS identifier */
+ u_int8_t identifier;
+ /** hasher to use for response verification */
+ hasher_t *hasher;
+ /** HMAC-MD5 signer to build Message-Authenticator attribute */
+ signer_t *signer;
+ /** random number generator for RADIUS request authenticator */
+ rng_t *rng;
+};
+
+/**
+ * Private data of an radius_client_t object.
+ */
+struct private_radius_client_t {
+
+ /**
+ * Public radius_client_t interface.
+ */
+ radius_client_t public;
+
+ /**
+ * RADIUS servers State attribute
+ */
+ chunk_t state;
+};
+
+/**
+ * Global list of radius sockets, contains entry_t's
+ */
+static linked_list_t *sockets;
+
+/**
+ * mutex to lock sockets list
+ */
+static mutex_t *mutex;
+
+/**
+ * condvar to wait for sockets
+ */
+static condvar_t *condvar;
+
+/**
+ * RADIUS secret
+ */
+static chunk_t secret;
+
+/**
+ * NAS-Identifier
+ */
+static chunk_t nas_identifier;
+
+/**
+ * Clean up socket list
+ */
+void radius_client_cleanup()
+{
+ entry_t *entry;
+
+ mutex->destroy(mutex);
+ condvar->destroy(condvar);
+ while (sockets->remove_last(sockets, (void**)&entry) == SUCCESS)
+ {
+ entry->rng->destroy(entry->rng);
+ entry->hasher->destroy(entry->hasher);
+ entry->signer->destroy(entry->signer);
+ close(entry->fd);
+ free(entry);
+ }
+ sockets->destroy(sockets);
+}
+
+/**
+ * Initialize the socket list
+ */
+bool radius_client_init()
+{
+ int i, count, fd;
+ u_int16_t port;
+ entry_t *entry;
+ host_t *host;
+ char *server;
+
+ nas_identifier.ptr = lib->settings->get_str(lib->settings,
+ "charon.plugins.eap_radius.nas_identifier", "strongSwan");
+ nas_identifier.len = strlen(nas_identifier.ptr);
+
+ secret.ptr = lib->settings->get_str(lib->settings,
+ "charon.plugins.eap_radius.secret", NULL);
+ if (!secret.ptr)
+ {
+ DBG1(DBG_CFG, "no RADUIS secret defined");
+ return FALSE;
+ }
+ secret.len = strlen(secret.ptr);
+ server = lib->settings->get_str(lib->settings,
+ "charon.plugins.eap_radius.server", NULL);
+ if (!server)
+ {
+ DBG1(DBG_CFG, "no RADUIS server defined");
+ return FALSE;
+ }
+ port = lib->settings->get_int(lib->settings,
+ "charon.plugins.eap_radius.port", RADIUS_PORT);
+ host = host_create_from_dns(server, 0, port);
+ if (!host)
+ {
+ return FALSE;
+ }
+ count = lib->settings->get_int(lib->settings,
+ "charon.plugins.eap_radius.sockets", 1);
+
+ sockets = linked_list_create();
+ mutex = mutex_create(MUTEX_DEFAULT);
+ condvar = condvar_create(CONDVAR_DEFAULT);
+ for (i = 0; i < count; i++)
+ {
+ fd = socket(host->get_family(host), SOCK_DGRAM, IPPROTO_UDP);
+ if (fd < 0)
+ {
+ DBG1(DBG_CFG, "opening RADIUS socket failed");
+ host->destroy(host);
+ radius_client_cleanup();
+ return FALSE;
+ }
+ if (connect(fd, host->get_sockaddr(host),
+ *host->get_sockaddr_len(host)) < 0)
+ {
+ DBG1(DBG_CFG, "connecting RADIUS socket failed");
+ host->destroy(host);
+ radius_client_cleanup();
+ return FALSE;
+ }
+ entry = malloc_thing(entry_t);
+ entry->fd = fd;
+ /* we use per-socket crypto elements: this reduces overhead, but
+ * is still thread-save. */
+ entry->hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
+ entry->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128);
+ entry->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+ if (!entry->hasher || !entry->signer || !entry->rng)
+ {
+ DBG1(DBG_CFG, "RADIUS initialization failed, HMAC/MD5/RNG required");
+ DESTROY_IF(entry->hasher);
+ DESTROY_IF(entry->signer);
+ DESTROY_IF(entry->rng);
+ free(entry);
+ host->destroy(host);
+ radius_client_cleanup();
+ return FALSE;
+ }
+ entry->signer->set_key(entry->signer, secret);
+ /* we use a random identifier, helps if we restart often (testing) */
+ entry->identifier = random();
+ sockets->insert_last(sockets, entry);
+ }
+ host->destroy(host);
+ return TRUE;
+}
+
+/**
+ * Get a socket from the pool, block if none available
+ */
+static entry_t* get_socket()
+{
+ entry_t *entry;
+
+ mutex->lock(mutex);
+ while (sockets->remove_first(sockets, (void**)&entry) != SUCCESS)
+ {
+ condvar->wait(condvar, mutex);
+ }
+ mutex->unlock(mutex);
+ return entry;
+}
+
+/**
+ * Release a socket to the pool
+ */
+static void put_socket(entry_t *entry)
+{
+ mutex->lock(mutex);
+ sockets->insert_last(sockets, entry);
+ mutex->unlock(mutex);
+ condvar->signal(condvar);
+}
+
+/**
+ * Save the state attribute to include in further request
+ */
+static void save_state(private_radius_client_t *this, radius_message_t *msg)
+{
+ enumerator_t *enumerator;
+ int type;
+ chunk_t data;
+
+ enumerator = msg->create_enumerator(msg);
+ while (enumerator->enumerate(enumerator, &type, &data))
+ {
+ if (type == RAT_STATE)
+ {
+ free(this->state.ptr);
+ this->state = chunk_clone(data);
+ enumerator->destroy(enumerator);
+ return;
+ }
+ }
+ enumerator->destroy(enumerator);
+ /* no state attribute found, remove state */
+ chunk_free(&this->state);
+}
+
+/**
+ * Implementation of radius_client_t.request
+ */
+static radius_message_t* request(private_radius_client_t *this,
+ radius_message_t *req)
+{
+ char virtual[] = {0x00,0x00,0x00,0x05};
+ entry_t *socket;
+ chunk_t data;
+ int i;
+
+ socket = get_socket();
+
+ /* set Message Identifier */
+ req->set_identifier(req, socket->identifier++);
+ /* we add the "Virtual" NAS-Port-Type, as we SHOULD include one */
+ req->add(req, RAT_NAS_PORT_TYPE, chunk_create(virtual, sizeof(virtual)));
+ /* add our NAS-Identifier */
+ req->add(req, RAT_NAS_IDENTIFIER, nas_identifier);
+ /* add State attribute, if server sent one */
+ if (this->state.ptr)
+ {
+ req->add(req, RAT_STATE, this->state);
+ }
+ /* sign the request */
+ req->sign(req, socket->rng, socket->signer);
+
+ data = req->get_encoding(req);
+ /* timeout after 2, 3, 4, 5 seconds */
+ for (i = 2; i <= 5; i++)
+ {
+ radius_message_t *response;
+ bool retransmit = FALSE;
+ struct timeval tv;
+ char buf[1024];
+ fd_set fds;
+ int res;
+
+ if (send(socket->fd, data.ptr, data.len, 0) != data.len)
+ {
+ DBG1(DBG_CFG, "sending RADIUS message failed: %s", strerror(errno));
+ put_socket(socket);
+ return NULL;
+ }
+ tv.tv_sec = i;
+ tv.tv_usec = 0;
+
+ while (TRUE)
+ {
+ FD_ZERO(&fds);
+ FD_SET(socket->fd, &fds);
+ res = select(socket->fd + 1, &fds, NULL, NULL, &tv);
+ /* TODO: updated tv to time not waited. Linux does this for us. */
+ if (res < 0)
+ { /* failed */
+ DBG1(DBG_CFG, "waiting for RADIUS message failed: %s",
+ strerror(errno));
+ break;
+ }
+ if (res == 0)
+ { /* timeout */
+ DBG1(DBG_CFG, "retransmitting RADIUS message");
+ retransmit = TRUE;
+ break;
+ }
+ res = recv(socket->fd, buf, sizeof(buf), MSG_DONTWAIT);
+ if (res <= 0)
+ {
+ DBG1(DBG_CFG, "receiving RADIUS message failed: %s",
+ strerror(errno));
+ break;
+ }
+ response = radius_message_parse_response(chunk_create(buf, res));
+ if (response)
+ {
+ if (response->verify(response, req->get_authenticator(req),
+ secret, socket->hasher, socket->signer))
+ {
+ save_state(this, response);
+ put_socket(socket);
+ return response;
+ }
+ response->destroy(response);
+ }
+ DBG1(DBG_CFG, "received invalid RADIUS message, ignored");
+ }
+ if (!retransmit)
+ {
+ break;
+ }
+ }
+ DBG1(DBG_CFG, "RADIUS server is not responding");
+ put_socket(socket);
+ return NULL;
+}
+
+/**
+ * Decrypt a MS-MPPE-Send/Recv-Key
+ */
+static chunk_t decrypt_mppe_key(private_radius_client_t *this, u_int16_t salt,
+ chunk_t C, radius_message_t *request)
+{
+ chunk_t A, R, P, seed;
+ u_char *c, *p;
+ hasher_t *hasher;
+
+ /**
+ * From RFC2548 (encryption):
+ * b(1) = MD5(S + R + A) c(1) = p(1) xor b(1) C = c(1)
+ * b(2) = MD5(S + c(1)) c(2) = p(2) xor b(2) C = C + c(2)
+ * . . .
+ * b(i) = MD5(S + c(i-1)) c(i) = p(i) xor b(i) C = C + c(i)
+ */
+
+ if (C.len % HASH_SIZE_MD5 || C.len < HASH_SIZE_MD5)
+ {
+ return chunk_empty;
+ }
+
+ hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
+ if (!hasher)
+ {
+ return chunk_empty;
+ }
+
+ A = chunk_create((u_char*)&salt, sizeof(salt));
+ R = chunk_create(request->get_authenticator(request), HASH_SIZE_MD5);
+ P = chunk_alloca(C.len);
+ p = P.ptr;
+ c = C.ptr;
+
+ seed = chunk_cata("cc", R, A);
+
+ while (c < C.ptr + C.len)
+ {
+ /* b(i) = MD5(S + c(i-1)) */
+ hasher->get_hash(hasher, secret, NULL);
+ hasher->get_hash(hasher, seed, p);
+
+ /* p(i) = b(i) xor c(1) */
+ memxor(p, c, HASH_SIZE_MD5);
+
+ /* prepare next round */
+ seed = chunk_create(c, HASH_SIZE_MD5);
+ c += HASH_SIZE_MD5;
+ p += HASH_SIZE_MD5;
+ }
+ hasher->destroy(hasher);
+
+ /* remove truncation, first byte is key length */
+ if (*P.ptr >= P.len)
+ { /* decryption failed? */
+ return chunk_empty;
+ }
+ return chunk_clone(chunk_create(P.ptr + 1, *P.ptr));
+}
+
+/**
+ * Implementation of radius_client_t.decrypt_msk
+ */
+static chunk_t decrypt_msk(private_radius_client_t *this,
+ radius_message_t *response, radius_message_t *request)
+{
+ struct {
+ u_int32_t id;
+ u_int8_t type;
+ u_int8_t length;
+ u_int16_t salt;
+ u_int8_t key[];
+ } __attribute__((packed)) *mppe_key;
+ enumerator_t *enumerator;
+ chunk_t data, send = chunk_empty, recv = chunk_empty;
+ int type;
+
+ enumerator = response->create_enumerator(response);
+ while (enumerator->enumerate(enumerator, &type, &data))
+ {
+ if (type == RAT_VENDOR_SPECIFIC &&
+ data.len > sizeof(*mppe_key))
+ {
+ mppe_key = (void*)data.ptr;
+ if (ntohl(mppe_key->id) == VENDOR_ID_MICROSOFT &&
+ mppe_key->length == data.len - sizeof(mppe_key->id))
+ {
+ data = chunk_create(mppe_key->key, data.len - sizeof(*mppe_key));
+ if (mppe_key->type == MS_MPPE_SEND_KEY)
+ {
+ send = decrypt_mppe_key(this, mppe_key->salt, data, request);
+ }
+ if (mppe_key->type == MS_MPPE_RECV_KEY)
+ {
+ recv = decrypt_mppe_key(this, mppe_key->salt, data, request);
+ }
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (send.ptr && recv.ptr)
+ {
+ return chunk_cat("mm", recv, send);
+ }
+ chunk_clear(&send);
+ chunk_clear(&recv);
+ return chunk_empty;
+}
+
+/**
+ * Implementation of radius_client_t.destroy.
+ */
+static void destroy(private_radius_client_t *this)
+{
+ free(this->state.ptr);
+ free(this);
+}
+
+/**
+ * See header
+ */
+radius_client_t *radius_client_create()
+{
+ private_radius_client_t *this = malloc_thing(private_radius_client_t);
+
+ this->public.request = (radius_message_t*(*)(radius_client_t*, radius_message_t *msg))request;
+ this->public.decrypt_msk = (chunk_t(*)(radius_client_t*, radius_message_t *, radius_message_t *))decrypt_msk;
+ this->public.destroy = (void(*)(radius_client_t*))destroy;
+
+ this->state = chunk_empty;
+
+ return &this->public;
+}
+
diff --git a/src/charon/plugins/eap_radius/radius_client.h b/src/charon/plugins/eap_radius/radius_client.h
new file mode 100644
index 000000000..2207b8713
--- /dev/null
+++ b/src/charon/plugins/eap_radius/radius_client.h
@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup radius_client radius_client
+ * @{ @ingroup eap_radius
+ */
+
+#ifndef RADIUS_CLIENT_H_
+#define RADIUS_CLIENT_H_
+
+#include "radius_message.h"
+
+typedef struct radius_client_t radius_client_t;
+
+/**
+ * RADIUS client functionality.
+ *
+ * To communicate with a RADIUS server, create a client and send messages over
+ * it. All instances share a fixed size pool of sockets. The client reserves
+ * a socket during request() and releases it afterwards.
+ */
+struct radius_client_t {
+
+ /**
+ * Send a RADIUS request and wait for the response.
+ *
+ * The client fills in RADIUS Message identifier, NAS-Identifier,
+ * NAS-Port-Type, builds a Request-Authenticator and calculates the
+ * Message-Authenticator attribute.
+ * The received response gets verified using the Response-Identifier
+ * and the Message-Authenticator attribute.
+ *
+ * @param msg RADIUS request message to send
+ * @return response, NULL if timed out/verification failed
+ */
+ radius_message_t* (*request)(radius_client_t *this, radius_message_t *msg);
+
+ /**
+ * Decrypt the MSK encoded in a messages MS-MPPE-Send/Recv-Key.
+ *
+ * @param response RADIUS response message containing attributes
+ * @param request associated RADIUS request message
+ * @return allocated MSK, empty chunk if none found
+ */
+ chunk_t (*decrypt_msk)(radius_client_t *this, radius_message_t *response,
+ radius_message_t *request);
+
+ /**
+ * Destroy the client, release the socket.
+ */
+ void (*destroy)(radius_client_t *this);
+};
+
+/**
+ * Create a RADIUS client, acquire a socket.
+ *
+ * This call might block if the socket pool is empty.
+ *
+ * @return radius_client_t object
+ */
+radius_client_t *radius_client_create();
+
+/**
+ * Initialize the socket pool.
+ *
+ * @return TRUE if initialization successful
+ */
+bool radius_client_init();
+
+/**
+ * Cleanup the socket pool.
+ */
+void radius_client_cleanup();
+
+#endif /** RADIUS_CLIENT_H_ @}*/
diff --git a/src/charon/plugins/eap_radius/radius_message.c b/src/charon/plugins/eap_radius/radius_message.c
new file mode 100644
index 000000000..a95d2bb93
--- /dev/null
+++ b/src/charon/plugins/eap_radius/radius_message.c
@@ -0,0 +1,477 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "radius_message.h"
+
+#include <daemon.h>
+#include <crypto/hashers/hasher.h>
+
+typedef struct private_radius_message_t private_radius_message_t;
+typedef struct rmsg_t rmsg_t;
+typedef struct rattr_t rattr_t;
+
+/**
+ * RADIUS message header
+ */
+struct rmsg_t {
+ /** message code, radius_message_code_t */
+ u_int8_t code;
+ /** message identifier */
+ u_int8_t identifier;
+ /** length of Code, Identifier, Length, Authenticator and Attributes */
+ u_int16_t length;
+ /** message authenticator, MD5 hash */
+ u_int8_t authenticator[HASH_SIZE_MD5];
+ /** variable list of packed attributes */
+ u_int8_t attributes[];
+} __attribute__((packed));
+
+/**
+ * RADIUS message attribute.
+ */
+struct rattr_t {
+ /** attribute type, radius_attribute_type_t */
+ u_int8_t type;
+ /** length of the attriubte, including the Type, Length and Value fields */
+ u_int8_t length;
+ /** variable length attribute value */
+ u_int8_t value[];
+} __attribute__((packed));
+
+/**
+ * Private data of an radius_message_t object.
+ */
+struct private_radius_message_t {
+
+ /**
+ * Public radius_message_t interface.
+ */
+ radius_message_t public;
+
+ /**
+ * message data, allocated
+ */
+ rmsg_t *msg;
+};
+
+ENUM_BEGIN(radius_message_code_names, RMC_ACCESS_REQUEST, RMC_ACCOUNTING_RESPONSE,
+ "Access-Request",
+ "Access-Accept",
+ "Access-Reject",
+ "Accounting-Request",
+ "Accounting-Response");
+ENUM_NEXT(radius_message_code_names, RMC_ACCESS_CHALLENGE, RMC_ACCESS_CHALLENGE, RMC_ACCOUNTING_RESPONSE,
+ "Access-Challenge");
+ENUM_END(radius_message_code_names, RMC_ACCESS_CHALLENGE);
+
+ENUM(radius_attribute_type_names, RAT_USER_NAME, RAT_MIP6_HOME_LINK_PREFIX,
+ "User-Name",
+ "User-Password",
+ "CHAP-Password",
+ "NAS-IP-Address",
+ "NAS-Port",
+ "Service-Type",
+ "Framed-Protocol",
+ "Framed-IP-Address",
+ "Framed-IP-Netmask",
+ "Framed-Routing",
+ "Filter-Id",
+ "Framed-MTU",
+ "Framed-Compression",
+ "Login-IP-Host",
+ "Login-Service",
+ "Login-TCP-Port",
+ "Unassigned",
+ "Reply-Message",
+ "Callback-Number",
+ "Callback-Id",
+ "Unassigned",
+ "Framed-Route",
+ "Framed-IPX-Network",
+ "State",
+ "Class",
+ "Vendor-Specific",
+ "Session-Timeout",
+ "Idle-Timeout",
+ "Termination-Action",
+ "Called-Station-Id",
+ "Calling-Station-Id",
+ "NAS-Identifier",
+ "Proxy-State",
+ "Login-LAT-Service",
+ "Login-LAT-Node",
+ "Login-LAT-Group",
+ "Framed-AppleTalk-Link",
+ "Framed-AppleTalk-Network",
+ "Framed-AppleTalk-Zone",
+ "Acct-Status-Type",
+ "Acct-Delay-Time",
+ "Acct-Input-Octets",
+ "Acct-Output-Octets",
+ "Acct-Session-Id",
+ "Acct-Authentic",
+ "Acct-Session-Time",
+ "Acct-Input-Packets",
+ "Acct-Output-Packets",
+ "Acct-Terminate-Cause",
+ "Acct-Multi-Session-Id",
+ "Acct-Link-Count",
+ "Acct-Input-Gigawords",
+ "Acct-Output-Gigawords",
+ "Unassigned",
+ "Event-Timestamp",
+ "Egress-VLANID",
+ "Ingress-Filters",
+ "Egress-VLAN-Name",
+ "User-Priority-Table",
+ "CHAP-Challenge",
+ "NAS-Port-Type",
+ "Port-Limit",
+ "Login-LAT-Port",
+ "Tunnel-Type",
+ "Tunnel-Medium-Type",
+ "Tunnel-Client-Endpoint",
+ "Tunnel-Server-Endpoint",
+ "Acct-Tunnel-Connection",
+ "Tunnel-Password",
+ "ARAP-Password",
+ "ARAP-Features",
+ "ARAP-Zone-Access",
+ "ARAP-Security",
+ "ARAP-Security-Data",
+ "Password-Retry",
+ "Prompt",
+ "Connect-Info",
+ "Configuration-Token",
+ "EAP-Message",
+ "Message-Authenticator",
+ "Tunnel-Private-Group-ID",
+ "Tunnel-Assignment-ID",
+ "Tunnel-Preference",
+ "ARAP-Challenge-Response",
+ "Acct-Interim-Interval",
+ "Acct-Tunnel-Packets-Lost",
+ "NAS-Port-Id",
+ "Framed-Pool",
+ "CUI",
+ "Tunnel-Client-Auth-ID",
+ "Tunnel-Server-Auth-ID",
+ "NAS-Filter-Rule",
+ "Unassigned",
+ "Originating-Line-Info",
+ "NAS-IPv6-Address",
+ "Framed-Interface-Id",
+ "Framed-IPv6-Prefix",
+ "Login-IPv6-Host",
+ "Framed-IPv6-Route",
+ "Framed-IPv6-Pool",
+ "Error-Cause",
+ "EAP-Key-Name",
+ "Digest-Response",
+ "Digest-Realm",
+ "Digest-Nonce",
+ "Digest-Response-Auth",
+ "Digest-Nextnonce",
+ "Digest-Method",
+ "Digest-URI",
+ "Digest-Qop",
+ "Digest-Algorithm",
+ "Digest-Entity-Body-Hash",
+ "Digest-CNonce",
+ "Digest-Nonce-Count",
+ "Digest-Username",
+ "Digest-Opaque",
+ "Digest-Auth-Param",
+ "Digest-AKA-Auts",
+ "Digest-Domain",
+ "Digest-Stale",
+ "Digest-HA1",
+ "SIP-AOR",
+ "Delegated-IPv6-Prefix",
+ "MIP6-Feature-Vector",
+ "MIP6-Home-Link-Prefix");
+
+/**
+ * Attribute enumerator implementation
+ */
+typedef struct {
+ /** implements enumerator interface */
+ enumerator_t public;
+ /** currently pointing attribute */
+ rattr_t *next;
+ /** bytes left */
+ int left;
+} attribute_enumerator_t;
+
+
+/**
+ * Implementation of attribute_enumerator_t.enumerate
+ */
+static bool attribute_enumerate(attribute_enumerator_t *this,
+ int *type, chunk_t *data)
+
+{
+ if (this->left == 0)
+ {
+ return FALSE;
+ }
+ if (this->left < sizeof(rattr_t) ||
+ this->left < this->next->length)
+ {
+ DBG1(DBG_IKE, "RADIUS message truncated");
+ return FALSE;
+ }
+ *type = this->next->type;
+ data->ptr = this->next->value;
+ data->len = this->next->length - sizeof(rattr_t);
+ this->left -= this->next->length;
+ this->next = ((void*)this->next) + this->next->length;
+ return TRUE;
+}
+
+/**
+ * Implementation of radius_message_t.create_enumerator
+ */
+static enumerator_t* create_enumerator(private_radius_message_t *this)
+{
+ attribute_enumerator_t *e;
+
+ if (ntohs(this->msg->length) < sizeof(rmsg_t) + sizeof(rattr_t))
+ {
+ return enumerator_create_empty();
+ }
+
+ e = malloc_thing(attribute_enumerator_t);
+ e->public.enumerate = (void*)attribute_enumerate;
+ e->public.destroy = (void*)free;
+ e->next = (rattr_t*)this->msg->attributes;
+ e->left = ntohs(this->msg->length) - sizeof(rmsg_t);
+ return &e->public;
+}
+
+/**
+ * Implementation of radius_message_t.add
+ */
+static void add(private_radius_message_t *this, radius_attribute_type_t type,
+ chunk_t data)
+{
+ rattr_t *attribute;
+
+ this->msg = realloc(this->msg,
+ ntohs(this->msg->length) + sizeof(rattr_t) + data.len);
+ attribute = ((void*)this->msg) + ntohs(this->msg->length);
+ attribute->type = type;
+ attribute->length = data.len + sizeof(rattr_t);
+ memcpy(attribute->value, data.ptr, data.len);
+ this->msg->length = htons(ntohs(this->msg->length) + attribute->length);
+}
+
+/**
+ * Implementation of radius_message_t.sign
+ */
+static void sign(private_radius_message_t *this, rng_t *rng, signer_t *signer)
+{
+ char buf[HASH_SIZE_MD5];
+
+ /* build Request-Authenticator */
+ rng->get_bytes(rng, HASH_SIZE_MD5, this->msg->authenticator);
+
+ /* build Message-Authenticator attribute, using 16 null bytes */
+ memset(buf, 0, sizeof(buf));
+ add(this, RAT_MESSAGE_AUTHENTICATOR, chunk_create(buf, sizeof(buf)));
+ signer->get_signature(signer,
+ chunk_create((u_char*)this->msg, ntohs(this->msg->length)),
+ ((u_char*)this->msg) + ntohs(this->msg->length) - HASH_SIZE_MD5);
+}
+
+/**
+ * Implementation of radius_message_t.verify
+ */
+static bool verify(private_radius_message_t *this, u_int8_t *req_auth,
+ chunk_t secret, hasher_t *hasher, signer_t *signer)
+{
+ char buf[HASH_SIZE_MD5], res_auth[HASH_SIZE_MD5];
+ enumerator_t *enumerator;
+ int type;
+ chunk_t data, msg;
+ bool has_eap = FALSE, has_auth = FALSE;
+
+ /* replace Response by Request Authenticator for verification */
+ memcpy(res_auth, this->msg->authenticator, HASH_SIZE_MD5);
+ memcpy(this->msg->authenticator, req_auth, HASH_SIZE_MD5);
+ msg = chunk_create((u_char*)this->msg, ntohs(this->msg->length));
+
+ /* verify Response-Authenticator */
+ hasher->get_hash(hasher, msg, NULL);
+ hasher->get_hash(hasher, secret, buf);
+ if (!memeq(buf, res_auth, HASH_SIZE_MD5))
+ {
+ DBG1(DBG_CFG, "RADIUS Response-Authenticator verification failed");
+ return FALSE;
+ }
+
+ /* verify Message-Authenticator attribute */
+ enumerator = create_enumerator(this);
+ while (enumerator->enumerate(enumerator, &type, &data))
+ {
+ if (type == RAT_MESSAGE_AUTHENTICATOR)
+ {
+ if (data.len != HASH_SIZE_MD5)
+ {
+ DBG1(DBG_CFG, "RADIUS Message-Authenticator invalid length");
+ enumerator->destroy(enumerator);
+ return FALSE;
+ }
+ memcpy(buf, data.ptr, data.len);
+ memset(data.ptr, 0, data.len);
+ if (signer->verify_signature(signer, msg,
+ chunk_create(buf, sizeof(buf))))
+ {
+ /* restore Message-Authenticator */
+ memcpy(data.ptr, buf, data.len);
+ has_auth = TRUE;
+ break;
+ }
+ else
+ {
+ DBG1(DBG_CFG, "RADIUS Message-Authenticator verification failed");
+ enumerator->destroy(enumerator);
+ return FALSE;
+ }
+ }
+ else if (type == RAT_EAP_MESSAGE)
+ {
+ has_eap = TRUE;
+ }
+ }
+ enumerator->destroy(enumerator);
+ /* restore Response-Authenticator */
+ memcpy(this->msg->authenticator, res_auth, HASH_SIZE_MD5);
+
+ if (has_eap && !has_auth)
+ { /* Message-Authenticator is required if we have an EAP-Message */
+ DBG1(DBG_CFG, "RADIUS Message-Authenticator attribute missing");
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ * Implementation of radius_message_t.get_code
+ */
+static radius_message_code_t get_code(private_radius_message_t *this)
+{
+ return this->msg->code;
+}
+
+/**
+ * Implementation of radius_message_t.get_identifier
+ */
+static u_int8_t get_identifier(private_radius_message_t *this)
+{
+ return this->msg->identifier;
+}
+
+/**
+ * Implementation of radius_message_t.set_identifier
+ */
+static void set_identifier(private_radius_message_t *this, u_int8_t identifier)
+{
+ this->msg->identifier = identifier;
+}
+
+/**
+ * Implementation of radius_message_t.get_authenticator
+ */
+static u_int8_t* get_authenticator(private_radius_message_t *this)
+{
+ return this->msg->authenticator;
+}
+
+
+/**
+ * Implementation of radius_message_t.get_encoding
+ */
+static chunk_t get_encoding(private_radius_message_t *this)
+{
+ return chunk_create((u_char*)this->msg, ntohs(this->msg->length));
+}
+
+/**
+ * Implementation of radius_message_t.destroy.
+ */
+static void destroy(private_radius_message_t *this)
+{
+ free(this->msg);
+ free(this);
+}
+
+/**
+ * Generic constructor
+ */
+static private_radius_message_t *radius_message_create()
+{
+ private_radius_message_t *this = malloc_thing(private_radius_message_t);
+
+ this->public.create_enumerator = (enumerator_t*(*)(radius_message_t*))create_enumerator;
+ this->public.add = (void(*)(radius_message_t*, radius_attribute_type_t,chunk_t))add;
+ this->public.get_code = (radius_message_code_t(*)(radius_message_t*))get_code;
+ this->public.get_identifier = (u_int8_t(*)(radius_message_t*))get_identifier;
+ this->public.set_identifier = (void(*)(radius_message_t*, u_int8_t identifier))set_identifier;
+ this->public.get_authenticator = (u_int8_t*(*)(radius_message_t*))get_authenticator;
+ this->public.get_encoding = (chunk_t(*)(radius_message_t*))get_encoding;
+ this->public.sign = (void(*)(radius_message_t*, rng_t *rng, signer_t *signer))sign;
+ this->public.verify = (bool(*)(radius_message_t*, u_int8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer))verify;
+ this->public.destroy = (void(*)(radius_message_t*))destroy;
+
+ return this;
+}
+
+/**
+ * See header
+ */
+radius_message_t *radius_message_create_request()
+{
+ private_radius_message_t *this = radius_message_create();
+
+ this->msg = malloc_thing(rmsg_t);
+ this->msg->code = RMC_ACCESS_REQUEST;
+ this->msg->identifier = 0;
+ this->msg->length = htons(sizeof(rmsg_t));
+
+ return &this->public;
+}
+
+/**
+ * See header
+ */
+radius_message_t *radius_message_parse_response(chunk_t data)
+{
+ private_radius_message_t *this = radius_message_create();
+
+ this->msg = malloc(data.len);
+ memcpy(this->msg, data.ptr, data.len);
+ if (data.len < sizeof(rmsg_t) ||
+ ntohs(this->msg->length) != data.len)
+ {
+ DBG1(DBG_IKE, "RADIUS message has invalid length");
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
diff --git a/src/charon/plugins/eap_radius/radius_message.h b/src/charon/plugins/eap_radius/radius_message.h
new file mode 100644
index 000000000..d195bbe23
--- /dev/null
+++ b/src/charon/plugins/eap_radius/radius_message.h
@@ -0,0 +1,278 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup radius_message radius_message
+ * @{ @ingroup eap_radius
+ */
+
+#ifndef RADIUS_MESSAGE_H_
+#define RADIUS_MESSAGE_H_
+
+#include <library.h>
+
+typedef struct radius_message_t radius_message_t;
+typedef enum radius_message_code_t radius_message_code_t;
+typedef enum radius_attribute_type_t radius_attribute_type_t;
+
+/**
+ * RADIUS Message Codes.
+ */
+enum radius_message_code_t {
+ RMC_ACCESS_REQUEST = 1,
+ RMC_ACCESS_ACCEPT = 2,
+ RMC_ACCESS_REJECT = 3,
+ RMC_ACCOUNTING_REQUEST = 4,
+ RMC_ACCOUNTING_RESPONSE = 5,
+ RMC_ACCESS_CHALLENGE = 11,
+};
+
+/**
+ * Enum names for radius_attribute_type_t.
+ */
+extern enum_name_t *radius_message_code_names;
+
+/**
+ * RADIUS Attribute Types.
+ */
+enum radius_attribute_type_t {
+ RAT_USER_NAME = 1,
+ RAT_USER_PASSWORD = 2,
+ RAT_CHAP_PASSWORD = 3,
+ RAT_NAS_IP_ADDRESS = 4,
+ RAT_NAS_PORT = 5,
+ RAT_SERVICE_TYPE = 6,
+ RAT_FRAMED_PROTOCOL = 7,
+ RAT_FRAMED_IP_ADDRESS = 8,
+ RAT_FRAMED_IP_NETMASK = 9,
+ RAT_FRAMED_ROUTING = 10,
+ RAT_FILTER_ID = 11,
+ RAT_FRAMED_MTU = 12,
+ RAT_FRAMED_COMPRESSION = 13,
+ RAT_LOGIN_IP_HOST = 14,
+ RAT_LOGIN_SERVICE = 15,
+ RAT_LOGIN_TCP_PORT = 16,
+ RAT_REPLY_MESSAGE = 18,
+ RAT_CALLBACK_NUMBER = 19,
+ RAT_CALLBACK_ID = 20,
+ RAT_FRAMED_ROUTE = 22,
+ RAT_FRAMED_IPX_NETWORK = 23,
+ RAT_STATE = 24,
+ RAT_CLASS = 25,
+ RAT_VENDOR_SPECIFIC = 26,
+ RAT_SESSION_TIMEOUT = 27,
+ RAT_IDLE_TIMEOUT = 28,
+ RAT_TERMINATION_ACTION = 29,
+ RAT_CALLED_STATION_ID = 30,
+ RAT_CALLING_STATION_ID = 31,
+ RAT_NAS_IDENTIFIER = 32,
+ RAT_PROXY_STATE = 33,
+ RAT_LOGIN_LAT_SERVICE = 34,
+ RAT_LOGIN_LAT_NODE = 35,
+ RAT_LOGIN_LAT_GROUP = 36,
+ RAT_FRAMED_APPLETALK_LINK = 37,
+ RAT_FRAMED_APPLETALK_NETWORK = 38,
+ RAT_FRAMED_APPLETALK_ZONE = 39,
+ RAT_ACCT_STATUS_TYPE = 40,
+ RAT_ACCT_DELAY_TIME = 41,
+ RAT_ACCT_INPUT_OCTETS = 42,
+ RAT_ACCT_OUTPUT_OCTETS = 43,
+ RAT_ACCT_SESSION_ID = 44,
+ RAT_ACCT_AUTHENTIC = 45,
+ RAT_ACCT_SESSION_TIME = 46,
+ RAT_ACCT_INPUT_PACKETS = 47,
+ RAT_ACCT_OUTPUT_PACKETS = 48,
+ RAT_ACCT_TERMINATE_CAUSE = 49,
+ RAT_ACCT_MULTI_SESSION_ID = 50,
+ RAT_ACCT_LINK_COUNT = 51,
+ RAT_ACCT_INPUT_GIGAWORDS = 52,
+ RAT_ACCT_OUTPUT_GIGAWORDS = 53,
+ RAT_EVENT_TIMESTAMP = 55,
+ RAT_EGRESS_VLANID = 56,
+ RAT_INGRESS_FILTERS = 57,
+ RAT_EGRESS_VLAN_NAME = 58,
+ RAT_USER_PRIORITY_TABLE = 59,
+ RAT_CHAP_CHALLENGE = 60,
+ RAT_NAS_PORT_TYPE = 61,
+ RAT_PORT_LIMIT = 62,
+ RAT_LOGIN_LAT_PORT = 63,
+ RAT_TUNNEL_TYPE = 64,
+ RAT_TUNNEL_MEDIUM_TYPE = 65,
+ RAT_TUNNEL_CLIENT_ENDPOINT = 66,
+ RAT_TUNNEL_SERVER_ENDPOINT = 67,
+ RAT_ACCT_TUNNEL_CONNECTION = 68,
+ RAT_TUNNEL_PASSWORD = 69,
+ RAT_ARAP_PASSWORD = 70,
+ RAT_ARAP_FEATURES = 71,
+ RAT_ARAP_ZONE_ACCESS = 72,
+ RAT_ARAP_SECURITY = 73,
+ RAT_ARAP_SECURITY_DATA = 74,
+ RAT_PASSWORD_RETRY = 75,
+ RAT_PROMPT = 76,
+ RAT_CONNECT_INFO = 77,
+ RAT_CONFIGURATION_TOKEN = 78,
+ RAT_EAP_MESSAGE = 79,
+ RAT_MESSAGE_AUTHENTICATOR = 80,
+ RAT_TUNNEL_PRIVATE_GROUP_ID = 81,
+ RAT_TUNNEL_ASSIGNMENT_ID = 82,
+ RAT_TUNNEL_PREFERENCE = 83,
+ RAT_ARAP_CHALLENGE_RESPONSE = 84,
+ RAT_ACCT_INTERIM_INTERVAL = 85,
+ RAT_ACCT_TUNNEL_PACKETS_LOST = 86,
+ RAT_NAS_PORT_ID = 87,
+ RAT_FRAMED_POOL = 88,
+ RAT_CUI = 89,
+ RAT_TUNNEL_CLIENT_AUTH_ID = 90,
+ RAT_TUNNEL_SERVER_AUTH_ID = 91,
+ RAT_NAS_FILTER_RULE = 92,
+ RAT_UNASSIGNED = 93,
+ RAT_ORIGINATING_LINE_INFO = 94,
+ RAT_NAS_IPV6_ADDRESS = 95,
+ RAT_FRAMED_INTERFACE_ID = 96,
+ RAT_FRAMED_IPV6_PREFIX = 97,
+ RAT_LOGIN_IPV6_HOST = 98,
+ RAT_FRAMED_IPV6_ROUTE = 99,
+ RAT_FRAMED_IPV6_POOL = 100,
+ RAT_ERROR_CAUSE = 101,
+ RAT_EAP_KEY_NAME = 102,
+ RAT_DIGEST_RESPONSE = 103,
+ RAT_DIGEST_REALM = 104,
+ RAT_DIGEST_NONCE = 105,
+ RAT_DIGEST_RESPONSE_AUTH = 106,
+ RAT_DIGEST_NEXTNONCE = 107,
+ RAT_DIGEST_METHOD = 108,
+ RAT_DIGEST_URI = 109,
+ RAT_DIGEST_QOP = 110,
+ RAT_DIGEST_ALGORITHM = 111,
+ RAT_DIGEST_ENTITY_BODY_HASH = 112,
+ RAT_DIGEST_CNONCE = 113,
+ RAT_DIGEST_NONCE_COUNT = 114,
+ RAT_DIGEST_USERNAME = 115,
+ RAT_DIGEST_OPAQUE = 116,
+ RAT_DIGEST_AUTH_PARAM = 117,
+ RAT_DIGEST_AKA_AUTS = 118,
+ RAT_DIGEST_DOMAIN = 119,
+ RAT_DIGEST_STALE = 120,
+ RAT_DIGEST_HA1 = 121,
+ RAT_SIP_AOR = 122,
+ RAT_DELEGATED_IPV6_PREFIX = 123,
+ RAT_MIP6_FEATURE_VECTOR = 124,
+ RAT_MIP6_HOME_LINK_PREFIX = 125,
+};
+
+/**
+ * Enum names for radius_attribute_type_t.
+ */
+extern enum_name_t *radius_attribute_type_names;
+
+/**
+ * A RADIUS message, contains attributes.
+ */
+struct radius_message_t {
+
+ /**
+ * Create an enumerator over contained RADIUS attributes.
+ *
+ * @return enumerator over (int type, chunk_t data)
+ */
+ enumerator_t* (*create_enumerator)(radius_message_t *this);
+
+ /**
+ * Add a RADIUS attribute to the message.
+ *
+ * @param type type of attribute to add
+ * @param attribute data, gets cloned
+ */
+ void (*add)(radius_message_t *this, radius_attribute_type_t type,
+ chunk_t data);
+
+ /**
+ * Get the message type (code).
+ *
+ * @return message code
+ */
+ radius_message_code_t (*get_code)(radius_message_t *this);
+
+ /**
+ * Get the message identifier.
+ *
+ * @return message identifier
+ */
+ u_int8_t (*get_identifier)(radius_message_t *this);
+
+ /**
+ * Set the message identifier.
+ *
+ * @param identifier message identifier
+ */
+ void (*set_identifier)(radius_message_t *this, u_int8_t identifier);
+
+ /**
+ * Get the 16 byte authenticator.
+ *
+ * @return pointer to the Authenticator field
+ */
+ u_int8_t* (*get_authenticator)(radius_message_t *this);
+
+ /**
+ * Get the RADIUS message in its encoded form.
+ *
+ * @return chunk pointing to internal RADIUS message.
+ */
+ chunk_t (*get_encoding)(radius_message_t *this);
+
+ /**
+ * Calculate and add the Message-Authenticator attribute to the message.
+ *
+ * @param rng RNG to create Request-Authenticator
+ * @param signer HMAC-MD5 signer with secret set
+ */
+ void (*sign)(radius_message_t *this, rng_t *rng, signer_t *signer);
+
+ /**
+ * Verify the integrity of a received RADIUS response.
+ *
+ * @param req_auth 16 byte Authenticator of the corresponding request
+ * @param secret shared RADIUS secret
+ * @param hasher hasher to verify Response-Authenticator
+ * @param signer signer to verify Message-Authenticator attribute
+ */
+ bool (*verify)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
+ hasher_t *hasher, signer_t *signer);
+
+ /**
+ * Destroy the message.
+ */
+ void (*destroy)(radius_message_t *this);
+};
+
+/**
+ * Create an empty RADIUS request message (RMT_ACCESS_REQUEST).
+ *
+ * @return radius_message_t object
+ */
+radius_message_t *radius_message_create_request();
+
+/**
+ * Parse and verify a recevied RADIUS response.
+ *
+ * @param data received message data
+ * @return radius_message_t object, NULL if length invalid
+ */
+radius_message_t *radius_message_parse_response(chunk_t data);
+
+#endif /** RADIUS_MESSAGE_H_ @}*/
diff --git a/src/charon/plugins/eap_sim/eap_sim.h b/src/charon/plugins/eap_sim/eap_sim.h
index ec061b6f4..af1aa2aa5 100644
--- a/src/charon/plugins/eap_sim/eap_sim.h
+++ b/src/charon/plugins/eap_sim/eap_sim.h
@@ -58,4 +58,4 @@ eap_sim_t *eap_sim_create_server(identification_t *server, identification_t *pee
*/
eap_sim_t *eap_sim_create_peer(identification_t *server, identification_t *peer);
-#endif /* EAP_SIM_H_ @}*/
+#endif /** EAP_SIM_H_ @}*/
diff --git a/src/charon/plugins/eap_sim/eap_sim_plugin.h b/src/charon/plugins/eap_sim/eap_sim_plugin.h
index 13152358a..d90a72092 100644
--- a/src/charon/plugins/eap_sim/eap_sim_plugin.h
+++ b/src/charon/plugins/eap_sim/eap_sim_plugin.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_sim_plugin.h 4406 2008-10-10 08:36:01Z martin $
+ * $Id: eap_sim_plugin.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct eap_sim_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* EAP_SIM_PLUGIN_H_ @}*/
+#endif /** EAP_SIM_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h b/src/charon/plugins/eap_sim_file/eap_sim_file_card.h
index 953a3e915..9f28aa8fc 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h
+++ b/src/charon/plugins/eap_sim_file/eap_sim_file_card.h
@@ -52,4 +52,4 @@ struct eap_sim_file_card_t {
*/
eap_sim_file_card_t *eap_sim_file_card_create(eap_sim_file_triplets_t *triplets);
-#endif /* EAP_SIM_FILE_CARD_ @}*/
+#endif /** EAP_SIM_FILE_CARD_ @}*/
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h b/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h
index c1828527d..8e603258f 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h
+++ b/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h
@@ -46,4 +46,4 @@ struct eap_sim_file_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* EAP_SIM_FILE_PLUGIN_H_ @}*/
+#endif /** EAP_SIM_FILE_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h
index bc8f6cca0..efd73802a 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h
+++ b/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h
@@ -51,4 +51,4 @@ struct eap_sim_file_provider_t {
eap_sim_file_provider_t *eap_sim_file_provider_create(
eap_sim_file_triplets_t *triplets);
-#endif /* EAP_SIM_FILE_PROVIDER_ @}*/
+#endif /** EAP_SIM_FILE_PROVIDER_ @}*/
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h b/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h
index 5f3adfe62..a6e9188a5 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h
+++ b/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h
@@ -71,4 +71,4 @@ struct eap_sim_file_triplets_t {
*/
eap_sim_file_triplets_t *eap_sim_file_triplets_create(char *file);
-#endif /* EAP_SIM_FILE_TRIPLETS_ @}*/
+#endif /** EAP_SIM_FILE_TRIPLETS_ @}*/
diff --git a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.h b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.h
index b16390ab4..4d4e33813 100644
--- a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.h
+++ b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: kernel_klips_ipsec.h 4617 2008-11-11 08:45:19Z tobias $
+ * $Id: kernel_klips_ipsec.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -45,4 +45,4 @@ struct kernel_klips_ipsec_t {
*/
kernel_klips_ipsec_t *kernel_klips_ipsec_create();
-#endif /* KERNEL_KLIPS_IPSEC_H_ @} */
+#endif /** KERNEL_KLIPS_IPSEC_H_ @}*/
diff --git a/src/charon/plugins/kernel_klips/kernel_klips_plugin.h b/src/charon/plugins/kernel_klips/kernel_klips_plugin.h
index 67c3b74c6..8dd2f1895 100644
--- a/src/charon/plugins/kernel_klips/kernel_klips_plugin.h
+++ b/src/charon/plugins/kernel_klips/kernel_klips_plugin.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: kernel_klips_plugin.h 4617 2008-11-11 08:45:19Z tobias $
+ * $Id: kernel_klips_plugin.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct kernel_klips_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* KERNEL_KLIPS_PLUGIN_H_ @} */
+#endif /** KERNEL_KLIPS_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 8a13ed489..ee47914d3 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -17,7 +17,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: kernel_netlink_ipsec.c 4831 2009-01-09 09:37:13Z andreas $
+ * $Id: kernel_netlink_ipsec.c 4997 2009-03-24 10:24:58Z martin $
*/
#include <sys/types.h>
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h
index a78004e09..0b65c5213 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h
+++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: kernel_netlink_ipsec.h 4358 2008-09-25 13:56:23Z tobias $
+ * $Id: kernel_netlink_ipsec.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -45,4 +45,4 @@ struct kernel_netlink_ipsec_t {
*/
kernel_netlink_ipsec_t *kernel_netlink_ipsec_create();
-#endif /* KERNEL_NETLINK_IPSEC_H_ @} */
+#endif /** KERNEL_NETLINK_IPSEC_H_ @}*/
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_net.h b/src/charon/plugins/kernel_netlink/kernel_netlink_net.h
index 393167a71..39b96837b 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_net.h
+++ b/src/charon/plugins/kernel_netlink/kernel_netlink_net.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: kernel_netlink_net.h 4350 2008-09-18 15:16:43Z tobias $
+ * $Id: kernel_netlink_net.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -45,4 +45,4 @@ struct kernel_netlink_net_t {
*/
kernel_netlink_net_t *kernel_netlink_net_create();
-#endif /* KERNEL_NETLINK_NET_H_ @} */
+#endif /** KERNEL_NETLINK_NET_H_ @}*/
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h b/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h
index 80a6c27e1..f08dbc023 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h
+++ b/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: kernel_netlink_plugin.h 4358 2008-09-25 13:56:23Z tobias $
+ * $Id: kernel_netlink_plugin.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct kernel_netlink_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* KERNEL_NETLINK_PLUGIN_H_ @} */
+#endif /** KERNEL_NETLINK_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h
index 6e2ec5377..db05462f4 100644
--- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h
+++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: kernel_pfkey_ipsec.h 4361 2008-10-01 16:47:51Z tobias $
+ * $Id: kernel_pfkey_ipsec.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -45,4 +45,4 @@ struct kernel_pfkey_ipsec_t {
*/
kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create();
-#endif /* KERNEL_PFKEY_IPSEC_H_ @} */
+#endif /** KERNEL_PFKEY_IPSEC_H_ @}*/
diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h b/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h
index 5e256ca74..f091c6d81 100644
--- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h
+++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: kernel_pfkey_plugin.h 4361 2008-10-01 16:47:51Z tobias $
+ * $Id: kernel_pfkey_plugin.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct kernel_pfkey_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* KERNEL_PFKEY_PLUGIN_H_ @} */
+#endif /** KERNEL_PFKEY_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/load_tester/load_tester_config.h b/src/charon/plugins/load_tester/load_tester_config.h
index d5391da63..92a0ff95b 100644
--- a/src/charon/plugins/load_tester/load_tester_config.h
+++ b/src/charon/plugins/load_tester/load_tester_config.h
@@ -50,4 +50,4 @@ struct load_tester_config_t {
*/
load_tester_config_t *load_tester_config_create();
-#endif /* LOAD_TESTER_CONFIG_H_ @}*/
+#endif /** LOAD_TESTER_CONFIG_H_ @}*/
diff --git a/src/charon/plugins/load_tester/load_tester_creds.h b/src/charon/plugins/load_tester/load_tester_creds.h
index bc092bd12..ed73f14c3 100644
--- a/src/charon/plugins/load_tester/load_tester_creds.h
+++ b/src/charon/plugins/load_tester/load_tester_creds.h
@@ -50,4 +50,4 @@ struct load_tester_creds_t {
*/
load_tester_creds_t *load_tester_creds_create();
-#endif /* LOAD_TESTER_CREDS_H_ @}*/
+#endif /** LOAD_TESTER_CREDS_H_ @}*/
diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h b/src/charon/plugins/load_tester/load_tester_diffie_hellman.h
index 1f66e7f2b..422428a54 100644
--- a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h
+++ b/src/charon/plugins/load_tester/load_tester_diffie_hellman.h
@@ -47,4 +47,4 @@ struct load_tester_diffie_hellman_t {
load_tester_diffie_hellman_t *load_tester_diffie_hellman_create(
diffie_hellman_group_t group);
-#endif /* LOAD_TESTER_DIFFIE_HELLMAN_ @}*/
+#endif /** LOAD_TESTER_DIFFIE_HELLMAN_ @}*/
diff --git a/src/charon/plugins/load_tester/load_tester_ipsec.h b/src/charon/plugins/load_tester/load_tester_ipsec.h
index 34a99dcbd..4f374032f 100644
--- a/src/charon/plugins/load_tester/load_tester_ipsec.h
+++ b/src/charon/plugins/load_tester/load_tester_ipsec.h
@@ -45,4 +45,4 @@ struct load_tester_ipsec_t {
*/
load_tester_ipsec_t *load_tester_ipsec_create();
-#endif /* LOAD_TESTER_IPSEC_H_ @} */
+#endif /** LOAD_TESTER_IPSEC_H_ @}*/
diff --git a/src/charon/plugins/load_tester/load_tester_listener.h b/src/charon/plugins/load_tester/load_tester_listener.h
index 6ef749b96..b61da0cb3 100644
--- a/src/charon/plugins/load_tester/load_tester_listener.h
+++ b/src/charon/plugins/load_tester/load_tester_listener.h
@@ -51,4 +51,4 @@ struct load_tester_listener_t {
*/
load_tester_listener_t *load_tester_listener_create(u_int shutdown_on);
-#endif /* LOAD_TESTER_LISTENER_H_ @}*/
+#endif /** LOAD_TESTER_LISTENER_H_ @}*/
diff --git a/src/charon/plugins/load_tester/load_tester_plugin.h b/src/charon/plugins/load_tester/load_tester_plugin.h
index 10088bfa2..e0b64cfef 100644
--- a/src/charon/plugins/load_tester/load_tester_plugin.h
+++ b/src/charon/plugins/load_tester/load_tester_plugin.h
@@ -48,4 +48,4 @@ struct load_tester_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* LOAD_TESTER_PLUGIN_H_ @}*/
+#endif /** LOAD_TESTER_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/medcli/medcli_config.h b/src/charon/plugins/medcli/medcli_config.h
index 789a73243..9c0357a26 100644
--- a/src/charon/plugins/medcli/medcli_config.h
+++ b/src/charon/plugins/medcli/medcli_config.h
@@ -52,4 +52,4 @@ struct medcli_config_t {
*/
medcli_config_t *medcli_config_create(database_t *db);
-#endif /* MEDCLI_CONFIG_H_ @}*/
+#endif /** MEDCLI_CONFIG_H_ @}*/
diff --git a/src/charon/plugins/medcli/medcli_creds.h b/src/charon/plugins/medcli/medcli_creds.h
index 5a81edaf2..4e563b4ac 100644
--- a/src/charon/plugins/medcli/medcli_creds.h
+++ b/src/charon/plugins/medcli/medcli_creds.h
@@ -52,4 +52,4 @@ struct medcli_creds_t {
*/
medcli_creds_t *medcli_creds_create(database_t *database);
-#endif /* MEDCLI_CREDS_H_ @}*/
+#endif /** MEDCLI_CREDS_H_ @}*/
diff --git a/src/charon/plugins/medcli/medcli_listener.h b/src/charon/plugins/medcli/medcli_listener.h
index 4cec3caad..291e66097 100644
--- a/src/charon/plugins/medcli/medcli_listener.h
+++ b/src/charon/plugins/medcli/medcli_listener.h
@@ -52,4 +52,4 @@ struct medcli_listener_t {
*/
medcli_listener_t *medcli_listener_create(database_t *database);
-#endif /* MEDCLI_LISTENER_H_ @}*/
+#endif /** MEDCLI_LISTENER_H_ @}*/
diff --git a/src/charon/plugins/medcli/medcli_plugin.h b/src/charon/plugins/medcli/medcli_plugin.h
index 1a8c5b5e7..791a5cea5 100644
--- a/src/charon/plugins/medcli/medcli_plugin.h
+++ b/src/charon/plugins/medcli/medcli_plugin.h
@@ -46,4 +46,4 @@ struct medcli_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* MEDCLI_PLUGIN_H_ @}*/
+#endif /** MEDCLI_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/medsrv/medsrv_config.h b/src/charon/plugins/medsrv/medsrv_config.h
index ebb62037e..a92780144 100644
--- a/src/charon/plugins/medsrv/medsrv_config.h
+++ b/src/charon/plugins/medsrv/medsrv_config.h
@@ -52,4 +52,4 @@ struct medsrv_config_t {
*/
medsrv_config_t *medsrv_config_create(database_t *db);
-#endif /* MEDSRV_CONFIG_H_ @}*/
+#endif /** MEDSRV_CONFIG_H_ @}*/
diff --git a/src/charon/plugins/medsrv/medsrv_creds.h b/src/charon/plugins/medsrv/medsrv_creds.h
index f65e98411..0ce77167c 100644
--- a/src/charon/plugins/medsrv/medsrv_creds.h
+++ b/src/charon/plugins/medsrv/medsrv_creds.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: medsrv_creds.h 3915 2008-05-08 12:11:30Z martin $
+ * $Id: medsrv_creds.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -52,4 +52,4 @@ struct medsrv_creds_t {
*/
medsrv_creds_t *medsrv_creds_create(database_t *database);
-#endif /* MEDSRV_CREDS_H_ @}*/
+#endif /** MEDSRV_CREDS_H_ @}*/
diff --git a/src/charon/plugins/medsrv/medsrv_plugin.h b/src/charon/plugins/medsrv/medsrv_plugin.h
index 8aa56d607..fbe04021f 100644
--- a/src/charon/plugins/medsrv/medsrv_plugin.h
+++ b/src/charon/plugins/medsrv/medsrv_plugin.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: medsrv_plugin.h 3915 2008-05-08 12:11:30Z martin $
+ * $Id: medsrv_plugin.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct medsrv_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* MEDSRV_PLUGIN_H_ @}*/
+#endif /** MEDSRV_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/nm/nm_creds.h b/src/charon/plugins/nm/nm_creds.h
index 4bcc32191..b0cc7a098 100644
--- a/src/charon/plugins/nm/nm_creds.h
+++ b/src/charon/plugins/nm/nm_creds.h
@@ -76,4 +76,4 @@ struct nm_creds_t {
*/
nm_creds_t *nm_creds_create();
-#endif /* NM_CREDS_H_ @}*/
+#endif /** NM_CREDS_H_ @}*/
diff --git a/src/charon/plugins/nm/nm_plugin.h b/src/charon/plugins/nm/nm_plugin.h
index 2604b80dd..fadcbfb96 100644
--- a/src/charon/plugins/nm/nm_plugin.h
+++ b/src/charon/plugins/nm/nm_plugin.h
@@ -46,4 +46,4 @@ struct nm_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* NM_PLUGIN_H_ @}*/
+#endif /** NM_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/nm/nm_service.h b/src/charon/plugins/nm/nm_service.h
index 7cd0fc5e3..bc6ebcf99 100644
--- a/src/charon/plugins/nm/nm_service.h
+++ b/src/charon/plugins/nm/nm_service.h
@@ -52,4 +52,4 @@ GType nm_strongswan_plugin_get_type(void);
NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds);
-#endif /* NM_SERVICE_H_ */
+#endif /** NM_SERVICE_H_ @}*/
diff --git a/src/charon/plugins/smp/smp.h b/src/charon/plugins/smp/smp.h
index e65d5ea2c..1f45befa6 100644
--- a/src/charon/plugins/smp/smp.h
+++ b/src/charon/plugins/smp/smp.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: smp.h 3689 2008-03-28 12:44:01Z martin $
+ * $Id: smp.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -49,4 +49,4 @@ struct smp_t {
*/
plugin_t *plugin_create();
-#endif /* XML_H_ @}*/
+#endif /** XML_H_ @}*/
diff --git a/src/charon/plugins/sql/sql_attribute.h b/src/charon/plugins/sql/sql_attribute.h
index 211204ced..57db4617e 100644
--- a/src/charon/plugins/sql/sql_attribute.h
+++ b/src/charon/plugins/sql/sql_attribute.h
@@ -48,4 +48,4 @@ struct sql_attribute_t {
*/
sql_attribute_t *sql_attribute_create(database_t *db);
-#endif /* SQL_ATTRIBUTE_H_ @}*/
+#endif /** SQL_ATTRIBUTE_H_ @}*/
diff --git a/src/charon/plugins/sql/sql_config.h b/src/charon/plugins/sql/sql_config.h
index d34705c71..bfcd7a7c1 100644
--- a/src/charon/plugins/sql/sql_config.h
+++ b/src/charon/plugins/sql/sql_config.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: sql_config.h 3594 2008-03-13 14:53:57Z martin $
+ * $Id: sql_config.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -52,4 +52,4 @@ struct sql_config_t {
*/
sql_config_t *sql_config_create(database_t *db);
-#endif /* SQL_CONFIG_H_ @}*/
+#endif /** SQL_CONFIG_H_ @}*/
diff --git a/src/charon/plugins/sql/sql_cred.h b/src/charon/plugins/sql/sql_cred.h
index e251abe00..a614f0cba 100644
--- a/src/charon/plugins/sql/sql_cred.h
+++ b/src/charon/plugins/sql/sql_cred.h
@@ -52,4 +52,4 @@ struct sql_cred_t {
*/
sql_cred_t *sql_cred_create(database_t *db);
-#endif /* SQL_CRED_H_ @}*/
+#endif /** SQL_CRED_H_ @}*/
diff --git a/src/charon/plugins/sql/sql_logger.h b/src/charon/plugins/sql/sql_logger.h
index a2c6fb5e9..3346430a1 100644
--- a/src/charon/plugins/sql/sql_logger.h
+++ b/src/charon/plugins/sql/sql_logger.h
@@ -52,4 +52,4 @@ struct sql_logger_t {
*/
sql_logger_t *sql_logger_create(database_t *db);
-#endif /* SQL_LOGGER_H_ @}*/
+#endif /** SQL_LOGGER_H_ @}*/
diff --git a/src/charon/plugins/sql/sql_plugin.h b/src/charon/plugins/sql/sql_plugin.h
index 8a7ba3e85..d4f2d29f2 100644
--- a/src/charon/plugins/sql/sql_plugin.h
+++ b/src/charon/plugins/sql/sql_plugin.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: sql_plugin.h 3577 2008-03-12 14:38:35Z martin $
+ * $Id: sql_plugin.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct sql_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* SQL_PLUGIN_H_ @}*/
+#endif /** SQL_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_attribute.h b/src/charon/plugins/stroke/stroke_attribute.h
index 5060dc987..41ab6299b 100644
--- a/src/charon/plugins/stroke/stroke_attribute.h
+++ b/src/charon/plugins/stroke/stroke_attribute.h
@@ -85,4 +85,4 @@ struct stroke_attribute_t {
*/
stroke_attribute_t *stroke_attribute_create();
-#endif /* STROKE_ATTRIBUTE_H_ @}*/
+#endif /** STROKE_ATTRIBUTE_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_ca.h b/src/charon/plugins/stroke/stroke_ca.h
index 882446afe..ee759ff4e 100644
--- a/src/charon/plugins/stroke/stroke_ca.h
+++ b/src/charon/plugins/stroke/stroke_ca.h
@@ -79,4 +79,4 @@ struct stroke_ca_t {
*/
stroke_ca_t *stroke_ca_create(stroke_cred_t *cred);
-#endif /* STROKE_CA_H_ @}*/
+#endif /** STROKE_CA_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_config.h b/src/charon/plugins/stroke/stroke_config.h
index 22b493cd2..12eb11a8f 100644
--- a/src/charon/plugins/stroke/stroke_config.h
+++ b/src/charon/plugins/stroke/stroke_config.h
@@ -65,4 +65,4 @@ struct stroke_config_t {
*/
stroke_config_t *stroke_config_create(stroke_ca_t *ca, stroke_cred_t *cred);
-#endif /* STROKE_CONFIG_H_ @}*/
+#endif /** STROKE_CONFIG_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_control.h b/src/charon/plugins/stroke/stroke_control.h
index 926964458..26dc99b94 100644
--- a/src/charon/plugins/stroke/stroke_control.h
+++ b/src/charon/plugins/stroke/stroke_control.h
@@ -80,4 +80,4 @@ struct stroke_control_t {
*/
stroke_control_t *stroke_control_create();
-#endif /* STROKE_CONTROL_H_ @}*/
+#endif /** STROKE_CONTROL_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_cred.h b/src/charon/plugins/stroke/stroke_cred.h
index 1b9ef986e..fc7121622 100644
--- a/src/charon/plugins/stroke/stroke_cred.h
+++ b/src/charon/plugins/stroke/stroke_cred.h
@@ -80,4 +80,4 @@ struct stroke_cred_t {
*/
stroke_cred_t *stroke_cred_create();
-#endif /* STROKE_CRED_H_ @}*/
+#endif /** STROKE_CRED_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_list.h b/src/charon/plugins/stroke/stroke_list.h
index 1f7f19d62..73a6ff6e4 100644
--- a/src/charon/plugins/stroke/stroke_list.h
+++ b/src/charon/plugins/stroke/stroke_list.h
@@ -73,4 +73,4 @@ struct stroke_list_t {
*/
stroke_list_t *stroke_list_create(stroke_attribute_t *attribute);
-#endif /* STROKE_LIST_H_ @}*/
+#endif /** STROKE_LIST_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_plugin.h b/src/charon/plugins/stroke/stroke_plugin.h
index 7ea18b8af..b4c367c6e 100644
--- a/src/charon/plugins/stroke/stroke_plugin.h
+++ b/src/charon/plugins/stroke/stroke_plugin.h
@@ -49,4 +49,4 @@ struct stroke_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* STROKE_PLUGIN_H_ @}*/
+#endif /** STROKE_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_shared_key.h b/src/charon/plugins/stroke/stroke_shared_key.h
index e93d8cee2..b456095ae 100644
--- a/src/charon/plugins/stroke/stroke_shared_key.h
+++ b/src/charon/plugins/stroke/stroke_shared_key.h
@@ -59,4 +59,4 @@ struct stroke_shared_key_t {
*/
stroke_shared_key_t *stroke_shared_key_create(shared_key_type_t type, chunk_t key);
-#endif /* STROKE_SHARED_KEY_H_ @}*/
+#endif /** STROKE_SHARED_KEY_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_socket.h b/src/charon/plugins/stroke/stroke_socket.h
index 7bc96686f..7a772c56c 100644
--- a/src/charon/plugins/stroke/stroke_socket.h
+++ b/src/charon/plugins/stroke/stroke_socket.h
@@ -41,4 +41,4 @@ struct stroke_socket_t {
*/
stroke_socket_t *stroke_socket_create();
-#endif /* STROKE_SOCKET_H_ @}*/
+#endif /** STROKE_SOCKET_H_ @}*/
diff --git a/src/charon/plugins/uci/uci_config.h b/src/charon/plugins/uci/uci_config.h
index 4d8b286c6..67893f771 100644
--- a/src/charon/plugins/uci/uci_config.h
+++ b/src/charon/plugins/uci/uci_config.h
@@ -54,4 +54,4 @@ struct uci_config_t {
*/
uci_config_t *uci_config_create(uci_parser_t *parser);
-#endif /* UCI_CONFIG_H_ @}*/
+#endif /** UCI_CONFIG_H_ @}*/
diff --git a/src/charon/plugins/uci/uci_control.h b/src/charon/plugins/uci/uci_control.h
index 774c42661..b5db32226 100644
--- a/src/charon/plugins/uci/uci_control.h
+++ b/src/charon/plugins/uci/uci_control.h
@@ -25,19 +25,20 @@
typedef struct uci_control_t uci_control_t;
+/**
+ * UCI control interface, uses a simple FIFO file
+ */
struct uci_control_t {
-
+
/**
- * Destroy the controller
- */
-
+ * Destroy the controller
+ */
void (*destroy)(uci_control_t *this);
};
/**
* Create a UCI based configuration backend.
*/
-
uci_control_t *uci_control_create();
-#endif /*UCI_CONTROL_H_@}*/
+#endif /** UCI_CONTROL_H_ @}*/
diff --git a/src/charon/plugins/uci/uci_creds.h b/src/charon/plugins/uci/uci_creds.h
index cf82f1c07..f1573a8a3 100644
--- a/src/charon/plugins/uci/uci_creds.h
+++ b/src/charon/plugins/uci/uci_creds.h
@@ -54,4 +54,4 @@ struct uci_creds_t {
*/
uci_creds_t *uci_creds_create(uci_parser_t *parser);
-#endif /* UCI_CREDS_H_ @}*/
+#endif /** UCI_CREDS_H_ @}*/
diff --git a/src/charon/plugins/uci/uci_parser.h b/src/charon/plugins/uci/uci_parser.h
index a8633ca2e..b3e76962b 100644
--- a/src/charon/plugins/uci/uci_parser.h
+++ b/src/charon/plugins/uci/uci_parser.h
@@ -58,5 +58,4 @@ struct uci_parser_t {
*/
uci_parser_t *uci_parser_create(char *package);
-#endif /* UCI_PARSER_H_ @}*/
-
+#endif /** UCI_PARSER_H_ @}*/
diff --git a/src/charon/plugins/uci/uci_plugin.h b/src/charon/plugins/uci/uci_plugin.h
index cac95dc13..d9a888aa1 100644
--- a/src/charon/plugins/uci/uci_plugin.h
+++ b/src/charon/plugins/uci/uci_plugin.h
@@ -47,4 +47,4 @@ struct uci_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* UCI_PLUGIN_H_ @}*/
+#endif /** UCI_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/unit_tester/tests.h b/src/charon/plugins/unit_tester/tests.h
index 0673c309a..7a5aa5ab8 100644
--- a/src/charon/plugins/unit_tester/tests.h
+++ b/src/charon/plugins/unit_tester/tests.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: tests.h 4815 2008-12-18 16:24:22Z martin $
+ * $Id: tests.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -41,3 +41,5 @@ DEFINE_TEST("Base64 converter", test_chunk_base64, FALSE)
DEFINE_TEST("IP pool", test_pool, FALSE)
DEFINE_TEST("SSH agent", test_agent, FALSE)
DEFINE_TEST("RNG quality", test_rng, FALSE)
+
+/** @}*/
diff --git a/src/charon/plugins/unit_tester/unit_tester.h b/src/charon/plugins/unit_tester/unit_tester.h
index af946c2e0..760b0389b 100644
--- a/src/charon/plugins/unit_tester/unit_tester.h
+++ b/src/charon/plugins/unit_tester/unit_tester.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: unit_tester.h 3491 2008-02-22 14:04:00Z martin $
+ * $Id: unit_tester.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -48,4 +48,4 @@ struct unit_tester_t {
*/
plugin_t *plugin_create();
-#endif /* UNIT_TESTER_H_ @}*/
+#endif /** UNIT_TESTER_H_ @}*/
diff --git a/src/charon/plugins/updown/updown_listener.h b/src/charon/plugins/updown/updown_listener.h
index 569d5817e..0d09a4cea 100644
--- a/src/charon/plugins/updown/updown_listener.h
+++ b/src/charon/plugins/updown/updown_listener.h
@@ -48,4 +48,4 @@ struct updown_listener_t {
*/
updown_listener_t *updown_listener_create();
-#endif /* UPDOWN_LISTENER_ @}*/
+#endif /** UPDOWN_LISTENER_ @}*/
diff --git a/src/charon/plugins/updown/updown_plugin.h b/src/charon/plugins/updown/updown_plugin.h
index 4d0a930c2..99779d04e 100644
--- a/src/charon/plugins/updown/updown_plugin.h
+++ b/src/charon/plugins/updown/updown_plugin.h
@@ -46,4 +46,4 @@ struct updown_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* UPDOWN_PLUGIN_H_ @}*/
+#endif /** UPDOWN_PLUGIN_H_ @}*/
diff --git a/src/charon/processing/jobs/acquire_job.h b/src/charon/processing/jobs/acquire_job.h
index 7459ccc21..feea5c72a 100644
--- a/src/charon/processing/jobs/acquire_job.h
+++ b/src/charon/processing/jobs/acquire_job.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: acquire_job.h 4535 2008-10-31 01:43:23Z andreas $
+ * $Id: acquire_job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -55,4 +55,4 @@ acquire_job_t *acquire_job_create(u_int32_t reqid,
traffic_selector_t *src_ts,
traffic_selector_t *dst_ts);
-#endif /* REKEY_CHILD_SA_JOB_H_ @} */
+#endif /** REKEY_CHILD_SA_JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/callback_job.h b/src/charon/processing/jobs/callback_job.h
index 4e2eab235..012bb271c 100644
--- a/src/charon/processing/jobs/callback_job.h
+++ b/src/charon/processing/jobs/callback_job.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: callback_job.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: callback_job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -116,4 +116,4 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data,
callback_job_cleanup_t cleanup,
callback_job_t *parent);
-#endif /* CALLBACK_JOB_H_ @} */
+#endif /** CALLBACK_JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/delete_child_sa_job.h b/src/charon/processing/jobs/delete_child_sa_job.h
index c11e8fab4..a17c86b22 100644
--- a/src/charon/processing/jobs/delete_child_sa_job.h
+++ b/src/charon/processing/jobs/delete_child_sa_job.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: delete_child_sa_job.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: delete_child_sa_job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -58,4 +58,4 @@ delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid,
protocol_id_t protocol,
u_int32_t spi);
-#endif /* DELETE_CHILD_SA_JOB_H_ @} */
+#endif /** DELETE_CHILD_SA_JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/delete_ike_sa_job.h b/src/charon/processing/jobs/delete_ike_sa_job.h
index cf666bb48..fcb712e43 100644
--- a/src/charon/processing/jobs/delete_ike_sa_job.h
+++ b/src/charon/processing/jobs/delete_ike_sa_job.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: delete_ike_sa_job.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: delete_ike_sa_job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -56,4 +56,4 @@ struct delete_ike_sa_job_t {
delete_ike_sa_job_t *delete_ike_sa_job_create(ike_sa_id_t *ike_sa_id,
bool delete_if_established);
-#endif /* DELETE_IKE_SA_JOB_H_ @} */
+#endif /** DELETE_IKE_SA_JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/initiate_mediation_job.h b/src/charon/processing/jobs/initiate_mediation_job.h
index 966da95d3..17f5e4d18 100644
--- a/src/charon/processing/jobs/initiate_mediation_job.h
+++ b/src/charon/processing/jobs/initiate_mediation_job.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: initiate_mediation_job.h 3792 2008-04-10 12:51:04Z tobias $
+ * $Id: initiate_mediation_job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -60,4 +60,4 @@ initiate_mediation_job_t *initiate_mediation_job_create(ike_sa_id_t *ike_sa_id);
initiate_mediation_job_t *reinitiate_mediation_job_create(ike_sa_id_t *mediation_sa_id,
ike_sa_id_t *mediated_sa_id);
-#endif /*INITIATE_MEDIATION_JOB_H_ @} */
+#endif /** INITIATE_MEDIATION_JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/job.h b/src/charon/processing/jobs/job.h
index 61f639936..e0a2d1df7 100644
--- a/src/charon/processing/jobs/job.h
+++ b/src/charon/processing/jobs/job.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: job.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -51,4 +51,4 @@ struct job_t {
void (*destroy) (job_t *job);
};
-#endif /* JOB_H_ @} */
+#endif /** JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/mediation_job.h b/src/charon/processing/jobs/mediation_job.h
index 0e2901180..08e37915f 100644
--- a/src/charon/processing/jobs/mediation_job.h
+++ b/src/charon/processing/jobs/mediation_job.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: mediation_job.h 3666 2008-03-26 18:40:19Z tobias $
+ * $Id: mediation_job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -73,4 +73,4 @@ mediation_job_t *mediation_job_create(identification_t *peer_id,
mediation_job_t *mediation_callback_job_create(identification_t *requester,
identification_t *peer_id);
-#endif /*MEDIATION_JOB_H_ @} */
+#endif /** MEDIATION_JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/migrate_job.h b/src/charon/processing/jobs/migrate_job.h
index a99ffbb0c..9f39b9730 100644
--- a/src/charon/processing/jobs/migrate_job.h
+++ b/src/charon/processing/jobs/migrate_job.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: migrate_job.h 4662 2008-11-16 21:19:58Z andreas $
+ * $Id: migrate_job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -62,4 +62,4 @@ migrate_job_t *migrate_job_create(u_int32_t reqid,
policy_dir_t dir,
host_t *local, host_t *remote);
-#endif /* MIGRATE_JOB_H_ @} */
+#endif /** MIGRATE_JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/process_message_job.h b/src/charon/processing/jobs/process_message_job.h
index 920444db1..0aae4c24e 100644
--- a/src/charon/processing/jobs/process_message_job.h
+++ b/src/charon/processing/jobs/process_message_job.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: process_message_job.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: process_message_job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -48,4 +48,4 @@ struct process_message_job_t {
*/
process_message_job_t *process_message_job_create(message_t *message);
-#endif /*PROCESS_MESSAGE_JOB_H_ @} */
+#endif /** PROCESS_MESSAGE_JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/rekey_child_sa_job.h b/src/charon/processing/jobs/rekey_child_sa_job.h
index 38fd04f10..14e4af5e1 100644
--- a/src/charon/processing/jobs/rekey_child_sa_job.h
+++ b/src/charon/processing/jobs/rekey_child_sa_job.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: rekey_child_sa_job.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: rekey_child_sa_job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -56,4 +56,4 @@ struct rekey_child_sa_job_t {
rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid,
protocol_id_t protocol,
u_int32_t spi);
-#endif /* REKEY_CHILD_SA_JOB_H_ @} */
+#endif /** REKEY_CHILD_SA_JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/rekey_ike_sa_job.h b/src/charon/processing/jobs/rekey_ike_sa_job.h
index c8d9abee3..c03711d73 100644
--- a/src/charon/processing/jobs/rekey_ike_sa_job.h
+++ b/src/charon/processing/jobs/rekey_ike_sa_job.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: rekey_ike_sa_job.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: rekey_ike_sa_job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -50,4 +50,4 @@ struct rekey_ike_sa_job_t {
*/
rekey_ike_sa_job_t *rekey_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool reauth);
-#endif /* REKEY_IKE_SA_JOB_H_ @} */
+#endif /** REKEY_IKE_SA_JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/retransmit_job.h b/src/charon/processing/jobs/retransmit_job.h
index 60932b304..a20369a1b 100644
--- a/src/charon/processing/jobs/retransmit_job.h
+++ b/src/charon/processing/jobs/retransmit_job.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: retransmit_job.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: retransmit_job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -54,4 +54,4 @@ struct retransmit_job_t {
retransmit_job_t *retransmit_job_create(u_int32_t message_id,
ike_sa_id_t *ike_sa_id);
-#endif /* RETRANSMIT_JOB_H_ @} */
+#endif /** RETRANSMIT_JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/roam_job.h b/src/charon/processing/jobs/roam_job.h
index 763416b4a..6c0cbc2b7 100644
--- a/src/charon/processing/jobs/roam_job.h
+++ b/src/charon/processing/jobs/roam_job.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: roam_job.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: roam_job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -51,4 +51,4 @@ struct roam_job_t {
*/
roam_job_t *roam_job_create(bool address);
-#endif /*ROAM_JOB_H_ @} */
+#endif /** ROAM_JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/send_dpd_job.h b/src/charon/processing/jobs/send_dpd_job.h
index 032823edd..2b6b5fee3 100644
--- a/src/charon/processing/jobs/send_dpd_job.h
+++ b/src/charon/processing/jobs/send_dpd_job.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: send_dpd_job.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: send_dpd_job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -51,4 +51,4 @@ struct send_dpd_job_t {
*/
send_dpd_job_t *send_dpd_job_create(ike_sa_id_t *ike_sa_id);
-#endif /*SEND_DPD_JOB_H_ @} */
+#endif /** SEND_DPD_JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/send_keepalive_job.h b/src/charon/processing/jobs/send_keepalive_job.h
index 44bab09b4..7b3fe9f60 100644
--- a/src/charon/processing/jobs/send_keepalive_job.h
+++ b/src/charon/processing/jobs/send_keepalive_job.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: send_keepalive_job.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: send_keepalive_job.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -50,4 +50,4 @@ struct send_keepalive_job_t {
*/
send_keepalive_job_t *send_keepalive_job_create(ike_sa_id_t *ike_sa_id);
-#endif /*SEND_KEEPALIVE_JOB_H_ @} */
+#endif /** SEND_KEEPALIVE_JOB_H_ @}*/
diff --git a/src/charon/processing/jobs/update_sa_job.h b/src/charon/processing/jobs/update_sa_job.h
index 5a350d939..79b89bbe3 100644
--- a/src/charon/processing/jobs/update_sa_job.h
+++ b/src/charon/processing/jobs/update_sa_job.h
@@ -49,4 +49,4 @@ struct update_sa_job_t {
*/
update_sa_job_t *update_sa_job_create(u_int32_t reqid, host_t *new);
-#endif /*UPDATE_SA_JOB_H_ @} */
+#endif /** UPDATE_SA_JOB_H_ @}*/
diff --git a/src/charon/processing/processor.h b/src/charon/processing/processor.h
index 530fbc24b..6ab643b1f 100644
--- a/src/charon/processing/processor.h
+++ b/src/charon/processing/processor.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: processor.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: processor.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -93,4 +93,4 @@ struct processor_t {
*/
processor_t *processor_create();
-#endif /*PROCESSOR_H_ @} */
+#endif /** PROCESSOR_H_ @}*/
diff --git a/src/charon/processing/scheduler.h b/src/charon/processing/scheduler.h
index edc17a02b..c3e177727 100644
--- a/src/charon/processing/scheduler.h
+++ b/src/charon/processing/scheduler.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: scheduler.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: scheduler.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -66,4 +66,4 @@ struct scheduler_t {
*/
scheduler_t *scheduler_create(void);
-#endif /*SCHEDULER_H_ @} */
+#endif /** SCHEDULER_H_ @}*/
diff --git a/src/charon/sa/authenticators/authenticator.h b/src/charon/sa/authenticators/authenticator.h
index aa5a73e86..345cc7deb 100644
--- a/src/charon/sa/authenticators/authenticator.h
+++ b/src/charon/sa/authenticators/authenticator.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: authenticator.h 4276 2008-08-22 10:44:51Z martin $
+ * $Id: authenticator.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -162,4 +162,4 @@ authenticator_t *authenticator_create_from_class(ike_sa_t *ike_sa,
authenticator_t *authenticator_create_from_method(ike_sa_t *ike_sa,
auth_method_t method);
-#endif /* AUTHENTICATOR_H_ @} */
+#endif /** AUTHENTICATOR_H_ @}*/
diff --git a/src/charon/sa/authenticators/eap/eap_manager.h b/src/charon/sa/authenticators/eap/eap_manager.h
index 74bfa1f51..db5535a81 100644
--- a/src/charon/sa/authenticators/eap/eap_manager.h
+++ b/src/charon/sa/authenticators/eap/eap_manager.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_manager.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: eap_manager.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -81,4 +81,4 @@ struct eap_manager_t {
*/
eap_manager_t *eap_manager_create();
-#endif /* EAP_MANAGER_H_ @}*/
+#endif /** EAP_MANAGER_H_ @}*/
diff --git a/src/charon/sa/authenticators/eap/eap_method.c b/src/charon/sa/authenticators/eap/eap_method.c
index 6babab212..2e4307eb4 100644
--- a/src/charon/sa/authenticators/eap/eap_method.c
+++ b/src/charon/sa/authenticators/eap/eap_method.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_method.c 4882 2009-02-18 19:57:15Z tobias $
+ * $Id: eap_method.c 4997 2009-03-24 10:24:58Z martin $
*/
#include "eap_method.h"
@@ -30,7 +30,8 @@ ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_SIM,
"EAP_AKA");
ENUM_NEXT(eap_type_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA,
"EAP_MSCHAPV2");
-ENUM_NEXT(eap_type_names, EAP_EXPANDED, EAP_EXPERIMENTAL, EAP_MSCHAPV2,
+ENUM_NEXT(eap_type_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_MSCHAPV2,
+ "EAP_RADIUS",
"EAP_EXPANDED",
"EAP_EXPERIMENTAL");
ENUM_END(eap_type_names, EAP_EXPERIMENTAL);
diff --git a/src/charon/sa/authenticators/eap/eap_method.h b/src/charon/sa/authenticators/eap/eap_method.h
index 1fd7bd24b..6f3da1ba7 100644
--- a/src/charon/sa/authenticators/eap/eap_method.h
+++ b/src/charon/sa/authenticators/eap/eap_method.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_method.h 4882 2009-02-18 19:57:15Z tobias $
+ * $Id: eap_method.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -57,6 +57,8 @@ enum eap_type_t {
EAP_SIM = 18,
EAP_AKA = 23,
EAP_MSCHAPV2 = 26,
+ /** not a method, but an implementation providing different methods */
+ EAP_RADIUS = 253,
EAP_EXPANDED = 254,
EAP_EXPERIMENTAL = 255,
};
@@ -185,4 +187,4 @@ struct eap_method_t {
typedef eap_method_t *(*eap_constructor_t)(identification_t *server,
identification_t *peer);
-#endif /* EAP_METHOD_H_ @} */
+#endif /** EAP_METHOD_H_ @}*/
diff --git a/src/charon/sa/authenticators/eap/sim_manager.h b/src/charon/sa/authenticators/eap/sim_manager.h
index 7fb1f2858..69a2e4df9 100644
--- a/src/charon/sa/authenticators/eap/sim_manager.h
+++ b/src/charon/sa/authenticators/eap/sim_manager.h
@@ -133,4 +133,4 @@ struct sim_manager_t {
*/
sim_manager_t *sim_manager_create();
-#endif /* SIM_MANAGER_H_ @}*/
+#endif /** SIM_MANAGER_H_ @}*/
diff --git a/src/charon/sa/authenticators/eap_authenticator.c b/src/charon/sa/authenticators/eap_authenticator.c
index 0c0abcf2e..7b97fe56c 100644
--- a/src/charon/sa/authenticators/eap_authenticator.c
+++ b/src/charon/sa/authenticators/eap_authenticator.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_authenticator.c 4754 2008-12-04 10:09:21Z martin $
+ * $Id: eap_authenticator.c 5037 2009-03-26 13:58:17Z andreas $
*/
#include <string.h>
@@ -141,7 +141,8 @@ static identification_t *get_peer_id(private_eap_authenticator_t *this)
{
config = this->ike_sa->get_peer_cfg(this->ike_sa);
auth = config->get_auth(config);
- if (!auth->get_item(auth, AUTHN_EAP_IDENTITY, (void**)&id))
+ if (!auth->get_item(auth, AUTHN_EAP_IDENTITY, (void**)&id) ||
+ id->get_type(id) == ID_ANY)
{
if (this->role == EAP_PEER)
{
@@ -252,7 +253,7 @@ static status_t initiate(private_eap_authenticator_t *this, eap_type_t type,
if (this->method->initiate(this->method, out) != NEED_MORE)
{
DBG1(DBG_IKE, "failed to initiate EAP exchange, sending %N",
- eap_type_names, type, eap_code_names, EAP_FAILURE);
+ eap_code_names, EAP_FAILURE);
*out = eap_payload_create_code(EAP_FAILURE, 0);
return FAILED;
}
@@ -412,7 +413,7 @@ static status_t process_server(private_eap_authenticator_t *this,
}
else
{
- DBG1(DBG_IKE, "EAP method %N failed for peer %D",
+ DBG1(DBG_IKE, "EAP method %N failed for peer '%D'",
eap_type_names, type,
this->ike_sa->get_other_id(this->ike_sa));
}
diff --git a/src/charon/sa/authenticators/eap_authenticator.h b/src/charon/sa/authenticators/eap_authenticator.h
index bd300a584..3ee6839fa 100644
--- a/src/charon/sa/authenticators/eap_authenticator.h
+++ b/src/charon/sa/authenticators/eap_authenticator.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: eap_authenticator.h 4276 2008-08-22 10:44:51Z martin $
+ * $Id: eap_authenticator.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -144,4 +144,4 @@ struct eap_authenticator_t {
*/
eap_authenticator_t *eap_authenticator_create(ike_sa_t *ike_sa);
-#endif /* EAP_AUTHENTICATOR_H_ @} */
+#endif /** EAP_AUTHENTICATOR_H_ @}*/
diff --git a/src/charon/sa/authenticators/psk_authenticator.h b/src/charon/sa/authenticators/psk_authenticator.h
index c7cb5a23c..df65076a4 100644
--- a/src/charon/sa/authenticators/psk_authenticator.h
+++ b/src/charon/sa/authenticators/psk_authenticator.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: psk_authenticator.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: psk_authenticator.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct psk_authenticator_t {
*/
psk_authenticator_t *psk_authenticator_create(ike_sa_t *ike_sa);
-#endif /* PSK_AUTHENTICATOR_H_ @} */
+#endif /** PSK_AUTHENTICATOR_H_ @}*/
diff --git a/src/charon/sa/authenticators/pubkey_authenticator.h b/src/charon/sa/authenticators/pubkey_authenticator.h
index 038d8b1d2..d2189fa97 100644
--- a/src/charon/sa/authenticators/pubkey_authenticator.h
+++ b/src/charon/sa/authenticators/pubkey_authenticator.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: pubkey_authenticator.h 4051 2008-06-10 09:08:27Z tobias $
+ * $Id: pubkey_authenticator.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -47,4 +47,4 @@ struct pubkey_authenticator_t {
*/
pubkey_authenticator_t *pubkey_authenticator_create(ike_sa_t *ike_sa);
-#endif /* PUBKEY_AUTHENTICATOR_H_ @} */
+#endif /** PUBKEY_AUTHENTICATOR_H_ @}*/
diff --git a/src/charon/sa/child_sa.h b/src/charon/sa/child_sa.h
index 277fd0a79..70169f515 100644
--- a/src/charon/sa/child_sa.h
+++ b/src/charon/sa/child_sa.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: child_sa.h 4677 2008-11-19 15:31:27Z martin $
+ * $Id: child_sa.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -323,8 +323,6 @@ struct child_sa_t {
*
* @param me own address
* @param other remote address
- * @param my_id id of own peer
- * @param other_id id of remote peer
* @param config config to use for this CHILD_SA
* @param reqid reqid of old CHILD_SA when rekeying, 0 otherwise
* @param encap TRUE to enable UDP encapsulation (NAT traversal)
@@ -333,4 +331,4 @@ struct child_sa_t {
child_sa_t * child_sa_create(host_t *me, host_t *other, child_cfg_t *config,
u_int32_t reqid, bool encap);
-#endif /*CHILD_SA_H_ @} */
+#endif /** CHILD_SA_H_ @}*/
diff --git a/src/charon/sa/connect_manager.h b/src/charon/sa/connect_manager.h
index 38d8e7a49..c16f87352 100644
--- a/src/charon/sa/connect_manager.h
+++ b/src/charon/sa/connect_manager.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: connect_manager.h 3792 2008-04-10 12:51:04Z tobias $
+ * $Id: connect_manager.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -120,4 +120,4 @@ struct connect_manager_t {
*/
connect_manager_t *connect_manager_create(void);
-#endif /*CONNECT_MANAGER_H_ @} */
+#endif /** CONNECT_MANAGER_H_ @}*/
diff --git a/src/charon/sa/ike_sa.h b/src/charon/sa/ike_sa.h
index d3976527b..3ca8d9521 100644
--- a/src/charon/sa/ike_sa.h
+++ b/src/charon/sa/ike_sa.h
@@ -15,7 +15,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_sa.h 4810 2008-12-16 17:21:28Z tobias $
+ * $Id: ike_sa.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -920,4 +920,4 @@ struct ike_sa_t {
*/
ike_sa_t *ike_sa_create(ike_sa_id_t *ike_sa_id);
-#endif /* IKE_SA_H_ @} */
+#endif /** IKE_SA_H_ @}*/
diff --git a/src/charon/sa/ike_sa_id.h b/src/charon/sa/ike_sa_id.h
index 652c968b6..db36fda95 100644
--- a/src/charon/sa/ike_sa_id.h
+++ b/src/charon/sa/ike_sa_id.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_sa_id.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: ike_sa_id.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -125,4 +125,4 @@ struct ike_sa_id_t {
ike_sa_id_t * ike_sa_id_create(u_int64_t initiator_spi, u_int64_t responder_spi,
bool is_initiaor);
-#endif /*IKE_SA_ID_H_ @} */
+#endif /** IKE_SA_ID_H_ @}*/
diff --git a/src/charon/sa/ike_sa_manager.c b/src/charon/sa/ike_sa_manager.c
index 447fa2dd5..e2aacddd5 100644
--- a/src/charon/sa/ike_sa_manager.c
+++ b/src/charon/sa/ike_sa_manager.c
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_sa_manager.c 4811 2008-12-17 09:00:22Z martin $
+ * $Id: ike_sa_manager.c 5035 2009-03-26 13:18:19Z andreas $
*/
#include <string.h>
@@ -1476,8 +1476,8 @@ static bool check_uniqueness(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
switch (policy)
{
case UNIQUE_REPLACE:
- DBG1(DBG_IKE, "deleting duplicate IKE_SA due"
- " uniqueness policy");
+ DBG1(DBG_IKE, "deleting duplicate IKE_SA for peer "
+ "'%D' due to uniqueness policy", other);
status = duplicate->delete(duplicate);
break;
case UNIQUE_KEEP:
diff --git a/src/charon/sa/ike_sa_manager.h b/src/charon/sa/ike_sa_manager.h
index 6b6d5a32d..8fe991521 100644
--- a/src/charon/sa/ike_sa_manager.h
+++ b/src/charon/sa/ike_sa_manager.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_sa_manager.h 4811 2008-12-17 09:00:22Z martin $
+ * $Id: ike_sa_manager.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -216,4 +216,4 @@ struct ike_sa_manager_t {
*/
ike_sa_manager_t *ike_sa_manager_create(void);
-#endif /*IKE_SA_MANAGER_H_ @} */
+#endif /** IKE_SA_MANAGER_H_ @}*/
diff --git a/src/charon/sa/keymat.h b/src/charon/sa/keymat.h
index 0d6d08f51..659e4dff2 100644
--- a/src/charon/sa/keymat.h
+++ b/src/charon/sa/keymat.h
@@ -162,4 +162,4 @@ struct keymat_t {
*/
keymat_t *keymat_create(bool initiator);
-#endif /* KEYMAT_ @}*/
+#endif /** KEYMAT_ @}*/
diff --git a/src/charon/sa/mediation_manager.h b/src/charon/sa/mediation_manager.h
index d21c93244..7eee09d67 100644
--- a/src/charon/sa/mediation_manager.h
+++ b/src/charon/sa/mediation_manager.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: mediation_manager.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: mediation_manager.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -88,4 +88,4 @@ struct mediation_manager_t {
*/
mediation_manager_t *mediation_manager_create(void);
-#endif /*MEDIATION_MANAGER_H_ @} */
+#endif /** MEDIATION_MANAGER_H_ @}*/
diff --git a/src/charon/sa/task_manager.h b/src/charon/sa/task_manager.h
index 2aa6018fd..db21684c3 100644
--- a/src/charon/sa/task_manager.h
+++ b/src/charon/sa/task_manager.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: task_manager.h 4689 2008-11-24 12:46:06Z martin $
+ * $Id: task_manager.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -87,7 +87,7 @@ typedef struct task_manager_t task_manager_t;
4s * (1.8 ** 4) = 42s 89s
4s * (1.8 ** 5) = 76s 165s
- @endberbatim
+ @endverbatim
* The peer is considered dead after 2min 45s when no reply comes in.
*/
struct task_manager_t {
@@ -172,4 +172,4 @@ struct task_manager_t {
*/
task_manager_t *task_manager_create(ike_sa_t *ike_sa);
-#endif /* TASK_MANAGER_H_ @} */
+#endif /** TASK_MANAGER_H_ @}*/
diff --git a/src/charon/sa/tasks/child_create.h b/src/charon/sa/tasks/child_create.h
index cee37121e..d01baa594 100644
--- a/src/charon/sa/tasks/child_create.h
+++ b/src/charon/sa/tasks/child_create.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: child_create.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: child_create.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -77,4 +77,4 @@ struct child_create_t {
*/
child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config);
-#endif /* CHILD_CREATE_H_ @} */
+#endif /** CHILD_CREATE_H_ @}*/
diff --git a/src/charon/sa/tasks/child_delete.h b/src/charon/sa/tasks/child_delete.h
index c5ebec338..8886ff4a1 100644
--- a/src/charon/sa/tasks/child_delete.h
+++ b/src/charon/sa/tasks/child_delete.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: child_delete.h 4730 2008-12-01 18:38:28Z martin $
+ * $Id: child_delete.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -59,4 +59,4 @@ struct child_delete_t {
child_delete_t *child_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol,
u_int32_t spi);
-#endif /* CHILD_DELETE_H_ @} */
+#endif /** CHILD_DELETE_H_ @}*/
diff --git a/src/charon/sa/tasks/child_rekey.h b/src/charon/sa/tasks/child_rekey.h
index 37b61a9ef..42fce0742 100644
--- a/src/charon/sa/tasks/child_rekey.h
+++ b/src/charon/sa/tasks/child_rekey.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: child_rekey.h 4730 2008-12-01 18:38:28Z martin $
+ * $Id: child_rekey.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -63,4 +63,4 @@ struct child_rekey_t {
child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol,
u_int32_t spi);
-#endif /* CHILD_REKEY_H_ @} */
+#endif /** CHILD_REKEY_H_ @}*/
diff --git a/src/charon/sa/tasks/ike_auth.h b/src/charon/sa/tasks/ike_auth.h
index 15f98f312..a4719ec24 100644
--- a/src/charon/sa/tasks/ike_auth.h
+++ b/src/charon/sa/tasks/ike_auth.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_auth.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: ike_auth.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -56,4 +56,4 @@ struct ike_auth_t {
*/
ike_auth_t *ike_auth_create(ike_sa_t *ike_sa, bool initiator);
-#endif /* IKE_AUTH_H_ @} */
+#endif /** IKE_AUTH_H_ @}*/
diff --git a/src/charon/sa/tasks/ike_auth_lifetime.h b/src/charon/sa/tasks/ike_auth_lifetime.h
index 21a3bbfdc..46595e6ed 100644
--- a/src/charon/sa/tasks/ike_auth_lifetime.h
+++ b/src/charon/sa/tasks/ike_auth_lifetime.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_auth_lifetime.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: ike_auth_lifetime.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -52,4 +52,4 @@ struct ike_auth_lifetime_t {
*/
ike_auth_lifetime_t *ike_auth_lifetime_create(ike_sa_t *ike_sa, bool initiator);
-#endif /* IKE_MOBIKE_H_ @} */
+#endif /** IKE_MOBIKE_H_ @}*/
diff --git a/src/charon/sa/tasks/ike_cert_post.h b/src/charon/sa/tasks/ike_cert_post.h
index 78b32d67a..ec9d172e1 100644
--- a/src/charon/sa/tasks/ike_cert_post.h
+++ b/src/charon/sa/tasks/ike_cert_post.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_cert_post.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: ike_cert_post.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -52,4 +52,4 @@ struct ike_cert_post_t {
*/
ike_cert_post_t *ike_cert_post_create(ike_sa_t *ike_sa, bool initiator);
-#endif /* IKE_CERT_POST_H_ @} */
+#endif /** IKE_CERT_POST_H_ @}*/
diff --git a/src/charon/sa/tasks/ike_cert_pre.h b/src/charon/sa/tasks/ike_cert_pre.h
index d8793a8e2..d6d06b04f 100644
--- a/src/charon/sa/tasks/ike_cert_pre.h
+++ b/src/charon/sa/tasks/ike_cert_pre.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_cert_pre.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: ike_cert_pre.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -52,4 +52,4 @@ struct ike_cert_pre_t {
*/
ike_cert_pre_t *ike_cert_pre_create(ike_sa_t *ike_sa, bool initiator);
-#endif /* IKE_CERT_PRE_H_ @} */
+#endif /** IKE_CERT_PRE_H_ @}*/
diff --git a/src/charon/sa/tasks/ike_config.h b/src/charon/sa/tasks/ike_config.h
index 23410a196..cc709f4d6 100644
--- a/src/charon/sa/tasks/ike_config.h
+++ b/src/charon/sa/tasks/ike_config.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_config.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: ike_config.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -50,4 +50,4 @@ struct ike_config_t {
*/
ike_config_t *ike_config_create(ike_sa_t *ike_sa, bool initiator);
-#endif /* IKE_CONFIG_H_ @} */
+#endif /** IKE_CONFIG_H_ @}*/
diff --git a/src/charon/sa/tasks/ike_delete.h b/src/charon/sa/tasks/ike_delete.h
index 6d08d345d..ea4e9832b 100644
--- a/src/charon/sa/tasks/ike_delete.h
+++ b/src/charon/sa/tasks/ike_delete.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_delete.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: ike_delete.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -49,4 +49,4 @@ struct ike_delete_t {
*/
ike_delete_t *ike_delete_create(ike_sa_t *ike_sa, bool initiator);
-#endif /* IKE_DELETE_H_ @} */
+#endif /** IKE_DELETE_H_ @}*/
diff --git a/src/charon/sa/tasks/ike_dpd.h b/src/charon/sa/tasks/ike_dpd.h
index 62b8a6a10..0eadd0db7 100644
--- a/src/charon/sa/tasks/ike_dpd.h
+++ b/src/charon/sa/tasks/ike_dpd.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_dpd.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: ike_dpd.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -50,4 +50,4 @@ struct ike_dpd_t {
*/
ike_dpd_t *ike_dpd_create(bool initiator);
-#endif /* IKE_DPD_H_ @} */
+#endif /** IKE_DPD_H_ @}*/
diff --git a/src/charon/sa/tasks/ike_init.h b/src/charon/sa/tasks/ike_init.h
index 0e5a913fd..84f28a98d 100644
--- a/src/charon/sa/tasks/ike_init.h
+++ b/src/charon/sa/tasks/ike_init.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_init.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: ike_init.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -59,4 +59,4 @@ struct ike_init_t {
*/
ike_init_t *ike_init_create(ike_sa_t *ike_sa, bool initiator, ike_sa_t *old_sa);
-#endif /* IKE_INIT_H_ @} */
+#endif /** IKE_INIT_H_ @}*/
diff --git a/src/charon/sa/tasks/ike_me.h b/src/charon/sa/tasks/ike_me.h
index c9a515c8f..3bef0a7f1 100644
--- a/src/charon/sa/tasks/ike_me.h
+++ b/src/charon/sa/tasks/ike_me.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_me.h 3666 2008-03-26 18:40:19Z tobias $
+ * $Id: ike_me.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -97,4 +97,4 @@ struct ike_me_t {
*/
ike_me_t *ike_me_create(ike_sa_t *ike_sa, bool initiator);
-#endif /*IKE_ME_H_ @} */
+#endif /** IKE_ME_H_ @}*/
diff --git a/src/charon/sa/tasks/ike_mobike.h b/src/charon/sa/tasks/ike_mobike.h
index f8f094456..4a2006a80 100644
--- a/src/charon/sa/tasks/ike_mobike.h
+++ b/src/charon/sa/tasks/ike_mobike.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_mobike.h 4368 2008-10-06 13:37:04Z martin $
+ * $Id: ike_mobike.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -87,4 +87,4 @@ struct ike_mobike_t {
*/
ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator);
-#endif /* IKE_MOBIKE_H_ @} */
+#endif /** IKE_MOBIKE_H_ @}*/
diff --git a/src/charon/sa/tasks/ike_natd.c b/src/charon/sa/tasks/ike_natd.c
index 9e62fcbdf..eb84c876f 100644
--- a/src/charon/sa/tasks/ike_natd.c
+++ b/src/charon/sa/tasks/ike_natd.c
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_natd.c 4386 2008-10-08 08:23:46Z martin $
+ * $Id: ike_natd.c 5029 2009-03-26 11:49:07Z martin $
*/
#include "ike_natd.h"
@@ -356,7 +356,11 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
charon->kernel_interface, FALSE, FALSE);
while (enumerator->enumerate(enumerator, (void**)&host))
{
+ /* apply port 500 to host, but work on a copy */
+ host = host->clone(host);
+ host->set_port(host, IKEV2_UDP_PORT);
notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
+ host->destroy(host);
message->add_payload(message, (payload_t*)notify);
}
enumerator->destroy(enumerator);
diff --git a/src/charon/sa/tasks/ike_natd.h b/src/charon/sa/tasks/ike_natd.h
index 7e1e58bc0..155ae4b4c 100644
--- a/src/charon/sa/tasks/ike_natd.h
+++ b/src/charon/sa/tasks/ike_natd.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_natd.h 4368 2008-10-06 13:37:04Z martin $
+ * $Id: ike_natd.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -58,4 +58,4 @@ struct ike_natd_t {
*/
ike_natd_t *ike_natd_create(ike_sa_t *ike_sa, bool initiator);
-#endif /* IKE_NATD_H_ @} */
+#endif /** IKE_NATD_H_ @}*/
diff --git a/src/charon/sa/tasks/ike_reauth.h b/src/charon/sa/tasks/ike_reauth.h
index 1076cc7cc..689550c92 100644
--- a/src/charon/sa/tasks/ike_reauth.h
+++ b/src/charon/sa/tasks/ike_reauth.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_reauth.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: ike_reauth.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -50,4 +50,4 @@ struct ike_reauth_t {
*/
ike_reauth_t *ike_reauth_create(ike_sa_t *ike_sa);
-#endif /* IKE_REAUTH_H_ @} */
+#endif /** IKE_REAUTH_H_ @}*/
diff --git a/src/charon/sa/tasks/ike_rekey.h b/src/charon/sa/tasks/ike_rekey.h
index 1bfde8a54..ab82789f3 100644
--- a/src/charon/sa/tasks/ike_rekey.h
+++ b/src/charon/sa/tasks/ike_rekey.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ike_rekey.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: ike_rekey.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -60,4 +60,4 @@ struct ike_rekey_t {
*/
ike_rekey_t *ike_rekey_create(ike_sa_t *ike_sa, bool initiator);
-#endif /* IKE_REKEY_H_ @} */
+#endif /** IKE_REKEY_H_ @}*/
diff --git a/src/charon/sa/tasks/task.h b/src/charon/sa/tasks/task.h
index 26b4f214e..a5eb2caa3 100644
--- a/src/charon/sa/tasks/task.h
+++ b/src/charon/sa/tasks/task.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: task.h 3666 2008-03-26 18:40:19Z tobias $
+ * $Id: task.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -145,4 +145,4 @@ struct task_t {
void (*destroy) (task_t *this);
};
-#endif /* TASK_H_ @} */
+#endif /** TASK_H_ @}*/
diff --git a/src/libfast/context.h b/src/libfast/context.h
index dc1450bd1..3f21ea6f2 100644
--- a/src/libfast/context.h
+++ b/src/libfast/context.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: context.h 3489 2008-02-22 09:40:58Z martin $
+ * $Id: context.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -41,4 +41,4 @@ struct context_t {
void (*destroy) (context_t *this);
};
-#endif /* CONTEXT_H_ @}*/
+#endif /** CONTEXT_H_ @}*/
diff --git a/src/libfast/controller.h b/src/libfast/controller.h
index 162e114e3..9bfb04bab 100644
--- a/src/libfast/controller.h
+++ b/src/libfast/controller.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: controller.h 3489 2008-02-22 09:40:58Z martin $
+ * $Id: controller.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -76,4 +76,4 @@ struct controller_t {
void (*destroy) (controller_t *this);
};
-#endif /* CONTROLLER_H_ @} */
+#endif /** CONTROLLER_H_ @}*/
diff --git a/src/libfast/dispatcher.h b/src/libfast/dispatcher.h
index 98a7b7e30..bcd1712ce 100644
--- a/src/libfast/dispatcher.h
+++ b/src/libfast/dispatcher.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: dispatcher.h 3519 2008-03-02 12:14:34Z martin $
+ * $Id: dispatcher.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -136,4 +136,4 @@ struct dispatcher_t {
dispatcher_t *dispatcher_create(char *socket, bool debug, int timeout,
context_constructor_t constructor, void *param);
-#endif /* DISPATCHER_H_ @} */
+#endif /** DISPATCHER_H_ @}*/
diff --git a/src/libfast/request.h b/src/libfast/request.h
index b0d5bd89c..25fa5fc60 100644
--- a/src/libfast/request.h
+++ b/src/libfast/request.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: request.h 3531 2008-03-06 09:50:56Z martin $
+ * $Id: request.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -183,4 +183,4 @@ struct request_t {
*/
request_t *request_create(int fd, bool debug);
-#endif /* REQUEST_H_ @} */
+#endif /** REQUEST_H_ @}*/
diff --git a/src/libfast/session.h b/src/libfast/session.h
index 0df5d5482..a782a8fe4 100644
--- a/src/libfast/session.h
+++ b/src/libfast/session.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: session.h 3519 2008-03-02 12:14:34Z martin $
+ * $Id: session.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -77,4 +77,4 @@ struct session_t {
*/
session_t *session_create(context_t *context);
-#endif /* SESSION_H_ @} */
+#endif /** SESSION_H_ @}*/
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 1359dcd2d..8b9762777 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: asn1.c 4942 2009-03-13 20:22:24Z andreas $
+ * $Id: asn1.c 5041 2009-03-27 08:58:48Z andreas $
*/
#include <stdio.h>
@@ -264,13 +264,15 @@ u_int asn1_length(chunk_t *blob)
return len;
}
+#define TIME_MAX 0x7fffffff
+
/**
* Converts ASN.1 UTCTIME or GENERALIZEDTIME into calender time
*/
time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
{
struct tm t;
- time_t tz_offset;
+ time_t tc, tz_offset;
u_char *eot = NULL;
if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL)
@@ -296,12 +298,13 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
return 0; /* error in time format */
}
+ /* parse ASN.1 time string */
{
- const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
- "%4d%2d%2d%2d%2d";
+ const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
+ "%4d%2d%2d%2d%2d";
- sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday,
- &t.tm_hour, &t.tm_min);
+ sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday,
+ &t.tm_hour, &t.tm_min);
}
/* is there a seconds field? */
@@ -334,9 +337,11 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
/* set daylight saving time to off */
t.tm_isdst = 0;
- /* compensate timezone */
-
- return mktime(&t) - timezone - tz_offset;
+ /* convert to time_t */
+ tc = mktime(&t);
+
+ /* if no conversion overflow occurred, compensate timezone */
+ return (tc == -1) ? TIME_MAX : (tc - timezone - tz_offset);
}
/**
diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h
index 0f2e6e5c0..4ea89730c 100644
--- a/src/libstrongswan/asn1/asn1.h
+++ b/src/libstrongswan/asn1/asn1.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: asn1.h 3876 2008-04-26 09:24:14Z andreas $
+ * $Id: asn1.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -110,7 +110,7 @@ int asn1_known_oid(chunk_t object);
* Returns the length of an ASN.1 object
* The blob pointer is advanced past the tag length fields
*
- * @param pointer to an ASN.1 coded blob
+ * @param blob pointer to an ASN.1 coded blob
* @return length of ASN.1 object
*/
u_int asn1_length(chunk_t *blob);
@@ -168,7 +168,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type);
* Parse an ASN.1 UTCTIME or GENERALIZEDTIME object
*
* @param blob ASN.1 coded time object
- * @param level top-most level offset
+ * @param level0 top-most level offset
* @return time_t in UTC
*/
time_t asn1_parse_time(chunk_t blob, int level0);
@@ -223,10 +223,10 @@ chunk_t asn1_bitstring(const char *mode, chunk_t content);
/**
* Build an ASN.1 object from a variable number of individual chunks
*
- * @param typ ASN.1 type to be created
+ * @param type ASN.1 type to be created
* @param mode for each list member: 'c' for copy or 'm' for move
* @return chunk containing the ASN.1 coded object
*/
chunk_t asn1_wrap(asn1_t type, const char *mode, ...);
-#endif /* ASN1_H_ @}*/
+#endif /** ASN1_H_ @}*/
diff --git a/src/libstrongswan/asn1/asn1_parser.h b/src/libstrongswan/asn1/asn1_parser.h
index d84a5336f..bcc966e04 100644
--- a/src/libstrongswan/asn1/asn1_parser.h
+++ b/src/libstrongswan/asn1/asn1_parser.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: asn1_parser.h 3894 2008-04-28 18:44:21Z andreas $
+ * $Id: asn1_parser.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -116,4 +116,4 @@ struct asn1_parser_t {
*/
asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob);
-#endif /* ASN1_PARSER_H_ @}*/
+#endif /** ASN1_PARSER_H_ @}*/
diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h
index 5eb8f8d8a..125b86b12 100644
--- a/src/libstrongswan/chunk.h
+++ b/src/libstrongswan/chunk.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: chunk.h 4936 2009-03-12 18:07:32Z tobias $
+ * $Id: chunk.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -92,11 +92,11 @@ bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force);
/**
* Convert a chunk of data to hex encoding.
*
- * The resulting string is '\0' terminated, but the chunk does not include
- * the '\0'. If buf is supplied, it must hold at least (chunk.len * 2 + 1).
+ * The resulting string is '\\0' terminated, but the chunk does not include
+ * the '\\0'. If buf is supplied, it must hold at least (chunk.len * 2 + 1).
*
* @param chunk data to convert
- * @param buff buffer to write to, NULL to malloc
+ * @param buf buffer to write to, NULL to malloc
* @param uppercase TRUE to use uppercase letters
* @return chunk of encoded data
*/
@@ -117,11 +117,11 @@ chunk_t chunk_from_hex(chunk_t hex, char *buf);
/**
* Convert a chunk of data to its base64 encoding.
*
- * The resulting string is '\0' terminated, but the chunk does not include
- * the '\0'. If buf is supplied, it must hold at least (chunk.len * 4 / 3 + 1).
+ * The resulting string is '\\0' terminated, but the chunk does not include
+ * the '\\0'. If buf is supplied, it must hold at least (chunk.len * 4 / 3 + 1).
*
* @param chunk data to convert
- * @param buff buffer to write to, NULL to malloc
+ * @param buf buffer to write to, NULL to malloc
* @return chunk of encoded data
*/
chunk_t chunk_to_base64(chunk_t chunk, char *buf);
@@ -249,4 +249,4 @@ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash);
int chunk_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
const void *const *args);
-#endif /* CHUNK_H_ @}*/
+#endif /** CHUNK_H_ @}*/
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 332d52d52..4b3fb1ae4 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -129,4 +129,4 @@ struct builder_t {
*/
void* builder_free(builder_t *this);
-#endif /* BUILDER_H_ @}*/
+#endif /** BUILDER_H_ @}*/
diff --git a/src/libstrongswan/credentials/certificates/ac.h b/src/libstrongswan/credentials/certificates/ac.h
index 4e33390bb..39ab8fe71 100644
--- a/src/libstrongswan/credentials/certificates/ac.h
+++ b/src/libstrongswan/credentials/certificates/ac.h
@@ -82,5 +82,4 @@ struct ac_t {
bool (*equals_holder) (ac_t *this, ac_t *other);
};
-#endif /* AC_H_ @}*/
-
+#endif /** AC_H_ @}*/
diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h
index 14f4de389..1fb151d9f 100644
--- a/src/libstrongswan/credentials/certificates/certificate.h
+++ b/src/libstrongswan/credentials/certificates/certificate.h
@@ -189,4 +189,4 @@ struct certificate_t {
void (*destroy)(certificate_t *this);
};
-#endif /* CERTIFICATE_H_ @}*/
+#endif /** CERTIFICATE_H_ @}*/
diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h
index f1fb70efd..0c0493940 100644
--- a/src/libstrongswan/credentials/certificates/crl.h
+++ b/src/libstrongswan/credentials/certificates/crl.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: crl.h 3656 2008-03-25 22:28:27Z andreas $
+ * $Id: crl.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -85,4 +85,4 @@ struct crl_t {
};
-#endif /* CRL_H_ @}*/
+#endif /** CRL_H_ @}*/
diff --git a/src/libstrongswan/credentials/certificates/ocsp_request.h b/src/libstrongswan/credentials/certificates/ocsp_request.h
index 377eabd23..25ecb8d35 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_request.h
+++ b/src/libstrongswan/credentials/certificates/ocsp_request.h
@@ -38,4 +38,4 @@ struct ocsp_request_t {
certificate_t interface;
};
-#endif /* OCSP_REQUEST_H_ @}*/
+#endif /** OCSP_REQUEST_H_ @}*/
diff --git a/src/libstrongswan/credentials/certificates/ocsp_response.h b/src/libstrongswan/credentials/certificates/ocsp_response.h
index 416f712f3..3c9794956 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_response.h
+++ b/src/libstrongswan/credentials/certificates/ocsp_response.h
@@ -81,4 +81,4 @@ struct ocsp_response_t {
enumerator_t* (*create_cert_enumerator)(ocsp_response_t *this);
};
-#endif /* OCSP_RESPONSE_H_ @}*/
+#endif /** OCSP_RESPONSE_H_ @}*/
diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h
index 737dcdc67..704f11522 100644
--- a/src/libstrongswan/credentials/certificates/x509.h
+++ b/src/libstrongswan/credentials/certificates/x509.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: x509.h 3656 2008-03-25 22:28:27Z andreas $
+ * $Id: x509.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -104,4 +104,4 @@ struct x509_t {
enumerator_t* (*create_ocsp_uri_enumerator)(x509_t *this);
};
-#endif /* X509_H_ @}*/
+#endif /** X509_H_ @}*/
diff --git a/src/libstrongswan/credentials/credential_factory.h b/src/libstrongswan/credentials/credential_factory.h
index dc4d62679..42fb2df6d 100644
--- a/src/libstrongswan/credentials/credential_factory.h
+++ b/src/libstrongswan/credentials/credential_factory.h
@@ -109,4 +109,4 @@ struct credential_factory_t {
*/
credential_factory_t *credential_factory_create();
-#endif /* CREDENTIAL_FACTORY_H_ @}*/
+#endif /** CREDENTIAL_FACTORY_H_ @}*/
diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h
index c28988309..219926af1 100644
--- a/src/libstrongswan/credentials/keys/private_key.h
+++ b/src/libstrongswan/credentials/keys/private_key.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: private_key.h 3620 2008-03-19 14:21:56Z martin $
+ * $Id: private_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -111,4 +111,4 @@ struct private_key_t {
void (*destroy)(private_key_t *this);
};
-#endif /* PRIVATE_KEY_H_ @} */
+#endif /** PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 62dbe4303..65bb5f64d 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: public_key.h 4051 2008-06-10 09:08:27Z tobias $
+ * $Id: public_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -152,4 +152,4 @@ struct public_key_t {
void (*destroy)(public_key_t *this);
};
-#endif /* PUBLIC_KEY_H_ @} */
+#endif /** PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/crypto/crypters/crypter.h b/src/libstrongswan/crypto/crypters/crypter.h
index 1a70bd125..d61d98f95 100644
--- a/src/libstrongswan/crypto/crypters/crypter.h
+++ b/src/libstrongswan/crypto/crypters/crypter.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: crypter.h 4886 2009-02-19 13:46:08Z tobias $
+ * $Id: crypter.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -122,4 +122,4 @@ struct crypter_t {
void (*destroy) (crypter_t *this);
};
-#endif /*CRYPTER_H_ @} */
+#endif /** CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h
index cdb9b47ba..e2d2de71a 100644
--- a/src/libstrongswan/crypto/crypto_factory.h
+++ b/src/libstrongswan/crypto/crypto_factory.h
@@ -267,4 +267,4 @@ struct crypto_factory_t {
*/
crypto_factory_t *crypto_factory_create();
-#endif /* CRYPTO_FACTORY_H_ @}*/
+#endif /** CRYPTO_FACTORY_H_ @}*/
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index 4147d85af..5aaba383e 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: diffie_hellman.h 4685 2008-11-22 16:14:55Z martin $
+ * $Id: diffie_hellman.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -108,4 +108,4 @@ struct diffie_hellman_t {
void (*destroy) (diffie_hellman_t *this);
};
-#endif /*DIFFIE_HELLMAN_H_ @} */
+#endif /** DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index fe2f48be6..1db5c14cc 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: hasher.h 4880 2009-02-18 19:45:46Z tobias $
+ * $Id: hasher.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -133,4 +133,4 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg);
*/
int hasher_signature_algorithm_to_oid(hash_algorithm_t alg);
-#endif /* HASHER_H_ @} */
+#endif /** HASHER_H_ @}*/
diff --git a/src/libstrongswan/crypto/pkcs9.h b/src/libstrongswan/crypto/pkcs9.h
index 89cdec83d..698f3c172 100644
--- a/src/libstrongswan/crypto/pkcs9.h
+++ b/src/libstrongswan/crypto/pkcs9.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: pkcs9.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: pkcs9.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -92,9 +92,8 @@ pkcs9_t *pkcs9_create_from_chunk(chunk_t chunk, u_int level);
/**
* Create an empty PKCS#9 attribute list
*
- * @param chunk chunk containing data
* @return created pkcs9 attribute list.
*/
pkcs9_t *pkcs9_create(void);
-#endif /* PKCS9_H_ @} */
+#endif /** PKCS9_H_ @}*/
diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h
index e63827858..4c98e4ad1 100644
--- a/src/libstrongswan/crypto/prf_plus.h
+++ b/src/libstrongswan/crypto/prf_plus.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: prf_plus.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: prf_plus.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -77,4 +77,4 @@ struct prf_plus_t {
*/
prf_plus_t *prf_plus_create(prf_t *prf, chunk_t seed);
-#endif /*PRF_PLUS_H_ @} */
+#endif /** PRF_PLUS_H_ @}*/
diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h
index 324eb89b4..e2b4f6fe0 100644
--- a/src/libstrongswan/crypto/prfs/prf.h
+++ b/src/libstrongswan/crypto/prfs/prf.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: prf.h 3916 2008-05-08 12:43:27Z martin $
+ * $Id: prf.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -115,4 +115,4 @@ struct prf_t {
void (*destroy) (prf_t *this);
};
-#endif /*PRF_H_ @} */
+#endif /** PRF_H_ @}*/
diff --git a/src/libstrongswan/crypto/rngs/rng.h b/src/libstrongswan/crypto/rngs/rng.h
index 08f7af209..1c4d204f3 100644
--- a/src/libstrongswan/crypto/rngs/rng.h
+++ b/src/libstrongswan/crypto/rngs/rng.h
@@ -72,4 +72,4 @@ struct rng_t {
void (*destroy) (rng_t *this);
};
-#endif /*RNG_H_ @} */
+#endif /** RNG_H_ @}*/
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index f67c38f07..b2be2c030 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: signer.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: signer.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -51,6 +51,8 @@ enum integrity_algorithm_t {
AUTH_HMAC_SHA2_512_256 = 14,
/** Implemented via hmac_signer_t */
AUTH_HMAC_SHA1_128 = 1025,
+ /** Implemented via hmac_signer_t */
+ AUTH_HMAC_MD5_128 = 1026,
};
/**
@@ -120,4 +122,4 @@ struct signer_t {
void (*destroy) (signer_t *this);
};
-#endif /*SIGNER_H_ @} */
+#endif /** SIGNER_H_ @}*/
diff --git a/src/libstrongswan/database/database.h b/src/libstrongswan/database/database.h
index 39f909cd7..16472d869 100644
--- a/src/libstrongswan/database/database.h
+++ b/src/libstrongswan/database/database.h
@@ -120,4 +120,4 @@ struct database_t {
void (*destroy)(database_t *this);
};
-#endif /* DATABASE_H_ @}*/
+#endif /** DATABASE_H_ @}*/
diff --git a/src/libstrongswan/database/database_factory.h b/src/libstrongswan/database/database_factory.h
index 358f49054..8875adad7 100644
--- a/src/libstrongswan/database/database_factory.h
+++ b/src/libstrongswan/database/database_factory.h
@@ -70,4 +70,4 @@ struct database_factory_t {
*/
database_factory_t *database_factory_create();
-#endif /* DATABASE_FACTORY_H_ @}*/
+#endif /** DATABASE_FACTORY_H_ @}*/
diff --git a/src/libstrongswan/debug.h b/src/libstrongswan/debug.h
index b120cc601..3b98f6837 100644
--- a/src/libstrongswan/debug.h
+++ b/src/libstrongswan/debug.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: debug.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: debug.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -60,4 +60,4 @@ extern void (*dbg) (int level, char *fmt, ...);
/** default logging function, prints to stderr */
void dbg_default(int level, char *fmt, ...);
-#endif /* DEBUG_H_ @} */
+#endif /** DEBUG_H_ @}*/
diff --git a/src/libstrongswan/enum.h b/src/libstrongswan/enum.h
index 4a594a4a9..877b3e6de 100644
--- a/src/libstrongswan/enum.h
+++ b/src/libstrongswan/enum.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: enum.h 4936 2009-03-12 18:07:32Z tobias $
+ * $Id: enum.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -117,4 +117,4 @@ struct enum_name_t {
int enum_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
const void *const *args);
-#endif /* ENUM_H_ @}*/
+#endif /** ENUM_H_ @}*/
diff --git a/src/libstrongswan/fetcher/fetcher.h b/src/libstrongswan/fetcher/fetcher.h
index 4fc37e35e..9a7cc315e 100644
--- a/src/libstrongswan/fetcher/fetcher.h
+++ b/src/libstrongswan/fetcher/fetcher.h
@@ -102,4 +102,4 @@ struct fetcher_t {
void (*destroy)(fetcher_t *this);
};
-#endif /* FETCHER_H_ @}*/
+#endif /** FETCHER_H_ @}*/
diff --git a/src/libstrongswan/fetcher/fetcher_manager.h b/src/libstrongswan/fetcher/fetcher_manager.h
index e94d44494..183964d6c 100644
--- a/src/libstrongswan/fetcher/fetcher_manager.h
+++ b/src/libstrongswan/fetcher/fetcher_manager.h
@@ -71,4 +71,4 @@ struct fetcher_manager_t {
*/
fetcher_manager_t *fetcher_manager_create();
-#endif /* FETCHER_MANAGER_H_ @}*/
+#endif /** FETCHER_MANAGER_H_ @}*/
diff --git a/src/libstrongswan/fips/fips.h b/src/libstrongswan/fips/fips.h
index a4ff440ba..9b777be5f 100644
--- a/src/libstrongswan/fips/fips.h
+++ b/src/libstrongswan/fips/fips.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: fips.h 3877 2008-04-26 09:40:22Z andreas $
+ * $Id: fips.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -43,4 +43,4 @@ bool fips_compute_hmac_signature(const char *key, char *signature);
*/
bool fips_verify_hmac_signature(const char *key, const char *signature);
-#endif /*FIPS_H_ @} */
+#endif /** FIPS_H_ @}*/
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index 1445b28cd..a6d27551e 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: library.h 4936 2009-03-12 18:07:32Z tobias $
+ * $Id: library.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -132,4 +132,4 @@ void library_deinit();
*/
extern library_t *lib;
-#endif /* LIBRARY_H_ @}*/
+#endif /** LIBRARY_H_ @}*/
diff --git a/src/libstrongswan/plugins/aes/aes_crypter.h b/src/libstrongswan/plugins/aes/aes_crypter.h
index e42a6bc5b..19ea6b4b7 100644
--- a/src/libstrongswan/plugins/aes/aes_crypter.h
+++ b/src/libstrongswan/plugins/aes/aes_crypter.h
@@ -47,4 +47,4 @@ struct aes_crypter_t {
aes_crypter_t *aes_crypter_create(encryption_algorithm_t algo,
size_t key_size);
-#endif /* AES_CRYPTER_H_ @}*/
+#endif /** AES_CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/plugins/aes/aes_plugin.h b/src/libstrongswan/plugins/aes/aes_plugin.h
index 4cf0bc15e..a6ff620ed 100644
--- a/src/libstrongswan/plugins/aes/aes_plugin.h
+++ b/src/libstrongswan/plugins/aes/aes_plugin.h
@@ -44,4 +44,4 @@ struct aes_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* AES_PLUGIN_H_ @}*/
+#endif /** AES_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/agent/agent_plugin.h b/src/libstrongswan/plugins/agent/agent_plugin.h
index d12dd44ac..33a5dcb53 100644
--- a/src/libstrongswan/plugins/agent/agent_plugin.h
+++ b/src/libstrongswan/plugins/agent/agent_plugin.h
@@ -44,4 +44,4 @@ struct agent_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* AGENT_PLUGIN_H_ @}*/
+#endif /** AGENT_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.h b/src/libstrongswan/plugins/agent/agent_private_key.h
index 4d678dd08..929e88a50 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.h
+++ b/src/libstrongswan/plugins/agent/agent_private_key.h
@@ -44,5 +44,5 @@ struct agent_private_key_t {
*/
builder_t *agent_private_key_builder(key_type_t type);
-#endif /*AGENT_PRIVATE_KEY_H_ @}*/
+#endif /** AGENT_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.h b/src/libstrongswan/plugins/curl/curl_fetcher.h
index 3028eac1b..043beb834 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.h
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.h
@@ -44,4 +44,4 @@ struct curl_fetcher_t {
*/
curl_fetcher_t *curl_fetcher_create();
-#endif /* CURL_FETCHER_H_ @}*/
+#endif /** CURL_FETCHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/curl/curl_plugin.h b/src/libstrongswan/plugins/curl/curl_plugin.h
index 73166a25b..1b748446b 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.h
+++ b/src/libstrongswan/plugins/curl/curl_plugin.h
@@ -44,4 +44,4 @@ struct curl_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* CURL_PLUGIN_H_ @}*/
+#endif /** CURL_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/des/des_crypter.h b/src/libstrongswan/plugins/des/des_crypter.h
index d40d9cf2f..623b292fc 100644
--- a/src/libstrongswan/plugins/des/des_crypter.h
+++ b/src/libstrongswan/plugins/des/des_crypter.h
@@ -46,4 +46,4 @@ struct des_crypter_t {
des_crypter_t *des_crypter_create(encryption_algorithm_t algo);
-#endif /* DES_CRYPTER_H_ @}*/
+#endif /** DES_CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/plugins/des/des_plugin.h b/src/libstrongswan/plugins/des/des_plugin.h
index 8cabd082b..17df220bc 100644
--- a/src/libstrongswan/plugins/des/des_plugin.h
+++ b/src/libstrongswan/plugins/des/des_plugin.h
@@ -44,4 +44,4 @@ struct des_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* DES_PLUGIN_H_ @}*/
+#endif /** DES_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.h b/src/libstrongswan/plugins/fips_prf/fips_prf.h
index 3fead6b9b..b2940be72 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf.h
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf.h
@@ -56,4 +56,4 @@ struct fips_prf_t {
*/
fips_prf_t *fips_prf_create(pseudo_random_function_t algo);
-#endif /* FIPS_PRF_H_ @}*/
+#endif /** FIPS_PRF_H_ @}*/
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h
index 6816eb66f..8d65254ba 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h
@@ -44,4 +44,4 @@ struct fips_prf_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* FIPS_PRF_PLUGIN_H_ @}*/
+#endif /** FIPS_PRF_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
index e2d4d6851..774c31cc2 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
@@ -45,5 +45,5 @@ struct gmp_diffie_hellman_t {
*/
gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group);
-#endif /*GMP_DIFFIE_HELLMAN_H_ @}*/
+#endif /** GMP_DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.h b/src/libstrongswan/plugins/gmp/gmp_plugin.h
index a853064b7..d707d78ea 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.h
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.h
@@ -44,4 +44,4 @@ struct gmp_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* GMP_PLUGIN_H_ @}*/
+#endif /** GMP_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h
index 6f59b2ad2..d47e2583d 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h
@@ -44,5 +44,5 @@ struct gmp_rsa_private_key_t {
*/
builder_t *gmp_rsa_private_key_builder(key_type_t type);
-#endif /*GMP_RSA_PRIVATE_KEY_H_ @}*/
+#endif /** GMP_RSA_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
index 2e502b7e6..46c8c3fd8 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: gmp_rsa_public_key.h 3721 2008-04-01 14:51:31Z martin $
+ * $Id: gmp_rsa_public_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -47,4 +47,4 @@ struct gmp_rsa_public_key_t {
*/
builder_t *gmp_rsa_public_key_builder(key_type_t type);
-#endif /*GMP_RSA_PUBLIC_KEY_H_ @}*/
+#endif /** GMP_RSA_PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/hmac/hmac.h b/src/libstrongswan/plugins/hmac/hmac.h
index 5f266e133..a204d3b17 100644
--- a/src/libstrongswan/plugins/hmac/hmac.h
+++ b/src/libstrongswan/plugins/hmac/hmac.h
@@ -90,4 +90,4 @@ struct hmac_t {
*/
hmac_t *hmac_create(hash_algorithm_t hash_algorithm);
-#endif /*HMAC_H_ @}*/
+#endif /** HMAC_H_ @}*/
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c
index a0afc2a85..7a09b7a4e 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.c
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: hmac_plugin.c 4309 2008-08-28 11:07:57Z martin $
+ * $Id: hmac_plugin.c 4997 2009-03-24 10:24:58Z martin $
*/
#include "hmac_plugin.h"
@@ -74,6 +74,8 @@ plugin_t *plugin_create()
(signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96,
(signer_constructor_t)hmac_signer_create);
+ lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128,
+ (signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192,
(signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256,
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.h b/src/libstrongswan/plugins/hmac/hmac_plugin.h
index 55ba0b5f4..5c3afa7d6 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.h
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.h
@@ -44,4 +44,4 @@ struct hmac_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* HMAC_PLUGIN_H_ @}*/
+#endif /** HMAC_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.h b/src/libstrongswan/plugins/hmac/hmac_prf.h
index 46d05f03a..aa75272e1 100644
--- a/src/libstrongswan/plugins/hmac/hmac_prf.h
+++ b/src/libstrongswan/plugins/hmac/hmac_prf.h
@@ -48,4 +48,4 @@ struct hmac_prf_t {
*/
hmac_prf_t *hmac_prf_create(pseudo_random_function_t algo);
-#endif /*PRF_HMAC_SHA1_H_ @}*/
+#endif /** PRF_HMAC_SHA1_H_ @}*/
diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.c b/src/libstrongswan/plugins/hmac/hmac_signer.c
index cdfc819f1..89cae1716 100644
--- a/src/libstrongswan/plugins/hmac/hmac_signer.c
+++ b/src/libstrongswan/plugins/hmac/hmac_signer.c
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: hmac_signer.c 3488 2008-02-21 15:10:02Z martin $
+ * $Id: hmac_signer.c 4997 2009-03-24 10:24:58Z martin $
*/
#include <string.h>
@@ -159,6 +159,10 @@ hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo)
hash = HASH_MD5;
trunc = 12;
break;
+ case AUTH_HMAC_MD5_128:
+ hash = HASH_MD5;
+ trunc = 16;
+ break;
case AUTH_HMAC_SHA2_256_128:
hash = HASH_SHA256;
trunc = 16;
diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.h b/src/libstrongswan/plugins/hmac/hmac_signer.h
index 969f482e7..197e28fa7 100644
--- a/src/libstrongswan/plugins/hmac/hmac_signer.h
+++ b/src/libstrongswan/plugins/hmac/hmac_signer.h
@@ -52,4 +52,4 @@ struct hmac_signer_t {
*/
hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo);
-#endif /*HMAC_SIGNER_H_ @}*/
+#endif /** HMAC_SIGNER_H_ @}*/
diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.h b/src/libstrongswan/plugins/ldap/ldap_fetcher.h
index bde60c799..30a141bae 100644
--- a/src/libstrongswan/plugins/ldap/ldap_fetcher.h
+++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.h
@@ -39,4 +39,4 @@ struct ldap_fetcher_t {
*/
ldap_fetcher_t *ldap_fetcher_create();
-#endif /* LDAP_FETCHER_H_ @}*/
+#endif /** LDAP_FETCHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.h b/src/libstrongswan/plugins/ldap/ldap_plugin.h
index 7b2bb3232..de4ff3422 100644
--- a/src/libstrongswan/plugins/ldap/ldap_plugin.h
+++ b/src/libstrongswan/plugins/ldap/ldap_plugin.h
@@ -44,4 +44,4 @@ struct ldap_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* LDAP_PLUGIN_H_ @}*/
+#endif /** LDAP_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/md4/md4_hasher.h b/src/libstrongswan/plugins/md4/md4_hasher.h
index 75956fde6..b0b8c65d2 100644
--- a/src/libstrongswan/plugins/md4/md4_hasher.h
+++ b/src/libstrongswan/plugins/md4/md4_hasher.h
@@ -45,4 +45,4 @@ struct md4_hasher_t {
*/
md4_hasher_t *md4_hasher_create(hash_algorithm_t algo);
-#endif /*MD4_HASHER_H_@}*/
+#endif /** MD4_HASHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/md4/md4_plugin.h b/src/libstrongswan/plugins/md4/md4_plugin.h
index 965bff261..b13002d7b 100644
--- a/src/libstrongswan/plugins/md4/md4_plugin.h
+++ b/src/libstrongswan/plugins/md4/md4_plugin.h
@@ -44,4 +44,4 @@ struct md4_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* MD4_PLUGIN_H_ @}*/
+#endif /** MD4_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/md5/md5_hasher.h b/src/libstrongswan/plugins/md5/md5_hasher.h
index d4a0417ab..0064c177b 100644
--- a/src/libstrongswan/plugins/md5/md5_hasher.h
+++ b/src/libstrongswan/plugins/md5/md5_hasher.h
@@ -45,4 +45,4 @@ struct md5_hasher_t {
*/
md5_hasher_t *md5_hasher_create(hash_algorithm_t algo);
-#endif /*MD5_HASHER_H_@}*/
+#endif /** MD5_HASHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/md5/md5_plugin.h b/src/libstrongswan/plugins/md5/md5_plugin.h
index e8e8dd535..057689ad3 100644
--- a/src/libstrongswan/plugins/md5/md5_plugin.h
+++ b/src/libstrongswan/plugins/md5/md5_plugin.h
@@ -44,4 +44,4 @@ struct md5_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* MD5_PLUGIN_H_ @}*/
+#endif /** MD5_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/mysql/mysql_database.h b/src/libstrongswan/plugins/mysql/mysql_database.h
index d04aa79fa..98ddcad36 100644
--- a/src/libstrongswan/plugins/mysql/mysql_database.h
+++ b/src/libstrongswan/plugins/mysql/mysql_database.h
@@ -39,7 +39,7 @@ struct mysql_database_t {
/**
* Create a mysql_database instance.
*
- * @param uri connection URI, mysql://user:pass@host:port/database
+ * @param uri connection URI, mysql://user:pass@example.com:port/database
*/
mysql_database_t *mysql_database_create(char *uri);
@@ -55,4 +55,4 @@ bool mysql_database_init();
*/
void mysql_database_deinit();
-#endif /* MYSQL_DATABASE_H_ @}*/
+#endif /** MYSQL_DATABASE_H_ @}*/
diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.h b/src/libstrongswan/plugins/mysql/mysql_plugin.h
index dbcabaafe..fa53c2b7a 100644
--- a/src/libstrongswan/plugins/mysql/mysql_plugin.h
+++ b/src/libstrongswan/plugins/mysql/mysql_plugin.h
@@ -44,4 +44,4 @@ struct mysql_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* MYSQL_PLUGIN_H_ @}*/
+#endif /** MYSQL_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.h b/src/libstrongswan/plugins/openssl/openssl_crypter.h
index f80d0dec6..4510fb7ee 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.h
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: openssl_crypter.h 4000 2008-05-22 12:13:10Z tobias $
+ * $Id: openssl_crypter.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -48,4 +48,4 @@ struct openssl_crypter_t {
openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
size_t key_size);
-#endif /* OPENSSL_CRYPTER_H_ @}*/
+#endif /** OPENSSL_CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
index c72b4aab0..c67ce8970 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: openssl_diffie_hellman.h 4000 2008-05-22 12:13:10Z tobias $
+ * $Id: openssl_diffie_hellman.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,5 +46,5 @@ struct openssl_diffie_hellman_t {
*/
openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group);
-#endif /*OPENSSL_DIFFIE_HELLMAN_H_ @}*/
+#endif /** OPENSSL_DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
index e89f1cbd7..6b135b36b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: openssl_ec_diffie_hellman.h 4000 2008-05-22 12:13:10Z tobias $
+ * $Id: openssl_ec_diffie_hellman.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,5 +46,5 @@ struct openssl_ec_diffie_hellman_t {
*/
openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group);
-#endif /*OPENSSL_EC_DIFFIE_HELLMAN_H_ @}*/
+#endif /** OPENSSL_EC_DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
index 629fc9574..29588ce18 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: openssl_ec_private_key.h 4051 2008-06-10 09:08:27Z tobias $
+ * $Id: openssl_ec_private_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct openssl_ec_private_key_t {
*/
builder_t *openssl_ec_private_key_builder(key_type_t type);
-#endif /*OPENSSL_EC_PRIVATE_KEY_H_ @}*/
+#endif /** OPENSSL_EC_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
index 92684402c..83552d590 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: openssl_ec_public_key.h 4051 2008-06-10 09:08:27Z tobias $
+ * $Id: openssl_ec_public_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct openssl_ec_public_key_t {
*/
builder_t *openssl_ec_public_key_builder(key_type_t type);
-#endif /*OPENSSL_EC_PUBLIC_KEY_H_ @}*/
+#endif /** OPENSSL_EC_PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.h b/src/libstrongswan/plugins/openssl/openssl_hasher.h
index f776e9fd4..52699f7ff 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hasher.h
+++ b/src/libstrongswan/plugins/openssl/openssl_hasher.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: openssl_hasher.h 4000 2008-05-22 12:13:10Z tobias $
+ * $Id: openssl_hasher.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -42,9 +42,8 @@ struct openssl_hasher_t {
* Constructor to create openssl_hasher_t.
*
* @param algo algorithm
- * @param key_size key size in bytes
* @return openssl_hasher_t, NULL if not supported
*/
openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo);
-#endif /* OPENSSL_HASHER_H_ @}*/
+#endif /** OPENSSL_HASHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.h b/src/libstrongswan/plugins/openssl/openssl_plugin.h
index 40f741dfa..a6d2a060e 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.h
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: openssl_plugin.h 4000 2008-05-22 12:13:10Z tobias $
+ * $Id: openssl_plugin.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct openssl_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* OPENSSL_PLUGIN_H_ @}*/
+#endif /** OPENSSL_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
index 81d81b2db..05d83416c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: openssl_rsa_private_key.h 4000 2008-05-22 12:13:10Z tobias $
+ * $Id: openssl_rsa_private_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct openssl_rsa_private_key_t {
*/
builder_t *openssl_rsa_private_key_builder(key_type_t type);
-#endif /*OPENSSL_RSA_PRIVATE_KEY_H_ @}*/
+#endif /** OPENSSL_RSA_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
index 570fb69cb..c97ba1b92 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: openssl_rsa_public_key.h 4000 2008-05-22 12:13:10Z tobias $
+ * $Id: openssl_rsa_public_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct openssl_rsa_public_key_t {
*/
builder_t *openssl_rsa_public_key_builder(key_type_t type);
-#endif /*OPENSSL_RSA_PUBLIC_KEY_H_ @}*/
+#endif /** OPENSSL_RSA_PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h
index 2dbd5054e..e780e2a25 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.h
+++ b/src/libstrongswan/plugins/openssl/openssl_util.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: openssl_util.h 4051 2008-06-10 09:08:27Z tobias $
+ * $Id: openssl_util.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -67,4 +67,4 @@ bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk);
*/
bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b);
-#endif /*OPENSSL_UTIL_H_ @}*/
+#endif /** OPENSSL_UTIL_H_ @}*/
diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h
index e8b01633d..d8ac9c2a0 100644
--- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h
+++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h
@@ -47,4 +47,4 @@ struct padlock_aes_crypter_t {
padlock_aes_crypter_t *padlock_aes_crypter_create(encryption_algorithm_t algo,
size_t key_size);
-#endif /* PADLOCK_AES_CRYPTER_H_ @}*/
+#endif /** PADLOCK_AES_CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.h b/src/libstrongswan/plugins/padlock/padlock_plugin.h
index 7e013a5f7..76f4d1135 100644
--- a/src/libstrongswan/plugins/padlock/padlock_plugin.h
+++ b/src/libstrongswan/plugins/padlock/padlock_plugin.h
@@ -44,4 +44,4 @@ struct padlock_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* PADLOCK_PLUGIN_H_ @}*/
+#endif /** PADLOCK_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.h b/src/libstrongswan/plugins/padlock/padlock_rng.h
index a76ecd296..505f4649c 100644
--- a/src/libstrongswan/plugins/padlock/padlock_rng.h
+++ b/src/libstrongswan/plugins/padlock/padlock_rng.h
@@ -17,7 +17,7 @@
/**
* @defgroup padlock_rng padlock_rng
- * @{ @ingroup padlock
+ * @{ @ingroup padlock_p
*/
#ifndef PADLOCK_RNG_H_
@@ -46,4 +46,4 @@ struct padlock_rng_t {
*/
padlock_rng_t *padlock_rng_create(rng_quality_t quality);
-#endif /* PADLOCK_RNG_ @}*/
+#endif /** PADLOCK_RNG_ @}*/
diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h
index 6855b827f..afa1e046d 100644
--- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h
+++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h
@@ -16,7 +16,7 @@
/**
* @defgroup sha1_hasher sha1_hasher
- * @{ @ingroup sha1_p
+ * @{ @ingroup padlock_p
*/
#ifndef PADLOCK_SHA1_HASHER_H_
@@ -45,4 +45,4 @@ struct padlock_sha1_hasher_t {
*/
padlock_sha1_hasher_t *padlock_sha1_hasher_create(hash_algorithm_t algo);
-#endif /*SHA1_HASHER_H_ @}*/
+#endif /** SHA1_HASHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/plugin.h b/src/libstrongswan/plugins/plugin.h
index cf0b728a3..6ca71540c 100644
--- a/src/libstrongswan/plugins/plugin.h
+++ b/src/libstrongswan/plugins/plugin.h
@@ -46,4 +46,4 @@ struct plugin_t {
*/
typedef plugin_t *(*plugin_constructor_t)(void);
-#endif /* PLUGIN_H_ @}*/
+#endif /** PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h
index bd24e7558..6230f9d68 100644
--- a/src/libstrongswan/plugins/plugin_loader.h
+++ b/src/libstrongswan/plugins/plugin_loader.h
@@ -64,4 +64,4 @@ struct plugin_loader_t {
*/
plugin_loader_t *plugin_loader_create();
-#endif /* PLUGIN_LOADER_H_ @}*/
+#endif /** PLUGIN_LOADER_H_ @}*/
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.h b/src/libstrongswan/plugins/pubkey/pubkey_cert.h
index 71ffe5099..b04824fee 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_cert.h
+++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.h
@@ -48,4 +48,4 @@ struct pubkey_cert_t {
*/
builder_t *pubkey_cert_builder(certificate_type_t type);
-#endif /* PUBKEY_CERT_H_ @}*/
+#endif /** PUBKEY_CERT_H_ @}*/
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
index 64d0995fc..a3fd2f155 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
+++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
@@ -44,4 +44,4 @@ struct pubkey_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* PUBKEY_PLUGIN_H_ @}*/
+#endif /** PUBKEY_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_public_key.h b/src/libstrongswan/plugins/pubkey/pubkey_public_key.h
index 914ad74e9..0545feeee 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_public_key.h
+++ b/src/libstrongswan/plugins/pubkey/pubkey_public_key.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: pubkey_public_key.h 3961 2008-05-15 12:33:00Z tobias $
+ * $Id: pubkey_public_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -33,4 +33,4 @@
*/
builder_t *pubkey_public_key_builder(key_type_t type);
-#endif /*PUBKEY_RSA_PUBLIC_KEY_H_ @}*/
+#endif /** PUBKEY_RSA_PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/random/random_plugin.h b/src/libstrongswan/plugins/random/random_plugin.h
index 9e8b99387..8145c7875 100644
--- a/src/libstrongswan/plugins/random/random_plugin.h
+++ b/src/libstrongswan/plugins/random/random_plugin.h
@@ -44,4 +44,4 @@ struct random_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* RANDOM_PLUGIN_H_ @}*/
+#endif /** RANDOM_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/random/random_rng.h b/src/libstrongswan/plugins/random/random_rng.h
index 7f82353d8..3426d694e 100644
--- a/src/libstrongswan/plugins/random/random_rng.h
+++ b/src/libstrongswan/plugins/random/random_rng.h
@@ -17,7 +17,7 @@
/**
* @defgroup random_rng random_rng
- * @{ @ingroup utils
+ * @{ @ingroup random_p
*/
#ifndef RANDOM_RNG_H_
@@ -46,4 +46,4 @@ struct random_rng_t {
*/
random_rng_t *random_rng_create(rng_quality_t quality);
-#endif /*RANDOM_RNG_H_ @} */
+#endif /** RANDOM_RNG_H_ @} */
diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.h b/src/libstrongswan/plugins/sha1/sha1_hasher.h
index 7dcb0b8b3..b9bfe1c86 100644
--- a/src/libstrongswan/plugins/sha1/sha1_hasher.h
+++ b/src/libstrongswan/plugins/sha1/sha1_hasher.h
@@ -45,4 +45,4 @@ struct sha1_hasher_t {
*/
sha1_hasher_t *sha1_hasher_create(hash_algorithm_t algo);
-#endif /*SHA1_HASHER_H_ @}*/
+#endif /** SHA1_HASHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.h b/src/libstrongswan/plugins/sha1/sha1_plugin.h
index 82ab04c86..36b12b91e 100644
--- a/src/libstrongswan/plugins/sha1/sha1_plugin.h
+++ b/src/libstrongswan/plugins/sha1/sha1_plugin.h
@@ -44,4 +44,4 @@ struct sha1_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* SHA1_PLUGIN_H_ @}*/
+#endif /** SHA1_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.h b/src/libstrongswan/plugins/sha1/sha1_prf.h
index a0f56b681..b6cd2f9d0 100644
--- a/src/libstrongswan/plugins/sha1/sha1_prf.h
+++ b/src/libstrongswan/plugins/sha1/sha1_prf.h
@@ -44,4 +44,4 @@ struct sha1_prf_t {
*/
sha1_prf_t *sha1_prf_create(pseudo_random_function_t algo);
-#endif /*SHA1_PRF_H_ @}*/
+#endif /** SHA1_PRF_H_ @}*/
diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.h b/src/libstrongswan/plugins/sha2/sha2_hasher.h
index 6d732495a..11f4fac26 100644
--- a/src/libstrongswan/plugins/sha2/sha2_hasher.h
+++ b/src/libstrongswan/plugins/sha2/sha2_hasher.h
@@ -47,4 +47,4 @@ struct sha2_hasher_t {
*/
sha2_hasher_t *sha2_hasher_create(hash_algorithm_t algorithm);
-#endif /* SHA2_HASHER_H_ @}*/
+#endif /** SHA2_HASHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.h b/src/libstrongswan/plugins/sha2/sha2_plugin.h
index 859597758..b80f7560e 100644
--- a/src/libstrongswan/plugins/sha2/sha2_plugin.h
+++ b/src/libstrongswan/plugins/sha2/sha2_plugin.h
@@ -44,4 +44,4 @@ struct sha2_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* SHA2_PLUGIN_H_ @}*/
+#endif /** SHA2_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.h b/src/libstrongswan/plugins/sqlite/sqlite_database.h
index 795785627..75f89a7ed 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_database.h
+++ b/src/libstrongswan/plugins/sqlite/sqlite_database.h
@@ -43,4 +43,4 @@ struct sqlite_database_t {
*/
sqlite_database_t *sqlite_database_create(char *uri);
-#endif /* SQLITE_DATABASE_H_ @}*/
+#endif /** SQLITE_DATABASE_H_ @}*/
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.h b/src/libstrongswan/plugins/sqlite/sqlite_plugin.h
index 07bf9618f..82735a311 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.h
+++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.h
@@ -44,4 +44,4 @@ struct sqlite_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* SQLITE_PLUGIN_H_ @}*/
+#endif /** SQLITE_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.h b/src/libstrongswan/plugins/x509/ietf_attr_list.h
index e3e4add61..983c67d14 100644
--- a/src/libstrongswan/plugins/x509/ietf_attr_list.h
+++ b/src/libstrongswan/plugins/x509/ietf_attr_list.h
@@ -77,5 +77,5 @@ chunk_t ietfAttr_list_encode(linked_list_t *list);
*/
void ietfAttr_list_destroy(linked_list_t *list);
-#endif /* IETF_ATTR_LIST_H_ @}*/
+#endif /** IETF_ATTR_LIST_H_ @}*/
diff --git a/src/libstrongswan/plugins/x509/x509_ac.h b/src/libstrongswan/plugins/x509/x509_ac.h
index 2fd165e45..5df9c5f8a 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.h
+++ b/src/libstrongswan/plugins/x509/x509_ac.h
@@ -56,4 +56,4 @@ struct x509_ac_t {
*/
builder_t *x509_ac_builder(certificate_type_t type);
-#endif /* X509_AC_H_ @}*/
+#endif /** X509_AC_H_ @}*/
diff --git a/src/libstrongswan/plugins/x509/x509_cert.h b/src/libstrongswan/plugins/x509/x509_cert.h
index 701cc3d63..8dbd8050a 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.h
+++ b/src/libstrongswan/plugins/x509/x509_cert.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: x509_cert.h 3650 2008-03-22 08:15:18Z andreas $
+ * $Id: x509_cert.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -46,4 +46,4 @@ struct x509_cert_t {
*/
builder_t *x509_cert_builder(certificate_type_t type);
-#endif /* X509_CERT_H_ @}*/
+#endif /** X509_CERT_H_ @}*/
diff --git a/src/libstrongswan/plugins/x509/x509_crl.h b/src/libstrongswan/plugins/x509/x509_crl.h
index 0d9e5cca4..daa8e4846 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.h
+++ b/src/libstrongswan/plugins/x509/x509_crl.h
@@ -45,4 +45,4 @@ struct x509_crl_t {
*/
builder_t *x509_crl_builder(certificate_type_t type);
-#endif /* X509_CRL_H_ @}*/
+#endif /** X509_CRL_H_ @}*/
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.h b/src/libstrongswan/plugins/x509/x509_ocsp_request.h
index 0a4016f65..ffaa3c634 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.h
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.h
@@ -51,4 +51,4 @@ struct x509_ocsp_request_t {
*/
builder_t *x509_ocsp_request_builder(certificate_type_t type);
-#endif /* X509_OCSP_REQUEST_H_ @}*/
+#endif /** X509_OCSP_REQUEST_H_ @}*/
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.h b/src/libstrongswan/plugins/x509/x509_ocsp_response.h
index 8b4c8328d..06a9fd3c7 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.h
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.h
@@ -44,4 +44,4 @@ struct x509_ocsp_response_t {
*/
builder_t *x509_ocsp_response_builder(certificate_type_t type);
-#endif /* X509_OCSP_RESPONSE_H_ @}*/
+#endif /** X509_OCSP_RESPONSE_H_ @}*/
diff --git a/src/libstrongswan/plugins/x509/x509_plugin.h b/src/libstrongswan/plugins/x509/x509_plugin.h
index 9743a2367..fe8c0b31f 100644
--- a/src/libstrongswan/plugins/x509/x509_plugin.h
+++ b/src/libstrongswan/plugins/x509/x509_plugin.h
@@ -44,4 +44,4 @@ struct x509_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* X509_PLUGIN_H_ @}*/
+#endif /** X509_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.h b/src/libstrongswan/plugins/xcbc/xcbc.h
index 81812442e..a334c675b 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc.h
@@ -75,4 +75,4 @@ struct xcbc_t {
*/
xcbc_t *xcbc_create(encryption_algorithm_t algo, size_t key_size);
-#endif /*xcbc_H_ @}*/
+#endif /** XCBC_H_ @}*/
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.h b/src/libstrongswan/plugins/xcbc/xcbc_plugin.h
index 728d84690..803d847aa 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.h
@@ -44,4 +44,4 @@ struct xcbc_plugin_t {
*/
plugin_t *plugin_create();
-#endif /* XCBC_PLUGIN_H_ @}*/
+#endif /** XCBC_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.h b/src/libstrongswan/plugins/xcbc/xcbc_prf.h
index e8692ae23..bbf5b972a 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_prf.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.h
@@ -47,4 +47,4 @@ struct xcbc_prf_t {
*/
xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo);
-#endif /*PRF_XCBC_SHA1_H_ @}*/
+#endif /** PRF_XCBC_SHA1_H_ @}*/
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.h b/src/libstrongswan/plugins/xcbc/xcbc_signer.h
index c7eff7e17..dc0087392 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_signer.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.h
@@ -18,8 +18,8 @@
* @{ @ingroup xcbc_p
*/
-#ifndef xcbc_SIGNER_H_
-#define xcbc_SIGNER_H_
+#ifndef XCBC_SIGNER_H_
+#define XCBC_SIGNER_H_
typedef struct xcbc_signer_t xcbc_signer_t;
@@ -44,4 +44,4 @@ struct xcbc_signer_t {
*/
xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo);
-#endif /*xcbc_SIGNER_H_ @}*/
+#endif /** XCBC_SIGNER_H_ @}*/
diff --git a/src/libstrongswan/printf_hook.h b/src/libstrongswan/printf_hook.h
index d2edbdd22..a82c1583c 100644
--- a/src/libstrongswan/printf_hook.h
+++ b/src/libstrongswan/printf_hook.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: printf_hook.h 4936 2009-03-12 18:07:32Z tobias $
+ * $Id: printf_hook.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -150,4 +150,4 @@ struct printf_hook_t {
*/
printf_hook_t *printf_hook_create();
-#endif /* PRINTF_HOOK_H_ @}*/
+#endif /** PRINTF_HOOK_H_ @}*/
diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h
index 0f41878c5..c487f7775 100644
--- a/src/libstrongswan/settings.h
+++ b/src/libstrongswan/settings.h
@@ -116,4 +116,4 @@ struct settings_t {
*/
settings_t *settings_create(char *file);
-#endif /* SETTINGS_H_ @}*/
+#endif /** SETTINGS_H_ @}*/
diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h
index 01d01576e..b740e7473 100644
--- a/src/libstrongswan/utils.h
+++ b/src/libstrongswan/utils.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: utils.h 4936 2009-03-12 18:07:32Z tobias $
+ * $Id: utils.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -311,4 +311,4 @@ int time_delta_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
int mem_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
const void *const *args);
-#endif /* UTILS_H_ @}*/
+#endif /** UTILS_H_ @}*/
diff --git a/src/libstrongswan/utils/backtrace.h b/src/libstrongswan/utils/backtrace.h
index 72effd01e..061d9f356 100644
--- a/src/libstrongswan/utils/backtrace.h
+++ b/src/libstrongswan/utils/backtrace.h
@@ -59,5 +59,4 @@ struct backtrace_t {
*/
backtrace_t *backtrace_create(int skip);
-#endif /* BACKTRACE_H_ @}*/
-
+#endif /** BACKTRACE_H_ @}*/
diff --git a/src/libstrongswan/utils/enumerator.h b/src/libstrongswan/utils/enumerator.h
index d82f650db..98f300609 100644
--- a/src/libstrongswan/utils/enumerator.h
+++ b/src/libstrongswan/utils/enumerator.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: enumerator.h 4142 2008-07-02 08:09:07Z martin $
+ * $Id: enumerator.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -122,7 +122,7 @@ enumerator_t* enumerator_create_token(char *string, char *sep, char *trim);
* @return the nested enumerator
*/
enumerator_t *enumerator_create_nested(enumerator_t *outer,
- enumerator_t *(inner_constructor)(void *outer, void *data),
+ enumerator_t *(*inner_constructor)(void *outer, void *data),
void *data, void (*destroy_data)(void *data));
/**
@@ -157,4 +157,4 @@ enumerator_t *enumerator_create_filter(enumerator_t *unfiltered,
enumerator_t *enumerator_create_cleaner(enumerator_t *wrapped,
void (*cleanup)(void *data), void *data);
-#endif /* ENUMERATOR_H_ @} */
+#endif /** ENUMERATOR_H_ @}*/
diff --git a/src/libstrongswan/utils/hashtable.h b/src/libstrongswan/utils/hashtable.h
index 3d3005e73..28804caf8 100644
--- a/src/libstrongswan/utils/hashtable.h
+++ b/src/libstrongswan/utils/hashtable.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: hashtable.h 4762 2008-12-05 10:01:52Z martin $
+ * $Id: hashtable.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -113,4 +113,4 @@ struct hashtable_t {
hashtable_t *hashtable_create(hashtable_hash_t hash, hashtable_equals_t equals,
u_int capacity);
-#endif /* HASHTABLE_H_ @} */
+#endif /** HASHTABLE_H_ @}*/
diff --git a/src/libstrongswan/utils/host.h b/src/libstrongswan/utils/host.h
index 5f00872b8..0a2541d96 100644
--- a/src/libstrongswan/utils/host.h
+++ b/src/libstrongswan/utils/host.h
@@ -207,4 +207,4 @@ host_t *host_create_any(int family);
int host_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
const void *const *args);
-#endif /* HOST_H_ @}*/
+#endif /** HOST_H_ @}*/
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index ff97f3610..bce6b1cc2 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: identification.c 4936 2009-03-12 18:07:32Z tobias $
+ * $Id: identification.c 5036 2009-03-26 13:25:46Z martin $
*/
#define _GNU_SOURCE
@@ -716,6 +716,37 @@ static id_type_t get_type(private_identification_t *this)
}
/**
+ * Implementation of identification_t.contains_wildcards fro ID_DER_ASN1_DN.
+ */
+static bool contains_wildcards_dn(private_identification_t *this)
+{
+ chunk_t rdn, attribute;
+ chunk_t oid, value;
+ asn1_t type;
+ bool next;
+
+ if (!init_rdn(this->encoded, &rdn, &attribute, &next))
+ {
+ return FALSE;
+ }
+ /* fetch next RDN */
+ while (next)
+ {
+ /* parse next RDN and check for errors */
+ if (!get_next_rdn(&rdn, &attribute, &oid, &value, &type, &next))
+ {
+ return FALSE;
+ }
+ /* check if RDN is a wildcard */
+ if (value.len == 1 && *value.ptr == '*')
+ {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+/**
* Implementation of identification_t.contains_wildcards.
*/
static bool contains_wildcards(private_identification_t *this)
@@ -728,10 +759,9 @@ static bool contains_wildcards(private_identification_t *this)
case ID_RFC822_ADDR:
return memchr(this->encoded.ptr, '*', this->encoded.len) != NULL;
case ID_DER_ASN1_DN:
- /* TODO */
+ return contains_wildcards_dn(this);
default:
return FALSE;
-
}
}
diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h
index 070984490..2284b7b46 100644
--- a/src/libstrongswan/utils/identification.h
+++ b/src/libstrongswan/utils/identification.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: identification.h 4936 2009-03-12 18:07:32Z tobias $
+ * $Id: identification.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -197,8 +197,8 @@ struct identification_t {
* Check if an ID matches a wildcard ID.
*
* An identification_t may contain wildcards, such as
- * *@strongswan.org. This call checks if a given ID
- * (e.g. tester@strongswan.org) belongs to a such wildcard
+ * *.strongswan.org. This call checks if a given ID
+ * (e.g. tester.strongswan.org) belongs to a such wildcard
* ID. Returns > 0 if
* - IDs are identical
* - other is of type ID_ANY
@@ -243,7 +243,7 @@ struct identification_t {
* The input string may be e.g. one of the following:
* - ID_IPV4_ADDR: 192.168.0.1
* - ID_IPV6_ADDR: 2001:0db8:85a3:08d3:1319:8a2e:0370:7345
- * - ID_FQDN: @www.strongswan.org (@indicates FQDN)
+ * - ID_FQDN: www.strongswan.org (optionally with a prepended @)
* - ID_RFC822_ADDR: alice@wonderland.org
* - ID_DER_ASN1_DN: C=CH, O=Linux strongSwan, CN=bob
*
@@ -283,4 +283,4 @@ identification_t * identification_create_from_encoding(id_type_t type, chunk_t e
int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
const void *const *args);
-#endif /* IDENTIFICATION_H_ @} */
+#endif /** IDENTIFICATION_H_ @}*/
diff --git a/src/libstrongswan/utils/iterator.h b/src/libstrongswan/utils/iterator.h
index 28ee74cd6..02eb1b9c0 100644
--- a/src/libstrongswan/utils/iterator.h
+++ b/src/libstrongswan/utils/iterator.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: iterator.h 4577 2008-11-05 08:37:09Z martin $
+ * $Id: iterator.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -113,4 +113,4 @@ struct iterator_t {
void (*destroy) (iterator_t *this);
};
-#endif /*ITERATOR_H_ @} */
+#endif /** ITERATOR_H_ @}*/
diff --git a/src/libstrongswan/utils/leak_detective.h b/src/libstrongswan/utils/leak_detective.h
index 3773fb8e5..cd30dcd5f 100644
--- a/src/libstrongswan/utils/leak_detective.h
+++ b/src/libstrongswan/utils/leak_detective.h
@@ -44,5 +44,5 @@ struct leak_detective_t {
*/
leak_detective_t *leak_detective_create();
-#endif /* LEAK_DETECTIVE_H_ @}*/
+#endif /** LEAK_DETECTIVE_H_ @}*/
diff --git a/src/libstrongswan/utils/lexparser.h b/src/libstrongswan/utils/lexparser.h
index c47f65718..6ae970e1e 100644
--- a/src/libstrongswan/utils/lexparser.h
+++ b/src/libstrongswan/utils/lexparser.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: lexparser.h 4877 2009-02-18 09:45:54Z martin $
+ * $Id: lexparser.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -47,7 +47,7 @@ bool extract_token(chunk_t *token, const char termination, chunk_t *src);
bool extract_token_str(chunk_t *token, const char *termination, chunk_t *src);
/**
- * Fetches a new text line terminated by \n or \r\n
+ * Fetches a new text line terminated by \\n or \\r\\n
*/
bool fetchline(chunk_t *src, chunk_t *line);
@@ -66,4 +66,4 @@ err_t extract_name_value(chunk_t *name, chunk_t *value, chunk_t *line);
*/
err_t extract_parameter_value(chunk_t *name, chunk_t *value, chunk_t *line);
-#endif /* LEXPARSER_H_ @} */
+#endif /** LEXPARSER_H_ @}*/
diff --git a/src/libstrongswan/utils/linked_list.h b/src/libstrongswan/utils/linked_list.h
index ba47e7dfb..aa603fefa 100644
--- a/src/libstrongswan/utils/linked_list.h
+++ b/src/libstrongswan/utils/linked_list.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: linked_list.h 4576 2008-11-05 08:32:38Z martin $
+ * $Id: linked_list.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -272,4 +272,4 @@ struct linked_list_t {
*/
linked_list_t *linked_list_create(void);
-#endif /*LINKED_LIST_H_ @} */
+#endif /** LINKED_LIST_H_ @}*/
diff --git a/src/libstrongswan/utils/mutex.h b/src/libstrongswan/utils/mutex.h
index 4cdd96a99..46c939fb8 100644
--- a/src/libstrongswan/utils/mutex.h
+++ b/src/libstrongswan/utils/mutex.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: mutex.h 4697 2008-11-25 19:30:02Z tobias $
+ * $Id: mutex.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -185,4 +185,4 @@ condvar_t *condvar_create(condvar_type_t type);
*/
rwlock_t *rwlock_create(rwlock_type_t type);
-#endif /* MUTEX_H_ @}*/
+#endif /** MUTEX_H_ @}*/
diff --git a/src/libstrongswan/utils/optionsfrom.h b/src/libstrongswan/utils/optionsfrom.h
index 424b9dc61..9372971ca 100644
--- a/src/libstrongswan/utils/optionsfrom.h
+++ b/src/libstrongswan/utils/optionsfrom.h
@@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: optionsfrom.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: optionsfrom.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -56,4 +56,4 @@ struct options_t {
*/
options_t *options_create(void);
-#endif /*OPTIONSFROM_H_ @} */
+#endif /** OPTIONSFROM_H_ @}*/
diff --git a/src/manager/controller/auth_controller.h b/src/manager/controller/auth_controller.h
index b17e5745d..e2cd48cc4 100644
--- a/src/manager/controller/auth_controller.h
+++ b/src/manager/controller/auth_controller.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: auth_controller.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: auth_controller.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -44,4 +44,4 @@ struct auth_controller_t {
*/
controller_t *auth_controller_create(context_t *context, void *param);
-#endif /* AUTH_CONTROLLER_H_ @} */
+#endif /** AUTH_CONTROLLER_H_ @}*/
diff --git a/src/manager/controller/config_controller.h b/src/manager/controller/config_controller.h
index cde4efd1a..88d37424f 100644
--- a/src/manager/controller/config_controller.h
+++ b/src/manager/controller/config_controller.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: config_controller.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: config_controller.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -44,4 +44,4 @@ struct config_controller_t {
*/
controller_t *config_controller_create(context_t *context, void *param);
-#endif /* CONFIG_CONTROLLER_H_ @} */
+#endif /** CONFIG_CONTROLLER_H_ @}*/
diff --git a/src/manager/controller/control_controller.h b/src/manager/controller/control_controller.h
index 1f2fbcb31..8992e5b48 100644
--- a/src/manager/controller/control_controller.h
+++ b/src/manager/controller/control_controller.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: control_controller.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: control_controller.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -44,4 +44,4 @@ struct control_controller_t {
*/
controller_t *control_controller_create(context_t *context, void *param);
-#endif /* CONTROL_CONTROLLER_H_ */
+#endif /** CONTROL_CONTROLLER_H_ @}*/
diff --git a/src/manager/controller/gateway_controller.h b/src/manager/controller/gateway_controller.h
index cf314ce54..864c7a4bd 100644
--- a/src/manager/controller/gateway_controller.h
+++ b/src/manager/controller/gateway_controller.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: gateway_controller.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: gateway_controller.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -44,4 +44,4 @@ struct gateway_controller_t {
*/
controller_t *gateway_controller_create(context_t *context, void *param);
-#endif /* GATEWAY_CONTROLLER_H_ @} */
+#endif /** GATEWAY_CONTROLLER_H_ @}*/
diff --git a/src/manager/controller/ikesa_controller.h b/src/manager/controller/ikesa_controller.h
index 1ff9d1749..240e8db4f 100644
--- a/src/manager/controller/ikesa_controller.h
+++ b/src/manager/controller/ikesa_controller.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: ikesa_controller.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: ikesa_controller.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -44,4 +44,4 @@ struct ikesa_controller_t {
*/
controller_t *ikesa_controller_create(context_t *context, void *param);
-#endif /* IKESA_CONTROLLER_H_ @} */
+#endif /** IKESA_CONTROLLER_H_ @}*/
diff --git a/src/manager/gateway.h b/src/manager/gateway.h
index 17df9763a..4ba301a0f 100644
--- a/src/manager/gateway.h
+++ b/src/manager/gateway.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: gateway.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: gateway.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -74,9 +74,9 @@ struct gateway_t {
enumerator_t* (*initiate)(gateway_t *this, bool ike, char *name);
/**
- * Destroy a gateway instance.
- */
- void (*destroy)(gateway_t *this);
+ * Destroy a gateway instance.
+ */
+ void (*destroy)(gateway_t *this);
};
/**
@@ -84,7 +84,7 @@ struct gateway_t {
*
* @param name name of the gateway
* @param host gateway connection endpoint
- * @param
+ * @return gateway connection
*/
gateway_t *gateway_create_tcp(char *name, host_t *host);
@@ -92,8 +92,8 @@ gateway_t *gateway_create_tcp(char *name, host_t *host);
* Create a gateway instance using a UNIX socket.
*
* @param name name of the gateway
- * @param
+ * @return gateway connection
*/
gateway_t *gateway_create_unix(char *name);
-#endif /* GATEWAY_H_ @} */
+#endif /** GATEWAY_H_ @}*/
diff --git a/src/manager/manager.h b/src/manager/manager.h
index 669e413ac..ecd29550b 100644
--- a/src/manager/manager.h
+++ b/src/manager/manager.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: manager.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: manager.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -95,4 +95,4 @@ struct manager_t {
*/
manager_t *manager_create(storage_t *storage);
-#endif /* MANAGER_H_ @} */
+#endif /** MANAGER_H_ @}*/
diff --git a/src/manager/storage.h b/src/manager/storage.h
index f732eca72..6c5bea650 100644
--- a/src/manager/storage.h
+++ b/src/manager/storage.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: storage.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: storage.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -66,4 +66,4 @@ struct storage_t {
*/
storage_t *storage_create(char *uri);
-#endif /* STORAGE_H_ @} */
+#endif /** STORAGE_H_ @}*/
diff --git a/src/manager/xml.h b/src/manager/xml.h
index 73964307d..febe5c25d 100644
--- a/src/manager/xml.h
+++ b/src/manager/xml.h
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * $Id: xml.h 3589 2008-03-13 14:14:44Z martin $
+ * $Id: xml.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -60,4 +60,4 @@ struct xml_t {
*/
xml_t *xml_create(char *xml);
-#endif /* XML_H_ @} */
+#endif /** XML_H_ @}*/
diff --git a/src/pluto/asn1.c b/src/pluto/asn1.c
index bd27f6a78..529f597fb 100644
--- a/src/pluto/asn1.c
+++ b/src/pluto/asn1.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: asn1.c 4942 2009-03-13 20:22:24Z andreas $
+ * RCSID $Id: asn1.c 5041 2009-03-27 08:58:48Z andreas $
*/
#include <stdlib.h>
@@ -348,6 +348,8 @@ is_printablestring(chunk_t str)
return TRUE;
}
+#define TIME_MAX 0x7fffffff
+
/*
* Converts ASN.1 UTCTIME or GENERALIZEDTIME into calender time
*/
@@ -355,7 +357,7 @@ time_t
asn1totime(const chunk_t *utctime, asn1_t type)
{
struct tm t;
- time_t tz_offset;
+ time_t tc, tz_offset;
u_char *eot = NULL;
if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL)
@@ -381,6 +383,7 @@ asn1totime(const chunk_t *utctime, asn1_t type)
return 0; /* error in time format */
}
+ /* parse ASN.1 time string */
{
const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
"%4d%2d%2d%2d%2d";
@@ -419,9 +422,11 @@ asn1totime(const chunk_t *utctime, asn1_t type)
/* set daylight saving time to off */
t.tm_isdst = 0;
- /* compensate timezone */
+ /* convert to time_t */
+ tc = mktime(&t);
- return mktime(&t) - timezone - tz_offset;
+ /* if no conversion overflow occurred, compensate timezone */
+ return (tc == -1) ? TIME_MAX : (tc - timezone - tz_offset);
}
/*
diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c
index 52b59be31..9721ac583 100644
--- a/src/pluto/ipsec_doi.c
+++ b/src/pluto/ipsec_doi.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: ipsec_doi.c 4924 2009-03-10 21:13:18Z andreas $
+ * RCSID $Id: ipsec_doi.c 5052 2009-03-30 03:47:14Z andreas $
*/
#include <stdio.h>
@@ -5446,9 +5446,9 @@ dpd_inI_outR(struct state *st, struct isakmp_notification *const n, pb_stream *p
time_t tm = now();
u_int32_t seqno;
- if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state))
+ if (st == NULL || !IS_ISAKMP_SA_ESTABLISHED(st->st_state))
{
- loglog(RC_LOG_SERIOUS, "DPD: Received R_U_THERE for unestablished ISKAMP SA");
+ loglog(RC_LOG_SERIOUS, "DPD: Received R_U_THERE for unestablished ISAKMP SA");
return STF_IGNORE;
}
if (n->isan_spisize != COOKIE_SIZE * 2 || pbs_left(pbs) < COOKIE_SIZE * 2)
@@ -5516,10 +5516,10 @@ dpd_inR(struct state *st, struct isakmp_notification *const n, pb_stream *pbs)
{
u_int32_t seqno;
- if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state))
+ if (st == NULL || !IS_ISAKMP_SA_ESTABLISHED(st->st_state))
{
loglog(RC_LOG_SERIOUS
- , "DPD: Received R_U_THERE_ACK for unestablished ISKAMP SA");
+ , "DPD: Received R_U_THERE_ACK for unestablished ISAKMP SA");
return STF_FAIL;
}
diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c
index cf2136b44..f957bf39b 100644
--- a/src/pluto/vendor.c
+++ b/src/pluto/vendor.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: vendor.c 4893 2009-02-21 17:53:10Z andreas $
+ * RCSID $Id: vendor.c 5052 2009-03-30 03:47:14Z andreas $
*/
#include <stdlib.h>
@@ -206,7 +206,8 @@ static struct vid_struct _vid_tab[] = {
/*
* strongSwan
*/
- DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.13")
+ DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.14")
+ DEC_MD5_VID(STRONGSWAN_4_2_13,"strongSwan 4.2.13")
DEC_MD5_VID(STRONGSWAN_4_2_12,"strongSwan 4.2.12")
DEC_MD5_VID(STRONGSWAN_4_2_11,"strongSwan 4.2.11")
DEC_MD5_VID(STRONGSWAN_4_2_10,"strongSwan 4.2.10")
@@ -241,6 +242,7 @@ static struct vid_struct _vid_tab[] = {
DEC_MD5_VID(STRONGSWAN_4_0_1, "strongSwan 4.0.1")
DEC_MD5_VID(STRONGSWAN_4_0_0, "strongSwan 4.0.0")
+ DEC_MD5_VID(STRONGSWAN_2_8_8, "strongSwan 2.8.9")
DEC_MD5_VID(STRONGSWAN_2_8_8, "strongSwan 2.8.8")
DEC_MD5_VID(STRONGSWAN_2_8_7, "strongSwan 2.8.7")
DEC_MD5_VID(STRONGSWAN_2_8_6, "strongSwan 2.8.6")
diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h
index f049af1ef..2c8c24b34 100644
--- a/src/pluto/vendor.h
+++ b/src/pluto/vendor.h
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: vendor.h 4893 2009-02-21 17:53:10Z andreas $
+ * RCSID $Id: vendor.h 5052 2009-03-30 03:47:14Z andreas $
*/
#ifndef _VENDOR_H_
@@ -94,6 +94,7 @@ enum known_vendorid {
VID_STRONGSWAN_2_8_6 = 72,
VID_STRONGSWAN_2_8_7 = 73,
VID_STRONGSWAN_2_8_8 = 74,
+ VID_STRONGSWAN_2_8_9 = 75,
VID_STRONGSWAN_4_0_0 = 80,
VID_STRONGSWAN_4_0_1 = 81,
@@ -129,6 +130,7 @@ enum known_vendorid {
VID_STRONGSWAN_4_2_10 =110,
VID_STRONGSWAN_4_2_11 =111,
VID_STRONGSWAN_4_2_12 =112,
+ VID_STRONGSWAN_4_2_13 =113,
/* 101 - 200 : NAT-Traversal */
VID_NATT_STENBERG_01 =151,
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index 78320b4c7..8a9ba54c9 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -15,6 +15,14 @@ MAINTAINERCLEANFILES = lex.yy.c y.tab.c y.tab.h keywords.c
PLUTODIR=$(top_srcdir)/src/pluto
SCEPCLIENTDIR=$(top_srcdir)/src/scepclient
+if USE_PLUTO
+ AM_CFLAGS += -DSTART_PLUTO
+endif
+
+if USE_CHARON
+ AM_CFLAGS += -DSTART_CHARON
+endif
+
lex.yy.c: parser.l parser.y parser.h y.tab.c
$(LEX) --nounput $<
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 1301b931d..54fd28604 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -33,6 +33,8 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
ipsec_PROGRAMS = starter$(EXEEXT)
+@USE_PLUTO_TRUE@am__append_1 = -DSTART_PLUTO
+@USE_CHARON_TRUE@am__append_2 = -DSTART_CHARON
subdir = src/starter
DIST_COMMON = README $(dist_man_MANS) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in
@@ -219,7 +221,9 @@ keywords.c files.h keywords.h cmp.c starter.c cmp.h exec.c invokecharon.c \
exec.h invokecharon.h lex.yy.c loglite.c klips.c klips.h
INCLUDES = -I${linuxdir} -I$(top_srcdir)/src/libfreeswan -I$(top_srcdir)/src/pluto -I$(top_srcdir)/src/whack -I$(top_srcdir)/src/stroke
-AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" -DDEBUG
+AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" \
+ -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" \
+ -DDEBUG $(am__append_1) $(am__append_2)
starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a
EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf
dist_man_MANS = ipsec.conf.5 starter.8
diff --git a/src/starter/confread.c b/src/starter/confread.c
index d0d1f4ed8..855d07b51 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: confread.c 4882 2009-02-18 19:57:15Z tobias $
+ * RCSID $Id: confread.c 5002 2009-03-24 15:02:12Z martin $
*/
#include <stddef.h>
@@ -61,8 +61,13 @@ static void default_values(starter_config_t *cfg)
cfg->setup.hidetos = TRUE;
cfg->setup.uniqueids = TRUE;
cfg->setup.interfaces = new_list("%defaultroute");
+
+#ifdef START_CHARON
cfg->setup.charonstart = TRUE;
+#endif
+#ifdef START_PLUTO
cfg->setup.plutostart = TRUE;
+#endif
cfg->conn_default.seen = LEMPTY;
cfg->conn_default.startup = STARTUP_NO;
@@ -625,6 +630,10 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
{
conn->eap_type = 26;
}
+ else if (streq(kw->value, "radius"))
+ { /* pseudo-type */
+ conn->eap_type = 253;
+ }
else
{
conn->eap_type = atoi(kw->value);
diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c
index 8028bbe54..dd3f5f018 100644
--- a/src/starter/invokecharon.c
+++ b/src/starter/invokecharon.c
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: invokecharon.c 4833 2009-01-13 06:50:55Z andreas $
+ * RCSID $Id: invokecharon.c 5050 2009-03-27 16:14:59Z andreas $
*/
#include <sys/types.h>
@@ -216,7 +216,7 @@ starter_start_charon (starter_config_t *cfg, bool no_fork)
{
kill(pid, SIGKILL);
}
- usleep(20000);
+ usleep(20000); /* sleep for 20 ms */
}
}
else
diff --git a/src/starter/invokepluto.c b/src/starter/invokepluto.c
index e18d6e38d..edc587124 100644
--- a/src/starter/invokepluto.c
+++ b/src/starter/invokepluto.c
@@ -11,7 +11,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: invokepluto.c 4632 2008-11-11 18:37:19Z martin $
+ * RCSID $Id: invokepluto.c 5050 2009-03-27 16:14:59Z andreas $
*/
#include <sys/types.h>
@@ -62,33 +62,49 @@ starter_pluto_sigchild(pid_t pid)
int
starter_stop_pluto (void)
{
- pid_t pid;
int i;
+ pid_t pid = _pluto_pid;
- pid = _pluto_pid;
if (pid)
{
_stop_requested = 1;
+
if (starter_whack_shutdown() == 0)
{
- for (i = 0; i < 20; i++)
+ for (i = 0; i < 400; i++)
{
- usleep(20000);
+ usleep(20000); /* sleep for 20 ms */
if (_pluto_pid == 0)
+ {
+ plog("pluto stopped after %d ms", 20*(i+1));
return 0;
+ }
}
}
/* be more and more aggressive */
for (i = 0; i < 20 && (pid = _pluto_pid) != 0; i++)
{
+
if (i < 10)
+ {
kill(pid, SIGTERM);
+ }
+ if (i == 10)
+ {
+ kill(pid, SIGKILL);
+ plog("starter_stop_pluto(): pluto does not respond, sending KILL");
+ }
else
+ {
kill(pid, SIGKILL);
- usleep(20000);
+ }
+ usleep(100000); /* sleep for 100 ms */
}
if (_pluto_pid == 0)
+ {
+ plog("pluto stopped after %d ms", 8000 + 100*i);
return 0;
+ }
plog("starter_stop_pluto(): can't stop pluto !!!");
return -1;
}
@@ -248,17 +264,17 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork)
default:
/* father */
_pluto_pid = pid;
- for (i = 0; i < 50 && _pluto_pid; i++)
+ for (i = 0; i < 500 && _pluto_pid; i++)
{
- /* wait for pluto */
+ /* wait for pluto for a maximum of 500 x 20 ms = 10 s */
usleep(20000);
if (stat(PLUTO_CTL_FILE, &stb) == 0)
{
- DBG(DBG_CONTROL,
- DBG_log("pluto (%d) started", _pluto_pid)
- )
+ plog("pluto (%d) started after %d ms", _pluto_pid, 20*(i+1));
if (cfg->setup.postpluto)
+ {
ignore_result(system(cfg->setup.postpluto));
+ }
return 0;
}
}
@@ -269,10 +285,14 @@ starter_start_pluto (starter_config_t *cfg, bool no_fork)
for (i = 0; i < 20 && (pid = _pluto_pid) != 0; i++)
{
if (i < 10)
+ {
kill(pid, SIGTERM);
+ }
else
+ {
kill(pid, SIGKILL);
- usleep(20000);
+ }
+ usleep(20000); /* sleep for 20 ms */
}
}
else
diff --git a/src/starter/ipsec.conf.5 b/src/starter/ipsec.conf.5
index 9ad03eb60..565f15c66 100644
--- a/src/starter/ipsec.conf.5
+++ b/src/starter/ipsec.conf.5
@@ -1,5 +1,5 @@
.TH IPSEC.CONF 5 "27 Jun 2007"
-.\" RCSID $Id: ipsec.conf.5 4890 2009-02-19 22:12:04Z andreas $
+.\" RCSID $Id: ipsec.conf.5 5002 2009-03-24 15:02:12Z martin $
.SH NAME
ipsec.conf \- IPsec configuration and connections
.SH DESCRIPTION
@@ -369,6 +369,10 @@ in the form
(e.g.
.B eap=7-12345
) can be used to specify vendor specific EAP types.
+
+To forward EAP authentication to a RADIUS server using the EAP-RADIUS plugin,
+set
+.B eap=radius
.TP
.B eap_identity
defines the identity the client uses to reply to a EAP Identity request.
@@ -936,9 +940,11 @@ and
whether to start the IKEv2 Charon daemon or not.
Accepted values are
.B yes
-(the default)
or
.BR no .
+The default is
+.B yes
+if starter was compiled with IKEv2 support.
.TP
.B dumpdir
in what directory should things started by \fBipsec starter\fR
@@ -951,9 +957,11 @@ This feature is currently not yet supported by \fBipsec starter\fR.
whether to start the IKEv1 Pluto daemon or not.
Accepted values are
.B yes
-(the default)
or
.BR no .
+The default is
+.B yes
+if starter was compiled with IKEv1 support.
.TP
.B strictcrlpolicy
defines if a fresh CRL must be available in order for the peer authentication based
diff --git a/testing/INSTALL b/testing/INSTALL
index 27a2ddc64..cdf51ab35 100644
--- a/testing/INSTALL
+++ b/testing/INSTALL
@@ -53,7 +53,7 @@ are required for the strongSwan testing environment:
* A vanilla Linux kernel on which the UML kernel will be based on.
We recommend the use of
- http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.6.tar.bz2
+ http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.8.tar.bz2
* The Linux kernel 2.6.28 does not require any patches for the uml guest kernel
to successfully start up.
@@ -68,7 +68,7 @@ are required for the strongSwan testing environment:
* The latest strongSwan distribution
- http://download.strongswan.org/strongswan-4.2.13.tar.bz2
+ http://download.strongswan.org/strongswan-4.2.14.tar.bz2
3. Creating the environment
@@ -143,5 +143,5 @@ README document.
-----------------------------------------------------------------------------
-This file is RCSID $Id: INSTALL 4893 2009-02-21 17:53:10Z andreas $
+This file is RCSID $Id: INSTALL 4990 2009-03-22 14:37:03Z andreas $
diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl
index 199ecf10e..78e91bdd6 100755
--- a/testing/hosts/winnetou/etc/openssl/generate-crl
+++ b/testing/hosts/winnetou/etc/openssl/generate-crl
@@ -36,3 +36,8 @@ cd /etc/openssl/ecdsa
openssl ca -gencrl -crldays 15 -config /etc/openssl/ecdsa/openssl.cnf -out crl.pem
openssl crl -in crl.pem -outform der -out strongswan_ec.crl
cp strongswan_ec.crl /var/www/localhost/htdocs/
+cd /etc/openssl/monster
+openssl ca -gencrl -crldays 15 -config /etc/openssl/monster/openssl.cnf -out crl.pem
+openssl crl -in crl.pem -outform der -out strongswan-monster.crl
+cp strongswan-monster.crl /var/www/localhost/htdocs/
+
diff --git a/testing/hosts/winnetou/etc/openssl/monster/crlnumber b/testing/hosts/winnetou/etc/openssl/monster/crlnumber
new file mode 100644
index 000000000..eeee65ec4
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/crlnumber
@@ -0,0 +1 @@
+05
diff --git a/testing/hosts/winnetou/etc/openssl/monster/index.txt b/testing/hosts/winnetou/etc/openssl/monster/index.txt
new file mode 100644
index 000000000..cd9407ee9
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/index.txt
@@ -0,0 +1,2 @@
+V 390321140608Z 01 unknown /C=CH/O=Linux strongSwan/OU=Monster/CN=carol@strongswan.org
+V 390321140716Z 02 unknown /C=CH/O=Linux strongSwan/OU=Monster/CN=moon.strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr b/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr
new file mode 100644
index 000000000..3a7e39e6e
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr.old b/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr.old
new file mode 100644
index 000000000..8f7e63a34
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/testing/hosts/winnetou/etc/openssl/monster/index.txt.old b/testing/hosts/winnetou/etc/openssl/monster/index.txt.old
new file mode 100644
index 000000000..fbbcb81d3
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/index.txt.old
@@ -0,0 +1 @@
+V 390321140608Z 01 unknown /C=CH/O=Linux strongSwan/OU=Monster/CN=carol@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/monster/newcerts/01.pem b/testing/hosts/winnetou/etc/openssl/monster/newcerts/01.pem
new file mode 100644
index 000000000..2ce2ce3c9
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/newcerts/01.pem
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIINzCCBB+gAwIBAgIBATANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN
+b25zdGVyIENBMB4XDTA5MDMyODE0MDYwOFoXDTM5MDMyMTE0MDYwOFowWTELMAkG
+A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v
+bnN0ZXIxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgR
+yGVG6HVoA3DU/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mp
+dYtP53SWASOHBiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkw
+BebpMLCf2Mi1robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bO
+FPoBoBOY7v4fuq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DW
+kk1vTt4jplSg6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5
+mGabckTMvtI591UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014l
+cFg11mzjXGGBFuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest
+2X0psHe3AlocUFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9C
+uezkuM1QEvkev5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+
+t8GhCKV6B7RTzFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3Hh
+fTZstGECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1Ud
+DgQWBBTy8LU5yQdnV8pfwhCPY7q/CiNyzjB4BgNVHSMEcTBvgBQZYq2Wq8b7148Q
+xFb/QGMiQnB2DqFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0
+cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gTW9uc3RlciBDQYIJAIORWNru
+S4GuMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMEEGA1UdHwQ6MDgw
+NqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi1tb25z
+dGVyLmNybDANBgkqhkiG9w0BAQ0FAAOCBAEAi39l78OCI9S0I3X62HbkxiLguvnc
+CbXY6Tqmz0Ms8xqZgYzJOk7FLB/4v/zJohOH5nd7KxJ81KbcERyASpybaLM0/V+V
+oGT0rDGGH5cS4H2uYfs9HsKFKKPbZeCnExFyCamXjBZkl5IZNjdpS9TLyXRJSyFN
+OIRNhILPSriqdtzgRuGOeX798U8o0ObizGQRVlT0p0lI4t64dzZbIh3jSXjCf1Tz
+cmVOC8qhhGvxLlorSy5K98t2zNY7DvzwtvoQrNFGtso1kvfmaO4XRCvSZsmqPpC5
+mmWJjNEG2qcbmfpt8TotyUHgEJTZXwXlPVVb5OXHTW6jXk/MN0UiMTLJYcvJ1gji
+kSnGNHzRH2rKlYRED+jlzzHAWSv0mBGcOTdmfBV6+TJ7QhWhLZBzAUfwqXpAy9Vk
+idtyB0eSWBTIvhZY6SzB0Rvkdj0FtZ+tNURT4dPtiO0D+LXm/ojpdKKI2tFNOgwY
+n8df2u3xnCRvHqcF6lvu+ptnwUkUDDGDuiM20+sm0HHhLIj51v8tTm3Q/MzI0BAb
+G4HOSQNDzymWDgzIE67UTxBwXVDbSLkzH1vhFXtZQlD1UHqOUT/4FQm5ZlVMF8na
+FKxHakqoh1CdI8TAmM64h3hp1zp+G9Zn0lfcHRhvWBvpU8mgF1cbEvgbzjd9+xLe
+q45/8xuZPnU7XIBvDcZTUk8LRIThcTxQRlQdI1UJnvPOBYG3mUrLs2UdEZGwsooG
+zMOj3EQwqrR67rQiuGo65IMPDix4mwHjcZ8Gr4eqLDwSUS5yoPX1qI2qNLQbI1Ni
+8PEYMXQ0Xm+9Z86ZkI0dAIBWLkEGkz5Ngqk4O3JLzF1O/XPG4E9hGJ8WsHQW6pk9
++quv5nVNCAO0z6FYfQoYprdbDBur+N/no+BYIcSFSpLcNgafLXgj3I65iJ2VmRi0
+V0xAfxcRiQN2+/7aao2zLrrSPHU8YsW48ISw9ibQ9EckZMVtnhuYpBJuX8+auZ8f
+OgBmgRi7fCtEcMlXsiisQehymMs470eDRfWFUMzgJC8tMOQIWNdYM0Bo29wYUJPN
+jD+NO0n+PisFMilBEyoT2pD1i94+5DWQau/7STb3GbpBsLb7JbIrQEp0oSdsvsNR
+SaJQEqMxepJM0OGp3FMr79s+/a13+TMm+jl65M6sV/YTDdYFlplkWyHDjbL+WjUu
+lvDEURfBJrtT7u673RakCEzl5e53fP01HXFhqgMSloR7j2XNiyCeEUBp+zetXxwb
+8e6IKtbXWU+WcXIdNOHAL+OtD1vUK3gxupJPrRNW6daZKWUDbjRixzXnjeyIw8It
+bRldc5VjyM0G4FMbmIROgRcvjJ74MUwnHpgPl9zQ28HmbxKbANiJJZHIDw==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/monster/newcerts/02.pem b/testing/hosts/winnetou/etc/openssl/monster/newcerts/02.pem
new file mode 100644
index 000000000..e83798c07
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/newcerts/02.pem
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIINTCCBB2gAwIBAgIBAjANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN
+b25zdGVyIENBMB4XDTA5MDMyODE0MDcxNloXDTM5MDMyMTE0MDcxNlowWDELMAkG
+A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v
+bnN0ZXIxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQC/9647SgAcK/or/Qs/3cRc19po7oex5EBdPR7b
+vInAuzrVMK84+ifneBWscVhBnxcUI37D0SpKx0onrdskMOyv5nmkdcgQf8931eip
+scNsw8bC8MJsbc5Jfn3DKPurbKK2/uFFE8ot7S65HY9tVBsxKsrjS5YFPE+DKKP+
+BgVk/9hL0Kqq2iKuWTq8YTRMu5iskpLIxqvuz362G46BKoW52pFegeDzpz/Bs/7y
+0oWPRcNcuRQR5XFTpF2L3UosniMkr7aYU5Z8s7IqiEx7txGh5SxRB+TYIZwB1ODa
+L+bnclQeMsBiFqlO9UI38UaxEQgk/+UhgpaX/DPrZg8KJmjW3e+x8xcwL3ouRLy2
+2Z99WMnV6TlwpTKj24EQJALmLG+UJG+hbV9P9j6Mkql3FHb4aLZH71CvyCqeg2yh
+FGiuaGEe8vS9+Dj5LKv8hSbBe/MSQDiPhKT1gb84TiQMsWfxLN7oDXunohnhMZfu
+sydB/c/R/ooA5ri+lE5c65bP2Mk+ml61p6z7lJv+DXBDXW/o4v8Imjx2OMsL85LZ
+vYWJppdJrThd/m4OVnCXYfuHMZqedsIvNR5blnldATLBjWWbeoKhOyqZb8hZ6HFR
+dlJ11LhxnGg9itG385L3Espl+EVcakWBZWrOn5/LGNKZH3UedclEBNci6lSadZaP
+/UfRCwIDAQABo4IBGDCCARQwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0O
+BBYEFOQpYirU7vrMZUWDkqDijTPuhPQiMHgGA1UdIwRxMG+AFBlirZarxvvXjxDE
+Vv9AYyJCcHYOoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ry
+b25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5L
+ga4wHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzBBBgNVHR8EOjA4MDag
+NKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4tbW9uc3Rl
+ci5jcmwwDQYJKoZIhvcNAQENBQADggQBAAEsjsebEspAIANEBVWRjRpowIJlVSLf
+WKzblIPlhClXafHGJbhiamdtS2FmEh/rkzz3Ml+9cJy1KnB1Pn6+4JLSJe5xAywK
+lKTT2iY0KDdOsaK5j+CNJ2tW9NrJPxwtIz+nGGqqyyEUPJE1FYxphbLgmwFNBm2o
+HyeUVYI+gyfmhyHaXHKOmbsDG0o+pUX2tVOs0KdyU6deaAtEf1E6aA5TpCAi1OZs
+pdRDXFUfjdekRkfRr1PZ41Xwk3t6E32YhIE++r7QneQPhXymxVO9nepmpuSoHvlX
+Hb4JN2EQ0zCkkkOfqCuF46zVxsR46/3cfKbRsaVmdfGjvmDSCDI47AreluYiPTGA
+zN4XN91Y5rPZuT9OJYV4UrYv9N1jH5StVmSz19rbYOeozJXX0PBjdCKHEonD1FHY
+xWRpijVUG6NWVLKpvdg3RiFw78wIrNPAeVDvLL+112nbszNDNLSoOJjOUBySHJda
+WYFtg2IoAUis9r/o7uykNcC6KiU4Y1nC8PEIhMi4AMA9UgBCn4ixYtHI9jkfHcrD
+O1kvPRUo3hKzrhftLYtfiBfTEh+3Xab615lt5vNNhdI7d4knqUXvVdURtvlfJLZv
+W0YdvwjJtrVJAiCtX3wyxy72O1ZOG5kHCcK5oHUHg5W172rK9hK4LByk5ESqtc/t
+YDG7TmZLtUceV5yK4gz7pwIwXthA8yayRy+lbk8BFxRMfOEfb6rPdm0vvmPpHHDu
+yHR5SJTgpGo+/I8N1zS6PNeUBh0RAbSnxHJSMLn+GYTs8s6Atnq05SIuVYxvXyAQ
+ULf+ppNN5lngSZHPaOFJNpC1QL1+DdMNueDITVxYx5DV8SkWRPhzS77tsYeUxVGI
+IpUVEqSggGe6Q4YWv2smAjSeqaS5HNGxstE+Ybat/cp9QMbLc7gwKxwRQHhVRZ5O
+0rVq2bZUyly8y4wX8G8WFMNuCoAcHAdMvKh4JtmdDDZlbxdC2mSVbLSuTBfGvKc1
+ScwOBtSqQkm9PsTMitZM31s97WJLQIZbq82g2ns7hfEXMMIgzcFLYlM1SovbDZI5
+ZM63NBVTaKyj+Gxy8FcAPBPtPWwAQT+Gdi8gFwtcEilTOBECL5y0hzlL9aJpsJEq
+4KV5nnM5rutUufiYzQMZqME3g9VWk0kQteVpa4x+4zsKH9lJSSS/y0eCo/jArS8l
+HSmzUDkj2cWmf/azdrcig7g/mHeEbKu1JH1X5lRdZekqcRCW6v1OjP025B/5nSnL
+WYPUI9RLb01fmPjWdrc4+hPnHjePp8w6tuM6U6huMCwstnOel6d2FL5hOWvXNmIH
+I+8zv7SHhIWQmUbC0YQn8BFqvqDC08In5x42YiTe+42YEtafkTkbY8o=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf
new file mode 100644
index 000000000..e5a716f28
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf
@@ -0,0 +1,184 @@
+# openssl.cnf - OpenSSL configuration file for the ZHW PKI
+# Mario Strasser <mario.strasser@zhwin.ch>
+#
+# $Id: openssl.cnf,v 1.2 2005/08/15 21:25:22 as Exp $
+#
+
+# This definitions were set by the ca_init script DO NOT change
+# them manualy.
+CAHOME = /etc/openssl/monster
+RANDFILE = $CAHOME/.rand
+
+# Extra OBJECT IDENTIFIER info:
+oid_section = new_oids
+
+[ new_oids ]
+SmartcardLogin = 1.3.6.1.4.1.311.20.2
+ClientAuthentication = 1.3.6.1.4.1.311.20.2.2
+
+####################################################################
+
+[ ca ]
+default_ca = root_ca # The default ca section
+
+####################################################################
+
+[ root_ca ]
+
+dir = $CAHOME
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/strongswanCert-monster.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crl = $dir/crl.pem # The current CRL
+crlnumber = $dir/crlnumber # The current CRL serial number
+private_key = $dir/strongswanKey-monster.pem # The private key
+RANDFILE = $dir/.rand # private random number file
+
+x509_extensions = host_ext # The extentions to add to the cert
+
+crl_extensions = crl_ext # The extentions to add to the CRL
+
+default_days = 10950 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha512 # which md to use.
+preserve = no # keep passed DN ordering
+email_in_dn = no # allow/forbid EMail in DN
+
+policy = policy_match # specifying how similar the request must look
+
+####################################################################
+
+# the 'match' policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = optional
+localityName = optional
+organizationName = match
+organizationalUnitName = optional
+userId = optional
+serialNumber = optional
+commonName = supplied
+emailAddress = optional
+
+# the 'anything' policy
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = ca_ext # The extentions to add to the self signed cert
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+####################################################################
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = CH
+countryName_min = 2
+countryName_max = 2
+
+#stateOrProvinceName = State or Province Name (full name)
+#stateOrProvinceName_default = ZH
+
+#localityName = Locality Name (eg, city)
+#localityName_default = Winterthur
+
+organizationName = Organization Name (eg, company)
+organizationName_default = Linux strongSwan
+
+0.organizationalUnitName = Organizational Unit Name (eg, section)
+#0.organizationalUnitName_default = Research
+
+#1.organizationalUnitName = Type (eg, Staff)
+#1.organizationalUnitName_default = Staff
+
+#userId = UID
+
+commonName = Common Name (eg, YOUR name)
+commonName_default = $ENV::COMMON_NAME
+commonName_max = 64
+
+#0.emailAddress = Email Address (eg, foo@bar.com)
+#0.emailAddress_min = 0
+#0.emailAddress_max = 40
+
+#1.emailAddress = Second Email Address (eg, foo@bar.com)
+#1.emailAddress_min = 0
+#1.emailAddress_max = 40
+
+####################################################################
+
+[ req_attributes ]
+
+####################################################################
+
+[ host_ext ]
+
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature, keyEncipherment, keyAgreement
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid, issuer:always
+subjectAltName = DNS:$ENV::COMMON_NAME
+#extendedKeyUsage = OCSPSigning
+crlDistributionPoints = URI:http://crl.strongswan.org/strongswan-monster.crl
+
+####################################################################
+
+[ user_ext ]
+
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature, keyEncipherment, keyAgreement
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid, issuer:always
+subjectAltName = email:$ENV::COMMON_NAME
+#authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880
+crlDistributionPoints = URI:http://crl.strongswan.org/strongswan-monster.crl
+
+####################################################################
+
+[ ca_ext ]
+
+basicConstraints = critical, CA:TRUE
+keyUsage = cRLSign, keyCertSign
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid, issuer:always
+
+####################################################################
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+#issuerAltName = issuer:copy
+authorityKeyIdentifier = keyid:always, issuer:always
+
+# eof
diff --git a/testing/hosts/winnetou/etc/openssl/monster/serial b/testing/hosts/winnetou/etc/openssl/monster/serial
new file mode 100644
index 000000000..75016ea36
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/serial
@@ -0,0 +1 @@
+03
diff --git a/testing/hosts/winnetou/etc/openssl/monster/serial.old b/testing/hosts/winnetou/etc/openssl/monster/serial.old
new file mode 100644
index 000000000..9e22bcb8e
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/serial.old
@@ -0,0 +1 @@
+02
diff --git a/testing/hosts/winnetou/etc/openssl/monster/strongswanCert-monster.pem b/testing/hosts/winnetou/etc/openssl/monster/strongswanCert-monster.pem
new file mode 100644
index 000000000..03b57243b
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/strongswanCert-monster.pem
@@ -0,0 +1,55 @@
+-----BEGIN CERTIFICATE-----
+MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv
+bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw
+NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w
+HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA
+A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4
+4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd
+2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr
+ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY
+dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk
+sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d
+kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33
+YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh
+qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ
+HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro
+UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe
+xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O
+Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f
+/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC
+Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V
+Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/
+9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V
+9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9
+ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT
+XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh
+e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL
+99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T
+AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A
+YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw
+CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV
+c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD
+ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f
+hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57
+71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr
+/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO
+lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj
+8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2
+RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA
+Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm
+xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s
+PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld
+6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd
+c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/
+MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T
+vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg
+RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL
+uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv
+inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs
+CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR
+8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8
+9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea
+cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H
+d/Fp6btmZH31IEyJrRNVOpCwZPI=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/monster/strongswanKey-monster.pem b/testing/hosts/winnetou/etc/openssl/monster/strongswanKey-monster.pem
new file mode 100644
index 000000000..8d24aaecc
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/monster/strongswanKey-monster.pem
@@ -0,0 +1,99 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIISKAIBAAKCBAEAy9wsvH2JQ/y6nOr151mpMsMrwe66LlewiHcWTBh8/+szuOLG
+WnqlsuBZqesz7iyPEbcbCMq2QCc6p0wzUW+hYaLHZbk8v0C9jfjNlNHynkYwHdiC
+JxTmm6kkoXgfDaed8StvKGd8Xu+b26UkYqhiLZqmR4qBT6TVfoEb9jQtjUlKq7Wv
+WkaN+ZtmckLmr+PqDmGpWsgKWVq+OMPKkCUSC7xaOo3O8eWxPi4BTUX3tefzGHcq
+2m2rSC5DrnD+tVRO0Kn7S4+OucNRht5M8reD7F+RSpEpIbN8DJ0Ciycr8VCJZLAu
+5vzcwAUQBAHywDgySfYp3VAlY3CwwvNWr0D6Bzkg+9+oZGKVkZ5a4L7teKvuXZAU
+b8gkLvkqAT49KDLRBHWj5O2gRo1w7ypHiQGWBHDj/IfaClEI8GFEIUOzadH992AW
+kEgr/+pH5ftutF1zFkK0HeIg2Ne8eR/MAOpp3E0NNSRyCcuaYsV7dPXT5lmgIamV
+mg25Ei7JTtOc2ouOUKUxUNkLcN3esOQWN7tm0RAex58hX2RfJ+N6b7CJzb+aUBy1
+Rzef0z/2FcG2Y+FF14AI5C/+LegxhC5OtlZK8QdXUA6KYphUZmhnLQBlm6PK6FFa
+Rg150hwp/Uj5hKnnrStXyR3AnkLJFRWpCAd6nUSTPq7FnDhQOHONA+risryx3sWW
+6mjo6S9q/b37szLW1DFIp2TQalX+3QpMWNNoHYtR6UweadVQUkW13WgtWaMODkZ9
+hJHev5a+RuOUvJY6+xHhpwFChTqMlPBenWJr4MAU4DcELBmvjG1pLmmsbiKtH/3t
+ydz2JHUPu7TVz7KqA13DrXNGT5QUcA8fSbPqofOnuRyofOQ8wY45fe4Ir/9zwhJO
+opoB4cdELLpVlHxs5bPrHd0l3/GswRbeiYe5VCUGnzR/vny2b68hmGtoIxJ+FQsK
+/D02li5uU8IB5ciUx/GZJO8hFWb8yX7OlAvLRGmIrZgG/HvXGE87QNHuID3mP/VE
+8m9FwJ6Jd+vAxiouU+S9cdTVR5D3Oc1V3BlL1BaRHeKuGiVo/cVMrJLdd35fFfQT
+inNQSWVHQpMUUrdcBeLZXBbPRFWzqGDk9viiYmlgefZHvjux1MZ4xczXzxSzvSLY
+DR4WoV64V9tnv/wfUIc0OTtvVIV6V9MutuAyv3v24/enOr3uTagyHGXTslXbk14h
+Mn1KT9GY78EW0uNgNVWLN+BCwbeZ7VIUb4Ir1wGwZwtfab/1hbqzM2sbnkII4Xv0
+1F9RVl4fM6uaj7wEsZLqXaORjq3I5+mvM05kT0ulfI1S0JlBzLArMhXFVBArC/fc
+HrdZ5RQJaC+fWego49y5Mi6XiBv6OCLRhHcOWwIDAQABAoIEAH/5PqgxElt4qtlY
+8neCJKI2PSDoMT5oU+zG/VtVwBqT1wtIaQZhmeVZy0/M0/O/SyzuymzRfGl3du2Q
++2Iy9pcpLY1hJI5XIOef+cZjqa/MFeaWhNXt2/p5ywIGO1BCGfdMseImXL/oIOpY
+mCfK1p8URy//9b8+lbttZ1U+Wh4olVSHoIXGZtf7wusVrmVaaRMQIdVYYI7JVUKj
+PmUQsGxnmCjL3s6hx4tmK/ELbD5oVoXUQTWPxQdx65D1ZCAGxddd7d/4Rbu9rk9A
+/AMeSxW2xKmPyMdcOhJc+jzKoV5ClY18wGTG9fkg9HXflzktzfv6KTvCVUZAduZb
+Bd7MpmikZ11WgQpLjOM2CoytrrujCub3TK0Dcht+1Oyk2pWCmQ34n6NVvNitb+jj
+nLaYJUmyaJyd17XEOx1TogZTzqwuZATH8EIw3FYyB2KLXWqig13FD/b2fnJBtBJB
+cLpebYgbYqAqueAGTWuV1zOMIrKnLswS/lQQK08LydnPI9dZ5kQf/35mUjVPQr2+
+4WepIBk7yma8MaIFi2qp9bFpnIhpsIB8FRyZAZ8Gtv/fdBTtVP+8Y1iD/EdrTLJS
+s5zpPPBkEF60UhEk2U7UWXi5mA+FWhpO/6GcUg4hGgbjqaerVUGzRM9++u0etcaj
+q1HcCA/z/Y9K/chc3ZciirKb4CYdCZ/84QjurI13yubhKmODHBS8hsn7fPLroymQ
+UkbREZwLYHii4LdesnWYuDn85WCM3uroiKtgCTTKMMTBbuZhg6Z89xy+Hr1gn/6l
+VJ4W2ZfKgzKMAlcz91bqHZ2EsdMmvl78iFye/WjQe38hj4Ccgub+wGOIsdo4tWKD
+phL5kGbUI2PNhcERva710o4K8KwMyfhZ5iRbE51TiCv1xlfaYh+kwSKHh49j14TF
+P7Xp42DRAR4RYW4vs2krXQdoTwBMzC0DyWz0tSMU13XQsuut7A/rvhF8oUswBKCt
+UfZ0LpDJd67jMKQ+8ccvax4Zcapv0Ifz7xOfQVQGEyKtpt32d3qgBbvDpq9BHGst
+ux0cHi75g3aKpxZYSPsqRea0sKNdj84e1xUPc8JQGT5i4KrGof405OqnkOi4sl5z
+WLD+9Y8hUzXE3UJ3DMMeQqddmAOS1LuSG/XOsAoM78ukBKv2yfYOcOZNCCJh24GE
+KzHwLG5/AemObThqO2ztqttmcDlrKhg0VGngAXctxluCWPRHXwKrwtaWMsqadCQJ
+Na3DigjXmuFteBX8Z5Jbw7pJtiINa9w3izoGQdM3vi99DDm22YjxpLBpB36eMoq4
+Mv0pgP0okjjZWmDZ0lTiGFHpzSTSZ5MzXKS/brUYX1WoUA83qwU9NbZ3vuniMuLZ
+ksk9lJECggIBAOdVcKtE/7DHHj43W37T6oNxLN/L4nHIR6bQL02UPWuQpe9Ch4vi
+ETDQiKGOw6fcz3+GCeCMQSPQJ9SZZOUKhpu0vkKRWSIg8JSXYu0ViaHo1SSUb5Gr
+vDVcE2nmZI0ptf7DcP0NUPAKxCTM4ForSIgjPdyTXMYCBYcDe053y5Svebx1q9Vo
+OzKtu0Bn7YALvRY82w3KKhRlR3TGOFPnLiKE7/K0EyrFV1OIRskLbtUVoeMQgaqH
+P/UhDHz84JjeoE0xtwgdDUMejYADr/h7fjtixvqnEXZALlaTg+sO/aQ/e2Jlt43a
+w+lJRBeujWQg59M9BTs7naLILB2o3gQJmmbs0uE1l7iZkEU4LsUPf727rfStZhqq
+lQr/3XX1lFnYPAuY3fgLqnV8eohJVakgMmi7mj/ZjpjoUKk2W3Us1N/ro2bgFfuI
+IntWYctiGK3XOQ8WicjDySe3lJa+vfKrCBBAugH3pcmj1p+I7fhRDtc8ogeI5GkU
+urQQ9PJS0ArRw4soYo3khnf7vB7Ioos846sfPlgy4OHbyiu81l04v7+e6svoWKPb
+TYyKW+qQpiKMb2O/5wqtvYTGlPM2MAUvYgVI7WalGjcbKtQ2q/uRjZzzFLyPo+7e
+/6fqwuPXerAAVCZYJKGt2RGnmhxVm3eRkOXF+MXPejlh2T80iKP0diqpAoICAQDh
+mM3Ppvsb61tQUE5bN3iQqr2AO3PKb3Nz8C90R243Qkz+OFwc75kziQL3IbcmOxJY
+Wq3T+KQIkX1aDNwU/ip3Qf3wpqbtxlpzJpgYQpAEzFdEKzP36rMYdxekskeesVIu
+s8v/PxYwJztfaHxeTuxsEDB7uxg6h9IkypY2w/vdpruKR6XOQSxKyxekLkRK2JTW
+lzsVUt0VQHhIt65D7I8sN6RJaOhQpSnCVblZo/HrEN4pfkSffk3AUyd+AS2xjRa8
+Yp9FB/TRabC7kgWTIrBmXSWalR8K1B4y1DGXz9x/KUT85Id2k+kDC5y00FVtqsaQ
+m6D2UkR0XLnvdCAj2Iky8HjSYuvvyoi/BaHJfLnw/S/j542yQxh55Z4bneH5wYgJ
+KBU8KGTtuxP0RC1AmalkCWViWadItTP7mPtq5YbvyCoWNJEvQx7JbLVyYkCcFOY8
++aNfkdhEMCQvLAkmwMqHwrVdSVHOic+kS/amVWtRjQwZJ7AIVlcIfLkTI/vZN+oV
+58jqBruIDjW8zN62QYa/D4os8B7vyv60p/v4LufCThgtFiB4MevlD2LNjR/0q/nF
+zsuFRKV4pfP8gtLEzkcfj827nGzOGT/1B2SoB+YJxNR3rfLloCvMNKvKtf60idRY
+jAH5ArX56HH9XOcKeKalu0fvKAE8+sbxBNTaK3B3YwKCAgBSlziAjUPUc2Kix9TM
+tRAXGYLx67LO+LhMICujQPekvaHgiBoooO+ORAVj2LqV5cnXN52zI5/mD10JFDLn
+axif4qnCzm3KN4RtKJdTGctnmN7wDma+1Vd+nX744h6oH2owqMpgLi7lZJKeqN64
+kpd0s1BUve/zaalbiKyvWSm/zd5ioIhWyr3H3CrsVa5/drFtjRCQHctkOLyIPnTB
+z9myzU91kUD+ljIVSqQrBv/s56pCjRQeM+drtv7kaMwvB9yncsZsCSNBAVl3iNl8
+l2p7/UoZFyiu1T81/bitZU69I0UD3ljoNmCXm2bKJbGpO+5IhpKlkSU4hsrpU+7f
+9iW/9XFcomumpnzRmbto852hua3jmzzG7HwFz0/b22+5m+/kHBGzi0ayZ1y/557D
+oREeP0xU23GDuf2CTDve28CsqU5PXlW61eGpsy97E2zIM/zVHDDZEr1whqRwJW1f
+hBx+4P0H0sjH8syfbJ25eAcaZTVcB021DoeR3jP1iAdqtXVg62w0SJCRqbiCLROL
+LpQB9kel6ZRMTtIhR2wpICelXDFr12o+Jf/L22Hxnu8Rip4COPNd5qWxD80CACio
+0T/nrx/C89MmNXbXCSXhzReIH2kZ4RagI9GWu8QU4EuXJqbkgbeiWZUULohg8Vdu
+GvRmdIXa6bYzYnHTlQfrsU228QKCAgBlZVibzGFw2wffwTh2pyf5XcRurkoM4qrx
+oTKzAKf5DkOsv4gnOUmScDJ1ASJgfIxySc93Rnnzn/DHWKBSjypnD7IjR8QfeteM
+ifwyazhv76gJa6Gf/E0i4eQukjK+kNRvSUCXKLPAUOHOsBe2C6MXru8bravmIsXA
+441AcDX0GcyRCkLrwT83HrExidoICfBbwv07SFM2ChQGGwioXtq69QdSN2SzWoi6
+X+0+7QD+tkYkQCx3wz0PBFDrwXvYIaHmai1LyZevx+E3bRo0V5MRbyxHnl6lb1Fj
+ZxwjL7nbLaFkSRLZqQFB7SYx3rGG6Qr2U/y0uaUq58JqbbdEZT7FNnAXn36L+Gwd
+71oYRYcNWb78oEZ/qMiHgTzfDMdUijeqZemlcEJs13jQgRQVxPrti4uV+NXHSCpl
+Gw1lrmRHwZ+o+1eF9pUP01x6XM7NWFdjcJCNk++wNjMNQK2cTWq6OjlqBFpQioBZ
+SAtEF4B01wBpDf2Awc28ctJ8V+AKcac00UjsZrpDHJ/qi+pN4IW/uixQplxBSuvQ
+JvCJTAu+uXsESL2vSEDOY2v1F0kVn3ZUAe5Xp9L3tx9Cj0pMSqqM9QVzHYuJ1q94
+YipLm8E5As68O+LAco086y+LnOEuJATdB5Cbayx/dopFZkwx2KiONO7P/xsPXWet
+TI6ewId8IQKCAgEA1tzZKsVfohvP9CYa67EdkJ24HWEzmiv+8Y1/UZZXi4PTpBNt
+EdgE3cc5K67aSzTV3yuLFCQ4xCrnMYo5ZdOEQAqkApW23M/fOkPQA1oPcmNVLSVb
+DrXtjTk30ILr3jWG7ekLiQ2RrtGVzHTZd9mQL8uOL2+cDbkwR+gG38GR0V9TKXOP
+HtnuSezc0B72SMs+TaTwZXmt8d603ImLAwCUj06PZlknySP+SFUn/P20cDyZCeHu
+lKqONhsR5zJSXg8twJvEHuBK7ZtgoGmuQYIGSREiXZPl000+DQ4Tu6OF2CiUYl0C
+2zCyuoBFJbEcTdvoQMcf1TZZ7uazCy9HkvK+KL/y+VVkHmYrrNvWZ2e7/dsca/Sp
+ma1+ABfb2GaIWp97SNVNhmSAeEHkJVfKY7Aqlh5blGorXQSd4pxkjBWo+gY9ZNgJ
+S3weoP2GSGTY+gUf1wCOhUS/738ee+af+4iGonIsdKV8IFOlnLH5rC+MFF0eBNBb
+SuzYn8rl8eoZFIay/kivyx5IBU3d02If4a7vs4rMnPVX3Y0TFSa33Q8T9ykew8vQ
+UJH9ZJs7lRPNB+x7GimfvLajR8jZB/ezYVpJ+gT5fkEgggBtJKpuDtPYUxFb6fld
+T+9VoObYb60kv3hAomX9DmPAAHdJL0cPI+A97k4LLwj2gk3hMivjXWexJmw=
+-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt b/testing/hosts/winnetou/etc/openssl/research/index.txt
index 05e38f050..26e68d4f3 100644
--- a/testing/hosts/winnetou/etc/openssl/research/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/research/index.txt
@@ -1,4 +1,4 @@
V 100322070423Z 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
V 100615195710Z 02 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
V 120323210330Z 03 unknown /C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org
-V 120418092554Z 04 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
+V 140323203747Z 04 unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/research/newcerts/04.pem b/testing/hosts/winnetou/etc/openssl/research/newcerts/04.pem
index 894bf7dbd..f586a9414 100644
--- a/testing/hosts/winnetou/etc/openssl/research/newcerts/04.pem
+++ b/testing/hosts/winnetou/etc/openssl/research/newcerts/04.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIID+DCCAuCgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA3MDQyMDA5MjU1NFoXDTEyMDQxODA5MjU1
-NFowWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
-BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOByjCBxzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUi6jZ
-/eq7FoNJDiWP3Mlw9iaZzyIwbQYDVR0jBGYwZIAU53XwoPKtIM3NYCPMx8gPKfPd
-VCChSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2Fu
-MRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQ8wHwYDVR0RBBgwFoEUY2Fy
-b2xAc3Ryb25nc3dhbi5vcmcwDQYJKoZIhvcNAQEFBQADggEBADHYFhLgIo3jrKcw
-bmfkqHLrwI0sHgyJJrEf1hl3cdc16VdKVW+V3qMwumdlMobK20yTRtW90x1ErULS
-RClHlQ5UtDubtQTwjcc6Uc8tOcBdAAH1SQk2xLikxQq19UGFpRRA0VxDXzF5yXnJ
-oM9mJZvgscQZeZPqMEXd3yQclK3Ouap70zE1J8kcyT/yrdkTM3nMbiq8aPytr3Al
-njoW+ToTsDqcTZYWeF3A3tfSZ5+AhlValx1btbcNPZVjjhBx46knOrOFeQLE5f5C
-3XYxVaWPX7hcjfQz/e3T4Rnb8nVQqoCnycUPfYxG/4z7pp/GplS/MEuMNNGDhSsI
-nTjnJgY=
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA5MDMyNDIwMzc0N1oXDTE0MDMyMzIwMzc0
+N1owYTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGDAW
+BgNVBAsTD1Jlc2VhcmNoIG5vIENEUDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25nc3dh
+bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPqE4le5QodSA+
+NXnQ1IFI0XWcBDDwQDNcQ6qMScSCaboPFCLrlC9E70J2eGeX2v/UDTQpEOxQ4fGX
+Efk0/MdJjnWGAO95jEInNJ+DuexfrP5REiryKDfryA0d6xiQb/a2M7UuDgxPgyZf
+VyvU7SHebue4317v5NyGJeRnkN3/onNpdjpWu9Le9DqenBQ2SITgo7NsVsNsqhnT
+1jg2jfxJ8OXzi7/6JvuxxweCoDxr+KeKIViFAqNlyufeyIvowdjHTlJRvN/9Wl+/
+jPiHmFcIyIc1o8EUHzM9AEIWtB2DeHL62e7LVJbjMXsLAkTggc3BkGE2cWFOBY0f
+J4R+AKWDAgMBAAGjgcowgccwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0O
+BBYEFIuo2f3quxaDSQ4lj9zJcPYmmc8iMG0GA1UdIwRmMGSAFOd18KDyrSDNzWAj
+zMfIDynz3VQgoUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ry
+b25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBggEPMB8GA1UdEQQY
+MBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQBiOKAx
+ePEwlga++nOpkfBg6ESag5/VWfnAp1zRpXHXnRak10OTtCPDjmJiDUzlKBwolwJN
+I6T3S7eg+M04E3r5IHn3i+HtQcENkq02YUPiUXS5cvLtzKMPIm8pYCj7/5pXxAek
+nHGRdBZkQiGDz49H9rPKxLdJDTLCXpj4l9uOFgsbiQ3k5SyWq5oMhtZsf4VKqAd+
+77Mbn9pnjjy53wLuzjaMVX+K5KKotPNeSHH/pWh9RqNROmf6F2B0nZhW5Aryxa9/
+24GRkZEPZ+cqhtwgVjq5aImzdSrARJQ1tu6lZqNB5b9klYSAi+al0FrvUFoG58Qt
+eWeiFXLvAtXTGoax
-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt b/testing/hosts/winnetou/etc/openssl/sales/index.txt
index 87af9dd15..3e39e973b 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt
@@ -1,4 +1,4 @@
V 100322071017Z 01 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
V 100615195536Z 02 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
V 120323211811Z 03 unknown /C=CH/O=Linux strongSwan/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org
-V 120418093600Z 04 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
+V 140323211053Z 04 unknown /C=CH/O=Linux strongSwan/OU=Sales no CDP/CN=dave@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/sales/newcerts/04.pem b/testing/hosts/winnetou/etc/openssl/sales/newcerts/04.pem
index c19c7333a..cae8184f6 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/newcerts/04.pem
+++ b/testing/hosts/winnetou/etc/openssl/sales/newcerts/04.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEJjCCAw6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIELTCCAxWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA3MDQyMDA5MzYwMFoXDTEyMDQxODA5MzYwMFowVjEL
-MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
-BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4IBCDCC
-AQQwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFILLnutR01FvK1SR
-EZgaOaO9d8izMG0GA1UdIwRmMGSAFF+bE0b5IHLIANWItadMLpfqC5MooUmkRzBF
-MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UE
-AxMSc3Ryb25nU3dhbiBSb290IENBggENMB4GA1UdEQQXMBWBE2RhdmVAc3Ryb25n
-c3dhbi5vcmcwPAYIKwYBBQUHAQEEMDAuMCwGCCsGAQUFBzABhiBodHRwOi8vb2Nz
-cDIuc3Ryb25nc3dhbi5vcmc6ODg4MjANBgkqhkiG9w0BAQUFAAOCAQEAhhebUzkR
-5bllLrfSb0H+Uns0Fw/hfyrvJPjKOcb/otwPZOeGftGYQgihGu3X0Wi6IPX3/I6v
-tAnjYTyMXO68Cm2Zw3ZjjjSupQ3LOtyUhKPehk1EXNI5S1WnpYvEjocaBeT5DBaH
-fjMHL4L32dUcyzU49zbrkFEY7ffka44s3SUf4tEaw5QlBfAnwoij2A/rucokWNeQ
-6KVE9wfYJri6P7ztVTWFsAD6MXRCjzYrS6lOo02w32k2Rpp5SdAWuiwnXLY1BPi9
-U031sS6eh2aRM+u1UKuCGQtUDCMOI6yDv5U2aWQuxYS2uTW05PlWwKAg2atFt7uZ
-P35gzzpJWopPqw==
+BAMTCFNhbGVzIENBMB4XDTA5MDMyNDIxMTA1M1oXDTE0MDMyMzIxMTA1M1owXTEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsT
+DFNhbGVzIG5vIENEUDEcMBoGA1UEAxQTZGF2ZUBzdHJvbmdzd2FuLm9yZzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMqgEdIrRiLkrf0UfCB4xUyx/5cs
+Ka5h1MNBks2cKP6uABOL+jnlkRtyVFIOOCuNMgcK+873LC87UU32zapbe6Ph46aN
+5M9ADMA6PtVeNkJIetVSVtT9DUL5II4kJ/hJUjINbt7omAiDAIWDGKNmTCsR18Ua
+o1O/QFbiTT96fMFKX8EXiJgMt/5+vOWG0s1nGz6gn40R/2K52EvBmu5v0M3TX67c
+YQFgBqMNfvnk0jLy10pEHro1OjgiTTj1DQd55ydSKGa0JvMDT/GOQeR87zkshRLz
+bhxXOt4Ej2kkYbs9ILm7jKa9XfUYI58vCYLHwhGzpLZSsJ2xXkgfAAIFTI8CAwEA
+AaOCAQgwggEEMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57r
+UdNRbytUkRGYGjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guT
+KKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4x
+GzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZl
+QHN0cm9uZ3N3YW4ub3JnMDwGCCsGAQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0
+cDovL29jc3AyLnN0cm9uZ3N3YW4ub3JnOjg4ODIwDQYJKoZIhvcNAQEFBQADggEB
+ADn1ow4aGxckB4HsJQf1Z6LFpiCOExqhqcK/+fsFcl/WM3F0F+1TbEWzwFzDj3Yu
+5gH6DQ/c0Fp+WYCKAbZXdYoKHJDSZY0BsoD7Nglc1r+l1wFRv1UGF5DoYZPryHGA
+FkusMTUQMvWRRmN9PsURQ77DsmAtryKi5aDQ/rAiPIJK67bQ0HmvPAynO8IF2Fd9
+GpqFSc0gZni9NQszVUH33nuLlZP1hFC5MDeqhcqgmUL/GZbs7DZYThF4INBryfOg
+xFE73CpyNQHHmfT23TLsrFD5IXCp3z3oMtCtTphwUnCJrEzZ1H7mJ+xSJoJ3MOqd
+mNs1ygehz0a99cPoX1j/iwo=
-----END CERTIFICATE-----
diff --git a/testing/scripts/build-umlrootfs b/testing/scripts/build-umlrootfs
index fad5b23d8..4eeebe54f 100755
--- a/testing/scripts/build-umlrootfs
+++ b/testing/scripts/build-umlrootfs
@@ -14,7 +14,7 @@
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
-# RCSID $Id: build-umlrootfs 4889 2009-02-19 22:02:28Z andreas $
+# RCSID $Id: build-umlrootfs 5006 2009-03-25 07:26:53Z andreas $
DIR=`dirname $0`
@@ -167,6 +167,11 @@ then
echo -n " --enable-eap-identity" >> $INSTALLSHELL
fi
+if [ "$USE_EAP_RADIUS" = "yes" ]
+then
+ echo -n " --enable-eap-radius" >> $INSTALLSHELL
+fi
+
if [ "$USE_SQL" = "yes" ]
then
echo -n " --enable-sql --enable-sqlite" >> $INSTALLSHELL
diff --git a/testing/testing.conf b/testing/testing.conf
index 28b043905..548f5b530 100755
--- a/testing/testing.conf
+++ b/testing/testing.conf
@@ -14,26 +14,26 @@
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
-# RCSID $Id: testing.conf 4893 2009-02-21 17:53:10Z andreas $
+# RCSID $Id: testing.conf 5051 2009-03-28 15:08:47Z andreas $
# Root directory of testing
UMLTESTDIR=~/strongswan-testing
# Bzipped kernel sources
# (file extension .tar.bz2 required)
-KERNEL=$UMLTESTDIR/linux-2.6.28.6.tar.bz2
+KERNEL=$UMLTESTDIR/linux-2.6.29.tar.bz2
# Extract kernel version
KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'`
# Kernel configuration file
-KERNELCONFIG=$UMLTESTDIR/.config-2.6.28
+KERNELCONFIG=$UMLTESTDIR/.config-2.6.29
# Bzipped uml patch for kernel
#UMLPATCH=$UMLTESTDIR/uml-2.6.26.patch.bz2
# Bzipped source of strongSwan
-STRONGSWAN=$UMLTESTDIR/strongswan-4.2.13.tar.bz2
+STRONGSWAN=$UMLTESTDIR/strongswan-4.2.14.tar.bz2
# strongSwan compile options (use "yes" or "no")
USE_LIBCURL="yes"
@@ -43,6 +43,7 @@ USE_EAP_SIM="yes"
USE_EAP_MD5="yes"
USE_EAP_MSCHAPV2="yes"
USE_EAP_IDENTITY="yes"
+USE_EAP_RADIUS="yes"
USE_SQL="yes"
USE_MEDIATION="yes"
USE_OPENSSL="yes"
@@ -51,7 +52,7 @@ USE_INTEGRITY_TEST="yes"
USE_LEAK_DETECTIVE="yes"
# Gentoo linux root filesystem
-ROOTFS=$UMLTESTDIR/gentoo-fs-20080407.tar.bz2
+ROOTFS=$UMLTESTDIR/gentoo-fs-20090325.tar.bz2
# Size of the finished root filesystem in MB
ROOTFSSIZE=600
diff --git a/testing/tests/ikev1/after-2038-certs/description.txt b/testing/tests/ikev1/after-2038-certs/description.txt
new file mode 100644
index 000000000..fb622dc15
--- /dev/null
+++ b/testing/tests/ikev1/after-2038-certs/description.txt
@@ -0,0 +1,13 @@
+The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
+The authentication is based on <b>X.509 certificates</b> that are valid until
+the year 2039 and are issued by a certification authority with a root ca
+certificate valid until the year 2059. On 32-bit platforms, dates after
+Jan 19 03:14:07 UTC 2038 cannot by represented by the time_t data type.
+Thus if a time wrap-around occurs during ASN.1 to time_t conversions,
+dates contained in the certificates are set to the maximum value,
+i.e. to Jan 19 03:14:07 UTC 2038.
+
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> ping the client <b>alice</b>
+behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/after-2038-certs/evaltest.dat b/testing/tests/ikev1/after-2038-certs/evaltest.dat
new file mode 100644
index 000000000..790811a61
--- /dev/null
+++ b/testing/tests/ikev1/after-2038-certs/evaltest.dat
@@ -0,0 +1,6 @@
+moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..392a4b51e
--- /dev/null
+++ b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+
+conn home
+ left=PH_IP_CAROL
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644
index 000000000..03b57243b
--- /dev/null
+++ b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -0,0 +1,55 @@
+-----BEGIN CERTIFICATE-----
+MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv
+bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw
+NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w
+HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA
+A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4
+4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd
+2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr
+ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY
+dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk
+sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d
+kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33
+YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh
+qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ
+HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro
+UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe
+xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O
+Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f
+/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC
+Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V
+Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/
+9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V
+9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9
+ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT
+XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh
+e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL
+99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T
+AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A
+YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw
+CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV
+c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD
+ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f
+hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57
+71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr
+/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO
+lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj
+8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2
+RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA
+Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm
+xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s
+PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld
+6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd
+c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/
+MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T
+vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg
+RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL
+uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv
+inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs
+CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR
+8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8
+9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea
+cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H
+d/Fp6btmZH31IEyJrRNVOpCwZPI=
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
new file mode 100644
index 000000000..2ce2ce3c9
--- /dev/null
+++ b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIINzCCBB+gAwIBAgIBATANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN
+b25zdGVyIENBMB4XDTA5MDMyODE0MDYwOFoXDTM5MDMyMTE0MDYwOFowWTELMAkG
+A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v
+bnN0ZXIxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgR
+yGVG6HVoA3DU/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mp
+dYtP53SWASOHBiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkw
+BebpMLCf2Mi1robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bO
+FPoBoBOY7v4fuq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DW
+kk1vTt4jplSg6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5
+mGabckTMvtI591UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014l
+cFg11mzjXGGBFuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest
+2X0psHe3AlocUFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9C
+uezkuM1QEvkev5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+
+t8GhCKV6B7RTzFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3Hh
+fTZstGECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1Ud
+DgQWBBTy8LU5yQdnV8pfwhCPY7q/CiNyzjB4BgNVHSMEcTBvgBQZYq2Wq8b7148Q
+xFb/QGMiQnB2DqFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0
+cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gTW9uc3RlciBDQYIJAIORWNru
+S4GuMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMEEGA1UdHwQ6MDgw
+NqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi1tb25z
+dGVyLmNybDANBgkqhkiG9w0BAQ0FAAOCBAEAi39l78OCI9S0I3X62HbkxiLguvnc
+CbXY6Tqmz0Ms8xqZgYzJOk7FLB/4v/zJohOH5nd7KxJ81KbcERyASpybaLM0/V+V
+oGT0rDGGH5cS4H2uYfs9HsKFKKPbZeCnExFyCamXjBZkl5IZNjdpS9TLyXRJSyFN
+OIRNhILPSriqdtzgRuGOeX798U8o0ObizGQRVlT0p0lI4t64dzZbIh3jSXjCf1Tz
+cmVOC8qhhGvxLlorSy5K98t2zNY7DvzwtvoQrNFGtso1kvfmaO4XRCvSZsmqPpC5
+mmWJjNEG2qcbmfpt8TotyUHgEJTZXwXlPVVb5OXHTW6jXk/MN0UiMTLJYcvJ1gji
+kSnGNHzRH2rKlYRED+jlzzHAWSv0mBGcOTdmfBV6+TJ7QhWhLZBzAUfwqXpAy9Vk
+idtyB0eSWBTIvhZY6SzB0Rvkdj0FtZ+tNURT4dPtiO0D+LXm/ojpdKKI2tFNOgwY
+n8df2u3xnCRvHqcF6lvu+ptnwUkUDDGDuiM20+sm0HHhLIj51v8tTm3Q/MzI0BAb
+G4HOSQNDzymWDgzIE67UTxBwXVDbSLkzH1vhFXtZQlD1UHqOUT/4FQm5ZlVMF8na
+FKxHakqoh1CdI8TAmM64h3hp1zp+G9Zn0lfcHRhvWBvpU8mgF1cbEvgbzjd9+xLe
+q45/8xuZPnU7XIBvDcZTUk8LRIThcTxQRlQdI1UJnvPOBYG3mUrLs2UdEZGwsooG
+zMOj3EQwqrR67rQiuGo65IMPDix4mwHjcZ8Gr4eqLDwSUS5yoPX1qI2qNLQbI1Ni
+8PEYMXQ0Xm+9Z86ZkI0dAIBWLkEGkz5Ngqk4O3JLzF1O/XPG4E9hGJ8WsHQW6pk9
++quv5nVNCAO0z6FYfQoYprdbDBur+N/no+BYIcSFSpLcNgafLXgj3I65iJ2VmRi0
+V0xAfxcRiQN2+/7aao2zLrrSPHU8YsW48ISw9ibQ9EckZMVtnhuYpBJuX8+auZ8f
+OgBmgRi7fCtEcMlXsiisQehymMs470eDRfWFUMzgJC8tMOQIWNdYM0Bo29wYUJPN
+jD+NO0n+PisFMilBEyoT2pD1i94+5DWQau/7STb3GbpBsLb7JbIrQEp0oSdsvsNR
+SaJQEqMxepJM0OGp3FMr79s+/a13+TMm+jl65M6sV/YTDdYFlplkWyHDjbL+WjUu
+lvDEURfBJrtT7u673RakCEzl5e53fP01HXFhqgMSloR7j2XNiyCeEUBp+zetXxwb
+8e6IKtbXWU+WcXIdNOHAL+OtD1vUK3gxupJPrRNW6daZKWUDbjRixzXnjeyIw8It
+bRldc5VjyM0G4FMbmIROgRcvjJ74MUwnHpgPl9zQ28HmbxKbANiJJZHIDw==
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
new file mode 100644
index 000000000..f0836ec33
--- /dev/null
+++ b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgRyGVG6HVoA3DU
+/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mpdYtP53SWASOH
+BiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkwBebpMLCf2Mi1
+robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bOFPoBoBOY7v4f
+uq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DWkk1vTt4jplSg
+6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5mGabckTMvtI5
+91UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014lcFg11mzjXGGB
+FuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest2X0psHe3Aloc
+UFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9CuezkuM1QEvke
+v5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+t8GhCKV6B7RT
+zFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3HhfTZstGECAwEA
+AQKCAgAmHcjpYm4FXy7Fl72F531pTv69w50OslFCexEUaqCMdojR7TYVs0hwXObT
+XePSczMaOTjujIXNcz/K0zdCwanMSSMy1THYhRC+DEqK4K0wLifjTad3m7S4PaPI
+0ocxbKWQBMDl3KdGEJW38KcqR4b1B/h6f4VYo7BQzkSbrxRSHANz63vdJvVWPoMz
+jxAgykSiAqIDTNGxYp5trUX7ZLLn0cCIJjIwLU56GcPPN33SDVXetUdQ4sCaDdXU
+8YP8rj0K1VWMYy7SItCZsIqzSEMT+7wC3tvDUDWGyEb1UW9q3cpKBNDAl7KkO3rH
+UbeMutCK5ydtXMIumzNB704cnuwZ08sdM7BTTMhmu0VK+zjVzhBK+MFcF7pickD3
+SdNzOiqfgiXLGjsiMFJvJ7OUJczEJl2xIoZ+Otb113ep0An0PEuF6aZMaKPNP7xf
+ljnengym1Rq+f1mHBRRfool9zmeisnQSSecKo0htm6oRkQTcTwLj0TjiCugbmISf
+D7sUXWp/QFVdYhHTay1gWUnP1quflKYvEynd0UF0JOnCbpWAczdXf27fm7DVjgLp
+yZ4QyrCtyvtIITgmZOvkAcaflxe2E+cBN2F+hWGzqMJfoMtw008hRW9DcRji35Kn
+lCOj/87n8lL3dicDI0caBZO9tQIakh05XYW8xN+sYF9K/xKauQKCAQEA2txDchqB
+7719R6hBqdNqig2+telNHlN0amPKjqIvP7Tr/JnJx8A7cSasao1Fw0cGPReBT7Tb
+Z5IW7xvWiZYFMDI8q8ZGEIb+MveYs1gHlEaimMtwoVCNeNe3cEPIL7ffNT8y+xFc
+o55AjzgKAOHqmf6OidKqRs/B1sSmOrgugsY8KvYtA/JrieVHKrjNX5XqZNqrfsns
+K4DMcJvIrfBu9iyWenNoBOdEJsP0h3F39Zh2hkEg29eH+/8x6FGlezvSU89Jjs9O
+/2BdlyS82RbhPu2VIrsmpfoSrsFHRe8t/9yrnpY3ud6w2LP9QIEMd8FpWKGnNxJp
+AIZJ6u+NoWVlLwKCAQEAxk/7RSSvf6VJvi1gmOxKd79LkYUEiyZryP/M8kQFMqs5
+pU6BgFLVLZsaXz+1oYS0bEjVGGo5ppCVVUMN6RuFX9zVz9uVZBeiiItqw64UDbt/
+0u78m9ngvSpWaMQU2nS/kHVhKOY+Gfs0v5fBvZE+wxTfMBR+nbx7uJivpXnq6xMP
+fhDz6juap/lEK6HuvQN5xXBNL4wpd099lvy3NUuG0Dohb/+gWf3YzQtjs281iMZB
+G3/gGLcBSdk6PBwXueJ3NPj9FAII73MQNBNYS3zi3IYuulA/rMcvbA+IGeKTzRX5
+E47B8ZAhJxZ3OePalvZyVEaRHDFT+Y2YCv/G9Bw7bwKCAQBs97oE97m2Gcxkfxui
+aIblEY7gl7Yz4S1XQzQ46/tGZtgQPqm+cLGn1q+Fpa0UWyp6BFf3zX5oBM6yYlPg
+0PboVjrq858y32N1EN3QfYXYh4qxNKlxR+AISK8mkDj9uTjDFCJX6v8K3+IY7Lfe
+VJ0v6xQg/uiUtSA3xFVXaxiNOBIA+ezTyEFOuP9EABsQ+l1ntZApYnPZ/RjNAGNc
+Zxd4Lh8F/KvPtS2zd2Eqho5Jk41/rrGjg55LE3ZPy0bvIovH+q8PEZytfddbR4lX
+NRMU98mHL1NA1E+0/rpz0XA/sikonnZEbuHyIzt2gEoq3fuLi4Dr5JivEC2BcaA8
+uXU1AoIBAQDDxUdfXbTmxQxEctVuga2OA0mdkXwHxlkXZvcyntWmzIOu3g5X2O3c
+BMcHCoTKu4/Faiz72jmpZggV0IlV+zYyiXaFqNcUpYRtWXx/SkU/vT6VxBmZ3X/Q
+HpCJAjE365MFD+tnjcv2qBfNoAnBkzYrLVqbQ1AvdVeJxyl2qSGxCPL9V80DCe5G
+LnwOuuBMtbaro45/BtYUk2N+/2H5eeLPguNphigNTtyMpta412s458Z0WEuo+liK
+R6kGmBEQDzHxGG/2JYAeqi9vyT0b4GCwpMJSaVBCx6vX+Ik6TIPuLOfjV8W8K7We
+ub3fZ0FuUEJTUgqEk2m77P0Qtqn4aDp/AoIBAQDXI66F4POHVOPI/j584sSLhW6X
+j5VzFlmOhpyoourPYXsKyIFrLa/gYAe/wNH/5jg3Ap5DbBVZB87gOkaMz2oV+ZQ/
+5IWiFmiUxGrCXmWyI6Eqr2DUtSKispLnQ043bFN+HlhfQYTwD9ijqpwpUt/sC+IJ
+mLIGJs5B3cdcRQuSxh1HpvSJOuItjp0wfcGj3+RPh5cPdjHZW30FHGFomOk//6BO
+nWdoYUGrN9wXylDOHvlkYaP2Uj5rCWm51ZGaxzJR9S+WkHdNBzyygpGtEXdSAIzU
+tHufKwQdDnj22w8KSCvQ+KvwUn9UrIR5LyGKiYGWved9X2EQzIFC4dJ8h30G
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..40eb84b8a
--- /dev/null
+++ b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+}
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..e56090f48
--- /dev/null
+++ b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ charonstart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+
+conn rw
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16
+ leftfirewall=yes
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644
index 000000000..03b57243b
--- /dev/null
+++ b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -0,0 +1,55 @@
+-----BEGIN CERTIFICATE-----
+MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv
+bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw
+NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w
+HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA
+A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4
+4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd
+2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr
+ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY
+dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk
+sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d
+kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33
+YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh
+qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ
+HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro
+UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe
+xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O
+Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f
+/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC
+Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V
+Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/
+9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V
+9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9
+ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT
+XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh
+e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL
+99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T
+AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A
+YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw
+CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV
+c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD
+ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f
+hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57
+71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr
+/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO
+lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj
+8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2
+RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA
+Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm
+xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s
+PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld
+6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd
+c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/
+MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T
+vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg
+RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL
+uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv
+inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs
+CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR
+8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8
+9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea
+cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H
+d/Fp6btmZH31IEyJrRNVOpCwZPI=
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
new file mode 100644
index 000000000..e83798c07
--- /dev/null
+++ b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIINTCCBB2gAwIBAgIBAjANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN
+b25zdGVyIENBMB4XDTA5MDMyODE0MDcxNloXDTM5MDMyMTE0MDcxNlowWDELMAkG
+A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v
+bnN0ZXIxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQC/9647SgAcK/or/Qs/3cRc19po7oex5EBdPR7b
+vInAuzrVMK84+ifneBWscVhBnxcUI37D0SpKx0onrdskMOyv5nmkdcgQf8931eip
+scNsw8bC8MJsbc5Jfn3DKPurbKK2/uFFE8ot7S65HY9tVBsxKsrjS5YFPE+DKKP+
+BgVk/9hL0Kqq2iKuWTq8YTRMu5iskpLIxqvuz362G46BKoW52pFegeDzpz/Bs/7y
+0oWPRcNcuRQR5XFTpF2L3UosniMkr7aYU5Z8s7IqiEx7txGh5SxRB+TYIZwB1ODa
+L+bnclQeMsBiFqlO9UI38UaxEQgk/+UhgpaX/DPrZg8KJmjW3e+x8xcwL3ouRLy2
+2Z99WMnV6TlwpTKj24EQJALmLG+UJG+hbV9P9j6Mkql3FHb4aLZH71CvyCqeg2yh
+FGiuaGEe8vS9+Dj5LKv8hSbBe/MSQDiPhKT1gb84TiQMsWfxLN7oDXunohnhMZfu
+sydB/c/R/ooA5ri+lE5c65bP2Mk+ml61p6z7lJv+DXBDXW/o4v8Imjx2OMsL85LZ
+vYWJppdJrThd/m4OVnCXYfuHMZqedsIvNR5blnldATLBjWWbeoKhOyqZb8hZ6HFR
+dlJ11LhxnGg9itG385L3Espl+EVcakWBZWrOn5/LGNKZH3UedclEBNci6lSadZaP
+/UfRCwIDAQABo4IBGDCCARQwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0O
+BBYEFOQpYirU7vrMZUWDkqDijTPuhPQiMHgGA1UdIwRxMG+AFBlirZarxvvXjxDE
+Vv9AYyJCcHYOoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ry
+b25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5L
+ga4wHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzBBBgNVHR8EOjA4MDag
+NKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4tbW9uc3Rl
+ci5jcmwwDQYJKoZIhvcNAQENBQADggQBAAEsjsebEspAIANEBVWRjRpowIJlVSLf
+WKzblIPlhClXafHGJbhiamdtS2FmEh/rkzz3Ml+9cJy1KnB1Pn6+4JLSJe5xAywK
+lKTT2iY0KDdOsaK5j+CNJ2tW9NrJPxwtIz+nGGqqyyEUPJE1FYxphbLgmwFNBm2o
+HyeUVYI+gyfmhyHaXHKOmbsDG0o+pUX2tVOs0KdyU6deaAtEf1E6aA5TpCAi1OZs
+pdRDXFUfjdekRkfRr1PZ41Xwk3t6E32YhIE++r7QneQPhXymxVO9nepmpuSoHvlX
+Hb4JN2EQ0zCkkkOfqCuF46zVxsR46/3cfKbRsaVmdfGjvmDSCDI47AreluYiPTGA
+zN4XN91Y5rPZuT9OJYV4UrYv9N1jH5StVmSz19rbYOeozJXX0PBjdCKHEonD1FHY
+xWRpijVUG6NWVLKpvdg3RiFw78wIrNPAeVDvLL+112nbszNDNLSoOJjOUBySHJda
+WYFtg2IoAUis9r/o7uykNcC6KiU4Y1nC8PEIhMi4AMA9UgBCn4ixYtHI9jkfHcrD
+O1kvPRUo3hKzrhftLYtfiBfTEh+3Xab615lt5vNNhdI7d4knqUXvVdURtvlfJLZv
+W0YdvwjJtrVJAiCtX3wyxy72O1ZOG5kHCcK5oHUHg5W172rK9hK4LByk5ESqtc/t
+YDG7TmZLtUceV5yK4gz7pwIwXthA8yayRy+lbk8BFxRMfOEfb6rPdm0vvmPpHHDu
+yHR5SJTgpGo+/I8N1zS6PNeUBh0RAbSnxHJSMLn+GYTs8s6Atnq05SIuVYxvXyAQ
+ULf+ppNN5lngSZHPaOFJNpC1QL1+DdMNueDITVxYx5DV8SkWRPhzS77tsYeUxVGI
+IpUVEqSggGe6Q4YWv2smAjSeqaS5HNGxstE+Ybat/cp9QMbLc7gwKxwRQHhVRZ5O
+0rVq2bZUyly8y4wX8G8WFMNuCoAcHAdMvKh4JtmdDDZlbxdC2mSVbLSuTBfGvKc1
+ScwOBtSqQkm9PsTMitZM31s97WJLQIZbq82g2ns7hfEXMMIgzcFLYlM1SovbDZI5
+ZM63NBVTaKyj+Gxy8FcAPBPtPWwAQT+Gdi8gFwtcEilTOBECL5y0hzlL9aJpsJEq
+4KV5nnM5rutUufiYzQMZqME3g9VWk0kQteVpa4x+4zsKH9lJSSS/y0eCo/jArS8l
+HSmzUDkj2cWmf/azdrcig7g/mHeEbKu1JH1X5lRdZekqcRCW6v1OjP025B/5nSnL
+WYPUI9RLb01fmPjWdrc4+hPnHjePp8w6tuM6U6huMCwstnOel6d2FL5hOWvXNmIH
+I+8zv7SHhIWQmUbC0YQn8BFqvqDC08In5x42YiTe+42YEtafkTkbY8o=
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
new file mode 100644
index 000000000..6d39ac084
--- /dev/null
+++ b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAv/euO0oAHCv6K/0LP93EXNfaaO6HseRAXT0e27yJwLs61TCv
+OPon53gVrHFYQZ8XFCN+w9EqSsdKJ63bJDDsr+Z5pHXIEH/Pd9XoqbHDbMPGwvDC
+bG3OSX59wyj7q2yitv7hRRPKLe0uuR2PbVQbMSrK40uWBTxPgyij/gYFZP/YS9Cq
+qtoirlk6vGE0TLuYrJKSyMar7s9+thuOgSqFudqRXoHg86c/wbP+8tKFj0XDXLkU
+EeVxU6Rdi91KLJ4jJK+2mFOWfLOyKohMe7cRoeUsUQfk2CGcAdTg2i/m53JUHjLA
+YhapTvVCN/FGsREIJP/lIYKWl/wz62YPCiZo1t3vsfMXMC96LkS8ttmffVjJ1ek5
+cKUyo9uBECQC5ixvlCRvoW1fT/Y+jJKpdxR2+Gi2R+9Qr8gqnoNsoRRormhhHvL0
+vfg4+Syr/IUmwXvzEkA4j4Sk9YG/OE4kDLFn8Sze6A17p6IZ4TGX7rMnQf3P0f6K
+AOa4vpROXOuWz9jJPppetaes+5Sb/g1wQ11v6OL/CJo8djjLC/OS2b2FiaaXSa04
+Xf5uDlZwl2H7hzGannbCLzUeW5Z5XQEywY1lm3qCoTsqmW/IWehxUXZSddS4cZxo
+PYrRt/OS9xLKZfhFXGpFgWVqzp+fyxjSmR91HnXJRATXIupUmnWWj/1H0QsCAwEA
+AQKCAgAn3928CQH+2A+uBXDJwlngYyHF/A4JoHzSITkAsaf3dayhzewHrMaPKP1v
+hVeswcv8becN66uaPs0jctR7LwJrAzevNpvo+XNx0+fxH7CVLhFiOrpX5XMdBv4+
+hIvKLtWZp1XJkHPFmGfFIePB9N91FgtwrSmrSrzFZLKzuDJ0qUQXc2+P76GWj4hI
+yvQfIDR1XDjLJaFfCJCsaQrvv5JpaYIanGXKlqoCpU3GyH3fpcEPyI3nrb4dfp3D
+yKJ4pBxuqWUHPQ2cN4NBnHAunnc2JrFO35HkZw7Nvpc6GwsedjwMzcPyW/ytHvqz
+PhXN/9iuPs0sacC4LzXlppxnIlVSOCoLUpyoe8zXxDJBLsU7d+zDnXZ/1guviHz+
+x4RsEKjlXcvsvnZGAy0pUzOEXIfmWOOSlA7iqkbPNud9nBS4YnOtiZIowLj6893k
+rN1GQ/jw7szBkNh5vjdZT7HAIhlBwyQI3hRJX/h0hdUPNiPW4/j9W94JWcRxk0tO
+vZq7mcTtJ8OFlsNyO12KgFIjT+Gwz7tmNrN+Of98pOt9jRN7hhxY8sQosmW1nePZ
+HuWR52CVShXX/N2d/09hwf48xjYBjF3Mjxc8ySIyERdcWqsWx3j5WaB8rEAAuMcF
+/gY5bb4Oc1MAUtX8aMidvKfVW0Owapj/ApgyOmGbO6YEQCKSIQKCAQEA6hbs2JoD
+8u9sCaabRKNxqnjzXzB7JrR1PKyOjp3Iiku29W1VQ/TMRUpO63LsE3lbv/3RIvi1
+wZN/dFhWC9wOY85iDUci5ZI0QcZA0OIQ/uetrE5/FBOmH9MVIQEXnGHSNPHUWMqk
+EBrykyt+7RMEb7Kldm0V57MesO1FA0y81+UCJP01KZM0D7Nq1Eb6GfNLENah3Fk2
+wHk6g36O1nMAEyjHvS+ht8C0rzNXIqCnkeAuxxAfJde9TYpuW7oCt1JEeh2VAmOO
+7QESq2x0OrPKLCUs00y5k0I9eqvAaQfCC6EcdiX7FyAfX5n5Vf5FbfbWhf9oheno
+CQ0uai4v1uqX2wKCAQEA0e91hlukBO2InB9j+54R3XA0buCr/eQFqJ4sAjgL9GCk
+n09tfytH/nLPw/g/l7snyVmGW3uZfmkOqnTP9Yfbx1dU0pPRN11qM9QG6YH+Odkv
+D+LpRnYRjj7QxQJQbGy+2IZN8cmtpJQziSmQMNZU/YoDpq7wYNVhwnP0Z3ZgUo3d
+GfRPbGw951dOAK0Z6S61+mXSQE9JhZBo49zOrmkgLa1fmLfJoukmz4MTZqoWFffq
++1Q4vdYgRS8ToT2Rmba+7s4UAmVKyACEw8WEyjH3TXxd6tQy/smzcD0Vgg7Ghvg7
+Vs5ion9HcqDEcQ1YWvMDWPD/x4fyVgu4v2QW/k/KkQKCAQBPb04ZxlG2u1YfBEFG
+DmyA26BCWfJAVRY/a5LIhHRLsZu5NsurTsOOc8PKE+pWRWVEBj5Urq8GrCWg9mTk
+i1z6s0sElHIcEvvWog7WkxAPX9DIWq62wmAqBnfyBivb7jnlq3ZSVxlLOcm89RKS
+IlTsDmQlhqjbQiYVBb7Yes7OODD9GktS+1e8SDblJ9ywt6VuZlbwrfltYPXhLy4L
+SWTqG3mEEki/UQ4/MZ3M61VRpBBbjnXzYn0jdekzCTDowmroQWeSMvSKKkYKk7fx
+P5dIWakXXr7OYLj6CpQ1T+OiDJ7a3NKSq1zaFSbN7oXi5dMwD1aJsrEBeU6Zy2iC
+doLnAoIBAQCzC716J7JNmaCHNqZ5NKkb6NRvNCK72LuSwcPa6J4ZgEsmrAFBElLG
+inj0NEdYSwB102qpn1Kb41HkwteSGpqw+qSXLAalZ4BqT4zNnlaKU9a1f9tggtYa
+MSywuXaJ4n0qAfF8I3t7AAKsGsylOkcmLY1LnavZimNkCq0JiIZCIkfOGPWcDP0G
+zwjxvrB4laQSuMCGpJiZ1z3+CJYlXfdZvaHoh+bqkFrPZIUpbCqF9fls/Lmf/n1r
+Q+lD/VSuepOA7DVYjbcnuHmC1nSYVeELLuSSoQQVFUV6lj4/vAZJmnBRapfo6xCu
+jLq9iJowh031jyU2sZVXGYwpf12066xhAoIBADCtIvqwfy9pcqYs8PQMQTbDuz3G
+ZCe3E5SLJ00gk/PBVJihOYvdKgwoZAyWdWxOPDKzBJAaJBgpmpWKeX3k92HgLxyi
+50zKogbCc49mz2c6kRC13SviPAjO1XuM+FKo50AICenauu21/ZeMYuLt9gxnhEo5
+kkIYhD0irfTw5MMEKITAs71iB74Lxm9gv/+jOwsgoP23k562NHnIvPdbDzbR/ROD
+xb/3DsGbB4kmUXoLlWxradiZGczPddki+bMI4meMs8oH+XP14KyGqWC8LSuBDg8Y
+fADibXSIAHobiN+KhDtWz9Wnhtch9C8Q5+JDjixdspcn4lkMdMK532v/FBM=
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..40eb84b8a
--- /dev/null
+++ b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+}
diff --git a/testing/tests/ikev2/rw-eap-aka-identity/posttest.dat b/testing/tests/ikev1/after-2038-certs/posttest.dat
index 94a400606..94a400606 100644
--- a/testing/tests/ikev2/rw-eap-aka-identity/posttest.dat
+++ b/testing/tests/ikev1/after-2038-certs/posttest.dat
diff --git a/testing/tests/ikev1/after-2038-certs/pretest.dat b/testing/tests/ikev1/after-2038-certs/pretest.dat
new file mode 100644
index 000000000..4921d5097
--- /dev/null
+++ b/testing/tests/ikev1/after-2038-certs/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1
+carol::ipsec up home
diff --git a/testing/tests/ikev1/after-2038-certs/test.conf b/testing/tests/ikev1/after-2038-certs/test.conf
new file mode 100644
index 000000000..9cd583b16
--- /dev/null
+++ b/testing/tests/ikev1/after-2038-certs/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/after-2038-certs/description.txt b/testing/tests/ikev2/after-2038-certs/description.txt
new file mode 100644
index 000000000..fb622dc15
--- /dev/null
+++ b/testing/tests/ikev2/after-2038-certs/description.txt
@@ -0,0 +1,13 @@
+The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
+The authentication is based on <b>X.509 certificates</b> that are valid until
+the year 2039 and are issued by a certification authority with a root ca
+certificate valid until the year 2059. On 32-bit platforms, dates after
+Jan 19 03:14:07 UTC 2038 cannot by represented by the time_t data type.
+Thus if a time wrap-around occurs during ASN.1 to time_t conversions,
+dates contained in the certificates are set to the maximum value,
+i.e. to Jan 19 03:14:07 UTC 2038.
+
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> ping the client <b>alice</b>
+behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev2/after-2038-certs/evaltest.dat b/testing/tests/ikev2/after-2038-certs/evaltest.dat
new file mode 100644
index 000000000..1bb9c105f
--- /dev/null
+++ b/testing/tests/ikev2/after-2038-certs/evaltest.dat
@@ -0,0 +1,6 @@
+moon::ipsec statusall::rw.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..bcdb8641b
--- /dev/null
+++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+
+conn home
+ left=PH_IP_CAROL
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ keyexchange=ikev2
+ auto=add
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644
index 000000000..03b57243b
--- /dev/null
+++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -0,0 +1,55 @@
+-----BEGIN CERTIFICATE-----
+MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv
+bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw
+NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w
+HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA
+A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4
+4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd
+2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr
+ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY
+dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk
+sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d
+kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33
+YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh
+qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ
+HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro
+UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe
+xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O
+Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f
+/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC
+Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V
+Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/
+9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V
+9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9
+ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT
+XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh
+e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL
+99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T
+AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A
+YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw
+CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV
+c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD
+ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f
+hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57
+71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr
+/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO
+lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj
+8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2
+RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA
+Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm
+xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s
+PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld
+6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd
+c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/
+MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T
+vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg
+RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL
+uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv
+inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs
+CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR
+8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8
+9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea
+cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H
+d/Fp6btmZH31IEyJrRNVOpCwZPI=
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
new file mode 100644
index 000000000..2ce2ce3c9
--- /dev/null
+++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIINzCCBB+gAwIBAgIBATANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN
+b25zdGVyIENBMB4XDTA5MDMyODE0MDYwOFoXDTM5MDMyMTE0MDYwOFowWTELMAkG
+A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v
+bnN0ZXIxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgR
+yGVG6HVoA3DU/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mp
+dYtP53SWASOHBiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkw
+BebpMLCf2Mi1robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bO
+FPoBoBOY7v4fuq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DW
+kk1vTt4jplSg6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5
+mGabckTMvtI591UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014l
+cFg11mzjXGGBFuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest
+2X0psHe3AlocUFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9C
+uezkuM1QEvkev5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+
+t8GhCKV6B7RTzFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3Hh
+fTZstGECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1Ud
+DgQWBBTy8LU5yQdnV8pfwhCPY7q/CiNyzjB4BgNVHSMEcTBvgBQZYq2Wq8b7148Q
+xFb/QGMiQnB2DqFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0
+cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gTW9uc3RlciBDQYIJAIORWNru
+S4GuMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMEEGA1UdHwQ6MDgw
+NqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi1tb25z
+dGVyLmNybDANBgkqhkiG9w0BAQ0FAAOCBAEAi39l78OCI9S0I3X62HbkxiLguvnc
+CbXY6Tqmz0Ms8xqZgYzJOk7FLB/4v/zJohOH5nd7KxJ81KbcERyASpybaLM0/V+V
+oGT0rDGGH5cS4H2uYfs9HsKFKKPbZeCnExFyCamXjBZkl5IZNjdpS9TLyXRJSyFN
+OIRNhILPSriqdtzgRuGOeX798U8o0ObizGQRVlT0p0lI4t64dzZbIh3jSXjCf1Tz
+cmVOC8qhhGvxLlorSy5K98t2zNY7DvzwtvoQrNFGtso1kvfmaO4XRCvSZsmqPpC5
+mmWJjNEG2qcbmfpt8TotyUHgEJTZXwXlPVVb5OXHTW6jXk/MN0UiMTLJYcvJ1gji
+kSnGNHzRH2rKlYRED+jlzzHAWSv0mBGcOTdmfBV6+TJ7QhWhLZBzAUfwqXpAy9Vk
+idtyB0eSWBTIvhZY6SzB0Rvkdj0FtZ+tNURT4dPtiO0D+LXm/ojpdKKI2tFNOgwY
+n8df2u3xnCRvHqcF6lvu+ptnwUkUDDGDuiM20+sm0HHhLIj51v8tTm3Q/MzI0BAb
+G4HOSQNDzymWDgzIE67UTxBwXVDbSLkzH1vhFXtZQlD1UHqOUT/4FQm5ZlVMF8na
+FKxHakqoh1CdI8TAmM64h3hp1zp+G9Zn0lfcHRhvWBvpU8mgF1cbEvgbzjd9+xLe
+q45/8xuZPnU7XIBvDcZTUk8LRIThcTxQRlQdI1UJnvPOBYG3mUrLs2UdEZGwsooG
+zMOj3EQwqrR67rQiuGo65IMPDix4mwHjcZ8Gr4eqLDwSUS5yoPX1qI2qNLQbI1Ni
+8PEYMXQ0Xm+9Z86ZkI0dAIBWLkEGkz5Ngqk4O3JLzF1O/XPG4E9hGJ8WsHQW6pk9
++quv5nVNCAO0z6FYfQoYprdbDBur+N/no+BYIcSFSpLcNgafLXgj3I65iJ2VmRi0
+V0xAfxcRiQN2+/7aao2zLrrSPHU8YsW48ISw9ibQ9EckZMVtnhuYpBJuX8+auZ8f
+OgBmgRi7fCtEcMlXsiisQehymMs470eDRfWFUMzgJC8tMOQIWNdYM0Bo29wYUJPN
+jD+NO0n+PisFMilBEyoT2pD1i94+5DWQau/7STb3GbpBsLb7JbIrQEp0oSdsvsNR
+SaJQEqMxepJM0OGp3FMr79s+/a13+TMm+jl65M6sV/YTDdYFlplkWyHDjbL+WjUu
+lvDEURfBJrtT7u673RakCEzl5e53fP01HXFhqgMSloR7j2XNiyCeEUBp+zetXxwb
+8e6IKtbXWU+WcXIdNOHAL+OtD1vUK3gxupJPrRNW6daZKWUDbjRixzXnjeyIw8It
+bRldc5VjyM0G4FMbmIROgRcvjJ74MUwnHpgPl9zQ28HmbxKbANiJJZHIDw==
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
new file mode 100644
index 000000000..f0836ec33
--- /dev/null
+++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgRyGVG6HVoA3DU
+/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mpdYtP53SWASOH
+BiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkwBebpMLCf2Mi1
+robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bOFPoBoBOY7v4f
+uq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DWkk1vTt4jplSg
+6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5mGabckTMvtI5
+91UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014lcFg11mzjXGGB
+FuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest2X0psHe3Aloc
+UFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9CuezkuM1QEvke
+v5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+t8GhCKV6B7RT
+zFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3HhfTZstGECAwEA
+AQKCAgAmHcjpYm4FXy7Fl72F531pTv69w50OslFCexEUaqCMdojR7TYVs0hwXObT
+XePSczMaOTjujIXNcz/K0zdCwanMSSMy1THYhRC+DEqK4K0wLifjTad3m7S4PaPI
+0ocxbKWQBMDl3KdGEJW38KcqR4b1B/h6f4VYo7BQzkSbrxRSHANz63vdJvVWPoMz
+jxAgykSiAqIDTNGxYp5trUX7ZLLn0cCIJjIwLU56GcPPN33SDVXetUdQ4sCaDdXU
+8YP8rj0K1VWMYy7SItCZsIqzSEMT+7wC3tvDUDWGyEb1UW9q3cpKBNDAl7KkO3rH
+UbeMutCK5ydtXMIumzNB704cnuwZ08sdM7BTTMhmu0VK+zjVzhBK+MFcF7pickD3
+SdNzOiqfgiXLGjsiMFJvJ7OUJczEJl2xIoZ+Otb113ep0An0PEuF6aZMaKPNP7xf
+ljnengym1Rq+f1mHBRRfool9zmeisnQSSecKo0htm6oRkQTcTwLj0TjiCugbmISf
+D7sUXWp/QFVdYhHTay1gWUnP1quflKYvEynd0UF0JOnCbpWAczdXf27fm7DVjgLp
+yZ4QyrCtyvtIITgmZOvkAcaflxe2E+cBN2F+hWGzqMJfoMtw008hRW9DcRji35Kn
+lCOj/87n8lL3dicDI0caBZO9tQIakh05XYW8xN+sYF9K/xKauQKCAQEA2txDchqB
+7719R6hBqdNqig2+telNHlN0amPKjqIvP7Tr/JnJx8A7cSasao1Fw0cGPReBT7Tb
+Z5IW7xvWiZYFMDI8q8ZGEIb+MveYs1gHlEaimMtwoVCNeNe3cEPIL7ffNT8y+xFc
+o55AjzgKAOHqmf6OidKqRs/B1sSmOrgugsY8KvYtA/JrieVHKrjNX5XqZNqrfsns
+K4DMcJvIrfBu9iyWenNoBOdEJsP0h3F39Zh2hkEg29eH+/8x6FGlezvSU89Jjs9O
+/2BdlyS82RbhPu2VIrsmpfoSrsFHRe8t/9yrnpY3ud6w2LP9QIEMd8FpWKGnNxJp
+AIZJ6u+NoWVlLwKCAQEAxk/7RSSvf6VJvi1gmOxKd79LkYUEiyZryP/M8kQFMqs5
+pU6BgFLVLZsaXz+1oYS0bEjVGGo5ppCVVUMN6RuFX9zVz9uVZBeiiItqw64UDbt/
+0u78m9ngvSpWaMQU2nS/kHVhKOY+Gfs0v5fBvZE+wxTfMBR+nbx7uJivpXnq6xMP
+fhDz6juap/lEK6HuvQN5xXBNL4wpd099lvy3NUuG0Dohb/+gWf3YzQtjs281iMZB
+G3/gGLcBSdk6PBwXueJ3NPj9FAII73MQNBNYS3zi3IYuulA/rMcvbA+IGeKTzRX5
+E47B8ZAhJxZ3OePalvZyVEaRHDFT+Y2YCv/G9Bw7bwKCAQBs97oE97m2Gcxkfxui
+aIblEY7gl7Yz4S1XQzQ46/tGZtgQPqm+cLGn1q+Fpa0UWyp6BFf3zX5oBM6yYlPg
+0PboVjrq858y32N1EN3QfYXYh4qxNKlxR+AISK8mkDj9uTjDFCJX6v8K3+IY7Lfe
+VJ0v6xQg/uiUtSA3xFVXaxiNOBIA+ezTyEFOuP9EABsQ+l1ntZApYnPZ/RjNAGNc
+Zxd4Lh8F/KvPtS2zd2Eqho5Jk41/rrGjg55LE3ZPy0bvIovH+q8PEZytfddbR4lX
+NRMU98mHL1NA1E+0/rpz0XA/sikonnZEbuHyIzt2gEoq3fuLi4Dr5JivEC2BcaA8
+uXU1AoIBAQDDxUdfXbTmxQxEctVuga2OA0mdkXwHxlkXZvcyntWmzIOu3g5X2O3c
+BMcHCoTKu4/Faiz72jmpZggV0IlV+zYyiXaFqNcUpYRtWXx/SkU/vT6VxBmZ3X/Q
+HpCJAjE365MFD+tnjcv2qBfNoAnBkzYrLVqbQ1AvdVeJxyl2qSGxCPL9V80DCe5G
+LnwOuuBMtbaro45/BtYUk2N+/2H5eeLPguNphigNTtyMpta412s458Z0WEuo+liK
+R6kGmBEQDzHxGG/2JYAeqi9vyT0b4GCwpMJSaVBCx6vX+Ik6TIPuLOfjV8W8K7We
+ub3fZ0FuUEJTUgqEk2m77P0Qtqn4aDp/AoIBAQDXI66F4POHVOPI/j584sSLhW6X
+j5VzFlmOhpyoourPYXsKyIFrLa/gYAe/wNH/5jg3Ap5DbBVZB87gOkaMz2oV+ZQ/
+5IWiFmiUxGrCXmWyI6Eqr2DUtSKispLnQ043bFN+HlhfQYTwD9ijqpwpUt/sC+IJ
+mLIGJs5B3cdcRQuSxh1HpvSJOuItjp0wfcGj3+RPh5cPdjHZW30FHGFomOk//6BO
+nWdoYUGrN9wXylDOHvlkYaP2Uj5rCWm51ZGaxzJR9S+WkHdNBzyygpGtEXdSAIzU
+tHufKwQdDnj22w8KSCvQ+KvwUn9UrIR5LyGKiYGWved9X2EQzIFC4dJ8h30G
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..40eb84b8a
--- /dev/null
+++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+}
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..274521386
--- /dev/null
+++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+
+conn rw
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16
+ leftfirewall=yes
+ right=%any
+ keyexchange=ikev2
+ auto=add
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644
index 000000000..03b57243b
--- /dev/null
+++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -0,0 +1,55 @@
+-----BEGIN CERTIFICATE-----
+MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv
+bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw
+NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w
+HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA
+A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4
+4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd
+2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr
+ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY
+dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk
+sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d
+kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33
+YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh
+qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ
+HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro
+UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe
+xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O
+Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f
+/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC
+Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V
+Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/
+9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V
+9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9
+ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT
+XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh
+e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL
+99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T
+AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A
+YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw
+CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV
+c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD
+ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f
+hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57
+71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr
+/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO
+lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj
+8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2
+RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA
+Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm
+xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s
+PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld
+6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd
+c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/
+MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T
+vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg
+RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL
+uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv
+inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs
+CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR
+8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8
+9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea
+cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H
+d/Fp6btmZH31IEyJrRNVOpCwZPI=
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
new file mode 100644
index 000000000..e83798c07
--- /dev/null
+++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
@@ -0,0 +1,46 @@
+-----BEGIN CERTIFICATE-----
+MIIINTCCBB2gAwIBAgIBAjANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN
+b25zdGVyIENBMB4XDTA5MDMyODE0MDcxNloXDTM5MDMyMTE0MDcxNlowWDELMAkG
+A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v
+bnN0ZXIxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQC/9647SgAcK/or/Qs/3cRc19po7oex5EBdPR7b
+vInAuzrVMK84+ifneBWscVhBnxcUI37D0SpKx0onrdskMOyv5nmkdcgQf8931eip
+scNsw8bC8MJsbc5Jfn3DKPurbKK2/uFFE8ot7S65HY9tVBsxKsrjS5YFPE+DKKP+
+BgVk/9hL0Kqq2iKuWTq8YTRMu5iskpLIxqvuz362G46BKoW52pFegeDzpz/Bs/7y
+0oWPRcNcuRQR5XFTpF2L3UosniMkr7aYU5Z8s7IqiEx7txGh5SxRB+TYIZwB1ODa
+L+bnclQeMsBiFqlO9UI38UaxEQgk/+UhgpaX/DPrZg8KJmjW3e+x8xcwL3ouRLy2
+2Z99WMnV6TlwpTKj24EQJALmLG+UJG+hbV9P9j6Mkql3FHb4aLZH71CvyCqeg2yh
+FGiuaGEe8vS9+Dj5LKv8hSbBe/MSQDiPhKT1gb84TiQMsWfxLN7oDXunohnhMZfu
+sydB/c/R/ooA5ri+lE5c65bP2Mk+ml61p6z7lJv+DXBDXW/o4v8Imjx2OMsL85LZ
+vYWJppdJrThd/m4OVnCXYfuHMZqedsIvNR5blnldATLBjWWbeoKhOyqZb8hZ6HFR
+dlJ11LhxnGg9itG385L3Espl+EVcakWBZWrOn5/LGNKZH3UedclEBNci6lSadZaP
+/UfRCwIDAQABo4IBGDCCARQwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0O
+BBYEFOQpYirU7vrMZUWDkqDijTPuhPQiMHgGA1UdIwRxMG+AFBlirZarxvvXjxDE
+Vv9AYyJCcHYOoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ry
+b25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5L
+ga4wHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzBBBgNVHR8EOjA4MDag
+NKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4tbW9uc3Rl
+ci5jcmwwDQYJKoZIhvcNAQENBQADggQBAAEsjsebEspAIANEBVWRjRpowIJlVSLf
+WKzblIPlhClXafHGJbhiamdtS2FmEh/rkzz3Ml+9cJy1KnB1Pn6+4JLSJe5xAywK
+lKTT2iY0KDdOsaK5j+CNJ2tW9NrJPxwtIz+nGGqqyyEUPJE1FYxphbLgmwFNBm2o
+HyeUVYI+gyfmhyHaXHKOmbsDG0o+pUX2tVOs0KdyU6deaAtEf1E6aA5TpCAi1OZs
+pdRDXFUfjdekRkfRr1PZ41Xwk3t6E32YhIE++r7QneQPhXymxVO9nepmpuSoHvlX
+Hb4JN2EQ0zCkkkOfqCuF46zVxsR46/3cfKbRsaVmdfGjvmDSCDI47AreluYiPTGA
+zN4XN91Y5rPZuT9OJYV4UrYv9N1jH5StVmSz19rbYOeozJXX0PBjdCKHEonD1FHY
+xWRpijVUG6NWVLKpvdg3RiFw78wIrNPAeVDvLL+112nbszNDNLSoOJjOUBySHJda
+WYFtg2IoAUis9r/o7uykNcC6KiU4Y1nC8PEIhMi4AMA9UgBCn4ixYtHI9jkfHcrD
+O1kvPRUo3hKzrhftLYtfiBfTEh+3Xab615lt5vNNhdI7d4knqUXvVdURtvlfJLZv
+W0YdvwjJtrVJAiCtX3wyxy72O1ZOG5kHCcK5oHUHg5W172rK9hK4LByk5ESqtc/t
+YDG7TmZLtUceV5yK4gz7pwIwXthA8yayRy+lbk8BFxRMfOEfb6rPdm0vvmPpHHDu
+yHR5SJTgpGo+/I8N1zS6PNeUBh0RAbSnxHJSMLn+GYTs8s6Atnq05SIuVYxvXyAQ
+ULf+ppNN5lngSZHPaOFJNpC1QL1+DdMNueDITVxYx5DV8SkWRPhzS77tsYeUxVGI
+IpUVEqSggGe6Q4YWv2smAjSeqaS5HNGxstE+Ybat/cp9QMbLc7gwKxwRQHhVRZ5O
+0rVq2bZUyly8y4wX8G8WFMNuCoAcHAdMvKh4JtmdDDZlbxdC2mSVbLSuTBfGvKc1
+ScwOBtSqQkm9PsTMitZM31s97WJLQIZbq82g2ns7hfEXMMIgzcFLYlM1SovbDZI5
+ZM63NBVTaKyj+Gxy8FcAPBPtPWwAQT+Gdi8gFwtcEilTOBECL5y0hzlL9aJpsJEq
+4KV5nnM5rutUufiYzQMZqME3g9VWk0kQteVpa4x+4zsKH9lJSSS/y0eCo/jArS8l
+HSmzUDkj2cWmf/azdrcig7g/mHeEbKu1JH1X5lRdZekqcRCW6v1OjP025B/5nSnL
+WYPUI9RLb01fmPjWdrc4+hPnHjePp8w6tuM6U6huMCwstnOel6d2FL5hOWvXNmIH
+I+8zv7SHhIWQmUbC0YQn8BFqvqDC08In5x42YiTe+42YEtafkTkbY8o=
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
new file mode 100644
index 000000000..6d39ac084
--- /dev/null
+++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAv/euO0oAHCv6K/0LP93EXNfaaO6HseRAXT0e27yJwLs61TCv
+OPon53gVrHFYQZ8XFCN+w9EqSsdKJ63bJDDsr+Z5pHXIEH/Pd9XoqbHDbMPGwvDC
+bG3OSX59wyj7q2yitv7hRRPKLe0uuR2PbVQbMSrK40uWBTxPgyij/gYFZP/YS9Cq
+qtoirlk6vGE0TLuYrJKSyMar7s9+thuOgSqFudqRXoHg86c/wbP+8tKFj0XDXLkU
+EeVxU6Rdi91KLJ4jJK+2mFOWfLOyKohMe7cRoeUsUQfk2CGcAdTg2i/m53JUHjLA
+YhapTvVCN/FGsREIJP/lIYKWl/wz62YPCiZo1t3vsfMXMC96LkS8ttmffVjJ1ek5
+cKUyo9uBECQC5ixvlCRvoW1fT/Y+jJKpdxR2+Gi2R+9Qr8gqnoNsoRRormhhHvL0
+vfg4+Syr/IUmwXvzEkA4j4Sk9YG/OE4kDLFn8Sze6A17p6IZ4TGX7rMnQf3P0f6K
+AOa4vpROXOuWz9jJPppetaes+5Sb/g1wQ11v6OL/CJo8djjLC/OS2b2FiaaXSa04
+Xf5uDlZwl2H7hzGannbCLzUeW5Z5XQEywY1lm3qCoTsqmW/IWehxUXZSddS4cZxo
+PYrRt/OS9xLKZfhFXGpFgWVqzp+fyxjSmR91HnXJRATXIupUmnWWj/1H0QsCAwEA
+AQKCAgAn3928CQH+2A+uBXDJwlngYyHF/A4JoHzSITkAsaf3dayhzewHrMaPKP1v
+hVeswcv8becN66uaPs0jctR7LwJrAzevNpvo+XNx0+fxH7CVLhFiOrpX5XMdBv4+
+hIvKLtWZp1XJkHPFmGfFIePB9N91FgtwrSmrSrzFZLKzuDJ0qUQXc2+P76GWj4hI
+yvQfIDR1XDjLJaFfCJCsaQrvv5JpaYIanGXKlqoCpU3GyH3fpcEPyI3nrb4dfp3D
+yKJ4pBxuqWUHPQ2cN4NBnHAunnc2JrFO35HkZw7Nvpc6GwsedjwMzcPyW/ytHvqz
+PhXN/9iuPs0sacC4LzXlppxnIlVSOCoLUpyoe8zXxDJBLsU7d+zDnXZ/1guviHz+
+x4RsEKjlXcvsvnZGAy0pUzOEXIfmWOOSlA7iqkbPNud9nBS4YnOtiZIowLj6893k
+rN1GQ/jw7szBkNh5vjdZT7HAIhlBwyQI3hRJX/h0hdUPNiPW4/j9W94JWcRxk0tO
+vZq7mcTtJ8OFlsNyO12KgFIjT+Gwz7tmNrN+Of98pOt9jRN7hhxY8sQosmW1nePZ
+HuWR52CVShXX/N2d/09hwf48xjYBjF3Mjxc8ySIyERdcWqsWx3j5WaB8rEAAuMcF
+/gY5bb4Oc1MAUtX8aMidvKfVW0Owapj/ApgyOmGbO6YEQCKSIQKCAQEA6hbs2JoD
+8u9sCaabRKNxqnjzXzB7JrR1PKyOjp3Iiku29W1VQ/TMRUpO63LsE3lbv/3RIvi1
+wZN/dFhWC9wOY85iDUci5ZI0QcZA0OIQ/uetrE5/FBOmH9MVIQEXnGHSNPHUWMqk
+EBrykyt+7RMEb7Kldm0V57MesO1FA0y81+UCJP01KZM0D7Nq1Eb6GfNLENah3Fk2
+wHk6g36O1nMAEyjHvS+ht8C0rzNXIqCnkeAuxxAfJde9TYpuW7oCt1JEeh2VAmOO
+7QESq2x0OrPKLCUs00y5k0I9eqvAaQfCC6EcdiX7FyAfX5n5Vf5FbfbWhf9oheno
+CQ0uai4v1uqX2wKCAQEA0e91hlukBO2InB9j+54R3XA0buCr/eQFqJ4sAjgL9GCk
+n09tfytH/nLPw/g/l7snyVmGW3uZfmkOqnTP9Yfbx1dU0pPRN11qM9QG6YH+Odkv
+D+LpRnYRjj7QxQJQbGy+2IZN8cmtpJQziSmQMNZU/YoDpq7wYNVhwnP0Z3ZgUo3d
+GfRPbGw951dOAK0Z6S61+mXSQE9JhZBo49zOrmkgLa1fmLfJoukmz4MTZqoWFffq
++1Q4vdYgRS8ToT2Rmba+7s4UAmVKyACEw8WEyjH3TXxd6tQy/smzcD0Vgg7Ghvg7
+Vs5ion9HcqDEcQ1YWvMDWPD/x4fyVgu4v2QW/k/KkQKCAQBPb04ZxlG2u1YfBEFG
+DmyA26BCWfJAVRY/a5LIhHRLsZu5NsurTsOOc8PKE+pWRWVEBj5Urq8GrCWg9mTk
+i1z6s0sElHIcEvvWog7WkxAPX9DIWq62wmAqBnfyBivb7jnlq3ZSVxlLOcm89RKS
+IlTsDmQlhqjbQiYVBb7Yes7OODD9GktS+1e8SDblJ9ywt6VuZlbwrfltYPXhLy4L
+SWTqG3mEEki/UQ4/MZ3M61VRpBBbjnXzYn0jdekzCTDowmroQWeSMvSKKkYKk7fx
+P5dIWakXXr7OYLj6CpQ1T+OiDJ7a3NKSq1zaFSbN7oXi5dMwD1aJsrEBeU6Zy2iC
+doLnAoIBAQCzC716J7JNmaCHNqZ5NKkb6NRvNCK72LuSwcPa6J4ZgEsmrAFBElLG
+inj0NEdYSwB102qpn1Kb41HkwteSGpqw+qSXLAalZ4BqT4zNnlaKU9a1f9tggtYa
+MSywuXaJ4n0qAfF8I3t7AAKsGsylOkcmLY1LnavZimNkCq0JiIZCIkfOGPWcDP0G
+zwjxvrB4laQSuMCGpJiZ1z3+CJYlXfdZvaHoh+bqkFrPZIUpbCqF9fls/Lmf/n1r
+Q+lD/VSuepOA7DVYjbcnuHmC1nSYVeELLuSSoQQVFUV6lj4/vAZJmnBRapfo6xCu
+jLq9iJowh031jyU2sZVXGYwpf12066xhAoIBADCtIvqwfy9pcqYs8PQMQTbDuz3G
+ZCe3E5SLJ00gk/PBVJihOYvdKgwoZAyWdWxOPDKzBJAaJBgpmpWKeX3k92HgLxyi
+50zKogbCc49mz2c6kRC13SviPAjO1XuM+FKo50AICenauu21/ZeMYuLt9gxnhEo5
+kkIYhD0irfTw5MMEKITAs71iB74Lxm9gv/+jOwsgoP23k562NHnIvPdbDzbR/ROD
+xb/3DsGbB4kmUXoLlWxradiZGczPddki+bMI4meMs8oH+XP14KyGqWC8LSuBDg8Y
+fADibXSIAHobiN+KhDtWz9Wnhtch9C8Q5+JDjixdspcn4lkMdMK532v/FBM=
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..40eb84b8a
--- /dev/null
+++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
+}
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/posttest.dat b/testing/tests/ikev2/after-2038-certs/posttest.dat
index 94a400606..94a400606 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/posttest.dat
+++ b/testing/tests/ikev2/after-2038-certs/posttest.dat
diff --git a/testing/tests/ikev2/after-2038-certs/pretest.dat b/testing/tests/ikev2/after-2038-certs/pretest.dat
new file mode 100644
index 000000000..4921d5097
--- /dev/null
+++ b/testing/tests/ikev2/after-2038-certs/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1
+carol::ipsec up home
diff --git a/testing/tests/ikev2/after-2038-certs/test.conf b/testing/tests/ikev2/after-2038-certs/test.conf
new file mode 100644
index 000000000..9cd583b16
--- /dev/null
+++ b/testing/tests/ikev2/after-2038-certs/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.d/certs/carolCert-ifuri.pem b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.d/certs/carolCert-ifuri.pem
index 894bf7dbd..f586a9414 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.d/certs/carolCert-ifuri.pem
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.d/certs/carolCert-ifuri.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIID+DCCAuCgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA3MDQyMDA5MjU1NFoXDTEyMDQxODA5MjU1
-NFowWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
-BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOByjCBxzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUi6jZ
-/eq7FoNJDiWP3Mlw9iaZzyIwbQYDVR0jBGYwZIAU53XwoPKtIM3NYCPMx8gPKfPd
-VCChSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2Fu
-MRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQ8wHwYDVR0RBBgwFoEUY2Fy
-b2xAc3Ryb25nc3dhbi5vcmcwDQYJKoZIhvcNAQEFBQADggEBADHYFhLgIo3jrKcw
-bmfkqHLrwI0sHgyJJrEf1hl3cdc16VdKVW+V3qMwumdlMobK20yTRtW90x1ErULS
-RClHlQ5UtDubtQTwjcc6Uc8tOcBdAAH1SQk2xLikxQq19UGFpRRA0VxDXzF5yXnJ
-oM9mJZvgscQZeZPqMEXd3yQclK3Ouap70zE1J8kcyT/yrdkTM3nMbiq8aPytr3Al
-njoW+ToTsDqcTZYWeF3A3tfSZ5+AhlValx1btbcNPZVjjhBx46knOrOFeQLE5f5C
-3XYxVaWPX7hcjfQz/e3T4Rnb8nVQqoCnycUPfYxG/4z7pp/GplS/MEuMNNGDhSsI
-nTjnJgY=
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA5MDMyNDIwMzc0N1oXDTE0MDMyMzIwMzc0
+N1owYTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGDAW
+BgNVBAsTD1Jlc2VhcmNoIG5vIENEUDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25nc3dh
+bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPqE4le5QodSA+
+NXnQ1IFI0XWcBDDwQDNcQ6qMScSCaboPFCLrlC9E70J2eGeX2v/UDTQpEOxQ4fGX
+Efk0/MdJjnWGAO95jEInNJ+DuexfrP5REiryKDfryA0d6xiQb/a2M7UuDgxPgyZf
+VyvU7SHebue4317v5NyGJeRnkN3/onNpdjpWu9Le9DqenBQ2SITgo7NsVsNsqhnT
+1jg2jfxJ8OXzi7/6JvuxxweCoDxr+KeKIViFAqNlyufeyIvowdjHTlJRvN/9Wl+/
+jPiHmFcIyIc1o8EUHzM9AEIWtB2DeHL62e7LVJbjMXsLAkTggc3BkGE2cWFOBY0f
+J4R+AKWDAgMBAAGjgcowgccwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0O
+BBYEFIuo2f3quxaDSQ4lj9zJcPYmmc8iMG0GA1UdIwRmMGSAFOd18KDyrSDNzWAj
+zMfIDynz3VQgoUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ry
+b25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBggEPMB8GA1UdEQQY
+MBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMA0GCSqGSIb3DQEBBQUAA4IBAQBiOKAx
+ePEwlga++nOpkfBg6ESag5/VWfnAp1zRpXHXnRak10OTtCPDjmJiDUzlKBwolwJN
+I6T3S7eg+M04E3r5IHn3i+HtQcENkq02YUPiUXS5cvLtzKMPIm8pYCj7/5pXxAek
+nHGRdBZkQiGDz49H9rPKxLdJDTLCXpj4l9uOFgsbiQ3k5SyWq5oMhtZsf4VKqAd+
+77Mbn9pnjjy53wLuzjaMVX+K5KKotPNeSHH/pWh9RqNROmf6F2B0nZhW5Aryxa9/
+24GRkZEPZ+cqhtwgVjq5aImzdSrARJQ1tu6lZqNB5b9klYSAi+al0FrvUFoG58Qt
+eWeiFXLvAtXTGoax
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.d/certs/daveCert-ifuri.pem b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.d/certs/daveCert-ifuri.pem
index c19c7333a..cae8184f6 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.d/certs/daveCert-ifuri.pem
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.d/certs/daveCert-ifuri.pem
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEJjCCAw6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIELTCCAxWgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA3MDQyMDA5MzYwMFoXDTEyMDQxODA5MzYwMFowVjEL
-MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
-BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4IBCDCC
-AQQwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFILLnutR01FvK1SR
-EZgaOaO9d8izMG0GA1UdIwRmMGSAFF+bE0b5IHLIANWItadMLpfqC5MooUmkRzBF
-MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UE
-AxMSc3Ryb25nU3dhbiBSb290IENBggENMB4GA1UdEQQXMBWBE2RhdmVAc3Ryb25n
-c3dhbi5vcmcwPAYIKwYBBQUHAQEEMDAuMCwGCCsGAQUFBzABhiBodHRwOi8vb2Nz
-cDIuc3Ryb25nc3dhbi5vcmc6ODg4MjANBgkqhkiG9w0BAQUFAAOCAQEAhhebUzkR
-5bllLrfSb0H+Uns0Fw/hfyrvJPjKOcb/otwPZOeGftGYQgihGu3X0Wi6IPX3/I6v
-tAnjYTyMXO68Cm2Zw3ZjjjSupQ3LOtyUhKPehk1EXNI5S1WnpYvEjocaBeT5DBaH
-fjMHL4L32dUcyzU49zbrkFEY7ffka44s3SUf4tEaw5QlBfAnwoij2A/rucokWNeQ
-6KVE9wfYJri6P7ztVTWFsAD6MXRCjzYrS6lOo02w32k2Rpp5SdAWuiwnXLY1BPi9
-U031sS6eh2aRM+u1UKuCGQtUDCMOI6yDv5U2aWQuxYS2uTW05PlWwKAg2atFt7uZ
-P35gzzpJWopPqw==
+BAMTCFNhbGVzIENBMB4XDTA5MDMyNDIxMTA1M1oXDTE0MDMyMzIxMTA1M1owXTEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsT
+DFNhbGVzIG5vIENEUDEcMBoGA1UEAxQTZGF2ZUBzdHJvbmdzd2FuLm9yZzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMqgEdIrRiLkrf0UfCB4xUyx/5cs
+Ka5h1MNBks2cKP6uABOL+jnlkRtyVFIOOCuNMgcK+873LC87UU32zapbe6Ph46aN
+5M9ADMA6PtVeNkJIetVSVtT9DUL5II4kJ/hJUjINbt7omAiDAIWDGKNmTCsR18Ua
+o1O/QFbiTT96fMFKX8EXiJgMt/5+vOWG0s1nGz6gn40R/2K52EvBmu5v0M3TX67c
+YQFgBqMNfvnk0jLy10pEHro1OjgiTTj1DQd55ydSKGa0JvMDT/GOQeR87zkshRLz
+bhxXOt4Ej2kkYbs9ILm7jKa9XfUYI58vCYLHwhGzpLZSsJ2xXkgfAAIFTI8CAwEA
+AaOCAQgwggEEMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57r
+UdNRbytUkRGYGjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guT
+KKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4x
+GzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZl
+QHN0cm9uZ3N3YW4ub3JnMDwGCCsGAQUFBwEBBDAwLjAsBggrBgEFBQcwAYYgaHR0
+cDovL29jc3AyLnN0cm9uZ3N3YW4ub3JnOjg4ODIwDQYJKoZIhvcNAQEFBQADggEB
+ADn1ow4aGxckB4HsJQf1Z6LFpiCOExqhqcK/+fsFcl/WM3F0F+1TbEWzwFzDj3Yu
+5gH6DQ/c0Fp+WYCKAbZXdYoKHJDSZY0BsoD7Nglc1r+l1wFRv1UGF5DoYZPryHGA
+FkusMTUQMvWRRmN9PsURQ77DsmAtryKi5aDQ/rAiPIJK67bQ0HmvPAynO8IF2Fd9
+GpqFSc0gZni9NQszVUH33nuLlZP1hFC5MDeqhcqgmUL/GZbs7DZYThF4INBryfOg
+xFE73CpyNQHHmfT23TLsrFD5IXCp3z3oMtCtTphwUnCJrEzZ1H7mJ+xSJoJ3MOqd
+mNs1ygehz0a99cPoX1j/iwo=
-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/rw-eap-aka-identity/description.txt b/testing/tests/ikev2/rw-eap-aka-id-rsa/description.txt
index e7d2c784a..6d886024b 100644
--- a/testing/tests/ikev2/rw-eap-aka-identity/description.txt
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/description.txt
@@ -1,8 +1,9 @@
+at the outset the gateway authenticates itself to the client by sending an
+IKEv2 <b>RSA signature</b> accompanied by a certificate.
The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
<b>carol</b> uses the <i>Extensible Authentication Protocol</i>
in association with the <i>Authentication and Key Agreement</i> protocol
(<b>EAP-AKA</b>) to authenticate against the gateway. This protocol is used
in UMTS, but here a secret from <b>ipsec.secrets</b> is used instead of a USIM/(R)UIM.
In addition to her IKEv2 identity <b>carol@strongswan.org</b>, roadwarrior <b>carol</b>
-uses the EAP identy <b>carol</b>. Gateway <b>moon</b> additionaly uses an <b>RSA signature</b>
-to authenticate itself against <b>carol</b>.
+uses the EAP identity <b>carol</b>.
diff --git a/testing/tests/ikev2/rw-eap-aka-identity/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat
index 5d0b469bf..d5cbbdbf7 100644
--- a/testing/tests/ikev2/rw-eap-aka-identity/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat
@@ -2,7 +2,7 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
moon::cat /var/log/daemon.log::using EAP identity.*carol::YES
moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-eapaka.*ESTABLISHED::YES
+moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
carol::ipsec statusall::home.*ESTABLISHED::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.conf
index 8cffbe3b3..8cffbe3b3 100755
--- a/testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.secrets
index 44ba3fa25..44ba3fa25 100644
--- a/testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.secrets
diff --git a/testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
index 831d9e663..831d9e663 100644
--- a/testing/tests/ikev2/rw-eap-aka-identity/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
diff --git a/testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf
index 350fc48b6..b239e7718 100755
--- a/testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keyingtries=1
keyexchange=ikev2
-conn rw-eapaka
+conn rw-eap
authby=rsasig
eap=aka
eap_identity=%identity
diff --git a/testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.secrets
index 3868b62f4..3868b62f4 100644
--- a/testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.secrets
diff --git a/testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
index 831d9e663..831d9e663 100644
--- a/testing/tests/ikev2/rw-eap-aka-identity/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/posttest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/posttest.dat
new file mode 100644
index 000000000..94a400606
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-aka-identity/pretest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat
index ed5498bfe..ed5498bfe 100644
--- a/testing/tests/ikev2/rw-eap-aka-identity/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat
diff --git a/testing/tests/ikev2/rw-eap-aka-identity/test.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/test.conf
index 2bd21499b..2bd21499b 100644
--- a/testing/tests/ikev2/rw-eap-aka-identity/test.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/test.conf
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/description.txt b/testing/tests/ikev2/rw-eap-md5-id-radius/description.txt
new file mode 100644
index 000000000..a1512ca9e
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/description.txt
@@ -0,0 +1,10 @@
+The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
+At the outset the gateway authenticates itself to the client by sending
+an IKEv2 <b>RSA signature</b> accompanied by a certificate.
+<b>carol</b> then uses the <i>Extensible Authentication Protocol</i>
+in association with an <i>MD5</i> challenge and response protocol
+(<b>EAP-MD5</b>) to authenticate against the gateway <b>moon</b>.
+In addition to her IKEv2 identity <b>carol@strongswan.org</b>, roadwarrior
+<b>carol</b> uses the EAP identity <b>carol</b>.
+The user password is kept in <b>ipsec.secrets</b> on the client <b>carol</b>
+and the gateway forwards all EAP messages to the RADIUS server <b>alice</b>.
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat
new file mode 100644
index 000000000..6c73054d7
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat
@@ -0,0 +1,12 @@
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+moon::cat /var/log/daemon.log::using EAP identity .*carol"::YES
+carol::cat /var/log/daemon.log::EAP server requested EAP_MD5 authentication::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+
+
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/clients.conf
new file mode 100644
index 000000000..f4e179aa4
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/clients.conf
@@ -0,0 +1,4 @@
+client PH_IP_MOON1 {
+ secret = gv6URkSs
+ shortname = moon
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/eap.conf
new file mode 100644
index 000000000..623f42904
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/eap.conf
@@ -0,0 +1,5 @@
+eap {
+ default_eap_type = md5
+ md5 {
+ }
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/proxy.conf
new file mode 100644
index 000000000..783587b55
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/proxy.conf
@@ -0,0 +1,5 @@
+realm LOCAL {
+ type = radius
+ authhost = LOCAL
+ accthost = LOCAL
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/radiusd.conf
new file mode 100644
index 000000000..1143a0473
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/radiusd.conf
@@ -0,0 +1,120 @@
+# radiusd.conf -- FreeRADIUS server configuration file.
+
+prefix = /usr
+exec_prefix = ${prefix}
+sysconfdir = /etc
+localstatedir = /var
+sbindir = ${exec_prefix}/sbin
+logdir = ${localstatedir}/log/radius
+raddbdir = ${sysconfdir}/raddb
+radacctdir = ${logdir}/radacct
+
+# name of the running server. See also the "-n" command-line option.
+name = radiusd
+
+# Location of config and logfiles.
+confdir = ${raddbdir}
+run_dir = ${localstatedir}/run/radiusd
+
+# Should likely be ${localstatedir}/lib/radiusd
+db_dir = ${raddbdir}
+
+# libdir: Where to find the rlm_* modules.
+libdir = ${exec_prefix}/lib
+
+# pidfile: Where to place the PID of the RADIUS server.
+pidfile = ${run_dir}/${name}.pid
+
+# max_request_time: The maximum time (in seconds) to handle a request.
+max_request_time = 30
+
+# cleanup_delay: The time to wait (in seconds) before cleaning up
+cleanup_delay = 5
+
+# max_requests: The maximum number of requests which the server keeps
+max_requests = 1024
+
+# listen: Make the server listen on a particular IP address, and send
+listen {
+ type = auth
+ ipaddr = PH_IP_ALICE
+ port = 0
+}
+
+# This second "listen" section is for listening on the accounting
+# port, too.
+#
+listen {
+ type = acct
+ ipaddr = PH_IP_ALICE
+ port = 0
+}
+
+# hostname_lookups: Log the names of clients or just their IP addresses
+hostname_lookups = no
+
+# Core dumps are a bad thing. This should only be set to 'yes'
+allow_core_dumps = no
+
+# Regular expressions
+regular_expressions = yes
+extended_expressions = yes
+
+# Logging section. The various "log_*" configuration items
+log {
+ destination = files
+ file = ${logdir}/radius.log
+ syslog_facility = daemon
+ stripped_names = no
+ auth = yes
+ auth_badpass = yes
+ auth_goodpass = yes
+}
+
+# The program to execute to do concurrency checks.
+checkrad = ${sbindir}/checkrad
+
+# Security considerations
+security {
+ max_attributes = 200
+ reject_delay = 1
+ status_server = yes
+}
+
+# PROXY CONFIGURATION
+proxy_requests = yes
+$INCLUDE proxy.conf
+
+# CLIENTS CONFIGURATION
+$INCLUDE clients.conf
+
+# THREAD POOL CONFIGURATION
+thread pool {
+ start_servers = 5
+ max_servers = 32
+ min_spare_servers = 3
+ max_spare_servers = 10
+ max_requests_per_server = 0
+}
+
+# MODULE CONFIGURATION
+modules {
+ $INCLUDE ${confdir}/modules/
+ $INCLUDE eap.conf
+ $INCLUDE sql.conf
+ $INCLUDE sql/mysql/counter.conf
+}
+
+# Instantiation
+instantiate {
+ exec
+ expr
+ expiration
+ logintime
+}
+
+# Policies
+$INCLUDE policy.conf
+
+# Include all enabled virtual hosts
+$INCLUDE sites-enabled/
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/sites-available/default
new file mode 100644
index 000000000..9c3702cb7
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/sites-available/default
@@ -0,0 +1,61 @@
+authorize {
+ preprocess
+ chap
+ mschap
+ suffix
+ eap {
+ ok = return
+ }
+ unix
+ files
+ expiration
+ logintime
+ pap
+}
+
+authenticate {
+ Auth-Type PAP {
+ pap
+ }
+ Auth-Type CHAP {
+ chap
+ }
+ Auth-Type MS-CHAP {
+ mschap
+ }
+ unix
+ eap
+}
+
+preacct {
+ preprocess
+ acct_unique
+ suffix
+ files
+}
+
+accounting {
+ detail
+ unix
+ radutmp
+ attr_filter.accounting_response
+}
+
+session {
+ radutmp
+}
+
+post-auth {
+ exec
+ Post-Auth-Type REJECT {
+ attr_filter.access_reject
+ }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+ eap
+}
+
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/users
new file mode 100644
index 000000000..247b918e3
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/users
@@ -0,0 +1 @@
+carol Cleartext-Password := "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..8cffbe3b3
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ authby=eap
+
+conn home
+ left=PH_IP_CAROL
+ leftnexthop=%direct
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ eap_identity=carol
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..23d79cf2e
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..b856adc9e
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapmd5 eapidentity updown
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..56587b2e8
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,84 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MobIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow RADIUS protocol with alice
+ iptables -A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..08b920afd
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn rw-eap
+ authby=rsasig
+ eap=radius
+ eap_identity=%identity
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftid=@moon.strongswan.org
+ leftcert=moonCert.pem
+ leftfirewall=yes
+ rightid=*@strongswan.org
+ rightsendcert=never
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..e86d6aa5c
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..10414b29a
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapradius eapidentity updown
+ plugins {
+ eap_radius {
+ secret = gv6URkSs
+ server = PH_IP_ALICE
+ }
+ }
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/posttest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/posttest.dat
new file mode 100644
index 000000000..920d6a20d
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/posttest.dat
@@ -0,0 +1,5 @@
+moon::ipsec stop
+carol::ipsec stop
+alice::/etc/init.d/radiusd stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat
new file mode 100644
index 000000000..3508e9d8c
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+alice::cat /etc/raddb/clients.conf
+alice::cat /etc/raddb/eap.conf
+alice::cat /etc/raddb/proxy.conf
+alice::cat /etc/raddb/users
+alice::/etc/init.d/radiusd start
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1
+carol::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/test.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/test.conf
index 2bd21499b..2bd21499b 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/test.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/test.conf
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/description.txt b/testing/tests/ikev2/rw-eap-md5-radius/description.txt
new file mode 100644
index 000000000..12bdc9fdd
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/description.txt
@@ -0,0 +1,8 @@
+The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
+At the outset the gateway authenticates itself to the client by sending
+an IKEv2 <b>RSA signature</b> accompanied by a certificate.
+<b>carol</b> then uses the <i>Extensible Authentication Protocol</i>
+in association with an <i>MD5</i> challenge and response protocol
+(<b>EAP-MD5</b>) to authenticate against the gateway <b>moon</b>.
+The user password is kept in <b>ipsec.secrets</b> on the client <b>carol</b>
+and the gateway forwards all EAP messages to the RADIUS server <b>alice</b>.
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat
new file mode 100644
index 000000000..444362a86
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat
@@ -0,0 +1,11 @@
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+carol::cat /var/log/daemon.log::EAP server requested EAP_MD5 authentication::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+
+
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/clients.conf
new file mode 100644
index 000000000..f4e179aa4
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/clients.conf
@@ -0,0 +1,4 @@
+client PH_IP_MOON1 {
+ secret = gv6URkSs
+ shortname = moon
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/eap.conf
new file mode 100644
index 000000000..623f42904
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/eap.conf
@@ -0,0 +1,5 @@
+eap {
+ default_eap_type = md5
+ md5 {
+ }
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf
new file mode 100644
index 000000000..23cba8d11
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf
@@ -0,0 +1,5 @@
+realm strongswan.org {
+ type = radius
+ authhost = LOCAL
+ accthost = LOCAL
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf
new file mode 100644
index 000000000..1143a0473
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf
@@ -0,0 +1,120 @@
+# radiusd.conf -- FreeRADIUS server configuration file.
+
+prefix = /usr
+exec_prefix = ${prefix}
+sysconfdir = /etc
+localstatedir = /var
+sbindir = ${exec_prefix}/sbin
+logdir = ${localstatedir}/log/radius
+raddbdir = ${sysconfdir}/raddb
+radacctdir = ${logdir}/radacct
+
+# name of the running server. See also the "-n" command-line option.
+name = radiusd
+
+# Location of config and logfiles.
+confdir = ${raddbdir}
+run_dir = ${localstatedir}/run/radiusd
+
+# Should likely be ${localstatedir}/lib/radiusd
+db_dir = ${raddbdir}
+
+# libdir: Where to find the rlm_* modules.
+libdir = ${exec_prefix}/lib
+
+# pidfile: Where to place the PID of the RADIUS server.
+pidfile = ${run_dir}/${name}.pid
+
+# max_request_time: The maximum time (in seconds) to handle a request.
+max_request_time = 30
+
+# cleanup_delay: The time to wait (in seconds) before cleaning up
+cleanup_delay = 5
+
+# max_requests: The maximum number of requests which the server keeps
+max_requests = 1024
+
+# listen: Make the server listen on a particular IP address, and send
+listen {
+ type = auth
+ ipaddr = PH_IP_ALICE
+ port = 0
+}
+
+# This second "listen" section is for listening on the accounting
+# port, too.
+#
+listen {
+ type = acct
+ ipaddr = PH_IP_ALICE
+ port = 0
+}
+
+# hostname_lookups: Log the names of clients or just their IP addresses
+hostname_lookups = no
+
+# Core dumps are a bad thing. This should only be set to 'yes'
+allow_core_dumps = no
+
+# Regular expressions
+regular_expressions = yes
+extended_expressions = yes
+
+# Logging section. The various "log_*" configuration items
+log {
+ destination = files
+ file = ${logdir}/radius.log
+ syslog_facility = daemon
+ stripped_names = no
+ auth = yes
+ auth_badpass = yes
+ auth_goodpass = yes
+}
+
+# The program to execute to do concurrency checks.
+checkrad = ${sbindir}/checkrad
+
+# Security considerations
+security {
+ max_attributes = 200
+ reject_delay = 1
+ status_server = yes
+}
+
+# PROXY CONFIGURATION
+proxy_requests = yes
+$INCLUDE proxy.conf
+
+# CLIENTS CONFIGURATION
+$INCLUDE clients.conf
+
+# THREAD POOL CONFIGURATION
+thread pool {
+ start_servers = 5
+ max_servers = 32
+ min_spare_servers = 3
+ max_spare_servers = 10
+ max_requests_per_server = 0
+}
+
+# MODULE CONFIGURATION
+modules {
+ $INCLUDE ${confdir}/modules/
+ $INCLUDE eap.conf
+ $INCLUDE sql.conf
+ $INCLUDE sql/mysql/counter.conf
+}
+
+# Instantiation
+instantiate {
+ exec
+ expr
+ expiration
+ logintime
+}
+
+# Policies
+$INCLUDE policy.conf
+
+# Include all enabled virtual hosts
+$INCLUDE sites-enabled/
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default
new file mode 100644
index 000000000..9c3702cb7
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default
@@ -0,0 +1,61 @@
+authorize {
+ preprocess
+ chap
+ mschap
+ suffix
+ eap {
+ ok = return
+ }
+ unix
+ files
+ expiration
+ logintime
+ pap
+}
+
+authenticate {
+ Auth-Type PAP {
+ pap
+ }
+ Auth-Type CHAP {
+ chap
+ }
+ Auth-Type MS-CHAP {
+ mschap
+ }
+ unix
+ eap
+}
+
+preacct {
+ preprocess
+ acct_unique
+ suffix
+ files
+}
+
+accounting {
+ detail
+ unix
+ radutmp
+ attr_filter.accounting_response
+}
+
+session {
+ radutmp
+}
+
+post-auth {
+ exec
+ Post-Auth-Type REJECT {
+ attr_filter.access_reject
+ }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+ eap
+}
+
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/users
new file mode 100644
index 000000000..247b918e3
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/users
@@ -0,0 +1 @@
+carol Cleartext-Password := "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..2af93a313
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ authby=eap
+
+conn home
+ left=PH_IP_CAROL
+ leftnexthop=%direct
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..74942afda
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..a53e44f50
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapmd5 updown
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..56587b2e8
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,84 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MobIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow RADIUS protocol with alice
+ iptables -A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..825994278
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn rw-eap
+ authby=rsasig
+ eap=radius
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftid=@moon.strongswan.org
+ leftcert=moonCert.pem
+ leftfirewall=yes
+ rightid=*@strongswan.org
+ rightsendcert=never
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..e86d6aa5c
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..cae56a7f6
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapradius updown
+ plugins {
+ eap_radius {
+ secret = gv6URkSs
+ server = PH_IP_ALICE
+ }
+ }
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/posttest.dat b/testing/tests/ikev2/rw-eap-md5-radius/posttest.dat
new file mode 100644
index 000000000..920d6a20d
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/posttest.dat
@@ -0,0 +1,5 @@
+moon::ipsec stop
+carol::ipsec stop
+alice::/etc/init.d/radiusd stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat
new file mode 100644
index 000000000..3508e9d8c
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+alice::cat /etc/raddb/clients.conf
+alice::cat /etc/raddb/eap.conf
+alice::cat /etc/raddb/proxy.conf
+alice::cat /etc/raddb/users
+alice::/etc/init.d/radiusd start
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1
+carol::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/test.conf b/testing/tests/ikev2/rw-eap-md5-radius/test.conf
new file mode 100644
index 000000000..2bd21499b
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-radius/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice carol moon"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat
index 5de841c03..fadcdc635 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat
@@ -1,7 +1,7 @@
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-eapaka.*ESTABLISHED::YES
+moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
carol::ipsec statusall::home.*ESTABLISHED::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.secrets
index e03e89a0f..74942afda 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.secrets
@@ -1,3 +1,3 @@
# /etc/ipsec.secrets - strongSwan IPsec secrets file
-carol@strongswan.org : EAP "Ar3etTnp01qlpOgb"
+carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf
index 78bc23b4c..7777e914b 100755
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf
@@ -11,7 +11,7 @@ conn %default
keyingtries=1
keyexchange=ikev2
-conn rw-eapaka
+conn rw-eap
authby=rsasig
eap=md5
left=PH_IP_MOON
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.secrets
index aa3838385..c991683b8 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.secrets
@@ -2,4 +2,4 @@
: RSA moonKey.pem
-carol@strongswan.org : EAP "Ar3etTnp01qlpOgb"
+carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/description.txt b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/description.txt
index df7041a97..df7041a97 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/description.txt
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/description.txt
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat
index d8708d122..d8708d122 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.conf
index ec09a3375..ec09a3375 100755
--- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.secrets
index 44ba3fa25..44ba3fa25 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.secrets
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
index 26ccc84ce..26ccc84ce 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf
index 57a89966a..57a89966a 100755
--- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.secrets
index 3868b62f4..3868b62f4 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.secrets
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
index 26ccc84ce..26ccc84ce 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/posttest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/posttest.dat
new file mode 100644
index 000000000..94a400606
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat
index ed5498bfe..ed5498bfe 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-rsa/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/test.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/test.conf
new file mode 100644
index 000000000..2bd21499b
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice carol moon"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/description.txt b/testing/tests/ikev2/rw-eap-sim-id-radius/description.txt
new file mode 100644
index 000000000..887d3f467
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/description.txt
@@ -0,0 +1,13 @@
+The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
+At the outset the gateway authenticates itself to the client by sending
+an IKEv2 <b>RSA signature</b> accompanied by a certificate.
+<b>carol</b> then uses the <i>Extensible Authentication Protocol</i>
+in association with a <i>GSM Subscriber Identity Module</i>
+(<b>EAP-SIM</b>) to authenticate against the gateway <b>moon</b>.
+In this scenario triplets from the file <b>/etc/ipsec.d/triplets.dat</b>
+are used instead of a physical SIM card on the client <b>carol</b> and
+the gateway forwards all EAP messages to the RADIUS server <b>alice</b>
+which also uses static triplets. In addition to her IKEv2 identity
+<b>carol@strongswan.org</b>, roadwarrior <b>carol</b> uses the EAP
+identity <b>232420100000015</b>.
+
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat
new file mode 100644
index 000000000..4e7cbcc4c
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat
@@ -0,0 +1,12 @@
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+moon::cat /var/log/daemon.log::using EAP identity .*232420100000015::YES
+carol::cat /var/log/daemon.log::EAP server requested EAP_SIM authentication::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+
+
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/clients.conf
new file mode 100644
index 000000000..f4e179aa4
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/clients.conf
@@ -0,0 +1,4 @@
+client PH_IP_MOON1 {
+ secret = gv6URkSs
+ shortname = moon
+}
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/eap.conf
new file mode 100644
index 000000000..a2020424e
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/eap.conf
@@ -0,0 +1,5 @@
+eap {
+ default_eap_type = sim
+ sim {
+ }
+}
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/proxy.conf
new file mode 100644
index 000000000..783587b55
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/proxy.conf
@@ -0,0 +1,5 @@
+realm LOCAL {
+ type = radius
+ authhost = LOCAL
+ accthost = LOCAL
+}
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/radiusd.conf
new file mode 100644
index 000000000..d77b818fe
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/radiusd.conf
@@ -0,0 +1,123 @@
+# radiusd.conf -- FreeRADIUS server configuration file.
+
+prefix = /usr
+exec_prefix = ${prefix}
+sysconfdir = /etc
+localstatedir = /var
+sbindir = ${exec_prefix}/sbin
+logdir = ${localstatedir}/log/radius
+raddbdir = ${sysconfdir}/raddb
+radacctdir = ${logdir}/radacct
+
+# name of the running server. See also the "-n" command-line option.
+name = radiusd
+
+# Location of config and logfiles.
+confdir = ${raddbdir}
+run_dir = ${localstatedir}/run/radiusd
+
+# Should likely be ${localstatedir}/lib/radiusd
+db_dir = ${raddbdir}
+
+# libdir: Where to find the rlm_* modules.
+libdir = ${exec_prefix}/lib
+
+# pidfile: Where to place the PID of the RADIUS server.
+pidfile = ${run_dir}/${name}.pid
+
+# max_request_time: The maximum time (in seconds) to handle a request.
+max_request_time = 30
+
+# cleanup_delay: The time to wait (in seconds) before cleaning up
+cleanup_delay = 5
+
+# max_requests: The maximum number of requests which the server keeps
+max_requests = 1024
+
+# listen: Make the server listen on a particular IP address, and send
+listen {
+ type = auth
+ ipaddr = PH_IP_ALICE
+ port = 0
+}
+
+# This second "listen" section is for listening on the accounting
+# port, too.
+#
+listen {
+ type = acct
+ ipaddr = PH_IP_ALICE
+ port = 0
+}
+
+# hostname_lookups: Log the names of clients or just their IP addresses
+hostname_lookups = no
+
+# Core dumps are a bad thing. This should only be set to 'yes'
+allow_core_dumps = no
+
+# Regular expressions
+regular_expressions = yes
+extended_expressions = yes
+
+# Logging section. The various "log_*" configuration items
+log {
+ destination = files
+ file = ${logdir}/radius.log
+ syslog_facility = daemon
+ stripped_names = no
+ auth = yes
+ auth_badpass = yes
+ auth_goodpass = yes
+}
+
+# The program to execute to do concurrency checks.
+checkrad = ${sbindir}/checkrad
+
+# Security considerations
+security {
+ max_attributes = 200
+ reject_delay = 1
+ status_server = yes
+}
+
+# PROXY CONFIGURATION
+proxy_requests = yes
+$INCLUDE proxy.conf
+
+# CLIENTS CONFIGURATION
+$INCLUDE clients.conf
+
+# THREAD POOL CONFIGURATION
+thread pool {
+ start_servers = 5
+ max_servers = 32
+ min_spare_servers = 3
+ max_spare_servers = 10
+ max_requests_per_server = 0
+}
+
+# MODULE CONFIGURATION
+modules {
+ $INCLUDE ${confdir}/modules/
+ $INCLUDE eap.conf
+ $INCLUDE sql.conf
+ $INCLUDE sql/mysql/counter.conf
+ sim_files {
+ simtriplets = "/etc/raddb/triplets.dat"
+ }
+}
+
+# Instantiation
+instantiate {
+ exec
+ expr
+ expiration
+ logintime
+}
+
+# Policies
+$INCLUDE policy.conf
+
+# Include all enabled virtual hosts
+$INCLUDE sites-enabled/
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/sites-available/default
new file mode 100644
index 000000000..dfceb037d
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/sites-available/default
@@ -0,0 +1,62 @@
+authorize {
+ preprocess
+ chap
+ mschap
+ sim_files
+ suffix
+ eap {
+ ok = return
+ }
+ unix
+ files
+ expiration
+ logintime
+ pap
+}
+
+authenticate {
+ Auth-Type PAP {
+ pap
+ }
+ Auth-Type CHAP {
+ chap
+ }
+ Auth-Type MS-CHAP {
+ mschap
+ }
+ unix
+ eap
+}
+
+preacct {
+ preprocess
+ acct_unique
+ suffix
+ files
+}
+
+accounting {
+ detail
+ unix
+ radutmp
+ attr_filter.accounting_response
+}
+
+session {
+ radutmp
+}
+
+post-auth {
+ exec
+ Post-Auth-Type REJECT {
+ attr_filter.access_reject
+ }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+ eap
+}
+
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/triplets.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/triplets.dat
new file mode 100644
index 000000000..2a750029f
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/triplets.dat
@@ -0,0 +1,3 @@
+232420100000015,30000000000000000000000000000000,30112233,305566778899AABB
+232420100000015,31000000000000000000000000000000,31112233,315566778899AABB
+232420100000015,32000000000000000000000000000000,32112233,325566778899AABB
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/users
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/users
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..404589348
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ authby=eap
+
+conn home
+ left=PH_IP_CAROL
+ leftnexthop=%direct
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ eap_identity=232420100000015
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.d/triplets.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.d/triplets.dat
new file mode 100644
index 000000000..2a750029f
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.d/triplets.dat
@@ -0,0 +1,3 @@
+232420100000015,30000000000000000000000000000000,30112233,305566778899AABB
+232420100000015,31000000000000000000000000000000,31112233,315566778899AABB
+232420100000015,32000000000000000000000000000000,32112233,325566778899AABB
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..ddd495699
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..cc451fc8d
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapsim eapsim-file eapidentity updown
+}
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..56587b2e8
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,84 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MobIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow RADIUS protocol with alice
+ iptables -A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..08b920afd
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn rw-eap
+ authby=rsasig
+ eap=radius
+ eap_identity=%identity
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftid=@moon.strongswan.org
+ leftcert=moonCert.pem
+ leftfirewall=yes
+ rightid=*@strongswan.org
+ rightsendcert=never
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..e86d6aa5c
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..10414b29a
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapradius eapidentity updown
+ plugins {
+ eap_radius {
+ secret = gv6URkSs
+ server = PH_IP_ALICE
+ }
+ }
+}
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat
new file mode 100644
index 000000000..920d6a20d
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat
@@ -0,0 +1,5 @@
+moon::ipsec stop
+carol::ipsec stop
+alice::/etc/init.d/radiusd stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat
new file mode 100644
index 000000000..0a9f41856
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+alice::cat /etc/raddb/clients.conf
+alice::cat /etc/raddb/eap.conf
+alice::cat /etc/raddb/proxy.conf
+alice::cat /etc/raddb/triplets.dat
+alice::/etc/init.d/radiusd start
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1
+carol::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/test.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/test.conf
new file mode 100644
index 000000000..2bd21499b
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice carol moon"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/description.txt b/testing/tests/ikev2/rw-eap-sim-radius/description.txt
new file mode 100644
index 000000000..6c3c71987
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/description.txt
@@ -0,0 +1,14 @@
+The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
+At the outset the gateway authenticates itself to the client by sending
+an IKEv2 <b>RSA signature</b> accompanied by a certificate.
+<b>carol</b> then uses the <i>Extensible Authentication Protocol</i>
+in association with a <i>GSM Subscriber Identity Module</i>
+(<b>EAP-SIM</b>) to authenticate against the gateway <b>moon</b>.
+In this scenario, triplets from the file <b>/etc/ipsec.d/triplets.dat</b>
+are used instead of a physical SIM card on the client <b>carol</b>.
+The gateway forwards all EAP messages to the RADIUS server <b>alice</b>
+which also uses a static triplets file.
+<p>
+The roadwarrior <b>dave</b> sends wrong EAP-SIM triplets. As a consequence
+the radius server <b>alice</b> returns an <b>Access-Reject</b> message
+and the gateway <b>moon</b> sends back an <b>EAP_FAILURE</b>.
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat
new file mode 100644
index 000000000..cd4b43cca
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat
@@ -0,0 +1,15 @@
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+carol::cat /var/log/daemon.log::EAP server requested EAP_SIM authentication::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::cat /var/log/daemon.log::received Access-Reject from RADIUS server::YES
+moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP failed::YES
+moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO
+dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
+dave::ipsec statusall::home.*ESTABLISHED::NO
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/clients.conf
new file mode 100644
index 000000000..f4e179aa4
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/clients.conf
@@ -0,0 +1,4 @@
+client PH_IP_MOON1 {
+ secret = gv6URkSs
+ shortname = moon
+}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/eap.conf
new file mode 100644
index 000000000..a2020424e
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/eap.conf
@@ -0,0 +1,5 @@
+eap {
+ default_eap_type = sim
+ sim {
+ }
+}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/proxy.conf
new file mode 100644
index 000000000..23cba8d11
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/proxy.conf
@@ -0,0 +1,5 @@
+realm strongswan.org {
+ type = radius
+ authhost = LOCAL
+ accthost = LOCAL
+}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/radiusd.conf
new file mode 100644
index 000000000..d77b818fe
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/radiusd.conf
@@ -0,0 +1,123 @@
+# radiusd.conf -- FreeRADIUS server configuration file.
+
+prefix = /usr
+exec_prefix = ${prefix}
+sysconfdir = /etc
+localstatedir = /var
+sbindir = ${exec_prefix}/sbin
+logdir = ${localstatedir}/log/radius
+raddbdir = ${sysconfdir}/raddb
+radacctdir = ${logdir}/radacct
+
+# name of the running server. See also the "-n" command-line option.
+name = radiusd
+
+# Location of config and logfiles.
+confdir = ${raddbdir}
+run_dir = ${localstatedir}/run/radiusd
+
+# Should likely be ${localstatedir}/lib/radiusd
+db_dir = ${raddbdir}
+
+# libdir: Where to find the rlm_* modules.
+libdir = ${exec_prefix}/lib
+
+# pidfile: Where to place the PID of the RADIUS server.
+pidfile = ${run_dir}/${name}.pid
+
+# max_request_time: The maximum time (in seconds) to handle a request.
+max_request_time = 30
+
+# cleanup_delay: The time to wait (in seconds) before cleaning up
+cleanup_delay = 5
+
+# max_requests: The maximum number of requests which the server keeps
+max_requests = 1024
+
+# listen: Make the server listen on a particular IP address, and send
+listen {
+ type = auth
+ ipaddr = PH_IP_ALICE
+ port = 0
+}
+
+# This second "listen" section is for listening on the accounting
+# port, too.
+#
+listen {
+ type = acct
+ ipaddr = PH_IP_ALICE
+ port = 0
+}
+
+# hostname_lookups: Log the names of clients or just their IP addresses
+hostname_lookups = no
+
+# Core dumps are a bad thing. This should only be set to 'yes'
+allow_core_dumps = no
+
+# Regular expressions
+regular_expressions = yes
+extended_expressions = yes
+
+# Logging section. The various "log_*" configuration items
+log {
+ destination = files
+ file = ${logdir}/radius.log
+ syslog_facility = daemon
+ stripped_names = no
+ auth = yes
+ auth_badpass = yes
+ auth_goodpass = yes
+}
+
+# The program to execute to do concurrency checks.
+checkrad = ${sbindir}/checkrad
+
+# Security considerations
+security {
+ max_attributes = 200
+ reject_delay = 1
+ status_server = yes
+}
+
+# PROXY CONFIGURATION
+proxy_requests = yes
+$INCLUDE proxy.conf
+
+# CLIENTS CONFIGURATION
+$INCLUDE clients.conf
+
+# THREAD POOL CONFIGURATION
+thread pool {
+ start_servers = 5
+ max_servers = 32
+ min_spare_servers = 3
+ max_spare_servers = 10
+ max_requests_per_server = 0
+}
+
+# MODULE CONFIGURATION
+modules {
+ $INCLUDE ${confdir}/modules/
+ $INCLUDE eap.conf
+ $INCLUDE sql.conf
+ $INCLUDE sql/mysql/counter.conf
+ sim_files {
+ simtriplets = "/etc/raddb/triplets.dat"
+ }
+}
+
+# Instantiation
+instantiate {
+ exec
+ expr
+ expiration
+ logintime
+}
+
+# Policies
+$INCLUDE policy.conf
+
+# Include all enabled virtual hosts
+$INCLUDE sites-enabled/
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/sites-available/default
new file mode 100644
index 000000000..dfceb037d
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/sites-available/default
@@ -0,0 +1,62 @@
+authorize {
+ preprocess
+ chap
+ mschap
+ sim_files
+ suffix
+ eap {
+ ok = return
+ }
+ unix
+ files
+ expiration
+ logintime
+ pap
+}
+
+authenticate {
+ Auth-Type PAP {
+ pap
+ }
+ Auth-Type CHAP {
+ chap
+ }
+ Auth-Type MS-CHAP {
+ mschap
+ }
+ unix
+ eap
+}
+
+preacct {
+ preprocess
+ acct_unique
+ suffix
+ files
+}
+
+accounting {
+ detail
+ unix
+ radutmp
+ attr_filter.accounting_response
+}
+
+session {
+ radutmp
+}
+
+post-auth {
+ exec
+ Post-Auth-Type REJECT {
+ attr_filter.access_reject
+ }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+ eap
+}
+
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/triplets.dat b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/triplets.dat
new file mode 100644
index 000000000..fd0eb19b9
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/triplets.dat
@@ -0,0 +1,7 @@
+carol@strongswan.org,30000000000000000000000000000000,30112233,305566778899AABB
+carol@strongswan.org,31000000000000000000000000000000,31112233,315566778899AABB
+carol@strongswan.org,32000000000000000000000000000000,32112233,325566778899AABB
+dave@strongswan.org,33000000000000000000000000000000,33112233,335566778899AABB
+dave@strongswan.org,34000000000000000000000000000000,34112233,345566778899AABB
+dave@strongswan.org,35000000000000000000000000000000,35112233,355566778899AABB
+
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/users
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/users
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..4f0d40b3e
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ authby=eap
+
+conn home
+ left=PH_IP_CAROL
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.d/triplets.dat b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.d/triplets.dat
new file mode 100644
index 000000000..83906807f
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.d/triplets.dat
@@ -0,0 +1,3 @@
+carol@strongswan.org,30000000000000000000000000000000,30112233,305566778899AABB
+carol@strongswan.org,31000000000000000000000000000000,31112233,315566778899AABB
+carol@strongswan.org,32000000000000000000000000000000,32112233,325566778899AABB
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..ddd495699
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..e2388268c
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapsim eapsim-file updown
+}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..511eb6172
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ authby=eap
+
+conn home
+ left=PH_IP_DAVE
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.d/triplets.dat b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.d/triplets.dat
new file mode 100644
index 000000000..a02a42c0d
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.d/triplets.dat
@@ -0,0 +1,3 @@
+dave@strongswan.org,33000000000000000000000000000000,33112244,335566778899AABB
+dave@strongswan.org,34000000000000000000000000000000,34112244,345566778899AABB
+dave@strongswan.org,35000000000000000000000000000000,35112244,355566778899AABB
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..ddd495699
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..e2388268c
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapsim eapsim-file updown
+}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..56587b2e8
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,84 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow MobIKE
+ iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow RADIUS protocol with alice
+ iptables -A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
+ iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..825994278
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ strictcrlpolicy=no
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn rw-eap
+ authby=rsasig
+ eap=radius
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftid=@moon.strongswan.org
+ leftcert=moonCert.pem
+ leftfirewall=yes
+ rightid=*@strongswan.org
+ rightsendcert=never
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..e86d6aa5c
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..cae56a7f6
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapradius updown
+ plugins {
+ eap_radius {
+ secret = gv6URkSs
+ server = PH_IP_ALICE
+ }
+ }
+}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/posttest.dat b/testing/tests/ikev2/rw-eap-sim-radius/posttest.dat
new file mode 100644
index 000000000..dbe56013a
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/posttest.dat
@@ -0,0 +1,7 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+alice::/etc/init.d/radiusd stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat
new file mode 100644
index 000000000..b3fd4cbf1
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat
@@ -0,0 +1,15 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+alice::cat /etc/raddb/clients.conf
+alice::cat /etc/raddb/eap.conf
+alice::cat /etc/raddb/proxy.conf
+alice::cat /etc/raddb/triplets.dat
+alice::/etc/init.d/radiusd start
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
+dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/test.conf b/testing/tests/ikev2/rw-eap-sim-radius/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-radius/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"