Import upstream version 5.1.3

6 files changed, 21 insertions, 1 deletions

diff --git a/conf/plugins/eap-radius.conf b/conf/plugins/eap-radius.conf
index 53023b81e..64db67456 100644
--- a/conf/plugins/eap-radius.conf
+++ b/conf/plugins/eap-radius.conf
@@ -3,6 +3,10 @@ eap-radius {
     # Send RADIUS accounting information to RADIUS servers.
     # accounting = no
 
+    # Close the IKE_SA if there is a timeout during interim RADIUS accounting
+    # updates.
+    # accounting_close_on_timeout = yes
+
     # If enabled, accounting is disabled unless an IKE_SA has at least one
     # virtual IP.
     # accounting_requires_vip = no
diff --git a/conf/plugins/eap-radius.opt b/conf/plugins/eap-radius.opt
index 0edd3458c..0df6a0d6f 100644
--- a/conf/plugins/eap-radius.opt
+++ b/conf/plugins/eap-radius.opt
@@ -1,6 +1,10 @@
 charon.plugins.eap-radius.accounting = no
 	Send RADIUS accounting information to RADIUS servers.
 
+charon.plugins.eap-radius.accounting_close_on_timeout = yes
+	Close the IKE_SA if there is a timeout during interim RADIUS accounting
+	updates.
+
 charon.plugins.eap-radius.accounting_requires_vip = no
 	If enabled, accounting is disabled unless an IKE_SA has at least one
 	virtual IP.
diff --git a/conf/plugins/imc-attestation.conf b/conf/plugins/imc-attestation.conf
index ffb1b45a3..2d8deaa8e 100644
--- a/conf/plugins/imc-attestation.conf
+++ b/conf/plugins/imc-attestation.conf
@@ -13,6 +13,9 @@ imc-attestation {
     # priority of this plugin.
     load = yes
 
+    # Enforce mandatory Diffie-Hellman groups.
+    # mandatory_dh_groups = yes
+
     # DH nonce length.
     # nonce_len = 20
 
diff --git a/conf/plugins/imc-attestation.opt b/conf/plugins/imc-attestation.opt
index 9c108053b..aaac4c2c1 100644
--- a/conf/plugins/imc-attestation.opt
+++ b/conf/plugins/imc-attestation.opt
@@ -7,6 +7,9 @@ charon.plugins.imc-attestation.aik_cert =
 charon.plugins.imc-attestation.aik_key =
 	AIK public key file.
 
+charon.plugins.imc-attestation.mandatory_dh_groups = yes
+	Enforce mandatory Diffie-Hellman groups.
+
 charon.plugins.imc-attestation.nonce_len = 20
 	DH nonce length.
 
@@ -14,4 +17,4 @@ charon.plugins.imc-attestation.use_quote2 = yes
 	Use Quote2 AIK signature instead of Quote signature.
 
 charon.plugins.imc-attestation.pcr_info = yes
-	Whether to send pcr_before and pcr_after info.
\ No newline at end of file
+	Whether to send pcr_before and pcr_after info.
diff --git a/conf/plugins/imv-attestation.conf b/conf/plugins/imv-attestation.conf
index 48ffba839..3a1a7f225 100644
--- a/conf/plugins/imv-attestation.conf
+++ b/conf/plugins/imv-attestation.conf
@@ -35,6 +35,9 @@ imv-attestation {
     # priority of this plugin.
     load = yes
 
+    # Enforce mandatory Diffie-Hellman groups.
+    # mandatory_dh_groups = yes
+
     # DH minimum nonce length.
     # min_nonce_len = 0
 
diff --git a/conf/plugins/imv-attestation.opt b/conf/plugins/imv-attestation.opt
index c0ae20488..f266281e6 100644
--- a/conf/plugins/imv-attestation.opt
+++ b/conf/plugins/imv-attestation.opt
@@ -1,6 +1,9 @@
 charon.plugins.imv-attestation.cadir =
 	Path to directory with AIK cacerts.
 
+charon.plugins.imv-attestation.mandatory_dh_groups = yes
+	Enforce mandatory Diffie-Hellman groups.
+
 charon.plugins.imv-attestation.dh_group = ecp256
 	Preferred Diffie-Hellman group.