Imported Upstream version 5.5.0

5 files changed, 53 insertions, 7 deletions

diff --git a/conf/Makefile.in b/conf/Makefile.in
index 8bfc298a9..6804d91e0 100644
--- a/conf/Makefile.in
+++ b/conf/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
 @SET_MAKE@
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -79,9 +89,6 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 subdir = conf
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(srcdir)/strongswan.conf.5.head.in \
-	$(srcdir)/strongswan.conf.5.tail.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 	$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -95,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 	$(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES = strongswan.conf.5.head strongswan.conf.5.tail
@@ -154,12 +162,16 @@ MANS = $(man_MANS)
 DATA = $(optionstemplate_DATA) $(pluginstemplate_DATA) \
 	$(templates_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in \
+	$(srcdir)/strongswan.conf.5.head.in \
+	$(srcdir)/strongswan.conf.5.tail.in
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 ALLOCA = @ALLOCA@
 AMTAR = @AMTAR@
 AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
 AR = @AR@
+ATOMICLIB = @ATOMICLIB@
 AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
@@ -209,6 +221,7 @@ LIBTOOL = @LIBTOOL@
 LIPO = @LIPO@
 LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -243,6 +256,7 @@ PTHREADLIB = @PTHREADLIB@
 PYTHON = @PYTHON@
 PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
 PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
 PYTHON_PLATFORM = @PYTHON_PLATFORM@
 PYTHON_PREFIX = @PYTHON_PREFIX@
 PYTHON_VERSION = @PYTHON_VERSION@
@@ -354,6 +368,7 @@ random_device = @random_device@
 resolv_conf = @resolv_conf@
 routing_table = @routing_table@
 routing_table_prio = @routing_table_prio@
+runstatedir = @runstatedir@
 s_plugins = @s_plugins@
 sbindir = @sbindir@
 scepclient_plugins = @scepclient_plugins@
@@ -516,7 +531,6 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu conf/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu conf/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
@@ -819,6 +833,8 @@ uninstall-man: uninstall-man5
 	uninstall-optionstemplateDATA uninstall-pluginstemplateDATA \
 	uninstall-templatesDATA
 
+.PRECIOUS: Makefile
+
 
 .opt.conf:
 	$(AM_V_GEN) \
diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index 5ca61a8e8..78411250e 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -157,6 +157,11 @@ charon {
     # will be allocated.
     # port_nat_t = 4500
 
+    # Prefer locally configured proposals for IKE/IPsec over supplied ones as
+    # responder (disabling this can avoid keying retries due to
+    # INVALID_KE_PAYLOAD notifies).
+    # prefer_configured_proposals = yes
+
     # By default public IPv6 addresses are preferred over temporary ones (RFC
     # 4941), to make connections more stable. Enable this option to reverse
     # this.
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 86279ec83..3970012d2 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -253,6 +253,11 @@ charon.port_nat_t = 4500
 	allocated.  Has to be different from **charon.port**, otherwise a random
 	port will be allocated.
 
+charon.prefer_configured_proposals = yes
+	Prefer locally configured proposals for	IKE/IPsec over supplied ones as
+	responder (disabling this can avoid keying retries due to INVALID_KE_PAYLOAD
+	notifies).
+
 charon.prefer_temporary_addrs = no
 	By default public IPv6 addresses are preferred over temporary ones (RFC
 	4941), to make connections more stable. Enable this option to reverse this.
diff --git a/conf/plugins/imc-attestation.opt b/conf/plugins/imc-attestation.opt
index 7a40bc962..925ac4eaf 100644
--- a/conf/plugins/imc-attestation.opt
+++ b/conf/plugins/imc-attestation.opt
@@ -7,6 +7,9 @@ libimcv.plugins.imc-attestation.aik_cert =
 libimcv.plugins.imc-attestation.aik_pubkey =
 	AIK public key file.
 
+libimcv.plugins.imc-attestation.aik_handle =
+	AIK object handle.
+
 libimcv.plugins.imc-attestation.mandatory_dh_groups = yes
 	Enforce mandatory Diffie-Hellman groups.
 
@@ -16,6 +19,9 @@ libimcv.plugins.imc-attestation.nonce_len = 20
 libimcv.plugins.imc-attestation.use_quote2 = yes
 	Use Quote2 AIK signature instead of Quote signature.
 
+libimcv.plugins.imc-attestation.use_version_info = no
+	Version Info is included in Quote2 signature.
+
 libimcv.plugins.imc-attestation.pcr_info = no
 	Whether to send pcr_before and pcr_after info.
 
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
index e6a502952..3d03f2058 100644
--- a/conf/strongswan.conf.5.main
+++ b/conf/strongswan.conf.5.main
@@ -1537,6 +1537,12 @@ otherwise a random port
 will be allocated.
 
 .TP
+.BR charon.prefer_configured_proposals " [yes]"
+Prefer locally configured proposals for IKE/IPsec over supplied ones as
+responder (disabling this can avoid keying retries due to INVALID_KE_PAYLOAD
+notifies).
+
+.TP
 .BR charon.prefer_temporary_addrs " [no]"
 By default public IPv6 addresses are preferred over temporary ones (RFC 4941),
 to make connections more stable. Enable this option to reverse this.
@@ -1780,6 +1786,10 @@ AIK encrypted private key blob file.
 AIK certificate file.
 
 .TP
+.BR libimcv.plugins.imc-attestation.aik_handle " []"
+AIK object handle.
+
+.TP
 .BR libimcv.plugins.imc-attestation.aik_pubkey " []"
 AIK public key file.
 
@@ -1824,6 +1834,10 @@ Whether to send pcr_before and pcr_after info.
 Use Quote2 AIK signature instead of Quote signature.
 
 .TP
+.BR libimcv.plugins.imc-attestation.use_version_info " [no]"
+Version Info is included in Quote2 signature.
+
+.TP
 .BR libimcv.plugins.imc-hcd.push_info " [yes]"
 Send quadruple info without being prompted.