summaryrefslogtreecommitdiff
path: root/conf
diff options
context:
space:
mode:
Diffstat (limited to 'conf')
-rw-r--r--conf/Makefile.am2
-rw-r--r--conf/Makefile.in13
-rw-r--r--conf/options/charon-logging.conf11
-rw-r--r--conf/options/charon-logging.opt23
-rw-r--r--conf/options/charon.conf2
-rw-r--r--conf/options/charon.opt2
-rw-r--r--conf/plugins/dhcp.conf4
-rw-r--r--conf/plugins/dhcp.opt15
-rw-r--r--conf/plugins/eap-radius.conf4
-rw-r--r--conf/plugins/eap-radius.opt4
-rw-r--r--conf/plugins/imc-swid.conf8
-rw-r--r--conf/plugins/imc-swid.opt8
-rw-r--r--conf/plugins/imc-swima.opt3
-rw-r--r--conf/plugins/imv-swid.conf8
-rw-r--r--conf/plugins/imv-swid.opt5
-rw-r--r--conf/plugins/tpm.conf14
-rw-r--r--conf/plugins/tpm.opt10
-rw-r--r--conf/strongswan.conf.5.head.in70
-rw-r--r--conf/strongswan.conf.5.main95
-rw-r--r--conf/strongswan.conf.5.tail.in16
20 files changed, 227 insertions, 90 deletions
diff --git a/conf/Makefile.am b/conf/Makefile.am
index eb662c2e0..d7917664b 100644
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@@ -61,13 +61,11 @@ plugins = \
plugins/imc-hcd.opt \
plugins/imc-os.opt \
plugins/imc-scanner.opt \
- plugins/imc-swid.opt \
plugins/imc-swima.opt \
plugins/imc-test.opt \
plugins/imv-attestation.opt \
plugins/imv-os.opt \
plugins/imv-scanner.opt \
- plugins/imv-swid.opt \
plugins/imv-swima.opt \
plugins/imv-test.opt \
plugins/ipseckey.opt \
diff --git a/conf/Makefile.in b/conf/Makefile.in
index e83d3b98f..ae4640068 100644
--- a/conf/Makefile.in
+++ b/conf/Makefile.in
@@ -265,7 +265,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -291,6 +290,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -311,8 +312,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -367,8 +366,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -397,8 +394,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -467,13 +468,11 @@ plugins = \
plugins/imc-hcd.opt \
plugins/imc-os.opt \
plugins/imc-scanner.opt \
- plugins/imc-swid.opt \
plugins/imc-swima.opt \
plugins/imc-test.opt \
plugins/imv-attestation.opt \
plugins/imv-os.opt \
plugins/imv-scanner.opt \
- plugins/imv-swid.opt \
plugins/imv-swima.opt \
plugins/imv-test.opt \
plugins/ipseckey.opt \
diff --git a/conf/options/charon-logging.conf b/conf/options/charon-logging.conf
index 454405985..ed3c027dc 100644
--- a/conf/options/charon-logging.conf
+++ b/conf/options/charon-logging.conf
@@ -4,8 +4,10 @@ charon {
# strongswan.conf(5).
filelog {
- # <filename> is the full path to the log file.
- # <filename> {
+ # <name> may be the full path to the log file if it only contains
+ # characters permitted in section names. Is ignored if path is
+ # specified.
+ # <name> {
# Loglevel for a specific subsystem.
# <subsystem> = <default>
@@ -25,6 +27,11 @@ charon {
# numerical identifier for each IKE_SA.
# ike_name = no
+ # Optional path to the log file. Overrides the section name. Must be
+ # used if the path contains characters that aren't allowed in
+ # section names.
+ # path =
+
# Adds the milliseconds within the current second after the
# timestamp (separated by a dot, so time_format should end with %S
# or %T).
diff --git a/conf/options/charon-logging.opt b/conf/options/charon-logging.opt
index 2bbb5dce4..e850c4487 100644
--- a/conf/options/charon-logging.opt
+++ b/conf/options/charon-logging.opt
@@ -2,33 +2,38 @@ charon.filelog {}
Section to define file loggers, see LOGGER CONFIGURATION in
**strongswan.conf**(5).
-charon.filelog.<filename> { # }
- <filename> is the full path to the log file.
+charon.filelog.<name> { # }
+ <name> may be the full path to the log file if it only contains
+ characters permitted in section names. Is ignored if _path_ is specified.
-charon.filelog.<filename>.default = 1
+charon.filelog.<name>.path =
+ Optional path to the log file. Overrides the section name. Must be used
+ if the path contains characters that aren't allowed in section names.
+
+charon.filelog.<name>.default = 1
Default loglevel.
Specifies the default loglevel to be used for subsystems for which no
specific loglevel is defined.
-charon.filelog.<filename>.<subsystem> = <default>
+charon.filelog.<name>.<subsystem> = <default>
Loglevel for a specific subsystem.
-charon.filelog.<filename>.append = yes
+charon.filelog.<name>.append = yes
If this option is enabled log entries are appended to the existing file.
-charon.filelog.<filename>.flush_line = no
+charon.filelog.<name>.flush_line = no
Enabling this option disables block buffering and enables line buffering.
-charon.filelog.<filename>.ike_name = no
+charon.filelog.<name>.ike_name = no
Prefix each log entry with the connection name and a unique numerical
identifier for each IKE_SA.
-charon.filelog.<filename>.time_format
+charon.filelog.<name>.time_format
Prefix each log entry with a timestamp. The option accepts a format string
as passed to **strftime**(3).
-charon.filelog.<filename>.time_add_ms = no
+charon.filelog.<name>.time_add_ms = no
Adds the milliseconds within the current second after the timestamp
(separated by a dot, so _time_format_ should end with %S or %T).
diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index 93dff172d..857ddde9b 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -274,7 +274,7 @@ charon {
# Buffer size used for crypto benchmark.
# bench_size = 1024
- # Number of iterations to test each algorithm.
+ # Time in ms during which crypto algorithm performance is measured.
# bench_time = 50
# Test crypto algorithms during registration (requires test vectors
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index fcde5f0b5..8fb64bc25 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -52,7 +52,7 @@ charon.crypto_test.bench_size = 1024
Buffer size used for crypto benchmark.
charon.crypto_test.bench_time = 50
- Number of iterations to test each algorithm.
+ Time in ms during which crypto algorithm performance is measured.
charon.crypto_test.on_add = no
Test crypto algorithms during registration (requires test vectors provided
diff --git a/conf/plugins/dhcp.conf b/conf/plugins/dhcp.conf
index 88bbe36e3..c880cfa59 100644
--- a/conf/plugins/dhcp.conf
+++ b/conf/plugins/dhcp.conf
@@ -17,5 +17,9 @@ dhcp {
# DHCP server unicast or broadcast IP address.
# server = 255.255.255.255
+ # Use the DHCP server port (67) as source port when a unicast server address
+ # is configured.
+ # use_server_port = no
+
}
diff --git a/conf/plugins/dhcp.opt b/conf/plugins/dhcp.opt
index 6b337bc34..7c6d31c87 100644
--- a/conf/plugins/dhcp.opt
+++ b/conf/plugins/dhcp.opt
@@ -15,6 +15,21 @@ charon.plugins.dhcp.identity_lease = no
charon.plugins.dhcp.server = 255.255.255.255
DHCP server unicast or broadcast IP address.
+charon.plugins.dhcp.use_server_port = no
+ Use the DHCP server port (67) as source port when a unicast server address
+ is configured.
+
+ Use the DHCP server port (67) as source port, instead of the DHCP client
+ port (68), when a unicast server address is configured and the plugin acts
+ as relay agent. When replying in this mode the DHCP server will always send
+ packets to the DHCP server port and if no process binds that port an ICMP
+ port unreachables will be sent back, which might be problematic for some
+ DHCP servers. To avoid that, enabling this option will cause the plugin to
+ bind the DHCP server port to send its requests when acting as relay agent.
+ This is not necessary if a DHCP server is already running on the same host
+ and might even cause conflicts (and since the server port is already bound,
+ ICMPs should not be an issue).
+
charon.plugins.dhcp.interface
Interface name the plugin uses for address allocation.
diff --git a/conf/plugins/eap-radius.conf b/conf/plugins/eap-radius.conf
index 5a486114e..24f2eaacd 100644
--- a/conf/plugins/eap-radius.conf
+++ b/conf/plugins/eap-radius.conf
@@ -66,6 +66,10 @@ eap-radius {
# Number of sockets (ports) to use, increase for high load.
# sockets = 1
+ # Whether to include the UDP port in the Called- and Calling-Station-Id
+ # RADIUS attributes.
+ # station_id_with_port = yes
+
dae {
# Enables support for the Dynamic Authorization Extension (RFC 5176).
diff --git a/conf/plugins/eap-radius.opt b/conf/plugins/eap-radius.opt
index f18a74c49..192996c73 100644
--- a/conf/plugins/eap-radius.opt
+++ b/conf/plugins/eap-radius.opt
@@ -108,6 +108,10 @@ charon.plugins.eap-radius.servers {}
charon.plugins.eap-radius.sockets = 1
Number of sockets (ports) to use, increase for high load.
+charon.plugins.eap-radius.station_id_with_port = yes
+ Whether to include the UDP port in the Called- and Calling-Station-Id
+ RADIUS attributes.
+
charon.plugins.eap-radius.xauth {}
Section to configure multiple XAuth authentication rounds via RADIUS.
diff --git a/conf/plugins/imc-swid.conf b/conf/plugins/imc-swid.conf
deleted file mode 100644
index 4893703ad..000000000
--- a/conf/plugins/imc-swid.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-imc-swid {
-
- # Whether to load the plugin. Can also be an integer to increase the
- # priority of this plugin.
- load = yes
-
-}
-
diff --git a/conf/plugins/imc-swid.opt b/conf/plugins/imc-swid.opt
deleted file mode 100644
index e622aa683..000000000
--- a/conf/plugins/imc-swid.opt
+++ /dev/null
@@ -1,8 +0,0 @@
-libimcv.plugins.imc-swid.swid_directory = ${prefix}/share
- Directory where SWID tags are located.
-
-libimcv.plugins.imc-swid.swid_pretty = no
- Generate XML-encoded SWID tags with pretty indentation.
-
-libimcv.plugins.imc-swid.swid_full = no
- Include file information in the XML-encoded SWID tags.
diff --git a/conf/plugins/imc-swima.opt b/conf/plugins/imc-swima.opt
index 099a3c80f..daa4ecadd 100644
--- a/conf/plugins/imc-swima.opt
+++ b/conf/plugins/imc-swima.opt
@@ -19,3 +19,6 @@ libimcv.plugins.imc-swima.swid_pretty = no
libimcv.plugins.imc-swima.swid_full = no
Include file information in the XML-encoded SWID tags.
+
+libimcv.plugins.imc-swima.subscriptions = no
+ Accept SW Inventory or SW Events subscriptions.
diff --git a/conf/plugins/imv-swid.conf b/conf/plugins/imv-swid.conf
deleted file mode 100644
index bfd49bd1c..000000000
--- a/conf/plugins/imv-swid.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-imv-swid {
-
- # Whether to load the plugin. Can also be an integer to increase the
- # priority of this plugin.
- load = yes
-
-}
-
diff --git a/conf/plugins/imv-swid.opt b/conf/plugins/imv-swid.opt
deleted file mode 100644
index d451c78ce..000000000
--- a/conf/plugins/imv-swid.opt
+++ /dev/null
@@ -1,5 +0,0 @@
-libimcv.plugins.imv-swid.rest_api_uri =
- HTTP URI of the SWID REST API.
-
-libimcv.plugins.imv-swid.rest_api_timeout = 120
- Timeout of SWID REST API HTTP POST transaction.
diff --git a/conf/plugins/tpm.conf b/conf/plugins/tpm.conf
index 222bb7b0a..1be961e89 100644
--- a/conf/plugins/tpm.conf
+++ b/conf/plugins/tpm.conf
@@ -7,5 +7,19 @@ tpm {
# Whether the TPM should be used as RNG.
# use_rng = no
+ tcti {
+
+ # Name of TPM 2.0 TCTI library. Valid values: tabrmd, device or mssim.
+ # Defaults are device if the /dev/tpmrm0 in-kernel TPM 2.0 resource
+ # manager device exists, and tabrmd otherwise, requiring the d-bus based
+ # TPM 2.0 access broker and resource manager to be available.
+ # name = device|tabrmd
+
+ # Options for the TPM 2.0 TCTI library. Defaults are /dev/tpmrm0 if the
+ # TCTI library name is device and no options otherwise.
+ # opts = /dev/tpmrm0|<none>
+
+ }
+
}
diff --git a/conf/plugins/tpm.opt b/conf/plugins/tpm.opt
index cd666dde8..df7adb098 100644
--- a/conf/plugins/tpm.opt
+++ b/conf/plugins/tpm.opt
@@ -1,2 +1,12 @@
charon.plugins.tpm.use_rng = no
Whether the TPM should be used as RNG.
+
+charon.plugins.tpm.tcti.name = device|tabrmd
+ Name of TPM 2.0 TCTI library. Valid values: _tabrmd_, _device_ or _mssim_.
+ Defaults are _device_ if the _/dev/tpmrm0_ in-kernel TPM 2.0 resource manager
+ device exists, and _tabrmd_ otherwise, requiring the d-bus based TPM 2.0
+ access broker and resource manager to be available.
+
+charon.plugins.tpm.tcti.opts = /dev/tpmrm0|<none>
+ Options for the TPM 2.0 TCTI library. Defaults are _/dev/tpmrm0_ if the
+ TCTI library name is _device_ and no options otherwise.
diff --git a/conf/strongswan.conf.5.head.in b/conf/strongswan.conf.5.head.in
index 23454e758..9337c19e2 100644
--- a/conf/strongswan.conf.5.head.in
+++ b/conf/strongswan.conf.5.head.in
@@ -32,13 +32,12 @@ and key/value pairs:
.PP
Values must be terminated by a newline.
.PP
-Comments are possible using the \fB#\fP-character, but be careful: The parser
-implementation is currently limited and does not like brackets in comments.
+Comments are possible using the \fB#\fP-character.
.PP
Section names and keys may contain any printable character except:
.PP
.EX
- . { } # \\n \\t space
+ . , : { } = " # \\n \\t space
.EE
.PP
An example file in this format might look like this:
@@ -60,6 +59,71 @@ An example file in this format might look like this:
.PP
Indentation is optional, you may use tabs or spaces.
+
+.SH REFERENCING OTHER SECTIONS
+It is possible to inherit settings and sections from another section. This
+feature is mainly useful in swanctl.conf (which uses the same file format).
+The syntax is as follows:
+.PP
+.EX
+ section := name : references { settings }
+ references := absname[, absname]*
+ absname := name[.name]*
+.EE
+.PP
+All key/value pairs and all subsections of the referenced sections will be
+inherited by the section that references them via their absolute name. Values
+may be overridden in the section or any of its sub-sections (use an empty
+assignment to clear a value so its default value, if any, will apply). It is
+currently not possible to limit the inclusion level or clear/remove inherited
+sub-sections.
+
+If the order is important (e.g. for auth rounds in a connection, if \fIround\fR
+is not used), it should be noted that inherited settings/sections will follow
+those defined in the current section (if multiple sections are referenced, their
+settings are enumerated left to right).
+
+References are evaluated dynamically at runtime, so referring to sections later
+in the config file or included via other files is no problem.
+
+Here is an example of how this might look like:
+.PP
+.EX
+ conn-defaults {
+ # default settings for all conns (e.g. a cert, or IP pools)
+ }
+ eap-defaults {
+ # defaults if eap is used (e.g. a remote auth round)
+ }
+ child-defaults {
+ # defaults for child configs (e.g. traffic selectors)
+ }
+ connections {
+ conn-a : conn-defaults, eap-defaults {
+ # set/override stuff specific to this connection
+ children {
+ child-a : child-defaults {
+ # set/override stuff specific to this child
+ }
+ }
+ }
+ conn-b : conn-defaults {
+ # set/override stuff specific to this connection
+ children {
+ child-b : child-defaults {
+ # set/override stuff specific to this child
+ }
+ }
+ }
+ conn-c : connections.conn-a {
+ # everything is inherited, including everything conn-a
+ # already inherits from the sections it and its
+ # sub-section reference
+ }
+ }
+.EE
+.PP
+
.SH INCLUDING FILES
Using the
.B include
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
index f83211805..486ee5af9 100644
--- a/conf/strongswan.conf.5.main
+++ b/conf/strongswan.conf.5.main
@@ -85,7 +85,7 @@ Buffer size used for crypto benchmark.
.TP
.BR charon.crypto_test.bench_time " [50]"
-Number of iterations to test each algorithm.
+Time in ms during which crypto algorithm performance is measured.
.TP
.BR charon.crypto_test.on_add " [no]"
@@ -155,41 +155,49 @@ Section to define file loggers, see LOGGER CONFIGURATION in
.TP
-.B charon.filelog.<filename>
+.B charon.filelog.<name>
.br
-<filename> is the full path to the log file.
+<name> may be the full path to the log file if it only contains characters
+permitted in section names. Is ignored if
+.RI "" "path" ""
+is specified.
.TP
-.BR charon.filelog.<filename>.<subsystem> " [<default>]"
+.BR charon.filelog.<name>.<subsystem> " [<default>]"
Loglevel for a specific subsystem.
.TP
-.BR charon.filelog.<filename>.append " [yes]"
+.BR charon.filelog.<name>.append " [yes]"
If this option is enabled log entries are appended to the existing file.
.TP
-.BR charon.filelog.<filename>.default " [1]"
+.BR charon.filelog.<name>.default " [1]"
Specifies the default loglevel to be used for subsystems for which no specific
loglevel is defined.
.TP
-.BR charon.filelog.<filename>.flush_line " [no]"
+.BR charon.filelog.<name>.flush_line " [no]"
Enabling this option disables block buffering and enables line buffering.
.TP
-.BR charon.filelog.<filename>.ike_name " [no]"
+.BR charon.filelog.<name>.ike_name " [no]"
Prefix each log entry with the connection name and a unique numerical identifier
for each IKE_SA.
.TP
-.BR charon.filelog.<filename>.time_add_ms " [no]"
+.BR charon.filelog.<name>.path " []"
+Optional path to the log file. Overrides the section name. Must be used if the
+path contains characters that aren't allowed in section names.
+
+.TP
+.BR charon.filelog.<name>.time_add_ms " [no]"
Adds the milliseconds within the current second after the timestamp (separated
by a dot, so
.RI "" "time_format" ""
should end with %S or %T).
.TP
-.BR charon.filelog.<filename>.time_format " []"
+.BR charon.filelog.<name>.time_format " []"
Prefix each log entry with a timestamp. The option accepts a format string as
passed to
.RB "" "strftime" "(3)."
@@ -556,6 +564,18 @@ DHCP server.
DHCP server unicast or broadcast IP address.
.TP
+.BR charon.plugins.dhcp.use_server_port " [no]"
+Use the DHCP server port (67) as source port, instead of the DHCP client port
+(68), when a unicast server address is configured and the plugin acts as relay
+agent. When replying in this mode the DHCP server will always send packets to
+the DHCP server port and if no process binds that port an ICMP port unreachables
+will be sent back, which might be problematic for some DHCP servers. To avoid
+that, enabling this option will cause the plugin to bind the DHCP server port to
+send its requests when acting as relay agent. This is not necessary if a DHCP
+server is already running on the same host and might even cause conflicts (and
+since the server port is already bound, ICMPs should not be an issue).
+
+.TP
.BR charon.plugins.dnscert.enable " [no]"
Enable fetching of CERT RRs via DNS.
@@ -778,6 +798,11 @@ and
Number of sockets (ports) to use, increase for high load.
.TP
+.BR charon.plugins.eap-radius.station_id_with_port " [yes]"
+Whether to include the UDP port in the Called\- and Calling\-Station\-Id RADIUS
+attributes.
+
+.TP
.B charon.plugins.eap-radius.xauth
.br
Section to configure multiple XAuth authentication rounds via RADIUS. The
@@ -1660,6 +1685,32 @@ Send an unsupported PB\-TNC message type with the NOSKIP flag set.
Send a PB\-TNC batch with a modified PB\-TNC version.
.TP
+.BR charon.plugins.tpm.tcti.name " [device|tabrmd]"
+Name of TPM 2.0 TCTI library. Valid values:
+.RI "" "tabrmd" ","
+.RI "" "device" ""
+or
+.RI "" "mssim" "."
+Defaults are
+.RI "" "device" ""
+if the
+.RI "" "/dev/tpmrm0" ""
+in\-kernel TPM 2.0 resource manager
+device exists, and
+.RI "" "tabrmd" ""
+otherwise, requiring the d\-bus based TPM 2.0 access
+broker and resource manager to be available.
+
+.TP
+.BR charon.plugins.tpm.tcti.opts " [/dev/tpmrm0|<none>]"
+Options for the TPM 2.0 TCTI library. Defaults are
+.RI "" "/dev/tpmrm0" ""
+if the TCTI
+library name is
+.RI "" "device" ""
+and no options otherwise.
+
+.TP
.BR charon.plugins.tpm.use_rng " [no]"
Whether the TPM should be used as RNG.
@@ -2191,23 +2242,15 @@ Send operating system info without being prompted.
Send open listening ports without being prompted.
.TP
-.BR libimcv.plugins.imc-swid.swid_directory " [${prefix}/share]"
-Directory where SWID tags are located.
-
-.TP
-.BR libimcv.plugins.imc-swid.swid_full " [no]"
-Include file information in the XML\-encoded SWID tags.
-
-.TP
-.BR libimcv.plugins.imc-swid.swid_pretty " [no]"
-Generate XML\-encoded SWID tags with pretty indentation.
-
-.TP
.BR libimcv.plugins.imc-swima.eid_epoch " [0x11223344]"
Set 32 bit epoch value for event IDs manually if software collector database is
not available.
.TP
+.BR libimcv.plugins.imc-swima.subscriptions " [no]"
+Accept SW Inventory or SW Events subscriptions.
+
+.TP
.BR libimcv.plugins.imc-swima.swid_database " []"
URI to software collector database containing event timestamps, software
creation and deletion events and collected software identifiers. If it contains
@@ -2274,14 +2317,6 @@ URI pointing to operating system remediation instructions.
URI pointing to scanner remediation instructions.
.TP
-.BR libimcv.plugins.imv-swid.rest_api_timeout " [120]"
-Timeout of SWID REST API HTTP POST transaction.
-
-.TP
-.BR libimcv.plugins.imv-swid.rest_api_uri " []"
-HTTP URI of the SWID REST API.
-
-.TP
.BR libimcv.plugins.imv-swima.rest_api.timeout " [120]"
Timeout of SWID REST API HTTP POST transaction.
diff --git a/conf/strongswan.conf.5.tail.in b/conf/strongswan.conf.5.tail.in
index a93fe020a..4dd177ca0 100644
--- a/conf/strongswan.conf.5.tail.in
+++ b/conf/strongswan.conf.5.tail.in
@@ -15,12 +15,15 @@ does not have any effect.
There are currently two types of loggers:
.TP
.B File loggers
-Log directly to a file and are defined by specifying the full path to the
-file as subsection in the
+Log directly to a file and are defined by specifying an arbitrarily named
+subsection in the
.B charon.filelog
-section. To log to the console the two special filenames
+section. The full path to the file is configured in the \fIpath\fR setting of
+that subsection, however, if it only contains characters permitted in section
+names, the setting may also be omitted and the path specified as name of the
+subsection. To log to the console the two special filenames
.BR stdout " and " stderr
-can be used.
+may be used.
.TP
.B Syslog loggers
Log into a syslog facility and are defined by specifying the facility to log to
@@ -108,7 +111,8 @@ Also include sensitive material in dumps, e.g. keys
.EX
charon {
filelog {
- /var/log/charon.log {
+ charon {
+ path = /var/log/charon.log
time_format = %b %e %T
append = no
default = 1
@@ -290,7 +294,7 @@ For public key authentication, the responder uses the
identity. For the initiator, each connection attempt uses a different identity
in the form
.BR "\(dqCN=c1-r1, OU=load-test, O=strongSwan\(dq" ,
-where the first number inidicates the client number, the second the
+where the first number indicates the client number, the second the
authentication round (if multiple authentication rounds are used).
.PP
For PSK authentication, FQDN identities are used. The server uses