6 files changed, 221 insertions, 0 deletions
diff --git a/man/Makefile.in b/man/Makefile.in
index 4388e318b..9eb5e3330 100644
--- a/man/Makefile.in
+++ b/man/Makefile.in
@@ -198,9 +198,13 @@ includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 ipsecdir = @ipsecdir@
+<<<<<<< HEAD
 ipsecgid = @ipsecgid@
 ipsecgroup = @ipsecgroup@
 ipsecuid = @ipsecuid@
+=======
+ipsecgroup = @ipsecgroup@
+>>>>>>> upstream/4.5.1
 ipsecuser = @ipsecuser@
 libcharon_plugins = @libcharon_plugins@
 libdir = @libdir@
@@ -239,6 +243,11 @@ sbindir = @sbindir@
 scepclient_plugins = @scepclient_plugins@
 scripts_plugins = @scripts_plugins@
 sharedstatedir = @sharedstatedir@
+<<<<<<< HEAD
+=======
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+>>>>>>> upstream/4.5.1
 srcdir = @srcdir@
 strongswan_conf = @strongswan_conf@
 sysconfdir = @sysconfdir@
diff --git a/man/ipsec.conf.5 b/man/ipsec.conf.5
index b1e60b280..c422b50ec 100644
--- a/man/ipsec.conf.5
+++ b/man/ipsec.conf.5
@@ -1,4 +1,8 @@
+<<<<<<< HEAD
 .TH IPSEC.CONF 5 "2010-10-19" "4.5.0rc2" "strongSwan"
+=======
+.TH IPSEC.CONF 5 "2010-10-19" "4.5.1" "strongSwan"
+>>>>>>> upstream/4.5.1
 .SH NAME
 ipsec.conf \- IPsec configuration and connections
 .SH DESCRIPTION
@@ -544,8 +548,18 @@ for public key authentication (RSA/ECDSA),
 .B psk
 for pre-shared key authentication and
 .B eap
+<<<<<<< HEAD
 to (require the) use of the Extensible Authentication Protocol. In the case
 of
+=======
+to (require the) use of the Extensible Authentication Protocol.
+To require a trustchain public key strength for the remote side, specify the
+key type followed by the strength in bits (for example
+.BR rsa-2048
+or
+.BR ecdsa-256 ).
+For
+>>>>>>> upstream/4.5.1
 .B eap,
 an optional EAP method can be appended. Currently defined methods are
 .BR eap-aka ,
@@ -589,7 +603,11 @@ sets
 to the distinguished name of the certificate's subject and
 .B leftca
 to the distinguished name of the certificate's issuer.
+<<<<<<< HEAD
 The left participant's ID can be overriden by specifying a
+=======
+The left participant's ID can be overridden by specifying a
+>>>>>>> upstream/4.5.1
 .B leftid
 value which must be certified by the certificate, though.
 .TP
@@ -598,6 +616,13 @@ Same as
 .B leftcert,
 but for the second authentication round (IKEv2 only).
 .TP
+<<<<<<< HEAD
+=======
+.BR leftcertpolicy " = <OIDs>"
+Comma separated list of certificate policy OIDs the peers certificate must have.
+OIDs are specified using the numerical dotted representation (IKEv2 only).
+.TP
+>>>>>>> upstream/4.5.1
 .BR leftfirewall " = yes | " no
 whether the left participant is doing forwarding-firewalling
 (including masquerading) using iptables for traffic from \fIleftsubnet\fR,
@@ -953,6 +978,16 @@ synonym for
 .BR reqid " = <number>"
 sets the reqid for a given connection to a pre-configured fixed value.
 .TP
+<<<<<<< HEAD
+=======
+.BR tfc " = <value>"
+number of bytes to pad ESP payload data to. Traffic Flow Confidentiality
+is currently supported in IKEv2 and applies to outgoing packets only. The
+special value
+.BR %mtu
+fills up ESP packets with padding to have the size of the MTU.
+.TP
+>>>>>>> upstream/4.5.1
 .BR type " = " tunnel " | transport | transport_proxy | passthrough | drop"
 the type of the connection; currently the accepted values
 are
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index 187f36957..8b36d0f32 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -544,8 +544,18 @@ for public key authentication (RSA/ECDSA),
 .B psk
 for pre-shared key authentication and
 .B eap
+<<<<<<< HEAD
 to (require the) use of the Extensible Authentication Protocol. In the case
 of
+=======
+to (require the) use of the Extensible Authentication Protocol.
+To require a trustchain public key strength for the remote side, specify the
+key type followed by the strength in bits (for example
+.BR rsa-2048
+or
+.BR ecdsa-256 ).
+For
+>>>>>>> upstream/4.5.1
 .B eap,
 an optional EAP method can be appended. Currently defined methods are
 .BR eap-aka ,
@@ -589,7 +599,11 @@ sets
 to the distinguished name of the certificate's subject and
 .B leftca
 to the distinguished name of the certificate's issuer.
+<<<<<<< HEAD
 The left participant's ID can be overriden by specifying a
+=======
+The left participant's ID can be overridden by specifying a
+>>>>>>> upstream/4.5.1
 .B leftid
 value which must be certified by the certificate, though.
 .TP
@@ -598,6 +612,13 @@ Same as
 .B leftcert,
 but for the second authentication round (IKEv2 only).
 .TP
+<<<<<<< HEAD
+=======
+.BR leftcertpolicy " = <OIDs>"
+Comma separated list of certificate policy OIDs the peers certificate must have.
+OIDs are specified using the numerical dotted representation (IKEv2 only).
+.TP
+>>>>>>> upstream/4.5.1
 .BR leftfirewall " = yes | " no
 whether the left participant is doing forwarding-firewalling
 (including masquerading) using iptables for traffic from \fIleftsubnet\fR,
@@ -953,6 +974,16 @@ synonym for
 .BR reqid " = <number>"
 sets the reqid for a given connection to a pre-configured fixed value.
 .TP
+<<<<<<< HEAD
+=======
+.BR tfc " = <value>"
+number of bytes to pad ESP payload data to. Traffic Flow Confidentiality
+is currently supported in IKEv2 and applies to outgoing packets only. The
+special value
+.BR %mtu
+fills up ESP packets with padding to have the size of the MTU.
+.TP
+>>>>>>> upstream/4.5.1
 .BR type " = " tunnel " | transport | transport_proxy | passthrough | drop"
 the type of the connection; currently the accepted values
 are
diff --git a/man/ipsec.secrets.5 b/man/ipsec.secrets.5
index 1e586a491..cdefee24d 100644
--- a/man/ipsec.secrets.5
+++ b/man/ipsec.secrets.5
@@ -1,4 +1,8 @@
+<<<<<<< HEAD
 .TH IPSEC.SECRETS 5 "2010-05-30" "4.5.0rc2" "strongSwan"
+=======
+.TH IPSEC.SECRETS 5 "2010-05-30" "4.5.1" "strongSwan"
+>>>>>>> upstream/4.5.1
 .SH NAME
 ipsec.secrets \- secrets for IKE/IPsec authentication
 .SH DESCRIPTION
diff --git a/man/strongswan.conf.5 b/man/strongswan.conf.5
index 2a8703503..04e29c245 100644
--- a/man/strongswan.conf.5
+++ b/man/strongswan.conf.5
@@ -1,4 +1,8 @@
+<<<<<<< HEAD
 .TH STRONGSWAN.CONF 5 "2010-09-09" "4.5.0rc2" "strongSwan"
+=======
+.TH STRONGSWAN.CONF 5 "2010-09-09" "4.5.1" "strongSwan"
+>>>>>>> upstream/4.5.1
 .SH NAME
 strongswan.conf \- strongSwan configuration file
 .SH DESCRIPTION
@@ -60,6 +64,64 @@ An example file in this format might look like this:
 .PP
 Indentation is optional, you may use tabs or spaces.
 
+<<<<<<< HEAD
+=======
+.SH INCLUDING FILES
+Using the
+.B include
+statement it is possible to include other files into strongswan.conf, e.g.
+.PP
+.EX
+	include /some/path/*.conf
+.EE
+.PP
+If the file name is not an absolute path, it is considered to be relative
+to the directory of the file containing the include statement. The file name
+may include shell wildcards (see
+.IR sh (1)).
+Also, such inclusions can be nested.
+.PP
+Sections loaded from included files
+.I extend
+previously loaded sections; already existing values are
+.IR replaced .
+It is important to note that settings are added relative to the section the
+include statement is in.
+.PP
+As an example, the following three files result in the same final
+config as the one given above:
+.PP
+.EX
+	a = b
+	section-one {
+		somevalue = before include
+		include include.conf
+	}
+	include other.conf
+
+include.conf:
+	# settings loaded from this file are added to section-one
+	# the following replaces the previous value
+	somevalue = asdf
+	subsection {
+		othervalue = yyy
+	}
+	yetanother = zz
+
+other.conf:
+	# this extends section-one and subsection
+	section-one {
+		subsection {
+			# this replaces the previous value
+			othervalue = xxx
+		}
+	}
+	section-two {
+		x = 12
+	}
+.EE
+
+>>>>>>> upstream/4.5.1
 .SH READING VALUES
 Values are accessed using a dot-separated section list and a key.
 With reference to the example above, accessing
@@ -405,6 +467,12 @@ Check daemon, libstrongswan and plugin integrity at startup
 .TP
 .BR libstrongswan.leak_detective.detailed " [yes]"
 Includes source file names and line numbers in leak detective output
+<<<<<<< HEAD
+=======
+.TP
+.BR libstrongswan.x509.enforce_critical " [yes]"
+Discard certificates with unsupported or unknown critical extensions
+>>>>>>> upstream/4.5.1
 .SS libstrongswan.plugins subsection
 .TP
 .BR libstrongswan.plugins.attr-sql.database
@@ -420,6 +488,7 @@ Use faster random numbers in gcrypt; for testing only, produces weak keys!
 ENGINE ID to use in the OpenSSL plugin
 .TP
 .BR libstrongswan.plugins.pkcs11.modules
+<<<<<<< HEAD
 
 .TP
 .BR libstrongswan.plugins.pkcs11.use_hasher " [no]"
@@ -427,6 +496,10 @@ ENGINE ID to use in the OpenSSL plugin
 .TP
 .BR libstrongswan.plugins.x509.enforce_critical " [no]"
 Discard certificates with unsupported or unknown critical extensions
+=======
+.TP
+.BR libstrongswan.plugins.pkcs11.use_hasher " [no]"
+>>>>>>> upstream/4.5.1
 .SS libtls section
 .TP
 .BR libtls.cipher
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in
index 77db9a3c0..7d3cf8388 100644
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -60,6 +60,64 @@ An example file in this format might look like this:
 .PP
 Indentation is optional, you may use tabs or spaces.
 
+<<<<<<< HEAD
+=======
+.SH INCLUDING FILES
+Using the
+.B include
+statement it is possible to include other files into strongswan.conf, e.g.
+.PP
+.EX
+	include /some/path/*.conf
+.EE
+.PP
+If the file name is not an absolute path, it is considered to be relative
+to the directory of the file containing the include statement. The file name
+may include shell wildcards (see
+.IR sh (1)).
+Also, such inclusions can be nested.
+.PP
+Sections loaded from included files
+.I extend
+previously loaded sections; already existing values are
+.IR replaced .
+It is important to note that settings are added relative to the section the
+include statement is in.
+.PP
+As an example, the following three files result in the same final
+config as the one given above:
+.PP
+.EX
+	a = b
+	section-one {
+		somevalue = before include
+		include include.conf
+	}
+	include other.conf
+
+include.conf:
+	# settings loaded from this file are added to section-one
+	# the following replaces the previous value
+	somevalue = asdf
+	subsection {
+		othervalue = yyy
+	}
+	yetanother = zz
+
+other.conf:
+	# this extends section-one and subsection
+	section-one {
+		subsection {
+			# this replaces the previous value
+			othervalue = xxx
+		}
+	}
+	section-two {
+		x = 12
+	}
+.EE
+
+>>>>>>> upstream/4.5.1
 .SH READING VALUES
 Values are accessed using a dot-separated section list and a key.
 With reference to the example above, accessing
@@ -405,6 +463,12 @@ Check daemon, libstrongswan and plugin integrity at startup
 .TP
 .BR libstrongswan.leak_detective.detailed " [yes]"
 Includes source file names and line numbers in leak detective output
+<<<<<<< HEAD
+=======
+.TP
+.BR libstrongswan.x509.enforce_critical " [yes]"
+Discard certificates with unsupported or unknown critical extensions
+>>>>>>> upstream/4.5.1
 .SS libstrongswan.plugins subsection
 .TP
 .BR libstrongswan.plugins.attr-sql.database
@@ -420,6 +484,7 @@ Use faster random numbers in gcrypt; for testing only, produces weak keys!
 ENGINE ID to use in the OpenSSL plugin
 .TP
 .BR libstrongswan.plugins.pkcs11.modules
+<<<<<<< HEAD
 
 .TP
 .BR libstrongswan.plugins.pkcs11.use_hasher " [no]"
@@ -427,6 +492,10 @@ ENGINE ID to use in the OpenSSL plugin
 .TP
 .BR libstrongswan.plugins.x509.enforce_critical " [no]"
 Discard certificates with unsupported or unknown critical extensions
+=======
+.TP
+.BR libstrongswan.plugins.pkcs11.use_hasher " [no]"
+>>>>>>> upstream/4.5.1
 .SS libtls section
 .TP
 .BR libtls.cipher