From 7793611ee71b576dd9c66dee327349fa64e38740 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@corsac.net>
Date: Mon, 19 Feb 2018 18:17:21 +0100
Subject: New upstream version 5.6.2

---
 src/libstrongswan/ipsec/ipsec_types.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/libstrongswan/ipsec')

diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c
index 68c3935b9..c992eb5ad 100644
--- a/src/libstrongswan/ipsec/ipsec_types.c
+++ b/src/libstrongswan/ipsec/ipsec_types.c
@@ -104,7 +104,10 @@ bool mark_from_string(const char *value, mark_t *mark)
 	{
 		mark->mask = 0xffffffff;
 	}
-	/* apply the mask to ensure the value is in range */
-	mark->value &= mark->mask;
+	if (!MARK_IS_UNIQUE(mark->value))
+	{
+		/* apply the mask to ensure the value is in range */
+		mark->value &= mark->mask;
+	}
 	return TRUE;
 }
-- 
cgit v1.2.3


From 51a71ee15c1bcf0e82f363a16898f571e211f9c3 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Mon, 4 Jun 2018 09:59:21 +0200
Subject: New upstream version 5.6.3

---
 Android.common.mk                                  |   2 +-
 NEWS                                               |  64 +-
 conf/plugins/dhcp.conf                             |   3 +-
 conf/plugins/dhcp.opt                              |   3 +-
 conf/plugins/kernel-pfkey.conf                     |   3 +
 conf/plugins/kernel-pfkey.opt                      |  10 +
 conf/strongswan.conf.5.main                        |  12 +-
 conf/strongswan.conf.5.tail.in                     |   2 +-
 configure                                          |  23 +-
 configure.ac                                       |   3 +-
 fuzz/Makefile.am                                   |   5 +-
 fuzz/Makefile.in                                   |   5 +-
 man/ipsec.conf.5.in                                |   8 -
 scripts/aes-test.c                                 |   2 +-
 scripts/bin2array.c                                |   2 +-
 scripts/bin2sql.c                                  |   2 +-
 scripts/dh_speed.c                                 |   2 +-
 scripts/dnssec.c                                   |   2 +-
 scripts/id2sql.c                                   |   2 +-
 scripts/key2keyid.c                                |   2 +-
 scripts/keyid2sql.c                                |   2 +-
 scripts/pubkey_speed.c                             |   2 +-
 scripts/settings-test.c                            |   2 +-
 scripts/thread_analysis.c                          |   2 +-
 src/_updown/_updown.in                             |   4 -
 src/charon-cmd/charon-cmd.c                        |   2 +-
 src/charon-cmd/cmd/cmd_connection.c                |   2 +-
 src/charon-cmd/cmd/cmd_creds.c                     |   2 +-
 src/charon-cmd/cmd/cmd_options.c                   |   2 +-
 src/charon-cmd/cmd/cmd_options.h                   |   2 +-
 src/charon-nm/charon-nm.c                          |   2 +-
 src/charon-nm/nm/nm_backend.c                      |   2 +-
 src/charon-nm/nm/nm_backend.h                      |   2 +-
 src/charon-nm/nm/nm_creds.c                        |   2 +-
 src/charon-nm/nm/nm_creds.h                        |   2 +-
 src/charon-nm/nm/nm_handler.c                      |   2 +-
 src/charon-nm/nm/nm_handler.h                      |   2 +-
 src/charon-nm/nm/nm_service.c                      |   9 +-
 src/charon-nm/nm/nm_service.h                      |   2 +-
 src/charon-systemd/charon-systemd.c                |   2 +-
 src/charon-tkm/src/charon-tkm.c                    |   2 +-
 src/charon-tkm/src/ees/ees_callbacks.c             |   2 +-
 src/charon-tkm/src/ees/ees_callbacks.h             |   2 +-
 src/charon-tkm/src/ees/esa_event_service.adb       |   2 +-
 src/charon-tkm/src/ees/esa_event_service.ads       |   2 +-
 src/charon-tkm/src/ehandler/eh_callbacks.c         |   2 +-
 src/charon-tkm/src/ehandler/eh_callbacks.h         |   2 +-
 src/charon-tkm/src/ehandler/exception_handler.adb  |   2 +-
 src/charon-tkm/src/ehandler/exception_handler.ads  |   2 +-
 src/charon-tkm/src/tkm/tkm.c                       |   2 +-
 src/charon-tkm/src/tkm/tkm.h                       |   2 +-
 src/charon-tkm/src/tkm/tkm_chunk_map.c             |   2 +-
 src/charon-tkm/src/tkm/tkm_chunk_map.h             |   2 +-
 src/charon-tkm/src/tkm/tkm_cred.c                  |   2 +-
 src/charon-tkm/src/tkm/tkm_cred.h                  |   2 +-
 src/charon-tkm/src/tkm/tkm_diffie_hellman.c        |   2 +-
 src/charon-tkm/src/tkm/tkm_diffie_hellman.h        |   2 +-
 src/charon-tkm/src/tkm/tkm_encoder.c               |   2 +-
 src/charon-tkm/src/tkm/tkm_encoder.h               |   2 +-
 src/charon-tkm/src/tkm/tkm_id_manager.c            |   2 +-
 src/charon-tkm/src/tkm/tkm_id_manager.h            |   2 +-
 src/charon-tkm/src/tkm/tkm_kernel_ipsec.h          |   2 +-
 src/charon-tkm/src/tkm/tkm_kernel_sad.c            |   2 +-
 src/charon-tkm/src/tkm/tkm_kernel_sad.h            |   2 +-
 src/charon-tkm/src/tkm/tkm_keymat.c                |   2 +-
 src/charon-tkm/src/tkm/tkm_keymat.h                |   2 +-
 src/charon-tkm/src/tkm/tkm_listener.c              |   2 +-
 src/charon-tkm/src/tkm/tkm_listener.h              |   2 +-
 src/charon-tkm/src/tkm/tkm_nonceg.c                |   2 +-
 src/charon-tkm/src/tkm/tkm_nonceg.h                |   2 +-
 src/charon-tkm/src/tkm/tkm_private_key.c           |   2 +-
 src/charon-tkm/src/tkm/tkm_private_key.h           |   2 +-
 src/charon-tkm/src/tkm/tkm_public_key.c            |   2 +-
 src/charon-tkm/src/tkm/tkm_public_key.h            |   2 +-
 src/charon-tkm/src/tkm/tkm_spi_generator.c         |   2 +-
 src/charon-tkm/src/tkm/tkm_spi_generator.h         |   2 +-
 src/charon-tkm/src/tkm/tkm_types.h                 |   2 +-
 src/charon-tkm/src/tkm/tkm_utils.c                 |   2 +-
 src/charon-tkm/src/tkm/tkm_utils.h                 |   2 +-
 src/charon-tkm/tests/chunk_map_tests.c             |   2 +-
 src/charon-tkm/tests/diffie_hellman_tests.c        |   2 +-
 src/charon-tkm/tests/id_manager_tests.c            |   2 +-
 src/charon-tkm/tests/kernel_sad_tests.c            |   2 +-
 src/charon-tkm/tests/keymat_tests.c                |   2 +-
 src/charon-tkm/tests/nonceg_tests.c                |   2 +-
 src/charon-tkm/tests/tests.c                       |   2 +-
 src/charon-tkm/tests/tests.h                       |   2 +-
 src/charon-tkm/tests/utils_tests.c                 |   2 +-
 src/charon/charon.c                                |  14 +-
 src/checksum/checksum_builder.c                    |   2 +-
 src/conftest/actions.c                             |   3 +-
 src/dumm/bridge.c                                  |   2 +-
 src/dumm/bridge.h                                  |   2 +-
 src/dumm/cowfs.c                                   |   2 +-
 src/dumm/cowfs.h                                   |   2 +-
 src/dumm/dumm.c                                    |   2 +-
 src/dumm/dumm.h                                    |   2 +-
 src/dumm/ext/dumm.c                                |   2 +-
 src/dumm/ext/lib/dumm.rb                           |   2 +-
 src/dumm/ext/lib/dumm/guest.rb                     |   2 +-
 src/dumm/guest.c                                   |   2 +-
 src/dumm/guest.h                                   |   2 +-
 src/dumm/iface.c                                   |   2 +-
 src/dumm/iface.h                                   |   2 +-
 src/dumm/irdumm.c                                  |   2 +-
 src/dumm/main.c                                    |   2 +-
 src/dumm/mconsole.c                                |   2 +-
 src/dumm/mconsole.h                                |   2 +-
 src/ipsec/_ipsec.8                                 |   2 +-
 src/libcharon/Makefile.am                          |   8 +
 src/libcharon/Makefile.in                          |  15 +-
 src/libcharon/attributes/attribute_handler.h       |   2 +-
 src/libcharon/attributes/attribute_manager.c       |   2 +-
 src/libcharon/attributes/attribute_manager.h       |   2 +-
 src/libcharon/attributes/attribute_provider.h      |   2 +-
 src/libcharon/attributes/attributes.c              |   2 +-
 src/libcharon/attributes/attributes.h              |   2 +-
 src/libcharon/attributes/mem_pool.c                |   2 +-
 src/libcharon/attributes/mem_pool.h                |   2 +-
 src/libcharon/bus/bus.c                            |   5 +-
 src/libcharon/bus/bus.h                            |   2 +-
 src/libcharon/bus/listeners/file_logger.c          |   2 +-
 src/libcharon/bus/listeners/file_logger.h          |   2 +-
 src/libcharon/bus/listeners/listener.h             |   2 +-
 src/libcharon/bus/listeners/logger.h               |   2 +-
 src/libcharon/bus/listeners/sys_logger.c           |   2 +-
 src/libcharon/bus/listeners/sys_logger.h           |   2 +-
 src/libcharon/config/backend.h                     |   2 +-
 src/libcharon/config/backend_manager.c             |   2 +-
 src/libcharon/config/backend_manager.h             |   2 +-
 src/libcharon/config/child_cfg.c                   |  13 +
 src/libcharon/config/child_cfg.h                   |  16 +-
 src/libcharon/config/ike_cfg.c                     |   2 +-
 src/libcharon/config/ike_cfg.h                     |   2 +-
 src/libcharon/control/controller.c                 |  51 +-
 src/libcharon/control/controller.h                 |   9 +-
 src/libcharon/daemon.h                             |   2 +-
 src/libcharon/encoding/generator.c                 |   2 +-
 src/libcharon/encoding/generator.h                 |   2 +-
 src/libcharon/encoding/message.c                   |   2 +-
 src/libcharon/encoding/message.h                   |   2 +-
 src/libcharon/encoding/parser.c                    |   2 +-
 src/libcharon/encoding/parser.h                    |   2 +-
 src/libcharon/encoding/payloads/auth_payload.c     |   2 +-
 src/libcharon/encoding/payloads/auth_payload.h     |   2 +-
 src/libcharon/encoding/payloads/cert_payload.c     |   2 +-
 src/libcharon/encoding/payloads/cert_payload.h     |   2 +-
 src/libcharon/encoding/payloads/certreq_payload.c  |   2 +-
 src/libcharon/encoding/payloads/certreq_payload.h  |   2 +-
 .../encoding/payloads/configuration_attribute.c    |   2 +-
 .../encoding/payloads/configuration_attribute.h    |   2 +-
 src/libcharon/encoding/payloads/cp_payload.c       |   2 +-
 src/libcharon/encoding/payloads/cp_payload.h       |   2 +-
 src/libcharon/encoding/payloads/delete_payload.c   |   2 +-
 src/libcharon/encoding/payloads/delete_payload.h   |   2 +-
 src/libcharon/encoding/payloads/eap_payload.c      |   2 +-
 src/libcharon/encoding/payloads/eap_payload.h      |   2 +-
 src/libcharon/encoding/payloads/encodings.c        |   2 +-
 src/libcharon/encoding/payloads/encodings.h        |   2 +-
 .../encoding/payloads/encrypted_fragment_payload.h |   2 +-
 .../encoding/payloads/encrypted_payload.c          |   2 +-
 .../encoding/payloads/encrypted_payload.h          |   2 +-
 src/libcharon/encoding/payloads/endpoint_notify.c  |   2 +-
 src/libcharon/encoding/payloads/endpoint_notify.h  |   2 +-
 src/libcharon/encoding/payloads/fragment_payload.c |   2 +-
 src/libcharon/encoding/payloads/fragment_payload.h |   2 +-
 src/libcharon/encoding/payloads/id_payload.c       |   2 +-
 src/libcharon/encoding/payloads/id_payload.h       |   2 +-
 src/libcharon/encoding/payloads/ike_header.c       |   2 +-
 src/libcharon/encoding/payloads/ike_header.h       |   2 +-
 src/libcharon/encoding/payloads/ke_payload.c       |   2 +-
 src/libcharon/encoding/payloads/ke_payload.h       |   2 +-
 src/libcharon/encoding/payloads/nonce_payload.c    |   2 +-
 src/libcharon/encoding/payloads/nonce_payload.h    |   2 +-
 src/libcharon/encoding/payloads/notify_payload.c   |   2 +-
 src/libcharon/encoding/payloads/notify_payload.h   |   2 +-
 src/libcharon/encoding/payloads/payload.c          |   2 +-
 src/libcharon/encoding/payloads/payload.h          |   2 +-
 .../encoding/payloads/proposal_substructure.c      |   2 +-
 .../encoding/payloads/proposal_substructure.h      |   2 +-
 src/libcharon/encoding/payloads/sa_payload.c       |   2 +-
 src/libcharon/encoding/payloads/sa_payload.h       |   2 +-
 .../payloads/traffic_selector_substructure.c       |   2 +-
 .../payloads/traffic_selector_substructure.h       |   2 +-
 .../encoding/payloads/transform_attribute.c        |   2 +-
 .../encoding/payloads/transform_attribute.h        |   2 +-
 .../encoding/payloads/transform_substructure.c     |   2 +-
 .../encoding/payloads/transform_substructure.h     |   2 +-
 src/libcharon/encoding/payloads/ts_payload.c       |   2 +-
 src/libcharon/encoding/payloads/ts_payload.h       |   2 +-
 src/libcharon/encoding/payloads/unknown_payload.c  |   2 +-
 src/libcharon/encoding/payloads/unknown_payload.h  |   2 +-
 .../encoding/payloads/vendor_id_payload.c          |   2 +-
 .../encoding/payloads/vendor_id_payload.h          |   2 +-
 src/libcharon/kernel/kernel_handler.c              |   2 +-
 src/libcharon/kernel/kernel_handler.h              |   2 +-
 src/libcharon/kernel/kernel_ipsec.c                |   2 +-
 src/libcharon/kernel/kernel_ipsec.h                |   4 +-
 src/libcharon/kernel/kernel_listener.h             |   2 +-
 src/libcharon/network/receiver.c                   |   2 +-
 src/libcharon/network/receiver.h                   |   2 +-
 src/libcharon/network/sender.c                     |   2 +-
 src/libcharon/network/sender.h                     |   2 +-
 src/libcharon/network/socket.h                     |   2 +-
 src/libcharon/network/socket_manager.c             |   2 +-
 src/libcharon/network/socket_manager.h             |   2 +-
 src/libcharon/plugins/addrblock/addrblock_narrow.c |   2 +-
 .../plugins/addrblock/addrblock_validator.c        |   7 +-
 .../plugins/android_dns/android_dns_handler.c      |   2 +-
 .../plugins/android_dns/android_dns_handler.h      |   2 +-
 .../plugins/android_dns/android_dns_plugin.c       |   2 +-
 .../plugins/android_dns/android_dns_plugin.h       |   2 +-
 .../plugins/android_log/android_log_logger.c       |   2 +-
 .../plugins/android_log/android_log_logger.h       |   2 +-
 .../plugins/android_log/android_log_plugin.c       |   2 +-
 .../plugins/android_log/android_log_plugin.h       |   2 +-
 src/libcharon/plugins/attr/attr_plugin.c           |   2 +-
 src/libcharon/plugins/attr/attr_plugin.h           |   2 +-
 src/libcharon/plugins/attr/attr_provider.c         |   2 +-
 src/libcharon/plugins/attr/attr_provider.h         |   2 +-
 src/libcharon/plugins/attr_sql/attr_sql_plugin.c   |   2 +-
 src/libcharon/plugins/attr_sql/attr_sql_plugin.h   |   2 +-
 src/libcharon/plugins/attr_sql/attr_sql_provider.c |   2 +-
 src/libcharon/plugins/attr_sql/attr_sql_provider.h |   2 +-
 src/libcharon/plugins/connmark/connmark_listener.c |   2 +-
 src/libcharon/plugins/dhcp/dhcp_plugin.c           |   2 +-
 src/libcharon/plugins/dhcp/dhcp_socket.c           |  79 +-
 src/libcharon/plugins/dhcp/dhcp_transaction.h      |   6 +-
 src/libcharon/plugins/dnscert/dnscert_cred.c       |   2 +-
 src/libcharon/plugins/dnscert/dnscert_plugin.c     |   2 +-
 src/libcharon/plugins/eap_aka/eap_aka_peer.c       |   2 +-
 src/libcharon/plugins/eap_aka/eap_aka_peer.h       |   2 +-
 src/libcharon/plugins/eap_aka/eap_aka_plugin.c     |   2 +-
 src/libcharon/plugins/eap_aka/eap_aka_plugin.h     |   2 +-
 src/libcharon/plugins/eap_aka/eap_aka_server.c     |   2 +-
 src/libcharon/plugins/eap_aka/eap_aka_server.h     |   2 +-
 src/libcharon/plugins/eap_aka_3gpp/Makefile.am     |  17 +-
 src/libcharon/plugins/eap_aka_3gpp/Makefile.in     |  43 +-
 .../plugins/eap_aka_3gpp/eap_aka_3gpp_card.c       |   2 +-
 .../plugins/eap_aka_3gpp/eap_aka_3gpp_card.h       |   2 +-
 .../plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h  |   2 +-
 .../plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c     |   2 +-
 .../plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h     |   2 +-
 .../plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c   |   2 +-
 .../plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h   |   2 +-
 .../plugins/eap_aka_3gpp/tests/Makefile.am         |  24 +
 .../plugins/eap_aka_3gpp/tests/Makefile.in         | 899 +++++++++++++++++++++
 .../eap_aka_3gpp/tests/suites/test_vectors.c       | 210 +++++
 src/libcharon/plugins/eap_aka_3gpp/tests/tests.c   |  63 ++
 src/libcharon/plugins/eap_aka_3gpp/tests/tests.h   |  16 +
 .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c     |   2 +-
 .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h     |   2 +-
 .../eap_aka_3gpp2/eap_aka_3gpp2_functions.c        |   2 +-
 .../eap_aka_3gpp2/eap_aka_3gpp2_functions.h        |   2 +-
 .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c   |   2 +-
 .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h   |   2 +-
 .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c |   2 +-
 .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h |   2 +-
 src/libcharon/plugins/eap_dynamic/eap_dynamic.c    |   2 +-
 src/libcharon/plugins/eap_dynamic/eap_dynamic.h    |   2 +-
 .../plugins/eap_dynamic/eap_dynamic_plugin.c       |   2 +-
 .../plugins/eap_dynamic/eap_dynamic_plugin.h       |   2 +-
 src/libcharon/plugins/eap_gtc/eap_gtc.c            |   2 +-
 src/libcharon/plugins/eap_gtc/eap_gtc.h            |   2 +-
 src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c     |   2 +-
 src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h     |   2 +-
 src/libcharon/plugins/eap_identity/eap_identity.c  |   2 +-
 src/libcharon/plugins/eap_identity/eap_identity.h  |   2 +-
 .../plugins/eap_identity/eap_identity_plugin.c     |   2 +-
 .../plugins/eap_identity/eap_identity_plugin.h     |   2 +-
 src/libcharon/plugins/eap_md5/eap_md5.c            |   2 +-
 src/libcharon/plugins/eap_md5/eap_md5.h            |   2 +-
 src/libcharon/plugins/eap_md5/eap_md5_plugin.c     |   2 +-
 src/libcharon/plugins/eap_md5/eap_md5_plugin.h     |   2 +-
 src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c  |   2 +-
 src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h  |   2 +-
 .../plugins/eap_mschapv2/eap_mschapv2_plugin.c     |   2 +-
 .../plugins/eap_mschapv2/eap_mschapv2_plugin.h     |   2 +-
 src/libcharon/plugins/eap_peap/eap_peap.c          |   7 +-
 src/libcharon/plugins/eap_peap/eap_peap.h          |   2 +-
 src/libcharon/plugins/eap_peap/eap_peap_avp.c      |   2 +-
 src/libcharon/plugins/eap_peap/eap_peap_avp.h      |   2 +-
 src/libcharon/plugins/eap_peap/eap_peap_peer.c     |   2 +-
 src/libcharon/plugins/eap_peap/eap_peap_peer.h     |   2 +-
 src/libcharon/plugins/eap_peap/eap_peap_plugin.c   |   2 +-
 src/libcharon/plugins/eap_peap/eap_peap_plugin.h   |   2 +-
 src/libcharon/plugins/eap_peap/eap_peap_server.c   |   2 +-
 src/libcharon/plugins/eap_peap/eap_peap_server.h   |   2 +-
 src/libcharon/plugins/eap_radius/eap_radius.h      |   2 +-
 .../plugins/eap_radius/eap_radius_forward.h        |   2 +-
 .../plugins/eap_radius/eap_radius_plugin.c         |   2 +-
 .../plugins/eap_radius/eap_radius_plugin.h         |   4 +-
 src/libcharon/plugins/eap_sim/eap_sim_peer.c       |   2 +-
 src/libcharon/plugins/eap_sim/eap_sim_peer.h       |   2 +-
 src/libcharon/plugins/eap_sim/eap_sim_plugin.c     |   2 +-
 src/libcharon/plugins/eap_sim/eap_sim_plugin.h     |   2 +-
 src/libcharon/plugins/eap_sim/eap_sim_server.c     |   2 +-
 src/libcharon/plugins/eap_sim/eap_sim_server.h     |   2 +-
 .../plugins/eap_sim_file/eap_sim_file_card.c       |   2 +-
 .../plugins/eap_sim_file/eap_sim_file_card.h       |   2 +-
 .../plugins/eap_sim_file/eap_sim_file_plugin.c     |   2 +-
 .../plugins/eap_sim_file/eap_sim_file_plugin.h     |   2 +-
 .../plugins/eap_sim_file/eap_sim_file_provider.c   |   2 +-
 .../plugins/eap_sim_file/eap_sim_file_provider.h   |   2 +-
 .../plugins/eap_sim_file/eap_sim_file_triplets.c   |   2 +-
 .../plugins/eap_sim_file/eap_sim_file_triplets.h   |   2 +-
 .../eap_simaka_pseudonym_card.h                    |   2 +-
 .../eap_simaka_pseudonym_plugin.c                  |   2 +-
 .../eap_simaka_pseudonym_plugin.h                  |   2 +-
 .../eap_simaka_pseudonym_provider.c                |   2 +-
 .../eap_simaka_pseudonym_provider.h                |   2 +-
 .../eap_simaka_reauth/eap_simaka_reauth_card.c     |   2 +-
 .../eap_simaka_reauth/eap_simaka_reauth_card.h     |   2 +-
 .../eap_simaka_reauth/eap_simaka_reauth_plugin.c   |   2 +-
 .../eap_simaka_reauth/eap_simaka_reauth_plugin.h   |   2 +-
 .../eap_simaka_reauth/eap_simaka_reauth_provider.c |   2 +-
 .../eap_simaka_reauth/eap_simaka_reauth_provider.h |   2 +-
 src/libcharon/plugins/eap_tnc/eap_tnc.h            |   2 +-
 src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c     |   2 +-
 src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h     |   2 +-
 src/libcharon/plugins/eap_ttls/eap_ttls.c          |   7 +-
 src/libcharon/plugins/eap_ttls/eap_ttls.h          |   2 +-
 src/libcharon/plugins/eap_ttls/eap_ttls_avp.c      |   2 +-
 src/libcharon/plugins/eap_ttls/eap_ttls_avp.h      |   2 +-
 src/libcharon/plugins/eap_ttls/eap_ttls_peer.c     |   2 +-
 src/libcharon/plugins/eap_ttls/eap_ttls_peer.h     |   2 +-
 src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c   |   2 +-
 src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h   |   2 +-
 src/libcharon/plugins/eap_ttls/eap_ttls_server.h   |   2 +-
 src/libcharon/plugins/forecast/forecast_listener.c |   2 +-
 src/libcharon/plugins/ha/ha_child.c                |   2 +-
 src/libcharon/plugins/ha/ha_child.h                |   2 +-
 src/libcharon/plugins/ha/ha_ctl.c                  |   2 +-
 src/libcharon/plugins/ha/ha_ctl.h                  |   2 +-
 src/libcharon/plugins/ha/ha_dispatcher.c           |   2 +-
 src/libcharon/plugins/ha/ha_dispatcher.h           |   2 +-
 src/libcharon/plugins/ha/ha_ike.c                  |   2 +-
 src/libcharon/plugins/ha/ha_ike.h                  |   2 +-
 src/libcharon/plugins/ha/ha_kernel.c               |   2 +-
 src/libcharon/plugins/ha/ha_kernel.h               |   2 +-
 src/libcharon/plugins/ha/ha_message.c              |   4 +-
 src/libcharon/plugins/ha/ha_message.h              |   2 +-
 src/libcharon/plugins/ha/ha_plugin.c               |   2 +-
 src/libcharon/plugins/ha/ha_plugin.h               |   2 +-
 src/libcharon/plugins/ha/ha_segments.c             |   2 +-
 src/libcharon/plugins/ha/ha_segments.h             |   2 +-
 src/libcharon/plugins/ha/ha_socket.h               |   2 +-
 src/libcharon/plugins/ha/ha_tunnel.c               |  15 +-
 src/libcharon/plugins/ha/ha_tunnel.h               |   2 +-
 src/libcharon/plugins/ipseckey/ipseckey.c          |   2 +-
 src/libcharon/plugins/ipseckey/ipseckey.h          |   2 +-
 src/libcharon/plugins/ipseckey/ipseckey_cred.c     |   2 +-
 src/libcharon/plugins/ipseckey/ipseckey_cred.h     |   2 +-
 src/libcharon/plugins/ipseckey/ipseckey_plugin.c   |   2 +-
 src/libcharon/plugins/ipseckey/ipseckey_plugin.h   |   2 +-
 .../kernel_libipsec/kernel_libipsec_ipsec.c        |   2 +-
 .../kernel_libipsec/kernel_libipsec_ipsec.h        |   2 +-
 .../kernel_libipsec/kernel_libipsec_plugin.c       |   2 +-
 .../kernel_libipsec/kernel_libipsec_plugin.h       |   2 +-
 .../kernel_libipsec/kernel_libipsec_router.c       |   2 +-
 .../kernel_libipsec/kernel_libipsec_router.h       |   2 +-
 .../plugins/kernel_netlink/kernel_netlink_ipsec.c  | 262 +++++-
 .../plugins/kernel_netlink/kernel_netlink_ipsec.h  |   2 +-
 .../plugins/kernel_netlink/kernel_netlink_net.c    | 188 +++--
 .../plugins/kernel_netlink/kernel_netlink_net.h    |   2 +-
 .../plugins/kernel_netlink/kernel_netlink_plugin.c |   2 +-
 .../plugins/kernel_netlink/kernel_netlink_plugin.h |   2 +-
 .../plugins/kernel_netlink/kernel_netlink_shared.c |   2 +-
 .../plugins/kernel_netlink/kernel_netlink_shared.h |   4 +-
 .../plugins/kernel_pfkey/kernel_pfkey_ipsec.c      |  10 +-
 .../plugins/kernel_pfkey/kernel_pfkey_ipsec.h      |   2 +-
 .../plugins/kernel_pfkey/kernel_pfkey_plugin.c     |   2 +-
 .../plugins/kernel_pfkey/kernel_pfkey_plugin.h     |   2 +-
 .../plugins/kernel_pfroute/kernel_pfroute_net.c    |   2 +-
 .../plugins/kernel_pfroute/kernel_pfroute_net.h    |   2 +-
 .../plugins/kernel_pfroute/kernel_pfroute_plugin.c |   2 +-
 .../plugins/kernel_pfroute/kernel_pfroute_plugin.h |   2 +-
 .../plugins/load_tester/load_tester_config.c       |   3 +-
 .../plugins/load_tester/load_tester_config.h       |   2 +-
 .../plugins/load_tester/load_tester_creds.c        |   2 +-
 .../plugins/load_tester/load_tester_creds.h        |   2 +-
 .../load_tester/load_tester_diffie_hellman.c       |   2 +-
 .../load_tester/load_tester_diffie_hellman.h       |   2 +-
 .../plugins/load_tester/load_tester_ipsec.c        |   2 +-
 .../plugins/load_tester/load_tester_ipsec.h        |   2 +-
 .../plugins/load_tester/load_tester_listener.c     |   2 +-
 .../plugins/load_tester/load_tester_listener.h     |   2 +-
 .../plugins/load_tester/load_tester_plugin.c       |   2 +-
 .../plugins/load_tester/load_tester_plugin.h       |   2 +-
 src/libcharon/plugins/medcli/medcli_config.c       |   2 +-
 src/libcharon/plugins/medcli/medcli_config.h       |   2 +-
 src/libcharon/plugins/medcli/medcli_creds.c        |   2 +-
 src/libcharon/plugins/medcli/medcli_creds.h        |   2 +-
 src/libcharon/plugins/medcli/medcli_listener.c     |   2 +-
 src/libcharon/plugins/medcli/medcli_listener.h     |   2 +-
 src/libcharon/plugins/medcli/medcli_plugin.c       |   2 +-
 src/libcharon/plugins/medcli/medcli_plugin.h       |   2 +-
 src/libcharon/plugins/medsrv/medsrv_config.c       |   2 +-
 src/libcharon/plugins/medsrv/medsrv_config.h       |   2 +-
 src/libcharon/plugins/medsrv/medsrv_creds.c        |   2 +-
 src/libcharon/plugins/medsrv/medsrv_creds.h        |   2 +-
 src/libcharon/plugins/medsrv/medsrv_plugin.c       |   2 +-
 src/libcharon/plugins/medsrv/medsrv_plugin.h       |   2 +-
 src/libcharon/plugins/p_cscf/p_cscf_handler.c      |   2 +-
 src/libcharon/plugins/p_cscf/p_cscf_handler.h      |   2 +-
 src/libcharon/plugins/p_cscf/p_cscf_plugin.c       |   2 +-
 src/libcharon/plugins/p_cscf/p_cscf_plugin.h       |   2 +-
 src/libcharon/plugins/resolve/resolve_handler.h    |   2 +-
 src/libcharon/plugins/resolve/resolve_plugin.c     |   2 +-
 src/libcharon/plugins/resolve/resolve_plugin.h     |   2 +-
 src/libcharon/plugins/smp/smp.c                    |   4 +-
 src/libcharon/plugins/smp/smp.h                    |   2 +-
 .../plugins/socket_default/socket_default_plugin.c |   2 +-
 .../plugins/socket_default/socket_default_socket.c |   2 +-
 .../plugins/socket_dynamic/socket_dynamic_plugin.c |   2 +-
 .../plugins/socket_dynamic/socket_dynamic_socket.c |   2 +-
 src/libcharon/plugins/sql/sql_config.c             |   2 +-
 src/libcharon/plugins/sql/sql_config.h             |   2 +-
 src/libcharon/plugins/sql/sql_cred.c               |   2 +-
 src/libcharon/plugins/sql/sql_cred.h               |   2 +-
 src/libcharon/plugins/sql/sql_logger.c             |   2 +-
 src/libcharon/plugins/sql/sql_logger.h             |   2 +-
 src/libcharon/plugins/sql/sql_plugin.c             |   2 +-
 src/libcharon/plugins/sql/sql_plugin.h             |   2 +-
 src/libcharon/plugins/stroke/stroke_attribute.c    |   2 +-
 src/libcharon/plugins/stroke/stroke_attribute.h    |   2 +-
 src/libcharon/plugins/stroke/stroke_ca.c           |   2 +-
 src/libcharon/plugins/stroke/stroke_ca.h           |   2 +-
 src/libcharon/plugins/stroke/stroke_config.c       |   2 +-
 src/libcharon/plugins/stroke/stroke_config.h       |   2 +-
 src/libcharon/plugins/stroke/stroke_control.c      |  91 +--
 src/libcharon/plugins/stroke/stroke_control.h      |   2 +-
 src/libcharon/plugins/stroke/stroke_cred.h         |   2 +-
 src/libcharon/plugins/stroke/stroke_list.c         |   2 +-
 src/libcharon/plugins/stroke/stroke_list.h         |   2 +-
 src/libcharon/plugins/stroke/stroke_plugin.c       |   2 +-
 src/libcharon/plugins/stroke/stroke_plugin.h       |   2 +-
 src/libcharon/plugins/stroke/stroke_socket.c       |   5 +
 src/libcharon/plugins/stroke/stroke_socket.h       |   2 +-
 src/libcharon/plugins/uci/uci_config.c             |   2 +-
 src/libcharon/plugins/uci/uci_config.h             |   2 +-
 src/libcharon/plugins/uci/uci_control.c            |   4 +-
 src/libcharon/plugins/uci/uci_control.h            |   2 +-
 src/libcharon/plugins/uci/uci_creds.c              |   2 +-
 src/libcharon/plugins/uci/uci_creds.h              |   2 +-
 src/libcharon/plugins/uci/uci_parser.c             |   2 +-
 src/libcharon/plugins/uci/uci_parser.h             |   2 +-
 src/libcharon/plugins/uci/uci_plugin.c             |   2 +-
 src/libcharon/plugins/uci/uci_plugin.h             |   2 +-
 src/libcharon/plugins/unity/unity_handler.c        |   2 +-
 src/libcharon/plugins/unity/unity_narrow.c         |   2 +-
 src/libcharon/plugins/unity/unity_provider.c       |   2 +-
 src/libcharon/plugins/updown/updown_listener.h     |   2 +-
 src/libcharon/plugins/updown/updown_plugin.c       |   2 +-
 src/libcharon/plugins/updown/updown_plugin.h       |   2 +-
 src/libcharon/plugins/vici/README.md               |   4 +-
 .../vici/perl/Vici-Session/lib/Vici/Transport.pm   |  23 +-
 src/libcharon/plugins/vici/ruby/Makefile.in        |   2 +-
 src/libcharon/plugins/vici/suites/test_message.c   |   2 +-
 src/libcharon/plugins/vici/vici_attribute.c        |   2 +-
 src/libcharon/plugins/vici/vici_config.c           |  96 +--
 src/libcharon/plugins/vici/vici_control.c          |  95 +--
 src/libcharon/plugins/vici/vici_message.c          |   2 +-
 src/libcharon/plugins/vici/vici_message.h          |   2 +-
 .../plugins/xauth_generic/xauth_generic.c          |   2 +-
 .../plugins/xauth_generic/xauth_generic.h          |   2 +-
 .../plugins/xauth_generic/xauth_generic_plugin.c   |   2 +-
 .../plugins/xauth_generic/xauth_generic_plugin.h   |   2 +-
 src/libcharon/plugins/xauth_noauth/xauth_noauth.c  |   2 +-
 src/libcharon/plugins/xauth_noauth/xauth_noauth.h  |   2 +-
 .../plugins/xauth_noauth/xauth_noauth_plugin.c     |   2 +-
 .../plugins/xauth_noauth/xauth_noauth_plugin.h     |   2 +-
 src/libcharon/processing/jobs/acquire_job.c        |   2 +-
 src/libcharon/processing/jobs/acquire_job.h        |   2 +-
 src/libcharon/processing/jobs/adopt_children_job.c |   2 +-
 src/libcharon/processing/jobs/delete_ike_sa_job.c  |   4 +-
 src/libcharon/processing/jobs/delete_ike_sa_job.h  |   2 +-
 src/libcharon/processing/jobs/inactivity_job.c     |   4 +-
 src/libcharon/processing/jobs/inactivity_job.h     |   2 +-
 .../processing/jobs/initiate_mediation_job.c       |   2 +-
 .../processing/jobs/initiate_mediation_job.h       |   2 +-
 src/libcharon/processing/jobs/mediation_job.c      |   2 +-
 src/libcharon/processing/jobs/mediation_job.h      |   2 +-
 src/libcharon/processing/jobs/migrate_job.c        |   2 +-
 src/libcharon/processing/jobs/migrate_job.h        |   2 +-
 .../processing/jobs/process_message_job.c          |   2 +-
 .../processing/jobs/process_message_job.h          |   2 +-
 src/libcharon/processing/jobs/redirect_job.c       |   2 +-
 src/libcharon/processing/jobs/redirect_job.h       |   2 +-
 src/libcharon/processing/jobs/rekey_child_sa_job.c |   2 +-
 src/libcharon/processing/jobs/rekey_child_sa_job.h |   2 +-
 src/libcharon/processing/jobs/rekey_ike_sa_job.c   |   2 +-
 src/libcharon/processing/jobs/rekey_ike_sa_job.h   |   2 +-
 src/libcharon/processing/jobs/retransmit_job.c     |   2 +-
 src/libcharon/processing/jobs/retransmit_job.h     |   2 +-
 src/libcharon/processing/jobs/retry_initiate_job.c |   2 +-
 src/libcharon/processing/jobs/retry_initiate_job.h |   2 +-
 src/libcharon/processing/jobs/roam_job.c           |   2 +-
 src/libcharon/processing/jobs/roam_job.h           |   2 +-
 src/libcharon/processing/jobs/send_dpd_job.c       |   2 +-
 src/libcharon/processing/jobs/send_dpd_job.h       |   2 +-
 src/libcharon/processing/jobs/send_keepalive_job.c |   2 +-
 src/libcharon/processing/jobs/send_keepalive_job.h |   2 +-
 src/libcharon/processing/jobs/start_action_job.c   |   2 +-
 src/libcharon/processing/jobs/update_sa_job.c      |   2 +-
 src/libcharon/processing/jobs/update_sa_job.h      |   2 +-
 src/libcharon/sa/authenticator.c                   |   2 +-
 src/libcharon/sa/authenticator.h                   |   2 +-
 src/libcharon/sa/child_sa.c                        | 116 ++-
 src/libcharon/sa/child_sa.h                        |   5 +
 src/libcharon/sa/eap/eap_manager.c                 |   2 +-
 src/libcharon/sa/eap/eap_manager.h                 |   2 +-
 src/libcharon/sa/eap/eap_method.c                  |   2 +-
 src/libcharon/sa/eap/eap_method.h                  |   2 +-
 src/libcharon/sa/ike_sa.c                          | 116 ++-
 src/libcharon/sa/ike_sa.h                          |  15 +-
 src/libcharon/sa/ike_sa_id.c                       |   2 +-
 src/libcharon/sa/ike_sa_id.h                       |   2 +-
 src/libcharon/sa/ike_sa_manager.c                  |  17 +-
 .../ikev1/authenticators/pubkey_v1_authenticator.c |  27 +-
 src/libcharon/sa/ikev1/iv_manager.c                |   2 +-
 src/libcharon/sa/ikev1/iv_manager.h                |   2 +-
 src/libcharon/sa/ikev1/keymat_v1.c                 |   2 +-
 src/libcharon/sa/ikev1/keymat_v1.h                 |   2 +-
 src/libcharon/sa/ikev1/tasks/aggressive_mode.c     |   2 +-
 src/libcharon/sa/ikev1/tasks/isakmp_delete.c       |   2 +-
 src/libcharon/sa/ikev1/tasks/isakmp_natd.c         |   2 +-
 src/libcharon/sa/ikev1/tasks/isakmp_natd.h         |   2 +-
 src/libcharon/sa/ikev1/tasks/isakmp_vendor.c       |   2 +-
 src/libcharon/sa/ikev1/tasks/main_mode.c           |   2 +-
 src/libcharon/sa/ikev1/tasks/quick_delete.c        |   3 +-
 src/libcharon/sa/ikev1/tasks/quick_mode.c          |  24 +-
 src/libcharon/sa/ikev1/tasks/quick_mode.h          |   2 +-
 .../sa/ikev2/authenticators/eap_authenticator.c    |   2 +-
 .../sa/ikev2/authenticators/eap_authenticator.h    |   2 +-
 .../sa/ikev2/authenticators/psk_authenticator.c    |   2 +-
 .../sa/ikev2/authenticators/psk_authenticator.h    |   2 +-
 .../sa/ikev2/authenticators/pubkey_authenticator.c |  35 +-
 .../sa/ikev2/authenticators/pubkey_authenticator.h |   2 +-
 src/libcharon/sa/ikev2/connect_manager.c           |   2 +-
 src/libcharon/sa/ikev2/connect_manager.h           |   2 +-
 src/libcharon/sa/ikev2/keymat_v2.c                 |   6 +-
 src/libcharon/sa/ikev2/keymat_v2.h                 |   2 +-
 src/libcharon/sa/ikev2/mediation_manager.c         |   2 +-
 src/libcharon/sa/ikev2/mediation_manager.h         |   2 +-
 src/libcharon/sa/ikev2/task_manager_v2.c           |  20 +-
 src/libcharon/sa/ikev2/tasks/child_create.c        | 109 ++-
 src/libcharon/sa/ikev2/tasks/child_delete.c        |   9 +-
 src/libcharon/sa/ikev2/tasks/child_delete.h        |   2 +-
 src/libcharon/sa/ikev2/tasks/child_rekey.c         |   6 +-
 src/libcharon/sa/ikev2/tasks/ike_auth.c            |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_auth.h            |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c   |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h   |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_cert_post.c       |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_cert_post.h       |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_cert_pre.c        |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_cert_pre.h        |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_config.c          |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_config.h          |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_delete.h          |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_dpd.c             |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_dpd.h             |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_init.h            |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_me.c              |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_me.h              |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_mobike.h          |   4 +-
 src/libcharon/sa/ikev2/tasks/ike_natd.c            |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_natd.h            |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_reauth.c          |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_reauth.h          |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_redirect.c        |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_redirect.h        |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_rekey.c           |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_vendor.c          |   2 +-
 src/libcharon/sa/ikev2/tasks/ike_vendor.h          |   2 +-
 .../sa/ikev2/tasks/ike_verify_peer_cert.c          |   2 +-
 .../sa/ikev2/tasks/ike_verify_peer_cert.h          |   2 +-
 src/libcharon/sa/keymat.c                          |   3 +-
 src/libcharon/sa/keymat.h                          |   2 +-
 src/libcharon/sa/redirect_manager.c                |   2 +-
 src/libcharon/sa/redirect_manager.h                |   2 +-
 src/libcharon/sa/redirect_provider.h               |   2 +-
 src/libcharon/sa/shunt_manager.c                   |  13 +-
 src/libcharon/sa/shunt_manager.h                   |  10 +-
 src/libcharon/sa/task.c                            |   2 +-
 src/libcharon/sa/task.h                            |   2 +-
 src/libcharon/sa/task_manager.c                    |   2 +-
 src/libcharon/sa/trap_manager.c                    |  64 +-
 src/libcharon/sa/trap_manager.h                    |  25 +-
 src/libcharon/sa/xauth/xauth_method.c              |   2 +-
 src/libcharon/sa/xauth/xauth_method.h              |   2 +-
 src/libcharon/tests/suites/test_child_delete.c     |   2 +-
 src/libcharon/tests/suites/test_child_rekey.c      |  84 +-
 src/libcharon/tests/suites/test_ike_cfg.c          |   2 +-
 src/libcharon/tests/suites/test_ike_delete.c       |   6 +-
 src/libcharon/tests/suites/test_ike_rekey.c        |   4 +-
 src/libcharon/tests/suites/test_mem_pool.c         |   2 +-
 src/libfast/fast_context.h                         |   2 +-
 src/libfast/fast_controller.h                      |   2 +-
 src/libfast/fast_dispatcher.c                      |   2 +-
 src/libfast/fast_dispatcher.h                      |   4 +-
 src/libfast/fast_filter.h                          |   2 +-
 src/libfast/fast_request.c                         |   4 +-
 src/libfast/fast_request.h                         |   2 +-
 src/libfast/fast_session.c                         |   2 +-
 src/libfast/fast_session.h                         |   2 +-
 src/libimcv/imcv.h                                 |   3 +-
 src/libimcv/imv/data.sql                           |  24 +
 src/libimcv/imv/imv_database.c                     |   5 +-
 src/libimcv/imv/imv_policy_manager.c               |   2 +-
 src/libimcv/imv/tables-mysql.sql                   |   4 +-
 src/libimcv/imv/tables.sql                         |   3 +-
 src/libimcv/ita/ita_attr_settings.c                |   2 +-
 .../plugins/imc_scanner/imc_scanner_state.h        |   3 +-
 src/libimcv/plugins/imc_swid/imc_swid_state.h      |   3 +-
 .../strongswan.org__strongSwan-5-6-2.swidtag       |  11 -
 .../strongswan.org__strongSwan-5-6-3.swidtag       |  11 +
 .../strongswan.org__strongSwan-5-6-2.swidtag       |  11 -
 .../strongswan.org__strongSwan-5-6-3.swidtag       |  11 +
 src/libimcv/plugins/imc_test/imc_test_state.h      |   3 +-
 src/libimcv/plugins/imv_test/imv_test_state.h      |   3 +-
 src/libimcv/pts/pts.c                              |   2 +-
 src/libipsec/esp_context.c                         |   2 +-
 src/libipsec/esp_context.h                         |   2 +-
 src/libipsec/esp_packet.c                          |   2 +-
 src/libipsec/esp_packet.h                          |   2 +-
 src/libipsec/ip_packet.c                           |   4 +-
 src/libipsec/ip_packet.h                           |   2 +-
 src/libipsec/ipsec.c                               |   2 +-
 src/libipsec/ipsec.h                               |   2 +-
 src/libipsec/ipsec_event_listener.h                |   2 +-
 src/libipsec/ipsec_event_relay.c                   |   2 +-
 src/libipsec/ipsec_event_relay.h                   |   2 +-
 src/libipsec/ipsec_policy.c                        |   2 +-
 src/libipsec/ipsec_policy.h                        |   2 +-
 src/libipsec/ipsec_policy_mgr.c                    |   2 +-
 src/libipsec/ipsec_policy_mgr.h                    |   2 +-
 src/libipsec/ipsec_processor.c                     |   2 +-
 src/libipsec/ipsec_processor.h                     |   2 +-
 src/libipsec/ipsec_sa.c                            |   2 +-
 src/libipsec/ipsec_sa.h                            |   2 +-
 src/libipsec/ipsec_sa_mgr.c                        |   2 +-
 src/libipsec/ipsec_sa_mgr.h                        |   2 +-
 src/libradius/radius_client.c                      |   2 +-
 src/libradius/radius_client.h                      |   2 +-
 src/libradius/radius_message.c                     |   2 +-
 src/libradius/radius_message.h                     |   2 +-
 src/libsimaka/simaka_card.h                        |   2 +-
 src/libsimaka/simaka_crypto.c                      |   2 +-
 src/libsimaka/simaka_crypto.h                      |   2 +-
 src/libsimaka/simaka_hooks.h                       |   2 +-
 src/libsimaka/simaka_manager.c                     |   2 +-
 src/libsimaka/simaka_manager.h                     |   2 +-
 src/libsimaka/simaka_message.c                     |   2 +-
 src/libsimaka/simaka_message.h                     |   2 +-
 src/libsimaka/simaka_provider.h                    |   2 +-
 src/libstrongswan/asn1/asn1.c                      |   2 +-
 src/libstrongswan/asn1/asn1.h                      |   2 +-
 src/libstrongswan/asn1/oid.c                       | 703 ++++++++--------
 src/libstrongswan/asn1/oid.h                       | 327 ++++----
 src/libstrongswan/asn1/oid.pl                      |   2 +-
 src/libstrongswan/asn1/oid.txt                     |   7 +
 src/libstrongswan/bio/bio_reader.c                 |   2 +-
 src/libstrongswan/bio/bio_reader.h                 |   2 +-
 src/libstrongswan/bio/bio_writer.c                 |   2 +-
 src/libstrongswan/bio/bio_writer.h                 |   2 +-
 src/libstrongswan/collections/array.c              |   2 +-
 src/libstrongswan/collections/array.h              |   2 +-
 src/libstrongswan/collections/blocking_queue.c     |   2 +-
 src/libstrongswan/collections/blocking_queue.h     |   2 +-
 src/libstrongswan/collections/dictionary.h         |   2 +-
 src/libstrongswan/collections/enumerator.c         |   2 +-
 src/libstrongswan/collections/hashtable.c          |   2 +-
 src/libstrongswan/collections/hashtable.h          |   2 +-
 src/libstrongswan/collections/linked_list.c        |   2 +-
 src/libstrongswan/collections/linked_list.h        |   2 +-
 src/libstrongswan/credentials/auth_cfg.h           |   2 +-
 .../credentials/certificates/certificate.h         |   2 +-
 src/libstrongswan/credentials/certificates/crl.c   |   2 +-
 src/libstrongswan/credentials/certificates/crl.h   |   2 +-
 .../credentials/certificates/ocsp_request.h        |   2 +-
 .../credentials/certificates/ocsp_response.c       |   2 +-
 .../credentials/certificates/ocsp_response.h       |   2 +-
 .../credentials/certificates/pgp_certificate.h     |   2 +-
 src/libstrongswan/credentials/certificates/x509.h  |   5 +-
 .../credentials/containers/container.h             |   2 +-
 src/libstrongswan/credentials/containers/pkcs12.c  |   2 +-
 src/libstrongswan/credentials/containers/pkcs12.h  |   2 +-
 src/libstrongswan/credentials/cred_encoding.c      |   2 +-
 src/libstrongswan/credentials/cred_encoding.h      |   2 +-
 src/libstrongswan/credentials/credential_factory.c |   2 +-
 src/libstrongswan/credentials/credential_factory.h |   2 +-
 src/libstrongswan/credentials/credential_manager.c |   2 +-
 src/libstrongswan/credentials/credential_manager.h |   2 +-
 src/libstrongswan/credentials/credential_set.h     |   2 +-
 src/libstrongswan/credentials/keys/private_key.c   |   2 +-
 src/libstrongswan/credentials/keys/shared_key.c    |   2 +-
 src/libstrongswan/credentials/keys/shared_key.h    |   2 +-
 .../credentials/sets/auth_cfg_wrapper.c            |   2 +-
 .../credentials/sets/auth_cfg_wrapper.h            |   2 +-
 src/libstrongswan/credentials/sets/cert_cache.h    |   2 +-
 src/libstrongswan/credentials/sets/mem_cred.c      |   2 +-
 .../credentials/sets/ocsp_response_wrapper.c       |   2 +-
 .../credentials/sets/ocsp_response_wrapper.h       |   2 +-
 src/libstrongswan/crypto/aead.c                    |   2 +-
 src/libstrongswan/crypto/aead.h                    |   2 +-
 src/libstrongswan/crypto/crypters/crypter.c        |   2 +-
 src/libstrongswan/crypto/crypters/crypter.h        |   2 +-
 src/libstrongswan/crypto/crypto_tester.c           |   2 +-
 src/libstrongswan/crypto/crypto_tester.h           |   2 +-
 src/libstrongswan/crypto/diffie_hellman.c          |  47 +-
 src/libstrongswan/crypto/diffie_hellman.h          |   2 +-
 .../crypto/hashers/hash_algorithm_set.c            |   2 +-
 .../crypto/hashers/hash_algorithm_set.h            |   2 +-
 src/libstrongswan/crypto/iv/iv_gen.c               |   2 +-
 src/libstrongswan/crypto/iv/iv_gen.h               |   2 +-
 src/libstrongswan/crypto/iv/iv_gen_null.c          |   2 +-
 src/libstrongswan/crypto/iv/iv_gen_null.h          |   2 +-
 src/libstrongswan/crypto/iv/iv_gen_rand.c          |   2 +-
 src/libstrongswan/crypto/iv/iv_gen_rand.h          |   2 +-
 src/libstrongswan/crypto/iv/iv_gen_seq.c           |   2 +-
 src/libstrongswan/crypto/iv/iv_gen_seq.h           |   2 +-
 src/libstrongswan/crypto/mac.h                     |   2 +-
 src/libstrongswan/crypto/nonce_gen.h               |   2 +-
 src/libstrongswan/crypto/pkcs5.c                   |  26 +-
 src/libstrongswan/crypto/pkcs5.h                   |   2 +-
 src/libstrongswan/crypto/prf_plus.c                |   2 +-
 src/libstrongswan/crypto/prf_plus.h                |   2 +-
 src/libstrongswan/crypto/prfs/mac_prf.c            |   2 +-
 src/libstrongswan/crypto/prfs/mac_prf.h            |   2 +-
 src/libstrongswan/crypto/prfs/prf.c                |  27 +-
 src/libstrongswan/crypto/prfs/prf.h                |  11 +-
 src/libstrongswan/crypto/proposal/proposal.c       | 236 +++++-
 .../crypto/proposal/proposal_keywords.c            |   2 +-
 .../crypto/proposal/proposal_keywords.h            |   2 +-
 .../crypto/proposal/proposal_keywords_static.c     | 153 ++--
 .../crypto/proposal/proposal_keywords_static.h     |   2 +-
 .../crypto/proposal/proposal_keywords_static.h.in  |   2 +-
 .../crypto/proposal/proposal_keywords_static.txt   |   5 +-
 src/libstrongswan/crypto/rngs/rng.c                |   2 +-
 src/libstrongswan/crypto/rngs/rng.h                |   2 +-
 src/libstrongswan/crypto/signers/mac_signer.c      |   2 +-
 src/libstrongswan/crypto/signers/mac_signer.h      |   2 +-
 src/libstrongswan/crypto/signers/signer.c          |   2 +-
 src/libstrongswan/crypto/signers/signer.h          |   2 +-
 src/libstrongswan/crypto/transform.c               |  22 +-
 src/libstrongswan/crypto/transform.h               |  15 +-
 src/libstrongswan/database/database.h              |   2 +-
 src/libstrongswan/database/database_factory.c      |   2 +-
 src/libstrongswan/database/database_factory.h      |   2 +-
 src/libstrongswan/eap/eap.c                        |   2 +-
 src/libstrongswan/eap/eap.h                        |   2 +-
 src/libstrongswan/fetcher/fetcher.h                |   2 +-
 src/libstrongswan/fetcher/fetcher_manager.c        |   2 +-
 src/libstrongswan/fetcher/fetcher_manager.h        |   2 +-
 src/libstrongswan/ipsec/ipsec_types.c              |   8 +-
 src/libstrongswan/ipsec/ipsec_types.h              |  17 +-
 src/libstrongswan/library.c                        |   2 +-
 src/libstrongswan/library.h                        |   2 +-
 src/libstrongswan/networking/host.c                |   2 +-
 src/libstrongswan/networking/host.h                |   2 +-
 src/libstrongswan/networking/host_resolver.c       |   2 +-
 src/libstrongswan/networking/host_resolver.h       |   2 +-
 src/libstrongswan/networking/packet.c              |   2 +-
 src/libstrongswan/networking/packet.h              |   2 +-
 .../networking/streams/stream_service_unix.c       |   9 +-
 src/libstrongswan/networking/tun_device.c          |   2 +-
 src/libstrongswan/networking/tun_device.h          |   2 +-
 src/libstrongswan/plugins/aes/aes_crypter.c        |   2 +-
 src/libstrongswan/plugins/aes/aes_crypter.h        |   2 +-
 src/libstrongswan/plugins/aes/aes_plugin.c         |   2 +-
 src/libstrongswan/plugins/aes/aes_plugin.h         |   2 +-
 src/libstrongswan/plugins/aesni/aesni_cmac.c       |   2 +-
 src/libstrongswan/plugins/aesni/aesni_xcbc.c       |   2 +-
 src/libstrongswan/plugins/agent/agent_plugin.c     |   2 +-
 src/libstrongswan/plugins/agent/agent_plugin.h     |   2 +-
 .../plugins/agent/agent_private_key.c              |   2 +-
 .../plugins/agent/agent_private_key.h              |   2 +-
 .../plugins/bliss/bliss_private_key.c              |   4 +-
 src/libstrongswan/plugins/blowfish/bf_enc.c        |   2 +-
 src/libstrongswan/plugins/blowfish/bf_locl.h       |   2 +-
 src/libstrongswan/plugins/blowfish/bf_pi.h         |   2 +-
 src/libstrongswan/plugins/blowfish/bf_skey.c       |   2 +-
 src/libstrongswan/plugins/blowfish/blowfish.h      |   2 +-
 .../plugins/blowfish/blowfish_crypter.c            |   2 +-
 .../plugins/blowfish/blowfish_crypter.h            |   2 +-
 .../plugins/blowfish/blowfish_plugin.c             |   2 +-
 .../plugins/blowfish/blowfish_plugin.h             |   2 +-
 src/libstrongswan/plugins/cmac/cmac.c              |   2 +-
 src/libstrongswan/plugins/cmac/cmac.h              |   2 +-
 src/libstrongswan/plugins/cmac/cmac_plugin.c       |   2 +-
 src/libstrongswan/plugins/cmac/cmac_plugin.h       |   2 +-
 src/libstrongswan/plugins/curl/curl_fetcher.c      |   2 +-
 src/libstrongswan/plugins/curl/curl_fetcher.h      |   2 +-
 src/libstrongswan/plugins/curl/curl_plugin.c       |   2 +-
 src/libstrongswan/plugins/curl/curl_plugin.h       |   2 +-
 src/libstrongswan/plugins/des/des_crypter.c        |   4 +-
 src/libstrongswan/plugins/des/des_crypter.h        |   2 +-
 src/libstrongswan/plugins/des/des_plugin.c         |   2 +-
 src/libstrongswan/plugins/des/des_plugin.h         |   2 +-
 src/libstrongswan/plugins/dnskey/dnskey_builder.c  |   2 +-
 src/libstrongswan/plugins/dnskey/dnskey_builder.h  |   2 +-
 src/libstrongswan/plugins/dnskey/dnskey_plugin.c   |   2 +-
 src/libstrongswan/plugins/dnskey/dnskey_plugin.h   |   2 +-
 src/libstrongswan/plugins/files/files_fetcher.c    |   2 +-
 src/libstrongswan/plugins/files/files_fetcher.h    |   2 +-
 src/libstrongswan/plugins/files/files_plugin.c     |   2 +-
 src/libstrongswan/plugins/files/files_plugin.h     |   2 +-
 src/libstrongswan/plugins/fips_prf/fips_prf.c      |   2 +-
 src/libstrongswan/plugins/fips_prf/fips_prf.h      |   2 +-
 .../plugins/fips_prf/fips_prf_plugin.c             |   2 +-
 .../plugins/fips_prf/fips_prf_plugin.h             |   2 +-
 src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c  |   2 +-
 src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h  |   2 +-
 src/libstrongswan/plugins/gcrypt/gcrypt_dh.c       |   2 +-
 src/libstrongswan/plugins/gcrypt/gcrypt_dh.h       |   2 +-
 src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c   |   2 +-
 src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h   |   2 +-
 src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c   |   2 +-
 src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h   |   2 +-
 src/libstrongswan/plugins/gcrypt/gcrypt_rng.c      |   2 +-
 src/libstrongswan/plugins/gcrypt/gcrypt_rng.h      |   2 +-
 .../plugins/gcrypt/gcrypt_rsa_private_key.h        |   2 +-
 .../plugins/gcrypt/gcrypt_rsa_public_key.h         |   2 +-
 src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c |   2 +-
 src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h |   2 +-
 src/libstrongswan/plugins/gmp/gmp_plugin.c         |   2 +-
 src/libstrongswan/plugins/gmp/gmp_plugin.h         |   2 +-
 .../plugins/gmp/gmp_rsa_private_key.h              |   2 +-
 src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h |   2 +-
 src/libstrongswan/plugins/hmac/hmac.c              |   2 +-
 src/libstrongswan/plugins/hmac/hmac.h              |   2 +-
 src/libstrongswan/plugins/hmac/hmac_plugin.c       |   2 +-
 src/libstrongswan/plugins/hmac/hmac_plugin.h       |   2 +-
 src/libstrongswan/plugins/ldap/ldap_fetcher.c      |   2 +-
 src/libstrongswan/plugins/ldap/ldap_fetcher.h      |   2 +-
 src/libstrongswan/plugins/ldap/ldap_plugin.c       |   2 +-
 src/libstrongswan/plugins/ldap/ldap_plugin.h       |   2 +-
 src/libstrongswan/plugins/md4/md4_hasher.c         |   2 +-
 src/libstrongswan/plugins/md4/md4_hasher.h         |   2 +-
 src/libstrongswan/plugins/md4/md4_plugin.c         |   2 +-
 src/libstrongswan/plugins/md4/md4_plugin.h         |   2 +-
 src/libstrongswan/plugins/md5/md5_hasher.c         |   2 +-
 src/libstrongswan/plugins/md5/md5_hasher.h         |   2 +-
 src/libstrongswan/plugins/md5/md5_plugin.c         |   2 +-
 src/libstrongswan/plugins/md5/md5_plugin.h         |   2 +-
 src/libstrongswan/plugins/mysql/mysql_database.c   |   2 +-
 src/libstrongswan/plugins/mysql/mysql_database.h   |   2 +-
 src/libstrongswan/plugins/mysql/mysql_plugin.c     |   2 +-
 src/libstrongswan/plugins/mysql/mysql_plugin.h     |   2 +-
 src/libstrongswan/plugins/nonce/nonce_nonceg.c     |   2 +-
 src/libstrongswan/plugins/nonce/nonce_nonceg.h     |   2 +-
 src/libstrongswan/plugins/nonce/nonce_plugin.c     |   2 +-
 src/libstrongswan/plugins/nonce/nonce_plugin.h     |   2 +-
 src/libstrongswan/plugins/ntru/ntru_private_key.c  |   2 +-
 src/libstrongswan/plugins/openssl/openssl_crl.c    |   2 +-
 .../plugins/openssl/openssl_crypter.c              |   2 +-
 .../plugins/openssl/openssl_crypter.h              |   2 +-
 .../plugins/openssl/openssl_diffie_hellman.c       |   2 +-
 .../plugins/openssl/openssl_diffie_hellman.h       |   2 +-
 .../plugins/openssl/openssl_ec_diffie_hellman.c    |   2 +-
 .../plugins/openssl/openssl_ec_diffie_hellman.h    |   2 +-
 .../plugins/openssl/openssl_ec_public_key.c        |   2 +-
 .../plugins/openssl/openssl_ec_public_key.h        |   2 +-
 src/libstrongswan/plugins/openssl/openssl_gcm.c    |   2 +-
 src/libstrongswan/plugins/openssl/openssl_gcm.h    |   2 +-
 src/libstrongswan/plugins/openssl/openssl_hmac.c   |   2 +-
 src/libstrongswan/plugins/openssl/openssl_hmac.h   |   2 +-
 src/libstrongswan/plugins/openssl/openssl_pkcs12.c |   2 +-
 src/libstrongswan/plugins/openssl/openssl_pkcs12.h |   2 +-
 src/libstrongswan/plugins/openssl/openssl_plugin.h |   2 +-
 .../plugins/openssl/openssl_rsa_public_key.h       |   2 +-
 .../plugins/openssl/openssl_sha1_prf.c             |   2 +-
 .../plugins/openssl/openssl_sha1_prf.h             |   2 +-
 src/libstrongswan/plugins/openssl/openssl_util.c   |   2 +-
 src/libstrongswan/plugins/openssl/openssl_util.h   |   2 +-
 src/libstrongswan/plugins/openssl/openssl_x509.c   |  11 +
 .../plugins/padlock/padlock_aes_crypter.c          |   2 +-
 .../plugins/padlock/padlock_aes_crypter.h          |   2 +-
 src/libstrongswan/plugins/padlock/padlock_plugin.c |   2 +-
 src/libstrongswan/plugins/padlock/padlock_plugin.h |   2 +-
 src/libstrongswan/plugins/padlock/padlock_rng.c    |   2 +-
 src/libstrongswan/plugins/padlock/padlock_rng.h    |   2 +-
 .../plugins/padlock/padlock_sha1_hasher.c          |   2 +-
 .../plugins/padlock/padlock_sha1_hasher.h          |   2 +-
 src/libstrongswan/plugins/pem/pem_builder.c        |   2 +-
 src/libstrongswan/plugins/pem/pem_builder.h        |   2 +-
 src/libstrongswan/plugins/pem/pem_encoder.h        |   2 +-
 src/libstrongswan/plugins/pem/pem_plugin.c         |   2 +-
 src/libstrongswan/plugins/pem/pem_plugin.h         |   2 +-
 src/libstrongswan/plugins/pgp/pgp_builder.c        |   2 +-
 src/libstrongswan/plugins/pgp/pgp_builder.h        |   2 +-
 src/libstrongswan/plugins/pgp/pgp_cert.c           |   2 +-
 src/libstrongswan/plugins/pgp/pgp_cert.h           |   2 +-
 src/libstrongswan/plugins/pgp/pgp_encoder.c        |   2 +-
 src/libstrongswan/plugins/pgp/pgp_encoder.h        |   2 +-
 src/libstrongswan/plugins/pgp/pgp_plugin.c         |   2 +-
 src/libstrongswan/plugins/pgp/pgp_plugin.h         |   2 +-
 src/libstrongswan/plugins/pgp/pgp_utils.c          |   2 +-
 src/libstrongswan/plugins/pgp/pgp_utils.h          |   2 +-
 src/libstrongswan/plugins/pkcs1/pkcs1_builder.h    |   2 +-
 src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c    |   2 +-
 src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h    |   2 +-
 src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h     |   2 +-
 src/libstrongswan/plugins/pkcs11/pkcs11_dh.c       |   2 +-
 src/libstrongswan/plugins/pkcs11/pkcs11_dh.h       |   2 +-
 src/libstrongswan/plugins/pkcs11/pkcs11_library.c  |   6 +-
 src/libstrongswan/plugins/pkcs11/pkcs11_library.h  |   2 +-
 src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c   |   2 +-
 .../plugins/pkcs11/pkcs11_private_key.c            |   2 +-
 .../plugins/pkcs11/pkcs11_private_key.h            |   2 +-
 .../plugins/pkcs11/pkcs11_public_key.c             |   2 +-
 src/libstrongswan/plugins/pkcs11/pkcs11_rng.c      |   2 +-
 src/libstrongswan/plugins/pkcs11/pkcs11_rng.h      |   2 +-
 src/libstrongswan/plugins/pkcs12/pkcs12_decode.c   |   2 +-
 src/libstrongswan/plugins/pkcs12/pkcs12_decode.h   |   2 +-
 src/libstrongswan/plugins/pkcs12/pkcs12_plugin.c   |   2 +-
 src/libstrongswan/plugins/pkcs12/pkcs12_plugin.h   |   4 +-
 src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c |   2 +-
 src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h |   2 +-
 .../plugins/pkcs7/pkcs7_encrypted_data.c           |   2 +-
 .../plugins/pkcs7/pkcs7_encrypted_data.h           |   2 +-
 .../plugins/pkcs7/pkcs7_enveloped_data.c           |   2 +-
 src/libstrongswan/plugins/pkcs7/pkcs7_generic.c    |   2 +-
 src/libstrongswan/plugins/pkcs7/pkcs7_plugin.h     |   2 +-
 src/libstrongswan/plugins/pkcs8/pkcs8_builder.c    |   2 +-
 src/libstrongswan/plugins/pkcs8/pkcs8_builder.h    |   2 +-
 src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c     |   2 +-
 src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h     |   4 +-
 src/libstrongswan/plugins/plugin.h                 |   2 +-
 src/libstrongswan/plugins/plugin_feature.c         |   2 +-
 src/libstrongswan/plugins/plugin_feature.h         |   2 +-
 src/libstrongswan/plugins/plugin_loader.c          |   2 +-
 src/libstrongswan/plugins/plugin_loader.h          |   2 +-
 src/libstrongswan/plugins/pubkey/pubkey_cert.c     |   2 +-
 src/libstrongswan/plugins/pubkey/pubkey_cert.h     |   2 +-
 src/libstrongswan/plugins/pubkey/pubkey_plugin.c   |   2 +-
 src/libstrongswan/plugins/pubkey/pubkey_plugin.h   |   2 +-
 src/libstrongswan/plugins/random/random_plugin.c   |   2 +-
 src/libstrongswan/plugins/random/random_plugin.h   |   2 +-
 src/libstrongswan/plugins/random/random_rng.c      |   2 +-
 src/libstrongswan/plugins/random/random_rng.h      |   2 +-
 src/libstrongswan/plugins/rc2/rc2_crypter.c        |   2 +-
 src/libstrongswan/plugins/rc2/rc2_crypter.h        |   2 +-
 src/libstrongswan/plugins/rc2/rc2_plugin.c         |   2 +-
 src/libstrongswan/plugins/rc2/rc2_plugin.h         |   2 +-
 .../plugins/revocation/revocation_validator.c      | 134 ++-
 src/libstrongswan/plugins/sha1/sha1_hasher.c       |   2 +-
 src/libstrongswan/plugins/sha1/sha1_hasher.h       |   2 +-
 src/libstrongswan/plugins/sha1/sha1_plugin.c       |   2 +-
 src/libstrongswan/plugins/sha1/sha1_plugin.h       |   2 +-
 src/libstrongswan/plugins/sha1/sha1_prf.c          |   2 +-
 src/libstrongswan/plugins/sha1/sha1_prf.h          |   2 +-
 src/libstrongswan/plugins/sha2/sha2_hasher.c       |   2 +-
 src/libstrongswan/plugins/sha2/sha2_hasher.h       |   2 +-
 src/libstrongswan/plugins/sha2/sha2_plugin.c       |   2 +-
 src/libstrongswan/plugins/sha2/sha2_plugin.h       |   2 +-
 src/libstrongswan/plugins/sqlite/sqlite_database.c |   2 +-
 src/libstrongswan/plugins/sqlite/sqlite_database.h |   2 +-
 src/libstrongswan/plugins/sqlite/sqlite_plugin.c   |   8 +-
 src/libstrongswan/plugins/sqlite/sqlite_plugin.h   |   2 +-
 src/libstrongswan/plugins/sshkey/sshkey_builder.c  |   2 +-
 src/libstrongswan/plugins/sshkey/sshkey_builder.h  |   2 +-
 src/libstrongswan/plugins/sshkey/sshkey_encoder.c  |   2 +-
 src/libstrongswan/plugins/sshkey/sshkey_encoder.h  |   2 +-
 src/libstrongswan/plugins/sshkey/sshkey_plugin.c   |   2 +-
 src/libstrongswan/plugins/sshkey/sshkey_plugin.h   |   2 +-
 .../plugins/test_vectors/test_vectors.h            |   2 +-
 .../plugins/test_vectors/test_vectors/3des_cbc.c   |   2 +-
 .../plugins/test_vectors/test_vectors/aes_cbc.c    |   2 +-
 .../plugins/test_vectors/test_vectors/aes_cmac.c   |   2 +-
 .../plugins/test_vectors/test_vectors/aes_xcbc.c   |   2 +-
 .../plugins/test_vectors/test_vectors/blowfish.c   |   2 +-
 .../test_vectors/test_vectors/camellia_cbc.c       |   2 +-
 .../plugins/test_vectors/test_vectors/cast.c       |   2 +-
 .../plugins/test_vectors/test_vectors/des.c        |   2 +-
 .../plugins/test_vectors/test_vectors/fips_prf.c   |   2 +-
 .../plugins/test_vectors/test_vectors/idea.c       |   2 +-
 .../plugins/test_vectors/test_vectors/md2.c        |   2 +-
 .../plugins/test_vectors/test_vectors/md4.c        |   2 +-
 .../plugins/test_vectors/test_vectors/md5.c        |   2 +-
 .../plugins/test_vectors/test_vectors/md5_hmac.c   |   2 +-
 .../plugins/test_vectors/test_vectors/null.c       |   2 +-
 .../plugins/test_vectors/test_vectors/rc2.c        |   2 +-
 .../plugins/test_vectors/test_vectors/rc5.c        |   2 +-
 .../plugins/test_vectors/test_vectors/rng.c        |   2 +-
 .../test_vectors/test_vectors/serpent_cbc.c        |   2 +-
 .../plugins/test_vectors/test_vectors/sha1.c       |   2 +-
 .../plugins/test_vectors/test_vectors/sha1_hmac.c  |   2 +-
 .../plugins/test_vectors/test_vectors/sha2.c       |   2 +-
 .../plugins/test_vectors/test_vectors/sha2_hmac.c  |   2 +-
 .../test_vectors/test_vectors/twofish_cbc.c        |   2 +-
 .../plugins/test_vectors/test_vectors_plugin.c     |   2 +-
 .../plugins/test_vectors/test_vectors_plugin.h     |   2 +-
 src/libstrongswan/plugins/unbound/unbound_plugin.c |   2 +-
 src/libstrongswan/plugins/unbound/unbound_plugin.h |   2 +-
 .../plugins/unbound/unbound_resolver.c             |   2 +-
 .../plugins/unbound/unbound_resolver.h             |   2 +-
 .../plugins/unbound/unbound_response.c             |   2 +-
 .../plugins/unbound/unbound_response.h             |   2 +-
 src/libstrongswan/plugins/unbound/unbound_rr.c     |   2 +-
 src/libstrongswan/plugins/unbound/unbound_rr.h     |   2 +-
 src/libstrongswan/plugins/x509/x509_ac.h           |   2 +-
 src/libstrongswan/plugins/x509/x509_cert.c         |  12 +-
 src/libstrongswan/plugins/x509/x509_cert.h         |   2 +-
 src/libstrongswan/plugins/x509/x509_crl.c          |   3 +-
 src/libstrongswan/plugins/x509/x509_crl.h          |   2 +-
 src/libstrongswan/plugins/x509/x509_ocsp_request.c |   2 +-
 src/libstrongswan/plugins/x509/x509_ocsp_request.h |   2 +-
 .../plugins/x509/x509_ocsp_response.h              |   2 +-
 src/libstrongswan/plugins/x509/x509_plugin.c       |   2 +-
 src/libstrongswan/plugins/x509/x509_plugin.h       |   2 +-
 src/libstrongswan/plugins/xcbc/xcbc.c              |   2 +-
 src/libstrongswan/plugins/xcbc/xcbc.h              |   2 +-
 src/libstrongswan/plugins/xcbc/xcbc_plugin.c       |   2 +-
 src/libstrongswan/plugins/xcbc/xcbc_plugin.h       |   2 +-
 src/libstrongswan/processing/jobs/callback_job.c   |   2 +-
 src/libstrongswan/processing/jobs/callback_job.h   |   2 +-
 src/libstrongswan/processing/jobs/job.h            |   2 +-
 src/libstrongswan/processing/processor.c           |   2 +-
 src/libstrongswan/processing/processor.h           |   2 +-
 src/libstrongswan/processing/scheduler.c           |   2 +-
 src/libstrongswan/processing/scheduler.h           |   2 +-
 src/libstrongswan/resolver/resolver.h              |   2 +-
 src/libstrongswan/resolver/resolver_manager.c      |   2 +-
 src/libstrongswan/resolver/resolver_manager.h      |   2 +-
 src/libstrongswan/resolver/resolver_response.h     |   2 +-
 src/libstrongswan/resolver/rr.h                    |   2 +-
 src/libstrongswan/resolver/rr_set.c                |   2 +-
 src/libstrongswan/resolver/rr_set.h                |   2 +-
 src/libstrongswan/selectors/traffic_selector.c     |   9 +-
 src/libstrongswan/selectors/traffic_selector.h     |   2 +-
 src/libstrongswan/settings/settings.c              |   2 +-
 src/libstrongswan/settings/settings.h              |   2 +-
 src/libstrongswan/settings/settings_lexer.c        | 366 ++++++---
 src/libstrongswan/settings/settings_lexer.l        |  67 +-
 src/libstrongswan/settings/settings_parser.c       |   2 +-
 src/libstrongswan/settings/settings_parser.y       |   2 +-
 src/libstrongswan/settings/settings_types.c        |   2 +-
 src/libstrongswan/settings/settings_types.h        |   2 +-
 src/libstrongswan/tests/suites/test_array.c        |   2 +-
 src/libstrongswan/tests/suites/test_auth_cfg.c     |   2 +-
 src/libstrongswan/tests/suites/test_bio_reader.c   |   2 +-
 src/libstrongswan/tests/suites/test_bio_writer.c   |   2 +-
 src/libstrongswan/tests/suites/test_chunk.c        |   2 +-
 .../tests/suites/test_crypto_factory.c             |   2 +-
 src/libstrongswan/tests/suites/test_enum.c         |   2 +-
 src/libstrongswan/tests/suites/test_enumerator.c   |   2 +-
 src/libstrongswan/tests/suites/test_hashtable.c    |   2 +-
 src/libstrongswan/tests/suites/test_host.c         |   2 +-
 src/libstrongswan/tests/suites/test_iv_gen.c       |   2 +-
 src/libstrongswan/tests/suites/test_linked_list.c  |   2 +-
 .../tests/suites/test_linked_list_enumerator.c     |   2 +-
 src/libstrongswan/tests/suites/test_proposal.c     | 114 +++
 src/libstrongswan/tests/suites/test_settings.c     | 115 ++-
 src/libstrongswan/tests/suites/test_threading.c    |  52 +-
 .../tests/suites/test_traffic_selector.c           |   7 +-
 src/libstrongswan/tests/suites/test_utils.c        |   2 +-
 src/libstrongswan/tests/suites/test_vectors.c      |   2 +-
 src/libstrongswan/tests/test_runner.c              |   2 +-
 src/libstrongswan/tests/test_suite.h               |   2 +-
 src/libstrongswan/tests/tests.h                    |   2 +-
 src/libstrongswan/threading/condvar.h              |   2 +-
 src/libstrongswan/threading/lock_profiler.h        |   2 +-
 src/libstrongswan/threading/mutex.c                |   2 +-
 src/libstrongswan/threading/mutex.h                |   2 +-
 src/libstrongswan/threading/rwlock.c               |   2 +-
 src/libstrongswan/threading/rwlock.h               |   2 +-
 src/libstrongswan/threading/rwlock_condvar.h       |   2 +-
 src/libstrongswan/threading/semaphore.c            |   2 +-
 src/libstrongswan/threading/semaphore.h            |   2 +-
 src/libstrongswan/threading/spinlock.c             |   2 +-
 src/libstrongswan/threading/spinlock.h             |   2 +-
 src/libstrongswan/threading/thread.c               |   4 +-
 src/libstrongswan/threading/thread.h               |   2 +-
 src/libstrongswan/threading/thread_value.c         |   2 +-
 src/libstrongswan/threading/thread_value.h         |   2 +-
 src/libstrongswan/utils/backtrace.c                |   2 +-
 src/libstrongswan/utils/backtrace.h                |   2 +-
 src/libstrongswan/utils/capabilities.c             |   7 +-
 src/libstrongswan/utils/capabilities.h             |   5 +-
 src/libstrongswan/utils/chunk.c                    |   2 +-
 src/libstrongswan/utils/chunk.h                    |   2 +-
 src/libstrongswan/utils/compat/android.h           |   2 +-
 src/libstrongswan/utils/debug.c                    |   2 +-
 src/libstrongswan/utils/debug.h                    |   2 +-
 src/libstrongswan/utils/enum.c                     |   2 +-
 src/libstrongswan/utils/enum.h                     |   4 +-
 src/libstrongswan/utils/identification.h           |   2 +-
 src/libstrongswan/utils/integrity_checker.c        |   2 +-
 src/libstrongswan/utils/integrity_checker.h        |   2 +-
 src/libstrongswan/utils/leak_detective.c           |   2 +-
 src/libstrongswan/utils/leak_detective.h           |   2 +-
 src/libstrongswan/utils/lexparser.h                |   2 +-
 src/libstrongswan/utils/optionsfrom.c              |   2 +-
 src/libstrongswan/utils/optionsfrom.h              |   2 +-
 src/libstrongswan/utils/parser_helper.c            |   2 +-
 src/libstrongswan/utils/parser_helper.h            |   2 +-
 src/libstrongswan/utils/printf_hook/printf_hook.h  |   2 +-
 .../utils/printf_hook/printf_hook_glibc.c          |   2 +-
 .../utils/printf_hook/printf_hook_vstr.c           |   2 +-
 .../utils/printf_hook/printf_hook_vstr.h           |   2 +-
 src/libstrongswan/utils/test.c                     |   2 +-
 src/libstrongswan/utils/test.h                     |   2 +-
 src/libstrongswan/utils/utils.c                    |   2 +-
 src/libstrongswan/utils/utils.h                    |   2 +-
 src/libstrongswan/utils/utils/align.c              |   2 +-
 src/libstrongswan/utils/utils/align.h              |   2 +-
 src/libstrongswan/utils/utils/atomics.c            |   2 +-
 src/libstrongswan/utils/utils/atomics.h            |   2 +-
 src/libstrongswan/utils/utils/byteorder.h          |   2 +-
 src/libstrongswan/utils/utils/memory.c             |   4 +-
 src/libstrongswan/utils/utils/memory.h             |   2 +-
 src/libstrongswan/utils/utils/object.h             |   2 +-
 src/libstrongswan/utils/utils/path.c               |   2 +-
 src/libstrongswan/utils/utils/path.h               |   2 +-
 src/libstrongswan/utils/utils/status.c             |   2 +-
 src/libstrongswan/utils/utils/status.h             |   2 +-
 src/libstrongswan/utils/utils/strerror.c           |   2 +-
 src/libstrongswan/utils/utils/strerror.h           |   2 +-
 src/libstrongswan/utils/utils/string.c             |   2 +-
 src/libstrongswan/utils/utils/string.h             |   2 +-
 src/libstrongswan/utils/utils/tty.c                |   2 +-
 src/libstrongswan/utils/utils/tty.h                |   2 +-
 src/libstrongswan/utils/utils/types.h              |   2 +-
 src/libtls/tls_application.h                       |   2 +-
 .../plugins/tnc_imc/tnc_imc_bind_function.c        |   4 +-
 src/libtnccs/plugins/tnccs_11/batch/tnccs_batch.c  |   4 +-
 .../plugins/tnccs_11/messages/imc_imv_msg.c        |   4 +-
 .../plugins/tnccs_11/messages/tnccs_error_msg.c    |   4 +-
 src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c |   4 +-
 .../messages/tnccs_preferred_language_msg.c        |   4 +-
 .../tnccs_11/messages/tnccs_reason_strings_msg.c   |   4 +-
 .../tnccs_11/messages/tnccs_recommendation_msg.c   |   4 +-
 .../messages/tnccs_tncs_contact_info_msg.c         |   3 +-
 src/libtpmtss/plugins/tpm/tpm_cert.c               |   2 +-
 src/libtpmtss/tpm_tss_tss2.c                       |   3 +-
 src/manager/controller/auth_controller.c           |   2 +-
 src/manager/controller/auth_controller.h           |   2 +-
 src/manager/controller/config_controller.c         |   2 +-
 src/manager/controller/config_controller.h         |   2 +-
 src/manager/controller/control_controller.c        |   2 +-
 src/manager/controller/control_controller.h        |   2 +-
 src/manager/controller/gateway_controller.c        |   2 +-
 src/manager/controller/gateway_controller.h        |   2 +-
 src/manager/controller/ikesa_controller.c          |   2 +-
 src/manager/controller/ikesa_controller.h          |   2 +-
 src/manager/gateway.c                              |   2 +-
 src/manager/gateway.h                              |   2 +-
 src/manager/main.c                                 |   2 +-
 src/manager/manager.c                              |   2 +-
 src/manager/manager.h                              |   2 +-
 src/manager/storage.c                              |   2 +-
 src/manager/storage.h                              |   2 +-
 src/manager/xml.c                                  |   2 +-
 src/manager/xml.h                                  |   2 +-
 src/medsrv/controller/peer_controller.c            |   2 +-
 src/medsrv/controller/peer_controller.h            |   2 +-
 src/medsrv/controller/user_controller.c            |   2 +-
 src/medsrv/controller/user_controller.h            |   2 +-
 src/medsrv/filter/auth_filter.c                    |   2 +-
 src/medsrv/filter/auth_filter.h                    |   2 +-
 src/medsrv/main.c                                  |   2 +-
 src/medsrv/user.c                                  |   2 +-
 src/medsrv/user.h                                  |   2 +-
 src/pki/command.c                                  |   2 +-
 src/pki/command.h                                  |   2 +-
 src/pki/commands/dn.c                              |   2 +-
 src/pki/commands/pkcs12.c                          |   2 +-
 src/pki/commands/verify.c                          | 106 ++-
 src/pki/man/pki---verify.1.in                      |   7 +-
 src/pool/pool_attributes.c                         |   2 +-
 src/pool/pool_attributes.h                         |   2 +-
 src/pool/pool_usage.c                              |   2 +-
 src/pool/pool_usage.h                              |   2 +-
 src/pt-tls-client/pt-tls-client.c                  |   6 +-
 src/scepclient/scep.c                              |   2 +-
 src/scepclient/scep.h                              |   2 +-
 src/scepclient/scepclient.c                        |   2 +-
 src/starter/args.c                                 |   2 +-
 src/starter/args.h                                 |   2 +-
 src/starter/confread.c                             |   2 +-
 src/starter/invokecharon.c                         |   9 +-
 src/starter/invokecharon.h                         |   9 +-
 src/starter/keywords.c                             |   2 +-
 src/starter/keywords.h                             |   2 +-
 src/starter/keywords.h.in                          |   2 +-
 src/starter/keywords.txt                           |   2 +-
 src/starter/parser/conf_parser.c                   |   2 +-
 src/starter/parser/conf_parser.h                   |   2 +-
 src/starter/parser/lexer.c                         |   2 +-
 src/starter/parser/lexer.l                         |   2 +-
 src/starter/parser/parser.c                        |   2 +-
 src/starter/parser/parser.y                        |   2 +-
 src/starter/starter.c                              |   6 +-
 src/starter/starterstroke.c                        |   2 +-
 src/starter/starterstroke.h                        |   2 +-
 src/starter/tests/starter_tests.c                  |   2 +-
 src/starter/tests/starter_tests.h                  |   2 +-
 src/starter/tests/suites/test_parser.c             |   2 +-
 src/stroke/stroke.c                                |   2 +-
 src/stroke/stroke_keywords.c                       |   4 +-
 src/stroke/stroke_keywords.h                       |   4 +-
 src/stroke/stroke_keywords.h.in                    |   4 +-
 src/stroke/stroke_keywords.txt                     |   4 +-
 src/stroke/stroke_msg.h                            |   2 +-
 src/sw-collector/sw-collector.8.in                 |  12 +-
 src/sw-collector/sw-collector.c                    |  98 ++-
 src/swanctl/command.c                              |   2 +-
 src/swanctl/command.h                              |   2 +-
 src/swanctl/commands/list_algs.c                   |   2 +-
 src/swanctl/commands/redirect.c                    |   2 +-
 src/swanctl/commands/terminate.c                   |   9 +
 src/swanctl/swanctl.conf.5.main                    |   8 +-
 src/swanctl/swanctl.opt                            |   6 +
 testing/hosts/default/etc/sysctl.conf              |   2 +-
 testing/scripts/recipes/patches/freeradius-tnc-fhh |   2 +-
 testing/testing.conf                               |   6 +-
 .../ikev2/alg-chacha20poly1305/description.txt     |   2 +-
 .../tests/ikev2/alg-chacha20poly1305/evaltest.dat  |   8 +-
 .../dhcp-dynamic/hosts/moon/etc/iptables.rules     |   4 +-
 testing/tests/ikev2/dhcp-dynamic/posttest.dat      |   3 +-
 .../hosts/moon/etc/iptables.rules                  |   4 +-
 .../hosts/moon/etc/strongswan.conf                 |   1 +
 .../dhcp-static-mac/hosts/moon/etc/iptables.rules  |   4 +-
 .../ikev2/multi-level-ca-skipped/description.txt   |   4 +
 .../ikev2/multi-level-ca-skipped/evaltest.dat      |   4 +
 .../hosts/carol/etc/ipsec.conf                     |  21 +
 .../hosts/carol/etc/ipsec.d/certs/carolCert.pem    |  25 +
 .../hosts/carol/etc/ipsec.d/private/carolKey.pem   |  27 +
 .../hosts/carol/etc/ipsec.secrets                  |   3 +
 .../hosts/carol/etc/strongswan.conf                |   5 +
 .../hosts/moon/etc/ipsec.conf                      |  25 +
 .../moon/etc/ipsec.d/cacerts/researchCert.pem      |  23 +
 .../hosts/moon/etc/strongswan.conf                 |   5 +
 .../ikev2/multi-level-ca-skipped/posttest.dat      |   3 +
 .../tests/ikev2/multi-level-ca-skipped/pretest.dat |   5 +
 .../tests/ikev2/multi-level-ca-skipped/test.conf   |  21 +
 testing/tests/ipv6/rw-psk-ikev2/description.txt    |   2 +-
 .../dhcp-dynamic/hosts/moon/etc/iptables.rules     |   4 +-
 testing/tests/swanctl/dhcp-dynamic/posttest.dat    |   5 +-
 1242 files changed, 5691 insertions(+), 2857 deletions(-)
 create mode 100644 src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.am
 create mode 100644 src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in
 create mode 100644 src/libcharon/plugins/eap_aka_3gpp/tests/suites/test_vectors.c
 create mode 100644 src/libcharon/plugins/eap_aka_3gpp/tests/tests.c
 create mode 100644 src/libcharon/plugins/eap_aka_3gpp/tests/tests.h
 delete mode 100644 src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag
 create mode 100644 src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag
 delete mode 100644 src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag
 create mode 100644 src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag
 create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/description.txt
 create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/evaltest.dat
 create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/certs/carolCert.pem
 create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/private/carolKey.pem
 create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.secrets
 create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
 create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/posttest.dat
 create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/pretest.dat
 create mode 100644 testing/tests/ikev2/multi-level-ca-skipped/test.conf

(limited to 'src/libstrongswan/ipsec')

diff --git a/Android.common.mk b/Android.common.mk
index 1d3068c14..8999237d9 100644
--- a/Android.common.mk
+++ b/Android.common.mk
@@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \
               )
 
 # strongSwan version, replaced by top Makefile
-strongswan_VERSION := "5.6.2"
+strongswan_VERSION := "5.6.3"
 
diff --git a/NEWS b/NEWS
index 6a0ae7c4a..c136008b0 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,65 @@
+strongswan-5.6.3
+----------------
+
+- Fixed a DoS vulnerability in the IKEv2 key derivation if the openssl plugin is
+  used in FIPS mode and HMAC-MD5 is negotiated as PRF.
+  This vulnerability has been registered as CVE-2018-10811.
+
+- Fixed a vulnerability in the stroke plugin, which did not check the received
+  length before reading a message from the socket. Unless a group is configured,
+  root privileges are required to access that socket, so in the default
+  configuration this shouldn't be an issue.
+  This vulnerability has been registered as CVE-2018-5388.
+
+⁻ CRLs that are not yet valid are now ignored to avoid problems in scenarios
+  where expired certificates are removed from CRLs and the clock on the host
+  doing the revocation check is trailing behind that of the host issuing CRLs.
+
+- The issuer of fetched CRLs is now compared to the issuer of the checked
+  certificate.
+
+- CRL validation results other than revocation (e.g. a skipped check because
+  the CRL couldn't be fetched) are now stored also for intermediate CA
+  certificates and not only for end-entity certificates, so a strict CRL policy
+  can be enforced in such cases.
+
+- In compliance with RFC 4945, section 5.1.3.2, certificates used for IKE must
+  now either not contain a keyUsage extension (like the ones generated by pki)
+  or have at least one of the digitalSignature or nonRepudiation bits set.
+
+- New options for vici/swanctl allow forcing the local termination of an IKE_SA.
+  This might be useful in situations where it's known the other end is not
+  reachable anymore, or that it already removed the IKE_SA, so retransmitting a
+  DELETE and waiting for a response would be pointless.  Waiting only a certain
+  amount of time for a response before destroying the IKE_SA is also possible
+  by additionally specifying a timeout.
+
+- When removing routes, the kernel-netlink plugin now checks if it tracks other
+  routes for the same destination and replaces the installed route instead of
+  just removing it.  Same during installation, where existing routes previously
+  weren't replaced.  This should allow using traps with virtual IPs on Linux.
+
+- The dhcp plugin only sends the client identifier option if identity_lease is
+  enabled.  It can also send identities of up to 255 bytes length, instead of
+  the previous 64 bytes.  If a server address is configured, DHCP requests are
+  now sent from port 67 instead of 68 to avoid ICMP port unreachables.
+
+- Roam events are now completely ignored for IKEv1 SAs.
+
+- ChaCha20/Poly1305 is now correctly proposed without key length. For
+  compatibility with older releases the chacha20poly1305compat keyword may be
+  included in proposals to also propose the algorithm with a key length.
+
+- Configuration of hardware offload of IPsec SAs is now more flexible and allows
+  a new mode, which automatically uses it if the kernel and device support it.
+
+- SHA-2 based PRFs are supported in PKCS#8 files as generated by OpenSSL 1.1.
+
+- The pki --verify tool may load CA certificates and CRLs from directories.
+
+- Fixed an issue with DNS servers passed to NetworkManager in charon-nm.
+
+
 strongswan-5.6.2
 ----------------
 
@@ -2089,7 +2151,7 @@ strongswan-4.2.0
   refactored to support modular credential providers, proper
   CERTREQ/CERT payload exchanges and extensible authorization rules.
 
-- The framework of strongSwan Manager has envolved to the web application
+- The framework of strongSwan Manager has evolved to the web application
   framework libfast (FastCGI Application Server w/ Templates) and is usable
   by other applications.
 
diff --git a/conf/plugins/dhcp.conf b/conf/plugins/dhcp.conf
index b0e8c84c8..88bbe36e3 100644
--- a/conf/plugins/dhcp.conf
+++ b/conf/plugins/dhcp.conf
@@ -3,7 +3,8 @@ dhcp {
     # Always use the configured server address.
     # force_server_address = no
 
-    # Derive user-defined MAC address from hash of IKE identity.
+    # Derive user-defined MAC address from hash of IKE identity and send client
+    # identity DHCP option.
     # identity_lease = no
 
     # Interface name the plugin uses for address allocation.
diff --git a/conf/plugins/dhcp.opt b/conf/plugins/dhcp.opt
index 9c7b86091..6b337bc34 100644
--- a/conf/plugins/dhcp.opt
+++ b/conf/plugins/dhcp.opt
@@ -9,7 +9,8 @@ charon.plugins.dhcp.force_server_address = no
 	192.168.0.255) as server address might work.
 
 charon.plugins.dhcp.identity_lease = no
-	Derive user-defined MAC address from hash of IKE identity.
+	Derive user-defined MAC address from hash of IKE identity and send client
+	identity DHCP option.
 
 charon.plugins.dhcp.server = 255.255.255.255
 	DHCP server unicast or broadcast IP address.
diff --git a/conf/plugins/kernel-pfkey.conf b/conf/plugins/kernel-pfkey.conf
index 2d4733e74..f4340e7fe 100644
--- a/conf/plugins/kernel-pfkey.conf
+++ b/conf/plugins/kernel-pfkey.conf
@@ -7,5 +7,8 @@ kernel-pfkey {
     # priority of this plugin.
     load = yes
 
+    # Whether to use the internal or external interface in installed routes.
+    # route_via_internal = no
+
 }
 
diff --git a/conf/plugins/kernel-pfkey.opt b/conf/plugins/kernel-pfkey.opt
index ec05215d3..0e347bebb 100644
--- a/conf/plugins/kernel-pfkey.opt
+++ b/conf/plugins/kernel-pfkey.opt
@@ -5,3 +5,13 @@ charon.plugins.kernel-pfkey.events_buffer_size = 0
 	Because events are received asynchronously installing e.g. lots of policies
 	may require a larger buffer than the default on certain platforms in order
 	to receive all messages.
+
+charon.plugins.kernel-pfkey.route_via_internal = no
+	Whether to use the internal or external interface in installed routes.
+
+	Whether to use the internal or external interface in installed routes.
+	The internal interface is the one where the IP address contained in the
+	local traffic selector is located, the external interface is the one over
+	which the destination address of the IPsec tunnel can be reached.
+	This is not relevant if virtual IPs are used, for which a TUN device is
+	created that's used in the routes.
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
index 977403e91..f83211805 100644
--- a/conf/strongswan.conf.5.main
+++ b/conf/strongswan.conf.5.main
@@ -542,7 +542,8 @@ this option to yes and configuring the local broadcast address (e.g.
 
 .TP
 .BR charon.plugins.dhcp.identity_lease " [no]"
-Derive user\-defined MAC address from hash of IKE identity.
+Derive user\-defined MAC address from hash of IKE identity and send client
+identity DHCP option.
 
 .TP
 .BR charon.plugins.dhcp.interface " []"
@@ -1106,6 +1107,15 @@ events are received asynchronously installing e.g. lots of policies may require
 a larger buffer than the default on certain platforms in order to receive all
 messages.
 
+.TP
+.BR charon.plugins.kernel-pfkey.route_via_internal " [no]"
+Whether to use the internal or external interface in installed routes. The
+internal interface is the one where the IP address contained in the local
+traffic selector is located, the external interface is the one over which the
+destination address of the IPsec tunnel can be reached. This is not relevant if
+virtual IPs are used, for which a TUN device is created that's used in the
+routes.
+
 .TP
 .BR charon.plugins.kernel-pfroute.vip_wait " [1000]"
 Time in ms to wait until virtual IP addresses appear/disappear before failing.
diff --git a/conf/strongswan.conf.5.tail.in b/conf/strongswan.conf.5.tail.in
index f428fc323..a93fe020a 100644
--- a/conf/strongswan.conf.5.tail.in
+++ b/conf/strongswan.conf.5.tail.in
@@ -93,7 +93,7 @@ Absolutely silent
 Very basic auditing logs, (e.g. SA up/SA down)
 .TP
 .B 1
-Generic control flow with errors, a good default to see whats going on
+Generic control flow with errors, a good default to see what's going on
 .TP
 .B 2
 More detailed debugging control flow
diff --git a/configure b/configure
index 5bee7cea9..581039dbd 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for strongSwan 5.6.2.
+# Generated by GNU Autoconf 2.69 for strongSwan 5.6.3.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='strongSwan'
 PACKAGE_TARNAME='strongswan'
-PACKAGE_VERSION='5.6.2'
-PACKAGE_STRING='strongSwan 5.6.2'
+PACKAGE_VERSION='5.6.3'
+PACKAGE_STRING='strongSwan 5.6.3'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -2111,7 +2111,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures strongSwan 5.6.2 to adapt to many kinds of systems.
+\`configure' configures strongSwan 5.6.3 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -2182,7 +2182,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of strongSwan 5.6.2:";;
+     short | recursive ) echo "Configuration of strongSwan 5.6.3:";;
    esac
   cat <<\_ACEOF
 
@@ -2664,7 +2664,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-strongSwan configure 5.6.2
+strongSwan configure 5.6.3
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -3186,7 +3186,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by strongSwan $as_me 5.6.2, which was
+It was created by strongSwan $as_me 5.6.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -4049,7 +4049,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='strongswan'
- VERSION='5.6.2'
+ VERSION='5.6.3'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -26201,7 +26201,7 @@ fi
 #  build Makefiles
 # =================
 
-ac_config_files="$ac_config_files Makefile conf/Makefile fuzz/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/curve25519/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_swima/Makefile src/libimcv/plugins/imv_swima/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/save_keys/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/bypass_lan/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/counters/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/tpm_extendpcr/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/sw-collector/Makefile src/sec-updater/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile"
+ac_config_files="$ac_config_files Makefile conf/Makefile fuzz/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/curve25519/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_swima/Makefile src/libimcv/plugins/imv_swima/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp/Makefile src/libcharon/plugins/eap_aka_3gpp/tests/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/save_keys/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/bypass_lan/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/counters/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/tpm_extendpcr/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/sw-collector/Makefile src/sec-updater/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile"
 
 
 # =================
@@ -27582,7 +27582,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by strongSwan $as_me 5.6.2, which was
+This file was extended by strongSwan $as_me 5.6.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -27648,7 +27648,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-strongSwan config.status 5.6.2
+strongSwan config.status 5.6.3
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
@@ -28173,6 +28173,7 @@ do
     "src/libcharon/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/Makefile" ;;
     "src/libcharon/plugins/eap_aka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka/Makefile" ;;
     "src/libcharon/plugins/eap_aka_3gpp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka_3gpp/Makefile" ;;
+    "src/libcharon/plugins/eap_aka_3gpp/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka_3gpp/tests/Makefile" ;;
     "src/libcharon/plugins/eap_aka_3gpp2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka_3gpp2/Makefile" ;;
     "src/libcharon/plugins/eap_dynamic/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_dynamic/Makefile" ;;
     "src/libcharon/plugins/eap_identity/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_identity/Makefile" ;;
diff --git a/configure.ac b/configure.ac
index ae04fc87c..807f06440 100644
--- a/configure.ac
+++ b/configure.ac
@@ -19,7 +19,7 @@
 #  initialize & set some vars
 # ============================
 
-AC_INIT([strongSwan],[5.6.2])
+AC_INIT([strongSwan],[5.6.3])
 AM_INIT_AUTOMAKE(m4_esyscmd([
 	echo tar-ustar
 	echo subdir-objects
@@ -1908,6 +1908,7 @@ AC_CONFIG_FILES([
 	src/libcharon/Makefile
 	src/libcharon/plugins/eap_aka/Makefile
 	src/libcharon/plugins/eap_aka_3gpp/Makefile
+	src/libcharon/plugins/eap_aka_3gpp/tests/Makefile
 	src/libcharon/plugins/eap_aka_3gpp2/Makefile
 	src/libcharon/plugins/eap_dynamic/Makefile
 	src/libcharon/plugins/eap_identity/Makefile
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am
index bdc3e2ebc..3962896f6 100644
--- a/fuzz/Makefile.am
+++ b/fuzz/Makefile.am
@@ -8,7 +8,7 @@ fuzz_ldflags = ${libfuzzer} \
 	-Wl,-Bstatic -lgmp -Wl,-Bdynamic \
 	@FUZZING_LDFLAGS@
 
-FUZZ_TARGETS=fuzz_certs
+FUZZ_TARGETS=fuzz_certs fuzz_crls
 
 all-local: $(FUZZ_TARGETS)
 
@@ -17,6 +17,9 @@ CLEANFILES=$(FUZZ_TARGETS)
 fuzz_certs: fuzz_certs.c ${libfuzzer}
 	$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
 
+fuzz_crls: fuzz_crls.c ${libfuzzer}
+	$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
+
 noinst_LIBRARIES = libFuzzerLocal.a
 libFuzzerLocal_a_SOURCES = libFuzzerLocal.c
 libFuzzerLocal_a_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
diff --git a/fuzz/Makefile.in b/fuzz/Makefile.in
index 31b590273..2a69eef19 100644
--- a/fuzz/Makefile.in
+++ b/fuzz/Makefile.in
@@ -432,7 +432,7 @@ fuzz_ldflags = ${libfuzzer} \
 	-Wl,-Bstatic -lgmp -Wl,-Bdynamic \
 	@FUZZING_LDFLAGS@
 
-FUZZ_TARGETS = fuzz_certs
+FUZZ_TARGETS = fuzz_certs fuzz_crls
 CLEANFILES = $(FUZZ_TARGETS)
 noinst_LIBRARIES = libFuzzerLocal.a
 libFuzzerLocal_a_SOURCES = libFuzzerLocal.c
@@ -729,6 +729,9 @@ all-local: $(FUZZ_TARGETS)
 fuzz_certs: fuzz_certs.c ${libfuzzer}
 	$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
 
+fuzz_crls: fuzz_crls.c ${libfuzzer}
+	$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
+
 check: all
 	for f in $(FUZZ_TARGETS); do \
 		corpus=$${f#fuzz_}; \
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index eef6efaa0..232408912 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -538,10 +538,6 @@ The value \fB%forever\fP
 means 'never give up'.
 Relevant only locally, other end need not agree on it.
 .TP
-.B keylife
-synonym for
-.BR lifetime .
-.TP
 .BR left " = <ip address> | <fqdn> | " %any " | <range> | <subnet> "
 The IP address of the left participant's public-network interface
 or one of several magic values.
@@ -1135,10 +1131,6 @@ will suppress randomization.
 Relevant only locally, other end need not agree on it. Also see EXPIRY/REKEY
 below.
 .TP
-.B rekeymargin
-synonym for
-.BR margintime .
-.TP
 .BR replay_window " = " \-1 " | <number>"
 The IPsec replay window size for this connection. With the default of \-1
 the value configured with
diff --git a/scripts/aes-test.c b/scripts/aes-test.c
index 425a4dc4f..509abe46f 100644
--- a/scripts/aes-test.c
+++ b/scripts/aes-test.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/scripts/bin2array.c b/scripts/bin2array.c
index b82391a12..64f752eaf 100644
--- a/scripts/bin2array.c
+++ b/scripts/bin2array.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/scripts/bin2sql.c b/scripts/bin2sql.c
index 88edb7f7a..17556ca7c 100644
--- a/scripts/bin2sql.c
+++ b/scripts/bin2sql.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/scripts/dh_speed.c b/scripts/dh_speed.c
index c2cac0260..f2f98d7af 100644
--- a/scripts/dh_speed.c
+++ b/scripts/dh_speed.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/scripts/dnssec.c b/scripts/dnssec.c
index 9d35c7cda..9efc79dbf 100644
--- a/scripts/dnssec.c
+++ b/scripts/dnssec.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/scripts/id2sql.c b/scripts/id2sql.c
index 0742c1c71..a4035cf25 100644
--- a/scripts/id2sql.c
+++ b/scripts/id2sql.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/scripts/key2keyid.c b/scripts/key2keyid.c
index e9a4ee692..d0cfb8e2d 100644
--- a/scripts/key2keyid.c
+++ b/scripts/key2keyid.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/scripts/keyid2sql.c b/scripts/keyid2sql.c
index 46257891c..a0ae28d0b 100644
--- a/scripts/keyid2sql.c
+++ b/scripts/keyid2sql.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/scripts/pubkey_speed.c b/scripts/pubkey_speed.c
index 2928772b8..83ab4e41b 100644
--- a/scripts/pubkey_speed.c
+++ b/scripts/pubkey_speed.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/scripts/settings-test.c b/scripts/settings-test.c
index 452798aee..2169552ac 100644
--- a/scripts/settings-test.c
+++ b/scripts/settings-test.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/scripts/thread_analysis.c b/scripts/thread_analysis.c
index 7670ce1f8..2861431ef 100644
--- a/scripts/thread_analysis.c
+++ b/scripts/thread_analysis.c
@@ -1,7 +1,7 @@
 /* Analyzes the concurrent use of charon's threads
  *
  * Copyright (C) 2008 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/_updown/_updown.in b/src/_updown/_updown.in
index e549e9597..5f709637e 100644
--- a/src/_updown/_updown.in
+++ b/src/_updown/_updown.in
@@ -215,10 +215,6 @@ then
 	fi
 fi
 
-# resolve octal escape sequences
-PLUTO_MY_ID=`printf "$PLUTO_MY_ID"`
-PLUTO_PEER_ID=`printf "$PLUTO_PEER_ID"`
-
 case "$PLUTO_VERB:$1" in
 up-host:)
 	# connection to me coming up
diff --git a/src/charon-cmd/charon-cmd.c b/src/charon-cmd/charon-cmd.c
index 793496451..1293ec4c0 100644
--- a/src/charon-cmd/charon-cmd.c
+++ b/src/charon-cmd/charon-cmd.c
@@ -3,7 +3,7 @@
  * Copyright (C) 2005-2013 Martin Willi
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
index 71df92f7e..1cf431ff2 100644
--- a/src/charon-cmd/cmd/cmd_connection.c
+++ b/src/charon-cmd/cmd/cmd_connection.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2013 Martin Willi
  * Copyright (C) 2013 revosec AG
diff --git a/src/charon-cmd/cmd/cmd_creds.c b/src/charon-cmd/cmd/cmd_creds.c
index 45d008e7b..b440cf877 100644
--- a/src/charon-cmd/cmd/cmd_creds.c
+++ b/src/charon-cmd/cmd/cmd_creds.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2013 Martin Willi
  * Copyright (C) 2013 revosec AG
diff --git a/src/charon-cmd/cmd/cmd_options.c b/src/charon-cmd/cmd/cmd_options.c
index 5428941ff..3d734679b 100644
--- a/src/charon-cmd/cmd/cmd_options.c
+++ b/src/charon-cmd/cmd/cmd_options.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2013 Martin Willi
  * Copyright (C) 2013 revosec AG
diff --git a/src/charon-cmd/cmd/cmd_options.h b/src/charon-cmd/cmd/cmd_options.h
index aa13b0951..794136dfb 100644
--- a/src/charon-cmd/cmd/cmd_options.h
+++ b/src/charon-cmd/cmd/cmd_options.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2013 Martin Willi
  * Copyright (C) 2013 revosec AG
diff --git a/src/charon-nm/charon-nm.c b/src/charon-nm/charon-nm.c
index 89aa34d98..52012e24e 100644
--- a/src/charon-nm/charon-nm.c
+++ b/src/charon-nm/charon-nm.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-nm/nm/nm_backend.c b/src/charon-nm/nm/nm_backend.c
index e4845e745..75db8c6b3 100644
--- a/src/charon-nm/nm/nm_backend.c
+++ b/src/charon-nm/nm/nm_backend.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-nm/nm/nm_backend.h b/src/charon-nm/nm/nm_backend.h
index 89dc536f6..cbc14a091 100644
--- a/src/charon-nm/nm/nm_backend.h
+++ b/src/charon-nm/nm/nm_backend.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-nm/nm/nm_creds.c b/src/charon-nm/nm/nm_creds.c
index e70fd9e89..2c05ab881 100644
--- a/src/charon-nm/nm/nm_creds.c
+++ b/src/charon-nm/nm/nm_creds.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-nm/nm/nm_creds.h b/src/charon-nm/nm/nm_creds.h
index 91f645c7e..71729fef6 100644
--- a/src/charon-nm/nm/nm_creds.h
+++ b/src/charon-nm/nm/nm_creds.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-nm/nm/nm_handler.c b/src/charon-nm/nm/nm_handler.c
index 3eb2eb13c..aa7bb5b8c 100644
--- a/src/charon-nm/nm/nm_handler.c
+++ b/src/charon-nm/nm/nm_handler.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-nm/nm/nm_handler.h b/src/charon-nm/nm/nm_handler.h
index bb35ce767..f4103e67e 100644
--- a/src/charon-nm/nm/nm_handler.h
+++ b/src/charon-nm/nm/nm_handler.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index 9beac392a..a12f008a7 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -3,7 +3,7 @@
  *
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -65,8 +65,7 @@ static GVariant* handler_to_variant(nm_handler_t *handler,
 	enumerator = handler->create_enumerator(handler, type);
 	while (enumerator->enumerate(enumerator, &chunk))
 	{
-		g_variant_builder_add (&builder, "u",
-							   g_variant_new_uint32 (*(uint32_t*)chunk.ptr));
+		g_variant_builder_add (&builder, "u", *(uint32_t*)chunk.ptr);
 	}
 	enumerator->destroy(enumerator);
 
@@ -493,7 +492,7 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
 					priv->creds->set_key_password(priv->creds, secret);
 				}
 				private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
-								KEY_RSA, BUILD_FROM_FILE, str, BUILD_END);
+								KEY_ANY, BUILD_FROM_FILE, str, BUILD_END);
 				if (!private)
 				{
 					g_set_error(err, NM_VPN_PLUGIN_ERROR,
@@ -742,7 +741,7 @@ static gboolean do_disconnect(gpointer plugin)
 		{
 			id = ike_sa->get_unique_id(ike_sa);
 			enumerator->destroy(enumerator);
-			charon->controller->terminate_ike(charon->controller, id,
+			charon->controller->terminate_ike(charon->controller, id, FALSE,
 											  controller_cb_empty, NULL, 0);
 			return FALSE;
 		}
diff --git a/src/charon-nm/nm/nm_service.h b/src/charon-nm/nm/nm_service.h
index 74ab38b03..669209935 100644
--- a/src/charon-nm/nm/nm_service.h
+++ b/src/charon-nm/nm/nm_service.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-systemd/charon-systemd.c b/src/charon-systemd/charon-systemd.c
index 60e509ffb..5a1970b92 100644
--- a/src/charon-systemd/charon-systemd.c
+++ b/src/charon-systemd/charon-systemd.c
@@ -3,7 +3,7 @@
  * Copyright (C) 2005-2014 Martin Willi
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2014 revosec AG
  *
  * This program is free software; you can redistribute it and/or modify it
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
index 7f014237a..181c6fb8a 100644
--- a/src/charon-tkm/src/charon-tkm.c
+++ b/src/charon-tkm/src/charon-tkm.c
@@ -193,7 +193,7 @@ static bool check_pidfile()
 			}
 			fclose(pidfile);
 			pidfile = NULL;
-			if (pid && kill(pid, 0) == 0)
+			if (pid && pid != getpid() && kill(pid, 0) == 0)
 			{
 				DBG1(DBG_DMN, "%s already running ('%s' exists)", dmn_name,
 					 pidfile_name);
diff --git a/src/charon-tkm/src/ees/ees_callbacks.c b/src/charon-tkm/src/ees/ees_callbacks.c
index a36629b13..863f618bc 100644
--- a/src/charon-tkm/src/ees/ees_callbacks.c
+++ b/src/charon-tkm/src/ees/ees_callbacks.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2014 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/ees/ees_callbacks.h b/src/charon-tkm/src/ees/ees_callbacks.h
index b73dc6cb5..6488c57ae 100644
--- a/src/charon-tkm/src/ees/ees_callbacks.h
+++ b/src/charon-tkm/src/ees/ees_callbacks.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/ees/esa_event_service.adb b/src/charon-tkm/src/ees/esa_event_service.adb
index 6b6b3f743..323a64cb1 100644
--- a/src/charon-tkm/src/ees/esa_event_service.adb
+++ b/src/charon-tkm/src/ees/esa_event_service.adb
@@ -1,7 +1,7 @@
 --
 --  Copyright (C) 2012 Reto Buerki
 --  Copyright (C) 2012 Adrian-Ken Rueegsegger
---  Hochschule fuer Technik Rapperswil
+--  HSR Hochschule fuer Technik Rapperswil
 --
 --  This program is free software; you can redistribute it and/or modify it
 --  under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/ees/esa_event_service.ads b/src/charon-tkm/src/ees/esa_event_service.ads
index f3630b7ac..cfcf6e2b6 100644
--- a/src/charon-tkm/src/ees/esa_event_service.ads
+++ b/src/charon-tkm/src/ees/esa_event_service.ads
@@ -1,7 +1,7 @@
 --
 --  Copyright (C) 2012 Reto Buerki
 --  Copyright (C) 2012 Adrian-Ken Rueegsegger
---  Hochschule fuer Technik Rapperswil
+--  HSR Hochschule fuer Technik Rapperswil
 --
 --  This program is free software; you can redistribute it and/or modify it
 --  under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/ehandler/eh_callbacks.c b/src/charon-tkm/src/ehandler/eh_callbacks.c
index 7dca97c3e..f1ae15660 100644
--- a/src/charon-tkm/src/ehandler/eh_callbacks.c
+++ b/src/charon-tkm/src/ehandler/eh_callbacks.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/ehandler/eh_callbacks.h b/src/charon-tkm/src/ehandler/eh_callbacks.h
index db325dcd2..9bc849889 100644
--- a/src/charon-tkm/src/ehandler/eh_callbacks.h
+++ b/src/charon-tkm/src/ehandler/eh_callbacks.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/ehandler/exception_handler.adb b/src/charon-tkm/src/ehandler/exception_handler.adb
index 3f165e1cd..ff568a700 100644
--- a/src/charon-tkm/src/ehandler/exception_handler.adb
+++ b/src/charon-tkm/src/ehandler/exception_handler.adb
@@ -1,7 +1,7 @@
 --
 --  Copyright (C) 2012 Reto Buerki
 --  Copyright (C) 2012 Adrian-Ken Rueegsegger
---  Hochschule fuer Technik Rapperswil
+--  HSR Hochschule fuer Technik Rapperswil
 --
 --  This program is free software; you can redistribute it and/or modify it
 --  under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/ehandler/exception_handler.ads b/src/charon-tkm/src/ehandler/exception_handler.ads
index 29dd3d8f4..ec47aa72c 100644
--- a/src/charon-tkm/src/ehandler/exception_handler.ads
+++ b/src/charon-tkm/src/ehandler/exception_handler.ads
@@ -1,7 +1,7 @@
 --
 --  Copyright (C) 2012 Reto Buerki
 --  Copyright (C) 2012 Adrian-Ken Rueegsegger
---  Hochschule fuer Technik Rapperswil
+--  HSR Hochschule fuer Technik Rapperswil
 --
 --  This program is free software; you can redistribute it and/or modify it
 --  under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm.c b/src/charon-tkm/src/tkm/tkm.c
index 333b699a0..7ffe614cf 100644
--- a/src/charon-tkm/src/tkm/tkm.c
+++ b/src/charon-tkm/src/tkm/tkm.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2014 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm.h b/src/charon-tkm/src/tkm/tkm.h
index 4aed08602..70a6b806a 100644
--- a/src/charon-tkm/src/tkm/tkm.h
+++ b/src/charon-tkm/src/tkm/tkm.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2014 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_chunk_map.c b/src/charon-tkm/src/tkm/tkm_chunk_map.c
index 03ff22836..1d073ae45 100644
--- a/src/charon-tkm/src/tkm/tkm_chunk_map.c
+++ b/src/charon-tkm/src/tkm/tkm_chunk_map.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_chunk_map.h b/src/charon-tkm/src/tkm/tkm_chunk_map.h
index c183937c1..a2864f07a 100644
--- a/src/charon-tkm/src/tkm/tkm_chunk_map.h
+++ b/src/charon-tkm/src/tkm/tkm_chunk_map.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_cred.c b/src/charon-tkm/src/tkm/tkm_cred.c
index d9517f908..e358042fd 100644
--- a/src/charon-tkm/src/tkm/tkm_cred.c
+++ b/src/charon-tkm/src/tkm/tkm_cred.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_cred.h b/src/charon-tkm/src/tkm/tkm_cred.h
index 1cfb5b9c7..52cb42247 100644
--- a/src/charon-tkm/src/tkm/tkm_cred.h
+++ b/src/charon-tkm/src/tkm/tkm_cred.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
index 48d0001ce..41b557edc 100644
--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.h b/src/charon-tkm/src/tkm/tkm_diffie_hellman.h
index d38a414d8..19de7c874 100644
--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.h
+++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_encoder.c b/src/charon-tkm/src/tkm/tkm_encoder.c
index d5367ea78..e5ec84e44 100644
--- a/src/charon-tkm/src/tkm/tkm_encoder.c
+++ b/src/charon-tkm/src/tkm/tkm_encoder.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Reto Buerki
  * Copyright (C) 2013 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_encoder.h b/src/charon-tkm/src/tkm/tkm_encoder.h
index 7c6a4989d..c41bea1f7 100644
--- a/src/charon-tkm/src/tkm/tkm_encoder.h
+++ b/src/charon-tkm/src/tkm/tkm_encoder.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Reto Buerki
  * Copyright (C) 2013 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_id_manager.c b/src/charon-tkm/src/tkm/tkm_id_manager.c
index 9a2ede03e..76677c38c 100644
--- a/src/charon-tkm/src/tkm/tkm_id_manager.c
+++ b/src/charon-tkm/src/tkm/tkm_id_manager.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_id_manager.h b/src/charon-tkm/src/tkm/tkm_id_manager.h
index 1c48b57f1..2c1abb9ee 100644
--- a/src/charon-tkm/src/tkm/tkm_id_manager.h
+++ b/src/charon-tkm/src/tkm/tkm_id_manager.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.h b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.h
index 14db21266..702d8f8ab 100644
--- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.h
+++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.c b/src/charon-tkm/src/tkm/tkm_kernel_sad.c
index acc3ff10a..9f1e96d29 100644
--- a/src/charon-tkm/src/tkm/tkm_kernel_sad.c
+++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2014 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.h b/src/charon-tkm/src/tkm/tkm_kernel_sad.h
index 3d9f5f3f8..bf4a2f2be 100644
--- a/src/charon-tkm/src/tkm/tkm_kernel_sad.h
+++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2014 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index ac38078d7..71ad821dd 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.h b/src/charon-tkm/src/tkm/tkm_keymat.h
index ee90bead5..1aaaf0426 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.h
+++ b/src/charon-tkm/src/tkm/tkm_keymat.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_listener.c b/src/charon-tkm/src/tkm/tkm_listener.c
index 290b00e37..bb4fd2798 100644
--- a/src/charon-tkm/src/tkm/tkm_listener.c
+++ b/src/charon-tkm/src/tkm/tkm_listener.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_listener.h b/src/charon-tkm/src/tkm/tkm_listener.h
index 1162a77be..ea8770baa 100644
--- a/src/charon-tkm/src/tkm/tkm_listener.h
+++ b/src/charon-tkm/src/tkm/tkm_listener.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_nonceg.c b/src/charon-tkm/src/tkm/tkm_nonceg.c
index 2b3e66d2d..ed525ee29 100644
--- a/src/charon-tkm/src/tkm/tkm_nonceg.c
+++ b/src/charon-tkm/src/tkm/tkm_nonceg.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_nonceg.h b/src/charon-tkm/src/tkm/tkm_nonceg.h
index d158551fe..0fb165ff7 100644
--- a/src/charon-tkm/src/tkm/tkm_nonceg.h
+++ b/src/charon-tkm/src/tkm/tkm_nonceg.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_private_key.c b/src/charon-tkm/src/tkm/tkm_private_key.c
index 891b579ee..0ef3a103c 100644
--- a/src/charon-tkm/src/tkm/tkm_private_key.c
+++ b/src/charon-tkm/src/tkm/tkm_private_key.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2013 Reto Buerki
  * Copyright (C) 2012-2013 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_private_key.h b/src/charon-tkm/src/tkm/tkm_private_key.h
index ded8300ca..db4b3fe46 100644
--- a/src/charon-tkm/src/tkm/tkm_private_key.h
+++ b/src/charon-tkm/src/tkm/tkm_private_key.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_public_key.c b/src/charon-tkm/src/tkm/tkm_public_key.c
index 2a14a9bdd..5a49b4511 100644
--- a/src/charon-tkm/src/tkm/tkm_public_key.c
+++ b/src/charon-tkm/src/tkm/tkm_public_key.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2013 Reto Buerki
  * Copyright (C) 2012-2013 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_public_key.h b/src/charon-tkm/src/tkm/tkm_public_key.h
index 5b21287b7..c13d9e509 100644
--- a/src/charon-tkm/src/tkm/tkm_public_key.h
+++ b/src/charon-tkm/src/tkm/tkm_public_key.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2013 Reto Buerki
  * Copyright (C) 2012-2013 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_spi_generator.c b/src/charon-tkm/src/tkm/tkm_spi_generator.c
index b9ce83727..ff4d86c2e 100644
--- a/src/charon-tkm/src/tkm/tkm_spi_generator.c
+++ b/src/charon-tkm/src/tkm/tkm_spi_generator.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Reto Buerki
  * Copyright (C) 2015 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_spi_generator.h b/src/charon-tkm/src/tkm/tkm_spi_generator.h
index 5f9ff03c6..08eff4aef 100644
--- a/src/charon-tkm/src/tkm/tkm_spi_generator.h
+++ b/src/charon-tkm/src/tkm/tkm_spi_generator.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Reto Buerki
  * Copyright (C) 2015 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_types.h b/src/charon-tkm/src/tkm/tkm_types.h
index cef53deb3..46551b14e 100644
--- a/src/charon-tkm/src/tkm/tkm_types.h
+++ b/src/charon-tkm/src/tkm/tkm_types.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_utils.c b/src/charon-tkm/src/tkm/tkm_utils.c
index e0692b893..196e1c4fa 100644
--- a/src/charon-tkm/src/tkm/tkm_utils.c
+++ b/src/charon-tkm/src/tkm/tkm_utils.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/src/tkm/tkm_utils.h b/src/charon-tkm/src/tkm/tkm_utils.h
index 308c58fbb..b499dcf5b 100644
--- a/src/charon-tkm/src/tkm/tkm_utils.h
+++ b/src/charon-tkm/src/tkm/tkm_utils.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/tests/chunk_map_tests.c b/src/charon-tkm/tests/chunk_map_tests.c
index 1283a787c..2a129ff08 100644
--- a/src/charon-tkm/tests/chunk_map_tests.c
+++ b/src/charon-tkm/tests/chunk_map_tests.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/tests/diffie_hellman_tests.c b/src/charon-tkm/tests/diffie_hellman_tests.c
index 5ef6f41ab..67313e63a 100644
--- a/src/charon-tkm/tests/diffie_hellman_tests.c
+++ b/src/charon-tkm/tests/diffie_hellman_tests.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/tests/id_manager_tests.c b/src/charon-tkm/tests/id_manager_tests.c
index fb5e56a05..2200c9898 100644
--- a/src/charon-tkm/tests/id_manager_tests.c
+++ b/src/charon-tkm/tests/id_manager_tests.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/tests/kernel_sad_tests.c b/src/charon-tkm/tests/kernel_sad_tests.c
index 59ff77b68..04eeb037f 100644
--- a/src/charon-tkm/tests/kernel_sad_tests.c
+++ b/src/charon-tkm/tests/kernel_sad_tests.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2014 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/tests/keymat_tests.c b/src/charon-tkm/tests/keymat_tests.c
index d4751f7d0..eea589c09 100644
--- a/src/charon-tkm/tests/keymat_tests.c
+++ b/src/charon-tkm/tests/keymat_tests.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/tests/nonceg_tests.c b/src/charon-tkm/tests/nonceg_tests.c
index 67c1635ef..bea11cc19 100644
--- a/src/charon-tkm/tests/nonceg_tests.c
+++ b/src/charon-tkm/tests/nonceg_tests.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/tests/tests.c b/src/charon-tkm/tests/tests.c
index 3d57599d9..150a6d437 100644
--- a/src/charon-tkm/tests/tests.c
+++ b/src/charon-tkm/tests/tests.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2012-2014 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/tests/tests.h b/src/charon-tkm/tests/tests.h
index fb5e96a9c..0214a413e 100644
--- a/src/charon-tkm/tests/tests.h
+++ b/src/charon-tkm/tests/tests.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon-tkm/tests/utils_tests.c b/src/charon-tkm/tests/utils_tests.c
index 0a4d6fbd2..a8a905272 100644
--- a/src/charon-tkm/tests/utils_tests.c
+++ b/src/charon-tkm/tests/utils_tests.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Reto Buerki
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/charon/charon.c b/src/charon/charon.c
index f23717034..180486746 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -204,7 +204,7 @@ static bool check_pidfile()
 			}
 			fclose(pidfile);
 			pidfile = NULL;
-			if (pid && kill(pid, 0) == 0)
+			if (pid && pid != getpid() && kill(pid, 0) == 0)
 			{
 				DBG1(DBG_DMN, "charon already running ('"PID_FILE"' exists)");
 				return TRUE;
@@ -231,9 +231,15 @@ static bool check_pidfile()
 			DBG1(DBG_LIB, "setting FD_CLOEXEC for '"PID_FILE"' failed: %s",
 				 strerror(errno));
 		}
-		ignore_result(fchown(fd,
-							 lib->caps->get_uid(lib->caps),
-							 lib->caps->get_gid(lib->caps)));
+		/* Only fchown() the pidfile if we have CAP_CHOWN. Otherwise,
+		 * directory permissions should allow pidfile to be accessed
+		 * by the UID/GID under which the charon daemon will run. */
+		if (lib->caps->check(lib->caps, CAP_CHOWN))
+		{
+			ignore_result(fchown(fd,
+								 lib->caps->get_uid(lib->caps),
+								 lib->caps->get_gid(lib->caps)));
+		}
 		fprintf(pidfile, "%d\n", getpid());
 		fflush(pidfile);
 		return FALSE;
diff --git a/src/checksum/checksum_builder.c b/src/checksum/checksum_builder.c
index a36014634..167b0c1c0 100644
--- a/src/checksum/checksum_builder.c
+++ b/src/checksum/checksum_builder.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/conftest/actions.c b/src/conftest/actions.c
index 36c3c8e74..66e41f743 100644
--- a/src/conftest/actions.c
+++ b/src/conftest/actions.c
@@ -209,7 +209,8 @@ static job_requeue_t close_ike(char *config)
 	if (id)
 	{
 		DBG1(DBG_CFG, "closing IKE_SA '%s'", config);
-		charon->controller->terminate_ike(charon->controller, id, NULL, NULL, 0);
+		charon->controller->terminate_ike(charon->controller, id, FALSE, NULL,
+										  NULL, 0);
 	}
 	else
 	{
diff --git a/src/dumm/bridge.c b/src/dumm/bridge.c
index c76b3acda..536e27515 100644
--- a/src/dumm/bridge.c
+++ b/src/dumm/bridge.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/dumm/bridge.h b/src/dumm/bridge.h
index 9d48092df..5069cfd1b 100644
--- a/src/dumm/bridge.h
+++ b/src/dumm/bridge.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/dumm/cowfs.c b/src/dumm/cowfs.c
index 5332ba551..ac581fed1 100644
--- a/src/dumm/cowfs.c
+++ b/src/dumm/cowfs.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2001-2007 Miklos Szeredi
  *
  * Based on example shipped with FUSE.
diff --git a/src/dumm/cowfs.h b/src/dumm/cowfs.h
index 6869e3563..9a596de2e 100644
--- a/src/dumm/cowfs.h
+++ b/src/dumm/cowfs.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/dumm/dumm.c b/src/dumm/dumm.c
index d147b2df0..e24671330 100644
--- a/src/dumm/dumm.c
+++ b/src/dumm/dumm.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2009 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/dumm/dumm.h b/src/dumm/dumm.h
index 7c7923c46..921d2157f 100644
--- a/src/dumm/dumm.h
+++ b/src/dumm/dumm.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2009 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/dumm/ext/dumm.c b/src/dumm/ext/dumm.c
index b898a2564..7df72eb30 100644
--- a/src/dumm/ext/dumm.c
+++ b/src/dumm/ext/dumm.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2010 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/dumm/ext/lib/dumm.rb b/src/dumm/ext/lib/dumm.rb
index 959ec87df..0dd7ada10 100644
--- a/src/dumm/ext/lib/dumm.rb
+++ b/src/dumm/ext/lib/dumm.rb
@@ -1,6 +1,6 @@
 =begin
   Copyright (C) 2008-2009 Tobias Brunner
-  Hochschule fuer Technik Rapperswil
+  HSR Hochschule fuer Technik Rapperswil
 
   This program is free software; you can redistribute it and/or modify it
   under the terms of the GNU General Public License as published by the
diff --git a/src/dumm/ext/lib/dumm/guest.rb b/src/dumm/ext/lib/dumm/guest.rb
index 7488f1358..6978edcb3 100644
--- a/src/dumm/ext/lib/dumm/guest.rb
+++ b/src/dumm/ext/lib/dumm/guest.rb
@@ -1,6 +1,6 @@
 =begin
   Copyright (C) 2008-2010 Tobias Brunner
-  Hochschule fuer Technik Rapperswil
+  HSR Hochschule fuer Technik Rapperswil
 
   This program is free software; you can redistribute it and/or modify it
   under the terms of the GNU General Public License as published by the
diff --git a/src/dumm/guest.c b/src/dumm/guest.c
index 8e74ca629..327b86c63 100644
--- a/src/dumm/guest.c
+++ b/src/dumm/guest.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2009 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/dumm/guest.h b/src/dumm/guest.h
index 36a69681d..14c7272d0 100644
--- a/src/dumm/guest.h
+++ b/src/dumm/guest.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2009 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/dumm/iface.c b/src/dumm/iface.c
index 3e7b010b3..3642ed8a2 100644
--- a/src/dumm/iface.c
+++ b/src/dumm/iface.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2002 Jeff Dike
  *
  * Based on the "tunctl" utility from Jeff Dike.
diff --git a/src/dumm/iface.h b/src/dumm/iface.h
index ae886acc3..e6e8775a0 100644
--- a/src/dumm/iface.h
+++ b/src/dumm/iface.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/dumm/irdumm.c b/src/dumm/irdumm.c
index 1a4235c9d..eb61da2c2 100644
--- a/src/dumm/irdumm.c
+++ b/src/dumm/irdumm.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/dumm/main.c b/src/dumm/main.c
index a53e1f67c..1b5bef736 100644
--- a/src/dumm/main.c
+++ b/src/dumm/main.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/dumm/mconsole.c b/src/dumm/mconsole.c
index 4563d6f9e..3e31bc694 100644
--- a/src/dumm/mconsole.c
+++ b/src/dumm/mconsole.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2001-2004 Jeff Dike
  *
  * Based on the "uml_mconsole" utility from Jeff Dike.
diff --git a/src/dumm/mconsole.h b/src/dumm/mconsole.h
index 9fa2755ef..2b8a1cdff 100644
--- a/src/dumm/mconsole.h
+++ b/src/dumm/mconsole.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8
index 4028096f0..3f72d52ee 100644
--- a/src/ipsec/_ipsec.8
+++ b/src/ipsec/_ipsec.8
@@ -1,4 +1,4 @@
-.TH IPSEC 8 "2013-10-29" "5.6.2dr3" "strongSwan"
+.TH IPSEC 8 "2013-10-29" "5.6.3dr1" "strongSwan"
 .
 .SH NAME
 .
diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am
index 25ac7972c..15ac7a6d1 100644
--- a/src/libcharon/Makefile.am
+++ b/src/libcharon/Makefile.am
@@ -736,4 +736,12 @@ endif
 if MONOLITHIC
   SUBDIRS += .
 endif
+
+# build unit tests
+##################
+
 SUBDIRS += tests
+
+if USE_EAP_AKA_3GPP
+  SUBDIRS += plugins/eap_aka_3gpp/tests
+endif
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
index 6c39317fa..6cd1130f1 100644
--- a/src/libcharon/Makefile.in
+++ b/src/libcharon/Makefile.in
@@ -301,6 +301,7 @@ host_triplet = @host@
 @MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_151 = plugins/attr/libstrongswan-attr.la
 @USE_ATTR_SQL_TRUE@am__append_152 = plugins/attr_sql
 @MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_153 = plugins/attr_sql/libstrongswan-attr-sql.la
+@USE_EAP_AKA_3GPP_TRUE@am__append_154 = plugins/eap_aka_3gpp/tests
 subdir = src/libcharon
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -769,7 +770,7 @@ DIST_SUBDIRS = . plugins/load_tester plugins/save_keys \
 	plugins/coupling plugins/radattr plugins/uci plugins/addrblock \
 	plugins/unity plugins/xauth_generic plugins/xauth_eap \
 	plugins/xauth_pam plugins/xauth_noauth plugins/resolve \
-	plugins/attr plugins/attr_sql tests
+	plugins/attr plugins/attr_sql tests plugins/eap_aka_3gpp/tests
 am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 am__relativize = \
@@ -1185,6 +1186,9 @@ libcharon_la_LIBADD =  \
 EXTRA_DIST = Android.mk
 @STATIC_PLUGIN_CONSTRUCTORS_TRUE@BUILT_SOURCES = $(srcdir)/plugin_constructors.c
 @STATIC_PLUGIN_CONSTRUCTORS_TRUE@CLEANFILES = $(srcdir)/plugin_constructors.c
+
+# build unit tests
+##################
 @MONOLITHIC_FALSE@SUBDIRS = . $(am__append_6) $(am__append_8) \
 @MONOLITHIC_FALSE@	$(am__append_10) $(am__append_12) \
 @MONOLITHIC_FALSE@	$(am__append_14) $(am__append_16) \
@@ -1220,10 +1224,14 @@ EXTRA_DIST = Android.mk
 @MONOLITHIC_FALSE@	$(am__append_138) $(am__append_140) \
 @MONOLITHIC_FALSE@	$(am__append_142) $(am__append_144) \
 @MONOLITHIC_FALSE@	$(am__append_146) $(am__append_148) \
-@MONOLITHIC_FALSE@	$(am__append_150) $(am__append_152) tests
+@MONOLITHIC_FALSE@	$(am__append_150) $(am__append_152) tests \
+@MONOLITHIC_FALSE@	$(am__append_154)
 
 # build optional plugins
 ########################
+
+# build unit tests
+##################
 @MONOLITHIC_TRUE@SUBDIRS = $(am__append_6) $(am__append_8) \
 @MONOLITHIC_TRUE@	$(am__append_10) $(am__append_12) \
 @MONOLITHIC_TRUE@	$(am__append_14) $(am__append_16) \
@@ -1259,7 +1267,8 @@ EXTRA_DIST = Android.mk
 @MONOLITHIC_TRUE@	$(am__append_138) $(am__append_140) \
 @MONOLITHIC_TRUE@	$(am__append_142) $(am__append_144) \
 @MONOLITHIC_TRUE@	$(am__append_146) $(am__append_148) \
-@MONOLITHIC_TRUE@	$(am__append_150) $(am__append_152) . tests
+@MONOLITHIC_TRUE@	$(am__append_150) $(am__append_152) . tests \
+@MONOLITHIC_TRUE@	$(am__append_154)
 all: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) all-recursive
 
diff --git a/src/libcharon/attributes/attribute_handler.h b/src/libcharon/attributes/attribute_handler.h
index 3c14323a3..cc09befe8 100644
--- a/src/libcharon/attributes/attribute_handler.h
+++ b/src/libcharon/attributes/attribute_handler.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/attributes/attribute_manager.c b/src/libcharon/attributes/attribute_manager.c
index 3a4a21a02..7e82c0c95 100644
--- a/src/libcharon/attributes/attribute_manager.c
+++ b/src/libcharon/attributes/attribute_manager.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/attributes/attribute_manager.h b/src/libcharon/attributes/attribute_manager.h
index 6db664968..5368a8b83 100644
--- a/src/libcharon/attributes/attribute_manager.h
+++ b/src/libcharon/attributes/attribute_manager.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/attributes/attribute_provider.h b/src/libcharon/attributes/attribute_provider.h
index 57453c2a0..a107a2bd0 100644
--- a/src/libcharon/attributes/attribute_provider.h
+++ b/src/libcharon/attributes/attribute_provider.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/attributes/attributes.c b/src/libcharon/attributes/attributes.c
index 0f28d55fa..d31b62c26 100644
--- a/src/libcharon/attributes/attributes.c
+++ b/src/libcharon/attributes/attributes.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/attributes/attributes.h b/src/libcharon/attributes/attributes.h
index dd1db4fc3..119143a55 100644
--- a/src/libcharon/attributes/attributes.h
+++ b/src/libcharon/attributes/attributes.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/attributes/mem_pool.c b/src/libcharon/attributes/mem_pool.c
index e1a9a6dce..6acf490be 100644
--- a/src/libcharon/attributes/mem_pool.c
+++ b/src/libcharon/attributes/mem_pool.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2008-2010 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/attributes/mem_pool.h b/src/libcharon/attributes/mem_pool.h
index 3ee1dd37d..06acbf8f8 100644
--- a/src/libcharon/attributes/mem_pool.h
+++ b/src/libcharon/attributes/mem_pool.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c
index 19943d060..f4c01c22e 100644
--- a/src/libcharon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2011-2016 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -827,7 +827,8 @@ METHOD(bus_t, ike_updown, void,
 		enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
 		while (enumerator->enumerate(enumerator, (void**)&child_sa))
 		{
-			if (child_sa->get_state(child_sa) != CHILD_REKEYED)
+			if (child_sa->get_state(child_sa) != CHILD_REKEYED &&
+				child_sa->get_state(child_sa) != CHILD_DELETED)
 			{
 				child_updown(this, child_sa, FALSE);
 			}
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 1e810a499..df75683be 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2016 Tobias Brunner
  * Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/bus/listeners/file_logger.c b/src/libcharon/bus/listeners/file_logger.c
index 7a53e9338..d1f180227 100644
--- a/src/libcharon/bus/listeners/file_logger.c
+++ b/src/libcharon/bus/listeners/file_logger.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2015 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/bus/listeners/file_logger.h b/src/libcharon/bus/listeners/file_logger.h
index 1bcfec150..85260b132 100644
--- a/src/libcharon/bus/listeners/file_logger.h
+++ b/src/libcharon/bus/listeners/file_logger.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2015 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index be0dfbe21..06057eb73 100644
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2011-2016 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/bus/listeners/logger.h b/src/libcharon/bus/listeners/logger.h
index d5432d3a8..7b5c1d21c 100644
--- a/src/libcharon/bus/listeners/logger.h
+++ b/src/libcharon/bus/listeners/logger.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/bus/listeners/sys_logger.c b/src/libcharon/bus/listeners/sys_logger.c
index 4aeb1c048..a3968a7f9 100644
--- a/src/libcharon/bus/listeners/sys_logger.c
+++ b/src/libcharon/bus/listeners/sys_logger.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/bus/listeners/sys_logger.h b/src/libcharon/bus/listeners/sys_logger.h
index 9a0fee018..28afe05ee 100644
--- a/src/libcharon/bus/listeners/sys_logger.h
+++ b/src/libcharon/bus/listeners/sys_logger.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/config/backend.h b/src/libcharon/config/backend.h
index aca3352ba..eab7583fa 100644
--- a/src/libcharon/config/backend.h
+++ b/src/libcharon/config/backend.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/config/backend_manager.c b/src/libcharon/config/backend_manager.c
index 4f154df9b..02a41a5b3 100644
--- a/src/libcharon/config/backend_manager.c
+++ b/src/libcharon/config/backend_manager.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/config/backend_manager.h b/src/libcharon/config/backend_manager.h
index cc8ef8785..8ec79ce28 100644
--- a/src/libcharon/config/backend_manager.h
+++ b/src/libcharon/config/backend_manager.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index 3d110e9a2..bc417f936 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -142,6 +142,11 @@ struct private_child_cfg_t {
 	 * anti-replay window size
 	 */
 	uint32_t replay_window;
+
+	/**
+	 * HW offload mode
+	 */
+	hw_offload_t hw_offload;
 };
 
 METHOD(child_cfg_t, get_name, char*,
@@ -467,6 +472,12 @@ METHOD(child_cfg_t, get_start_action, action_t,
 	return this->start_action;
 }
 
+METHOD(child_cfg_t, get_hw_offload, hw_offload_t,
+	private_child_cfg_t *this)
+{
+	return this->hw_offload;
+}
+
 METHOD(child_cfg_t, get_dpd_action, action_t,
 	private_child_cfg_t *this)
 {
@@ -652,6 +663,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
 			.equals = _equals,
 			.get_ref = _get_ref,
 			.destroy = _destroy,
+			.get_hw_offload = _get_hw_offload,
 		},
 		.name = strdup(name),
 		.options = data->options,
@@ -674,6 +686,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
 		.other_ts = linked_list_create(),
 		.replay_window = lib->settings->get_int(lib->settings,
 							"%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns),
+		.hw_offload = data->hw_offload,
 	);
 
 	return &this->public;
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index e2834fa8f..d566da3ec 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -182,6 +182,13 @@ struct child_cfg_t {
 	 */
 	action_t (*get_dpd_action) (child_cfg_t *this);
 
+	/**
+	 * Get the HW offload mode to use for the CHILD_SA.
+	 *
+	 * @return				hw offload mode
+	 */
+	hw_offload_t (*get_hw_offload) (child_cfg_t *this);
+
 	/**
 	 * Action to take if CHILD_SA gets closed.
 	 *
@@ -305,14 +312,11 @@ enum child_cfg_option_t {
 	/** Install outbound FWD IPsec policies to bypass drop policies */
 	OPT_FWD_OUT_POLICIES = (1<<4),
 
-	/** Enable hardware offload, if supported by the IPsec backend */
-	OPT_HW_OFFLOAD = (1<<5),
-
 	/** Force 96-bit truncation for SHA-256 */
-	OPT_SHA256_96 = (1<<6),
+	OPT_SHA256_96 = (1<<5),
 
 	/** Set mark on inbound SAs */
-	OPT_MARK_IN_SA = (1<<7),
+	OPT_MARK_IN_SA = (1<<6),
 };
 
 /**
@@ -347,6 +351,8 @@ struct child_cfg_create_t {
 	action_t close_action;
 	/** updown script to execute on up/down event (cloned) */
 	char *updown;
+	/** HW offload mode */
+	hw_offload_t hw_offload;
 };
 
 /**
diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index 64413204b..a73a5b5e2 100644
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012-2017 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h
index 81f2b6906..ac2deef70 100644
--- a/src/libcharon/config/ike_cfg.h
+++ b/src/libcharon/config/ike_cfg.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012-2017 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c
index 44a4d0aa8..589c536d2 100644
--- a/src/libcharon/control/controller.c
+++ b/src/libcharon/control/controller.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2011-2015 Tobias Brunner
  * Copyright (C) 2007-2011 Martin Willi
  * Copyright (C) 2011 revosec AG
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -117,10 +117,17 @@ struct interface_listener_t {
 	 */
 	spinlock_t *lock;
 
-	/**
-	 * whether to check limits
-	 */
-	bool limits;
+	union {
+		/**
+		 * whether to check limits during initiation
+		 */
+		bool limits;
+
+		/**
+		 * whether to force termination
+		 */
+		bool force;
+	} options;
 };
 
 
@@ -363,7 +370,7 @@ METHOD(listener_t, child_state_change_terminate, bool,
 			case CHILD_DESTROYING:
 				switch (child_sa->get_state(child_sa))
 				{
-					case CHILD_DELETING:
+					case CHILD_DELETED:
 						/* proper delete */
 						this->status = SUCCESS;
 						break;
@@ -423,7 +430,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
 	}
 	peer_cfg->destroy(peer_cfg);
 
-	if (listener->limits && ike_sa->get_state(ike_sa) == IKE_CREATED)
+	if (listener->options.limits && ike_sa->get_state(ike_sa) == IKE_CREATED)
 	{	/* only check if we are not reusing an IKE_SA */
 		u_int half_open, limit_half_open, limit_job_load;
 
@@ -508,7 +515,7 @@ METHOD(controller_t, initiate, status_t,
 			.child_cfg = child_cfg,
 			.peer_cfg = peer_cfg,
 			.lock = spinlock_create(),
-			.limits = limits,
+			.options.limits = limits,
 		},
 		.public = {
 			.execute = _initiate_execute,
@@ -557,8 +564,8 @@ METHOD(job_t, terminate_ike_execute, job_requeue_t,
 	listener->ike_sa = ike_sa;
 	listener->lock->unlock(listener->lock);
 
-	if (ike_sa->delete(ike_sa) != DESTROY_ME)
-	{	/* delete failed */
+	if (ike_sa->delete(ike_sa, listener->options.force) != DESTROY_ME)
+	{	/* delete queued */
 		listener->status = FAILED;
 		charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
 	}
@@ -575,7 +582,7 @@ METHOD(job_t, terminate_ike_execute, job_requeue_t,
 }
 
 METHOD(controller_t, terminate_ike, status_t,
-	controller_t *this, uint32_t unique_id,
+	controller_t *this, uint32_t unique_id, bool force,
 	controller_cb_t callback, void *param, u_int timeout)
 {
 	interface_job_t *job;
@@ -610,13 +617,24 @@ METHOD(controller_t, terminate_ike, status_t,
 
 	if (callback == NULL)
 	{
+		job->listener.options.force = force;
 		terminate_ike_execute(job);
 	}
 	else
 	{
+		if (!timeout)
+		{
+			job->listener.options.force = force;
+		}
 		if (wait_for_listener(job, timeout))
 		{
 			job->listener.status = OUT_OF_RES;
+
+			if (force)
+			{	/* force termination once timeout is reached */
+				job->listener.options.force = TRUE;
+				terminate_ike_execute(job);
+			}
 		}
 	}
 	status = job->listener.status;
@@ -646,17 +664,6 @@ METHOD(job_t, terminate_child_execute, job_requeue_t,
 	listener->ike_sa = ike_sa;
 	listener->lock->unlock(listener->lock);
 
-	if (child_sa->get_state(child_sa) == CHILD_ROUTED)
-	{
-		DBG1(DBG_IKE, "unable to terminate, established "
-			 "CHILD_SA with ID %d not found", id);
-		charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
-		listener->status = NOT_FOUND;
-		/* release listener */
-		listener_done(listener);
-		return JOB_REQUEUE_NONE;
-	}
-
 	if (ike_sa->delete_child_sa(ike_sa, child_sa->get_protocol(child_sa),
 					child_sa->get_spi(child_sa, TRUE), FALSE) != DESTROY_ME)
 	{
diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h
index 9524f53b9..af9baca01 100644
--- a/src/libcharon/control/controller.h
+++ b/src/libcharon/control/controller.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -102,6 +102,11 @@ struct controller_t {
 	 * until the IKE_SA is properly deleted, or the call timed out.
 	 *
 	 * @param unique_id		unique id of the IKE_SA to terminate.
+	 * @param force			whether to immediately destroy the IKE_SA without
+	 *						waiting for a response or retransmitting the delete,
+	 *						if a callback is provided and timeout is > 0 the
+	 *						IKE_SA is destroyed once the timeout is reached but
+	 *						retransmits are sent until then
 	 * @param cb			logging callback
 	 * @param param			parameter to include in each call of cb
 	 * @param timeout		timeout in ms to wait for callbacks, 0 to disable
@@ -112,7 +117,7 @@ struct controller_t {
 	 *						- OUT_OF_RES if timed out
 	 */
 	status_t (*terminate_ike)(controller_t *this, uint32_t unique_id,
-							  controller_cb_t callback, void *param,
+							  bool force, controller_cb_t callback, void *param,
 							  u_int timeout);
 
 	/**
diff --git a/src/libcharon/daemon.h b/src/libcharon/daemon.h
index a37a3148a..db87c7093 100644
--- a/src/libcharon/daemon.h
+++ b/src/libcharon/daemon.h
@@ -3,7 +3,7 @@
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/generator.c b/src/libcharon/encoding/generator.c
index dee1a3f73..369519b67 100644
--- a/src/libcharon/encoding/generator.c
+++ b/src/libcharon/encoding/generator.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2011 Tobias Brunner
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/generator.h b/src/libcharon/encoding/generator.h
index 9c7fe8979..63d55f4ee 100644
--- a/src/libcharon/encoding/generator.h
+++ b/src/libcharon/encoding/generator.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 735526e3c..1b8cd76f4 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -4,7 +4,7 @@
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h
index 732fd9b54..10ffbed56 100644
--- a/src/libcharon/encoding/message.h
+++ b/src/libcharon/encoding/message.h
@@ -3,7 +3,7 @@
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c
index c9d6b0d8f..9169ba202 100644
--- a/src/libcharon/encoding/parser.c
+++ b/src/libcharon/encoding/parser.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/parser.h b/src/libcharon/encoding/parser.h
index 8f073556e..140a3c4aa 100644
--- a/src/libcharon/encoding/parser.h
+++ b/src/libcharon/encoding/parser.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/auth_payload.c b/src/libcharon/encoding/payloads/auth_payload.c
index 9d03bb694..c7c1576bc 100644
--- a/src/libcharon/encoding/payloads/auth_payload.c
+++ b/src/libcharon/encoding/payloads/auth_payload.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/auth_payload.h b/src/libcharon/encoding/payloads/auth_payload.h
index b922d12c8..a90717df2 100644
--- a/src/libcharon/encoding/payloads/auth_payload.h
+++ b/src/libcharon/encoding/payloads/auth_payload.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c
index ea25ca73c..ca8c98592 100644
--- a/src/libcharon/encoding/payloads/cert_payload.c
+++ b/src/libcharon/encoding/payloads/cert_payload.c
@@ -3,7 +3,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/cert_payload.h b/src/libcharon/encoding/payloads/cert_payload.h
index e134aac8d..72ce4c1c6 100644
--- a/src/libcharon/encoding/payloads/cert_payload.h
+++ b/src/libcharon/encoding/payloads/cert_payload.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2008 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c
index 643fbc42f..79a830881 100644
--- a/src/libcharon/encoding/payloads/certreq_payload.c
+++ b/src/libcharon/encoding/payloads/certreq_payload.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/certreq_payload.h b/src/libcharon/encoding/payloads/certreq_payload.h
index 2915decf3..fce1470ba 100644
--- a/src/libcharon/encoding/payloads/certreq_payload.h
+++ b/src/libcharon/encoding/payloads/certreq_payload.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c
index 32e4828ba..a23ad148e 100644
--- a/src/libcharon/encoding/payloads/configuration_attribute.c
+++ b/src/libcharon/encoding/payloads/configuration_attribute.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/configuration_attribute.h b/src/libcharon/encoding/payloads/configuration_attribute.h
index 417ba731b..78dc65893 100644
--- a/src/libcharon/encoding/payloads/configuration_attribute.h
+++ b/src/libcharon/encoding/payloads/configuration_attribute.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c
index d86693ee2..16d72f096 100644
--- a/src/libcharon/encoding/payloads/cp_payload.c
+++ b/src/libcharon/encoding/payloads/cp_payload.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h
index 3e4763fb6..122dc4f83 100644
--- a/src/libcharon/encoding/payloads/cp_payload.h
+++ b/src/libcharon/encoding/payloads/cp_payload.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/delete_payload.c b/src/libcharon/encoding/payloads/delete_payload.c
index 3634cd36c..30faceaba 100644
--- a/src/libcharon/encoding/payloads/delete_payload.c
+++ b/src/libcharon/encoding/payloads/delete_payload.c
@@ -3,7 +3,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/delete_payload.h b/src/libcharon/encoding/payloads/delete_payload.h
index 06ed76c2e..c96d63740 100644
--- a/src/libcharon/encoding/payloads/delete_payload.h
+++ b/src/libcharon/encoding/payloads/delete_payload.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c
index cbf74eb73..c2900aa4e 100644
--- a/src/libcharon/encoding/payloads/eap_payload.c
+++ b/src/libcharon/encoding/payloads/eap_payload.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/eap_payload.h b/src/libcharon/encoding/payloads/eap_payload.h
index abaefde28..da8a9466a 100644
--- a/src/libcharon/encoding/payloads/eap_payload.h
+++ b/src/libcharon/encoding/payloads/eap_payload.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/encodings.c b/src/libcharon/encoding/payloads/encodings.c
index 62de81120..e81122e87 100644
--- a/src/libcharon/encoding/payloads/encodings.c
+++ b/src/libcharon/encoding/payloads/encodings.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/encodings.h b/src/libcharon/encoding/payloads/encodings.h
index 9ff23753a..daa179530 100644
--- a/src/libcharon/encoding/payloads/encodings.h
+++ b/src/libcharon/encoding/payloads/encodings.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/encrypted_fragment_payload.h b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h
index 6ff61dd65..7988000e8 100644
--- a/src/libcharon/encoding/payloads/encrypted_fragment_payload.h
+++ b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c
index a033f6081..4f4b1d1d6 100644
--- a/src/libcharon/encoding/payloads/encrypted_payload.c
+++ b/src/libcharon/encoding/payloads/encrypted_payload.c
@@ -3,7 +3,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/encrypted_payload.h b/src/libcharon/encoding/payloads/encrypted_payload.h
index 19c60c5be..72a256553 100644
--- a/src/libcharon/encoding/payloads/encrypted_payload.h
+++ b/src/libcharon/encoding/payloads/encrypted_payload.h
@@ -3,7 +3,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/endpoint_notify.c b/src/libcharon/encoding/payloads/endpoint_notify.c
index afeee72e4..63d7a6dbc 100644
--- a/src/libcharon/encoding/payloads/endpoint_notify.c
+++ b/src/libcharon/encoding/payloads/endpoint_notify.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/endpoint_notify.h b/src/libcharon/encoding/payloads/endpoint_notify.h
index f4cf89fd7..fbc97724f 100644
--- a/src/libcharon/encoding/payloads/endpoint_notify.h
+++ b/src/libcharon/encoding/payloads/endpoint_notify.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/fragment_payload.c b/src/libcharon/encoding/payloads/fragment_payload.c
index fecd05f05..567cd4749 100644
--- a/src/libcharon/encoding/payloads/fragment_payload.c
+++ b/src/libcharon/encoding/payloads/fragment_payload.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/fragment_payload.h b/src/libcharon/encoding/payloads/fragment_payload.h
index a756601a0..fa53e04ac 100644
--- a/src/libcharon/encoding/payloads/fragment_payload.h
+++ b/src/libcharon/encoding/payloads/fragment_payload.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c
index ae0b19a9d..b2f1adbbc 100644
--- a/src/libcharon/encoding/payloads/id_payload.c
+++ b/src/libcharon/encoding/payloads/id_payload.c
@@ -3,7 +3,7 @@
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2007-2011 Tobias Brunner
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/id_payload.h b/src/libcharon/encoding/payloads/id_payload.h
index df1d07553..283780624 100644
--- a/src/libcharon/encoding/payloads/id_payload.h
+++ b/src/libcharon/encoding/payloads/id_payload.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2007 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c
index 61a0424e3..6a39dc892 100644
--- a/src/libcharon/encoding/payloads/ike_header.c
+++ b/src/libcharon/encoding/payloads/ike_header.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2007 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/ike_header.h b/src/libcharon/encoding/payloads/ike_header.h
index fa89c3939..b7694b5cb 100644
--- a/src/libcharon/encoding/payloads/ike_header.h
+++ b/src/libcharon/encoding/payloads/ike_header.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2007 Tobias Brunner
  * Copyright (C) 2005-2011 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c
index 37f3adf88..59e8930c1 100644
--- a/src/libcharon/encoding/payloads/ke_payload.c
+++ b/src/libcharon/encoding/payloads/ke_payload.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/ke_payload.h b/src/libcharon/encoding/payloads/ke_payload.h
index 96c5096a5..71fffc744 100644
--- a/src/libcharon/encoding/payloads/ke_payload.h
+++ b/src/libcharon/encoding/payloads/ke_payload.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/nonce_payload.c b/src/libcharon/encoding/payloads/nonce_payload.c
index 52b09b663..c3816603a 100644
--- a/src/libcharon/encoding/payloads/nonce_payload.c
+++ b/src/libcharon/encoding/payloads/nonce_payload.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/nonce_payload.h b/src/libcharon/encoding/payloads/nonce_payload.h
index ee8ad17f7..89fa62f15 100644
--- a/src/libcharon/encoding/payloads/nonce_payload.h
+++ b/src/libcharon/encoding/payloads/nonce_payload.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c
index ca7ef3a45..0c6f010b5 100644
--- a/src/libcharon/encoding/payloads/notify_payload.c
+++ b/src/libcharon/encoding/payloads/notify_payload.c
@@ -4,7 +4,7 @@
  * Copyright (C) 2006-2008 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index 04160bbfc..39e4c915b 100644
--- a/src/libcharon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
@@ -3,7 +3,7 @@
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c
index 6d1894edb..e2a56f9ff 100644
--- a/src/libcharon/encoding/payloads/payload.c
+++ b/src/libcharon/encoding/payloads/payload.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2007 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h
index 8ba1ef9f5..261fcf600 100644
--- a/src/libcharon/encoding/payloads/payload.h
+++ b/src/libcharon/encoding/payloads/payload.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2007-2015 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index c3f06391a..415417566 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012-2014 Tobias Brunner
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h
index cad597e58..be7da840a 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.h
+++ b/src/libcharon/encoding/payloads/proposal_substructure.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c
index 9c0b071da..5f0ffd326 100644
--- a/src/libcharon/encoding/payloads/sa_payload.c
+++ b/src/libcharon/encoding/payloads/sa_payload.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012-2014 Tobias Brunner
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h
index f01c45130..d6c73009e 100644
--- a/src/libcharon/encoding/payloads/sa_payload.h
+++ b/src/libcharon/encoding/payloads/sa_payload.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c
index f69fee3ae..febf0c410 100644
--- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c
+++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.h b/src/libcharon/encoding/payloads/traffic_selector_substructure.h
index c7a54435b..5901103ff 100644
--- a/src/libcharon/encoding/payloads/traffic_selector_substructure.h
+++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c
index 860607faf..c74bacff1 100644
--- a/src/libcharon/encoding/payloads/transform_attribute.c
+++ b/src/libcharon/encoding/payloads/transform_attribute.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/transform_attribute.h b/src/libcharon/encoding/payloads/transform_attribute.h
index 2e86a409c..c2d7c5b3f 100644
--- a/src/libcharon/encoding/payloads/transform_attribute.h
+++ b/src/libcharon/encoding/payloads/transform_attribute.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c
index 11e4b462d..96aebe601 100644
--- a/src/libcharon/encoding/payloads/transform_substructure.c
+++ b/src/libcharon/encoding/payloads/transform_substructure.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h
index a9d4f9f7d..5bbc80a81 100644
--- a/src/libcharon/encoding/payloads/transform_substructure.h
+++ b/src/libcharon/encoding/payloads/transform_substructure.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c
index 0b2d4de57..2862b6acf 100644
--- a/src/libcharon/encoding/payloads/ts_payload.c
+++ b/src/libcharon/encoding/payloads/ts_payload.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/ts_payload.h b/src/libcharon/encoding/payloads/ts_payload.h
index 933245c62..8b7824849 100644
--- a/src/libcharon/encoding/payloads/ts_payload.h
+++ b/src/libcharon/encoding/payloads/ts_payload.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/unknown_payload.c b/src/libcharon/encoding/payloads/unknown_payload.c
index adbf2c8f2..b3f82d079 100644
--- a/src/libcharon/encoding/payloads/unknown_payload.c
+++ b/src/libcharon/encoding/payloads/unknown_payload.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/unknown_payload.h b/src/libcharon/encoding/payloads/unknown_payload.h
index 09341bcc7..74c17cd87 100644
--- a/src/libcharon/encoding/payloads/unknown_payload.h
+++ b/src/libcharon/encoding/payloads/unknown_payload.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.c b/src/libcharon/encoding/payloads/vendor_id_payload.c
index 7db9a69d3..c96b62ece 100644
--- a/src/libcharon/encoding/payloads/vendor_id_payload.c
+++ b/src/libcharon/encoding/payloads/vendor_id_payload.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.h b/src/libcharon/encoding/payloads/vendor_id_payload.h
index 42c31f921..92097b0e8 100644
--- a/src/libcharon/encoding/payloads/vendor_id_payload.h
+++ b/src/libcharon/encoding/payloads/vendor_id_payload.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/kernel/kernel_handler.c b/src/libcharon/kernel/kernel_handler.c
index 71121908b..006304d5e 100644
--- a/src/libcharon/kernel/kernel_handler.c
+++ b/src/libcharon/kernel/kernel_handler.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/kernel/kernel_handler.h b/src/libcharon/kernel/kernel_handler.h
index f1fa0bdfc..7e54f1111 100644
--- a/src/libcharon/kernel/kernel_handler.h
+++ b/src/libcharon/kernel/kernel_handler.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/kernel/kernel_ipsec.c b/src/libcharon/kernel/kernel_ipsec.c
index 0440f11bb..0d79d228e 100644
--- a/src/libcharon/kernel/kernel_ipsec.c
+++ b/src/libcharon/kernel/kernel_ipsec.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h
index b75304031..94b9c284b 100644
--- a/src/libcharon/kernel/kernel_ipsec.h
+++ b/src/libcharon/kernel/kernel_ipsec.h
@@ -91,8 +91,8 @@ struct kernel_ipsec_add_sa_t {
 	uint16_t cpi;
 	/** TRUE to enable UDP encapsulation for NAT traversal */
 	bool encap;
-	/** TRUE to enable hardware offloading if available */
-	bool hw_offload;
+	/** no (disabled), yes (enabled), auto (enabled if supported) */
+	hw_offload_t hw_offload;
 	/** TRUE to use Extended Sequence Numbers */
 	bool esn;
 	/** TRUE if initiator of the exchange creating the SA */
diff --git a/src/libcharon/kernel/kernel_listener.h b/src/libcharon/kernel/kernel_listener.h
index aaeb4f5b7..b790ed1ee 100644
--- a/src/libcharon/kernel/kernel_listener.h
+++ b/src/libcharon/kernel/kernel_listener.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010-2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index 8fb48281f..4c72b5609 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2008-2012 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/network/receiver.h b/src/libcharon/network/receiver.h
index 58bfe4a96..25d6e1f7b 100644
--- a/src/libcharon/network/receiver.h
+++ b/src/libcharon/network/receiver.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/network/sender.c b/src/libcharon/network/sender.c
index bed4f35ce..04cd4dc01 100644
--- a/src/libcharon/network/sender.c
+++ b/src/libcharon/network/sender.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/network/sender.h b/src/libcharon/network/sender.h
index 080559b89..bd90a4426 100644
--- a/src/libcharon/network/sender.h
+++ b/src/libcharon/network/sender.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/network/socket.h b/src/libcharon/network/socket.h
index b084d96a2..e8ee5e347 100644
--- a/src/libcharon/network/socket.h
+++ b/src/libcharon/network/socket.h
@@ -3,7 +3,7 @@
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/network/socket_manager.c b/src/libcharon/network/socket_manager.c
index 564608d77..0a7ac9d11 100644
--- a/src/libcharon/network/socket_manager.c
+++ b/src/libcharon/network/socket_manager.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010-2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  *
diff --git a/src/libcharon/network/socket_manager.h b/src/libcharon/network/socket_manager.h
index cde7859c2..38baaea91 100644
--- a/src/libcharon/network/socket_manager.h
+++ b/src/libcharon/network/socket_manager.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010-2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  *
diff --git a/src/libcharon/plugins/addrblock/addrblock_narrow.c b/src/libcharon/plugins/addrblock/addrblock_narrow.c
index 3b3b72ff8..8dfad7da7 100644
--- a/src/libcharon/plugins/addrblock/addrblock_narrow.c
+++ b/src/libcharon/plugins/addrblock/addrblock_narrow.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/addrblock/addrblock_validator.c b/src/libcharon/plugins/addrblock/addrblock_validator.c
index 78e377c2a..c5b634b02 100644
--- a/src/libcharon/plugins/addrblock/addrblock_validator.c
+++ b/src/libcharon/plugins/addrblock/addrblock_validator.c
@@ -1,6 +1,9 @@
 /*
- * Copyright (C) 2010 Martin Willi, revosec AG
- * Copyright (C) 2009 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * Copyright (C) 2009 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/android_dns/android_dns_handler.c b/src/libcharon/plugins/android_dns/android_dns_handler.c
index 68bbaecb2..500a44667 100644
--- a/src/libcharon/plugins/android_dns/android_dns_handler.c
+++ b/src/libcharon/plugins/android_dns/android_dns_handler.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2010-2013 Tobias Brunner
  * Copyright (C) 2010 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/android_dns/android_dns_handler.h b/src/libcharon/plugins/android_dns/android_dns_handler.h
index d7b089dca..7344576af 100644
--- a/src/libcharon/plugins/android_dns/android_dns_handler.h
+++ b/src/libcharon/plugins/android_dns/android_dns_handler.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2010-2011 Tobias Brunner
  * Copyright (C) 2010 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/android_dns/android_dns_plugin.c b/src/libcharon/plugins/android_dns/android_dns_plugin.c
index 9b6ec0dba..083060556 100644
--- a/src/libcharon/plugins/android_dns/android_dns_plugin.c
+++ b/src/libcharon/plugins/android_dns/android_dns_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010-2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/android_dns/android_dns_plugin.h b/src/libcharon/plugins/android_dns/android_dns_plugin.h
index e9e57dc24..6716ac718 100644
--- a/src/libcharon/plugins/android_dns/android_dns_plugin.h
+++ b/src/libcharon/plugins/android_dns/android_dns_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/android_log/android_log_logger.c b/src/libcharon/plugins/android_log/android_log_logger.c
index 99eb66bb1..a771ef504 100644
--- a/src/libcharon/plugins/android_log/android_log_logger.c
+++ b/src/libcharon/plugins/android_log/android_log_logger.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010-2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/android_log/android_log_logger.h b/src/libcharon/plugins/android_log/android_log_logger.h
index ed271bf6c..8ae032d9e 100644
--- a/src/libcharon/plugins/android_log/android_log_logger.h
+++ b/src/libcharon/plugins/android_log/android_log_logger.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/android_log/android_log_plugin.c b/src/libcharon/plugins/android_log/android_log_plugin.c
index 515917a22..faab918e2 100644
--- a/src/libcharon/plugins/android_log/android_log_plugin.c
+++ b/src/libcharon/plugins/android_log/android_log_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/android_log/android_log_plugin.h b/src/libcharon/plugins/android_log/android_log_plugin.h
index 32c4dc10b..c5d98517e 100644
--- a/src/libcharon/plugins/android_log/android_log_plugin.h
+++ b/src/libcharon/plugins/android_log/android_log_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/attr/attr_plugin.c b/src/libcharon/plugins/attr/attr_plugin.c
index 9b15c3cc9..407a39ac7 100644
--- a/src/libcharon/plugins/attr/attr_plugin.c
+++ b/src/libcharon/plugins/attr/attr_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/attr/attr_plugin.h b/src/libcharon/plugins/attr/attr_plugin.h
index 0c6eebfa7..c9ba73893 100644
--- a/src/libcharon/plugins/attr/attr_plugin.h
+++ b/src/libcharon/plugins/attr/attr_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/attr/attr_provider.c b/src/libcharon/plugins/attr/attr_provider.c
index 3310f79fd..7e0f1b787 100644
--- a/src/libcharon/plugins/attr/attr_provider.c
+++ b/src/libcharon/plugins/attr/attr_provider.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/attr/attr_provider.h b/src/libcharon/plugins/attr/attr_provider.h
index 17db30408..d2ee6b952 100644
--- a/src/libcharon/plugins/attr/attr_provider.h
+++ b/src/libcharon/plugins/attr/attr_provider.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/attr_sql/attr_sql_plugin.c b/src/libcharon/plugins/attr_sql/attr_sql_plugin.c
index 908877514..eb5f018fd 100644
--- a/src/libcharon/plugins/attr_sql/attr_sql_plugin.c
+++ b/src/libcharon/plugins/attr_sql/attr_sql_plugin.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/attr_sql/attr_sql_plugin.h b/src/libcharon/plugins/attr_sql/attr_sql_plugin.h
index b6b04ccc0..3444d33e5 100644
--- a/src/libcharon/plugins/attr_sql/attr_sql_plugin.h
+++ b/src/libcharon/plugins/attr_sql/attr_sql_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/attr_sql/attr_sql_provider.c b/src/libcharon/plugins/attr_sql/attr_sql_provider.c
index 33d9f99fc..f6e1c75e4 100644
--- a/src/libcharon/plugins/attr_sql/attr_sql_provider.c
+++ b/src/libcharon/plugins/attr_sql/attr_sql_provider.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/attr_sql/attr_sql_provider.h b/src/libcharon/plugins/attr_sql/attr_sql_provider.h
index a9b037bf5..43eb70951 100644
--- a/src/libcharon/plugins/attr_sql/attr_sql_provider.h
+++ b/src/libcharon/plugins/attr_sql/attr_sql_provider.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/connmark/connmark_listener.c b/src/libcharon/plugins/connmark/connmark_listener.c
index 29f7cac42..7d23f1a23 100644
--- a/src/libcharon/plugins/connmark/connmark_listener.c
+++ b/src/libcharon/plugins/connmark/connmark_listener.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
diff --git a/src/libcharon/plugins/dhcp/dhcp_plugin.c b/src/libcharon/plugins/dhcp/dhcp_plugin.c
index 642e28afc..976de6b54 100644
--- a/src/libcharon/plugins/dhcp/dhcp_plugin.c
+++ b/src/libcharon/plugins/dhcp/dhcp_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c
index 7541c3b49..c26fcc920 100644
--- a/src/libcharon/plugins/dhcp/dhcp_socket.c
+++ b/src/libcharon/plugins/dhcp/dhcp_socket.c
@@ -1,4 +1,7 @@
 /*
+ * Copyright (C) 2012-2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  *
@@ -157,7 +160,7 @@ typedef struct __attribute__((packed)) {
 } dhcp_option_t;
 
 /**
- * DHCP message format, with a maximum size options buffer
+ * DHCP message format, with a minimum size options buffer
  */
 typedef struct __attribute__((packed)) {
 	uint8_t opcode;
@@ -176,9 +179,19 @@ typedef struct __attribute__((packed)) {
 	char server_hostname[64];
 	char boot_filename[128];
 	uint32_t magic_cookie;
-	u_char options[252];
+	u_char options[308];
 } dhcp_t;
 
+/**
+ * Check if the given address equals the broadcast address
+ */
+static inline bool is_broadcast(host_t *host)
+{
+	chunk_t broadcast = chunk_from_chars(0xFF,0xFF,0xFF,0xFF);
+
+	return chunk_equals(broadcast, host->get_address(host));
+}
+
 /**
  * Prepare a DHCP message for a given transaction
  */
@@ -186,10 +199,10 @@ static int prepare_dhcp(private_dhcp_socket_t *this,
 						dhcp_transaction_t *transaction,
 						dhcp_message_type_t type, dhcp_t *dhcp)
 {
-	chunk_t chunk, broadcast = chunk_from_chars(0xFF,0xFF,0xFF,0xFF);
+	chunk_t chunk;
 	identification_t *identity;
 	dhcp_option_t *option;
-	int optlen = 0;
+	int optlen = 0, remaining;
 	host_t *src;
 	uint32_t id;
 
@@ -198,7 +211,7 @@ static int prepare_dhcp(private_dhcp_socket_t *this,
 	dhcp->hw_type = ARPHRD_ETHER;
 	dhcp->hw_addr_len = 6;
 	dhcp->transaction_id = transaction->get_id(transaction);
-	if (chunk_equals(broadcast, this->dst->get_address(this->dst)))
+	if (is_broadcast(this->dst))
 	{
 		/* Set broadcast flag to get broadcasted replies, as we actually
 		 * do not own the MAC we request an address for. */
@@ -241,21 +254,29 @@ static int prepare_dhcp(private_dhcp_socket_t *this,
 	option->data[0] = type;
 	optlen += sizeof(dhcp_option_t) + option->len;
 
+	/* the REQUEST message has the most static overhead in the 'options' field
+	 * with 17 bytes */
+	remaining = sizeof(dhcp->options) - optlen - 17;
+
 	if (identity->get_type(identity) == ID_FQDN)
 	{
 		option = (dhcp_option_t*)&dhcp->options[optlen];
 		option->type = DHCP_HOST_NAME;
-		option->len = min(chunk.len, 64);
+		option->len = min(min(chunk.len, remaining-sizeof(dhcp_option_t)), 255);
 		memcpy(option->data, chunk.ptr, option->len);
 		optlen += sizeof(dhcp_option_t) + option->len;
+		remaining -= sizeof(dhcp_option_t) + option->len;
 	}
 
-	option = (dhcp_option_t*)&dhcp->options[optlen];
-	option->type = DHCP_CLIENT_ID;
-	option->len = min(chunk.len, 64);
-	memcpy(option->data, chunk.ptr, option->len);
-	optlen += sizeof(dhcp_option_t) + option->len;
-
+	if (this->identity_lease &&
+		remaining >= sizeof(dhcp_option_t) + 2)
+	{
+		option = (dhcp_option_t*)&dhcp->options[optlen];
+		option->type = DHCP_CLIENT_ID;
+		option->len = min(min(chunk.len, remaining-sizeof(dhcp_option_t)), 255);
+		memcpy(option->data, chunk.ptr, option->len);
+		optlen += sizeof(dhcp_option_t) + option->len;
+	}
 	return optlen;
 }
 
@@ -273,7 +294,7 @@ static bool send_dhcp(private_dhcp_socket_t *this,
 	{
 		dst = this->dst;
 	}
-	len = offsetof(dhcp_t, magic_cookie) + ((optlen + 4) / 64 * 64 + 64);
+	len = offsetof(dhcp_t, magic_cookie) + optlen + 4;
 	return sendto(this->send, dhcp, len, 0, dst->get_sockaddr(dst),
 				  *dst->get_sockaddr_len(dst)) == len;
 }
@@ -675,7 +696,7 @@ dhcp_socket_t *dhcp_socket_create()
 		},
 	};
 	char *iface;
-	int on = 1;
+	int on = 1, rcvbuf = 0;
 	struct sock_filter dhcp_filter_code[] = {
 		BPF_STMT(BPF_LD+BPF_B+BPF_ABS,
 				 offsetof(struct iphdr, protocol)),
@@ -685,9 +706,9 @@ dhcp_socket_t *dhcp_socket_create()
 		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 14),
 		BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) +
 				 offsetof(struct udphdr, dest)),
-		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_CLIENT_PORT, 0, 2),
-		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 1),
-		BPF_JUMP(BPF_JMP+BPF_JA, 0, 0, 10),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_CLIENT_PORT, 2, 0),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 1, 0),
+		BPF_JUMP(BPF_JMP+BPF_JA, 10, 0, 0),
 		BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
 				 sizeof(struct udphdr) + offsetof(dhcp_t, opcode)),
 		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, BOOTREPLY, 0, 8),
@@ -766,6 +787,30 @@ dhcp_socket_t *dhcp_socket_create()
 		destroy(this);
 		return NULL;
 	}
+	/* we won't read any data from this socket, so reduce the buffer to save
+	 * some memory (there is some minimum, still try 0, though).
+	 * note that we might steal some packets from other processes if e.g. a DHCP
+	 * client (or server) is running on the same host, but by reducing the
+	 * buffer size the impact should be minimized */
+	if (setsockopt(this->send, SOL_SOCKET, SO_RCVBUF, &rcvbuf,
+				   sizeof(rcvbuf)) == -1)
+	{
+		DBG1(DBG_CFG, "unable to reduce receive buffer on DHCP send socket: %s",
+			 strerror(errno));
+		destroy(this);
+		return NULL;
+	}
+	if (!is_broadcast(this->dst))
+	{
+		/* when setting giaddr (which we do when we don't broadcast), the server
+		 * should respond to the server port on that IP, according to RFC 2131,
+		 * section 4.1.  while we do receive such messages via raw socket, the
+		 * kernel will respond with an ICMP port unreachable if there is no
+		 * socket bound to that port, which might be problematic with certain
+		 * DHCP servers.  instead of opening an additional socket, that we don't
+		 * actually use, we can also just send our requests from port 67 */
+		src.sin_port = htons(DHCP_SERVER_PORT);
+	}
 	if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1)
 	{
 		DBG1(DBG_CFG, "unable to bind DHCP send socket: %s", strerror(errno));
diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.h b/src/libcharon/plugins/dhcp/dhcp_transaction.h
index 0c614f7b1..61fee2a8e 100644
--- a/src/libcharon/plugins/dhcp/dhcp_transaction.h
+++ b/src/libcharon/plugins/dhcp/dhcp_transaction.h
@@ -33,7 +33,7 @@ typedef struct dhcp_transaction_t dhcp_transaction_t;
 struct dhcp_transaction_t {
 
 	/**
-	 * Get the DCHP transaction ID.
+	 * Get the DHCP transaction ID.
 	 *
 	 * @return			DHCP transaction identifier
 	 */
@@ -61,7 +61,7 @@ struct dhcp_transaction_t {
 	host_t* (*get_address)(dhcp_transaction_t *this);
 
 	/**
-	 * Set the DCHP server address discovered.
+	 * Set the DHCP server address discovered.
 	 *
 	 * @param server	DHCP server address
 	 */
@@ -75,7 +75,7 @@ struct dhcp_transaction_t {
 	host_t* (*get_server)(dhcp_transaction_t *this);
 
 	/**
-	 * An an additional attribute to serve to peer.
+	 * Add an additional attribute to serve to peer.
 	 *
 	 * @param type		type of attribute
 	 * @param data		attribute data
diff --git a/src/libcharon/plugins/dnscert/dnscert_cred.c b/src/libcharon/plugins/dnscert/dnscert_cred.c
index 533bd5be4..54d25e11b 100644
--- a/src/libcharon/plugins/dnscert/dnscert_cred.c
+++ b/src/libcharon/plugins/dnscert/dnscert_cred.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/dnscert/dnscert_plugin.c b/src/libcharon/plugins/dnscert/dnscert_plugin.c
index 1b93480cf..6eed698b9 100644
--- a/src/libcharon/plugins/dnscert/dnscert_plugin.c
+++ b/src/libcharon/plugins/dnscert/dnscert_plugin.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka/eap_aka_peer.c b/src/libcharon/plugins/eap_aka/eap_aka_peer.c
index 3ab053ba6..fa4dd37af 100644
--- a/src/libcharon/plugins/eap_aka/eap_aka_peer.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka/eap_aka_peer.h b/src/libcharon/plugins/eap_aka/eap_aka_peer.h
index b6ab5cdc5..35d15187a 100644
--- a/src/libcharon/plugins/eap_aka/eap_aka_peer.h
+++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka/eap_aka_plugin.c b/src/libcharon/plugins/eap_aka/eap_aka_plugin.c
index 83805d727..126667d50 100644
--- a/src/libcharon/plugins/eap_aka/eap_aka_plugin.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka/eap_aka_plugin.h b/src/libcharon/plugins/eap_aka/eap_aka_plugin.h
index 8d4fbadfa..b1603e3f4 100644
--- a/src/libcharon/plugins/eap_aka/eap_aka_plugin.h
+++ b/src/libcharon/plugins/eap_aka/eap_aka_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka/eap_aka_server.c b/src/libcharon/plugins/eap_aka/eap_aka_server.c
index 1ede56757..e6175267c 100644
--- a/src/libcharon/plugins/eap_aka/eap_aka_server.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_server.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka/eap_aka_server.h b/src/libcharon/plugins/eap_aka/eap_aka_server.h
index 5c95180ac..d4c4053e9 100644
--- a/src/libcharon/plugins/eap_aka/eap_aka_server.h
+++ b/src/libcharon/plugins/eap_aka/eap_aka_server.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp/Makefile.am b/src/libcharon/plugins/eap_aka_3gpp/Makefile.am
index 5e230ea3b..97de388c3 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/Makefile.am
+++ b/src/libcharon/plugins/eap_aka_3gpp/Makefile.am
@@ -6,17 +6,24 @@ AM_CPPFLAGS = \
 AM_CFLAGS = \
 	$(PLUGIN_CFLAGS)
 
-libstrongswan_eap_aka_3gpp_la_LDFLAGS = -module -avoid-version
+# these files are also used by the tests, we can't directly refer to them
+# because of the subdirectory, which would cause distclean to fail
+noinst_LTLIBRARIES = libeap_aka_3gpp.la
+libeap_aka_3gpp_la_SOURCES = \
+	eap_aka_3gpp_functions.h eap_aka_3gpp_functions.c
+
+libstrongswan_eap_aka_3gpp_la_LIBADD = libeap_aka_3gpp.la
 
 if MONOLITHIC
-noinst_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la
+noinst_LTLIBRARIES += libstrongswan-eap-aka-3gpp.la
 else
 plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la
-libstrongswan_eap_aka_3gpp_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
+libstrongswan_eap_aka_3gpp_la_LIBADD += $(top_builddir)/src/libsimaka/libsimaka.la
 endif
 
 libstrongswan_eap_aka_3gpp_la_SOURCES = \
 	eap_aka_3gpp_plugin.h eap_aka_3gpp_plugin.c \
 	eap_aka_3gpp_card.h eap_aka_3gpp_card.c \
-	eap_aka_3gpp_provider.h eap_aka_3gpp_provider.c \
-	eap_aka_3gpp_functions.h eap_aka_3gpp_functions.c
+	eap_aka_3gpp_provider.h eap_aka_3gpp_provider.c
+
+libstrongswan_eap_aka_3gpp_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/eap_aka_3gpp/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in
index 2f3d0b83e..d8515c05b 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in
@@ -88,6 +88,8 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
+@MONOLITHIC_TRUE@am__append_1 = libstrongswan-eap-aka-3gpp.la
+@MONOLITHIC_FALSE@am__append_2 = $(top_builddir)/src/libsimaka/libsimaka.la
 subdir = src/libcharon/plugins/eap_aka_3gpp
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -136,17 +138,19 @@ am__uninstall_files_from_dir = { \
   }
 am__installdirs = "$(DESTDIR)$(plugindir)"
 LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
-@MONOLITHIC_FALSE@libstrongswan_eap_aka_3gpp_la_DEPENDENCIES =  \
-@MONOLITHIC_FALSE@	$(top_builddir)/src/libsimaka/libsimaka.la
-am_libstrongswan_eap_aka_3gpp_la_OBJECTS = eap_aka_3gpp_plugin.lo \
-	eap_aka_3gpp_card.lo eap_aka_3gpp_provider.lo \
-	eap_aka_3gpp_functions.lo
-libstrongswan_eap_aka_3gpp_la_OBJECTS =  \
-	$(am_libstrongswan_eap_aka_3gpp_la_OBJECTS)
+libeap_aka_3gpp_la_LIBADD =
+am_libeap_aka_3gpp_la_OBJECTS = eap_aka_3gpp_functions.lo
+libeap_aka_3gpp_la_OBJECTS = $(am_libeap_aka_3gpp_la_OBJECTS)
 AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
+libstrongswan_eap_aka_3gpp_la_DEPENDENCIES = libeap_aka_3gpp.la \
+	$(am__append_2)
+am_libstrongswan_eap_aka_3gpp_la_OBJECTS = eap_aka_3gpp_plugin.lo \
+	eap_aka_3gpp_card.lo eap_aka_3gpp_provider.lo
+libstrongswan_eap_aka_3gpp_la_OBJECTS =  \
+	$(am_libstrongswan_eap_aka_3gpp_la_OBJECTS)
 libstrongswan_eap_aka_3gpp_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) \
@@ -188,8 +192,10 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = $(libstrongswan_eap_aka_3gpp_la_SOURCES)
-DIST_SOURCES = $(libstrongswan_eap_aka_3gpp_la_SOURCES)
+SOURCES = $(libeap_aka_3gpp_la_SOURCES) \
+	$(libstrongswan_eap_aka_3gpp_la_SOURCES)
+DIST_SOURCES = $(libeap_aka_3gpp_la_SOURCES) \
+	$(libstrongswan_eap_aka_3gpp_la_SOURCES)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -462,16 +468,22 @@ AM_CPPFLAGS = \
 AM_CFLAGS = \
 	$(PLUGIN_CFLAGS)
 
-libstrongswan_eap_aka_3gpp_la_LDFLAGS = -module -avoid-version
-@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la
+
+# these files are also used by the tests, we can't directly refer to them
+# because of the subdirectory, which would cause distclean to fail
+noinst_LTLIBRARIES = libeap_aka_3gpp.la $(am__append_1)
+libeap_aka_3gpp_la_SOURCES = \
+	eap_aka_3gpp_functions.h eap_aka_3gpp_functions.c
+
+libstrongswan_eap_aka_3gpp_la_LIBADD = libeap_aka_3gpp.la \
+	$(am__append_2)
 @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp.la
-@MONOLITHIC_FALSE@libstrongswan_eap_aka_3gpp_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
 libstrongswan_eap_aka_3gpp_la_SOURCES = \
 	eap_aka_3gpp_plugin.h eap_aka_3gpp_plugin.c \
 	eap_aka_3gpp_card.h eap_aka_3gpp_card.c \
-	eap_aka_3gpp_provider.h eap_aka_3gpp_provider.c \
-	eap_aka_3gpp_functions.h eap_aka_3gpp_functions.c
+	eap_aka_3gpp_provider.h eap_aka_3gpp_provider.c
 
+libstrongswan_eap_aka_3gpp_la_LDFLAGS = -module -avoid-version
 all: all-am
 
 .SUFFIXES:
@@ -552,6 +564,9 @@ clean-pluginLTLIBRARIES:
 	  rm -f $${locs}; \
 	}
 
+libeap_aka_3gpp.la: $(libeap_aka_3gpp_la_OBJECTS) $(libeap_aka_3gpp_la_DEPENDENCIES) $(EXTRA_libeap_aka_3gpp_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(LINK)  $(libeap_aka_3gpp_la_OBJECTS) $(libeap_aka_3gpp_la_LIBADD) $(LIBS)
+
 libstrongswan-eap-aka-3gpp.la: $(libstrongswan_eap_aka_3gpp_la_OBJECTS) $(libstrongswan_eap_aka_3gpp_la_DEPENDENCIES) $(EXTRA_libstrongswan_eap_aka_3gpp_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(libstrongswan_eap_aka_3gpp_la_LINK) $(am_libstrongswan_eap_aka_3gpp_la_rpath) $(libstrongswan_eap_aka_3gpp_la_OBJECTS) $(libstrongswan_eap_aka_3gpp_la_LIBADD) $(LIBS)
 
diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c
index 22c1181ad..e77c75149 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c
+++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h
index 0ef90681f..48a3f5055 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h
+++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_card.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h
index c089cd385..c9fb1a983 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h
+++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c
index 650af86d9..061961fcf 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c
+++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h
index e101f4be6..ea2461fcc 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h
+++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c
index d5112d390..1486b6279 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c
+++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h
index 6af8b4b4f..e75763027 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h
+++ b/src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_provider.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.am b/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.am
new file mode 100644
index 000000000..5887898b6
--- /dev/null
+++ b/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.am
@@ -0,0 +1,24 @@
+TESTS = eap_aka_3gpp_tests
+
+check_PROGRAMS = $(TESTS)
+
+eap_aka_3gpp_tests_SOURCES = \
+	tests.h tests.c \
+	suites/test_vectors.c
+
+eap_aka_3gpp_tests_CFLAGS = \
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libstrongswan/tests \
+	-I$(top_srcdir)/src/libcharon \
+	-I$(top_srcdir)/src/libsimaka \
+	-I$(top_srcdir)/src/libcharon/plugins/eap_aka_3gpp \
+	-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
+	-DPLUGINS=\""${s_plugins}\"" \
+	@COVERAGE_CFLAGS@
+
+eap_aka_3gpp_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+eap_aka_3gpp_tests_LDADD = \
+	../libeap_aka_3gpp.la \
+	$(top_builddir)/src/libcharon/libcharon.la \
+	$(top_builddir)/src/libstrongswan/tests/libtest.la \
+	$(top_builddir)/src/libstrongswan/libstrongswan.la
diff --git a/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in
new file mode 100644
index 000000000..65b86199c
--- /dev/null
+++ b/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in
@@ -0,0 +1,899 @@
+# Makefile.in generated by automake 1.15 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+TESTS = eap_aka_3gpp_tests$(EXEEXT)
+check_PROGRAMS = $(am__EXEEXT_1)
+subdir = src/libcharon/plugins/eap_aka_3gpp/tests
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+	$(top_srcdir)/m4/config/ltoptions.m4 \
+	$(top_srcdir)/m4/config/ltsugar.m4 \
+	$(top_srcdir)/m4/config/ltversion.m4 \
+	$(top_srcdir)/m4/config/lt~obsolete.m4 \
+	$(top_srcdir)/m4/macros/split-package-version.m4 \
+	$(top_srcdir)/m4/macros/with.m4 \
+	$(top_srcdir)/m4/macros/enable-disable.m4 \
+	$(top_srcdir)/m4/macros/add-plugin.m4 \
+	$(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__EXEEXT_1 = eap_aka_3gpp_tests$(EXEEXT)
+am__dirstamp = $(am__leading_dot)dirstamp
+am_eap_aka_3gpp_tests_OBJECTS = eap_aka_3gpp_tests-tests.$(OBJEXT) \
+	suites/eap_aka_3gpp_tests-test_vectors.$(OBJEXT)
+eap_aka_3gpp_tests_OBJECTS = $(am_eap_aka_3gpp_tests_OBJECTS)
+eap_aka_3gpp_tests_DEPENDENCIES = ../libeap_aka_3gpp.la \
+	$(top_builddir)/src/libcharon/libcharon.la \
+	$(top_builddir)/src/libstrongswan/tests/libtest.la \
+	$(top_builddir)/src/libstrongswan/libstrongswan.la
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 = 
+eap_aka_3gpp_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) \
+	$(eap_aka_3gpp_tests_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
+SOURCES = $(eap_aka_3gpp_tests_SOURCES)
+DIST_SOURCES = $(eap_aka_3gpp_tests_SOURCES)
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors_dummy = \
+  mgn= red= grn= lgn= blu= brg= std=; \
+  am__color_tests=no
+am__tty_colors = { \
+  $(am__tty_colors_dummy); \
+  if test "X$(AM_COLOR_TESTS)" = Xno; then \
+    am__color_tests=no; \
+  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+    am__color_tests=yes; \
+  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+    am__color_tests=yes; \
+  fi; \
+  if test $$am__color_tests = yes; then \
+    red=''; \
+    grn=''; \
+    lgn=''; \
+    blu=''; \
+    mgn=''; \
+    brg=''; \
+    std=''; \
+  fi; \
+}
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+ATOMICLIB = @ATOMICLIB@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
+GEM = @GEM@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
+PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+fuzz_plugins = @fuzz_plugins@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libfuzzer = @libfuzzer@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+p_plugins = @p_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+ruby_CFLAGS = @ruby_CFLAGS@
+ruby_LIBS = @ruby_LIBS@
+runstatedir = @runstatedir@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
+sysconfdir = @sysconfdir@
+systemd_CFLAGS = @systemd_CFLAGS@
+systemd_LIBS = @systemd_LIBS@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
+tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
+tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
+tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+eap_aka_3gpp_tests_SOURCES = \
+	tests.h tests.c \
+	suites/test_vectors.c
+
+eap_aka_3gpp_tests_CFLAGS = \
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libstrongswan/tests \
+	-I$(top_srcdir)/src/libcharon \
+	-I$(top_srcdir)/src/libsimaka \
+	-I$(top_srcdir)/src/libcharon/plugins/eap_aka_3gpp \
+	-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
+	-DPLUGINS=\""${s_plugins}\"" \
+	@COVERAGE_CFLAGS@
+
+eap_aka_3gpp_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+eap_aka_3gpp_tests_LDADD = \
+	../libeap_aka_3gpp.la \
+	$(top_builddir)/src/libcharon/libcharon.la \
+	$(top_builddir)/src/libstrongswan/tests/libtest.la \
+	$(top_builddir)/src/libstrongswan/libstrongswan.la
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp/tests/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp/tests/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+suites/$(am__dirstamp):
+	@$(MKDIR_P) suites
+	@: > suites/$(am__dirstamp)
+suites/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) suites/$(DEPDIR)
+	@: > suites/$(DEPDIR)/$(am__dirstamp)
+suites/eap_aka_3gpp_tests-test_vectors.$(OBJEXT):  \
+	suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+
+eap_aka_3gpp_tests$(EXEEXT): $(eap_aka_3gpp_tests_OBJECTS) $(eap_aka_3gpp_tests_DEPENDENCIES) $(EXTRA_eap_aka_3gpp_tests_DEPENDENCIES) 
+	@rm -f eap_aka_3gpp_tests$(EXEEXT)
+	$(AM_V_CCLD)$(eap_aka_3gpp_tests_LINK) $(eap_aka_3gpp_tests_OBJECTS) $(eap_aka_3gpp_tests_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+	-rm -f suites/*.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_aka_3gpp_tests-tests.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/eap_aka_3gpp_tests-test_vectors.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+eap_aka_3gpp_tests-tests.o: tests.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -MT eap_aka_3gpp_tests-tests.o -MD -MP -MF $(DEPDIR)/eap_aka_3gpp_tests-tests.Tpo -c -o eap_aka_3gpp_tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/eap_aka_3gpp_tests-tests.Tpo $(DEPDIR)/eap_aka_3gpp_tests-tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tests.c' object='eap_aka_3gpp_tests-tests.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -c -o eap_aka_3gpp_tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c
+
+eap_aka_3gpp_tests-tests.obj: tests.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -MT eap_aka_3gpp_tests-tests.obj -MD -MP -MF $(DEPDIR)/eap_aka_3gpp_tests-tests.Tpo -c -o eap_aka_3gpp_tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/eap_aka_3gpp_tests-tests.Tpo $(DEPDIR)/eap_aka_3gpp_tests-tests.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tests.c' object='eap_aka_3gpp_tests-tests.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -c -o eap_aka_3gpp_tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi`
+
+suites/eap_aka_3gpp_tests-test_vectors.o: suites/test_vectors.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -MT suites/eap_aka_3gpp_tests-test_vectors.o -MD -MP -MF suites/$(DEPDIR)/eap_aka_3gpp_tests-test_vectors.Tpo -c -o suites/eap_aka_3gpp_tests-test_vectors.o `test -f 'suites/test_vectors.c' || echo '$(srcdir)/'`suites/test_vectors.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/eap_aka_3gpp_tests-test_vectors.Tpo suites/$(DEPDIR)/eap_aka_3gpp_tests-test_vectors.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_vectors.c' object='suites/eap_aka_3gpp_tests-test_vectors.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -c -o suites/eap_aka_3gpp_tests-test_vectors.o `test -f 'suites/test_vectors.c' || echo '$(srcdir)/'`suites/test_vectors.c
+
+suites/eap_aka_3gpp_tests-test_vectors.obj: suites/test_vectors.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -MT suites/eap_aka_3gpp_tests-test_vectors.obj -MD -MP -MF suites/$(DEPDIR)/eap_aka_3gpp_tests-test_vectors.Tpo -c -o suites/eap_aka_3gpp_tests-test_vectors.obj `if test -f 'suites/test_vectors.c'; then $(CYGPATH_W) 'suites/test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_vectors.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/eap_aka_3gpp_tests-test_vectors.Tpo suites/$(DEPDIR)/eap_aka_3gpp_tests-test_vectors.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_vectors.c' object='suites/eap_aka_3gpp_tests-test_vectors.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(eap_aka_3gpp_tests_CFLAGS) $(CFLAGS) -c -o suites/eap_aka_3gpp_tests-test_vectors.obj `if test -f 'suites/test_vectors.c'; then $(CYGPATH_W) 'suites/test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_vectors.c'; fi`
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
+	here=`pwd`; \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+	@failed=0; all=0; xfail=0; xpass=0; skip=0; \
+	srcdir=$(srcdir); export srcdir; \
+	list=' $(TESTS) '; \
+	$(am__tty_colors); \
+	if test -n "$$list"; then \
+	  for tst in $$list; do \
+	    if test -f ./$$tst; then dir=./; \
+	    elif test -f $$tst; then dir=; \
+	    else dir="$(srcdir)/"; fi; \
+	    if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \
+	      all=`expr $$all + 1`; \
+	      case " $(XFAIL_TESTS) " in \
+	      *[\ \	]$$tst[\ \	]*) \
+		xpass=`expr $$xpass + 1`; \
+		failed=`expr $$failed + 1`; \
+		col=$$red; res=XPASS; \
+	      ;; \
+	      *) \
+		col=$$grn; res=PASS; \
+	      ;; \
+	      esac; \
+	    elif test $$? -ne 77; then \
+	      all=`expr $$all + 1`; \
+	      case " $(XFAIL_TESTS) " in \
+	      *[\ \	]$$tst[\ \	]*) \
+		xfail=`expr $$xfail + 1`; \
+		col=$$lgn; res=XFAIL; \
+	      ;; \
+	      *) \
+		failed=`expr $$failed + 1`; \
+		col=$$red; res=FAIL; \
+	      ;; \
+	      esac; \
+	    else \
+	      skip=`expr $$skip + 1`; \
+	      col=$$blu; res=SKIP; \
+	    fi; \
+	    echo "$${col}$$res$${std}: $$tst"; \
+	  done; \
+	  if test "$$all" -eq 1; then \
+	    tests="test"; \
+	    All=""; \
+	  else \
+	    tests="tests"; \
+	    All="All "; \
+	  fi; \
+	  if test "$$failed" -eq 0; then \
+	    if test "$$xfail" -eq 0; then \
+	      banner="$$All$$all $$tests passed"; \
+	    else \
+	      if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+	      banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+	    fi; \
+	  else \
+	    if test "$$xpass" -eq 0; then \
+	      banner="$$failed of $$all $$tests failed"; \
+	    else \
+	      if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+	      banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+	    fi; \
+	  fi; \
+	  dashes="$$banner"; \
+	  skipped=""; \
+	  if test "$$skip" -ne 0; then \
+	    if test "$$skip" -eq 1; then \
+	      skipped="($$skip test was not run)"; \
+	    else \
+	      skipped="($$skip tests were not run)"; \
+	    fi; \
+	    test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+	      dashes="$$skipped"; \
+	  fi; \
+	  report=""; \
+	  if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+	    report="Please report to $(PACKAGE_BUGREPORT)"; \
+	    test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+	      dashes="$$report"; \
+	  fi; \
+	  dashes=`echo "$$dashes" | sed s/./=/g`; \
+	  if test "$$failed" -eq 0; then \
+	    col="$$grn"; \
+	  else \
+	    col="$$red"; \
+	  fi; \
+	  echo "$${col}$$dashes$${std}"; \
+	  echo "$${col}$$banner$${std}"; \
+	  test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \
+	  test -z "$$report" || echo "$${col}$$report$${std}"; \
+	  echo "$${col}$$dashes$${std}"; \
+	  test "$$failed" -eq 0; \
+	else :; fi
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-rm -f suites/$(DEPDIR)/$(am__dirstamp)
+	-rm -f suites/$(am__dirstamp)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR) suites/$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR) suites/$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
+	clean-checkPROGRAMS clean-generic clean-libtool cscopelist-am \
+	ctags ctags-am distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags tags-am uninstall uninstall-am
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/eap_aka_3gpp/tests/suites/test_vectors.c b/src/libcharon/plugins/eap_aka_3gpp/tests/suites/test_vectors.c
new file mode 100644
index 000000000..681e99a6b
--- /dev/null
+++ b/src/libcharon/plugins/eap_aka_3gpp/tests/suites/test_vectors.c
@@ -0,0 +1,210 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <test_suite.h>
+
+#include "../eap_aka_3gpp_functions.h"
+
+static eap_aka_3gpp_functions_t *functions;
+
+START_SETUP(functions_setup)
+{
+	functions = eap_aka_3gpp_functions_create();
+	ck_assert(functions);
+}
+END_SETUP
+
+START_TEARDOWN(functions_teardown)
+{
+	functions->destroy(functions);
+}
+END_TEARDOWN
+
+/**
+ * Test vectors from 3GPP TS 35.207
+ */
+static struct {
+	uint8_t k[AKA_K_LEN];
+	uint8_t rand[AKA_RAND_LEN];
+	uint8_t sqn[AKA_SQN_LEN];
+	uint8_t amf[AKA_AMF_LEN];
+	uint8_t opc[AKA_OPC_LEN];
+	uint8_t f1[AKA_MAC_LEN];
+	uint8_t f1star[AKA_MAC_LEN];
+	uint8_t f2[AKA_RES_LEN];
+	uint8_t f3[AKA_CK_LEN];
+	uint8_t f4[AKA_IK_LEN];
+	uint8_t f5[AKA_AK_LEN];
+	uint8_t f5star[AKA_AK_LEN];
+} test_data[] = {
+	{
+		.k = {0x46,0x5b,0x5c,0xe8,0xb1,0x99,0xb4,0x9f,0xaa,0x5f,0x0a,0x2e,0xe2,0x38,0xa6,0xbc},
+		.rand = {0x23,0x55,0x3c,0xbe,0x96,0x37,0xa8,0x9d,0x21,0x8a,0xe6,0x4d,0xae,0x47,0xbf,0x35},
+		.sqn = {0xff,0x9b,0xb4,0xd0,0xb6,0x07},
+		.amf = {0xb9,0xb9},
+		.opc = {0xcd,0x63,0xcb,0x71,0x95,0x4a,0x9f,0x4e,0x48,0xa5,0x99,0x4e,0x37,0xa0,0x2b,0xaf},
+		.f1 = {0x4a,0x9f,0xfa,0xc3,0x54,0xdf,0xaf,0xb3},
+		.f1star = {0x01,0xcf,0xaf,0x9e,0xc4,0xe8,0x71,0xe9},
+		.f2 = {0xa5,0x42,0x11,0xd5,0xe3,0xba,0x50,0xbf},
+		.f3 = {0xb4,0x0b,0xa9,0xa3,0xc5,0x8b,0x2a,0x05,0xbb,0xf0,0xd9,0x87,0xb2,0x1b,0xf8,0xcb},
+		.f4 = {0xf7,0x69,0xbc,0xd7,0x51,0x04,0x46,0x04,0x12,0x76,0x72,0x71,0x1c,0x6d,0x34,0x41},
+		.f5 = {0xaa,0x68,0x9c,0x64,0x83,0x70},
+		.f5star = {0x45,0x1e,0x8b,0xec,0xa4,0x3b},
+	},
+	{
+		.k = {0x03,0x96,0xeb,0x31,0x7b,0x6d,0x1c,0x36,0xf1,0x9c,0x1c,0x84,0xcd,0x6f,0xfd,0x16},
+		.rand = {0xc0,0x0d,0x60,0x31,0x03,0xdc,0xee,0x52,0xc4,0x47,0x81,0x19,0x49,0x42,0x02,0xe8},
+		.sqn = {0xfd,0x8e,0xef,0x40,0xdf,0x7d},
+		.amf = {0xaf,0x17},
+		.opc = {0x53,0xc1,0x56,0x71,0xc6,0x0a,0x4b,0x73,0x1c,0x55,0xb4,0xa4,0x41,0xc0,0xbd,0xe2},
+		.f1 = {0x5d,0xf5,0xb3,0x18,0x07,0xe2,0x58,0xb0},
+		.f1star = {0xa8,0xc0,0x16,0xe5,0x1e,0xf4,0xa3,0x43},
+		.f2 = {0xd3,0xa6,0x28,0xed,0x98,0x86,0x20,0xf0},
+		.f3 = {0x58,0xc4,0x33,0xff,0x7a,0x70,0x82,0xac,0xd4,0x24,0x22,0x0f,0x2b,0x67,0xc5,0x56},
+		.f4 = {0x21,0xa8,0xc1,0xf9,0x29,0x70,0x2a,0xdb,0x3e,0x73,0x84,0x88,0xb9,0xf5,0xc5,0xda},
+		.f5 = {0xc4,0x77,0x83,0x99,0x5f,0x72},
+		.f5star = {0x30,0xf1,0x19,0x70,0x61,0xc1},
+	},
+	{
+		.k = {0xfe,0xc8,0x6b,0xa6,0xeb,0x70,0x7e,0xd0,0x89,0x05,0x75,0x7b,0x1b,0xb4,0x4b,0x8f},
+		.rand = {0x9f,0x7c,0x8d,0x02,0x1a,0xcc,0xf4,0xdb,0x21,0x3c,0xcf,0xf0,0xc7,0xf7,0x1a,0x6a},
+		.sqn = {0x9d,0x02,0x77,0x59,0x5f,0xfc},
+		.amf = {0x72,0x5c},
+		.opc = {0x10,0x06,0x02,0x0f,0x0a,0x47,0x8b,0xf6,0xb6,0x99,0xf1,0x5c,0x06,0x2e,0x42,0xb3},
+		.f1 = {0x9c,0xab,0xc3,0xe9,0x9b,0xaf,0x72,0x81},
+		.f1star = {0x95,0x81,0x4b,0xa2,0xb3,0x04,0x43,0x24},
+		.f2 = {0x80,0x11,0xc4,0x8c,0x0c,0x21,0x4e,0xd2},
+		.f3 = {0x5d,0xbd,0xbb,0x29,0x54,0xe8,0xf3,0xcd,0xe6,0x65,0xb0,0x46,0x17,0x9a,0x50,0x98},
+		.f4 = {0x59,0xa9,0x2d,0x3b,0x47,0x6a,0x04,0x43,0x48,0x70,0x55,0xcf,0x88,0xb2,0x30,0x7b},
+		.f5 = {0x33,0x48,0x4d,0xc2,0x13,0x6b},
+		.f5star = {0xde,0xac,0xdd,0x84,0x8c,0xc6},
+	},
+	{
+		.k = {0x9e,0x59,0x44,0xae,0xa9,0x4b,0x81,0x16,0x5c,0x82,0xfb,0xf9,0xf3,0x2d,0xb7,0x51},
+		.rand = {0xce,0x83,0xdb,0xc5,0x4a,0xc0,0x27,0x4a,0x15,0x7c,0x17,0xf8,0x0d,0x01,0x7b,0xd6},
+		.sqn = {0x0b,0x60,0x4a,0x81,0xec,0xa8},
+		.amf = {0x9e,0x09},
+		.opc = {0xa6,0x4a,0x50,0x7a,0xe1,0xa2,0xa9,0x8b,0xb8,0x8e,0xb4,0x21,0x01,0x35,0xdc,0x87},
+		.f1 = {0x74,0xa5,0x82,0x20,0xcb,0xa8,0x4c,0x49},
+		.f1star = {0xac,0x2c,0xc7,0x4a,0x96,0x87,0x18,0x37},
+		.f2 = {0xf3,0x65,0xcd,0x68,0x3c,0xd9,0x2e,0x96},
+		.f3 = {0xe2,0x03,0xed,0xb3,0x97,0x15,0x74,0xf5,0xa9,0x4b,0x0d,0x61,0xb8,0x16,0x34,0x5d},
+		.f4 = {0x0c,0x45,0x24,0xad,0xea,0xc0,0x41,0xc4,0xdd,0x83,0x0d,0x20,0x85,0x4f,0xc4,0x6b},
+		.f5 = {0xf0,0xb9,0xc0,0x8a,0xd0,0x2e},
+		.f5star = {0x60,0x85,0xa8,0x6c,0x6f,0x63},
+	},
+	{
+		.k = {0x4a,0xb1,0xde,0xb0,0x5c,0xa6,0xce,0xb0,0x51,0xfc,0x98,0xe7,0x7d,0x02,0x6a,0x84},
+		.rand = {0x74,0xb0,0xcd,0x60,0x31,0xa1,0xc8,0x33,0x9b,0x2b,0x6c,0xe2,0xb8,0xc4,0xa1,0x86},
+		.sqn = {0xe8,0x80,0xa1,0xb5,0x80,0xb6},
+		.amf = {0x9f,0x07},
+		.opc = {0xdc,0xf0,0x7c,0xbd,0x51,0x85,0x52,0x90,0xb9,0x2a,0x07,0xa9,0x89,0x1e,0x52,0x3e},
+		.f1 = {0x49,0xe7,0x85,0xdd,0x12,0x62,0x6e,0xf2},
+		.f1star = {0x9e,0x85,0x79,0x03,0x36,0xbb,0x3f,0xa2},
+		.f2 = {0x58,0x60,0xfc,0x1b,0xce,0x35,0x1e,0x7e},
+		.f3 = {0x76,0x57,0x76,0x6b,0x37,0x3d,0x1c,0x21,0x38,0xf3,0x07,0xe3,0xde,0x92,0x42,0xf9},
+		.f4 = {0x1c,0x42,0xe9,0x60,0xd8,0x9b,0x8f,0xa9,0x9f,0x27,0x44,0xe0,0x70,0x8c,0xcb,0x53},
+		.f5 = {0x31,0xe1,0x1a,0x60,0x91,0x18},
+		.f5star = {0xfe,0x25,0x55,0xe5,0x4a,0xa9},
+	},
+	{
+		.k = {0x6c,0x38,0xa1,0x16,0xac,0x28,0x0c,0x45,0x4f,0x59,0x33,0x2e,0xe3,0x5c,0x8c,0x4f},
+		.rand = {0xee,0x64,0x66,0xbc,0x96,0x20,0x2c,0x5a,0x55,0x7a,0xbb,0xef,0xf8,0xba,0xbf,0x63},
+		.sqn = {0x41,0x4b,0x98,0x22,0x21,0x81},
+		.amf = {0x44,0x64},
+		.opc = {0x38,0x03,0xef,0x53,0x63,0xb9,0x47,0xc6,0xaa,0xa2,0x25,0xe5,0x8f,0xae,0x39,0x34},
+		.f1 = {0x07,0x8a,0xdf,0xb4,0x88,0x24,0x1a,0x57},
+		.f1star = {0x80,0x24,0x6b,0x8d,0x01,0x86,0xbc,0xf1},
+		.f2 = {0x16,0xc8,0x23,0x3f,0x05,0xa0,0xac,0x28},
+		.f3 = {0x3f,0x8c,0x75,0x87,0xfe,0x8e,0x4b,0x23,0x3a,0xf6,0x76,0xae,0xde,0x30,0xba,0x3b},
+		.f4 = {0xa7,0x46,0x6c,0xc1,0xe6,0xb2,0xa1,0x33,0x7d,0x49,0xd3,0xb6,0x6e,0x95,0xd7,0xb4},
+		.f5 = {0x45,0xb0,0xf6,0x9a,0xb0,0x6c},
+		.f5star = {0x1f,0x53,0xcd,0x2b,0x11,0x13},
+	},
+};
+
+START_TEST(test_f1)
+{
+	uint8_t mac[AKA_MAC_LEN];
+
+	ck_assert(functions->f1(functions, test_data[_i].k, test_data[_i].opc,
+							test_data[_i].rand, test_data[_i].sqn,
+							test_data[_i].amf, mac));
+	ck_assert(memeq(test_data[_i].f1, mac, sizeof(mac)));
+}
+END_TEST
+
+START_TEST(test_f1star)
+{
+	uint8_t mac[AKA_MAC_LEN];
+
+	ck_assert(functions->f1star(functions, test_data[_i].k,
+							test_data[_i].opc, test_data[_i].rand,
+							test_data[_i].sqn, test_data[_i].amf, mac));
+	ck_assert(memeq(test_data[_i].f1star, mac, sizeof(mac)));
+}
+END_TEST
+
+START_TEST(test_f2345)
+{
+	uint8_t res[AKA_RES_LEN], ck[AKA_CK_LEN], ik[AKA_IK_LEN], ak[AKA_AK_LEN];
+
+	ck_assert(functions->f2345(functions, test_data[_i].k,
+							test_data[_i].opc, test_data[_i].rand,
+							res, ck, ik, ak));
+
+	ck_assert(memeq(test_data[_i].f2, res, sizeof(res)));
+	ck_assert(memeq(test_data[_i].f3, ck, sizeof(ck)));
+	ck_assert(memeq(test_data[_i].f4, ik, sizeof(ik)));
+	ck_assert(memeq(test_data[_i].f5, ak, sizeof(ak)));
+}
+END_TEST
+
+START_TEST(test_f5star)
+{
+	uint8_t ak[AKA_AK_LEN];
+
+	ck_assert(functions->f5star(functions, test_data[_i].k,
+							test_data[_i].opc, test_data[_i].rand, ak));
+
+	ck_assert(memeq(test_data[_i].f5star, ak, sizeof(ak)));
+}
+END_TEST
+
+Suite *test_vectors_suite_create()
+{
+	Suite *s;
+	TCase *tc;
+
+	s = suite_create("eap-aka-3gpp");
+
+	tc = tcase_create("f1, f1*");
+	tcase_add_checked_fixture(tc, functions_setup, functions_teardown);
+	tcase_add_loop_test(tc, test_f1, 0, countof(test_data));
+	tcase_add_loop_test(tc, test_f1star, 0, countof(test_data));
+	suite_add_tcase(s, tc);
+
+	tc = tcase_create("f2, f3, f4 and f5");
+	tcase_add_checked_fixture(tc, functions_setup, functions_teardown);
+	tcase_add_loop_test(tc, test_f2345, 0, countof(test_data));
+	suite_add_tcase(s, tc);
+
+	tc = tcase_create("f5*");
+	tcase_add_checked_fixture(tc, functions_setup, functions_teardown);
+	tcase_add_loop_test(tc, test_f5star, 0, countof(test_data));
+	suite_add_tcase(s, tc);
+
+	return s;
+}
diff --git a/src/libcharon/plugins/eap_aka_3gpp/tests/tests.c b/src/libcharon/plugins/eap_aka_3gpp/tests/tests.c
new file mode 100644
index 000000000..17a2c0771
--- /dev/null
+++ b/src/libcharon/plugins/eap_aka_3gpp/tests/tests.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <test_runner.h>
+
+/* declare test suite constructors */
+#define TEST_SUITE(x) test_suite_t* x();
+#define TEST_SUITE_DEPEND(x, ...) TEST_SUITE(x)
+#include "tests.h"
+#undef TEST_SUITE
+#undef TEST_SUITE_DEPEND
+
+static test_configuration_t tests[] = {
+#define TEST_SUITE(x) \
+	{ .suite = x, },
+#define TEST_SUITE_DEPEND(x, type, ...) \
+	{ .suite = x, .feature = PLUGIN_DEPENDS(type, __VA_ARGS__) },
+#include "tests.h"
+	{ .suite = NULL, }
+};
+
+static bool test_runner_init(bool init)
+{
+	if (init)
+	{
+		char *plugins, *plugindir;
+
+		plugins = getenv("TESTS_PLUGINS") ?:
+					lib->settings->get_str(lib->settings,
+										"tests.load", PLUGINS);
+		plugindir = lib->settings->get_str(lib->settings,
+										"tests.plugindir", PLUGINDIR);
+		plugin_loader_add_plugindirs(plugindir, plugins);
+		if (!lib->plugins->load(lib->plugins, plugins))
+		{
+			return FALSE;
+		}
+	}
+	else
+	{
+		lib->processor->set_threads(lib->processor, 0);
+		lib->processor->cancel(lib->processor);
+		lib->plugins->unload(lib->plugins);
+	}
+	return TRUE;
+}
+
+int main(int argc, char *argv[])
+{
+	return test_runner_run("eap-aka-3gpp", tests, test_runner_init);
+}
diff --git a/src/libcharon/plugins/eap_aka_3gpp/tests/tests.h b/src/libcharon/plugins/eap_aka_3gpp/tests/tests.h
new file mode 100644
index 000000000..858571121
--- /dev/null
+++ b/src/libcharon/plugins/eap_aka_3gpp/tests/tests.h
@@ -0,0 +1,16 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+TEST_SUITE_DEPEND(test_vectors_suite_create, CRYPTER, ENCR_AES_CBC, 16)
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
index e38ee5b70..08f1e35cf 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h
index eb6b1f75f..b0ef5a6e9 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c
index cfe6407b0..a9371a095 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h
index 2706da349..ce7ec3b4c 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c
index 3f9db71c6..d12a61d58 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h
index 2ac450a7d..3a845ab2c 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
index f272e1ec8..478ae48f5 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h
index 0e1af8554..6b7d5a9f0 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
index 204fb317d..32d21982b 100644
--- a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
+++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic.h b/src/libcharon/plugins/eap_dynamic/eap_dynamic.h
index 35db4fa26..c8be21288 100644
--- a/src/libcharon/plugins/eap_dynamic/eap_dynamic.h
+++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.c b/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.c
index d6f38b666..5812929fd 100644
--- a/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.c
+++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.h b/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.h
index 9b124d8d2..30330c869 100644
--- a/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.h
+++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c
index 6f5c38edd..3434ef17b 100644
--- a/src/libcharon/plugins/eap_gtc/eap_gtc.c
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2007-2012 Martin Willi
  * Copyright (C) 2012 revosec AG
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.h b/src/libcharon/plugins/eap_gtc/eap_gtc.h
index 4dac53cfb..19d2ed917 100644
--- a/src/libcharon/plugins/eap_gtc/eap_gtc.h
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c
index d579eaa5a..c3122148e 100644
--- a/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h
index 9c4052a6d..5c25bba9b 100644
--- a/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_identity/eap_identity.c b/src/libcharon/plugins/eap_identity/eap_identity.c
index 7d6dc4add..598956130 100644
--- a/src/libcharon/plugins/eap_identity/eap_identity.c
+++ b/src/libcharon/plugins/eap_identity/eap_identity.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_identity/eap_identity.h b/src/libcharon/plugins/eap_identity/eap_identity.h
index 4e7f6fd9d..82d70b511 100644
--- a/src/libcharon/plugins/eap_identity/eap_identity.h
+++ b/src/libcharon/plugins/eap_identity/eap_identity.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_identity/eap_identity_plugin.c b/src/libcharon/plugins/eap_identity/eap_identity_plugin.c
index b09e51568..828a06b65 100644
--- a/src/libcharon/plugins/eap_identity/eap_identity_plugin.c
+++ b/src/libcharon/plugins/eap_identity/eap_identity_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_identity/eap_identity_plugin.h b/src/libcharon/plugins/eap_identity/eap_identity_plugin.h
index 274156a1b..bbf743518 100644
--- a/src/libcharon/plugins/eap_identity/eap_identity_plugin.h
+++ b/src/libcharon/plugins/eap_identity/eap_identity_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c
index 2cb0db466..ab5f7ff6a 100644
--- a/src/libcharon/plugins/eap_md5/eap_md5.c
+++ b/src/libcharon/plugins/eap_md5/eap_md5.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_md5/eap_md5.h b/src/libcharon/plugins/eap_md5/eap_md5.h
index 5396535e1..a5e3544d8 100644
--- a/src/libcharon/plugins/eap_md5/eap_md5.h
+++ b/src/libcharon/plugins/eap_md5/eap_md5.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_md5/eap_md5_plugin.c b/src/libcharon/plugins/eap_md5/eap_md5_plugin.c
index d045e02bf..9239d9c1d 100644
--- a/src/libcharon/plugins/eap_md5/eap_md5_plugin.c
+++ b/src/libcharon/plugins/eap_md5/eap_md5_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_md5/eap_md5_plugin.h b/src/libcharon/plugins/eap_md5/eap_md5_plugin.h
index e5e1a6e94..166cca31b 100644
--- a/src/libcharon/plugins/eap_md5/eap_md5_plugin.h
+++ b/src/libcharon/plugins/eap_md5/eap_md5_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
index 12f61f7f8..f864037a1 100644
--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009-2015 Tobias Brunner
  * Copyright (C) 2010 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h
index 0e7abc397..715fd5e84 100644
--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c
index 6fd96708a..627c20e46 100644
--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h
index f250a9d47..6e7a610ab 100644
--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_peap/eap_peap.c b/src/libcharon/plugins/eap_peap/eap_peap.c
index 4778a0977..073af8dc0 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap.c
@@ -1,6 +1,9 @@
 /*
- * Copyright (C) 2010 Martin Willi, revosec AG
- * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_peap/eap_peap.h b/src/libcharon/plugins/eap_peap/eap_peap.h
index 2756ad3e6..f8131b4bd 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap.h
+++ b/src/libcharon/plugins/eap_peap/eap_peap.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Andreas Steffen
- * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_avp.c b/src/libcharon/plugins/eap_peap/eap_peap_avp.c
index d5ce5fbc1..4318c166e 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_avp.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_avp.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Andreas Steffen
- * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_avp.h b/src/libcharon/plugins/eap_peap/eap_peap_avp.h
index cc5930b62..622a35adc 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_avp.h
+++ b/src/libcharon/plugins/eap_peap/eap_peap_avp.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Andreas Steffen
- * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.c b/src/libcharon/plugins/eap_peap/eap_peap_peer.c
index 2668ac432..41d13b646 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_peer.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Andreas Steffen
- * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.h b/src/libcharon/plugins/eap_peap/eap_peap_peer.h
index 196d4e2c4..4eda660b1 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_peer.h
+++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Andreas Steffen
- * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_plugin.c b/src/libcharon/plugins/eap_peap/eap_peap_plugin.c
index e8deee9e1..523eeeeee 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_plugin.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Andreas Steffen
- * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_plugin.h b/src/libcharon/plugins/eap_peap/eap_peap_plugin.h
index 0c3c571ef..bbfafaffd 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_plugin.h
+++ b/src/libcharon/plugins/eap_peap/eap_peap_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Andreas Steffen
- * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c
index d51d0d090..e5c7becf9 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_server.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Andreas Steffen
- * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.h b/src/libcharon/plugins/eap_peap/eap_peap_server.h
index 4585a622a..12c5b78f4 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_server.h
+++ b/src/libcharon/plugins/eap_peap/eap_peap_server.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Andreas Steffen
- * Copyright (C) 2011 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.h b/src/libcharon/plugins/eap_radius/eap_radius.h
index ce583ac44..0f0078e71 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_forward.h b/src/libcharon/plugins/eap_radius/eap_radius_forward.h
index 2c1dbf7a8..fc50d0d1a 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_forward.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius_forward.h
@@ -58,7 +58,7 @@ void eap_radius_forward_from_ike(radius_message_t *request);
 /**
  * Forward RADIUS attributes from a RADIUS response to IKE notifies.
  *
- * @param response		RADIUS respose to read notifies from
+ * @param response		RADIUS response to read notifies from
  */
 void eap_radius_forward_to_ike(radius_message_t *response);
 
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
index 4fe982849..947681768 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.h b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h
index 80fa209d6..86c23992f 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -34,7 +34,7 @@ typedef struct eap_radius_plugin_t eap_radius_plugin_t;
 /**
  * EAP RADIUS proxy plugin.
  *
- * This plugin provides not a single EAP method, but a proxy to forwared
+ * This plugin provides not a single EAP method, but a proxy to forward
  * EAP packets to a RADIUS server. It only provides server implementations.
  */
 struct eap_radius_plugin_t {
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_peer.c b/src/libcharon/plugins/eap_sim/eap_sim_peer.c
index 37f8a879e..cff8de217 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_peer.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_peer.h b/src/libcharon/plugins/eap_sim/eap_sim_peer.h
index 38315b75a..e6c9f72cb 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_peer.h
+++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_plugin.c b/src/libcharon/plugins/eap_sim/eap_sim_plugin.c
index 5bc0af6bd..ceddc6fe2 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_plugin.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_plugin.h b/src/libcharon/plugins/eap_sim/eap_sim_plugin.h
index 0c71ca548..1a67290f0 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_plugin.h
+++ b/src/libcharon/plugins/eap_sim/eap_sim_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c
index 3b413cfc6..e463512ff 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_server.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.h b/src/libcharon/plugins/eap_sim/eap_sim_server.h
index 84408c43c..457ea526f 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_server.h
+++ b/src/libcharon/plugins/eap_sim/eap_sim_server.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c
index 0a6aec083..70a4275ce 100644
--- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h
index 45b0e51db..9004e328e 100644
--- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c
index eae76729c..684b49bf2 100644
--- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h
index f5083c72f..df93d1e68 100644
--- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c
index 4ca1eb93f..3fb722633 100644
--- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h
index 577345dbf..91331cbc4 100644
--- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c
index 03a60cfb1..1901f3a40 100644
--- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h
index 3fa0ea381..c5b649ac6 100644
--- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h
index 6c73a8cb9..d9adb9c25 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c
index e2cc0e84f..069645f79 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h
index 1992b2482..016fbe5b4 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c
index 3c63e82a9..17cb43d0c 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h
index 2dea516c3..4bd00b297 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c
index 153ec0f0d..0e3713336 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h
index 683de7559..8c6413bc3 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c
index ab3ab2f4d..409f0c9ee 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h
index 80c8a1037..a0392831f 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c
index 543b5579b..dd33de96f 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h
index bc6376d53..c95474e71 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.h b/src/libcharon/plugins/eap_tnc/eap_tnc.h
index d7ea9f4bb..b4c5dccff 100644
--- a/src/libcharon/plugins/eap_tnc/eap_tnc.h
+++ b/src/libcharon/plugins/eap_tnc/eap_tnc.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010-2012 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c b/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c
index d0f79fa43..8d2f24be9 100644
--- a/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c
+++ b/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h b/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h
index 97298eb5c..231188ff1 100644
--- a/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h
+++ b/src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c
index 9987c43d4..97dbe1890 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c
@@ -1,6 +1,9 @@
 /*
- * Copyright (C) 2010 Martin Willi, revosec AG
- * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.h b/src/libcharon/plugins/eap_ttls/eap_ttls.h
index 84b1a2d19..3d1de3639 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls.h
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Andreas Steffen
- * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c
index f75e3e0a6..d228012b9 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Andreas Steffen
- * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.h b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.h
index e56d92fc2..3a7f8597e 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.h
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Andreas Steffen
- * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
index be6a0812e..e06f5577f 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Andreas Steffen
- * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.h b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.h
index 31fc0d9db..88819d960 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.h
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Andreas Steffen
- * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c b/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c
index 7ccbc9381..cfcb76fa7 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Andreas Steffen
- * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h b/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h
index ca84ad7bb..379d08ef1 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Andreas Steffen
- * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_server.h b/src/libcharon/plugins/eap_ttls/eap_ttls_server.h
index a66a813ec..aa35ed8ed 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_server.h
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_server.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Andreas Steffen
- * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/forecast/forecast_listener.c b/src/libcharon/plugins/forecast/forecast_listener.c
index 4585731de..b928cad35 100644
--- a/src/libcharon/plugins/forecast/forecast_listener.c
+++ b/src/libcharon/plugins/forecast/forecast_listener.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010-2014 Martin Willi
  * Copyright (C) 2010-2014 revosec AG
diff --git a/src/libcharon/plugins/ha/ha_child.c b/src/libcharon/plugins/ha/ha_child.c
index 8c9f66aa7..47a26592a 100644
--- a/src/libcharon/plugins/ha/ha_child.c
+++ b/src/libcharon/plugins/ha/ha_child.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_child.h b/src/libcharon/plugins/ha/ha_child.h
index 56cd769ba..9ee1af38f 100644
--- a/src/libcharon/plugins/ha/ha_child.h
+++ b/src/libcharon/plugins/ha/ha_child.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_ctl.c b/src/libcharon/plugins/ha/ha_ctl.c
index 54302e852..2bb6073bc 100644
--- a/src/libcharon/plugins/ha/ha_ctl.c
+++ b/src/libcharon/plugins/ha/ha_ctl.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_ctl.h b/src/libcharon/plugins/ha/ha_ctl.h
index 1e717832a..af69865d1 100644
--- a/src/libcharon/plugins/ha/ha_ctl.h
+++ b/src/libcharon/plugins/ha/ha_ctl.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
index 7d22257c6..4e3803892 100644
--- a/src/libcharon/plugins/ha/ha_dispatcher.c
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.h b/src/libcharon/plugins/ha/ha_dispatcher.h
index 105a40473..60d71a825 100644
--- a/src/libcharon/plugins/ha/ha_dispatcher.h
+++ b/src/libcharon/plugins/ha/ha_dispatcher.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c
index fb8d22915..2854ab76d 100644
--- a/src/libcharon/plugins/ha/ha_ike.c
+++ b/src/libcharon/plugins/ha/ha_ike.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_ike.h b/src/libcharon/plugins/ha/ha_ike.h
index b22cd6250..7f500414f 100644
--- a/src/libcharon/plugins/ha/ha_ike.h
+++ b/src/libcharon/plugins/ha/ha_ike.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_kernel.c b/src/libcharon/plugins/ha/ha_kernel.c
index 061741eb7..7fdcfef28 100644
--- a/src/libcharon/plugins/ha/ha_kernel.c
+++ b/src/libcharon/plugins/ha/ha_kernel.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009-2011 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_kernel.h b/src/libcharon/plugins/ha/ha_kernel.h
index bd0a3825b..269a871db 100644
--- a/src/libcharon/plugins/ha/ha_kernel.h
+++ b/src/libcharon/plugins/ha/ha_kernel.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_message.c b/src/libcharon/plugins/ha/ha_message.c
index 5f73b7156..7891b1654 100644
--- a/src/libcharon/plugins/ha/ha_message.c
+++ b/src/libcharon/plugins/ha/ha_message.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -320,7 +320,7 @@ METHOD(ha_message_t, add_attribute, void,
  * Attribute enumerator implementation
  */
 typedef struct {
-	/** implementes enumerator_t */
+	/** implements enumerator_t */
 	enumerator_t public;
 	/** position in message */
 	chunk_t buf;
diff --git a/src/libcharon/plugins/ha/ha_message.h b/src/libcharon/plugins/ha/ha_message.h
index 630c8af8f..3e43dc8dc 100644
--- a/src/libcharon/plugins/ha/ha_message.h
+++ b/src/libcharon/plugins/ha/ha_message.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_plugin.c b/src/libcharon/plugins/ha/ha_plugin.c
index 037b69bac..986e611ab 100644
--- a/src/libcharon/plugins/ha/ha_plugin.c
+++ b/src/libcharon/plugins/ha/ha_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_plugin.h b/src/libcharon/plugins/ha/ha_plugin.h
index d4d746f91..98a1440f4 100644
--- a/src/libcharon/plugins/ha/ha_plugin.h
+++ b/src/libcharon/plugins/ha/ha_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_segments.c b/src/libcharon/plugins/ha/ha_segments.c
index fc7d7a8b4..0a407f9ef 100644
--- a/src/libcharon/plugins/ha/ha_segments.c
+++ b/src/libcharon/plugins/ha/ha_segments.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_segments.h b/src/libcharon/plugins/ha/ha_segments.h
index 31d47e371..10d5812c6 100644
--- a/src/libcharon/plugins/ha/ha_segments.h
+++ b/src/libcharon/plugins/ha/ha_segments.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_socket.h b/src/libcharon/plugins/ha/ha_socket.h
index a4789a51d..96547a563 100644
--- a/src/libcharon/plugins/ha/ha_socket.h
+++ b/src/libcharon/plugins/ha/ha_socket.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c
index 1a6108ed9..cfa896e93 100644
--- a/src/libcharon/plugins/ha/ha_tunnel.c
+++ b/src/libcharon/plugins/ha/ha_tunnel.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -20,6 +20,8 @@
 #include <utils/identification.h>
 #include <processing/jobs/callback_job.h>
 
+#define HA_CFG_NAME "ha"
+
 typedef struct private_ha_tunnel_t private_ha_tunnel_t;
 typedef struct ha_backend_t ha_backend_t;
 typedef struct ha_creds_t ha_creds_t;
@@ -225,7 +227,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
 							 remote, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
 	ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
 	ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
-	peer_cfg = peer_cfg_create("ha", ike_cfg, &peer);
+	peer_cfg = peer_cfg_create(HA_CFG_NAME, ike_cfg, &peer);
 
 	auth_cfg = auth_cfg_create();
 	auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
@@ -239,7 +241,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
 				  identification_create_from_string(remote));
 	peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE);
 
-	child_cfg = child_cfg_create("ha", &child);
+	child_cfg = child_cfg_create(HA_CFG_NAME, &child);
 	ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
 	child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
 	ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
@@ -260,7 +262,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
 	charon->backends->add_backend(charon->backends, &this->backend.public);
 
 	/* install an acquiring trap */
-	this->trap = charon->traps->install(charon->traps, peer_cfg, child_cfg, 0);
+	charon->traps->install(charon->traps, peer_cfg, child_cfg);
 }
 
 METHOD(ha_tunnel_t, destroy, void,
@@ -278,10 +280,7 @@ METHOD(ha_tunnel_t, destroy, void,
 	}
 	this->creds.local->destroy(this->creds.local);
 	this->creds.remote->destroy(this->creds.remote);
-	if (this->trap)
-	{
-		charon->traps->uninstall(charon->traps, this->trap);
-	}
+	charon->traps->uninstall(charon->traps, HA_CFG_NAME, HA_CFG_NAME);
 	free(this);
 }
 
diff --git a/src/libcharon/plugins/ha/ha_tunnel.h b/src/libcharon/plugins/ha/ha_tunnel.h
index 549e33055..ded15f107 100644
--- a/src/libcharon/plugins/ha/ha_tunnel.h
+++ b/src/libcharon/plugins/ha/ha_tunnel.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ipseckey/ipseckey.c b/src/libcharon/plugins/ipseckey/ipseckey.c
index 5ca1e27bc..9f85e036d 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ipseckey/ipseckey.h b/src/libcharon/plugins/ipseckey/ipseckey.h
index b19ec8920..c47921dd4 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey.h
+++ b/src/libcharon/plugins/ipseckey/ipseckey.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.c b/src/libcharon/plugins/ipseckey/ipseckey_cred.c
index b3ac2b328..d9f84e93a 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey_cred.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.h b/src/libcharon/plugins/ipseckey/ipseckey_cred.h
index f0f52fd6a..05a2d2d66 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey_cred.h
+++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
index 9f00abe8b..ce973daae 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_plugin.h b/src/libcharon/plugins/ipseckey/ipseckey_plugin.h
index 95acc79dd..f53b3459c 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey_plugin.h
+++ b/src/libcharon/plugins/ipseckey/ipseckey_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
index d4832e233..6c2d22304 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.h b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.h
index 0a4936706..2f726f8dd 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.h
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c
index e3b688dd6..ba6be052f 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.h b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.h
index a14426b4e..f5bf0c254 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.h
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c
index 66141ad56..684d282ac 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.h b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.h
index 7b2f3c6c5..9a82a8ff6 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.h
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_router.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 4e79dfced..4926c3de8 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2017 Tobias Brunner
+ * Copyright (C) 2006-2018 Tobias Brunner
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2008-2016 Andreas Steffen
  * Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser
@@ -17,16 +17,40 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  */
+/*
+ * Copyright (C) 2018 Mellanox Technologies.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
 
 #define _GNU_SOURCE
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/ioctl.h>
 #include <stdint.h>
 #include <linux/ipsec.h>
 #include <linux/netlink.h>
 #include <linux/rtnetlink.h>
 #include <linux/xfrm.h>
 #include <linux/udp.h>
+#include <linux/ethtool.h>
+#include <linux/sockios.h>
 #include <net/if.h>
 #include <unistd.h>
 #include <time.h>
@@ -236,6 +260,27 @@ static kernel_algorithm_t compression_algs[] = {
 	{IPCOMP_LZJH,				"lzjh"				},
 };
 
+/**
+ * IPsec HW offload state in kernel
+ */
+typedef enum {
+	NL_OFFLOAD_UNKNOWN,
+	NL_OFFLOAD_UNSUPPORTED,
+	NL_OFFLOAD_SUPPORTED
+} nl_offload_state_t;
+
+/**
+ * Global metadata used for IPsec HW offload
+ */
+static struct {
+	/** bit in feature set */
+	u_int bit;
+	/** total number of device feature blocks */
+	u_int total_blocks;
+	/** determined HW offload state */
+	nl_offload_state_t state;
+} netlink_hw_offload;
+
 /**
  * Look up a kernel algorithm name and its key size
  */
@@ -1290,6 +1335,193 @@ static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark)
 	return TRUE;
 }
 
+/**
+ * Check if kernel supports HW offload
+ */
+static void netlink_find_offload_feature(const char *ifname, int query_socket)
+{
+	struct ethtool_sset_info *sset_info;
+	struct ethtool_gstrings *cmd = NULL;
+	struct ifreq ifr;
+	uint32_t sset_len, i;
+	char *str;
+	int err;
+
+	netlink_hw_offload.state = NL_OFFLOAD_UNSUPPORTED;
+
+	/* determine number of device features */
+	INIT_EXTRA(sset_info, sizeof(uint32_t),
+		.cmd = ETHTOOL_GSSET_INFO,
+		.sset_mask = 1ULL << ETH_SS_FEATURES,
+	);
+	strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+	ifr.ifr_name[IFNAMSIZ-1] = '\0';
+	ifr.ifr_data = (void*)sset_info;
+
+	err = ioctl(query_socket, SIOCETHTOOL, &ifr);
+	if (err || sset_info->sset_mask != 1ULL << ETH_SS_FEATURES)
+	{
+		goto out;
+	}
+	sset_len = sset_info->data[0];
+
+	/* retrieve names of device features */
+	INIT_EXTRA(cmd, ETH_GSTRING_LEN * sset_len,
+		.cmd = ETHTOOL_GSTRINGS,
+		.string_set = ETH_SS_FEATURES,
+	);
+	strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+	ifr.ifr_name[IFNAMSIZ-1] = '\0';
+	ifr.ifr_data = (void*)cmd;
+
+	err = ioctl(query_socket, SIOCETHTOOL, &ifr);
+	if (err)
+	{
+		goto out;
+	}
+
+	/* look for the ESP_HW feature bit */
+	str = (char*)cmd->data;
+	for (i = 0; i < cmd->len; i++)
+	{
+		if (strneq(str, "esp-hw-offload", ETH_GSTRING_LEN))
+		{
+			netlink_hw_offload.bit = i;
+			netlink_hw_offload.total_blocks = (sset_len + 31) / 32;
+			netlink_hw_offload.state = NL_OFFLOAD_SUPPORTED;
+			break;
+		}
+		str += ETH_GSTRING_LEN;
+	}
+
+out:
+	free(sset_info);
+	free(cmd);
+}
+
+/**
+ * Check if interface supported HW offload
+ */
+static bool netlink_detect_offload(const char *ifname)
+{
+	struct ethtool_gfeatures *cmd;
+	uint32_t feature_bit;
+	struct ifreq ifr;
+	int query_socket;
+	int block;
+	bool ret = FALSE;
+
+	query_socket = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_XFRM);
+	if (query_socket < 0)
+	{
+		return FALSE;
+	}
+
+	/* kernel requires a real interface in order to query the kernel-wide
+	 * capability, so we do it here on first invocation.
+	 */
+	if (netlink_hw_offload.state == NL_OFFLOAD_UNKNOWN)
+	{
+		netlink_find_offload_feature(ifname, query_socket);
+	}
+	if (netlink_hw_offload.state == NL_OFFLOAD_UNSUPPORTED)
+	{
+		DBG1(DBG_KNL, "HW offload is not supported by kernel");
+		goto out;
+	}
+
+	/* feature is supported by kernel, query device features */
+	INIT_EXTRA(cmd, sizeof(cmd->features[0]) * netlink_hw_offload.total_blocks,
+		.cmd = ETHTOOL_GFEATURES,
+		.size = netlink_hw_offload.total_blocks,
+	);
+	strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+	ifr.ifr_name[IFNAMSIZ-1] = '\0';
+	ifr.ifr_data = (void*)cmd;
+
+	if (ioctl(query_socket, SIOCETHTOOL, &ifr))
+	{
+		goto out_free;
+	}
+
+	block = netlink_hw_offload.bit / 32;
+	feature_bit = 1U << (netlink_hw_offload.bit % 32);
+	if (cmd->features[block].active & feature_bit)
+	{
+		ret = TRUE;
+	}
+
+out_free:
+	free(cmd);
+	if (!ret)
+	{
+		DBG1(DBG_KNL, "HW offload is not supported by device");
+	}
+out:
+	close(query_socket);
+	return ret;
+}
+
+/**
+ * There are 3 HW offload configuration values:
+ * 1. HW_OFFLOAD_NO   : Do not configure HW offload.
+ * 2. HW_OFFLOAD_YES  : Configure HW offload.
+ *                      Fail SA addition if offload is not supported.
+ * 3. HW_OFFLOAD_AUTO : Configure HW offload if supported by the kernel
+ *                      and device.
+ *                      Do not fail SA addition otherwise.
+ */
+static bool config_hw_offload(kernel_ipsec_sa_id_t *id,
+							  kernel_ipsec_add_sa_t *data, struct nlmsghdr *hdr,
+							  int buflen)
+{
+	host_t *local = data->inbound ? id->dst : id->src;
+	struct xfrm_user_offload *offload;
+	bool hw_offload_yes, ret = FALSE;
+	char *ifname;
+
+	/* do Ipsec configuration without offload */
+	if (data->hw_offload == HW_OFFLOAD_NO)
+	{
+		return TRUE;
+	}
+
+	hw_offload_yes = (data->hw_offload == HW_OFFLOAD_YES);
+
+	if (!charon->kernel->get_interface(charon->kernel, local, &ifname))
+	{
+		return !hw_offload_yes;
+	}
+
+	/* check if interface supports hw_offload */
+	if (!netlink_detect_offload(ifname))
+	{
+		ret = !hw_offload_yes;
+		goto out;
+	}
+
+	/* activate HW offload */
+	offload = netlink_reserve(hdr, buflen,
+							  XFRMA_OFFLOAD_DEV, sizeof(*offload));
+	if (!offload)
+	{
+		ret = !hw_offload_yes;
+		goto out;
+	}
+	offload->ifindex = if_nametoindex(ifname);
+	if (local->get_family(local) == AF_INET6)
+	{
+		offload->flags |= XFRM_OFFLOAD_IPV6;
+	}
+	offload->flags |= data->inbound ? XFRM_OFFLOAD_INBOUND : 0;
+
+	ret = TRUE;
+
+out:
+	free(ifname);
+	return ret;
+}
+
 METHOD(kernel_ipsec_t, add_sa, status_t,
 	private_kernel_netlink_ipsec_t *this, kernel_ipsec_sa_id_t *id,
 	kernel_ipsec_add_sa_t *data)
@@ -1650,30 +1882,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 				 data->replay_window);
 			sa->replay_window = data->replay_window;
 		}
-		if (data->hw_offload)
-		{
-			host_t *local = data->inbound ? id->dst : id->src;
-			char *ifname;
 
-			if (charon->kernel->get_interface(charon->kernel, local, &ifname))
-			{
-				struct xfrm_user_offload *offload;
-
-				offload = netlink_reserve(hdr, sizeof(request),
-										  XFRMA_OFFLOAD_DEV, sizeof(*offload));
-				if (!offload)
-				{
-					free(ifname);
-					goto failed;
-				}
-				offload->ifindex = if_nametoindex(ifname);
-				if (local->get_family(local) == AF_INET6)
-				{
-					offload->flags |= XFRM_OFFLOAD_IPV6;
-				}
-				offload->flags |= data->inbound ? XFRM_OFFLOAD_INBOUND : 0;
-				free(ifname);
-			}
+		DBG2(DBG_KNL, "  HW offload: %N", hw_offload_names, data->hw_offload);
+		if (!config_hw_offload(id, data, hdr, sizeof(request)))
+		{
+			DBG1(DBG_KNL, "failed to configure HW offload");
+			goto failed;
 		}
 	}
 
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h
index 3a45cce06..bafdea0b9 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index c3f92f500..b6eb54370 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1797,7 +1797,7 @@ static void rt_entry_destroy(rt_entry_t *this)
 /**
  * Check if the route received with RTM_NEWROUTE is usable based on its type.
  */
-static bool route_usable(struct nlmsghdr *hdr)
+static bool route_usable(struct nlmsghdr *hdr, bool allow_local)
 {
 	struct rtmsg *msg;
 
@@ -1809,6 +1809,8 @@ static bool route_usable(struct nlmsghdr *hdr)
 		case RTN_PROHIBIT:
 		case RTN_THROW:
 			return FALSE;
+		case RTN_LOCAL:
+			return allow_local;
 		default:
 			return TRUE;
 	}
@@ -1832,15 +1834,11 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
 
 	if (route)
 	{
-		route->gtw = chunk_empty;
-		route->pref_src = chunk_empty;
-		route->dst = chunk_empty;
-		route->dst_len = msg->rtm_dst_len;
-		route->src = chunk_empty;
-		route->src_len = msg->rtm_src_len;
-		route->table = msg->rtm_table;
-		route->oif = 0;
-		route->priority = 0;
+		*route = (rt_entry_t){
+			.dst_len = msg->rtm_dst_len,
+			.src_len = msg->rtm_src_len,
+			.table = msg->rtm_table,
+		};
 	}
 	else
 	{
@@ -1988,7 +1986,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
 				rt_entry_t *other;
 				uintptr_t table;
 
-				if (!route_usable(current))
+				if (!route_usable(current, TRUE))
 				{
 					continue;
 				}
@@ -2260,49 +2258,31 @@ METHOD(enumerator_t, enumerate_subnets, bool,
 				break;
 			case RTM_NEWROUTE:
 			{
-				struct rtmsg *msg;
-				struct rtattr *rta;
-				size_t rtasize;
-				chunk_t dst = chunk_empty;
-				uint32_t oif = 0;
+				rt_entry_t route;
 
-				msg = NLMSG_DATA(this->current);
-
-				if (!route_usable(this->current))
+				if (!route_usable(this->current, FALSE))
 				{
 					break;
 				}
-				else if (msg->rtm_table && (
-							msg->rtm_table == RT_TABLE_LOCAL ||
-							msg->rtm_table == this->private->routing_table))
+				parse_route(this->current, &route);
+
+				if (route.table && (
+							route.table == RT_TABLE_LOCAL ||
+							route.table == this->private->routing_table))
 				{	/* ignore our own and the local routing tables */
 					break;
 				}
-
-				rta = RTM_RTA(msg);
-				rtasize = RTM_PAYLOAD(this->current);
-				while (RTA_OK(rta, rtasize))
-				{
-					switch (rta->rta_type)
-					{
-						case RTA_DST:
-							dst = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
-							break;
-						case RTA_OIF:
-							if (RTA_PAYLOAD(rta) == sizeof(oif))
-							{
-								oif = *(uint32_t*)RTA_DATA(rta);
-							}
-							break;
-					}
-					rta = RTA_NEXT(rta, rtasize);
+				else if (route.gtw.ptr)
+				{	/* ignore routes via gateway/next hop */
+					break;
 				}
 
-				if (dst.ptr && oif && if_indextoname(oif, this->ifname))
+				if (route.dst.ptr && route.oif &&
+					if_indextoname(route.oif, this->ifname))
 				{
-					this->net = host_create_from_chunk(msg->rtm_family, dst, 0);
+					this->net = host_create_from_chunk(AF_UNSPEC, route.dst, 0);
 					*net = this->net;
-					*mask = msg->rtm_dst_len;
+					*mask = route.dst_len;
 					*ifname = this->ifname;
 					return TRUE;
 				}
@@ -2669,31 +2649,89 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this,
 	return this->socket->send_ack(this->socket, hdr);
 }
 
+/**
+ * Helper struct used to check routes
+ */
+typedef struct {
+	/** the entry we look for */
+	route_entry_t route;
+	/** kernel interface */
+	private_kernel_netlink_net_t *this;
+} route_entry_lookup_t;
+
+/**
+ * Check if a matching route entry has a VIP associated
+ */
+static bool route_with_vip(route_entry_lookup_t *a, route_entry_t *b)
+{
+	if (chunk_equals(a->route.dst_net, b->dst_net) &&
+		a->route.prefixlen == b->prefixlen &&
+		is_known_vip(a->this, b->src_ip))
+	{
+		return TRUE;
+	}
+	return FALSE;
+}
+
+/**
+ * Check if there is any route entry with a matching destination
+ */
+static bool route_with_dst(route_entry_lookup_t *a, route_entry_t *b)
+{
+	if (chunk_equals(a->route.dst_net, b->dst_net) &&
+		a->route.prefixlen == b->prefixlen)
+	{
+		return TRUE;
+	}
+	return FALSE;
+}
+
 METHOD(kernel_net_t, add_route, status_t,
 	private_kernel_netlink_net_t *this, chunk_t dst_net, uint8_t prefixlen,
 	host_t *gateway, host_t *src_ip, char *if_name)
 {
 	status_t status;
-	route_entry_t *found, route = {
-		.dst_net = dst_net,
-		.prefixlen = prefixlen,
-		.gateway = gateway,
-		.src_ip = src_ip,
-		.if_name = if_name,
+	route_entry_t *found;
+	route_entry_lookup_t lookup = {
+		.route = {
+			.dst_net = dst_net,
+			.prefixlen = prefixlen,
+			.gateway = gateway,
+			.src_ip = src_ip,
+			.if_name = if_name,
+		},
+		.this = this,
 	};
 
 	this->routes_lock->lock(this->routes_lock);
-	found = this->routes->get(this->routes, &route);
+	found = this->routes->get(this->routes, &lookup.route);
 	if (found)
 	{
 		this->routes_lock->unlock(this->routes_lock);
 		return ALREADY_DONE;
 	}
-	status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL,
-							 dst_net, prefixlen, gateway, src_ip, if_name);
+
+	/* don't replace the route if we already have one with a VIP installed,
+	 * but keep track of it in case that other route is uninstalled */
+	this->lock->read_lock(this->lock);
+	if (!is_known_vip(this, src_ip))
+	{
+		found = this->routes->get_match(this->routes, &lookup,
+										(void*)route_with_vip);
+	}
+	this->lock->unlock(this->lock);
+	if (found)
+	{
+		status = SUCCESS;
+	}
+	else
+	{
+		status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE|NLM_F_REPLACE,
+								 dst_net, prefixlen, gateway, src_ip, if_name);
+	}
 	if (status == SUCCESS)
 	{
-		found = route_entry_clone(&route);
+		found = route_entry_clone(&lookup.route);
 		this->routes->put(this->routes, found, found);
 	}
 	this->routes_lock->unlock(this->routes_lock);
@@ -2705,25 +2743,49 @@ METHOD(kernel_net_t, del_route, status_t,
 	host_t *gateway, host_t *src_ip, char *if_name)
 {
 	status_t status;
-	route_entry_t *found, route = {
-		.dst_net = dst_net,
-		.prefixlen = prefixlen,
-		.gateway = gateway,
-		.src_ip = src_ip,
-		.if_name = if_name,
+	route_entry_t *found;
+	route_entry_lookup_t lookup = {
+		.route = {
+			.dst_net = dst_net,
+			.prefixlen = prefixlen,
+			.gateway = gateway,
+			.src_ip = src_ip,
+			.if_name = if_name,
+		},
+		.this = this,
 	};
 
 	this->routes_lock->lock(this->routes_lock);
-	found = this->routes->get(this->routes, &route);
+	found = this->routes->remove(this->routes, &lookup.route);
 	if (!found)
 	{
 		this->routes_lock->unlock(this->routes_lock);
 		return NOT_FOUND;
 	}
-	this->routes->remove(this->routes, found);
 	route_entry_destroy(found);
-	status = manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen,
-							 gateway, src_ip, if_name);
+
+	/* check if there are any other routes for the same destination and if
+	 * so update the route, otherwise uninstall it */
+	this->lock->read_lock(this->lock);
+	found = this->routes->get_match(this->routes, &lookup,
+									(void*)route_with_vip);
+	this->lock->unlock(this->lock);
+	if (!found)
+	{
+		found = this->routes->get_match(this->routes, &lookup,
+										(void*)route_with_dst);
+	}
+	if (found)
+	{
+		status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE|NLM_F_REPLACE,
+							found->dst_net, found->prefixlen, found->gateway,
+							found->src_ip, found->if_name);
+	}
+	else
+	{
+		status = manage_srcroute(this, RTM_DELROUTE, 0, dst_net, prefixlen,
+								 gateway, src_ip, if_name);
+	}
 	this->routes_lock->unlock(this->routes_lock);
 	return status;
 }
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h
index ff9831d3c..862059c2b 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c
index 58350028f..5ab8924f4 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h
index 74c9ae24f..f3b4ad785 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
index f3b5b1d4a..441c0c482 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h
index b034326d7..7056e6ccc 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -32,7 +32,7 @@
 /**
  * General purpose netlink buffer.
  *
- * Some platforms require an enforced aligment to four bytes (e.g. ARM).
+ * Some platforms require an enforced alignment to four bytes (e.g. ARM).
  */
 typedef union {
 	struct nlmsghdr hdr;
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 79abe587a..80c484b47 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -219,6 +219,11 @@ struct private_kernel_pfkey_ipsec_t
 	 */
 	bool install_routes;
 
+	/**
+	 * whether to install the route via internal interface
+	 */
+	bool route_via_internal;
+
 	/**
 	 * mutex to lock access to the PF_KEY socket
 	 */
@@ -2361,7 +2366,7 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
 		/* if the IP is virtual, we install the route over the interface it has
 		 * been installed on. Otherwise we use the interface we use for IKE, as
 		 * this is required for example on Linux. */
-		if (is_virtual)
+		if (is_virtual || this->route_via_internal)
 		{
 			free(route->if_name);
 			route->if_name = NULL;
@@ -3164,6 +3169,9 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
 		.install_routes = lib->settings->get_bool(lib->settings,
 												  "%s.install_routes", TRUE,
 												  lib->ns),
+		.route_via_internal = lib->settings->get_bool(lib->settings,
+								"%s.plugins.kernel-pfkey.route_via_internal",
+								FALSE, lib->ns),
 	);
 
 	if (streq(lib->ns, "starter"))
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h
index 649f93733..f52337eb7 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c
index d49fe2422..d860a7d12 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h
index ecccc6303..dd43f78f3 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
index e1f10e93f..0bbdb1bc3 100644
--- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009-2016 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h
index 10c3c9eb7..16638ddd4 100644
--- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c
index acd834ba3..b3852e57f 100644
--- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h
index 50642a572..6202a114f 100644
--- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c
index 28421c212..78be45f68 100644
--- a/src/libcharon/plugins/load_tester/load_tester_config.c
+++ b/src/libcharon/plugins/load_tester/load_tester_config.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -937,7 +937,6 @@ load_tester_config_t *load_tester_config_create()
 		.leases = hashtable_create((hashtable_hash_t)hash,
 								   (hashtable_equals_t)equals, 256),
 		.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
-		.num = 1,
 		.unique_port = UNIQUE_PORT_START,
 	);
 
diff --git a/src/libcharon/plugins/load_tester/load_tester_config.h b/src/libcharon/plugins/load_tester/load_tester_config.h
index cfa4b1edc..f1cff7801 100644
--- a/src/libcharon/plugins/load_tester/load_tester_config.h
+++ b/src/libcharon/plugins/load_tester/load_tester_config.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c
index 2cedd130e..29a2b83c8 100644
--- a/src/libcharon/plugins/load_tester/load_tester_creds.c
+++ b/src/libcharon/plugins/load_tester/load_tester_creds.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/load_tester/load_tester_creds.h b/src/libcharon/plugins/load_tester/load_tester_creds.h
index fb3541164..4007fcd6f 100644
--- a/src/libcharon/plugins/load_tester/load_tester_creds.h
+++ b/src/libcharon/plugins/load_tester/load_tester_creds.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c
index e1c7c0e0b..65378993c 100644
--- a/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c
+++ b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h
index 672157fb8..3be436944 100644
--- a/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h
+++ b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
index 4e20c8f3a..63ff92b10 100644
--- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c
+++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.h b/src/libcharon/plugins/load_tester/load_tester_ipsec.h
index 1e1bff84a..ceb373757 100644
--- a/src/libcharon/plugins/load_tester/load_tester_ipsec.h
+++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/load_tester/load_tester_listener.c b/src/libcharon/plugins/load_tester/load_tester_listener.c
index 068020ef7..e8763b90c 100644
--- a/src/libcharon/plugins/load_tester/load_tester_listener.c
+++ b/src/libcharon/plugins/load_tester/load_tester_listener.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/load_tester/load_tester_listener.h b/src/libcharon/plugins/load_tester/load_tester_listener.h
index eba4afcf1..8c8562894 100644
--- a/src/libcharon/plugins/load_tester/load_tester_listener.h
+++ b/src/libcharon/plugins/load_tester/load_tester_listener.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c
index 6cf3a909c..961c10406 100644
--- a/src/libcharon/plugins/load_tester/load_tester_plugin.c
+++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.h b/src/libcharon/plugins/load_tester/load_tester_plugin.h
index 15f2d1127..69e9764e7 100644
--- a/src/libcharon/plugins/load_tester/load_tester_plugin.h
+++ b/src/libcharon/plugins/load_tester/load_tester_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c
index f34990176..789c01bae 100644
--- a/src/libcharon/plugins/medcli/medcli_config.c
+++ b/src/libcharon/plugins/medcli/medcli_config.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/medcli/medcli_config.h b/src/libcharon/plugins/medcli/medcli_config.h
index 36c20adf7..e946737de 100644
--- a/src/libcharon/plugins/medcli/medcli_config.h
+++ b/src/libcharon/plugins/medcli/medcli_config.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/medcli/medcli_creds.c b/src/libcharon/plugins/medcli/medcli_creds.c
index 528fc004d..cde148e4f 100644
--- a/src/libcharon/plugins/medcli/medcli_creds.c
+++ b/src/libcharon/plugins/medcli/medcli_creds.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/medcli/medcli_creds.h b/src/libcharon/plugins/medcli/medcli_creds.h
index ec17955a2..b4dec76d1 100644
--- a/src/libcharon/plugins/medcli/medcli_creds.h
+++ b/src/libcharon/plugins/medcli/medcli_creds.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/medcli/medcli_listener.c b/src/libcharon/plugins/medcli/medcli_listener.c
index ba6b3d9d6..789e1ab2d 100644
--- a/src/libcharon/plugins/medcli/medcli_listener.c
+++ b/src/libcharon/plugins/medcli/medcli_listener.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/medcli/medcli_listener.h b/src/libcharon/plugins/medcli/medcli_listener.h
index 860dcdc60..96f9e61e5 100644
--- a/src/libcharon/plugins/medcli/medcli_listener.h
+++ b/src/libcharon/plugins/medcli/medcli_listener.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/medcli/medcli_plugin.c b/src/libcharon/plugins/medcli/medcli_plugin.c
index e6a8a8981..87cacedb6 100644
--- a/src/libcharon/plugins/medcli/medcli_plugin.c
+++ b/src/libcharon/plugins/medcli/medcli_plugin.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/medcli/medcli_plugin.h b/src/libcharon/plugins/medcli/medcli_plugin.h
index 44e7bb525..dd5a2ba0f 100644
--- a/src/libcharon/plugins/medcli/medcli_plugin.h
+++ b/src/libcharon/plugins/medcli/medcli_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c
index be7f481b6..6068022b1 100644
--- a/src/libcharon/plugins/medsrv/medsrv_config.c
+++ b/src/libcharon/plugins/medsrv/medsrv_config.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/medsrv/medsrv_config.h b/src/libcharon/plugins/medsrv/medsrv_config.h
index 03a41a7ce..45b298050 100644
--- a/src/libcharon/plugins/medsrv/medsrv_config.h
+++ b/src/libcharon/plugins/medsrv/medsrv_config.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/medsrv/medsrv_creds.c b/src/libcharon/plugins/medsrv/medsrv_creds.c
index 16d4bd7f3..5a0ae5928 100644
--- a/src/libcharon/plugins/medsrv/medsrv_creds.c
+++ b/src/libcharon/plugins/medsrv/medsrv_creds.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/medsrv/medsrv_creds.h b/src/libcharon/plugins/medsrv/medsrv_creds.h
index 08ecaa3f2..f09e704f3 100644
--- a/src/libcharon/plugins/medsrv/medsrv_creds.h
+++ b/src/libcharon/plugins/medsrv/medsrv_creds.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/medsrv/medsrv_plugin.c b/src/libcharon/plugins/medsrv/medsrv_plugin.c
index fcc8502f8..7e08d3b9c 100644
--- a/src/libcharon/plugins/medsrv/medsrv_plugin.c
+++ b/src/libcharon/plugins/medsrv/medsrv_plugin.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/medsrv/medsrv_plugin.h b/src/libcharon/plugins/medsrv/medsrv_plugin.h
index 179fa3b3a..eebda2768 100644
--- a/src/libcharon/plugins/medsrv/medsrv_plugin.h
+++ b/src/libcharon/plugins/medsrv/medsrv_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/p_cscf/p_cscf_handler.c b/src/libcharon/plugins/p_cscf/p_cscf_handler.c
index cdf266054..2cfa95441 100644
--- a/src/libcharon/plugins/p_cscf/p_cscf_handler.c
+++ b/src/libcharon/plugins/p_cscf/p_cscf_handler.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2016 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/p_cscf/p_cscf_handler.h b/src/libcharon/plugins/p_cscf/p_cscf_handler.h
index ad4f1acce..ce03ba90f 100644
--- a/src/libcharon/plugins/p_cscf/p_cscf_handler.h
+++ b/src/libcharon/plugins/p_cscf/p_cscf_handler.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2016 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/p_cscf/p_cscf_plugin.c b/src/libcharon/plugins/p_cscf/p_cscf_plugin.c
index 8e2bc727e..a541d12a8 100644
--- a/src/libcharon/plugins/p_cscf/p_cscf_plugin.c
+++ b/src/libcharon/plugins/p_cscf/p_cscf_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2016 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/p_cscf/p_cscf_plugin.h b/src/libcharon/plugins/p_cscf/p_cscf_plugin.h
index 51b17674d..6ed076b61 100644
--- a/src/libcharon/plugins/p_cscf/p_cscf_plugin.h
+++ b/src/libcharon/plugins/p_cscf/p_cscf_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2016 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/resolve/resolve_handler.h b/src/libcharon/plugins/resolve/resolve_handler.h
index 77bf9781c..c2db84ff1 100644
--- a/src/libcharon/plugins/resolve/resolve_handler.h
+++ b/src/libcharon/plugins/resolve/resolve_handler.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/resolve/resolve_plugin.c b/src/libcharon/plugins/resolve/resolve_plugin.c
index 193c5b602..f10ae7540 100644
--- a/src/libcharon/plugins/resolve/resolve_plugin.c
+++ b/src/libcharon/plugins/resolve/resolve_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/resolve/resolve_plugin.h b/src/libcharon/plugins/resolve/resolve_plugin.h
index 0148b10d7..e23bb3c2e 100644
--- a/src/libcharon/plugins/resolve/resolve_plugin.h
+++ b/src/libcharon/plugins/resolve/resolve_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c
index 56891b263..86296443d 100644
--- a/src/libcharon/plugins/smp/smp.c
+++ b/src/libcharon/plugins/smp/smp.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -415,7 +415,7 @@ static void request_control_terminate(xmlTextReaderPtr reader,
 		if (ike)
 		{
 			status = charon->controller->terminate_ike(
-					charon->controller, id,
+					charon->controller, id, FALSE,
 					(controller_cb_t)xml_callback, writer, 0);
 		}
 		else
diff --git a/src/libcharon/plugins/smp/smp.h b/src/libcharon/plugins/smp/smp.h
index 74c85fb5f..f3916c8b9 100644
--- a/src/libcharon/plugins/smp/smp.h
+++ b/src/libcharon/plugins/smp/smp.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/socket_default/socket_default_plugin.c b/src/libcharon/plugins/socket_default/socket_default_plugin.c
index e89b74279..09b8faa0a 100644
--- a/src/libcharon/plugins/socket_default/socket_default_plugin.c
+++ b/src/libcharon/plugins/socket_default/socket_default_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  *
diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index 109b3fe9b..57e092968 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -3,7 +3,7 @@
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c
index fdc9a7cf9..c5825dcf1 100644
--- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  *
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
index ba92e10f2..f6ed615a7 100644
--- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
@@ -3,7 +3,7 @@
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2010 revosec AG
  *
  * This program is free software; you can redistribute it and/or modify it
diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c
index 86728515f..bb1ba71db 100644
--- a/src/libcharon/plugins/sql/sql_config.c
+++ b/src/libcharon/plugins/sql/sql_config.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2006-2008 Martin Willi
  * Copyright (C) 2010 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/sql/sql_config.h b/src/libcharon/plugins/sql/sql_config.h
index 700d00a97..e385ed88f 100644
--- a/src/libcharon/plugins/sql/sql_config.h
+++ b/src/libcharon/plugins/sql/sql_config.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/sql/sql_cred.c b/src/libcharon/plugins/sql/sql_cred.c
index 9ba0bf1c9..02608d1dc 100644
--- a/src/libcharon/plugins/sql/sql_cred.c
+++ b/src/libcharon/plugins/sql/sql_cred.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/sql/sql_cred.h b/src/libcharon/plugins/sql/sql_cred.h
index 7f387398e..697c981b2 100644
--- a/src/libcharon/plugins/sql/sql_cred.h
+++ b/src/libcharon/plugins/sql/sql_cred.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/sql/sql_logger.c b/src/libcharon/plugins/sql/sql_logger.c
index 46a894028..3b8d84987 100644
--- a/src/libcharon/plugins/sql/sql_logger.c
+++ b/src/libcharon/plugins/sql/sql_logger.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/sql/sql_logger.h b/src/libcharon/plugins/sql/sql_logger.h
index 62dc3f361..a43d726a8 100644
--- a/src/libcharon/plugins/sql/sql_logger.h
+++ b/src/libcharon/plugins/sql/sql_logger.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/sql/sql_plugin.c b/src/libcharon/plugins/sql/sql_plugin.c
index c5dd6e8b3..ba6091c5e 100644
--- a/src/libcharon/plugins/sql/sql_plugin.c
+++ b/src/libcharon/plugins/sql/sql_plugin.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/sql/sql_plugin.h b/src/libcharon/plugins/sql/sql_plugin.h
index c6f9ba905..175a0a16b 100644
--- a/src/libcharon/plugins/sql/sql_plugin.h
+++ b/src/libcharon/plugins/sql/sql_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/stroke/stroke_attribute.c b/src/libcharon/plugins/stroke/stroke_attribute.c
index 7835031c2..fff6a438f 100644
--- a/src/libcharon/plugins/stroke/stroke_attribute.c
+++ b/src/libcharon/plugins/stroke/stroke_attribute.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/stroke/stroke_attribute.h b/src/libcharon/plugins/stroke/stroke_attribute.h
index f1b9d135b..8c0ca2f32 100644
--- a/src/libcharon/plugins/stroke/stroke_attribute.h
+++ b/src/libcharon/plugins/stroke/stroke_attribute.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c
index 4593e9bdc..0432ee573 100644
--- a/src/libcharon/plugins/stroke/stroke_ca.c
+++ b/src/libcharon/plugins/stroke/stroke_ca.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2015 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/stroke/stroke_ca.h b/src/libcharon/plugins/stroke/stroke_ca.h
index 2740006e2..064a7edec 100644
--- a/src/libcharon/plugins/stroke/stroke_ca.h
+++ b/src/libcharon/plugins/stroke/stroke_ca.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2015 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index ca22c7f82..8cdb5ef48 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/stroke/stroke_config.h b/src/libcharon/plugins/stroke/stroke_config.h
index 894e03ce4..fe02c9ac4 100644
--- a/src/libcharon/plugins/stroke/stroke_config.h
+++ b/src/libcharon/plugins/stroke/stroke_config.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index ee8306772..8d84b934e 100644
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013-2015 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -316,7 +316,8 @@ static void charon_terminate(private_stroke_control_t *this, uint32_t id,
 		else
 		{
 			status = charon->controller->terminate_ike(charon->controller, id,
-							(controller_cb_t)stroke_log, &info, this->timeout);
+							FALSE, (controller_cb_t)stroke_log, &info,
+							this->timeout);
 		}
 		report_terminate_status(this, status, out, id, child);
 	}
@@ -327,7 +328,7 @@ static void charon_terminate(private_stroke_control_t *this, uint32_t id,
 	}
 	else
 	{
-		charon->controller->terminate_ike(charon->controller, id,
+		charon->controller->terminate_ike(charon->controller, id, FALSE,
 										  NULL, NULL, 0);
 	}
 }
@@ -588,47 +589,6 @@ METHOD(stroke_control_t, purge_ike, void,
 	list->destroy(list);
 }
 
-/**
- * Find an existing CHILD_SA/reqid
- */
-static uint32_t find_reqid(child_cfg_t *child_cfg)
-{
-	enumerator_t *enumerator, *children;
-	child_sa_t *child_sa;
-	ike_sa_t *ike_sa;
-	char *name;
-	uint32_t reqid;
-
-	reqid = charon->traps->find_reqid(charon->traps, child_cfg);
-	if (reqid)
-	{	/* already trapped */
-		return reqid;
-	}
-
-	name = child_cfg->get_name(child_cfg);
-	enumerator = charon->controller->create_ike_sa_enumerator(
-													charon->controller, TRUE);
-	while (enumerator->enumerate(enumerator, &ike_sa))
-	{
-		children = ike_sa->create_child_sa_enumerator(ike_sa);
-		while (children->enumerate(children, (void**)&child_sa))
-		{
-			if (streq(name, child_sa->get_name(child_sa)))
-			{
-				reqid = child_sa->get_reqid(child_sa);
-				break;
-			}
-		}
-		children->destroy(children);
-		if (reqid)
-		{
-			break;
-		}
-	}
-	enumerator->destroy(enumerator);
-	return reqid;
-}
-
 /**
  * call charon to install a shunt or trap
  */
@@ -636,7 +596,6 @@ static void charon_route(peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
 						 char *name, FILE *out)
 {
 	ipsec_mode_t mode;
-	uint32_t reqid;
 
 	mode = child_cfg->get_mode(child_cfg);
 	if (mode == MODE_PASS || mode == MODE_DROP)
@@ -655,8 +614,7 @@ static void charon_route(peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
 	}
 	else
 	{
-		reqid = find_reqid(child_cfg);
-		if (charon->traps->install(charon->traps, peer_cfg, child_cfg, reqid))
+		if (charon->traps->install(charon->traps, peer_cfg, child_cfg))
 		{
 			fprintf(out, "'%s' routed\n", name);
 		}
@@ -730,46 +688,13 @@ METHOD(stroke_control_t, route, void,
 METHOD(stroke_control_t, unroute, void,
 	private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
 {
-	child_cfg_t *child_cfg;
-	child_sa_t *child_sa;
-	enumerator_t *enumerator;
-	char *ns, *found = NULL;
-	uint32_t id = 0;
-
-	enumerator = charon->shunts->create_enumerator(charon->shunts);
-	while (enumerator->enumerate(enumerator, &ns, &child_cfg))
-	{
-		if (ns && streq(msg->unroute.name, child_cfg->get_name(child_cfg)))
-		{
-			found = strdup(ns);
-			break;
-		}
-	}
-	enumerator->destroy(enumerator);
-	if (found && charon->shunts->uninstall(charon->shunts, found,
-										   msg->unroute.name))
+	if (charon->shunts->uninstall(charon->shunts, NULL, msg->unroute.name))
 	{
-		free(found);
 		fprintf(out, "shunt policy '%s' uninstalled\n", msg->unroute.name);
-		return;
-	}
-	free(found);
-
-	enumerator = charon->traps->create_enumerator(charon->traps);
-	while (enumerator->enumerate(enumerator, NULL, &child_sa))
-	{
-		if (streq(msg->unroute.name, child_sa->get_name(child_sa)))
-		{
-			id = child_sa->get_reqid(child_sa);
-			break;
-		}
 	}
-	enumerator->destroy(enumerator);
-
-	if (id)
+	else if (charon->traps->uninstall(charon->traps, NULL, msg->unroute.name))
 	{
-		charon->traps->uninstall(charon->traps, id);
-		fprintf(out, "configuration '%s' unrouted\n", msg->unroute.name);
+		fprintf(out, "trap policy '%s' unrouted\n", msg->unroute.name);
 	}
 	else
 	{
diff --git a/src/libcharon/plugins/stroke/stroke_control.h b/src/libcharon/plugins/stroke/stroke_control.h
index 869aab3d3..78f1f7594 100644
--- a/src/libcharon/plugins/stroke/stroke_control.h
+++ b/src/libcharon/plugins/stroke/stroke_control.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/stroke/stroke_cred.h b/src/libcharon/plugins/stroke/stroke_cred.h
index 33a0e3531..43801b206 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.h
+++ b/src/libcharon/plugins/stroke/stroke_cred.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index 2bed420be..d1bf139c2 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2015 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
diff --git a/src/libcharon/plugins/stroke/stroke_list.h b/src/libcharon/plugins/stroke/stroke_list.h
index a0d2d18cc..bf96e9969 100644
--- a/src/libcharon/plugins/stroke/stroke_list.h
+++ b/src/libcharon/plugins/stroke/stroke_list.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c
index 0a34fb458..6249c73f2 100644
--- a/src/libcharon/plugins/stroke/stroke_plugin.c
+++ b/src/libcharon/plugins/stroke/stroke_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/stroke/stroke_plugin.h b/src/libcharon/plugins/stroke/stroke_plugin.h
index 464979910..9068b691c 100644
--- a/src/libcharon/plugins/stroke/stroke_plugin.h
+++ b/src/libcharon/plugins/stroke/stroke_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index c568440b7..1e7f210e9 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -627,6 +627,11 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
 		}
 		return FALSE;
 	}
+	if (len < offsetof(stroke_msg_t, buffer))
+	{
+		DBG1(DBG_CFG, "invalid stroke message length %d", len);
+		return FALSE;
+	}
 
 	/* read message (we need an additional byte to terminate the buffer) */
 	msg = malloc(len + 1);
diff --git a/src/libcharon/plugins/stroke/stroke_socket.h b/src/libcharon/plugins/stroke/stroke_socket.h
index 2aac8be9b..881d4f4e5 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.h
+++ b/src/libcharon/plugins/stroke/stroke_socket.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c
index dcd4ae348..5654fc51e 100644
--- a/src/libcharon/plugins/uci/uci_config.c
+++ b/src/libcharon/plugins/uci/uci_config.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2008 Thomas Kallenberg
  * Copyright (C) 2008 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/uci/uci_config.h b/src/libcharon/plugins/uci/uci_config.h
index 130f15d85..497c45357 100644
--- a/src/libcharon/plugins/uci/uci_config.h
+++ b/src/libcharon/plugins/uci/uci_config.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2008 Thomas Kallenberg
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/uci/uci_control.c b/src/libcharon/plugins/uci/uci_control.c
index a7d26e67d..b6cfda082 100644
--- a/src/libcharon/plugins/uci/uci_control.c
+++ b/src/libcharon/plugins/uci/uci_control.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Thomas Kallenberg
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -180,7 +180,7 @@ static void terminate(private_uci_control_t *this, char *name)
 		{
 			id = ike_sa->get_unique_id(ike_sa);
 			enumerator->destroy(enumerator);
-			charon->controller->terminate_ike(charon->controller, id,
+			charon->controller->terminate_ike(charon->controller, id, FALSE,
 											  controller_cb_empty, NULL, 0);
 			write_fifo(this, "connection '%s' terminated\n", name);
 			return;
diff --git a/src/libcharon/plugins/uci/uci_control.h b/src/libcharon/plugins/uci/uci_control.h
index 794220aa1..8e98b57f8 100644
--- a/src/libcharon/plugins/uci/uci_control.h
+++ b/src/libcharon/plugins/uci/uci_control.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Thomas Kallenberg
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/uci/uci_creds.c b/src/libcharon/plugins/uci/uci_creds.c
index 404a3e39f..d73c94e0d 100644
--- a/src/libcharon/plugins/uci/uci_creds.c
+++ b/src/libcharon/plugins/uci/uci_creds.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2008 Thomas Kallenberg
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/uci/uci_creds.h b/src/libcharon/plugins/uci/uci_creds.h
index a283ed9f5..597def002 100644
--- a/src/libcharon/plugins/uci/uci_creds.h
+++ b/src/libcharon/plugins/uci/uci_creds.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2008 Thomas Kallenberg
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/uci/uci_parser.c b/src/libcharon/plugins/uci/uci_parser.c
index 283d93928..9fef34dad 100644
--- a/src/libcharon/plugins/uci/uci_parser.c
+++ b/src/libcharon/plugins/uci/uci_parser.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2008 Thomas Kallenberg
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/uci/uci_parser.h b/src/libcharon/plugins/uci/uci_parser.h
index 230c35e86..810690d72 100644
--- a/src/libcharon/plugins/uci/uci_parser.h
+++ b/src/libcharon/plugins/uci/uci_parser.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2008 Thomas Kallenberg
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/uci/uci_plugin.c b/src/libcharon/plugins/uci/uci_plugin.c
index cc0836b7a..daac4304c 100644
--- a/src/libcharon/plugins/uci/uci_plugin.c
+++ b/src/libcharon/plugins/uci/uci_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Thomas Kallenberg
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/uci/uci_plugin.h b/src/libcharon/plugins/uci/uci_plugin.h
index 980ab26fd..9c6e4397f 100644
--- a/src/libcharon/plugins/uci/uci_plugin.h
+++ b/src/libcharon/plugins/uci/uci_plugin.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Thomas Kallenberg
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/unity/unity_handler.c b/src/libcharon/plugins/unity/unity_handler.c
index 4a1478c6d..dcafb483b 100644
--- a/src/libcharon/plugins/unity/unity_handler.c
+++ b/src/libcharon/plugins/unity/unity_handler.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2012 Martin Willi
  * Copyright (C) 2012 revosec AG
diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c
index 227d24be8..05ae8d504 100644
--- a/src/libcharon/plugins/unity/unity_narrow.c
+++ b/src/libcharon/plugins/unity/unity_narrow.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2012 Martin Willi
  * Copyright (C) 2012 revosec AG
diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c
index b6a55648e..b52ffeeb1 100644
--- a/src/libcharon/plugins/unity/unity_provider.c
+++ b/src/libcharon/plugins/unity/unity_provider.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2012 Martin Willi
  * Copyright (C) 2012 revosec AG
diff --git a/src/libcharon/plugins/updown/updown_listener.h b/src/libcharon/plugins/updown/updown_listener.h
index 2d9b56ade..a25b77283 100644
--- a/src/libcharon/plugins/updown/updown_listener.h
+++ b/src/libcharon/plugins/updown/updown_listener.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/updown/updown_plugin.c b/src/libcharon/plugins/updown/updown_plugin.c
index 60ecfcce6..672b99c0f 100644
--- a/src/libcharon/plugins/updown/updown_plugin.c
+++ b/src/libcharon/plugins/updown/updown_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/updown/updown_plugin.h b/src/libcharon/plugins/updown/updown_plugin.h
index abcb953a0..27fe0e77b 100644
--- a/src/libcharon/plugins/updown/updown_plugin.h
+++ b/src/libcharon/plugins/updown/updown_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index 49cce379d..0038f0844 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -279,7 +279,9 @@ Terminates an SA while streaming _control-log_ events.
 		ike = <terminate an IKE_SA by configuration name>
 		child-id = <terminate a CHILD_SA by its reqid>
 		ike-id = <terminate an IKE_SA by its unique id>
-		timeout = <timeout in ms before returning>
+		force = <terminate IKE_SA without waiting for proper DELETE, if timeout
+				 is given, waits for a response until it is reached>
+		timeout = <timeout in ms before returning, see below>
 		loglevel = <loglevel to issue "control-log" events for>
 	} => {
 		success = <yes or no>
diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm
index 6524bf76d..b0a7b6285 100644
--- a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm
+++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Transport.pm
@@ -22,12 +22,27 @@ sub send {
 sub receive {
     my $self = shift;
     my $packet_header;
-    my $data;
 
-    $self->{'Socket'}->recv($packet_header, 4);
+    $packet_header = $self->_recv_all(4);
     my $packet_len = unpack('N', $packet_header);
-    $self->{'Socket'}->recv($data, $packet_len);
-	return $data;
+    return $self->_recv_all($packet_len);
+}
+
+sub _recv_all {
+    my ($self, $len) = @_;
+    my $data;
+
+    while ($len)
+    {
+        my $buf;
+        unless (defined $self->{'Socket'}->recv($buf, $len))
+        {
+            die "error reading from socket\n";
+        }
+        $len -= length($buf);
+        $data .= $buf;
+    }
+    return $data;
 }
 
 1;
diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in
index 6d29988db..ff4e07d2d 100644
--- a/src/libcharon/plugins/vici/ruby/Makefile.in
+++ b/src/libcharon/plugins/vici/ruby/Makefile.in
@@ -476,8 +476,8 @@ distclean-generic:
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
 	@echo "it deletes files that may require special tools to rebuild."
-@RUBY_GEMS_INSTALL_FALSE@install-data-local:
 @RUBY_GEMS_INSTALL_FALSE@uninstall-local:
+@RUBY_GEMS_INSTALL_FALSE@install-data-local:
 clean: clean-am
 
 clean-am: clean-generic clean-libtool clean-local mostlyclean-am
diff --git a/src/libcharon/plugins/vici/suites/test_message.c b/src/libcharon/plugins/vici/suites/test_message.c
index 73bba239b..1a4af9005 100644
--- a/src/libcharon/plugins/vici/suites/test_message.c
+++ b/src/libcharon/plugins/vici/suites/test_message.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
diff --git a/src/libcharon/plugins/vici/vici_attribute.c b/src/libcharon/plugins/vici/vici_attribute.c
index ab765fa14..4d174253d 100644
--- a/src/libcharon/plugins/vici/vici_attribute.c
+++ b/src/libcharon/plugins/vici/vici_attribute.c
@@ -249,7 +249,7 @@ static bool have_vips_from_pool(mem_pool_t *pool, linked_list_t *vips)
 	{
 		end = chunk_clone(start);
 
-		/* mem_pool is currenty limited to 2^31 addresses, so 32-bit
+		/* mem_pool is currently limited to 2^31 addresses, so 32-bit
 		 * calculations should be sufficient. */
 		size = untoh32(start.ptr + start.len - sizeof(size));
 		htoun32(end.ptr + end.len - sizeof(size), size + pool->get_size(pool));
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index e0e2955e2..f4e9e33ee 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -112,7 +112,7 @@ struct private_vici_config_t {
 	rwlock_t *lock;
 
 	/**
-	 * Condvar used to snyc running actions
+	 * Condvar used to sync running actions
 	 */
 	rwlock_condvar_t *condvar;
 
@@ -533,7 +533,7 @@ static void log_child_data(child_data_t *data, char *name)
 	DBG2(DBG_CFG, "   proposals = %#P", data->proposals);
 	DBG2(DBG_CFG, "   local_ts = %#R", data->local_ts);
 	DBG2(DBG_CFG, "   remote_ts = %#R", data->remote_ts);
-	DBG2(DBG_CFG, "   hw_offload = %u", has_opt(OPT_HW_OFFLOAD));
+	DBG2(DBG_CFG, "   hw_offload = %N", hw_offload_names, cfg->hw_offload);
 	DBG2(DBG_CFG, "   sha256_96 = %u", has_opt(OPT_SHA256_96));
 }
 
@@ -892,14 +892,6 @@ CALLBACK(parse_opt_ipcomp, bool,
 	return parse_option(out, OPT_IPCOMP, v);
 }
 
-/**
- * Parse OPT_HW_OFFLOAD option
- */
-CALLBACK(parse_opt_hw_offl, bool,
-	child_cfg_option_t *out, chunk_t v)
-{
-	return parse_option(out, OPT_HW_OFFLOAD, v);
-}
 
 /**
  * Parse OPT_SHA256_96 option
@@ -943,6 +935,27 @@ CALLBACK(parse_action, bool,
 	return FALSE;
 }
 
+/**
+ * Parse an hw_offload_t
+ */
+CALLBACK(parse_hw_offload, bool,
+	action_t *out, chunk_t v)
+{
+	enum_map_t map[] = {
+		{ "no",		HW_OFFLOAD_NO	},
+		{ "yes",	HW_OFFLOAD_YES	},
+		{ "auto",	HW_OFFLOAD_AUTO	},
+	};
+	int d;
+
+	if (parse_map(map, countof(map), &d, v))
+	{
+		*out = d;
+		return TRUE;
+	}
+	return FALSE;
+}
+
 /**
  * Parse a uint32_t with the given base
  */
@@ -1578,7 +1591,7 @@ CALLBACK(child_kv, bool,
 		{ "tfc_padding",		parse_tfc,			&child->cfg.tfc						},
 		{ "priority",			parse_uint32,		&child->cfg.priority				},
 		{ "interface",			parse_string,		&child->cfg.interface				},
-		{ "hw_offload",			parse_opt_hw_offl,	&child->cfg.options					},
+		{ "hw_offload",			parse_hw_offload,	&child->cfg.hw_offload				},
 		{ "sha256_96",			parse_opt_sha256_96,&child->cfg.options					},
 	};
 
@@ -1953,41 +1966,6 @@ CALLBACK(peer_sn, bool,
 	return FALSE;
 }
 
-/**
- * Find reqid of an existing CHILD_SA
- */
-static uint32_t find_reqid(child_cfg_t *cfg)
-{
-	enumerator_t *enumerator, *children;
-	child_sa_t *child_sa;
-	ike_sa_t *ike_sa;
-	uint32_t reqid;
-
-	reqid = charon->traps->find_reqid(charon->traps, cfg);
-	if (reqid)
-	{	/* already trapped */
-		return reqid;
-	}
-
-	enumerator = charon->controller->create_ike_sa_enumerator(
-													charon->controller, TRUE);
-	while (!reqid && enumerator->enumerate(enumerator, &ike_sa))
-	{
-		children = ike_sa->create_child_sa_enumerator(ike_sa);
-		while (children->enumerate(children, &child_sa))
-		{
-			if (streq(cfg->get_name(cfg), child_sa->get_name(child_sa)))
-			{
-				reqid = child_sa->get_reqid(child_sa);
-				break;
-			}
-		}
-		children->destroy(children);
-	}
-	enumerator->destroy(enumerator);
-	return reqid;
-}
-
 /**
  * Perform start actions associated with a child config
  */
@@ -2012,8 +1990,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg,
 									peer_cfg->get_name(peer_cfg), child_cfg);
 					break;
 				default:
-					charon->traps->install(charon->traps, peer_cfg, child_cfg,
-										   find_reqid(child_cfg));
+					charon->traps->install(charon->traps, peer_cfg, child_cfg);
 					break;
 			}
 			break;
@@ -2030,7 +2007,6 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
 {
 	enumerator_t *enumerator, *children;
 	child_sa_t *child_sa;
-	peer_cfg_t *peer_cfg;
 	ike_sa_t *ike_sa;
 	uint32_t id = 0, others;
 	array_t *ids = NULL, *ikeids = NULL;
@@ -2053,7 +2029,8 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
 				children = ike_sa->create_child_sa_enumerator(ike_sa);
 				while (children->enumerate(children, &child_sa))
 				{
-					if (child_sa->get_state(child_sa) != CHILD_DELETING)
+					if (child_sa->get_state(child_sa) != CHILD_DELETING &&
+						child_sa->get_state(child_sa) != CHILD_DELETED)
 					{
 						if (streq(name, child_sa->get_name(child_sa)))
 						{
@@ -2106,7 +2083,7 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
 				while (array_remove(ikeids, ARRAY_HEAD, &id))
 				{
 					DBG1(DBG_CFG, "closing IKE_SA #%u", id);
-					charon->controller->terminate_ike(charon->controller,
+					charon->controller->terminate_ike(charon->controller, FALSE,
 													  id, NULL, NULL, 0);
 				}
 				array_destroy(ikeids);
@@ -2121,22 +2098,7 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name,
 					charon->shunts->uninstall(charon->shunts, peer_name, name);
 					break;
 				default:
-					enumerator = charon->traps->create_enumerator(charon->traps);
-					while (enumerator->enumerate(enumerator, &peer_cfg,
-												 &child_sa))
-					{
-						if (streq(peer_name, peer_cfg->get_name(peer_cfg)) &&
-							streq(name, child_sa->get_name(child_sa)))
-						{
-							id = child_sa->get_reqid(child_sa);
-							break;
-						}
-					}
-					enumerator->destroy(enumerator);
-					if (id)
-					{
-						charon->traps->uninstall(charon->traps, id);
-					}
+					charon->traps->uninstall(charon->traps, peer_name, name);
 					break;
 			}
 			break;
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
index afee649f7..ce19608dc 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -225,6 +225,7 @@ CALLBACK(terminate, vici_message_t*,
 	enumerator_t *enumerator, *isas, *csas;
 	char *child, *ike, *errmsg = NULL;
 	u_int child_id, ike_id, current, *del, done = 0;
+	bool force;
 	int timeout;
 	ike_sa_t *ike_sa;
 	child_sa_t *child_sa;
@@ -240,6 +241,7 @@ CALLBACK(terminate, vici_message_t*,
 	ike = request->get_str(request, NULL, "ike");
 	child_id = request->get_int(request, 0, "child-id");
 	ike_id = request->get_int(request, 0, "ike-id");
+	force = request->get_bool(request, FALSE, "force");
 	timeout = request->get_int(request, 0, "timeout");
 	log.level = request->get_int(request, 1, "loglevel");
 
@@ -326,7 +328,7 @@ CALLBACK(terminate, vici_message_t*,
 		}
 		else
 		{
-			if (charon->controller->terminate_ike(charon->controller, *del,
+			if (charon->controller->terminate_ike(charon->controller, *del, force,
 											log_cb, &log, timeout) == SUCCESS)
 			{
 				done++;
@@ -601,41 +603,6 @@ CALLBACK(redirect, vici_message_t*,
 	return builder->finalize(builder);
 }
 
-/**
- * Find reqid of an existing CHILD_SA
- */
-static uint32_t find_reqid(child_cfg_t *cfg)
-{
-	enumerator_t *enumerator, *children;
-	child_sa_t *child_sa;
-	ike_sa_t *ike_sa;
-	uint32_t reqid;
-
-	reqid = charon->traps->find_reqid(charon->traps, cfg);
-	if (reqid)
-	{	/* already trapped */
-		return reqid;
-	}
-
-	enumerator = charon->controller->create_ike_sa_enumerator(
-													charon->controller, TRUE);
-	while (!reqid && enumerator->enumerate(enumerator, &ike_sa))
-	{
-		children = ike_sa->create_child_sa_enumerator(ike_sa);
-		while (children->enumerate(children, &child_sa))
-		{
-			if (streq(cfg->get_name(cfg), child_sa->get_name(child_sa)))
-			{
-				reqid = child_sa->get_reqid(child_sa);
-				break;
-			}
-		}
-		children->destroy(children);
-	}
-	enumerator->destroy(enumerator);
-	return reqid;
-}
-
 CALLBACK(install, vici_message_t*,
 	private_vici_control_t *this, char *name, u_int id, vici_message_t *request)
 {
@@ -666,8 +633,7 @@ CALLBACK(install, vici_message_t*,
 									peer_cfg->get_name(peer_cfg), child_cfg);
 			break;
 		default:
-			ok = charon->traps->install(charon->traps, peer_cfg, child_cfg,
-										find_reqid(child_cfg));
+			ok = charon->traps->install(charon->traps, peer_cfg, child_cfg);
 			break;
 	}
 	peer_cfg->destroy(peer_cfg);
@@ -679,12 +645,7 @@ CALLBACK(install, vici_message_t*,
 CALLBACK(uninstall, vici_message_t*,
 	private_vici_control_t *this, char *name, u_int id, vici_message_t *request)
 {
-	peer_cfg_t *peer_cfg;
-	child_cfg_t *child_cfg;
-	child_sa_t *child_sa;
-	enumerator_t *enumerator;
-	uint32_t reqid = 0;
-	char *child, *ike, *ns;
+	char *child, *ike;
 
 	child = request->get_str(request, NULL, "child");
 	ike = request->get_str(request, NULL, "ike");
@@ -695,53 +656,13 @@ CALLBACK(uninstall, vici_message_t*,
 
 	DBG1(DBG_CFG, "vici uninstall '%s'", child);
 
-	if (!ike)
-	{
-		enumerator = charon->shunts->create_enumerator(charon->shunts);
-		while (enumerator->enumerate(enumerator, &ns, &child_cfg))
-		{
-			if (ns && streq(child, child_cfg->get_name(child_cfg)))
-			{
-				ike = strdup(ns);
-				break;
-			}
-		}
-		enumerator->destroy(enumerator);
-		if (ike)
-		{
-			if (charon->shunts->uninstall(charon->shunts, ike, child))
-			{
-				free(ike);
-				return send_reply(this, NULL);
-			}
-			free(ike);
-			return send_reply(this, "uninstalling policy '%s' failed", child);
-		}
-	}
-	else if (charon->shunts->uninstall(charon->shunts, ike, child))
+	if (charon->shunts->uninstall(charon->shunts, ike, child))
 	{
 		return send_reply(this, NULL);
 	}
-
-	enumerator = charon->traps->create_enumerator(charon->traps);
-	while (enumerator->enumerate(enumerator, &peer_cfg, &child_sa))
+	else if (charon->traps->uninstall(charon->traps, ike, child))
 	{
-		if ((!ike || streq(ike, peer_cfg->get_name(peer_cfg))) &&
-			streq(child, child_sa->get_name(child_sa)))
-		{
-			reqid = child_sa->get_reqid(child_sa);
-			break;
-		}
-	}
-	enumerator->destroy(enumerator);
-
-	if (reqid)
-	{
-		if (charon->traps->uninstall(charon->traps, reqid))
-		{
-			return send_reply(this, NULL);
-		}
-		return send_reply(this, "uninstalling policy '%s' failed", child);
+		return send_reply(this, NULL);
 	}
 	return send_reply(this, "policy '%s' not found", child);
 }
diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c
index 91d344994..13761f59d 100644
--- a/src/libcharon/plugins/vici/vici_message.c
+++ b/src/libcharon/plugins/vici/vici_message.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
diff --git a/src/libcharon/plugins/vici/vici_message.h b/src/libcharon/plugins/vici/vici_message.h
index d47e7a0f9..1e1a2a463 100644
--- a/src/libcharon/plugins/vici/vici_message.h
+++ b/src/libcharon/plugins/vici/vici_message.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
diff --git a/src/libcharon/plugins/xauth_generic/xauth_generic.c b/src/libcharon/plugins/xauth_generic/xauth_generic.c
index e65d1a1fe..66422bab6 100644
--- a/src/libcharon/plugins/xauth_generic/xauth_generic.c
+++ b/src/libcharon/plugins/xauth_generic/xauth_generic.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/xauth_generic/xauth_generic.h b/src/libcharon/plugins/xauth_generic/xauth_generic.h
index 52744d0a6..94aedf108 100644
--- a/src/libcharon/plugins/xauth_generic/xauth_generic.h
+++ b/src/libcharon/plugins/xauth_generic/xauth_generic.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.c b/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.c
index a87084e20..e8303754b 100644
--- a/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.c
+++ b/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.h b/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.h
index 426f806a7..ac1eac3e5 100644
--- a/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.h
+++ b/src/libcharon/plugins/xauth_generic/xauth_generic_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/xauth_noauth/xauth_noauth.c b/src/libcharon/plugins/xauth_noauth/xauth_noauth.c
index 4b8ad8ecd..8d8f2fd5b 100644
--- a/src/libcharon/plugins/xauth_noauth/xauth_noauth.c
+++ b/src/libcharon/plugins/xauth_noauth/xauth_noauth.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/xauth_noauth/xauth_noauth.h b/src/libcharon/plugins/xauth_noauth/xauth_noauth.h
index 2ac358ee0..8719dcfeb 100644
--- a/src/libcharon/plugins/xauth_noauth/xauth_noauth.h
+++ b/src/libcharon/plugins/xauth_noauth/xauth_noauth.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.c b/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.c
index e7ee4dfe3..63c8b6853 100644
--- a/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.c
+++ b/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.h b/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.h
index d174ac29c..123d5a3f8 100644
--- a/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.h
+++ b/src/libcharon/plugins/xauth_noauth/xauth_noauth_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/acquire_job.c b/src/libcharon/processing/jobs/acquire_job.c
index cd4a4ca89..c92c03f8f 100644
--- a/src/libcharon/processing/jobs/acquire_job.c
+++ b/src/libcharon/processing/jobs/acquire_job.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/acquire_job.h b/src/libcharon/processing/jobs/acquire_job.h
index 4d31f0569..d45f72b46 100644
--- a/src/libcharon/processing/jobs/acquire_job.h
+++ b/src/libcharon/processing/jobs/acquire_job.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/adopt_children_job.c b/src/libcharon/processing/jobs/adopt_children_job.c
index ff8e78b6b..998af0d3f 100644
--- a/src/libcharon/processing/jobs/adopt_children_job.c
+++ b/src/libcharon/processing/jobs/adopt_children_job.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2012 Martin Willi
  * Copyright (C) 2012 revosec AG
diff --git a/src/libcharon/processing/jobs/delete_ike_sa_job.c b/src/libcharon/processing/jobs/delete_ike_sa_job.c
index 53a170510..acc439ccd 100644
--- a/src/libcharon/processing/jobs/delete_ike_sa_job.c
+++ b/src/libcharon/processing/jobs/delete_ike_sa_job.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -64,7 +64,7 @@ METHOD(job_t, execute, job_requeue_t,
 		}
 		if (this->delete_if_established)
 		{
-			if (ike_sa->delete(ike_sa) == DESTROY_ME)
+			if (ike_sa->delete(ike_sa, FALSE) == DESTROY_ME)
 			{
 				charon->ike_sa_manager->checkin_and_destroy(
 												charon->ike_sa_manager, ike_sa);
diff --git a/src/libcharon/processing/jobs/delete_ike_sa_job.h b/src/libcharon/processing/jobs/delete_ike_sa_job.h
index ae06b9cfc..d3241f9ff 100644
--- a/src/libcharon/processing/jobs/delete_ike_sa_job.h
+++ b/src/libcharon/processing/jobs/delete_ike_sa_job.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c
index bf16e51b5..7f0b29b6d 100644
--- a/src/libcharon/processing/jobs/inactivity_job.c
+++ b/src/libcharon/processing/jobs/inactivity_job.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -101,7 +101,7 @@ METHOD(job_t, execute, job_requeue_t,
 			{
 				DBG1(DBG_JOB, "deleting IKE_SA after %d seconds "
 					 "of CHILD_SA inactivity", this->timeout);
-				status = ike_sa->delete(ike_sa);
+				status = ike_sa->delete(ike_sa, FALSE);
 			}
 			else
 			{
diff --git a/src/libcharon/processing/jobs/inactivity_job.h b/src/libcharon/processing/jobs/inactivity_job.h
index 240782fa8..814d606f7 100644
--- a/src/libcharon/processing/jobs/inactivity_job.h
+++ b/src/libcharon/processing/jobs/inactivity_job.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/initiate_mediation_job.c b/src/libcharon/processing/jobs/initiate_mediation_job.c
index 1082eae0b..6a72499d3 100644
--- a/src/libcharon/processing/jobs/initiate_mediation_job.c
+++ b/src/libcharon/processing/jobs/initiate_mediation_job.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/initiate_mediation_job.h b/src/libcharon/processing/jobs/initiate_mediation_job.h
index d105de2b9..577bb62e0 100644
--- a/src/libcharon/processing/jobs/initiate_mediation_job.h
+++ b/src/libcharon/processing/jobs/initiate_mediation_job.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/mediation_job.c b/src/libcharon/processing/jobs/mediation_job.c
index 759aad003..d210da5d7 100644
--- a/src/libcharon/processing/jobs/mediation_job.c
+++ b/src/libcharon/processing/jobs/mediation_job.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/mediation_job.h b/src/libcharon/processing/jobs/mediation_job.h
index 6a1475102..c1e72cb08 100644
--- a/src/libcharon/processing/jobs/mediation_job.h
+++ b/src/libcharon/processing/jobs/mediation_job.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/migrate_job.c b/src/libcharon/processing/jobs/migrate_job.c
index 461ba11d1..574d715a7 100644
--- a/src/libcharon/processing/jobs/migrate_job.c
+++ b/src/libcharon/processing/jobs/migrate_job.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/migrate_job.h b/src/libcharon/processing/jobs/migrate_job.h
index 140635bed..bf9146b55 100644
--- a/src/libcharon/processing/jobs/migrate_job.h
+++ b/src/libcharon/processing/jobs/migrate_job.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/process_message_job.c b/src/libcharon/processing/jobs/process_message_job.c
index 31f048db6..c1ff9cb24 100644
--- a/src/libcharon/processing/jobs/process_message_job.c
+++ b/src/libcharon/processing/jobs/process_message_job.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/process_message_job.h b/src/libcharon/processing/jobs/process_message_job.h
index 2c42aa577..6b6bdeb60 100644
--- a/src/libcharon/processing/jobs/process_message_job.h
+++ b/src/libcharon/processing/jobs/process_message_job.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/redirect_job.c b/src/libcharon/processing/jobs/redirect_job.c
index e1af662c9..5bc66b560 100644
--- a/src/libcharon/processing/jobs/redirect_job.c
+++ b/src/libcharon/processing/jobs/redirect_job.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/redirect_job.h b/src/libcharon/processing/jobs/redirect_job.h
index fe4b34ee9..ed44da65e 100644
--- a/src/libcharon/processing/jobs/redirect_job.h
+++ b/src/libcharon/processing/jobs/redirect_job.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.c b/src/libcharon/processing/jobs/rekey_child_sa_job.c
index d76f4f65b..aa21717fa 100644
--- a/src/libcharon/processing/jobs/rekey_child_sa_job.c
+++ b/src/libcharon/processing/jobs/rekey_child_sa_job.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.h b/src/libcharon/processing/jobs/rekey_child_sa_job.h
index 1c9d9b400..0d64260eb 100644
--- a/src/libcharon/processing/jobs/rekey_child_sa_job.h
+++ b/src/libcharon/processing/jobs/rekey_child_sa_job.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/rekey_ike_sa_job.c b/src/libcharon/processing/jobs/rekey_ike_sa_job.c
index 148db2f92..c9ea0be3f 100644
--- a/src/libcharon/processing/jobs/rekey_ike_sa_job.c
+++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/rekey_ike_sa_job.h b/src/libcharon/processing/jobs/rekey_ike_sa_job.h
index 3e3e13d00..c96aa5781 100644
--- a/src/libcharon/processing/jobs/rekey_ike_sa_job.h
+++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/retransmit_job.c b/src/libcharon/processing/jobs/retransmit_job.c
index 4daa41868..c87442e5e 100644
--- a/src/libcharon/processing/jobs/retransmit_job.c
+++ b/src/libcharon/processing/jobs/retransmit_job.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/retransmit_job.h b/src/libcharon/processing/jobs/retransmit_job.h
index 595513cef..018e86805 100644
--- a/src/libcharon/processing/jobs/retransmit_job.h
+++ b/src/libcharon/processing/jobs/retransmit_job.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/retry_initiate_job.c b/src/libcharon/processing/jobs/retry_initiate_job.c
index 1cdc3058a..4715cf0a1 100644
--- a/src/libcharon/processing/jobs/retry_initiate_job.c
+++ b/src/libcharon/processing/jobs/retry_initiate_job.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/retry_initiate_job.h b/src/libcharon/processing/jobs/retry_initiate_job.h
index 29f79f23b..711746096 100644
--- a/src/libcharon/processing/jobs/retry_initiate_job.h
+++ b/src/libcharon/processing/jobs/retry_initiate_job.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/roam_job.c b/src/libcharon/processing/jobs/roam_job.c
index 0af4c6c39..27fb618df 100644
--- a/src/libcharon/processing/jobs/roam_job.c
+++ b/src/libcharon/processing/jobs/roam_job.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/roam_job.h b/src/libcharon/processing/jobs/roam_job.h
index acfb8bed8..6468557dc 100644
--- a/src/libcharon/processing/jobs/roam_job.h
+++ b/src/libcharon/processing/jobs/roam_job.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/send_dpd_job.c b/src/libcharon/processing/jobs/send_dpd_job.c
index d2f38b803..be9569f25 100644
--- a/src/libcharon/processing/jobs/send_dpd_job.c
+++ b/src/libcharon/processing/jobs/send_dpd_job.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/send_dpd_job.h b/src/libcharon/processing/jobs/send_dpd_job.h
index bd2728b9a..14c5380da 100644
--- a/src/libcharon/processing/jobs/send_dpd_job.h
+++ b/src/libcharon/processing/jobs/send_dpd_job.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/send_keepalive_job.c b/src/libcharon/processing/jobs/send_keepalive_job.c
index e06eae3d3..8a2e917b6 100644
--- a/src/libcharon/processing/jobs/send_keepalive_job.c
+++ b/src/libcharon/processing/jobs/send_keepalive_job.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/send_keepalive_job.h b/src/libcharon/processing/jobs/send_keepalive_job.h
index acf6d11aa..c88d981ba 100644
--- a/src/libcharon/processing/jobs/send_keepalive_job.h
+++ b/src/libcharon/processing/jobs/send_keepalive_job.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/start_action_job.c b/src/libcharon/processing/jobs/start_action_job.c
index 654ec6abe..3a0ed879f 100644
--- a/src/libcharon/processing/jobs/start_action_job.c
+++ b/src/libcharon/processing/jobs/start_action_job.c
@@ -75,7 +75,7 @@ METHOD(job_t, execute, job_requeue_t,
 					else
 					{
 						charon->traps->install(charon->traps, peer_cfg,
-											   child_cfg, 0);
+											   child_cfg);
 					}
 					break;
 				case ACTION_NONE:
diff --git a/src/libcharon/processing/jobs/update_sa_job.c b/src/libcharon/processing/jobs/update_sa_job.c
index 3360b7dc5..dfb85f690 100644
--- a/src/libcharon/processing/jobs/update_sa_job.c
+++ b/src/libcharon/processing/jobs/update_sa_job.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/processing/jobs/update_sa_job.h b/src/libcharon/processing/jobs/update_sa_job.h
index 17beb68b6..fbb36f13c 100644
--- a/src/libcharon/processing/jobs/update_sa_job.h
+++ b/src/libcharon/processing/jobs/update_sa_job.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/authenticator.c b/src/libcharon/sa/authenticator.c
index 6c3681a2d..b77c19d00 100644
--- a/src/libcharon/sa/authenticator.c
+++ b/src/libcharon/sa/authenticator.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2006-2009 Martin Willi
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/authenticator.h b/src/libcharon/sa/authenticator.h
index 97c042e71..42d9ce32e 100644
--- a/src/libcharon/sa/authenticator.h
+++ b/src/libcharon/sa/authenticator.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2008 Tobias Brunner
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index a01ee9e4d..7eeb578f3 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -37,6 +37,7 @@ ENUM(child_sa_state_names, CHILD_CREATED, CHILD_DESTROYING,
 	"REKEYED",
 	"RETRYING",
 	"DELETING",
+	"DELETED",
 	"DESTROYING",
 );
 
@@ -888,7 +889,7 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr,
 		.ipcomp = this->ipcomp,
 		.cpi = cpi,
 		.encap = this->encap,
-		.hw_offload = this->config->has_option(this->config, OPT_HW_OFFLOAD),
+		.hw_offload = this->config->get_hw_offload(this->config),
 		.esn = esn,
 		.initiator = initiator,
 		.inbound = inbound,
@@ -1060,16 +1061,17 @@ static status_t install_policies_internal(private_child_sa_t *this,
 	host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts,
 	traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa,
 	ipsec_sa_cfg_t *other_sa, policy_type_t type,
-	policy_priority_t priority,	uint32_t manual_prio)
+	policy_priority_t priority,	uint32_t manual_prio, bool outbound)
 {
 	status_t status = SUCCESS;
 
 	status |= install_policies_inbound(this, my_addr, other_addr, my_ts,
-									   other_ts, my_sa, other_sa, type,
-									   priority, manual_prio);
-	status |= install_policies_outbound(this, my_addr, other_addr, my_ts,
-										other_ts, my_sa, other_sa, type,
-										priority, manual_prio);
+						other_ts, my_sa, other_sa, type, priority, manual_prio);
+	if (outbound)
+	{
+		status |= install_policies_outbound(this, my_addr, other_addr, my_ts,
+						other_ts, my_sa, other_sa, type, priority, manual_prio);
+	}
 	return status;
 }
 
@@ -1153,12 +1155,15 @@ static void del_policies_internal(private_child_sa_t *this,
 	host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts,
 	traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa,
 	ipsec_sa_cfg_t *other_sa, policy_type_t type,
-	policy_priority_t priority, uint32_t manual_prio)
+	policy_priority_t priority, uint32_t manual_prio, bool outbound)
 {
-	del_policies_outbound(this, my_addr, other_addr, my_ts, other_ts, my_sa,
-						 other_sa, type, priority, manual_prio);
+	if (outbound)
+	{
+		del_policies_outbound(this, my_addr, other_addr, my_ts, other_ts, my_sa,
+						other_sa, type, priority, manual_prio);
+	}
 	del_policies_inbound(this, my_addr, other_addr, my_ts, other_ts, my_sa,
-						 other_sa, type, priority, manual_prio);
+						other_sa, type, priority, manual_prio);
 }
 
 METHOD(child_sa_t, set_policies, void,
@@ -1249,18 +1254,10 @@ METHOD(child_sa_t, install_policies, status_t,
 		enumerator = create_policy_enumerator(this);
 		while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
 		{
-			status |= install_policies_inbound(this, this->my_addr,
-									this->other_addr, my_ts, other_ts,
-									&my_sa, &other_sa, POLICY_IPSEC,
-									priority, manual_prio);
-
-			if (install_outbound)
-			{
-				status |= install_policies_outbound(this, this->my_addr,
+			status |= install_policies_internal(this, this->my_addr,
 									this->other_addr, my_ts, other_ts,
-									&my_sa, &other_sa, POLICY_IPSEC,
-									priority, manual_prio);
-			}
+									&my_sa, &other_sa, POLICY_IPSEC, priority,
+									manual_prio, install_outbound);
 			if (status != SUCCESS)
 			{
 				break;
@@ -1463,7 +1460,7 @@ static status_t update_sas(private_child_sa_t *this, host_t *me, host_t *other,
 	}
 
 	/* update his (responder) SA */
-	if (this->other_spi)
+	if (this->other_spi && (this->outbound_state & CHILD_OUTBOUND_SA))
 	{
 		kernel_ipsec_sa_id_t id = {
 			.src = this->my_addr,
@@ -1517,22 +1514,26 @@ METHOD(child_sa_t, update, status_t,
 		traffic_selector_t *my_ts, *other_ts;
 		uint32_t manual_prio;
 		status_t state;
+		bool outbound;
 
 		prepare_sa_cfg(this, &my_sa, &other_sa);
 		manual_prio = this->config->get_manual_prio(this->config);
+		outbound = (this->outbound_state & CHILD_OUTBOUND_POLICIES);
 
 		enumerator = create_policy_enumerator(this);
 		while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
 		{
 			/* install drop policy to avoid traffic leaks, acquires etc. */
-			install_policies_outbound(this, this->my_addr, this->other_addr,
-						my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP,
-						POLICY_PRIORITY_DEFAULT, manual_prio);
-
+			if (outbound)
+			{
+				install_policies_outbound(this, this->my_addr, this->other_addr,
+							my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP,
+							POLICY_PRIORITY_DEFAULT, manual_prio);
+			}
 			/* remove old policies */
 			del_policies_internal(this, this->my_addr, this->other_addr,
 						my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC,
-						POLICY_PRIORITY_DEFAULT, manual_prio);
+						POLICY_PRIORITY_DEFAULT, manual_prio, outbound);
 		}
 		enumerator->destroy(enumerator);
 
@@ -1548,8 +1549,8 @@ METHOD(child_sa_t, update, status_t,
 			if (state == NOT_SUPPORTED)
 			{
 				install_policies_internal(this, this->my_addr, this->other_addr,
-						my_ts, other_ts, &my_sa, &other_sa,
-						POLICY_IPSEC, POLICY_PRIORITY_DEFAULT, manual_prio);
+						my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC,
+						POLICY_PRIORITY_DEFAULT, manual_prio, outbound);
 			}
 			else
 			{
@@ -1573,15 +1574,17 @@ METHOD(child_sa_t, update, status_t,
 
 				/* reinstall updated policies */
 				install_policies_internal(this, me, other, my_ts, other_ts,
-										  &my_sa, &other_sa, POLICY_IPSEC,
-										  POLICY_PRIORITY_DEFAULT, manual_prio);
+						&my_sa, &other_sa, POLICY_IPSEC,
+						POLICY_PRIORITY_DEFAULT, manual_prio, outbound);
 			}
 			/* remove the drop policy */
-			del_policies_outbound(this, this->my_addr, this->other_addr,
-								  old_my_ts ?: my_ts,
-								  old_other_ts ?: other_ts,
-								  &my_sa, &other_sa, POLICY_DROP,
-								  POLICY_PRIORITY_DEFAULT, 0);
+			if (outbound)
+			{
+				del_policies_outbound(this, this->my_addr, this->other_addr,
+						old_my_ts ?: my_ts, old_other_ts ?: other_ts,
+						&my_sa, &other_sa, POLICY_DROP,
+						POLICY_PRIORITY_DEFAULT, 0);
+			}
 
 			DESTROY_IF(old_my_ts);
 			DESTROY_IF(old_other_ts);
@@ -1651,16 +1654,9 @@ METHOD(child_sa_t, destroy, void,
 		enumerator = create_policy_enumerator(this);
 		while (enumerator->enumerate(enumerator, &my_ts, &other_ts))
 		{
-			if (del_outbound)
-			{
-				del_policies_outbound(this, this->my_addr,
-									  this->other_addr, my_ts, other_ts,
-									  &my_sa, &other_sa, POLICY_IPSEC,
-									  priority, manual_prio);
-			}
-			del_policies_inbound(this, this->my_addr, this->other_addr,
-								 my_ts, other_ts, &my_sa, &other_sa,
-								 POLICY_IPSEC, priority, manual_prio);
+			del_policies_internal(this, this->my_addr,
+						this->other_addr, my_ts, other_ts, &my_sa, &other_sa,
+						POLICY_IPSEC, priority, manual_prio, del_outbound);
 		}
 		enumerator->destroy(enumerator);
 	}
@@ -1754,7 +1750,7 @@ static host_t* get_proxy_addr(child_cfg_t *config, host_t *ike, bool local)
  * Described in header.
  */
 child_sa_t * child_sa_create(host_t *me, host_t* other,
-							 child_cfg_t *config, uint32_t rekey, bool encap,
+							 child_cfg_t *config, uint32_t reqid, bool encap,
 							 u_int mark_in, u_int mark_out)
 {
 	private_child_sa_t *this;
@@ -1865,21 +1861,15 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
 
 	if (!this->reqid)
 	{
-		/* reuse old reqid if we are rekeying an existing CHILD_SA. While the
-		 * reqid cache would find the same reqid for our selectors, this does
-		 * not work in a special case: If an SA is triggered by a trap policy,
-		 * but the negotiated SA gets narrowed, we still must reuse the same
-		 * reqid to successfully "trigger" the SA on the kernel level. Rekeying
-		 * such an SA requires an explicit reqid, as the cache currently knows
-		 * the original selectors only for that reqid. */
-		if (rekey)
-		{
-			this->reqid = rekey;
-		}
-		else
-		{
-			this->reqid = charon->traps->find_reqid(charon->traps, config);
-		}
+		/* reuse old reqid if we are rekeying an existing CHILD_SA and when
+		 * initiating a trap policy. While the reqid cache would find the same
+		 * reqid for our selectors, this does not work in a special case: If an
+		 * SA is triggered by a trap policy, but the negotiated TS get
+		 * narrowed, we still must reuse the same reqid to successfully
+		 * replace the temporary SA on the kernel level. Rekeying such an SA
+		 * requires an explicit reqid, as the cache currently knows the original
+		 * selectors only for that reqid. */
+		this->reqid = reqid;
 	}
 	else
 	{
diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h
index 49175ca01..183033f46 100644
--- a/src/libcharon/sa/child_sa.h
+++ b/src/libcharon/sa/child_sa.h
@@ -83,6 +83,11 @@ enum child_sa_state_t {
 	 */
 	CHILD_DELETING,
 
+	/**
+	 * CHILD_SA has been deleted, but not yet destroyed
+	 */
+	CHILD_DELETED,
+
 	/**
 	 * CHILD_SA object gets destroyed
 	 */
diff --git a/src/libcharon/sa/eap/eap_manager.c b/src/libcharon/sa/eap/eap_manager.c
index b2a57ccfb..2a9e0d06d 100644
--- a/src/libcharon/sa/eap/eap_manager.c
+++ b/src/libcharon/sa/eap/eap_manager.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/eap/eap_manager.h b/src/libcharon/sa/eap/eap_manager.h
index 391c906e9..73aa76329 100644
--- a/src/libcharon/sa/eap/eap_manager.h
+++ b/src/libcharon/sa/eap/eap_manager.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/eap/eap_method.c b/src/libcharon/sa/eap/eap_method.c
index 9ce6ecf00..0a3c454e1 100644
--- a/src/libcharon/sa/eap/eap_method.c
+++ b/src/libcharon/sa/eap/eap_method.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/eap/eap_method.h b/src/libcharon/sa/eap/eap_method.h
index 840779727..34041e347 100644
--- a/src/libcharon/sa/eap/eap_method.h
+++ b/src/libcharon/sa/eap/eap_method.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index e1f4ec95a..f39fed6f0 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2017 Tobias Brunner
+ * Copyright (C) 2006-2018 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -1053,17 +1053,19 @@ METHOD(ike_sa_t, has_mapping_changed, bool,
 METHOD(ike_sa_t, float_ports, void,
 	   private_ike_sa_t *this)
 {
-	/* do not switch if we have a custom port from MOBIKE/NAT */
+	/* even if the remote port is not 500 (e.g. because the response was natted)
+	 * we switch the remote port if we used port 500 */
+	if (this->other_host->get_port(this->other_host) == IKEV2_UDP_PORT ||
+		this->my_host->get_port(this->my_host) == IKEV2_UDP_PORT)
+	{
+		this->other_host->set_port(this->other_host, IKEV2_NATT_PORT);
+	}
 	if (this->my_host->get_port(this->my_host) ==
 			charon->socket->get_port(charon->socket, FALSE))
 	{
 		this->my_host->set_port(this->my_host,
 								charon->socket->get_port(charon->socket, TRUE));
 	}
-	if (this->other_host->get_port(this->other_host) == IKEV2_UDP_PORT)
-	{
-		this->other_host->set_port(this->other_host, IKEV2_NATT_PORT);
-	}
 }
 
 METHOD(ike_sa_t, update_hosts, void,
@@ -1791,8 +1793,10 @@ METHOD(ike_sa_t, destroy_child_sa, status_t,
 }
 
 METHOD(ike_sa_t, delete_, status_t,
-	private_ike_sa_t *this)
+	private_ike_sa_t *this, bool force)
 {
+	status_t status = DESTROY_ME;
+
 	switch (this->state)
 	{
 		case IKE_ESTABLISHED:
@@ -1804,19 +1808,38 @@ METHOD(ike_sa_t, delete_, status_t,
 				charon->bus->alert(charon->bus, ALERT_IKE_SA_EXPIRED);
 			}
 			this->task_manager->queue_ike_delete(this->task_manager);
-			return this->task_manager->initiate(this->task_manager);
+			status = this->task_manager->initiate(this->task_manager);
+			break;
 		case IKE_CREATED:
 			DBG1(DBG_IKE, "deleting unestablished IKE_SA");
 			break;
 		case IKE_PASSIVE:
 			break;
 		default:
-			DBG1(DBG_IKE, "destroying IKE_SA in state %N "
-				"without notification", ike_sa_state_names, this->state);
-			charon->bus->ike_updown(charon->bus, &this->public, FALSE);
+			DBG1(DBG_IKE, "destroying IKE_SA in state %N without notification",
+				 ike_sa_state_names, this->state);
+			force = TRUE;
 			break;
 	}
-	return DESTROY_ME;
+
+	if (force)
+	{
+		status = DESTROY_ME;
+
+		if (this->version == IKEV2)
+		{	/* for IKEv1 we trigger this in the ISAKMP delete task */
+			switch (this->state)
+			{
+				case IKE_ESTABLISHED:
+				case IKE_REKEYING:
+				case IKE_DELETING:
+					charon->bus->ike_updown(charon->bus, &this->public, FALSE);
+				default:
+					break;
+			}
+		}
+	}
+	return status;
 }
 
 METHOD(ike_sa_t, rekey, status_t,
@@ -1926,23 +1949,18 @@ static status_t reestablish_children(private_ike_sa_t *this, ike_sa_t *new,
 	enumerator = create_child_sa_enumerator(this);
 	while (enumerator->enumerate(enumerator, (void**)&child_sa))
 	{
+		switch (child_sa->get_state(child_sa))
+		{
+			case CHILD_REKEYED:
+			case CHILD_DELETED:
+				/* ignore CHILD_SAs in these states */
+				continue;
+			default:
+				break;
+		}
 		if (force)
 		{
-			switch (child_sa->get_state(child_sa))
-			{
-				case CHILD_ROUTED:
-				{	/* move routed child directly */
-					remove_child_sa(this, enumerator);
-					new->add_child_sa(new, child_sa);
-					action = ACTION_NONE;
-					break;
-				}
-				default:
-				{	/* initiate/queue all other CHILD_SAs */
-					action = ACTION_RESTART;
-					break;
-				}
-			}
+			action = ACTION_RESTART;
 		}
 		else
 		{	/* only restart CHILD_SAs that are configured accordingly */
@@ -2020,6 +2038,15 @@ METHOD(ike_sa_t, reestablish, status_t,
 		enumerator = array_create_enumerator(this->child_sas);
 		while (enumerator->enumerate(enumerator, (void**)&child_sa))
 		{
+			switch (child_sa->get_state(child_sa))
+			{
+				case CHILD_REKEYED:
+				case CHILD_DELETED:
+					/* ignore CHILD_SAs in these states */
+					continue;
+				default:
+					break;
+			}
 			if (this->state == IKE_DELETING)
 			{
 				action = child_sa->get_close_action(child_sa);
@@ -2035,8 +2062,7 @@ METHOD(ike_sa_t, reestablish, status_t,
 					break;
 				case ACTION_ROUTE:
 					charon->traps->install(charon->traps, this->peer_cfg,
-										   child_sa->get_config(child_sa),
-										   child_sa->get_reqid(child_sa));
+										   child_sa->get_config(child_sa));
 					break;
 				default:
 					break;
@@ -2348,6 +2374,31 @@ METHOD(ike_sa_t, retransmit, status_t,
 					return this->task_manager->initiate(this->task_manager);
 				}
 				DBG1(DBG_IKE, "establishing IKE_SA failed, peer not responding");
+
+				if (this->version == IKEV1 && array_count(this->child_sas))
+				{
+					enumerator_t *enumerator;
+					child_sa_t *child_sa;
+
+					/* if reauthenticating an IKEv1 SA failed (assumed for an SA
+					 * in this state with CHILD_SAs), try again from scratch */
+					DBG1(DBG_IKE, "reauthentication failed, trying to "
+						 "reestablish IKE_SA");
+					reestablish(this);
+					/* trigger down events for the CHILD_SAs, as no down event
+					 * is triggered below for IKE SAs in this state */
+					enumerator = array_create_enumerator(this->child_sas);
+					while (enumerator->enumerate(enumerator, &child_sa))
+					{
+						if (child_sa->get_state(child_sa) != CHILD_REKEYED &&
+							child_sa->get_state(child_sa) != CHILD_DELETED)
+						{
+							charon->bus->child_updown(charon->bus, child_sa,
+													  FALSE);
+						}
+					}
+					enumerator->destroy(enumerator);
+				}
 				break;
 			}
 			case IKE_DELETING:
@@ -2552,10 +2603,15 @@ METHOD(ike_sa_t, roam, status_t,
 		 * without config assigned */
 		return SUCCESS;
 	}
+	if (this->version == IKEV1)
+	{	/* ignore roam events for IKEv1 where we don't have MOBIKE and would
+		 * have to reestablish from scratch (reauth is not enough) */
+		return SUCCESS;
+	}
 
 	/* ignore roam events if MOBIKE is not supported/enabled and the local
 	 * address is statically configured */
-	if (this->version == IKEV2 && !supports_extension(this, EXT_MOBIKE) &&
+	if (!supports_extension(this, EXT_MOBIKE) &&
 		ike_cfg_has_address(this->ike_cfg, this->my_host, TRUE))
 	{
 		DBG2(DBG_IKE, "keeping statically configured path %H - %H",
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index b4fbc56d7..316b713ee 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2017 Tobias Brunner
+ * Copyright (C) 2006-2018 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -776,15 +776,18 @@ struct ike_sa_t {
 	 *
 	 * Sends a delete message to the remote peer and waits for
 	 * its response. If the response comes in, or a timeout occurs,
-	 * the IKE SA gets deleted.
+	 * the IKE SA gets destroyed, unless force is TRUE then the IKE_SA is
+	 * destroyed immediately without waiting for a response.
 	 *
+	 * @param force			whether to immediately destroy the IKE_SA afterwards
+	 *						without waiting for a response
 	 * @return
 	 *						- SUCCESS if deletion is initialized
-	 *						- DESTROY_ME, if the IKE_SA is not in
-	 *						  an established state and can not be
-	 *						  deleted (but destroyed).
+	 *						- DESTROY_ME, if destroying is forced, or the IKE_SA
+	 *						  is not in an established state and can not be
+	 *						  deleted (but destroyed)
 	 */
-	status_t (*delete) (ike_sa_t *this);
+	status_t (*delete) (ike_sa_t *this, bool force);
 
 	/**
 	 * Update IKE_SAs after network interfaces have changed.
diff --git a/src/libcharon/sa/ike_sa_id.c b/src/libcharon/sa/ike_sa_id.c
index b4e66ed73..515b3cfd3 100644
--- a/src/libcharon/sa/ike_sa_id.c
+++ b/src/libcharon/sa/ike_sa_id.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ike_sa_id.h b/src/libcharon/sa/ike_sa_id.h
index b3a9ef61f..266b62380 100644
--- a/src/libcharon/sa/ike_sa_id.h
+++ b/src/libcharon/sa/ike_sa_id.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 101d98678..2a499db40 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -2021,7 +2021,7 @@ static status_t enforce_replace(private_ike_sa_manager_t *this,
 	}
 	DBG1(DBG_IKE, "deleting duplicate IKE_SA for peer '%Y' due to "
 		 "uniqueness policy", other);
-	return duplicate->delete(duplicate);
+	return duplicate->delete(duplicate, FALSE);
 }
 
 METHOD(ike_sa_manager_t, check_uniqueness, bool,
@@ -2266,20 +2266,7 @@ METHOD(ike_sa_manager_t, flush, void,
 	while (enumerator->enumerate(enumerator, &entry, &segment))
 	{
 		charon->bus->set_sa(charon->bus, entry->ike_sa);
-		if (entry->ike_sa->get_version(entry->ike_sa) == IKEV2)
-		{	/* as the delete never gets processed, fire down events */
-			switch (entry->ike_sa->get_state(entry->ike_sa))
-			{
-				case IKE_ESTABLISHED:
-				case IKE_REKEYING:
-				case IKE_DELETING:
-					charon->bus->ike_updown(charon->bus, entry->ike_sa, FALSE);
-					break;
-				default:
-					break;
-			}
-		}
-		entry->ike_sa->delete(entry->ike_sa);
+		entry->ike_sa->delete(entry->ike_sa, TRUE);
 	}
 	enumerator->destroy(enumerator);
 
diff --git a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c
index 41be15a08..9e5833efc 100644
--- a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c
+++ b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c
@@ -18,6 +18,7 @@
 #include <daemon.h>
 #include <sa/ikev1/keymat_v1.h>
 #include <encoding/payloads/hash_payload.h>
+#include <credentials/certificates/x509.h>
 
 typedef struct private_pubkey_v1_authenticator_t private_pubkey_v1_authenticator_t;
 
@@ -130,6 +131,29 @@ METHOD(authenticator_t, build, status_t,
 	return status;
 }
 
+/**
+ * Check if the end-entity certificate, if any, is compliant with RFC 4945
+ */
+static bool is_compliant_cert(auth_cfg_t *auth)
+{
+	certificate_t *cert;
+	x509_t *x509;
+
+	cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
+	if (!cert || cert->get_type(cert) != CERT_X509)
+	{
+		return TRUE;
+	}
+	x509 = (x509_t*)cert;
+	if (x509->get_flags(x509) & X509_IKE_COMPLIANT)
+	{
+		return TRUE;
+	}
+	DBG1(DBG_IKE, "rejecting certificate without digitalSignature or "
+		 "nonRepudiation keyUsage flags");
+	return FALSE;
+}
+
 METHOD(authenticator_t, process, status_t,
 	private_pubkey_v1_authenticator_t *this, message_t *message)
 {
@@ -176,7 +200,8 @@ METHOD(authenticator_t, process, status_t,
 														id, auth, TRUE);
 	while (enumerator->enumerate(enumerator, &public, &current_auth))
 	{
-		if (public->verify(public, scheme, NULL, hash, sig))
+		if (public->verify(public, scheme, NULL, hash, sig) &&
+			is_compliant_cert(current_auth))
 		{
 			DBG1(DBG_IKE, "authentication of '%Y' with %N successful",
 				 id, signature_scheme_names, scheme);
diff --git a/src/libcharon/sa/ikev1/iv_manager.c b/src/libcharon/sa/ikev1/iv_manager.c
index 2a6e5c04f..c48a0deb1 100644
--- a/src/libcharon/sa/ikev1/iv_manager.c
+++ b/src/libcharon/sa/ikev1/iv_manager.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2016 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev1/iv_manager.h b/src/libcharon/sa/ikev1/iv_manager.h
index c5273fed9..cae4f3508 100644
--- a/src/libcharon/sa/ikev1/iv_manager.h
+++ b/src/libcharon/sa/ikev1/iv_manager.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2016 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c
index 673a7a131..1de05b4ec 100644
--- a/src/libcharon/sa/ikev1/keymat_v1.c
+++ b/src/libcharon/sa/ikev1/keymat_v1.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev1/keymat_v1.h b/src/libcharon/sa/ikev1/keymat_v1.h
index ada5bdb04..269816a59 100644
--- a/src/libcharon/sa/ikev1/keymat_v1.h
+++ b/src/libcharon/sa/ikev1/keymat_v1.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index 9b5f676a3..82d647a6c 100644
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2012 Martin Willi
  * Copyright (C) 2012 revosec AG
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c
index df0293d4f..e4379cabf 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2011 Martin Willi
  * Copyright (C) 2011 revosec AG
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
index d17948cd0..81e63740e 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2006-2011 Tobias Brunner,
  * Copyright (C) 2006-2007 Martin Willi
  * Copyright (C) 2006 Daniel Roethlisberger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.h b/src/libcharon/sa/ikev1/tasks/isakmp_natd.h
index 63947fc73..aec8f85bf 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.h
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index dc86fc504..6a296f221 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2013 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 4c16adba3..1f764e547 100644
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2011 Martin Willi
  * Copyright (C) 2011 revosec AG
diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.c b/src/libcharon/sa/ikev1/tasks/quick_delete.c
index 66ef50811..0191a45a8 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_delete.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_delete.c
@@ -135,6 +135,7 @@ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol,
 	my_ts->destroy(my_ts);
 	other_ts->destroy(other_ts);
 
+	child_sa->set_state(child_sa, CHILD_DELETED);
 	if (!rekeyed)
 	{
 		charon->bus->child_updown(charon->bus, child_sa, FALSE);
@@ -154,7 +155,7 @@ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol,
 				case ACTION_ROUTE:
 					charon->traps->install(charon->traps,
 									this->ike_sa->get_peer_cfg(this->ike_sa),
-									child_cfg, child_sa->get_reqid(child_sa));
+									child_cfg);
 					break;
 				default:
 					break;
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index 77592e59a..5e5b61e7f 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2011 Martin Willi
  * Copyright (C) 2011 revosec AG
@@ -1005,14 +1005,25 @@ static bool has_notify_errors(private_quick_mode_t *this, message_t *message)
 /**
  * Check if this is a rekey for an existing CHILD_SA, reuse reqid if so
  */
-static void check_for_rekeyed_child(private_quick_mode_t *this)
+static void check_for_rekeyed_child(private_quick_mode_t *this, bool responder)
 {
 	enumerator_t *enumerator, *policies;
-	traffic_selector_t *local, *remote;
+	traffic_selector_t *local, *remote, *my_ts, *other_ts;
 	child_sa_t *child_sa;
 	proposal_t *proposal;
 	char *name;
 
+	if (responder)
+	{
+		my_ts = this->tsr;
+		other_ts = this->tsi;
+	}
+	else
+	{
+		my_ts = this->tsi;
+		other_ts = this->tsr;
+	}
+
 	name = this->config->get_name(this->config);
 	enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
 	while (this->reqid == 0 && enumerator->enumerate(enumerator, &child_sa))
@@ -1026,8 +1037,8 @@ static void check_for_rekeyed_child(private_quick_mode_t *this)
 				case CHILD_REKEYING:
 					policies = child_sa->create_policy_enumerator(child_sa);
 					if (policies->enumerate(policies, &local, &remote) &&
-						local->equals(local, this->tsr) &&
-						remote->equals(remote, this->tsi) &&
+						local->equals(local, my_ts) &&
+						remote->equals(remote, other_ts) &&
 						this->proposal->equals(this->proposal, proposal))
 					{
 						this->reqid = child_sa->get_reqid(child_sa);
@@ -1165,7 +1176,7 @@ METHOD(task_t, process_r, status_t,
 				}
 			}
 
-			check_for_rekeyed_child(this);
+			check_for_rekeyed_child(this, TRUE);
 
 			this->child_sa = child_sa_create(
 									this->ike_sa->get_my_host(this->ike_sa),
@@ -1366,6 +1377,7 @@ METHOD(task_t, process_i, status_t,
 			{
 				return send_notify(this, INVALID_PAYLOAD_TYPE);
 			}
+			check_for_rekeyed_child(this, FALSE);
 			if (!install(this))
 			{
 				return send_notify(this, NO_PROPOSAL_CHOSEN);
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.h b/src/libcharon/sa/ikev1/tasks/quick_mode.h
index fe684568a..0d4c5b47c 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.h
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2011 Martin Willi
  * Copyright (C) 2011 revosec AG
diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
index 3ab59fada..bcf262725 100644
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.h b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.h
index d81ebd562..859a21431 100644
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.h
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
index 535581068..c1decb130 100644
--- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.h b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.h
index 91c534145..7ae86b664 100644
--- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.h
+++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 65baf8771..652b837fe 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * HSR Hochschule fuer Technik Rapperswil
@@ -23,6 +23,7 @@
 #include <asn1/asn1.h>
 #include <asn1/oid.h>
 #include <collections/array.h>
+#include <credentials/certificates/x509.h>
 
 typedef struct private_pubkey_authenticator_t private_pubkey_authenticator_t;
 
@@ -164,7 +165,7 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
 			signature_scheme_t schemes[] = {
 				SIGN_RSA_EMSA_PKCS1_SHA2_384,
 				SIGN_RSA_EMSA_PKCS1_SHA2_256,
-			}, contained;
+			};
 			bool found;
 			int i, j;
 
@@ -174,8 +175,8 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
 				found = FALSE;
 				for (j = 0; j < array_count(selected); j++)
 				{
-					array_get(selected, j, &contained);
-					if (scheme == contained)
+					array_get(selected, j, &config);
+					if (scheme == config->scheme)
 					{
 						found = TRUE;
 						break;
@@ -414,6 +415,29 @@ METHOD(authenticator_t, build, status_t,
 	return status;
 }
 
+/**
+ * Check if the end-entity certificate, if any, is compliant with RFC 4945
+ */
+static bool is_compliant_cert(auth_cfg_t *auth)
+{
+	certificate_t *cert;
+	x509_t *x509;
+
+	cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
+	if (!cert || cert->get_type(cert) != CERT_X509)
+	{
+		return TRUE;
+	}
+	x509 = (x509_t*)cert;
+	if (x509->get_flags(x509) & X509_IKE_COMPLIANT)
+	{
+		return TRUE;
+	}
+	DBG1(DBG_IKE, "rejecting certificate without digitalSignature or "
+		 "nonRepudiation keyUsage flags");
+	return FALSE;
+}
+
 METHOD(authenticator_t, process, status_t,
 	private_pubkey_authenticator_t *this, message_t *message)
 {
@@ -479,7 +503,8 @@ METHOD(authenticator_t, process, status_t,
 	while (enumerator->enumerate(enumerator, &public, &current_auth))
 	{
 		if (public->verify(public, params->scheme, params->params, octets,
-						   auth_data))
+						   auth_data) &&
+			is_compliant_cert(current_auth))
 		{
 			if (auth_method != AUTH_DS)
 			{
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.h b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.h
index 82bfea23b..c98e97eb9 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.h
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
  * Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/connect_manager.c b/src/libcharon/sa/ikev2/connect_manager.c
index 35856788c..ba602fc4a 100644
--- a/src/libcharon/sa/ikev2/connect_manager.c
+++ b/src/libcharon/sa/ikev2/connect_manager.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/connect_manager.h b/src/libcharon/sa/ikev2/connect_manager.h
index e667e1f70..bac261b35 100644
--- a/src/libcharon/sa/ikev2/connect_manager.h
+++ b/src/libcharon/sa/ikev2/connect_manager.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index 0c41c68d0..f8b23b66e 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -303,8 +303,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
 	chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
 	pseudo_random_function_t rekey_function, chunk_t rekey_skd)
 {
-	chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
-	chunk_t spi_i, spi_r;
+	chunk_t skeyseed = chunk_empty, key, secret, full_nonce, fixed_nonce;
+	chunk_t prf_plus_seed, spi_i, spi_r;
 	prf_plus_t *prf_plus = NULL;
 	uint16_t alg, key_size, int_alg;
 	prf_t *rekey_prf = NULL;
diff --git a/src/libcharon/sa/ikev2/keymat_v2.h b/src/libcharon/sa/ikev2/keymat_v2.h
index 084ed40f0..5dc9cda38 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.h
+++ b/src/libcharon/sa/ikev2/keymat_v2.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/mediation_manager.c b/src/libcharon/sa/ikev2/mediation_manager.c
index bf5b2f4b3..ffb566591 100644
--- a/src/libcharon/sa/ikev2/mediation_manager.c
+++ b/src/libcharon/sa/ikev2/mediation_manager.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/mediation_manager.h b/src/libcharon/sa/ikev2/mediation_manager.h
index 5212bdb86..640b55eee 100644
--- a/src/libcharon/sa/ikev2/mediation_manager.h
+++ b/src/libcharon/sa/ikev2/mediation_manager.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index 5c0ec49f0..fff567233 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -1794,9 +1794,25 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
 	enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
 	while (enumerator->enumerate(enumerator, &child_sa))
 	{
+		child_create_t *child_create;
+
+		switch (child_sa->get_state(child_sa))
+		{
+			case CHILD_REKEYED:
+			case CHILD_DELETED:
+				/* ignore CHILD_SAs in these states */
+				continue;
+			default:
+				break;
+		}
 		cfg = child_sa->get_config(child_sa);
-		new->queue_task(new, &child_create_create(new, cfg->get_ref(cfg),
-												  FALSE, NULL, NULL)->task);
+		child_create = child_create_create(new, cfg->get_ref(cfg),
+										   FALSE, NULL, NULL);
+		child_create->use_reqid(child_create, child_sa->get_reqid(child_sa));
+		child_create->use_marks(child_create,
+								child_sa->get_mark(child_sa, TRUE).value,
+								child_sa->get_mark(child_sa, FALSE).value);
+		new->queue_task(new, &child_create->task);
 		children = TRUE;
 	}
 	enumerator->destroy(enumerator);
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 85dac6d59..c90af23b9 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -277,13 +277,11 @@ static bool ts_list_is_host(linked_list_t *list, host_t *host)
 }
 
 /**
- * Allocate SPIs and update proposals, we also promote the selected DH group
+ * Allocate local SPI
  */
 static bool allocate_spi(private_child_create_t *this)
 {
-	enumerator_t *enumerator;
 	proposal_t *proposal;
-	linked_list_t *other_dh_groups;
 
 	if (this->initiator)
 	{
@@ -301,41 +299,51 @@ static bool allocate_spi(private_child_create_t *this)
 		this->proto = this->proposal->get_protocol(this->proposal);
 	}
 	this->my_spi = this->child_sa->alloc_spi(this->child_sa, this->proto);
-	if (this->my_spi)
+	return this->my_spi != 0;
+}
+
+/**
+ * Update the proposals with the allocated SPIs as initiator and check the DH
+ * group and promote it if necessary
+ */
+static bool update_and_check_proposals(private_child_create_t *this)
+{
+	enumerator_t *enumerator;
+	proposal_t *proposal;
+	linked_list_t *other_dh_groups;
+	bool found = FALSE;
+
+	other_dh_groups = linked_list_create();
+	enumerator = this->proposals->create_enumerator(this->proposals);
+	while (enumerator->enumerate(enumerator, &proposal))
 	{
-		if (this->initiator)
-		{
-			other_dh_groups = linked_list_create();
-			enumerator = this->proposals->create_enumerator(this->proposals);
-			while (enumerator->enumerate(enumerator, &proposal))
+		proposal->set_spi(proposal, this->my_spi);
+
+		/* move the selected DH group to the front, if any */
+		if (this->dh_group != MODP_NONE)
+		{	/* proposals that don't contain the selected group are
+			 * moved to the back */
+			if (!proposal->promote_dh_group(proposal, this->dh_group))
 			{
-				proposal->set_spi(proposal, this->my_spi);
-
-				/* move the selected DH group to the front, if any */
-				if (this->dh_group != MODP_NONE &&
-					!proposal->promote_dh_group(proposal, this->dh_group))
-				{	/* proposals that don't contain the selected group are
-					 * moved to the back */
-					this->proposals->remove_at(this->proposals, enumerator);
-					other_dh_groups->insert_last(other_dh_groups, proposal);
-				}
+				this->proposals->remove_at(this->proposals, enumerator);
+				other_dh_groups->insert_last(other_dh_groups, proposal);
 			}
-			enumerator->destroy(enumerator);
-			enumerator = other_dh_groups->create_enumerator(other_dh_groups);
-			while (enumerator->enumerate(enumerator, (void**)&proposal))
-			{	/* no need to remove from the list as we destroy it anyway*/
-				this->proposals->insert_last(this->proposals, proposal);
+			else
+			{
+				found = TRUE;
 			}
-			enumerator->destroy(enumerator);
-			other_dh_groups->destroy(other_dh_groups);
-		}
-		else
-		{
-			this->proposal->set_spi(this->proposal, this->my_spi);
 		}
-		return TRUE;
 	}
-	return FALSE;
+	enumerator->destroy(enumerator);
+	enumerator = other_dh_groups->create_enumerator(other_dh_groups);
+	while (enumerator->enumerate(enumerator, (void**)&proposal))
+	{	/* no need to remove from the list as we destroy it anyway*/
+		this->proposals->insert_last(this->proposals, proposal);
+	}
+	enumerator->destroy(enumerator);
+	other_dh_groups->destroy(other_dh_groups);
+
+	return this->dh_group == MODP_NONE || found;
 }
 
 /**
@@ -532,10 +540,15 @@ static status_t select_and_install(private_child_create_t *this,
 	}
 	this->other_spi = this->proposal->get_spi(this->proposal);
 
-	if (!this->initiator && !allocate_spi(this))
-	{	/* responder has no SPI allocated yet */
-		DBG1(DBG_IKE, "allocating SPI failed");
-		return FAILED;
+	if (!this->initiator)
+	{
+		if (!allocate_spi(this))
+		{
+			/* responder has no SPI allocated yet */
+			DBG1(DBG_IKE, "allocating SPI failed");
+			return FAILED;
+		}
+		this->proposal->set_spi(this->proposal, this->my_spi);
 	}
 	this->child_sa->set_proposal(this->child_sa, this->proposal);
 
@@ -981,7 +994,12 @@ static void process_payloads(private_child_create_t *this, message_t *message)
 					this->dh = this->keymat->keymat.create_dh(
 										&this->keymat->keymat, this->dh_group);
 				}
-				if (this->dh)
+				else if (this->dh)
+				{
+					this->dh_failed = this->dh->get_dh_group(this->dh) !=
+									ke_payload->get_dh_group_number(ke_payload);
+				}
+				if (this->dh && !this->dh_failed)
 				{
 					this->dh_failed = !this->dh->set_other_public_value(this->dh,
 								ke_payload->get_key_exchange_data(ke_payload));
@@ -1111,6 +1129,14 @@ METHOD(task_t, build_i, status_t,
 		return FAILED;
 	}
 
+	if (!update_and_check_proposals(this))
+	{
+		DBG1(DBG_IKE, "requested DH group %N not contained in any of our "
+			 "proposals",
+			 diffie_hellman_group_names, this->dh_group);
+		return FAILED;
+	}
+
 	if (this->dh_group != MODP_NONE)
 	{
 		this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
@@ -1544,6 +1570,15 @@ METHOD(task_t, process_i, status_t,
 						memcpy(&group, data.ptr, data.len);
 						group = ntohs(group);
 					}
+					if (this->retry)
+					{
+						DBG1(DBG_IKE, "already retried with DH group %N, ignore"
+							 "requested %N", diffie_hellman_group_names,
+							 this->dh_group, diffie_hellman_group_names, group);
+						handle_child_sa_failure(this, message);
+						/* an error in CHILD_SA creation is not critical */
+						return SUCCESS;
+					}
 					DBG1(DBG_IKE, "peer didn't accept DH group %N, "
 						 "it requested %N", diffie_hellman_group_names,
 						 this->dh_group, diffie_hellman_group_names, group);
diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c
index 164f8fc03..6c8b29018 100644
--- a/src/libcharon/sa/ikev2/tasks/child_delete.c
+++ b/src/libcharon/sa/ikev2/tasks/child_delete.c
@@ -265,6 +265,8 @@ static void process_payloads(private_child_delete_t *this, message_t *message)
 					case CHILD_REKEYED:
 						entry->rekeyed = TRUE;
 						break;
+					case CHILD_DELETED:
+						/* already deleted but not yet destroyed, ignore */
 					case CHILD_DELETING:
 						/* we don't send back a delete if we already initiated
 						 * a delete ourself */
@@ -324,6 +326,7 @@ static status_t destroy_and_reestablish(private_child_delete_t *this)
 	while (enumerator->enumerate(enumerator, (void**)&entry))
 	{
 		child_sa = entry->child_sa;
+		child_sa->set_state(child_sa, CHILD_DELETED);
 		/* signal child down event if we weren't rekeying */
 		protocol = child_sa->get_protocol(child_sa);
 		if (!entry->rekeyed)
@@ -374,8 +377,8 @@ static status_t destroy_and_reestablish(private_child_delete_t *this)
 					break;
 				case ACTION_ROUTE:
 					charon->traps->install(charon->traps,
-							this->ike_sa->get_peer_cfg(this->ike_sa), child_cfg,
-							reqid);
+									this->ike_sa->get_peer_cfg(this->ike_sa),
+									child_cfg);
 					break;
 				default:
 					break;
@@ -456,7 +459,7 @@ METHOD(task_t, build_i, status_t,
 		this->spi = child_sa->get_spi(child_sa, TRUE);
 	}
 
-	if (child_sa->get_state(child_sa) == CHILD_DELETING)
+	if (child_sa->get_state(child_sa) == CHILD_DELETED)
 	{	/* DELETEs for this CHILD_SA were already exchanged, but it was not yet
 		 * destroyed to allow delayed packets to get processed */
 		this->ike_sa->destroy_child_sa(this->ike_sa, this->protocol, this->spi);
diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.h b/src/libcharon/sa/ikev2/tasks/child_delete.h
index 1e9b2d2f7..6b0006e6e 100644
--- a/src/libcharon/sa/ikev2/tasks/child_delete.h
+++ b/src/libcharon/sa/ikev2/tasks/child_delete.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
index f90056658..d5188c0bc 100644
--- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
@@ -145,8 +145,7 @@ static void find_child(private_child_rekey_t *this, message_t *message)
 			child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol,
 												  spi, FALSE);
 			if (child_sa &&
-				child_sa->get_state(child_sa) == CHILD_DELETING &&
-				child_sa->get_outbound_state(child_sa) == CHILD_OUTBOUND_NONE)
+				child_sa->get_state(child_sa) == CHILD_DELETED)
 			{	/* ignore rekeyed CHILD_SAs we keep around */
 				return;
 			}
@@ -213,7 +212,8 @@ METHOD(task_t, build_i, status_t,
 									   message) != NEED_MORE)
 	{
 		schedule_delayed_rekey(this);
-		return FAILED;
+		message->set_exchange_type(message, EXCHANGE_TYPE_UNDEFINED);
+		return SUCCESS;
 	}
 	if (message->get_exchange_type(message) == CREATE_CHILD_SA)
 	{
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index aeaa701c9..6b63197d5 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012-2015 Tobias Brunner
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.h b/src/libcharon/sa/ikev2/tasks/ike_auth.h
index ca864a710..c9e42ff54 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c
index 47b0a3ed1..495a353c5 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h
index 4d5087ff5..f6862ca27 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
index 5a9e08de2..68af6e35b 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
  * Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_post.h b/src/libcharon/sa/ikev2/tasks/ike_cert_post.h
index 34606b1e8..fb1614b43 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_post.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_post.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
index ca17494de..284e59bb1 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
  * Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.h b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.h
index c1f8635ce..8542497bc 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.c b/src/libcharon/sa/ikev2/tasks/ike_config.c
index 6c42b81a6..4a8acb97e 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_config.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_config.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2007 Martin Willi
  * Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.h b/src/libcharon/sa/ikev2/tasks/ike_config.h
index e35457645..9bf666c81 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_config.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_config.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_delete.h b/src/libcharon/sa/ikev2/tasks/ike_delete.h
index 2d5d7cb3a..5d571f769 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_delete.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_delete.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_dpd.c b/src/libcharon/sa/ikev2/tasks/ike_dpd.c
index 7a33f7938..d025a046d 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_dpd.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_dpd.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_dpd.h b/src/libcharon/sa/ikev2/tasks/ike_dpd.h
index 026871610..7b30bdc9c 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_dpd.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_dpd.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.h b/src/libcharon/sa/ikev2/tasks/ike_init.h
index ab169954d..d40d447c1 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_me.c b/src/libcharon/sa/ikev2/tasks/ike_me.c
index f077ccfb5..8023da1fc 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_me.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_me.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_me.h b/src/libcharon/sa/ikev2/tasks/ike_me.h
index 44a4ce69c..9e5405b61 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_me.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_me.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.h b/src/libcharon/sa/ikev2/tasks/ike_mobike.h
index bb2318c9c..288b87178 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -63,7 +63,7 @@ struct ike_mobike_t {
 	void (*dpd)(ike_mobike_t *this);
 
 	/**
-	 * Transmision hook, called by task manager.
+	 * Transmission hook, called by task manager.
 	 *
 	 * The task manager calls this hook whenever it transmits a packet. It
 	 * allows the mobike task to send the packet on multiple paths to do path
diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c
index f3f32d7af..8ea903ec8 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_natd.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2006-2007 Martin Willi
  * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.h b/src/libcharon/sa/ikev2/tasks/ike_natd.h
index 9c571b8e6..3e5af5bcf 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_natd.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_natd.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_reauth.c b/src/libcharon/sa/ikev2/tasks/ike_reauth.c
index 6f90339ea..b9f6c02a8 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_reauth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_reauth.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_reauth.h b/src/libcharon/sa/ikev2/tasks/ike_reauth.h
index e2e48f0d4..3733f21c8 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_reauth.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_reauth.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_redirect.c b/src/libcharon/sa/ikev2/tasks/ike_redirect.c
index f82c80f71..2c565c43a 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_redirect.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_redirect.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_redirect.h b/src/libcharon/sa/ikev2/tasks/ike_redirect.h
index afa00ce5d..5abc9acde 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_redirect.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_redirect.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c
index 2f0552a33..11123b415 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c
@@ -363,7 +363,7 @@ METHOD(task_t, process_i, status_t,
 			/* IKE_SAs in state IKE_REKEYED are silently deleted, so we use
 			 * IKE_REKEYING */
 			this->new_sa->set_state(this->new_sa, IKE_REKEYING);
-			if (this->new_sa->delete(this->new_sa) == DESTROY_ME)
+			if (this->new_sa->delete(this->new_sa, FALSE) == DESTROY_ME)
 			{
 				this->new_sa->destroy(this->new_sa);
 			}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
index f72fbc437..8d8969ea0 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.h b/src/libcharon/sa/ikev2/tasks/ike_vendor.h
index 86c711636..29832cbe9 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_vendor.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.c b/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.c
index 069d51d00..941b43023 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.h b/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.h
index 3d9aae0b3..0e48562eb 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/keymat.c b/src/libcharon/sa/keymat.c
index d1f6a1bdc..70521b5dc 100644
--- a/src/libcharon/sa/keymat.c
+++ b/src/libcharon/sa/keymat.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -65,6 +65,7 @@ int keymat_get_keylen_encr(encryption_algorithm_t alg)
 	keylen_entry_t map[] = {
 		{ENCR_DES,					 64},
 		{ENCR_3DES,					192},
+		{ENCR_CHACHA20_POLY1305,	256},
 	};
 	int i;
 
diff --git a/src/libcharon/sa/keymat.h b/src/libcharon/sa/keymat.h
index 17d2efe37..3fbb75880 100644
--- a/src/libcharon/sa/keymat.h
+++ b/src/libcharon/sa/keymat.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/redirect_manager.c b/src/libcharon/sa/redirect_manager.c
index 45b7e79df..75bba3639 100644
--- a/src/libcharon/sa/redirect_manager.c
+++ b/src/libcharon/sa/redirect_manager.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/redirect_manager.h b/src/libcharon/sa/redirect_manager.h
index e8753265c..2bd134c7d 100644
--- a/src/libcharon/sa/redirect_manager.h
+++ b/src/libcharon/sa/redirect_manager.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/redirect_provider.h b/src/libcharon/sa/redirect_provider.h
index ef2288ffc..75d421227 100644
--- a/src/libcharon/sa/redirect_provider.h
+++ b/src/libcharon/sa/redirect_provider.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c
index 3a254cea5..a83da0480 100644
--- a/src/libcharon/sa/shunt_manager.c
+++ b/src/libcharon/sa/shunt_manager.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015-2016 Tobias Brunner
+ * Copyright (C) 2015-2017 Tobias Brunner
  * Copyright (C) 2011-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -198,6 +198,13 @@ METHOD(shunt_manager_t, install, bool,
 	entry_t *entry;
 	bool found = FALSE, success;
 
+	if (!ns)
+	{
+		DBG1(DBG_CFG, "missing namespace for shunt policy '%s'",
+			 cfg->get_name(cfg));
+		return FALSE;
+	}
+
 	/* check if not already installed */
 	this->lock->write_lock(this->lock);
 	if (this->installing == INSTALL_DISABLED)
@@ -224,7 +231,7 @@ METHOD(shunt_manager_t, install, bool,
 		return TRUE;
 	}
 	INIT(entry,
-		.ns = strdupnull(ns),
+		.ns = strdup(ns),
 		.cfg = cfg->get_ref(cfg),
 	);
 	this->shunts->insert_last(this->shunts, entry);
@@ -369,7 +376,7 @@ METHOD(shunt_manager_t, uninstall, bool,
 	enumerator = this->shunts->create_enumerator(this->shunts);
 	while (enumerator->enumerate(enumerator, &entry))
 	{
-		if (streq(ns, entry->ns) &&
+		if ((!ns || streq(ns, entry->ns)) &&
 			streq(name, entry->cfg->get_name(entry->cfg)))
 		{
 			this->shunts->remove_at(this->shunts, enumerator);
diff --git a/src/libcharon/sa/shunt_manager.h b/src/libcharon/sa/shunt_manager.h
index f2b721032..3d9848c93 100644
--- a/src/libcharon/sa/shunt_manager.h
+++ b/src/libcharon/sa/shunt_manager.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015-2016 Tobias Brunner
+ * Copyright (C) 2015-2017 Tobias Brunner
  * Copyright (C) 2011 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -36,8 +36,7 @@ struct shunt_manager_t {
 	/**
 	 * Install a policy as a shunt.
 	 *
-	 * @param ns		optional namespace (e.g. name of a connection or
-	 *					plugin), cloned
+	 * @param ns		namespace (e.g. name of a connection or plugin), cloned
 	 * @param child		child configuration to install as a shunt
 	 * @return			TRUE if installed successfully
 	 */
@@ -46,7 +45,10 @@ struct shunt_manager_t {
 	/**
 	 * Uninstall a shunt policy.
 	 *
-	 * @param ns		namespace (same as given during installation)
+	 * If no namespace is given the first matching child configuration is
+	 * removed.
+	 *
+	 * @param ns		namespace (same as given during installation) or NULL
 	 * @param name	 	name of child configuration to uninstall as a shunt
 	 * @return			TRUE if uninstalled successfully
 	 */
diff --git a/src/libcharon/sa/task.c b/src/libcharon/sa/task.c
index 30de08c9b..660d0eb92 100644
--- a/src/libcharon/sa/task.c
+++ b/src/libcharon/sa/task.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2007 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/task.h b/src/libcharon/sa/task.h
index 5f77149ba..1a0a1acfa 100644
--- a/src/libcharon/sa/task.h
+++ b/src/libcharon/sa/task.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2007-2015 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/task_manager.c b/src/libcharon/sa/task_manager.c
index bd1191406..e1c8d23b4 100644
--- a/src/libcharon/sa/task_manager.c
+++ b/src/libcharon/sa/task_manager.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
index 6436a2549..979f9290a 100644
--- a/src/libcharon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
@@ -1,7 +1,7 @@
 /*
- * Copyright (C) 2011-2015 Tobias Brunner
+ * Copyright (C) 2011-2017 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -183,9 +183,8 @@ static bool dynamic_remote_ts(child_cfg_t *child)
 	return found;
 }
 
-METHOD(trap_manager_t, install, uint32_t,
-	private_trap_manager_t *this, peer_cfg_t *peer, child_cfg_t *child,
-	uint32_t reqid)
+METHOD(trap_manager_t, install, bool,
+	private_trap_manager_t *this, peer_cfg_t *peer, child_cfg_t *child)
 {
 	entry_t *entry, *found = NULL;
 	ike_cfg_t *ike_cfg;
@@ -197,7 +196,7 @@ METHOD(trap_manager_t, install, uint32_t,
 	linked_list_t *proposals;
 	proposal_t *proposal;
 	protocol_id_t proto = PROTO_ESP;
-	bool wildcard = FALSE;
+	bool result = FALSE, wildcard = FALSE;
 
 	/* try to resolve addresses */
 	ike_cfg = peer->get_ike_cfg(peer);
@@ -213,7 +212,7 @@ METHOD(trap_manager_t, install, uint32_t,
 	{
 		other->destroy(other);
 		DBG1(DBG_CFG, "installing trap failed, remote address unknown");
-		return 0;
+		return FALSE;
 	}
 	else
 	{	/* depending on the traffic selectors we don't really need a remote
@@ -223,7 +222,7 @@ METHOD(trap_manager_t, install, uint32_t,
 			 * which is probably not what users expect*/
 			DBG1(DBG_CFG, "installing trap failed, remote address unknown with "
 				 "dynamic traffic selector");
-			return 0;
+			return FALSE;
 		}
 		me = ike_cfg->resolve_me(ike_cfg, other ? other->get_family(other)
 												: AF_UNSPEC);
@@ -250,12 +249,14 @@ METHOD(trap_manager_t, install, uint32_t,
 		this->lock->unlock(this->lock);
 		other->destroy(other);
 		me->destroy(me);
-		return 0;
+		return FALSE;
 	}
 	enumerator = this->traps->create_enumerator(this->traps);
 	while (enumerator->enumerate(enumerator, &entry))
 	{
-		if (streq(entry->name, child->get_name(child)))
+		if (streq(entry->name, child->get_name(child)) &&
+			streq(entry->peer_cfg->get_name(entry->peer_cfg),
+				  peer->get_name(peer)))
 		{
 			found = entry;
 			if (entry->child_sa)
@@ -275,11 +276,10 @@ METHOD(trap_manager_t, install, uint32_t,
 			this->lock->unlock(this->lock);
 			other->destroy(other);
 			me->destroy(me);
-			return 0;
+			return FALSE;
 		}
 		/* config might have changed so update everything */
 		DBG1(DBG_CFG, "updating already routed CHILD_SA '%s'", found->name);
-		reqid = found->child_sa->get_reqid(found->child_sa);
 	}
 
 	INIT(entry,
@@ -293,7 +293,7 @@ METHOD(trap_manager_t, install, uint32_t,
 	this->lock->unlock(this->lock);
 
 	/* create and route CHILD_SA */
-	child_sa = child_sa_create(me, other, child, reqid, FALSE, 0, 0);
+	child_sa = child_sa_create(me, other, child, 0, FALSE, 0, 0);
 
 	list = linked_list_create_with_items(me, NULL);
 	my_ts = child->get_traffic_selectors(child, TRUE, NULL, list);
@@ -325,14 +325,13 @@ METHOD(trap_manager_t, install, uint32_t,
 		this->lock->unlock(this->lock);
 		entry->child_sa = child_sa;
 		destroy_entry(entry);
-		reqid = 0;
 	}
 	else
 	{
-		reqid = child_sa->get_reqid(child_sa);
 		this->lock->write_lock(this->lock);
 		entry->child_sa = child_sa;
 		this->lock->unlock(this->lock);
+		result = TRUE;
 	}
 	if (found)
 	{
@@ -343,11 +342,11 @@ METHOD(trap_manager_t, install, uint32_t,
 	this->installing--;
 	this->condvar->signal(this->condvar);
 	this->lock->unlock(this->lock);
-	return reqid;
+	return result;
 }
 
 METHOD(trap_manager_t, uninstall, bool,
-	private_trap_manager_t *this, uint32_t reqid)
+	private_trap_manager_t *this, char *peer, char *child)
 {
 	enumerator_t *enumerator;
 	entry_t *entry, *found = NULL;
@@ -356,8 +355,8 @@ METHOD(trap_manager_t, uninstall, bool,
 	enumerator = this->traps->create_enumerator(this->traps);
 	while (enumerator->enumerate(enumerator, &entry))
 	{
-		if (entry->child_sa &&
-			entry->child_sa->get_reqid(entry->child_sa) == reqid)
+		if (streq(entry->name, child) &&
+		   (!peer || streq(peer, entry->peer_cfg->get_name(entry->peer_cfg))))
 		{
 			this->traps->remove_at(this->traps, enumerator);
 			found = entry;
@@ -369,7 +368,6 @@ METHOD(trap_manager_t, uninstall, bool,
 
 	if (!found)
 	{
-		DBG1(DBG_CFG, "trap %d not found to uninstall", reqid);
 		return FALSE;
 	}
 	destroy_entry(found);
@@ -413,31 +411,6 @@ METHOD(trap_manager_t, create_enumerator, enumerator_t*,
 									(void*)this->lock->unlock);
 }
 
-METHOD(trap_manager_t, find_reqid, uint32_t,
-	private_trap_manager_t *this, child_cfg_t *child)
-{
-	enumerator_t *enumerator;
-	entry_t *entry;
-	uint32_t reqid = 0;
-
-	this->lock->read_lock(this->lock);
-	enumerator = this->traps->create_enumerator(this->traps);
-	while (enumerator->enumerate(enumerator, &entry))
-	{
-		if (streq(entry->name, child->get_name(child)))
-		{
-			if (entry->child_sa)
-			{
-				reqid = entry->child_sa->get_reqid(entry->child_sa);
-			}
-			break;
-		}
-	}
-	enumerator->destroy(enumerator);
-	this->lock->unlock(this->lock);
-	return reqid;
-}
-
 METHOD(trap_manager_t, acquire, void,
 	private_trap_manager_t *this, uint32_t reqid,
 	traffic_selector_t *src, traffic_selector_t *dst)
@@ -693,7 +666,6 @@ trap_manager_t *trap_manager_create(void)
 			.install = _install,
 			.uninstall = _uninstall,
 			.create_enumerator = _create_enumerator,
-			.find_reqid = _find_reqid,
 			.acquire = _acquire,
 			.flush = _flush,
 			.destroy = _destroy,
diff --git a/src/libcharon/sa/trap_manager.h b/src/libcharon/sa/trap_manager.h
index 083ea3dbf..1b67ff82f 100644
--- a/src/libcharon/sa/trap_manager.h
+++ b/src/libcharon/sa/trap_manager.h
@@ -1,6 +1,7 @@
 /*
+ * Copyright (C) 2013-2017 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -37,19 +38,21 @@ struct trap_manager_t {
 	 *
 	 * @param peer		peer configuration to initiate on trap
 	 * @param child 	child configuration to install as a trap
-	 * @param reqid		optional reqid to use
-	 * @return			reqid of installed CHILD_SA, 0 if failed
+	 * @return			TRUE if successfully installed
 	 */
-	uint32_t (*install)(trap_manager_t *this, peer_cfg_t *peer,
-						 child_cfg_t *child, uint32_t reqid);
+	bool (*install)(trap_manager_t *this, peer_cfg_t *peer, child_cfg_t *child);
 
 	/**
 	 * Uninstall a trap policy.
 	 *
-	 * @param id		reqid of CHILD_SA to uninstall, returned by install()
+	 * If no peer configuration name is given the first matching child
+	 * configuration is uninstalled.
+	 *
+	 * @param peer		peer configuration name or NULL
+	 * @param child		child configuration name
 	 * @return			TRUE if uninstalled successfully
 	 */
-	bool (*uninstall)(trap_manager_t *this, uint32_t reqid);
+	bool (*uninstall)(trap_manager_t *this, char *peer, char *child);
 
 	/**
 	 * Create an enumerator over all installed traps.
@@ -58,14 +61,6 @@ struct trap_manager_t {
 	 */
 	enumerator_t* (*create_enumerator)(trap_manager_t *this);
 
-	/**
-	 * Find the reqid of a child config installed as a trap.
-	 *
-	 * @param child		CHILD_SA config to get the reqid for
-	 * @return			reqid of trap, 0 if not found
-	 */
-	uint32_t (*find_reqid)(trap_manager_t *this, child_cfg_t *child);
-
 	/**
 	 * Acquire an SA triggered by an installed trap.
 	 *
diff --git a/src/libcharon/sa/xauth/xauth_method.c b/src/libcharon/sa/xauth/xauth_method.c
index 838822d1e..8f34a275d 100644
--- a/src/libcharon/sa/xauth/xauth_method.c
+++ b/src/libcharon/sa/xauth/xauth_method.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/xauth/xauth_method.h b/src/libcharon/sa/xauth/xauth_method.h
index c0c2024e0..134e72b06 100644
--- a/src/libcharon/sa/xauth/xauth_method.h
+++ b/src/libcharon/sa/xauth/xauth_method.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/tests/suites/test_child_delete.c b/src/libcharon/tests/suites/test_child_delete.c
index 437e919c7..8660d7291 100644
--- a/src/libcharon/tests/suites/test_child_delete.c
+++ b/src/libcharon/tests/suites/test_child_delete.c
@@ -290,7 +290,7 @@ START_TEST(test_collision_ike_delete)
 	}
 	call_ikesa(a, delete_child_sa, PROTO_ESP, spi_a, FALSE);
 	assert_child_sa_state(a, spi_a, CHILD_DELETING);
-	call_ikesa(b, delete);
+	call_ikesa(b, delete, FALSE);
 	assert_ike_sa_state(b, IKE_DELETING);
 
 	/* RFC 7296, 2.25.2 does not explicitly state what the behavior SHOULD be if
diff --git a/src/libcharon/tests/suites/test_child_rekey.c b/src/libcharon/tests/suites/test_child_rekey.c
index 44d004ab7..51d577cd8 100644
--- a/src/libcharon/tests/suites/test_child_rekey.c
+++ b/src/libcharon/tests/suites/test_child_rekey.c
@@ -41,7 +41,7 @@
 	assert_hook_not_called(child_updown); \
 	assert_hook_not_called(child_rekey); \
 	assert_no_jobs_scheduled(); \
-	assert_child_sa_state(sa, spi, CHILD_DELETING, CHILD_OUTBOUND_NONE); \
+	assert_child_sa_state(sa, spi, CHILD_DELETED, CHILD_OUTBOUND_NONE); \
 	call_ikesa(sa, delete_child_sa, PROTO_ESP, spi, FALSE); \
 	assert_child_sa_not_exists(sa, spi); \
 	assert_scheduler(); \
@@ -97,7 +97,7 @@ START_TEST(test_regular)
 	assert_jobs_scheduled(1);
 	assert_single_payload(IN, PLV2_DELETE);
 	exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-	assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(b, spi_b, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(b, 2);
 	assert_ipsec_sas_installed(b, spi_b, 3, 4);
@@ -108,7 +108,7 @@ START_TEST(test_regular)
 	assert_jobs_scheduled(1);
 	assert_single_payload(IN, PLV2_DELETE);
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-	assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(a, spi_a, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(a, 2);
 	assert_ipsec_sas_installed(a, spi_a, 3, 4);
@@ -205,7 +205,7 @@ START_TEST(test_regular_ke_invalid)
 	assert_hook_not_called(child_rekey);
 	assert_single_payload(IN, PLV2_DELETE);
 	exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-	assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(b, spi_b, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(b, 2);
 	assert_ipsec_sas_installed(b, spi_b, 5, 6);
@@ -214,7 +214,7 @@ START_TEST(test_regular_ke_invalid)
 	assert_hook_not_called(child_rekey);
 	assert_single_payload(IN, PLV2_DELETE);
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-	assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(a, spi_a, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, 5, CHILD_INSTALLED);
 	assert_child_sa_count(a, 2);
 	assert_ipsec_sas_installed(a, spi_a, 5, 6);
@@ -259,7 +259,7 @@ START_TEST(test_regular_ke_invalid)
 	assert_hook_not_called(child_rekey);
 	assert_single_payload(IN, PLV2_DELETE);
 	exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-	assert_child_sa_state(b, 6, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(b, 6, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(b, 2);
 	assert_ipsec_sas_installed(b, 6, 7, 8);
@@ -269,7 +269,7 @@ START_TEST(test_regular_ke_invalid)
 	assert_hook_not_called(child_rekey);
 	assert_single_payload(IN, PLV2_DELETE);
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-	assert_child_sa_state(a, 5, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(a, 5, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, 7, CHILD_INSTALLED);
 	assert_child_sa_count(a, 2);
 	assert_ipsec_sas_installed(a, 5, 7, 8);
@@ -336,7 +336,7 @@ START_TEST(test_regular_responder_ignore_soft_expire)
 	assert_jobs_scheduled(1);
 	assert_single_payload(IN, PLV2_DELETE);
 	exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-	assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(b, 2);
 	assert_ipsec_sas_installed(b, 2, 3, 4);
@@ -345,7 +345,7 @@ START_TEST(test_regular_responder_ignore_soft_expire)
 	assert_jobs_scheduled(1);
 	assert_single_payload(IN, PLV2_DELETE);
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-	assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, 3, CHILD_INSTALLED);
 	assert_child_sa_count(a, 2);
 	assert_ipsec_sas_installed(a, 1, 3, 4);
@@ -431,7 +431,7 @@ START_TEST(test_regular_responder_handle_hard_expire)
 	assert_jobs_scheduled(1);
 	assert_message_empty(IN);
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-	assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(a, 2);
 	assert_ipsec_sas_installed(a, 1, 3, 4);
@@ -440,7 +440,7 @@ START_TEST(test_regular_responder_handle_hard_expire)
 	assert_jobs_scheduled(1);
 	assert_message_empty(IN);
 	exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-	assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(b, 2);
 	assert_ipsec_sas_installed(b, 2, 3, 4);
@@ -591,7 +591,7 @@ START_TEST(test_collision)
 	assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
 						  data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED
 												  : CHILD_OUTBOUND_REGISTERED);
-	assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
+	assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
 						  CHILD_OUTBOUND_INSTALLED);
@@ -611,7 +611,7 @@ START_TEST(test_collision)
 	assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
 						  data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED
 												  : CHILD_OUTBOUND_REGISTERED);
-	assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
+	assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
 						  CHILD_OUTBOUND_INSTALLED);
@@ -628,9 +628,9 @@ START_TEST(test_collision)
 	/* <-- INFORMATIONAL { D } */
 	assert_jobs_scheduled(1);
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-	assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
+	assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
-	assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
+	assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
 						  CHILD_OUTBOUND_INSTALLED);
@@ -641,9 +641,9 @@ START_TEST(test_collision)
 	/* INFORMATIONAL { D } --> */
 	assert_jobs_scheduled(1);
 	exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-	assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
+	assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
-	assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
+	assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
 						  CHILD_OUTBOUND_INSTALLED);
@@ -781,7 +781,7 @@ START_TEST(test_collision_delayed_response)
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
 	if (data[_i].spi_del_b == 2)
 	{
-		assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+		assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 		assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
 							  CHILD_OUTBOUND_INSTALLED);
 		assert_ipsec_sas_installed(a, 1, 4, 6);
@@ -789,7 +789,7 @@ START_TEST(test_collision_delayed_response)
 	else
 	{
 		assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
-		assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
+		assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
 							  CHILD_OUTBOUND_NONE);
 		assert_ipsec_sas_installed(a, 1, 2, 6);
 	}
@@ -814,7 +814,7 @@ START_TEST(test_collision_delayed_response)
 							  CHILD_OUTBOUND_REGISTERED);
 		assert_ipsec_sas_installed(b, 1, 2, 4, 5);
 	}
-	assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
+	assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
 	assert_child_sa_count(b, 3);
 	assert_scheduler();
@@ -839,7 +839,7 @@ START_TEST(test_collision_delayed_response)
 							  CHILD_OUTBOUND_REGISTERED);
 		assert_ipsec_sas_installed(a, 1, 3, 4, 6);
 	}
-	assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
+	assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
 						  CHILD_OUTBOUND_INSTALLED);
@@ -850,9 +850,9 @@ START_TEST(test_collision_delayed_response)
 	/* INFORMATIONAL { D } --> */
 	assert_jobs_scheduled(1);
 	exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-	assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
+	assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
-	assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
+	assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
 						  CHILD_OUTBOUND_INSTALLED);
@@ -863,9 +863,9 @@ START_TEST(test_collision_delayed_response)
 	/* <-- INFORMATIONAL { D } */
 	assert_jobs_scheduled(1);
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-	assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
+	assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
-	assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
+	assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
 						  CHILD_OUTBOUND_INSTALLED);
@@ -972,7 +972,7 @@ START_TEST(test_collision_delayed_request)
 	/* <-- INFORMATIONAL { D } */
 	assert_jobs_scheduled(1);
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-	assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(a, 2);
 	assert_ipsec_sas_installed(a, 1, 4, 5);
@@ -981,7 +981,7 @@ START_TEST(test_collision_delayed_request)
 	/* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
 	assert_no_jobs_scheduled();
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-	assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(a, 2);
 	assert_ipsec_sas_installed(a, 1, 4, 5);
@@ -990,7 +990,7 @@ START_TEST(test_collision_delayed_request)
 	/* INFORMATIONAL { D } --> */
 	assert_jobs_scheduled(1);
 	exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-	assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(b, 2);
 	assert_ipsec_sas_installed(b, 2, 4, 5);
@@ -1089,7 +1089,7 @@ START_TEST(test_collision_delayed_request_more)
 	/* <-- INFORMATIONAL { D } */
 	assert_jobs_scheduled(1);
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-	assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(a, 2);
 	assert_ipsec_sas_installed(a, 1, 4, 5);
@@ -1097,7 +1097,7 @@ START_TEST(test_collision_delayed_request_more)
 	/* INFORMATIONAL { D } --> */
 	assert_jobs_scheduled(1);
 	exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-	assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(b, 2);
 	assert_ipsec_sas_installed(b, 2, 4, 5);
@@ -1106,14 +1106,14 @@ START_TEST(test_collision_delayed_request_more)
 	/* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
 	assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
 	exchange_test_helper->process_message(exchange_test_helper, b, msg);
-	assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(b, 2);
 	assert_ipsec_sas_installed(b, 2, 4, 5);
 	/* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
 	assert_no_jobs_scheduled();
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-	assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(a, 2);
 	assert_ipsec_sas_installed(a, 1, 4, 5);
@@ -1299,7 +1299,7 @@ START_TEST(test_collision_ke_invalid)
 	assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
 						  data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED
 												  : CHILD_OUTBOUND_REGISTERED);
-	assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
+	assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
 						  CHILD_OUTBOUND_INSTALLED);
@@ -1311,7 +1311,7 @@ START_TEST(test_collision_ke_invalid)
 	assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
 						  data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED
 												  : CHILD_OUTBOUND_REGISTERED);
-	assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
+	assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
 						  CHILD_OUTBOUND_INSTALLED);
@@ -1320,9 +1320,9 @@ START_TEST(test_collision_ke_invalid)
 	/* <-- INFORMATIONAL { D } */
 	assert_jobs_scheduled(1);
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-	assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
+	assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
-	assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
+	assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
 						  CHILD_OUTBOUND_INSTALLED);
@@ -1331,9 +1331,9 @@ START_TEST(test_collision_ke_invalid)
 	/* INFORMATIONAL { D } --> */
 	assert_jobs_scheduled(1);
 	exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-	assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
+	assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
-	assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
+	assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
 						  CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
 						  CHILD_OUTBOUND_INSTALLED);
@@ -1475,7 +1475,7 @@ START_TEST(test_collision_ke_invalid_delayed_retry)
 	/* <-- INFORMATIONAL { D } */
 	assert_jobs_scheduled(1);
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-	assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(a, 2);
 	assert_scheduler();
@@ -1483,7 +1483,7 @@ START_TEST(test_collision_ke_invalid_delayed_retry)
 	/* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
 	assert_no_jobs_scheduled();
 	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
-	assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(a, 2);
 	assert_scheduler();
@@ -1491,7 +1491,7 @@ START_TEST(test_collision_ke_invalid_delayed_retry)
 	/* INFORMATIONAL { D } --> */
 	assert_jobs_scheduled(1);
 	exchange_test_helper->process_message(exchange_test_helper, b, NULL);
-	assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+	assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
 	assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
 	assert_child_sa_count(b, 2);
 	assert_scheduler();
@@ -1906,7 +1906,7 @@ START_TEST(test_collision_ike_delete)
 										   &a, &b, NULL);
 	}
 	initiate_rekey(a, spi_a);
-	call_ikesa(b, delete);
+	call_ikesa(b, delete, FALSE);
 	assert_ike_sa_state(b, IKE_DELETING);
 
 	/* this should never get called as there is no successful rekeying on
diff --git a/src/libcharon/tests/suites/test_ike_cfg.c b/src/libcharon/tests/suites/test_ike_cfg.c
index 8062179b9..9bbc064f7 100644
--- a/src/libcharon/tests/suites/test_ike_cfg.c
+++ b/src/libcharon/tests/suites/test_ike_cfg.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/tests/suites/test_ike_delete.c b/src/libcharon/tests/suites/test_ike_delete.c
index d79f9bc50..7633718d4 100644
--- a/src/libcharon/tests/suites/test_ike_delete.c
+++ b/src/libcharon/tests/suites/test_ike_delete.c
@@ -40,7 +40,7 @@ START_TEST(test_regular)
 	}
 	assert_hook_not_called(ike_updown);
 	assert_hook_not_called(child_updown);
-	call_ikesa(a, delete);
+	call_ikesa(a, delete, FALSE);
 	assert_ike_sa_state(a, IKE_DELETING);
 	assert_hook();
 	assert_hook();
@@ -81,9 +81,9 @@ START_TEST(test_collision)
 
 	assert_hook_not_called(ike_updown);
 	assert_hook_not_called(child_updown);
-	call_ikesa(a, delete);
+	call_ikesa(a, delete, FALSE);
 	assert_ike_sa_state(a, IKE_DELETING);
-	call_ikesa(b, delete);
+	call_ikesa(b, delete, FALSE);
 	assert_ike_sa_state(b, IKE_DELETING);
 	assert_hook();
 	assert_hook();
diff --git a/src/libcharon/tests/suites/test_ike_rekey.c b/src/libcharon/tests/suites/test_ike_rekey.c
index e22a0c288..b6a015445 100644
--- a/src/libcharon/tests/suites/test_ike_rekey.c
+++ b/src/libcharon/tests/suites/test_ike_rekey.c
@@ -1319,7 +1319,7 @@ START_TEST(test_collision_delete)
 	assert_hook_not_called(ike_rekey);
 
 	initiate_rekey(a);
-	call_ikesa(b, delete);
+	call_ikesa(b, delete, FALSE);
 	assert_ike_sa_state(b, IKE_DELETING);
 
 	/* RFC 7296, 2.25.2: If a peer receives a request to rekey an IKE SA that
@@ -1401,7 +1401,7 @@ START_TEST(test_collision_delete_drop_delete)
 	assert_hook_not_called(ike_rekey);
 
 	initiate_rekey(a);
-	call_ikesa(b, delete);
+	call_ikesa(b, delete, FALSE);
 	assert_ike_sa_state(b, IKE_DELETING);
 
 	/* RFC 7296, 2.25.2: If a peer receives a request to rekey an IKE SA that
diff --git a/src/libcharon/tests/suites/test_mem_pool.c b/src/libcharon/tests/suites/test_mem_pool.c
index 4204d4bab..e509228d9 100644
--- a/src/libcharon/tests/suites/test_mem_pool.c
+++ b/src/libcharon/tests/suites/test_mem_pool.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libfast/fast_context.h b/src/libfast/fast_context.h
index 4922703ca..7113b1bac 100644
--- a/src/libfast/fast_context.h
+++ b/src/libfast/fast_context.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libfast/fast_controller.h b/src/libfast/fast_controller.h
index bbd0214fc..a8a56b872 100644
--- a/src/libfast/fast_controller.h
+++ b/src/libfast/fast_controller.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libfast/fast_dispatcher.c b/src/libfast/fast_dispatcher.c
index 4b422f077..70ff40466 100644
--- a/src/libfast/fast_dispatcher.c
+++ b/src/libfast/fast_dispatcher.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libfast/fast_dispatcher.h b/src/libfast/fast_dispatcher.h
index 21708a744..ffa49d9db 100644
--- a/src/libfast/fast_dispatcher.h
+++ b/src/libfast/fast_dispatcher.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -24,7 +24,7 @@
  *
  * The application has a global context and a session context. The global
  * context is accessed from all sessions simultaneously and therefore
- * needs to be threadsave. Often a database wrapper is the global context.
+ * needs to be threadsafe. Often a database wrapper is the global context.
  * The session context is instantiated per session. Sessions are managed
  * automatically through session cookies. The session context is kept alive
  * until the session times out. It must implement the context_t interface and
diff --git a/src/libfast/fast_filter.h b/src/libfast/fast_filter.h
index 57367bd5a..53aa0e827 100644
--- a/src/libfast/fast_filter.h
+++ b/src/libfast/fast_filter.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libfast/fast_request.c b/src/libfast/fast_request.c
index a56a59167..0543215cb 100644
--- a/src/libfast/fast_request.c
+++ b/src/libfast/fast_request.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -75,7 +75,7 @@ struct private_fast_request_t {
 };
 
 /**
- * ClearSilver cgiwrap is not threadsave, so we use a private
+ * ClearSilver cgiwrap is not threadsafe, so we use a private
  * context for each thread.
  */
 static thread_value_t *thread_this;
diff --git a/src/libfast/fast_request.h b/src/libfast/fast_request.h
index 678cf54d5..85cbc2062 100644
--- a/src/libfast/fast_request.h
+++ b/src/libfast/fast_request.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libfast/fast_session.c b/src/libfast/fast_session.c
index 56d4a0443..eb6fc638b 100644
--- a/src/libfast/fast_session.c
+++ b/src/libfast/fast_session.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libfast/fast_session.h b/src/libfast/fast_session.h
index 3fca3673e..4c7127c8d 100644
--- a/src/libfast/fast_session.h
+++ b/src/libfast/fast_session.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libimcv/imcv.h b/src/libimcv/imcv.h
index 0f44d8f6f..a5eebd536 100644
--- a/src/libimcv/imcv.h
+++ b/src/libimcv/imcv.h
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index 40a0f5eeb..860573c31 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -544,6 +544,18 @@ INSERT INTO products (      /* 91 */
  'Debian 8.9 x86_64'
 );
 
+INSERT INTO products (      /* 92 */
+  name
+) VALUES (
+ 'Debian 8.10 i686'
+);
+
+INSERT INTO products (      /* 93 */
+  name
+) VALUES (
+ 'Debian 8.10 x86_64'
+);
+
 /* Directories */
 
 INSERT INTO directories (		/*  1 */
@@ -1102,6 +1114,12 @@ INSERT INTO groups_product_defaults (
   4, 90
 );
 
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 92
+);
+
 INSERT INTO groups_product_defaults (
   group_id, product_id
 ) VALUES (
@@ -1210,6 +1228,12 @@ INSERT INTO groups_product_defaults (
   5, 91
 );
 
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 93
+);
+
 INSERT INTO groups_product_defaults (
   group_id, product_id
 ) VALUES (
diff --git a/src/libimcv/imv/imv_database.c b/src/libimcv/imv/imv_database.c
index 0a18cd71b..b444abdbb 100644
--- a/src/libimcv/imv/imv_database.c
+++ b/src/libimcv/imv/imv_database.c
@@ -130,8 +130,9 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session)
 	if (!did)
 	{
 		this->db->execute(this->db, &did,
-			"INSERT INTO devices (value, product) VALUES (?, ?)",
-			 DB_TEXT, device, DB_INT, pid);
+			"INSERT INTO devices "
+			"(value, description, product, trusted, inactive) "
+			"VALUES (?, '', ?, 0, 0)", DB_TEXT, device, DB_INT, pid);
 	}
 	free(device);
 
diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c
index 1988873e9..a0e8595ed 100644
--- a/src/libimcv/imv/imv_policy_manager.c
+++ b/src/libimcv/imv/imv_policy_manager.c
@@ -113,7 +113,7 @@ static bool iterate_enforcements(database_t *db, int device_id, int session_id,
 			if (latest_success)
 			{
 				/*skipping enforcement */
-				printf("skipping enforcment %d\n", id);
+				printf("skipping enforcement %d\n", id);
 				continue;
 			}
 
diff --git a/src/libimcv/imv/tables-mysql.sql b/src/libimcv/imv/tables-mysql.sql
index cf50742c3..3e23950a3 100644
--- a/src/libimcv/imv/tables-mysql.sql
+++ b/src/libimcv/imv/tables-mysql.sql
@@ -182,7 +182,9 @@ CREATE TABLE `devices` (
   `description` VARCHAR(100) DEFAULT "",
   `value` VARCHAR(256) NOT NULL,
   `product` INTEGER REFERENCES `products`(`id`),
-  `created` INTEGER
+  `trusted` INTEGER DEFAULT 0,
+  `created` INTEGER,
+  `inactive` INTEGER DEFAULT 0
 );
 
 DROP TABLE IF EXISTS `identities`;
diff --git a/src/libimcv/imv/tables.sql b/src/libimcv/imv/tables.sql
index b50c6ed12..631969ce7 100644
--- a/src/libimcv/imv/tables.sql
+++ b/src/libimcv/imv/tables.sql
@@ -204,7 +204,8 @@ CREATE TABLE devices (
   value TEXT NOT NULL,
   product INTEGER REFERENCES products(id),
   trusted INTEGER DEFAULT 0,
-  created INTEGER
+  created INTEGER,
+  inactive INTEGER DEFAULT 0
 );
 DROP INDEX IF EXISTS devices_id;
 CREATE INDEX devices_value ON devices (
diff --git a/src/libimcv/ita/ita_attr_settings.c b/src/libimcv/ita/ita_attr_settings.c
index b0907789e..8c364d26c 100644
--- a/src/libimcv/ita/ita_attr_settings.c
+++ b/src/libimcv/ita/ita_attr_settings.c
@@ -29,7 +29,7 @@ typedef struct private_ita_attr_settings_t private_ita_attr_settings_t;
 typedef struct entry_t entry_t;
 
 /**
- * Contains a settins name/value pair
+ * Contains a settings name/value pair
  */
 struct entry_t {
 	char *name;
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.h b/src/libimcv/plugins/imc_scanner/imc_scanner_state.h
index 3b40575e3..5fa685024 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.h
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.h
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.h b/src/libimcv/plugins/imc_swid/imc_swid_state.h
index c2719d21b..c658549c8 100644
--- a/src/libimcv/plugins/imc_swid/imc_swid_state.h
+++ b/src/libimcv/plugins/imc_swid/imc_swid_state.h
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2013 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag
deleted file mode 100644
index bb4d300a9..000000000
--- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag
+++ /dev/null
@@ -1,11 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<SoftwareIdentity
-  name="strongSwan"
-  tagId="strongSwan-5-6-2"
-  version="5.6.2" versionScheme="alphanumeric"
-  xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
-  <Entity
-    name="strongSwan Project"
-    regid="strongswan.org"
-    role="softwareCreator licensor tagCreator"/>
-</SoftwareIdentity>
diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag
new file mode 100644
index 000000000..4ce168623
--- /dev/null
+++ b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<SoftwareIdentity
+  name="strongSwan"
+  tagId="strongSwan-5-6-3"
+  version="5.6.3" versionScheme="alphanumeric"
+  xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
+  <Entity
+    name="strongSwan Project"
+    regid="strongswan.org"
+    role="softwareCreator licensor tagCreator"/>
+</SoftwareIdentity>
diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag
deleted file mode 100644
index bb4d300a9..000000000
--- a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag
+++ /dev/null
@@ -1,11 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<SoftwareIdentity
-  name="strongSwan"
-  tagId="strongSwan-5-6-2"
-  version="5.6.2" versionScheme="alphanumeric"
-  xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
-  <Entity
-    name="strongSwan Project"
-    regid="strongswan.org"
-    role="softwareCreator licensor tagCreator"/>
-</SoftwareIdentity>
diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag
new file mode 100644
index 000000000..4ce168623
--- /dev/null
+++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<SoftwareIdentity
+  name="strongSwan"
+  tagId="strongSwan-5-6-3"
+  version="5.6.3" versionScheme="alphanumeric"
+  xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
+  <Entity
+    name="strongSwan Project"
+    regid="strongswan.org"
+    role="softwareCreator licensor tagCreator"/>
+</SoftwareIdentity>
diff --git a/src/libimcv/plugins/imc_test/imc_test_state.h b/src/libimcv/plugins/imc_test/imc_test_state.h
index 365caff7c..330881932 100644
--- a/src/libimcv/plugins/imc_test/imc_test_state.h
+++ b/src/libimcv/plugins/imc_test/imc_test_state.h
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libimcv/plugins/imv_test/imv_test_state.h b/src/libimcv/plugins/imv_test/imv_test_state.h
index 2de5b6ffc..3e9b69521 100644
--- a/src/libimcv/plugins/imv_test/imv_test_state.h
+++ b/src/libimcv/plugins/imv_test/imv_test_state.h
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c
index 09ffd7160..3cf439f35 100644
--- a/src/libimcv/pts/pts.c
+++ b/src/libimcv/pts/pts.c
@@ -734,7 +734,7 @@ METHOD(pts_t, verify_quote_signature, bool,
 					scheme = SIGN_RSA_EMSA_PKCS1_SHA3_384;
 					break;
 				case HASH_SHA3_512:
-					scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512;
+					scheme = SIGN_RSA_EMSA_PKCS1_SHA3_512;
 					break;
 				default:
 					scheme = SIGN_UNKNOWN;
diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c
index c014e683a..394133d04 100644
--- a/src/libipsec/esp_context.c
+++ b/src/libipsec/esp_context.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012-2013 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/esp_context.h b/src/libipsec/esp_context.h
index 322dab97f..a830202f2 100644
--- a/src/libipsec/esp_context.h
+++ b/src/libipsec/esp_context.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012-2013 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/esp_packet.c b/src/libipsec/esp_packet.c
index 2c521775c..d1140e252 100644
--- a/src/libipsec/esp_packet.c
+++ b/src/libipsec/esp_packet.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012-2013 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/esp_packet.h b/src/libipsec/esp_packet.h
index c42acba43..7b179f46c 100644
--- a/src/libipsec/esp_packet.h
+++ b/src/libipsec/esp_packet.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c
index 904f118fd..fee70c195 100644
--- a/src/libipsec/ip_packet.c
+++ b/src/libipsec/ip_packet.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -527,7 +527,7 @@ ip_packet_t *ip_packet_create_from_data(host_t *src, host_t *dst,
 		case AF_INET6:
 		{
 			struct ip6_hdr ip = {
-				.ip6_flow = htonl(6),
+				.ip6_flow = htonl(6 << 28),
 				.ip6_plen = htons(data.len),
 				.ip6_nxt = next_header,
 				.ip6_hlim = 0x80,
diff --git a/src/libipsec/ip_packet.h b/src/libipsec/ip_packet.h
index 1e1d619a2..25a8aa144 100644
--- a/src/libipsec/ip_packet.h
+++ b/src/libipsec/ip_packet.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec.c b/src/libipsec/ipsec.c
index 6c9a26acf..21cd8f094 100644
--- a/src/libipsec/ipsec.c
+++ b/src/libipsec/ipsec.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec.h b/src/libipsec/ipsec.h
index 7ee49432a..73b56583b 100644
--- a/src/libipsec/ipsec.h
+++ b/src/libipsec/ipsec.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec_event_listener.h b/src/libipsec/ipsec_event_listener.h
index e784cedb3..0195ee27a 100644
--- a/src/libipsec/ipsec_event_listener.h
+++ b/src/libipsec/ipsec_event_listener.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec_event_relay.c b/src/libipsec/ipsec_event_relay.c
index 94cc6527f..4d33fb7b8 100644
--- a/src/libipsec/ipsec_event_relay.c
+++ b/src/libipsec/ipsec_event_relay.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec_event_relay.h b/src/libipsec/ipsec_event_relay.h
index 056352e84..43ca075dc 100644
--- a/src/libipsec/ipsec_event_relay.h
+++ b/src/libipsec/ipsec_event_relay.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec_policy.c b/src/libipsec/ipsec_policy.c
index 98201b843..521610eab 100644
--- a/src/libipsec/ipsec_policy.c
+++ b/src/libipsec/ipsec_policy.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec_policy.h b/src/libipsec/ipsec_policy.h
index 6d67a602e..9a4ffbfa8 100644
--- a/src/libipsec/ipsec_policy.h
+++ b/src/libipsec/ipsec_policy.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec_policy_mgr.c b/src/libipsec/ipsec_policy_mgr.c
index 8570e07a8..9062ff7e6 100644
--- a/src/libipsec/ipsec_policy_mgr.c
+++ b/src/libipsec/ipsec_policy_mgr.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec_policy_mgr.h b/src/libipsec/ipsec_policy_mgr.h
index 97e147e40..59f97e9ee 100644
--- a/src/libipsec/ipsec_policy_mgr.h
+++ b/src/libipsec/ipsec_policy_mgr.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec_processor.c b/src/libipsec/ipsec_processor.c
index 23b8ad21e..c96b61364 100644
--- a/src/libipsec/ipsec_processor.c
+++ b/src/libipsec/ipsec_processor.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec_processor.h b/src/libipsec/ipsec_processor.h
index 0a409828b..7aa88ffa6 100644
--- a/src/libipsec/ipsec_processor.h
+++ b/src/libipsec/ipsec_processor.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec_sa.c b/src/libipsec/ipsec_sa.c
index ba020658b..a21245edf 100644
--- a/src/libipsec/ipsec_sa.c
+++ b/src/libipsec/ipsec_sa.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec_sa.h b/src/libipsec/ipsec_sa.h
index 36fe48379..80dbd9353 100644
--- a/src/libipsec/ipsec_sa.h
+++ b/src/libipsec/ipsec_sa.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec_sa_mgr.c b/src/libipsec/ipsec_sa_mgr.c
index 44d35244a..66c3e67b1 100644
--- a/src/libipsec/ipsec_sa_mgr.c
+++ b/src/libipsec/ipsec_sa_mgr.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012-2017 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libipsec/ipsec_sa_mgr.h b/src/libipsec/ipsec_sa_mgr.h
index 708af1fda..6ab6285ad 100644
--- a/src/libipsec/ipsec_sa_mgr.h
+++ b/src/libipsec/ipsec_sa_mgr.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libradius/radius_client.c b/src/libradius/radius_client.c
index d44c5a2e3..f7d600421 100644
--- a/src/libradius/radius_client.c
+++ b/src/libradius/radius_client.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libradius/radius_client.h b/src/libradius/radius_client.h
index 2f6c8a43a..691cdaabc 100644
--- a/src/libradius/radius_client.h
+++ b/src/libradius/radius_client.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libradius/radius_message.c b/src/libradius/radius_message.c
index 51135fbea..b5a03b361 100644
--- a/src/libradius/radius_message.c
+++ b/src/libradius/radius_message.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libradius/radius_message.h b/src/libradius/radius_message.h
index eb14bf08e..e7ffe9357 100644
--- a/src/libradius/radius_message.h
+++ b/src/libradius/radius_message.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libsimaka/simaka_card.h b/src/libsimaka/simaka_card.h
index b705923f6..e32e70d4d 100644
--- a/src/libsimaka/simaka_card.h
+++ b/src/libsimaka/simaka_card.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2011 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libsimaka/simaka_crypto.c b/src/libsimaka/simaka_crypto.c
index e60c02a1a..e5662ac20 100644
--- a/src/libsimaka/simaka_crypto.c
+++ b/src/libsimaka/simaka_crypto.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009-2011 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libsimaka/simaka_crypto.h b/src/libsimaka/simaka_crypto.h
index c07755865..9881c53ee 100644
--- a/src/libsimaka/simaka_crypto.h
+++ b/src/libsimaka/simaka_crypto.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libsimaka/simaka_hooks.h b/src/libsimaka/simaka_hooks.h
index ffe1c25b6..f4abef222 100644
--- a/src/libsimaka/simaka_hooks.h
+++ b/src/libsimaka/simaka_hooks.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2011 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libsimaka/simaka_manager.c b/src/libsimaka/simaka_manager.c
index 47f1f6f8a..a78121f7d 100644
--- a/src/libsimaka/simaka_manager.c
+++ b/src/libsimaka/simaka_manager.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libsimaka/simaka_manager.h b/src/libsimaka/simaka_manager.h
index 9f6810f8f..ff3bf14d1 100644
--- a/src/libsimaka/simaka_manager.h
+++ b/src/libsimaka/simaka_manager.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2011 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c
index 8f5812a76..80391756c 100644
--- a/src/libsimaka/simaka_message.c
+++ b/src/libsimaka/simaka_message.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libsimaka/simaka_message.h b/src/libsimaka/simaka_message.h
index 2393d3450..3555612f5 100644
--- a/src/libsimaka/simaka_message.h
+++ b/src/libsimaka/simaka_message.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libsimaka/simaka_provider.h b/src/libsimaka/simaka_provider.h
index ef1c73908..59a8c21df 100644
--- a/src/libsimaka/simaka_provider.h
+++ b/src/libsimaka/simaka_provider.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2011 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 3f3a5c587..79cb17ed1 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2006 Martin Will
  * Copyright (C) 2000-2016 Andreas Steffen
  *
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h
index 3c7389e5c..767dfaeee 100644
--- a/src/libstrongswan/asn1/asn1.h
+++ b/src/libstrongswan/asn1/asn1.h
@@ -100,7 +100,7 @@ extern const chunk_t ASN1_INTEGER_2;
 chunk_t asn1_algorithmIdentifier(int oid);
 
 /**
- * Build an algorithmIdentifier from a known OID and the given prameters.
+ * Build an algorithmIdentifier from a known OID and the given parameters.
  *
  * @param oid		known OID index
  * @param params	parameters to encode in the algorithmIdentifier (adopted)
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index a70aafdd9..3ea373521 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -80,7 +80,7 @@ const oid_t oid_names[] = {
  {    0x36,                    68, 0,  2, "inhibitAnyPolicy"                }, /*  67 */
  {    0x37,                    69, 0,  2, "targetInformation"               }, /*  68 */
  {    0x38,                     0, 0,  2, "noRevAvail"                      }, /*  69 */
- {0x2A,                       195, 1,  0, ""                                }, /*  70 */
+ {0x2A,                       202, 1,  0, ""                                }, /*  70 */
  {  0x83,                      83, 1,  1, ""                                }, /*  71 */
  {    0x08,                     0, 1,  2, "jp"                              }, /*  72 */
  {      0x8C,                   0, 1,  3, ""                                }, /*  73 */
@@ -95,7 +95,7 @@ const oid_t oid_names[] = {
  {                    0x04,     0, 0, 10, "camellia256-cbc"                 }, /*  82 */
  {  0x86,                       0, 1,  1, ""                                }, /*  83 */
  {    0x48,                     0, 1,  2, "us"                              }, /*  84 */
- {      0x86,                 154, 1,  3, ""                                }, /*  85 */
+ {      0x86,                 161, 1,  3, ""                                }, /*  85 */
  {        0xF6,                91, 1,  4, ""                                }, /*  86 */
  {          0x7D,               0, 1,  5, "NortelNetworks"                  }, /*  87 */
  {            0x07,             0, 1,  6, "Entrust"                         }, /*  88 */
@@ -159,352 +159,359 @@ const oid_t oid_names[] = {
  {                    0x04,   147, 0, 10, "crlBag"                          }, /* 146 */
  {                    0x05,   148, 0, 10, "secretBag"                       }, /* 147 */
  {                    0x06,     0, 0, 10, "safeContentsBag"                 }, /* 148 */
- {            0x02,           152, 1,  6, "digestAlgorithm"                 }, /* 149 */
+ {            0x02,           159, 1,  6, "digestAlgorithm"                 }, /* 149 */
  {              0x02,         151, 0,  7, "md2"                             }, /* 150 */
- {              0x05,           0, 0,  7, "md5"                             }, /* 151 */
- {            0x03,             0, 1,  6, "encryptionAlgorithm"             }, /* 152 */
- {              0x07,           0, 0,  7, "3des-ede-cbc"                    }, /* 153 */
- {      0xCE,                   0, 1,  3, ""                                }, /* 154 */
- {        0x3D,                 0, 1,  4, "ansi-X9-62"                      }, /* 155 */
- {          0x02,             158, 1,  5, "id-publicKeyType"                }, /* 156 */
- {            0x01,             0, 0,  6, "id-ecPublicKey"                  }, /* 157 */
- {          0x03,             188, 1,  5, "ellipticCurve"                   }, /* 158 */
- {            0x00,           180, 1,  6, "c-TwoCurve"                      }, /* 159 */
- {              0x01,         161, 0,  7, "c2pnb163v1"                      }, /* 160 */
- {              0x02,         162, 0,  7, "c2pnb163v2"                      }, /* 161 */
- {              0x03,         163, 0,  7, "c2pnb163v3"                      }, /* 162 */
- {              0x04,         164, 0,  7, "c2pnb176w1"                      }, /* 163 */
- {              0x05,         165, 0,  7, "c2tnb191v1"                      }, /* 164 */
- {              0x06,         166, 0,  7, "c2tnb191v2"                      }, /* 165 */
- {              0x07,         167, 0,  7, "c2tnb191v3"                      }, /* 166 */
- {              0x08,         168, 0,  7, "c2onb191v4"                      }, /* 167 */
- {              0x09,         169, 0,  7, "c2onb191v5"                      }, /* 168 */
- {              0x0A,         170, 0,  7, "c2pnb208w1"                      }, /* 169 */
- {              0x0B,         171, 0,  7, "c2tnb239v1"                      }, /* 170 */
- {              0x0C,         172, 0,  7, "c2tnb239v2"                      }, /* 171 */
- {              0x0D,         173, 0,  7, "c2tnb239v3"                      }, /* 172 */
- {              0x0E,         174, 0,  7, "c2onb239v4"                      }, /* 173 */
- {              0x0F,         175, 0,  7, "c2onb239v5"                      }, /* 174 */
- {              0x10,         176, 0,  7, "c2pnb272w1"                      }, /* 175 */
- {              0x11,         177, 0,  7, "c2pnb304w1"                      }, /* 176 */
- {              0x12,         178, 0,  7, "c2tnb359v1"                      }, /* 177 */
- {              0x13,         179, 0,  7, "c2pnb368w1"                      }, /* 178 */
- {              0x14,           0, 0,  7, "c2tnb431r1"                      }, /* 179 */
- {            0x01,             0, 1,  6, "primeCurve"                      }, /* 180 */
- {              0x01,         182, 0,  7, "prime192v1"                      }, /* 181 */
- {              0x02,         183, 0,  7, "prime192v2"                      }, /* 182 */
- {              0x03,         184, 0,  7, "prime192v3"                      }, /* 183 */
- {              0x04,         185, 0,  7, "prime239v1"                      }, /* 184 */
- {              0x05,         186, 0,  7, "prime239v2"                      }, /* 185 */
- {              0x06,         187, 0,  7, "prime239v3"                      }, /* 186 */
- {              0x07,           0, 0,  7, "prime256v1"                      }, /* 187 */
- {          0x04,               0, 1,  5, "id-ecSigType"                    }, /* 188 */
- {            0x01,           190, 0,  6, "ecdsa-with-SHA1"                 }, /* 189 */
- {            0x03,             0, 1,  6, "ecdsa-with-Specified"            }, /* 190 */
- {              0x01,         192, 0,  7, "ecdsa-with-SHA224"               }, /* 191 */
- {              0x02,         193, 0,  7, "ecdsa-with-SHA256"               }, /* 192 */
- {              0x03,         194, 0,  7, "ecdsa-with-SHA384"               }, /* 193 */
- {              0x04,           0, 0,  7, "ecdsa-with-SHA512"               }, /* 194 */
- {0x2B,                       426, 1,  0, ""                                }, /* 195 */
- {  0x06,                     337, 1,  1, "dod"                             }, /* 196 */
- {    0x01,                     0, 1,  2, "internet"                        }, /* 197 */
- {      0x04,                 287, 1,  3, "private"                         }, /* 198 */
- {        0x01,                 0, 1,  4, "enterprise"                      }, /* 199 */
- {          0x82,             237, 1,  5, ""                                }, /* 200 */
- {            0x37,           213, 1,  6, "Microsoft"                       }, /* 201 */
- {              0x0A,         206, 1,  7, ""                                }, /* 202 */
- {                0x03,         0, 1,  8, ""                                }, /* 203 */
- {                  0x03,     205, 0,  9, "msSGC"                           }, /* 204 */
- {                  0x04,       0, 0,  9, "msEncryptingFileSystem"          }, /* 205 */
- {              0x14,         210, 1,  7, "msEnrollmentInfrastructure"      }, /* 206 */
- {                0x02,         0, 1,  8, "msCertificateTypeExtension"      }, /* 207 */
- {                  0x02,     209, 0,  9, "msSmartcardLogon"                }, /* 208 */
- {                  0x03,       0, 0,  9, "msUPN"                           }, /* 209 */
- {              0x15,           0, 1,  7, "msCertSrvInfrastructure"         }, /* 210 */
- {                0x07,       212, 0,  8, "msCertTemplate"                  }, /* 211 */
- {                0x0A,         0, 0,  8, "msApplicationCertPolicies"       }, /* 212 */
- {            0xA0,             0, 1,  6, ""                                }, /* 213 */
- {              0x2A,           0, 1,  7, "ITA"                             }, /* 214 */
- {                0x01,       216, 0,  8, "strongSwan"                      }, /* 215 */
- {                0x02,       217, 0,  8, "cps"                             }, /* 216 */
- {                0x03,       218, 0,  8, "e-voting"                        }, /* 217 */
- {                0x05,         0, 1,  8, "BLISS"                           }, /* 218 */
- {                  0x01,     221, 1,  9, "keyType"                         }, /* 219 */
- {                    0x01,     0, 0, 10, "blissPublicKey"                  }, /* 220 */
- {                  0x02,     230, 1,  9, "parameters"                      }, /* 221 */
- {                    0x01,   223, 0, 10, "BLISS-I"                         }, /* 222 */
- {                    0x02,   224, 0, 10, "BLISS-II"                        }, /* 223 */
- {                    0x03,   225, 0, 10, "BLISS-III"                       }, /* 224 */
- {                    0x04,   226, 0, 10, "BLISS-IV"                        }, /* 225 */
- {                    0x05,   227, 0, 10, "BLISS-B-I"                       }, /* 226 */
- {                    0x06,   228, 0, 10, "BLISS-B-II"                      }, /* 227 */
- {                    0x07,   229, 0, 10, "BLISS-B-III"                     }, /* 228 */
- {                    0x08,     0, 0, 10, "BLISS-B-IV"                      }, /* 229 */
- {                  0x03,       0, 1,  9, "blissSigType"                    }, /* 230 */
- {                    0x01,   232, 0, 10, "BLISS-with-SHA2-512"             }, /* 231 */
- {                    0x02,   233, 0, 10, "BLISS-with-SHA2-384"             }, /* 232 */
- {                    0x03,   234, 0, 10, "BLISS-with-SHA2-256"             }, /* 233 */
- {                    0x04,   235, 0, 10, "BLISS-with-SHA3-512"             }, /* 234 */
- {                    0x05,   236, 0, 10, "BLISS-with-SHA3-384"             }, /* 235 */
- {                    0x06,     0, 0, 10, "BLISS-with-SHA3-256"             }, /* 236 */
- {          0x89,             244, 1,  5, ""                                }, /* 237 */
- {            0x31,             0, 1,  6, ""                                }, /* 238 */
- {              0x01,           0, 1,  7, ""                                }, /* 239 */
- {                0x01,         0, 1,  8, ""                                }, /* 240 */
- {                  0x02,       0, 1,  9, ""                                }, /* 241 */
- {                    0x02,     0, 1, 10, ""                                }, /* 242 */
- {                      0x4B,   0, 0, 11, "TCGID"                           }, /* 243 */
- {          0x97,             248, 1,  5, ""                                }, /* 244 */
- {            0x55,             0, 1,  6, ""                                }, /* 245 */
+ {              0x05,         152, 0,  7, "md5"                             }, /* 151 */
+ {              0x07,         153, 0,  7, "hmacWithSHA1"                    }, /* 152 */
+ {              0x08,         154, 0,  7, "hmacWithSHA224"                  }, /* 153 */
+ {              0x09,         155, 0,  7, "hmacWithSHA256"                  }, /* 154 */
+ {              0x0A,         156, 0,  7, "hmacWithSHA384"                  }, /* 155 */
+ {              0x0B,         157, 0,  7, "hmacWithSHA512"                  }, /* 156 */
+ {              0x0C,         158, 0,  7, "hmacWithSHA512-224"              }, /* 157 */
+ {              0x0D,           0, 0,  7, "hmacWithSHA512-256"              }, /* 158 */
+ {            0x03,             0, 1,  6, "encryptionAlgorithm"             }, /* 159 */
+ {              0x07,           0, 0,  7, "3des-ede-cbc"                    }, /* 160 */
+ {      0xCE,                   0, 1,  3, ""                                }, /* 161 */
+ {        0x3D,                 0, 1,  4, "ansi-X9-62"                      }, /* 162 */
+ {          0x02,             165, 1,  5, "id-publicKeyType"                }, /* 163 */
+ {            0x01,             0, 0,  6, "id-ecPublicKey"                  }, /* 164 */
+ {          0x03,             195, 1,  5, "ellipticCurve"                   }, /* 165 */
+ {            0x00,           187, 1,  6, "c-TwoCurve"                      }, /* 166 */
+ {              0x01,         168, 0,  7, "c2pnb163v1"                      }, /* 167 */
+ {              0x02,         169, 0,  7, "c2pnb163v2"                      }, /* 168 */
+ {              0x03,         170, 0,  7, "c2pnb163v3"                      }, /* 169 */
+ {              0x04,         171, 0,  7, "c2pnb176w1"                      }, /* 170 */
+ {              0x05,         172, 0,  7, "c2tnb191v1"                      }, /* 171 */
+ {              0x06,         173, 0,  7, "c2tnb191v2"                      }, /* 172 */
+ {              0x07,         174, 0,  7, "c2tnb191v3"                      }, /* 173 */
+ {              0x08,         175, 0,  7, "c2onb191v4"                      }, /* 174 */
+ {              0x09,         176, 0,  7, "c2onb191v5"                      }, /* 175 */
+ {              0x0A,         177, 0,  7, "c2pnb208w1"                      }, /* 176 */
+ {              0x0B,         178, 0,  7, "c2tnb239v1"                      }, /* 177 */
+ {              0x0C,         179, 0,  7, "c2tnb239v2"                      }, /* 178 */
+ {              0x0D,         180, 0,  7, "c2tnb239v3"                      }, /* 179 */
+ {              0x0E,         181, 0,  7, "c2onb239v4"                      }, /* 180 */
+ {              0x0F,         182, 0,  7, "c2onb239v5"                      }, /* 181 */
+ {              0x10,         183, 0,  7, "c2pnb272w1"                      }, /* 182 */
+ {              0x11,         184, 0,  7, "c2pnb304w1"                      }, /* 183 */
+ {              0x12,         185, 0,  7, "c2tnb359v1"                      }, /* 184 */
+ {              0x13,         186, 0,  7, "c2pnb368w1"                      }, /* 185 */
+ {              0x14,           0, 0,  7, "c2tnb431r1"                      }, /* 186 */
+ {            0x01,             0, 1,  6, "primeCurve"                      }, /* 187 */
+ {              0x01,         189, 0,  7, "prime192v1"                      }, /* 188 */
+ {              0x02,         190, 0,  7, "prime192v2"                      }, /* 189 */
+ {              0x03,         191, 0,  7, "prime192v3"                      }, /* 190 */
+ {              0x04,         192, 0,  7, "prime239v1"                      }, /* 191 */
+ {              0x05,         193, 0,  7, "prime239v2"                      }, /* 192 */
+ {              0x06,         194, 0,  7, "prime239v3"                      }, /* 193 */
+ {              0x07,           0, 0,  7, "prime256v1"                      }, /* 194 */
+ {          0x04,               0, 1,  5, "id-ecSigType"                    }, /* 195 */
+ {            0x01,           197, 0,  6, "ecdsa-with-SHA1"                 }, /* 196 */
+ {            0x03,             0, 1,  6, "ecdsa-with-Specified"            }, /* 197 */
+ {              0x01,         199, 0,  7, "ecdsa-with-SHA224"               }, /* 198 */
+ {              0x02,         200, 0,  7, "ecdsa-with-SHA256"               }, /* 199 */
+ {              0x03,         201, 0,  7, "ecdsa-with-SHA384"               }, /* 200 */
+ {              0x04,           0, 0,  7, "ecdsa-with-SHA512"               }, /* 201 */
+ {0x2B,                       433, 1,  0, ""                                }, /* 202 */
+ {  0x06,                     344, 1,  1, "dod"                             }, /* 203 */
+ {    0x01,                     0, 1,  2, "internet"                        }, /* 204 */
+ {      0x04,                 294, 1,  3, "private"                         }, /* 205 */
+ {        0x01,                 0, 1,  4, "enterprise"                      }, /* 206 */
+ {          0x82,             244, 1,  5, ""                                }, /* 207 */
+ {            0x37,           220, 1,  6, "Microsoft"                       }, /* 208 */
+ {              0x0A,         213, 1,  7, ""                                }, /* 209 */
+ {                0x03,         0, 1,  8, ""                                }, /* 210 */
+ {                  0x03,     212, 0,  9, "msSGC"                           }, /* 211 */
+ {                  0x04,       0, 0,  9, "msEncryptingFileSystem"          }, /* 212 */
+ {              0x14,         217, 1,  7, "msEnrollmentInfrastructure"      }, /* 213 */
+ {                0x02,         0, 1,  8, "msCertificateTypeExtension"      }, /* 214 */
+ {                  0x02,     216, 0,  9, "msSmartcardLogon"                }, /* 215 */
+ {                  0x03,       0, 0,  9, "msUPN"                           }, /* 216 */
+ {              0x15,           0, 1,  7, "msCertSrvInfrastructure"         }, /* 217 */
+ {                0x07,       219, 0,  8, "msCertTemplate"                  }, /* 218 */
+ {                0x0A,         0, 0,  8, "msApplicationCertPolicies"       }, /* 219 */
+ {            0xA0,             0, 1,  6, ""                                }, /* 220 */
+ {              0x2A,           0, 1,  7, "ITA"                             }, /* 221 */
+ {                0x01,       223, 0,  8, "strongSwan"                      }, /* 222 */
+ {                0x02,       224, 0,  8, "cps"                             }, /* 223 */
+ {                0x03,       225, 0,  8, "e-voting"                        }, /* 224 */
+ {                0x05,         0, 1,  8, "BLISS"                           }, /* 225 */
+ {                  0x01,     228, 1,  9, "keyType"                         }, /* 226 */
+ {                    0x01,     0, 0, 10, "blissPublicKey"                  }, /* 227 */
+ {                  0x02,     237, 1,  9, "parameters"                      }, /* 228 */
+ {                    0x01,   230, 0, 10, "BLISS-I"                         }, /* 229 */
+ {                    0x02,   231, 0, 10, "BLISS-II"                        }, /* 230 */
+ {                    0x03,   232, 0, 10, "BLISS-III"                       }, /* 231 */
+ {                    0x04,   233, 0, 10, "BLISS-IV"                        }, /* 232 */
+ {                    0x05,   234, 0, 10, "BLISS-B-I"                       }, /* 233 */
+ {                    0x06,   235, 0, 10, "BLISS-B-II"                      }, /* 234 */
+ {                    0x07,   236, 0, 10, "BLISS-B-III"                     }, /* 235 */
+ {                    0x08,     0, 0, 10, "BLISS-B-IV"                      }, /* 236 */
+ {                  0x03,       0, 1,  9, "blissSigType"                    }, /* 237 */
+ {                    0x01,   239, 0, 10, "BLISS-with-SHA2-512"             }, /* 238 */
+ {                    0x02,   240, 0, 10, "BLISS-with-SHA2-384"             }, /* 239 */
+ {                    0x03,   241, 0, 10, "BLISS-with-SHA2-256"             }, /* 240 */
+ {                    0x04,   242, 0, 10, "BLISS-with-SHA3-512"             }, /* 241 */
+ {                    0x05,   243, 0, 10, "BLISS-with-SHA3-384"             }, /* 242 */
+ {                    0x06,     0, 0, 10, "BLISS-with-SHA3-256"             }, /* 243 */
+ {          0x89,             251, 1,  5, ""                                }, /* 244 */
+ {            0x31,             0, 1,  6, ""                                }, /* 245 */
  {              0x01,           0, 1,  7, ""                                }, /* 246 */
- {                0x02,         0, 0,  8, "blowfish-cbc"                    }, /* 247 */
- {          0xC1,               0, 1,  5, ""                                }, /* 248 */
- {            0x16,             0, 1,  6, "ntruCryptosystems"               }, /* 249 */
- {              0x01,           0, 1,  7, "eess"                            }, /* 250 */
- {                0x01,         0, 1,  8, "eess1"                           }, /* 251 */
- {                  0x01,     256, 1,  9, "eess1-algs"                      }, /* 252 */
- {                    0x01,   254, 0, 10, "ntru-EESS1v1-SVES"               }, /* 253 */
- {                    0x02,   255, 0, 10, "ntru-EESS1v1-SVSSA"              }, /* 254 */
- {                    0x03,     0, 0, 10, "ntru-EESS1v1-NTRUSign"           }, /* 255 */
- {                  0x02,     286, 1,  9, "eess1-params"                    }, /* 256 */
- {                    0x01,   258, 0, 10, "ees251ep1"                       }, /* 257 */
- {                    0x02,   259, 0, 10, "ees347ep1"                       }, /* 258 */
- {                    0x03,   260, 0, 10, "ees503ep1"                       }, /* 259 */
- {                    0x07,   261, 0, 10, "ees251sp2"                       }, /* 260 */
- {                    0x0C,   262, 0, 10, "ees251ep4"                       }, /* 261 */
- {                    0x0D,   263, 0, 10, "ees251ep5"                       }, /* 262 */
- {                    0x0E,   264, 0, 10, "ees251sp3"                       }, /* 263 */
- {                    0x0F,   265, 0, 10, "ees251sp4"                       }, /* 264 */
- {                    0x10,   266, 0, 10, "ees251sp5"                       }, /* 265 */
- {                    0x11,   267, 0, 10, "ees251sp6"                       }, /* 266 */
- {                    0x12,   268, 0, 10, "ees251sp7"                       }, /* 267 */
- {                    0x13,   269, 0, 10, "ees251sp8"                       }, /* 268 */
- {                    0x14,   270, 0, 10, "ees251sp9"                       }, /* 269 */
- {                    0x22,   271, 0, 10, "ees401ep1"                       }, /* 270 */
- {                    0x23,   272, 0, 10, "ees449ep1"                       }, /* 271 */
- {                    0x24,   273, 0, 10, "ees677ep1"                       }, /* 272 */
- {                    0x25,   274, 0, 10, "ees1087ep2"                      }, /* 273 */
- {                    0x26,   275, 0, 10, "ees541ep1"                       }, /* 274 */
- {                    0x27,   276, 0, 10, "ees613ep1"                       }, /* 275 */
- {                    0x28,   277, 0, 10, "ees887ep1"                       }, /* 276 */
- {                    0x29,   278, 0, 10, "ees1171ep1"                      }, /* 277 */
- {                    0x2A,   279, 0, 10, "ees659ep1"                       }, /* 278 */
- {                    0x2B,   280, 0, 10, "ees761ep1"                       }, /* 279 */
- {                    0x2C,   281, 0, 10, "ees1087ep1"                      }, /* 280 */
- {                    0x2D,   282, 0, 10, "ees1499ep1"                      }, /* 281 */
- {                    0x2E,   283, 0, 10, "ees401ep2"                       }, /* 282 */
- {                    0x2F,   284, 0, 10, "ees439ep1"                       }, /* 283 */
- {                    0x30,   285, 0, 10, "ees593ep1"                       }, /* 284 */
- {                    0x31,     0, 0, 10, "ees743ep1"                       }, /* 285 */
- {                  0x03,       0, 0,  9, "eess1-encodingMethods"           }, /* 286 */
- {      0x05,                   0, 1,  3, "security"                        }, /* 287 */
- {        0x05,                 0, 1,  4, "mechanisms"                      }, /* 288 */
- {          0x07,             334, 1,  5, "id-pkix"                         }, /* 289 */
- {            0x01,           295, 1,  6, "id-pe"                           }, /* 290 */
- {              0x01,         292, 0,  7, "authorityInfoAccess"             }, /* 291 */
- {              0x03,         293, 0,  7, "qcStatements"                    }, /* 292 */
- {              0x07,         294, 0,  7, "ipAddrBlocks"                    }, /* 293 */
- {              0x18,           0, 0,  7, "tlsfeature"                      }, /* 294 */
- {            0x02,           298, 1,  6, "id-qt"                           }, /* 295 */
- {              0x01,         297, 0,  7, "cps"                             }, /* 296 */
- {              0x02,           0, 0,  7, "unotice"                         }, /* 297 */
- {            0x03,           308, 1,  6, "id-kp"                           }, /* 298 */
- {              0x01,         300, 0,  7, "serverAuth"                      }, /* 299 */
- {              0x02,         301, 0,  7, "clientAuth"                      }, /* 300 */
- {              0x03,         302, 0,  7, "codeSigning"                     }, /* 301 */
- {              0x04,         303, 0,  7, "emailProtection"                 }, /* 302 */
- {              0x05,         304, 0,  7, "ipsecEndSystem"                  }, /* 303 */
- {              0x06,         305, 0,  7, "ipsecTunnel"                     }, /* 304 */
- {              0x07,         306, 0,  7, "ipsecUser"                       }, /* 305 */
- {              0x08,         307, 0,  7, "timeStamping"                    }, /* 306 */
- {              0x09,           0, 0,  7, "ocspSigning"                     }, /* 307 */
- {            0x08,           316, 1,  6, "id-otherNames"                   }, /* 308 */
- {              0x01,         310, 0,  7, "personalData"                    }, /* 309 */
- {              0x02,         311, 0,  7, "userGroup"                       }, /* 310 */
- {              0x03,         312, 0,  7, "id-on-permanentIdentifier"       }, /* 311 */
- {              0x04,         313, 0,  7, "id-on-hardwareModuleName"        }, /* 312 */
- {              0x05,         314, 0,  7, "xmppAddr"                        }, /* 313 */
- {              0x06,         315, 0,  7, "id-on-SIM"                       }, /* 314 */
- {              0x07,           0, 0,  7, "id-on-dnsSRV"                    }, /* 315 */
- {            0x0A,           321, 1,  6, "id-aca"                          }, /* 316 */
- {              0x01,         318, 0,  7, "authenticationInfo"              }, /* 317 */
- {              0x02,         319, 0,  7, "accessIdentity"                  }, /* 318 */
- {              0x03,         320, 0,  7, "chargingIdentity"                }, /* 319 */
- {              0x04,           0, 0,  7, "group"                           }, /* 320 */
- {            0x0B,           322, 0,  6, "subjectInfoAccess"               }, /* 321 */
- {            0x30,             0, 1,  6, "id-ad"                           }, /* 322 */
- {              0x01,         331, 1,  7, "ocsp"                            }, /* 323 */
- {                0x01,       325, 0,  8, "basic"                           }, /* 324 */
- {                0x02,       326, 0,  8, "nonce"                           }, /* 325 */
- {                0x03,       327, 0,  8, "crl"                             }, /* 326 */
- {                0x04,       328, 0,  8, "response"                        }, /* 327 */
- {                0x05,       329, 0,  8, "noCheck"                         }, /* 328 */
- {                0x06,       330, 0,  8, "archiveCutoff"                   }, /* 329 */
- {                0x07,         0, 0,  8, "serviceLocator"                  }, /* 330 */
- {              0x02,         332, 0,  7, "caIssuers"                       }, /* 331 */
- {              0x03,         333, 0,  7, "timeStamping"                    }, /* 332 */
- {              0x05,           0, 0,  7, "caRepository"                    }, /* 333 */
- {          0x08,               0, 1,  5, "ipsec"                           }, /* 334 */
- {            0x02,             0, 1,  6, "certificate"                     }, /* 335 */
- {              0x02,           0, 0,  7, "iKEIntermediate"                 }, /* 336 */
- {  0x0E,                     343, 1,  1, "oiw"                             }, /* 337 */
- {    0x03,                     0, 1,  2, "secsig"                          }, /* 338 */
- {      0x02,                   0, 1,  3, "algorithms"                      }, /* 339 */
- {        0x07,               341, 0,  4, "des-cbc"                         }, /* 340 */
- {        0x1A,               342, 0,  4, "sha-1"                           }, /* 341 */
- {        0x1D,                 0, 0,  4, "sha-1WithRSASignature"           }, /* 342 */
- {  0x24,                     389, 1,  1, "TeleTrusT"                       }, /* 343 */
- {    0x03,                     0, 1,  2, "algorithm"                       }, /* 344 */
- {      0x03,                   0, 1,  3, "signatureAlgorithm"              }, /* 345 */
- {        0x01,               350, 1,  4, "rsaSignature"                    }, /* 346 */
- {          0x02,             348, 0,  5, "rsaSigWithripemd160"             }, /* 347 */
- {          0x03,             349, 0,  5, "rsaSigWithripemd128"             }, /* 348 */
- {          0x04,               0, 0,  5, "rsaSigWithripemd256"             }, /* 349 */
- {        0x02,                 0, 1,  4, "ecSign"                          }, /* 350 */
- {          0x01,             352, 0,  5, "ecSignWithsha1"                  }, /* 351 */
- {          0x02,             353, 0,  5, "ecSignWithripemd160"             }, /* 352 */
- {          0x03,             354, 0,  5, "ecSignWithmd2"                   }, /* 353 */
- {          0x04,             355, 0,  5, "ecSignWithmd5"                   }, /* 354 */
- {          0x05,             372, 1,  5, "ttt-ecg"                         }, /* 355 */
- {            0x01,           360, 1,  6, "fieldType"                       }, /* 356 */
- {              0x01,           0, 1,  7, "characteristictwoField"          }, /* 357 */
- {                0x01,         0, 1,  8, "basisType"                       }, /* 358 */
- {                  0x01,       0, 0,  9, "ipBasis"                         }, /* 359 */
- {            0x02,           362, 1,  6, "keyType"                         }, /* 360 */
- {              0x01,           0, 0,  7, "ecgPublicKey"                    }, /* 361 */
- {            0x03,           363, 0,  6, "curve"                           }, /* 362 */
- {            0x04,           370, 1,  6, "signatures"                      }, /* 363 */
- {              0x01,         365, 0,  7, "ecgdsa-with-RIPEMD160"           }, /* 364 */
- {              0x02,         366, 0,  7, "ecgdsa-with-SHA1"                }, /* 365 */
- {              0x03,         367, 0,  7, "ecgdsa-with-SHA224"              }, /* 366 */
- {              0x04,         368, 0,  7, "ecgdsa-with-SHA256"              }, /* 367 */
- {              0x05,         369, 0,  7, "ecgdsa-with-SHA384"              }, /* 368 */
- {              0x06,           0, 0,  7, "ecgdsa-with-SHA512"              }, /* 369 */
- {            0x05,             0, 1,  6, "module"                          }, /* 370 */
- {              0x01,           0, 0,  7, "1"                               }, /* 371 */
- {          0x08,               0, 1,  5, "ecStdCurvesAndGeneration"        }, /* 372 */
- {            0x01,             0, 1,  6, "ellipticCurve"                   }, /* 373 */
- {              0x01,           0, 1,  7, "versionOne"                      }, /* 374 */
- {                0x01,       376, 0,  8, "brainpoolP160r1"                 }, /* 375 */
- {                0x02,       377, 0,  8, "brainpoolP160t1"                 }, /* 376 */
- {                0x03,       378, 0,  8, "brainpoolP192r1"                 }, /* 377 */
- {                0x04,       379, 0,  8, "brainpoolP192t1"                 }, /* 378 */
- {                0x05,       380, 0,  8, "brainpoolP224r1"                 }, /* 379 */
- {                0x06,       381, 0,  8, "brainpoolP224t1"                 }, /* 380 */
- {                0x07,       382, 0,  8, "brainpoolP256r1"                 }, /* 381 */
- {                0x08,       383, 0,  8, "brainpoolP256t1"                 }, /* 382 */
- {                0x09,       384, 0,  8, "brainpoolP320r1"                 }, /* 383 */
- {                0x0A,       385, 0,  8, "brainpoolP320t1"                 }, /* 384 */
- {                0x0B,       386, 0,  8, "brainpoolP384r1"                 }, /* 385 */
- {                0x0C,       387, 0,  8, "brainpoolP384t1"                 }, /* 386 */
- {                0x0D,       388, 0,  8, "brainpoolP512r1"                 }, /* 387 */
- {                0x0E,         0, 0,  8, "brainpoolP512t1"                 }, /* 388 */
- {  0x65,                     392, 1,  1, "Thawte"                          }, /* 389 */
- {    0x70,                   391, 0,  2, "id-Ed25519"                      }, /* 390 */
- {    0x71,                     0, 0,  2, "id-Ed448"                        }, /* 391 */
- {  0x81,                       0, 1,  1, ""                                }, /* 392 */
- {    0x04,                     0, 1,  2, "Certicom"                        }, /* 393 */
- {      0x00,                   0, 1,  3, "curve"                           }, /* 394 */
- {        0x01,               396, 0,  4, "sect163k1"                       }, /* 395 */
- {        0x02,               397, 0,  4, "sect163r1"                       }, /* 396 */
- {        0x03,               398, 0,  4, "sect239k1"                       }, /* 397 */
- {        0x04,               399, 0,  4, "sect113r1"                       }, /* 398 */
- {        0x05,               400, 0,  4, "sect113r2"                       }, /* 399 */
- {        0x06,               401, 0,  4, "secp112r1"                       }, /* 400 */
- {        0x07,               402, 0,  4, "secp112r2"                       }, /* 401 */
- {        0x08,               403, 0,  4, "secp160r1"                       }, /* 402 */
- {        0x09,               404, 0,  4, "secp160k1"                       }, /* 403 */
- {        0x0A,               405, 0,  4, "secp256k1"                       }, /* 404 */
- {        0x0F,               406, 0,  4, "sect163r2"                       }, /* 405 */
- {        0x10,               407, 0,  4, "sect283k1"                       }, /* 406 */
- {        0x11,               408, 0,  4, "sect283r1"                       }, /* 407 */
- {        0x16,               409, 0,  4, "sect131r1"                       }, /* 408 */
- {        0x17,               410, 0,  4, "sect131r2"                       }, /* 409 */
- {        0x18,               411, 0,  4, "sect193r1"                       }, /* 410 */
- {        0x19,               412, 0,  4, "sect193r2"                       }, /* 411 */
- {        0x1A,               413, 0,  4, "sect233k1"                       }, /* 412 */
- {        0x1B,               414, 0,  4, "sect233r1"                       }, /* 413 */
- {        0x1C,               415, 0,  4, "secp128r1"                       }, /* 414 */
- {        0x1D,               416, 0,  4, "secp128r2"                       }, /* 415 */
- {        0x1E,               417, 0,  4, "secp160r2"                       }, /* 416 */
- {        0x1F,               418, 0,  4, "secp192k1"                       }, /* 417 */
- {        0x20,               419, 0,  4, "secp224k1"                       }, /* 418 */
- {        0x21,               420, 0,  4, "secp224r1"                       }, /* 419 */
- {        0x22,               421, 0,  4, "secp384r1"                       }, /* 420 */
- {        0x23,               422, 0,  4, "secp521r1"                       }, /* 421 */
- {        0x24,               423, 0,  4, "sect409k1"                       }, /* 422 */
- {        0x25,               424, 0,  4, "sect409r1"                       }, /* 423 */
- {        0x26,               425, 0,  4, "sect571k1"                       }, /* 424 */
- {        0x27,                 0, 0,  4, "sect571r1"                       }, /* 425 */
- {0x60,                       489, 1,  0, ""                                }, /* 426 */
- {  0x86,                       0, 1,  1, ""                                }, /* 427 */
- {    0x48,                     0, 1,  2, ""                                }, /* 428 */
- {      0x01,                   0, 1,  3, "organization"                    }, /* 429 */
- {        0x65,               465, 1,  4, "gov"                             }, /* 430 */
- {          0x03,               0, 1,  5, "csor"                            }, /* 431 */
- {            0x04,             0, 1,  6, "nistalgorithm"                   }, /* 432 */
- {              0x01,         443, 1,  7, "aes"                             }, /* 433 */
- {                0x02,       435, 0,  8, "id-aes128-CBC"                   }, /* 434 */
- {                0x06,       436, 0,  8, "id-aes128-GCM"                   }, /* 435 */
- {                0x07,       437, 0,  8, "id-aes128-CCM"                   }, /* 436 */
- {                0x16,       438, 0,  8, "id-aes192-CBC"                   }, /* 437 */
- {                0x1A,       439, 0,  8, "id-aes192-GCM"                   }, /* 438 */
- {                0x1B,       440, 0,  8, "id-aes192-CCM"                   }, /* 439 */
- {                0x2A,       441, 0,  8, "id-aes256-CBC"                   }, /* 440 */
- {                0x2E,       442, 0,  8, "id-aes256-GCM"                   }, /* 441 */
- {                0x2F,         0, 0,  8, "id-aes256-CCM"                   }, /* 442 */
- {              0x02,         456, 1,  7, "hashAlgs"                        }, /* 443 */
- {                0x01,       445, 0,  8, "id-sha256"                       }, /* 444 */
- {                0x02,       446, 0,  8, "id-sha384"                       }, /* 445 */
- {                0x03,       447, 0,  8, "id-sha512"                       }, /* 446 */
- {                0x04,       448, 0,  8, "id-sha224"                       }, /* 447 */
- {                0x05,       449, 0,  8, "id-sha512-224"                   }, /* 448 */
- {                0x06,       450, 0,  8, "id-sha512-256"                   }, /* 449 */
- {                0x07,       451, 0,  8, "id-sha3-224"                     }, /* 450 */
- {                0x08,       452, 0,  8, "id-sha3-256"                     }, /* 451 */
- {                0x09,       453, 0,  8, "id-sha3-384"                     }, /* 452 */
- {                0x0A,       454, 0,  8, "id-sha3-512"                     }, /* 453 */
- {                0x0B,       455, 0,  8, "id-shake128"                     }, /* 454 */
- {                0x0C,         0, 0,  8, "id-shake256"                     }, /* 455 */
- {              0x03,           0, 1,  7, "sigAlgs"                         }, /* 456 */
- {                0x09,       458, 0,  8, "id-ecdsa-with-sha3-224"          }, /* 457 */
- {                0x0A,       459, 0,  8, "id-ecdsa-with-sha3-256"          }, /* 458 */
- {                0x0B,       460, 0,  8, "id-ecdsa-with-sha3-384"          }, /* 459 */
- {                0x0C,       461, 0,  8, "id-ecdsa-with-sha3-512"          }, /* 460 */
- {                0x0D,       462, 0,  8, "id-rsassa-pkcs1v15-with-sha3-224"}, /* 461 */
- {                0x0E,       463, 0,  8, "id-rsassa-pkcs1v15-with-sha3-256"}, /* 462 */
- {                0x0F,       464, 0,  8, "id-rsassa-pkcs1v15-with-sha3-384"}, /* 463 */
- {                0x10,         0, 0,  8, "id-rsassa-pkcs1v15-with-sha3-512"}, /* 464 */
- {        0x86,                 0, 1,  4, ""                                }, /* 465 */
- {          0xf8,               0, 1,  5, ""                                }, /* 466 */
- {            0x42,           479, 1,  6, "netscape"                        }, /* 467 */
- {              0x01,         474, 1,  7, ""                                }, /* 468 */
- {                0x01,       470, 0,  8, "nsCertType"                      }, /* 469 */
- {                0x03,       471, 0,  8, "nsRevocationUrl"                 }, /* 470 */
- {                0x04,       472, 0,  8, "nsCaRevocationUrl"               }, /* 471 */
- {                0x08,       473, 0,  8, "nsCaPolicyUrl"                   }, /* 472 */
- {                0x0d,         0, 0,  8, "nsComment"                       }, /* 473 */
- {              0x03,         477, 1,  7, "directory"                       }, /* 474 */
- {                0x01,         0, 1,  8, ""                                }, /* 475 */
- {                  0x03,       0, 0,  9, "employeeNumber"                  }, /* 476 */
- {              0x04,           0, 1,  7, "policy"                          }, /* 477 */
- {                0x01,         0, 0,  8, "nsSGC"                           }, /* 478 */
- {            0x45,             0, 1,  6, "verisign"                        }, /* 479 */
- {              0x01,           0, 1,  7, "pki"                             }, /* 480 */
- {                0x09,         0, 1,  8, "attributes"                      }, /* 481 */
- {                  0x02,     483, 0,  9, "messageType"                     }, /* 482 */
- {                  0x03,     484, 0,  9, "pkiStatus"                       }, /* 483 */
- {                  0x04,     485, 0,  9, "failInfo"                        }, /* 484 */
- {                  0x05,     486, 0,  9, "senderNonce"                     }, /* 485 */
- {                  0x06,     487, 0,  9, "recipientNonce"                  }, /* 486 */
- {                  0x07,     488, 0,  9, "transID"                         }, /* 487 */
- {                  0x08,       0, 0,  9, "extensionReq"                    }, /* 488 */
- {0x67,                         0, 1,  0, ""                                }, /* 489 */
- {  0x81,                       0, 1,  1, ""                                }, /* 490 */
- {    0x05,                     0, 1,  2, ""                                }, /* 491 */
- {      0x02,                   0, 1,  3, "tcg-attribute"                   }, /* 492 */
- {        0x01,               494, 0,  4, "tcg-at-tpmManufacturer"          }, /* 493 */
- {        0x02,               495, 0,  4, "tcg-at-tpmModel"                 }, /* 494 */
- {        0x03,               496, 0,  4, "tcg-at-tpmVersion"               }, /* 495 */
- {        0x0F,                 0, 0,  4, "tcg-at-tpmIdLabel"               }  /* 496 */
+ {                0x01,         0, 1,  8, ""                                }, /* 247 */
+ {                  0x02,       0, 1,  9, ""                                }, /* 248 */
+ {                    0x02,     0, 1, 10, ""                                }, /* 249 */
+ {                      0x4B,   0, 0, 11, "TCGID"                           }, /* 250 */
+ {          0x97,             255, 1,  5, ""                                }, /* 251 */
+ {            0x55,             0, 1,  6, ""                                }, /* 252 */
+ {              0x01,           0, 1,  7, ""                                }, /* 253 */
+ {                0x02,         0, 0,  8, "blowfish-cbc"                    }, /* 254 */
+ {          0xC1,               0, 1,  5, ""                                }, /* 255 */
+ {            0x16,             0, 1,  6, "ntruCryptosystems"               }, /* 256 */
+ {              0x01,           0, 1,  7, "eess"                            }, /* 257 */
+ {                0x01,         0, 1,  8, "eess1"                           }, /* 258 */
+ {                  0x01,     263, 1,  9, "eess1-algs"                      }, /* 259 */
+ {                    0x01,   261, 0, 10, "ntru-EESS1v1-SVES"               }, /* 260 */
+ {                    0x02,   262, 0, 10, "ntru-EESS1v1-SVSSA"              }, /* 261 */
+ {                    0x03,     0, 0, 10, "ntru-EESS1v1-NTRUSign"           }, /* 262 */
+ {                  0x02,     293, 1,  9, "eess1-params"                    }, /* 263 */
+ {                    0x01,   265, 0, 10, "ees251ep1"                       }, /* 264 */
+ {                    0x02,   266, 0, 10, "ees347ep1"                       }, /* 265 */
+ {                    0x03,   267, 0, 10, "ees503ep1"                       }, /* 266 */
+ {                    0x07,   268, 0, 10, "ees251sp2"                       }, /* 267 */
+ {                    0x0C,   269, 0, 10, "ees251ep4"                       }, /* 268 */
+ {                    0x0D,   270, 0, 10, "ees251ep5"                       }, /* 269 */
+ {                    0x0E,   271, 0, 10, "ees251sp3"                       }, /* 270 */
+ {                    0x0F,   272, 0, 10, "ees251sp4"                       }, /* 271 */
+ {                    0x10,   273, 0, 10, "ees251sp5"                       }, /* 272 */
+ {                    0x11,   274, 0, 10, "ees251sp6"                       }, /* 273 */
+ {                    0x12,   275, 0, 10, "ees251sp7"                       }, /* 274 */
+ {                    0x13,   276, 0, 10, "ees251sp8"                       }, /* 275 */
+ {                    0x14,   277, 0, 10, "ees251sp9"                       }, /* 276 */
+ {                    0x22,   278, 0, 10, "ees401ep1"                       }, /* 277 */
+ {                    0x23,   279, 0, 10, "ees449ep1"                       }, /* 278 */
+ {                    0x24,   280, 0, 10, "ees677ep1"                       }, /* 279 */
+ {                    0x25,   281, 0, 10, "ees1087ep2"                      }, /* 280 */
+ {                    0x26,   282, 0, 10, "ees541ep1"                       }, /* 281 */
+ {                    0x27,   283, 0, 10, "ees613ep1"                       }, /* 282 */
+ {                    0x28,   284, 0, 10, "ees887ep1"                       }, /* 283 */
+ {                    0x29,   285, 0, 10, "ees1171ep1"                      }, /* 284 */
+ {                    0x2A,   286, 0, 10, "ees659ep1"                       }, /* 285 */
+ {                    0x2B,   287, 0, 10, "ees761ep1"                       }, /* 286 */
+ {                    0x2C,   288, 0, 10, "ees1087ep1"                      }, /* 287 */
+ {                    0x2D,   289, 0, 10, "ees1499ep1"                      }, /* 288 */
+ {                    0x2E,   290, 0, 10, "ees401ep2"                       }, /* 289 */
+ {                    0x2F,   291, 0, 10, "ees439ep1"                       }, /* 290 */
+ {                    0x30,   292, 0, 10, "ees593ep1"                       }, /* 291 */
+ {                    0x31,     0, 0, 10, "ees743ep1"                       }, /* 292 */
+ {                  0x03,       0, 0,  9, "eess1-encodingMethods"           }, /* 293 */
+ {      0x05,                   0, 1,  3, "security"                        }, /* 294 */
+ {        0x05,                 0, 1,  4, "mechanisms"                      }, /* 295 */
+ {          0x07,             341, 1,  5, "id-pkix"                         }, /* 296 */
+ {            0x01,           302, 1,  6, "id-pe"                           }, /* 297 */
+ {              0x01,         299, 0,  7, "authorityInfoAccess"             }, /* 298 */
+ {              0x03,         300, 0,  7, "qcStatements"                    }, /* 299 */
+ {              0x07,         301, 0,  7, "ipAddrBlocks"                    }, /* 300 */
+ {              0x18,           0, 0,  7, "tlsfeature"                      }, /* 301 */
+ {            0x02,           305, 1,  6, "id-qt"                           }, /* 302 */
+ {              0x01,         304, 0,  7, "cps"                             }, /* 303 */
+ {              0x02,           0, 0,  7, "unotice"                         }, /* 304 */
+ {            0x03,           315, 1,  6, "id-kp"                           }, /* 305 */
+ {              0x01,         307, 0,  7, "serverAuth"                      }, /* 306 */
+ {              0x02,         308, 0,  7, "clientAuth"                      }, /* 307 */
+ {              0x03,         309, 0,  7, "codeSigning"                     }, /* 308 */
+ {              0x04,         310, 0,  7, "emailProtection"                 }, /* 309 */
+ {              0x05,         311, 0,  7, "ipsecEndSystem"                  }, /* 310 */
+ {              0x06,         312, 0,  7, "ipsecTunnel"                     }, /* 311 */
+ {              0x07,         313, 0,  7, "ipsecUser"                       }, /* 312 */
+ {              0x08,         314, 0,  7, "timeStamping"                    }, /* 313 */
+ {              0x09,           0, 0,  7, "ocspSigning"                     }, /* 314 */
+ {            0x08,           323, 1,  6, "id-otherNames"                   }, /* 315 */
+ {              0x01,         317, 0,  7, "personalData"                    }, /* 316 */
+ {              0x02,         318, 0,  7, "userGroup"                       }, /* 317 */
+ {              0x03,         319, 0,  7, "id-on-permanentIdentifier"       }, /* 318 */
+ {              0x04,         320, 0,  7, "id-on-hardwareModuleName"        }, /* 319 */
+ {              0x05,         321, 0,  7, "xmppAddr"                        }, /* 320 */
+ {              0x06,         322, 0,  7, "id-on-SIM"                       }, /* 321 */
+ {              0x07,           0, 0,  7, "id-on-dnsSRV"                    }, /* 322 */
+ {            0x0A,           328, 1,  6, "id-aca"                          }, /* 323 */
+ {              0x01,         325, 0,  7, "authenticationInfo"              }, /* 324 */
+ {              0x02,         326, 0,  7, "accessIdentity"                  }, /* 325 */
+ {              0x03,         327, 0,  7, "chargingIdentity"                }, /* 326 */
+ {              0x04,           0, 0,  7, "group"                           }, /* 327 */
+ {            0x0B,           329, 0,  6, "subjectInfoAccess"               }, /* 328 */
+ {            0x30,             0, 1,  6, "id-ad"                           }, /* 329 */
+ {              0x01,         338, 1,  7, "ocsp"                            }, /* 330 */
+ {                0x01,       332, 0,  8, "basic"                           }, /* 331 */
+ {                0x02,       333, 0,  8, "nonce"                           }, /* 332 */
+ {                0x03,       334, 0,  8, "crl"                             }, /* 333 */
+ {                0x04,       335, 0,  8, "response"                        }, /* 334 */
+ {                0x05,       336, 0,  8, "noCheck"                         }, /* 335 */
+ {                0x06,       337, 0,  8, "archiveCutoff"                   }, /* 336 */
+ {                0x07,         0, 0,  8, "serviceLocator"                  }, /* 337 */
+ {              0x02,         339, 0,  7, "caIssuers"                       }, /* 338 */
+ {              0x03,         340, 0,  7, "timeStamping"                    }, /* 339 */
+ {              0x05,           0, 0,  7, "caRepository"                    }, /* 340 */
+ {          0x08,               0, 1,  5, "ipsec"                           }, /* 341 */
+ {            0x02,             0, 1,  6, "certificate"                     }, /* 342 */
+ {              0x02,           0, 0,  7, "iKEIntermediate"                 }, /* 343 */
+ {  0x0E,                     350, 1,  1, "oiw"                             }, /* 344 */
+ {    0x03,                     0, 1,  2, "secsig"                          }, /* 345 */
+ {      0x02,                   0, 1,  3, "algorithms"                      }, /* 346 */
+ {        0x07,               348, 0,  4, "des-cbc"                         }, /* 347 */
+ {        0x1A,               349, 0,  4, "sha-1"                           }, /* 348 */
+ {        0x1D,                 0, 0,  4, "sha-1WithRSASignature"           }, /* 349 */
+ {  0x24,                     396, 1,  1, "TeleTrusT"                       }, /* 350 */
+ {    0x03,                     0, 1,  2, "algorithm"                       }, /* 351 */
+ {      0x03,                   0, 1,  3, "signatureAlgorithm"              }, /* 352 */
+ {        0x01,               357, 1,  4, "rsaSignature"                    }, /* 353 */
+ {          0x02,             355, 0,  5, "rsaSigWithripemd160"             }, /* 354 */
+ {          0x03,             356, 0,  5, "rsaSigWithripemd128"             }, /* 355 */
+ {          0x04,               0, 0,  5, "rsaSigWithripemd256"             }, /* 356 */
+ {        0x02,                 0, 1,  4, "ecSign"                          }, /* 357 */
+ {          0x01,             359, 0,  5, "ecSignWithsha1"                  }, /* 358 */
+ {          0x02,             360, 0,  5, "ecSignWithripemd160"             }, /* 359 */
+ {          0x03,             361, 0,  5, "ecSignWithmd2"                   }, /* 360 */
+ {          0x04,             362, 0,  5, "ecSignWithmd5"                   }, /* 361 */
+ {          0x05,             379, 1,  5, "ttt-ecg"                         }, /* 362 */
+ {            0x01,           367, 1,  6, "fieldType"                       }, /* 363 */
+ {              0x01,           0, 1,  7, "characteristictwoField"          }, /* 364 */
+ {                0x01,         0, 1,  8, "basisType"                       }, /* 365 */
+ {                  0x01,       0, 0,  9, "ipBasis"                         }, /* 366 */
+ {            0x02,           369, 1,  6, "keyType"                         }, /* 367 */
+ {              0x01,           0, 0,  7, "ecgPublicKey"                    }, /* 368 */
+ {            0x03,           370, 0,  6, "curve"                           }, /* 369 */
+ {            0x04,           377, 1,  6, "signatures"                      }, /* 370 */
+ {              0x01,         372, 0,  7, "ecgdsa-with-RIPEMD160"           }, /* 371 */
+ {              0x02,         373, 0,  7, "ecgdsa-with-SHA1"                }, /* 372 */
+ {              0x03,         374, 0,  7, "ecgdsa-with-SHA224"              }, /* 373 */
+ {              0x04,         375, 0,  7, "ecgdsa-with-SHA256"              }, /* 374 */
+ {              0x05,         376, 0,  7, "ecgdsa-with-SHA384"              }, /* 375 */
+ {              0x06,           0, 0,  7, "ecgdsa-with-SHA512"              }, /* 376 */
+ {            0x05,             0, 1,  6, "module"                          }, /* 377 */
+ {              0x01,           0, 0,  7, "1"                               }, /* 378 */
+ {          0x08,               0, 1,  5, "ecStdCurvesAndGeneration"        }, /* 379 */
+ {            0x01,             0, 1,  6, "ellipticCurve"                   }, /* 380 */
+ {              0x01,           0, 1,  7, "versionOne"                      }, /* 381 */
+ {                0x01,       383, 0,  8, "brainpoolP160r1"                 }, /* 382 */
+ {                0x02,       384, 0,  8, "brainpoolP160t1"                 }, /* 383 */
+ {                0x03,       385, 0,  8, "brainpoolP192r1"                 }, /* 384 */
+ {                0x04,       386, 0,  8, "brainpoolP192t1"                 }, /* 385 */
+ {                0x05,       387, 0,  8, "brainpoolP224r1"                 }, /* 386 */
+ {                0x06,       388, 0,  8, "brainpoolP224t1"                 }, /* 387 */
+ {                0x07,       389, 0,  8, "brainpoolP256r1"                 }, /* 388 */
+ {                0x08,       390, 0,  8, "brainpoolP256t1"                 }, /* 389 */
+ {                0x09,       391, 0,  8, "brainpoolP320r1"                 }, /* 390 */
+ {                0x0A,       392, 0,  8, "brainpoolP320t1"                 }, /* 391 */
+ {                0x0B,       393, 0,  8, "brainpoolP384r1"                 }, /* 392 */
+ {                0x0C,       394, 0,  8, "brainpoolP384t1"                 }, /* 393 */
+ {                0x0D,       395, 0,  8, "brainpoolP512r1"                 }, /* 394 */
+ {                0x0E,         0, 0,  8, "brainpoolP512t1"                 }, /* 395 */
+ {  0x65,                     399, 1,  1, "Thawte"                          }, /* 396 */
+ {    0x70,                   398, 0,  2, "id-Ed25519"                      }, /* 397 */
+ {    0x71,                     0, 0,  2, "id-Ed448"                        }, /* 398 */
+ {  0x81,                       0, 1,  1, ""                                }, /* 399 */
+ {    0x04,                     0, 1,  2, "Certicom"                        }, /* 400 */
+ {      0x00,                   0, 1,  3, "curve"                           }, /* 401 */
+ {        0x01,               403, 0,  4, "sect163k1"                       }, /* 402 */
+ {        0x02,               404, 0,  4, "sect163r1"                       }, /* 403 */
+ {        0x03,               405, 0,  4, "sect239k1"                       }, /* 404 */
+ {        0x04,               406, 0,  4, "sect113r1"                       }, /* 405 */
+ {        0x05,               407, 0,  4, "sect113r2"                       }, /* 406 */
+ {        0x06,               408, 0,  4, "secp112r1"                       }, /* 407 */
+ {        0x07,               409, 0,  4, "secp112r2"                       }, /* 408 */
+ {        0x08,               410, 0,  4, "secp160r1"                       }, /* 409 */
+ {        0x09,               411, 0,  4, "secp160k1"                       }, /* 410 */
+ {        0x0A,               412, 0,  4, "secp256k1"                       }, /* 411 */
+ {        0x0F,               413, 0,  4, "sect163r2"                       }, /* 412 */
+ {        0x10,               414, 0,  4, "sect283k1"                       }, /* 413 */
+ {        0x11,               415, 0,  4, "sect283r1"                       }, /* 414 */
+ {        0x16,               416, 0,  4, "sect131r1"                       }, /* 415 */
+ {        0x17,               417, 0,  4, "sect131r2"                       }, /* 416 */
+ {        0x18,               418, 0,  4, "sect193r1"                       }, /* 417 */
+ {        0x19,               419, 0,  4, "sect193r2"                       }, /* 418 */
+ {        0x1A,               420, 0,  4, "sect233k1"                       }, /* 419 */
+ {        0x1B,               421, 0,  4, "sect233r1"                       }, /* 420 */
+ {        0x1C,               422, 0,  4, "secp128r1"                       }, /* 421 */
+ {        0x1D,               423, 0,  4, "secp128r2"                       }, /* 422 */
+ {        0x1E,               424, 0,  4, "secp160r2"                       }, /* 423 */
+ {        0x1F,               425, 0,  4, "secp192k1"                       }, /* 424 */
+ {        0x20,               426, 0,  4, "secp224k1"                       }, /* 425 */
+ {        0x21,               427, 0,  4, "secp224r1"                       }, /* 426 */
+ {        0x22,               428, 0,  4, "secp384r1"                       }, /* 427 */
+ {        0x23,               429, 0,  4, "secp521r1"                       }, /* 428 */
+ {        0x24,               430, 0,  4, "sect409k1"                       }, /* 429 */
+ {        0x25,               431, 0,  4, "sect409r1"                       }, /* 430 */
+ {        0x26,               432, 0,  4, "sect571k1"                       }, /* 431 */
+ {        0x27,                 0, 0,  4, "sect571r1"                       }, /* 432 */
+ {0x60,                       496, 1,  0, ""                                }, /* 433 */
+ {  0x86,                       0, 1,  1, ""                                }, /* 434 */
+ {    0x48,                     0, 1,  2, ""                                }, /* 435 */
+ {      0x01,                   0, 1,  3, "organization"                    }, /* 436 */
+ {        0x65,               472, 1,  4, "gov"                             }, /* 437 */
+ {          0x03,               0, 1,  5, "csor"                            }, /* 438 */
+ {            0x04,             0, 1,  6, "nistalgorithm"                   }, /* 439 */
+ {              0x01,         450, 1,  7, "aes"                             }, /* 440 */
+ {                0x02,       442, 0,  8, "id-aes128-CBC"                   }, /* 441 */
+ {                0x06,       443, 0,  8, "id-aes128-GCM"                   }, /* 442 */
+ {                0x07,       444, 0,  8, "id-aes128-CCM"                   }, /* 443 */
+ {                0x16,       445, 0,  8, "id-aes192-CBC"                   }, /* 444 */
+ {                0x1A,       446, 0,  8, "id-aes192-GCM"                   }, /* 445 */
+ {                0x1B,       447, 0,  8, "id-aes192-CCM"                   }, /* 446 */
+ {                0x2A,       448, 0,  8, "id-aes256-CBC"                   }, /* 447 */
+ {                0x2E,       449, 0,  8, "id-aes256-GCM"                   }, /* 448 */
+ {                0x2F,         0, 0,  8, "id-aes256-CCM"                   }, /* 449 */
+ {              0x02,         463, 1,  7, "hashAlgs"                        }, /* 450 */
+ {                0x01,       452, 0,  8, "id-sha256"                       }, /* 451 */
+ {                0x02,       453, 0,  8, "id-sha384"                       }, /* 452 */
+ {                0x03,       454, 0,  8, "id-sha512"                       }, /* 453 */
+ {                0x04,       455, 0,  8, "id-sha224"                       }, /* 454 */
+ {                0x05,       456, 0,  8, "id-sha512-224"                   }, /* 455 */
+ {                0x06,       457, 0,  8, "id-sha512-256"                   }, /* 456 */
+ {                0x07,       458, 0,  8, "id-sha3-224"                     }, /* 457 */
+ {                0x08,       459, 0,  8, "id-sha3-256"                     }, /* 458 */
+ {                0x09,       460, 0,  8, "id-sha3-384"                     }, /* 459 */
+ {                0x0A,       461, 0,  8, "id-sha3-512"                     }, /* 460 */
+ {                0x0B,       462, 0,  8, "id-shake128"                     }, /* 461 */
+ {                0x0C,         0, 0,  8, "id-shake256"                     }, /* 462 */
+ {              0x03,           0, 1,  7, "sigAlgs"                         }, /* 463 */
+ {                0x09,       465, 0,  8, "id-ecdsa-with-sha3-224"          }, /* 464 */
+ {                0x0A,       466, 0,  8, "id-ecdsa-with-sha3-256"          }, /* 465 */
+ {                0x0B,       467, 0,  8, "id-ecdsa-with-sha3-384"          }, /* 466 */
+ {                0x0C,       468, 0,  8, "id-ecdsa-with-sha3-512"          }, /* 467 */
+ {                0x0D,       469, 0,  8, "id-rsassa-pkcs1v15-with-sha3-224"}, /* 468 */
+ {                0x0E,       470, 0,  8, "id-rsassa-pkcs1v15-with-sha3-256"}, /* 469 */
+ {                0x0F,       471, 0,  8, "id-rsassa-pkcs1v15-with-sha3-384"}, /* 470 */
+ {                0x10,         0, 0,  8, "id-rsassa-pkcs1v15-with-sha3-512"}, /* 471 */
+ {        0x86,                 0, 1,  4, ""                                }, /* 472 */
+ {          0xf8,               0, 1,  5, ""                                }, /* 473 */
+ {            0x42,           486, 1,  6, "netscape"                        }, /* 474 */
+ {              0x01,         481, 1,  7, ""                                }, /* 475 */
+ {                0x01,       477, 0,  8, "nsCertType"                      }, /* 476 */
+ {                0x03,       478, 0,  8, "nsRevocationUrl"                 }, /* 477 */
+ {                0x04,       479, 0,  8, "nsCaRevocationUrl"               }, /* 478 */
+ {                0x08,       480, 0,  8, "nsCaPolicyUrl"                   }, /* 479 */
+ {                0x0d,         0, 0,  8, "nsComment"                       }, /* 480 */
+ {              0x03,         484, 1,  7, "directory"                       }, /* 481 */
+ {                0x01,         0, 1,  8, ""                                }, /* 482 */
+ {                  0x03,       0, 0,  9, "employeeNumber"                  }, /* 483 */
+ {              0x04,           0, 1,  7, "policy"                          }, /* 484 */
+ {                0x01,         0, 0,  8, "nsSGC"                           }, /* 485 */
+ {            0x45,             0, 1,  6, "verisign"                        }, /* 486 */
+ {              0x01,           0, 1,  7, "pki"                             }, /* 487 */
+ {                0x09,         0, 1,  8, "attributes"                      }, /* 488 */
+ {                  0x02,     490, 0,  9, "messageType"                     }, /* 489 */
+ {                  0x03,     491, 0,  9, "pkiStatus"                       }, /* 490 */
+ {                  0x04,     492, 0,  9, "failInfo"                        }, /* 491 */
+ {                  0x05,     493, 0,  9, "senderNonce"                     }, /* 492 */
+ {                  0x06,     494, 0,  9, "recipientNonce"                  }, /* 493 */
+ {                  0x07,     495, 0,  9, "transID"                         }, /* 494 */
+ {                  0x08,       0, 0,  9, "extensionReq"                    }, /* 495 */
+ {0x67,                         0, 1,  0, ""                                }, /* 496 */
+ {  0x81,                       0, 1,  1, ""                                }, /* 497 */
+ {    0x05,                     0, 1,  2, ""                                }, /* 498 */
+ {      0x02,                   0, 1,  3, "tcg-attribute"                   }, /* 499 */
+ {        0x01,               501, 0,  4, "tcg-at-tpmManufacturer"          }, /* 500 */
+ {        0x02,               502, 0,  4, "tcg-at-tpmModel"                 }, /* 501 */
+ {        0x03,               503, 0,  4, "tcg-at-tpmVersion"               }, /* 502 */
+ {        0x0F,                 0, 0,  4, "tcg-at-tpmIdLabel"               }  /* 503 */
 };
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index 230fe2f87..99cf77854 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -111,166 +111,173 @@ extern const oid_t oid_names[];
 #define OID_P12_CRL_BAG						146
 #define OID_MD2								150
 #define OID_MD5								151
-#define OID_3DES_EDE_CBC					153
-#define OID_EC_PUBLICKEY					157
-#define OID_C2PNB163V1						160
-#define OID_C2PNB163V2						161
-#define OID_C2PNB163V3						162
-#define OID_C2PNB176W1						163
-#define OID_C2PNB191V1						164
-#define OID_C2PNB191V2						165
-#define OID_C2PNB191V3						166
-#define OID_C2PNB191V4						167
-#define OID_C2PNB191V5						168
-#define OID_C2PNB208W1						169
-#define OID_C2PNB239V1						170
-#define OID_C2PNB239V2						171
-#define OID_C2PNB239V3						172
-#define OID_C2PNB239V4						173
-#define OID_C2PNB239V5						174
-#define OID_C2PNB272W1						175
-#define OID_C2PNB304W1						176
-#define OID_C2PNB359V1						177
-#define OID_C2PNB368W1						178
-#define OID_C2PNB431R1						179
-#define OID_PRIME192V1						181
-#define OID_PRIME192V2						182
-#define OID_PRIME192V3						183
-#define OID_PRIME239V1						184
-#define OID_PRIME239V2						185
-#define OID_PRIME239V3						186
-#define OID_PRIME256V1						187
-#define OID_ECDSA_WITH_SHA1					189
-#define OID_ECDSA_WITH_SHA224				191
-#define OID_ECDSA_WITH_SHA256				192
-#define OID_ECDSA_WITH_SHA384				193
-#define OID_ECDSA_WITH_SHA512				194
-#define OID_MS_SMARTCARD_LOGON				208
-#define OID_USER_PRINCIPAL_NAME				209
-#define OID_STRONGSWAN						215
-#define OID_BLISS_PUBLICKEY					220
-#define OID_BLISS_I							222
-#define OID_BLISS_II						223
-#define OID_BLISS_III						224
-#define OID_BLISS_IV						225
-#define OID_BLISS_B_I						226
-#define OID_BLISS_B_II						227
-#define OID_BLISS_B_III						228
-#define OID_BLISS_B_IV						229
-#define OID_BLISS_WITH_SHA2_512				231
-#define OID_BLISS_WITH_SHA2_384				232
-#define OID_BLISS_WITH_SHA2_256				233
-#define OID_BLISS_WITH_SHA3_512				234
-#define OID_BLISS_WITH_SHA3_384				235
-#define OID_BLISS_WITH_SHA3_256				236
-#define OID_TCGID							243
-#define OID_BLOWFISH_CBC					247
-#define OID_AUTHORITY_INFO_ACCESS			291
-#define OID_IP_ADDR_BLOCKS					293
-#define OID_POLICY_QUALIFIER_CPS			296
-#define OID_POLICY_QUALIFIER_UNOTICE		297
-#define OID_SERVER_AUTH						299
-#define OID_CLIENT_AUTH						300
-#define OID_OCSP_SIGNING					307
-#define OID_XMPP_ADDR						313
-#define OID_AUTHENTICATION_INFO				317
-#define OID_ACCESS_IDENTITY					318
-#define OID_CHARGING_IDENTITY				319
-#define OID_GROUP							320
-#define OID_OCSP							323
-#define OID_BASIC							324
-#define OID_NONCE							325
-#define OID_CRL								326
-#define OID_RESPONSE						327
-#define OID_NO_CHECK						328
-#define OID_ARCHIVE_CUTOFF					329
-#define OID_SERVICE_LOCATOR					330
-#define OID_CA_ISSUERS						331
-#define OID_IKE_INTERMEDIATE				336
-#define OID_DES_CBC							340
-#define OID_SHA1							341
-#define OID_SHA1_WITH_RSA_OIW				342
-#define OID_ECGDSA_PUBKEY					361
-#define OID_ECGDSA_SIG_WITH_RIPEMD160		364
-#define OID_ECGDSA_SIG_WITH_SHA1			365
-#define OID_ECGDSA_SIG_WITH_SHA224			366
-#define OID_ECGDSA_SIG_WITH_SHA256			367
-#define OID_ECGDSA_SIG_WITH_SHA384			368
-#define OID_ECGDSA_SIG_WITH_SHA512			369
-#define OID_ED25519							390
-#define OID_ED448							391
-#define OID_SECT163K1						395
-#define OID_SECT163R1						396
-#define OID_SECT239K1						397
-#define OID_SECT113R1						398
-#define OID_SECT113R2						399
-#define OID_SECT112R1						400
-#define OID_SECT112R2						401
-#define OID_SECT160R1						402
-#define OID_SECT160K1						403
-#define OID_SECT256K1						404
-#define OID_SECT163R2						405
-#define OID_SECT283K1						406
-#define OID_SECT283R1						407
-#define OID_SECT131R1						408
-#define OID_SECT131R2						409
-#define OID_SECT193R1						410
-#define OID_SECT193R2						411
-#define OID_SECT233K1						412
-#define OID_SECT233R1						413
-#define OID_SECT128R1						414
-#define OID_SECT128R2						415
-#define OID_SECT160R2						416
-#define OID_SECT192K1						417
-#define OID_SECT224K1						418
-#define OID_SECT224R1						419
-#define OID_SECT384R1						420
-#define OID_SECT521R1						421
-#define OID_SECT409K1						422
-#define OID_SECT409R1						423
-#define OID_SECT571K1						424
-#define OID_SECT571R1						425
-#define OID_AES128_CBC						434
-#define OID_AES128_GCM						435
-#define OID_AES128_CCM						436
-#define OID_AES192_CBC						437
-#define OID_AES192_GCM						438
-#define OID_AES192_CCM						439
-#define OID_AES256_CBC						440
-#define OID_AES256_GCM						441
-#define OID_AES256_CCM						442
-#define OID_SHA256							444
-#define OID_SHA384							445
-#define OID_SHA512							446
-#define OID_SHA224							447
-#define OID_SHA3_224						450
-#define OID_SHA3_256						451
-#define OID_SHA3_384						452
-#define OID_SHA3_512						453
-#define OID_ECDSA_WITH_SHA3_224				457
-#define OID_ECDSA_WITH_SHA3_256				458
-#define OID_ECDSA_WITH_SHA3_384				459
-#define OID_ECDSA_WITH_SHA3_512				460
-#define OID_RSASSA_PKCS1V15_WITH_SHA3_224	461
-#define OID_RSASSA_PKCS1V15_WITH_SHA3_256	462
-#define OID_RSASSA_PKCS1V15_WITH_SHA3_384	463
-#define OID_RSASSA_PKCS1V15_WITH_SHA3_512	464
-#define OID_NS_REVOCATION_URL				470
-#define OID_NS_CA_REVOCATION_URL			471
-#define OID_NS_CA_POLICY_URL				472
-#define OID_NS_COMMENT						473
-#define OID_EMPLOYEE_NUMBER					476
-#define OID_PKI_MESSAGE_TYPE				482
-#define OID_PKI_STATUS						483
-#define OID_PKI_FAIL_INFO					484
-#define OID_PKI_SENDER_NONCE				485
-#define OID_PKI_RECIPIENT_NONCE				486
-#define OID_PKI_TRANS_ID					487
-#define OID_TPM_MANUFACTURER				493
-#define OID_TPM_MODEL						494
-#define OID_TPM_VERSION						495
-#define OID_TPM_ID_LABEL					496
+#define OID_HMAC_SHA1						152
+#define OID_HMAC_SHA224						153
+#define OID_HMAC_SHA256						154
+#define OID_HMAC_SHA384						155
+#define OID_HMAC_SHA512						156
+#define OID_HMAC_SHA512_224					157
+#define OID_HMAC_SHA512_256					158
+#define OID_3DES_EDE_CBC					160
+#define OID_EC_PUBLICKEY					164
+#define OID_C2PNB163V1						167
+#define OID_C2PNB163V2						168
+#define OID_C2PNB163V3						169
+#define OID_C2PNB176W1						170
+#define OID_C2PNB191V1						171
+#define OID_C2PNB191V2						172
+#define OID_C2PNB191V3						173
+#define OID_C2PNB191V4						174
+#define OID_C2PNB191V5						175
+#define OID_C2PNB208W1						176
+#define OID_C2PNB239V1						177
+#define OID_C2PNB239V2						178
+#define OID_C2PNB239V3						179
+#define OID_C2PNB239V4						180
+#define OID_C2PNB239V5						181
+#define OID_C2PNB272W1						182
+#define OID_C2PNB304W1						183
+#define OID_C2PNB359V1						184
+#define OID_C2PNB368W1						185
+#define OID_C2PNB431R1						186
+#define OID_PRIME192V1						188
+#define OID_PRIME192V2						189
+#define OID_PRIME192V3						190
+#define OID_PRIME239V1						191
+#define OID_PRIME239V2						192
+#define OID_PRIME239V3						193
+#define OID_PRIME256V1						194
+#define OID_ECDSA_WITH_SHA1					196
+#define OID_ECDSA_WITH_SHA224				198
+#define OID_ECDSA_WITH_SHA256				199
+#define OID_ECDSA_WITH_SHA384				200
+#define OID_ECDSA_WITH_SHA512				201
+#define OID_MS_SMARTCARD_LOGON				215
+#define OID_USER_PRINCIPAL_NAME				216
+#define OID_STRONGSWAN						222
+#define OID_BLISS_PUBLICKEY					227
+#define OID_BLISS_I							229
+#define OID_BLISS_II						230
+#define OID_BLISS_III						231
+#define OID_BLISS_IV						232
+#define OID_BLISS_B_I						233
+#define OID_BLISS_B_II						234
+#define OID_BLISS_B_III						235
+#define OID_BLISS_B_IV						236
+#define OID_BLISS_WITH_SHA2_512				238
+#define OID_BLISS_WITH_SHA2_384				239
+#define OID_BLISS_WITH_SHA2_256				240
+#define OID_BLISS_WITH_SHA3_512				241
+#define OID_BLISS_WITH_SHA3_384				242
+#define OID_BLISS_WITH_SHA3_256				243
+#define OID_TCGID							250
+#define OID_BLOWFISH_CBC					254
+#define OID_AUTHORITY_INFO_ACCESS			298
+#define OID_IP_ADDR_BLOCKS					300
+#define OID_POLICY_QUALIFIER_CPS			303
+#define OID_POLICY_QUALIFIER_UNOTICE		304
+#define OID_SERVER_AUTH						306
+#define OID_CLIENT_AUTH						307
+#define OID_OCSP_SIGNING					314
+#define OID_XMPP_ADDR						320
+#define OID_AUTHENTICATION_INFO				324
+#define OID_ACCESS_IDENTITY					325
+#define OID_CHARGING_IDENTITY				326
+#define OID_GROUP							327
+#define OID_OCSP							330
+#define OID_BASIC							331
+#define OID_NONCE							332
+#define OID_CRL								333
+#define OID_RESPONSE						334
+#define OID_NO_CHECK						335
+#define OID_ARCHIVE_CUTOFF					336
+#define OID_SERVICE_LOCATOR					337
+#define OID_CA_ISSUERS						338
+#define OID_IKE_INTERMEDIATE				343
+#define OID_DES_CBC							347
+#define OID_SHA1							348
+#define OID_SHA1_WITH_RSA_OIW				349
+#define OID_ECGDSA_PUBKEY					368
+#define OID_ECGDSA_SIG_WITH_RIPEMD160		371
+#define OID_ECGDSA_SIG_WITH_SHA1			372
+#define OID_ECGDSA_SIG_WITH_SHA224			373
+#define OID_ECGDSA_SIG_WITH_SHA256			374
+#define OID_ECGDSA_SIG_WITH_SHA384			375
+#define OID_ECGDSA_SIG_WITH_SHA512			376
+#define OID_ED25519							397
+#define OID_ED448							398
+#define OID_SECT163K1						402
+#define OID_SECT163R1						403
+#define OID_SECT239K1						404
+#define OID_SECT113R1						405
+#define OID_SECT113R2						406
+#define OID_SECT112R1						407
+#define OID_SECT112R2						408
+#define OID_SECT160R1						409
+#define OID_SECT160K1						410
+#define OID_SECT256K1						411
+#define OID_SECT163R2						412
+#define OID_SECT283K1						413
+#define OID_SECT283R1						414
+#define OID_SECT131R1						415
+#define OID_SECT131R2						416
+#define OID_SECT193R1						417
+#define OID_SECT193R2						418
+#define OID_SECT233K1						419
+#define OID_SECT233R1						420
+#define OID_SECT128R1						421
+#define OID_SECT128R2						422
+#define OID_SECT160R2						423
+#define OID_SECT192K1						424
+#define OID_SECT224K1						425
+#define OID_SECT224R1						426
+#define OID_SECT384R1						427
+#define OID_SECT521R1						428
+#define OID_SECT409K1						429
+#define OID_SECT409R1						430
+#define OID_SECT571K1						431
+#define OID_SECT571R1						432
+#define OID_AES128_CBC						441
+#define OID_AES128_GCM						442
+#define OID_AES128_CCM						443
+#define OID_AES192_CBC						444
+#define OID_AES192_GCM						445
+#define OID_AES192_CCM						446
+#define OID_AES256_CBC						447
+#define OID_AES256_GCM						448
+#define OID_AES256_CCM						449
+#define OID_SHA256							451
+#define OID_SHA384							452
+#define OID_SHA512							453
+#define OID_SHA224							454
+#define OID_SHA3_224						457
+#define OID_SHA3_256						458
+#define OID_SHA3_384						459
+#define OID_SHA3_512						460
+#define OID_ECDSA_WITH_SHA3_224				464
+#define OID_ECDSA_WITH_SHA3_256				465
+#define OID_ECDSA_WITH_SHA3_384				466
+#define OID_ECDSA_WITH_SHA3_512				467
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_224	468
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_256	469
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_384	470
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_512	471
+#define OID_NS_REVOCATION_URL				477
+#define OID_NS_CA_REVOCATION_URL			478
+#define OID_NS_CA_POLICY_URL				479
+#define OID_NS_COMMENT						480
+#define OID_EMPLOYEE_NUMBER					483
+#define OID_PKI_MESSAGE_TYPE				489
+#define OID_PKI_STATUS						490
+#define OID_PKI_FAIL_INFO					491
+#define OID_PKI_SENDER_NONCE				492
+#define OID_PKI_RECIPIENT_NONCE				493
+#define OID_PKI_TRANS_ID					494
+#define OID_TPM_MANUFACTURER				500
+#define OID_TPM_MODEL						501
+#define OID_TPM_VERSION						502
+#define OID_TPM_ID_LABEL					503
 
-#define OID_MAX								497
+#define OID_MAX								504
 
 #endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.pl b/src/libstrongswan/asn1/oid.pl
index c45077a3f..f77e14b04 100644
--- a/src/libstrongswan/asn1/oid.pl
+++ b/src/libstrongswan/asn1/oid.pl
@@ -2,7 +2,7 @@
 # Generates oid.h and oid.c out of oid.txt
 #
 # Copyright (C) 2003-2008 Andreas Steffen
-# Hochschule fuer Technik Rapperswil
+# HSR Hochschule fuer Technik Rapperswil
 #
 # This program is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index 369f6f899..723cb36fc 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -150,6 +150,13 @@
             0x02             "digestAlgorithm"
               0x02           "md2"						OID_MD2
               0x05           "md5"						OID_MD5
+              0x07           "hmacWithSHA1"				OID_HMAC_SHA1
+              0x08           "hmacWithSHA224"			OID_HMAC_SHA224
+              0x09           "hmacWithSHA256"			OID_HMAC_SHA256
+              0x0A           "hmacWithSHA384"			OID_HMAC_SHA384
+              0x0B           "hmacWithSHA512"			OID_HMAC_SHA512
+              0x0C           "hmacWithSHA512-224"		OID_HMAC_SHA512_224
+              0x0D           "hmacWithSHA512-256"		OID_HMAC_SHA512_256
             0x03             "encryptionAlgorithm"
               0x07           "3des-ede-cbc"				OID_3DES_EDE_CBC
       0xCE                   ""
diff --git a/src/libstrongswan/bio/bio_reader.c b/src/libstrongswan/bio/bio_reader.c
index 6e35999ce..82e405002 100644
--- a/src/libstrongswan/bio/bio_reader.c
+++ b/src/libstrongswan/bio/bio_reader.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
diff --git a/src/libstrongswan/bio/bio_reader.h b/src/libstrongswan/bio/bio_reader.h
index 358993c4f..fbca8bdf5 100644
--- a/src/libstrongswan/bio/bio_reader.h
+++ b/src/libstrongswan/bio/bio_reader.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
diff --git a/src/libstrongswan/bio/bio_writer.c b/src/libstrongswan/bio/bio_writer.c
index a21b376cf..348702071 100644
--- a/src/libstrongswan/bio/bio_writer.c
+++ b/src/libstrongswan/bio/bio_writer.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
diff --git a/src/libstrongswan/bio/bio_writer.h b/src/libstrongswan/bio/bio_writer.h
index b6e3db730..88f365e9f 100644
--- a/src/libstrongswan/bio/bio_writer.h
+++ b/src/libstrongswan/bio/bio_writer.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
diff --git a/src/libstrongswan/collections/array.c b/src/libstrongswan/collections/array.c
index c3dd6e0e9..fea28cedb 100644
--- a/src/libstrongswan/collections/array.c
+++ b/src/libstrongswan/collections/array.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2013 Martin Willi
  * Copyright (C) 2013 revosec AG
diff --git a/src/libstrongswan/collections/array.h b/src/libstrongswan/collections/array.h
index d8a16b5df..792dc7677 100644
--- a/src/libstrongswan/collections/array.h
+++ b/src/libstrongswan/collections/array.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2013 Martin Willi
  * Copyright (C) 2013 revosec AG
diff --git a/src/libstrongswan/collections/blocking_queue.c b/src/libstrongswan/collections/blocking_queue.c
index da3356970..40f65a930 100644
--- a/src/libstrongswan/collections/blocking_queue.c
+++ b/src/libstrongswan/collections/blocking_queue.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/collections/blocking_queue.h b/src/libstrongswan/collections/blocking_queue.h
index 9b014f719..d902c3245 100644
--- a/src/libstrongswan/collections/blocking_queue.h
+++ b/src/libstrongswan/collections/blocking_queue.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/collections/dictionary.h b/src/libstrongswan/collections/dictionary.h
index 679e41d2d..74f218e79 100644
--- a/src/libstrongswan/collections/dictionary.h
+++ b/src/libstrongswan/collections/dictionary.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/collections/enumerator.c b/src/libstrongswan/collections/enumerator.c
index 52c9e1cd5..21aa9f66b 100644
--- a/src/libstrongswan/collections/enumerator.c
+++ b/src/libstrongswan/collections/enumerator.c
@@ -291,7 +291,7 @@ typedef struct {
 	char *string;
 	/** current position */
 	char *pos;
-	/** separater chars */
+	/** separator chars */
 	const char *sep;
 	/** trim chars */
 	const char *trim;
diff --git a/src/libstrongswan/collections/hashtable.c b/src/libstrongswan/collections/hashtable.c
index b0eda9e6a..64f154c4e 100644
--- a/src/libstrongswan/collections/hashtable.c
+++ b/src/libstrongswan/collections/hashtable.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/collections/hashtable.h b/src/libstrongswan/collections/hashtable.h
index f60564a42..1bc674c6c 100644
--- a/src/libstrongswan/collections/hashtable.h
+++ b/src/libstrongswan/collections/hashtable.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/collections/linked_list.c b/src/libstrongswan/collections/linked_list.c
index f877be5a6..5ad7360d6 100644
--- a/src/libstrongswan/collections/linked_list.c
+++ b/src/libstrongswan/collections/linked_list.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2007-2015 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/collections/linked_list.h b/src/libstrongswan/collections/linked_list.h
index c99cb836b..a9cb7f0d4 100644
--- a/src/libstrongswan/collections/linked_list.h
+++ b/src/libstrongswan/collections/linked_list.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2007-2017 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h
index 2eb448546..b473223e4 100644
--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2015 Tobias Brunner
  * Copyright (C) 2007-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h
index 6dc5c7694..bed55f8b8 100644
--- a/src/libstrongswan/credentials/certificates/certificate.h
+++ b/src/libstrongswan/credentials/certificates/certificate.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/certificates/crl.c b/src/libstrongswan/credentials/certificates/crl.c
index 09fd0bfc8..ba3bda561 100644
--- a/src/libstrongswan/credentials/certificates/crl.c
+++ b/src/libstrongswan/credentials/certificates/crl.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2006 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h
index 8a48bd7ff..224585fb2 100644
--- a/src/libstrongswan/credentials/certificates/crl.h
+++ b/src/libstrongswan/credentials/certificates/crl.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2006 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/certificates/ocsp_request.h b/src/libstrongswan/credentials/certificates/ocsp_request.h
index 730d95d70..508a65f3e 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_request.h
+++ b/src/libstrongswan/credentials/certificates/ocsp_request.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/certificates/ocsp_response.c b/src/libstrongswan/credentials/certificates/ocsp_response.c
index c4a39e28d..bf4f11334 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_response.c
+++ b/src/libstrongswan/credentials/certificates/ocsp_response.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/certificates/ocsp_response.h b/src/libstrongswan/credentials/certificates/ocsp_response.h
index c6a4c1277..9e699aef6 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_response.h
+++ b/src/libstrongswan/credentials/certificates/ocsp_response.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/certificates/pgp_certificate.h b/src/libstrongswan/credentials/certificates/pgp_certificate.h
index 94a31e14d..c49a39d66 100644
--- a/src/libstrongswan/credentials/certificates/pgp_certificate.h
+++ b/src/libstrongswan/credentials/certificates/pgp_certificate.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h
index 2c640e2da..46feca619 100644
--- a/src/libstrongswan/credentials/certificates/x509.h
+++ b/src/libstrongswan/credentials/certificates/x509.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -62,6 +62,9 @@ enum x509_flag_t {
 	X509_IKE_INTERMEDIATE =   (1<<8),
 	/** cert has Microsoft Smartcard Logon usage */
 	X509_MS_SMARTCARD_LOGON = (1<<9),
+	/** cert either lacks keyUsage bits, or includes either digitalSignature
+	 *  or nonRepudiation as per RFC 4945, section 5.1.3.2. */
+	X509_IKE_COMPLIANT =      (1<<10),
 };
 
 extern enum_name_t *x509_flag_names;
diff --git a/src/libstrongswan/credentials/containers/container.h b/src/libstrongswan/credentials/containers/container.h
index ee329881d..627cda374 100644
--- a/src/libstrongswan/credentials/containers/container.h
+++ b/src/libstrongswan/credentials/containers/container.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2012 Martin Willi
  * Copyright (C) 2012 revosec AG
diff --git a/src/libstrongswan/credentials/containers/pkcs12.c b/src/libstrongswan/credentials/containers/pkcs12.c
index 8cc6a6c63..323198a19 100644
--- a/src/libstrongswan/credentials/containers/pkcs12.c
+++ b/src/libstrongswan/credentials/containers/pkcs12.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/containers/pkcs12.h b/src/libstrongswan/credentials/containers/pkcs12.h
index fc4fb39ce..e75dc2e9f 100644
--- a/src/libstrongswan/credentials/containers/pkcs12.h
+++ b/src/libstrongswan/credentials/containers/pkcs12.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/cred_encoding.c b/src/libstrongswan/credentials/cred_encoding.c
index d6523821e..ce59a6a2d 100644
--- a/src/libstrongswan/credentials/cred_encoding.c
+++ b/src/libstrongswan/credentials/cred_encoding.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/cred_encoding.h b/src/libstrongswan/credentials/cred_encoding.h
index 1129357ba..08dd97c7a 100644
--- a/src/libstrongswan/credentials/cred_encoding.h
+++ b/src/libstrongswan/credentials/cred_encoding.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c
index 07e6ea343..fd3ecb8fa 100644
--- a/src/libstrongswan/credentials/credential_factory.c
+++ b/src/libstrongswan/credentials/credential_factory.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/credential_factory.h b/src/libstrongswan/credentials/credential_factory.h
index 55b669529..a03dd1abc 100644
--- a/src/libstrongswan/credentials/credential_factory.h
+++ b/src/libstrongswan/credentials/credential_factory.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index 21b23f543..15f3f7b1b 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/credential_manager.h b/src/libstrongswan/credentials/credential_manager.h
index d99f29b85..a9947dcbc 100644
--- a/src/libstrongswan/credentials/credential_manager.h
+++ b/src/libstrongswan/credentials/credential_manager.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2007-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/credential_set.h b/src/libstrongswan/credentials/credential_set.h
index 8673c484f..d0b2c574d 100644
--- a/src/libstrongswan/credentials/credential_set.h
+++ b/src/libstrongswan/credentials/credential_set.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/keys/private_key.c b/src/libstrongswan/credentials/keys/private_key.c
index 8292af495..0b83eba89 100644
--- a/src/libstrongswan/credentials/keys/private_key.c
+++ b/src/libstrongswan/credentials/keys/private_key.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c
index 1c2d31167..2294eaff7 100644
--- a/src/libstrongswan/credentials/keys/shared_key.c
+++ b/src/libstrongswan/credentials/keys/shared_key.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/keys/shared_key.h b/src/libstrongswan/credentials/keys/shared_key.h
index 900c6613e..d97139de2 100644
--- a/src/libstrongswan/credentials/keys/shared_key.h
+++ b/src/libstrongswan/credentials/keys/shared_key.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
index 1cd4b9d03..4b59fa23f 100644
--- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
+++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.h b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.h
index 3a4b197ac..1489289d4 100644
--- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.h
+++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/sets/cert_cache.h b/src/libstrongswan/credentials/sets/cert_cache.h
index 2235bc30d..3d764c9f5 100644
--- a/src/libstrongswan/credentials/sets/cert_cache.h
+++ b/src/libstrongswan/credentials/sets/cert_cache.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c
index 4d594e439..b0f77be98 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.c
+++ b/src/libstrongswan/credentials/sets/mem_cred.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010-2016 Tobias Brunner
- * HSR Hochschule fuer Technik Rapperwsil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
diff --git a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c
index 12d3f8156..e12d04534 100644
--- a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c
+++ b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.h b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.h
index dc4b451df..97f4efdc8 100644
--- a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.h
+++ b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/aead.c b/src/libstrongswan/crypto/aead.c
index d50bd4d22..f3c5abed6 100644
--- a/src/libstrongswan/crypto/aead.c
+++ b/src/libstrongswan/crypto/aead.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h
index 9d1b8df55..cb21d3ca7 100644
--- a/src/libstrongswan/crypto/aead.h
+++ b/src/libstrongswan/crypto/aead.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
diff --git a/src/libstrongswan/crypto/crypters/crypter.c b/src/libstrongswan/crypto/crypters/crypter.c
index 3e33765b1..9bde663d1 100644
--- a/src/libstrongswan/crypto/crypters/crypter.c
+++ b/src/libstrongswan/crypto/crypters/crypter.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/crypters/crypter.h b/src/libstrongswan/crypto/crypters/crypter.h
index 19ba55d83..5ffcac253 100644
--- a/src/libstrongswan/crypto/crypters/crypter.h
+++ b/src/libstrongswan/crypto/crypters/crypter.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index e86e7ae76..f0f64ce42 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009-2010 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2010 revosec AG
  *
  * This program is free software; you can redistribute it and/or modify it
diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h
index 1b02cb469..430929595 100644
--- a/src/libstrongswan/crypto/crypto_tester.h
+++ b/src/libstrongswan/crypto/crypto_tester.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 820b8d1d8..efcfdbc74 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -66,11 +66,9 @@ static struct {
 	diffie_hellman_params_t public;
 	/* The group identifier as specified in IKEv2 */
 	diffie_hellman_group_t group;
-	/* Optimal length of the exponent (in bytes), as specified in RFC 3526. */
-	size_t opt_exp;
 } dh_params[] = {
 	{
-		.group = MODP_768_BIT, .opt_exp = 32, .public = {
+		.group = MODP_768_BIT, .public = {
 			.exp_len = 32,
 			.generator = chunk_from_chars(0x02),
 			.prime = chunk_from_chars(
@@ -82,7 +80,7 @@ static struct {
 				0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
 		},
 	},{
-		.group = MODP_1024_BIT, .opt_exp = 32, .public = {
+		.group = MODP_1024_BIT, .public = {
 			.exp_len = 32,
 			.generator = chunk_from_chars(0x02),
 			.prime = chunk_from_chars(
@@ -96,7 +94,7 @@ static struct {
 				0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
 		},
 	},{
-		.group = MODP_1536_BIT, .opt_exp = 32, .public = {
+		.group = MODP_1536_BIT, .public = {
 			.exp_len = 32,
 			.generator = chunk_from_chars(0x02),
 			.prime = chunk_from_chars(
@@ -114,7 +112,7 @@ static struct {
 				0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
 		},
 	},{
-		.group = MODP_2048_BIT, .opt_exp = 48, .public = {
+		.group = MODP_2048_BIT, .public = {
 			.exp_len = 48,
 			.generator = chunk_from_chars(0x02),
 			.prime = chunk_from_chars(
@@ -136,7 +134,7 @@ static struct {
 				0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
 		},
 	},{
-		.group = MODP_3072_BIT, .opt_exp = 48, .public = {
+		.group = MODP_3072_BIT, .public = {
 			.exp_len = 48,
 			.generator = chunk_from_chars(0x02),
 			.prime = chunk_from_chars(
@@ -166,7 +164,7 @@ static struct {
 				0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
 		},
 	},{
-		.group = MODP_4096_BIT, .opt_exp = 64, .public = {
+		.group = MODP_4096_BIT, .public = {
 			.exp_len = 64,
 			.generator = chunk_from_chars(0x02),
 			.prime = chunk_from_chars(
@@ -204,7 +202,7 @@ static struct {
 				0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
 		},
 	},{
-		.group = MODP_6144_BIT, .opt_exp = 64, .public = {
+		.group = MODP_6144_BIT, .public = {
 			.exp_len = 64,
 			.generator = chunk_from_chars(0x02),
 			.prime = chunk_from_chars(
@@ -258,7 +256,7 @@ static struct {
 				0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
 		},
 	},{
-		.group = MODP_8192_BIT, .opt_exp = 64, .public = {
+		.group = MODP_8192_BIT, .public = {
 			.exp_len = 64,
 			.generator = chunk_from_chars(0x02),
 			.prime = chunk_from_chars(
@@ -328,7 +326,7 @@ static struct {
 				0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF),
 		},
 	},{
-		.group = MODP_1024_160, .opt_exp = 20, .public = {
+		.group = MODP_1024_160, .public = {
 			.exp_len = 20,
 			.subgroup = chunk_from_chars(
 				0xF5,0x18,0xAA,0x87,0x81,0xA8,0xDF,0x27,0x8A,0xBA,0x4E,0x7D,0x64,0xB7,0xCB,0x9D,
@@ -353,7 +351,7 @@ static struct {
 				0xE6,0x8C,0xFD,0xA7,0x6D,0x4D,0xA7,0x08,0xDF,0x1F,0xB2,0xBC,0x2E,0x4A,0x43,0x71),
 		},
 	}, {
-		.group = MODP_2048_224, .opt_exp = 28, .public = {
+		.group = MODP_2048_224, .public = {
 			.exp_len = 28,
 			.subgroup = chunk_from_chars(
 				0x80,0x1C,0x0D,0x34,0xC5,0x8D,0x93,0xFE,0x99,0x71,0x77,0x10,0x1F,0x80,0x53,0x5A,
@@ -394,7 +392,7 @@ static struct {
 				0xCF,0x9D,0xE5,0x38,0x4E,0x71,0xB8,0x1C,0x0A,0xC4,0xDF,0xFE,0x0C,0x10,0xE6,0x4F)
 		},
 	},{
-		.group = MODP_2048_256, .opt_exp = 32, .public = {
+		.group = MODP_2048_256, .public = {
 			.exp_len = 32,
 			.subgroup = chunk_from_chars(
 				0x8C,0xF8,0x36,0x42,0xA7,0x09,0xA0,0x97,0xB4,0x47,0x99,0x76,0x40,0x12,0x9D,0xA2,
@@ -444,11 +442,19 @@ void diffie_hellman_init()
 {
 	int i;
 
+	/* the default exponent size set above is based on the optimal length
+	 * according to RFC 3526 */
 	if (lib->settings->get_bool(lib->settings,
 					"%s.dh_exponent_ansi_x9_42", TRUE, lib->ns))
 	{
 		for (i = 0; i < countof(dh_params); i++)
 		{
+			/* according to RFC 5114 the size of the exponent for these DH
+			 * groups should equal the size of their prime order subgroup */
+			if (dh_params[i].public.subgroup.len)
+			{
+				continue;
+			}
 			dh_params[i].public.exp_len = dh_params[i].public.prime.len;
 		}
 	}
@@ -465,19 +471,6 @@ diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group)
 	{
 		if (dh_params[i].group == group)
 		{
-			if (!dh_params[i].public.exp_len)
-			{
-				if (!dh_params[i].public.subgroup.len &&
-					lib->settings->get_bool(lib->settings,
-									"%s.dh_exponent_ansi_x9_42", TRUE, lib->ns))
-				{
-					dh_params[i].public.exp_len = dh_params[i].public.prime.len;
-				}
-				else
-				{
-					dh_params[i].public.exp_len = dh_params[i].opt_exp;
-				}
-			}
 			return &dh_params[i].public;
 		}
 	}
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index 1a8110abb..ce01bb346 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/hashers/hash_algorithm_set.c b/src/libstrongswan/crypto/hashers/hash_algorithm_set.c
index 4087fe1d9..800bd0df7 100644
--- a/src/libstrongswan/crypto/hashers/hash_algorithm_set.c
+++ b/src/libstrongswan/crypto/hashers/hash_algorithm_set.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/hashers/hash_algorithm_set.h b/src/libstrongswan/crypto/hashers/hash_algorithm_set.h
index 00e90cc2e..e02ba8c4e 100644
--- a/src/libstrongswan/crypto/hashers/hash_algorithm_set.h
+++ b/src/libstrongswan/crypto/hashers/hash_algorithm_set.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/iv/iv_gen.c b/src/libstrongswan/crypto/iv/iv_gen.c
index c70627723..c6efe08d0 100644
--- a/src/libstrongswan/crypto/iv/iv_gen.c
+++ b/src/libstrongswan/crypto/iv/iv_gen.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2015 Martin Willi
  * Copyright (C) 2015 revosec AG
diff --git a/src/libstrongswan/crypto/iv/iv_gen.h b/src/libstrongswan/crypto/iv/iv_gen.h
index 292fc329f..0808e24d5 100644
--- a/src/libstrongswan/crypto/iv/iv_gen.h
+++ b/src/libstrongswan/crypto/iv/iv_gen.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/iv/iv_gen_null.c b/src/libstrongswan/crypto/iv/iv_gen_null.c
index 3b8f93986..cb4a397f9 100644
--- a/src/libstrongswan/crypto/iv/iv_gen_null.c
+++ b/src/libstrongswan/crypto/iv/iv_gen_null.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/iv/iv_gen_null.h b/src/libstrongswan/crypto/iv/iv_gen_null.h
index b63f0c3e9..960327c14 100644
--- a/src/libstrongswan/crypto/iv/iv_gen_null.h
+++ b/src/libstrongswan/crypto/iv/iv_gen_null.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/iv/iv_gen_rand.c b/src/libstrongswan/crypto/iv/iv_gen_rand.c
index 1474b3a12..66dcff767 100644
--- a/src/libstrongswan/crypto/iv/iv_gen_rand.c
+++ b/src/libstrongswan/crypto/iv/iv_gen_rand.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/iv/iv_gen_rand.h b/src/libstrongswan/crypto/iv/iv_gen_rand.h
index 62d76ed21..edd449c1c 100644
--- a/src/libstrongswan/crypto/iv/iv_gen_rand.h
+++ b/src/libstrongswan/crypto/iv/iv_gen_rand.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c
index 56620291c..42644e516 100644
--- a/src/libstrongswan/crypto/iv/iv_gen_seq.c
+++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.h b/src/libstrongswan/crypto/iv/iv_gen_seq.h
index 43ff4f65e..daf7ec203 100644
--- a/src/libstrongswan/crypto/iv/iv_gen_seq.h
+++ b/src/libstrongswan/crypto/iv/iv_gen_seq.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/mac.h b/src/libstrongswan/crypto/mac.h
index f23c6750f..50dc4c73a 100644
--- a/src/libstrongswan/crypto/mac.h
+++ b/src/libstrongswan/crypto/mac.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/nonce_gen.h b/src/libstrongswan/crypto/nonce_gen.h
index 98d159e12..4bdcb9403 100644
--- a/src/libstrongswan/crypto/nonce_gen.h
+++ b/src/libstrongswan/crypto/nonce_gen.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/pkcs5.c b/src/libstrongswan/crypto/pkcs5.c
index 8a1452425..e7677a9c1 100644
--- a/src/libstrongswan/crypto/pkcs5.c
+++ b/src/libstrongswan/crypto/pkcs5.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -422,7 +422,9 @@ static bool parse_pbes1_params(private_pkcs5_t *this, chunk_t blob, int level0)
 /**
  * ASN.1 definition of a PBKDF2-params structure
  * The salt is actually a CHOICE and could be an AlgorithmIdentifier from
- * PBKDF2-SaltSources (but as per RFC 2898 that's for future versions).
+ * PBKDF2-SaltSources (but as per RFC 8018 that's for future versions).
+ * The PRF algorithm is actually defined as DEFAULT and not OPTIONAL, but the
+ * parser can't handle ASN1_DEF with SEQUENCEs.
  */
 static const asn1Object_t pbkdf2ParamsObjects[] = {
 	{ 0, "PBKDF2-params",	ASN1_SEQUENCE,		ASN1_NONE			}, /* 0 */
@@ -430,7 +432,8 @@ static const asn1Object_t pbkdf2ParamsObjects[] = {
 	{ 1,   "iterationCount",ASN1_INTEGER,		ASN1_BODY			}, /* 2 */
 	{ 1,   "keyLength",		ASN1_INTEGER,		ASN1_OPT|ASN1_BODY	}, /* 3 */
 	{ 1,   "end opt",		ASN1_EOC,			ASN1_END			}, /* 4 */
-	{ 1,   "prf",			ASN1_EOC,			ASN1_DEF|ASN1_RAW	}, /* 5 */
+	{ 1,   "prf",			ASN1_SEQUENCE,		ASN1_OPT|ASN1_RAW	}, /* 5 */
+	{ 1,   "end opt",		ASN1_EOC,			ASN1_END			}, /* 6 */
 	{ 0, "exit",			ASN1_EOC,			ASN1_EXIT			}
 };
 #define PBKDF2_SALT					1
@@ -446,13 +449,15 @@ static bool parse_pbkdf2_params(private_pkcs5_t *this, chunk_t blob, int level0)
 	asn1_parser_t *parser;
 	chunk_t object;
 	int objectID;
-	bool success;
+	bool success = FALSE;
 
 	parser = asn1_parser_create(pbkdf2ParamsObjects, blob);
 	parser->set_top_level(parser, level0);
 
  	/* keylen is optional */
 	this->keylen = 0;
+	/* defaults to id-hmacWithSHA1 */
+	this->data.pbes2.prf_alg = PRF_HMAC_SHA1;
 
 	while (parser->iterate(parser, &objectID, &object))
 	{
@@ -474,13 +479,22 @@ static bool parse_pbkdf2_params(private_pkcs5_t *this, chunk_t blob, int level0)
 				break;
 			}
 			case PBKDF2_PRF:
-			{	/* defaults to id-hmacWithSHA1, no other is currently defined */
-				this->data.pbes2.prf_alg = PRF_HMAC_SHA1;
+			{
+				int oid;
+
+				oid = asn1_parse_algorithmIdentifier(object,
+										parser->get_level(parser) + 1, NULL);
+				this->data.pbes2.prf_alg = pseudo_random_function_from_oid(oid);
+				if (this->data.pbes2.prf_alg == PRF_UNDEFINED)
+				{	/* unsupported PRF algorithm */
+					goto end;
+				}
 				break;
 			}
 		}
 	}
 	success = parser->success(parser);
+end:
 	parser->destroy(parser);
 	return success;
 }
diff --git a/src/libstrongswan/crypto/pkcs5.h b/src/libstrongswan/crypto/pkcs5.h
index b16d3736e..fd781fb00 100644
--- a/src/libstrongswan/crypto/pkcs5.h
+++ b/src/libstrongswan/crypto/pkcs5.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c
index a26010aae..7d2b5217c 100644
--- a/src/libstrongswan/crypto/prf_plus.c
+++ b/src/libstrongswan/crypto/prf_plus.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h
index 2c4b8852d..41fdfbb86 100644
--- a/src/libstrongswan/crypto/prf_plus.h
+++ b/src/libstrongswan/crypto/prf_plus.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/prfs/mac_prf.c b/src/libstrongswan/crypto/prfs/mac_prf.c
index 3f8eb7e5c..8db21df36 100644
--- a/src/libstrongswan/crypto/prfs/mac_prf.c
+++ b/src/libstrongswan/crypto/prfs/mac_prf.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/prfs/mac_prf.h b/src/libstrongswan/crypto/prfs/mac_prf.h
index 4ff925b04..0c1dda6f5 100644
--- a/src/libstrongswan/crypto/prfs/mac_prf.h
+++ b/src/libstrongswan/crypto/prfs/mac_prf.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/prfs/prf.c b/src/libstrongswan/crypto/prfs/prf.c
index 12e13ef57..eee09535d 100644
--- a/src/libstrongswan/crypto/prfs/prf.c
+++ b/src/libstrongswan/crypto/prfs/prf.c
@@ -1,7 +1,8 @@
 /*
+ * Copyright (C) 2018 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -16,6 +17,8 @@
 
 #include "prf.h"
 
+#include <asn1/oid.h>
+
 ENUM_BEGIN(pseudo_random_function_names, PRF_UNDEFINED, PRF_CAMELLIA128_XCBC,
 	"PRF_UNDEFINED",
 	"PRF_FIPS_SHA1_160",
@@ -33,3 +36,25 @@ ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_AES128_CMAC, PRF_CAMEL
 	"PRF_AES128_CMAC");
 ENUM_END(pseudo_random_function_names, PRF_AES128_CMAC);
 
+/*
+ * Described in header.
+ */
+pseudo_random_function_t pseudo_random_function_from_oid(int oid)
+{
+	switch (oid)
+	{
+		case OID_HMAC_SHA1:
+			return PRF_HMAC_SHA1;
+		case OID_HMAC_SHA256:
+			return PRF_HMAC_SHA2_256;
+		case OID_HMAC_SHA384:
+			return PRF_HMAC_SHA2_384;
+		case OID_HMAC_SHA512:
+			return PRF_HMAC_SHA2_512;
+		case OID_HMAC_SHA224:
+		case OID_HMAC_SHA512_224:
+		case OID_HMAC_SHA512_256:
+		default:
+			return PRF_UNDEFINED;
+	}
+}
diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h
index fe9ffc2dd..a91de1ddc 100644
--- a/src/libstrongswan/crypto/prfs/prf.h
+++ b/src/libstrongswan/crypto/prfs/prf.h
@@ -1,7 +1,8 @@
 /*
+ * Copyright (C) 2018 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -125,4 +126,12 @@ struct prf_t {
 	void (*destroy)(prf_t *this);
 };
 
+/**
+ * Conversion of ASN.1 OID to PRF algorithm.
+ *
+ * @param oid			ASN.1 OID
+ * @return				encryption algorithm, PRF_UNDEFINED if OID unsupported
+ */
+pseudo_random_function_t pseudo_random_function_from_oid(int oid);
+
 #endif /** PRF_H_ @}*/
diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c
index bb0a02b59..d671879c0 100644
--- a/src/libstrongswan/crypto/proposal/proposal.c
+++ b/src/libstrongswan/crypto/proposal/proposal.c
@@ -57,6 +57,11 @@ struct private_proposal_t {
 	 */
 	array_t *transforms;
 
+	/**
+	 * Types of transforms contained, as transform_type_t
+	 */
+	array_t *types;
+
 	/**
 	 * senders SPI
 	 */
@@ -68,6 +73,101 @@ struct private_proposal_t {
 	u_int number;
 };
 
+/**
+ * This is a hack to not change the previous order when printing proposals
+ */
+static transform_type_t type_for_sort(const void *type)
+{
+	const transform_type_t *t = type;
+
+	switch (*t)
+	{
+		case PSEUDO_RANDOM_FUNCTION:
+			return INTEGRITY_ALGORITHM;
+		case INTEGRITY_ALGORITHM:
+			return PSEUDO_RANDOM_FUNCTION;
+		default:
+			return *t;
+	}
+}
+
+/**
+ * Sort transform types
+ */
+static int type_sort(const void *a, const void *b, void *user)
+{
+	transform_type_t ta = type_for_sort(a), tb = type_for_sort(b);
+	return ta - tb;
+}
+
+/**
+ * Find a transform type
+ */
+static int type_find(const void *a, const void *b)
+{
+	return type_sort(a, b, NULL);
+}
+
+/**
+ * Check if the given transform type is already in the set
+ */
+static bool contains_type(array_t *types, transform_type_t type)
+{
+	return array_bsearch(types, &type, type_find, NULL) != -1;
+}
+
+/**
+ * Add the given transform type to the set
+ */
+static void add_type(array_t *types, transform_type_t type)
+{
+	if (!contains_type(types, type))
+	{
+		array_insert(types, ARRAY_TAIL, &type);
+		array_sort(types, type_sort, NULL);
+	}
+}
+
+/**
+ * Merge two sets of transform types into a new array
+ */
+static array_t *merge_types(private_proposal_t *this, private_proposal_t *other)
+{
+	array_t *types;
+	transform_type_t type;
+	int i, count;
+
+	count = max(array_count(this->types), array_count(other->types));
+	types = array_create(sizeof(transform_type_t), count);
+
+	for (i = 0; i < count; i++)
+	{
+		if (array_get(this->types, i, &type))
+		{
+			add_type(types, type);
+		}
+		if (array_get(other->types, i, &type))
+		{
+			add_type(types, type);
+		}
+	}
+	return types;
+}
+
+/**
+ * Remove the given transform type from the set
+ */
+static void remove_type(private_proposal_t *this, transform_type_t type)
+{
+	int i;
+
+	i = array_bsearch(this->types, &type, type_find, NULL);
+	if (i >= 0)
+	{
+		array_remove(this->types, i, NULL);
+	}
+}
+
 /**
  * Struct used to store different kinds of algorithms.
  */
@@ -91,6 +191,7 @@ METHOD(proposal_t, add_algorithm, void,
 	};
 
 	array_insert(this->transforms, ARRAY_TAIL, &entry);
+	add_type(this->types, type);
 }
 
 CALLBACK(alg_filter, bool,
@@ -206,17 +307,31 @@ METHOD(proposal_t, strip_dh, void,
 {
 	enumerator_t *enumerator;
 	entry_t *entry;
+	bool found = FALSE;
 
 	enumerator = array_create_enumerator(this->transforms);
 	while (enumerator->enumerate(enumerator, &entry))
 	{
-		if (entry->type == DIFFIE_HELLMAN_GROUP &&
-			entry->alg != keep)
+		if (entry->type == DIFFIE_HELLMAN_GROUP)
 		{
-			array_remove_at(this->transforms, enumerator);
+			if (entry->alg != keep)
+			{
+				array_remove_at(this->transforms, enumerator);
+			}
+			else
+			{
+				found = TRUE;
+			}
 		}
 	}
 	enumerator->destroy(enumerator);
+	array_compress(this->transforms);
+
+	if (keep == MODP_NONE || !found)
+	{
+		remove_type(this, DIFFIE_HELLMAN_GROUP);
+		array_compress(this->types);
+	}
 }
 
 /**
@@ -310,6 +425,9 @@ METHOD(proposal_t, select_proposal, proposal_t*,
 	bool private)
 {
 	proposal_t *selected;
+	transform_type_t type;
+	array_t *types;
+	int i;
 
 	DBG2(DBG_CFG, "selecting proposal:");
 
@@ -328,18 +446,20 @@ METHOD(proposal_t, select_proposal, proposal_t*,
 	{
 		selected = proposal_create(this->protocol, this->number);
 		selected->set_spi(selected, this->spi);
-
 	}
 
-	if (!select_algo(this, other, selected, ENCRYPTION_ALGORITHM, private) ||
-		!select_algo(this, other, selected, PSEUDO_RANDOM_FUNCTION, private) ||
-		!select_algo(this, other, selected, INTEGRITY_ALGORITHM, private) ||
-		!select_algo(this, other, selected, DIFFIE_HELLMAN_GROUP, private) ||
-		!select_algo(this, other, selected, EXTENDED_SEQUENCE_NUMBERS, private))
+	types = merge_types(this, (private_proposal_t*)other);
+	for (i = 0; i < array_count(types); i++)
 	{
-		selected->destroy(selected);
-		return NULL;
+		array_get(types, i, &type);
+		if (!select_algo(this, other, selected, type, private))
+		{
+			selected->destroy(selected);
+			array_destroy(types);
+			return NULL;
+		}
 	}
+	array_destroy(types);
 
 	DBG2(DBG_CFG, "  proposal matches");
 	return selected;
@@ -409,16 +529,27 @@ METHOD(proposal_t, get_number, u_int,
 METHOD(proposal_t, equals, bool,
 	private_proposal_t *this, proposal_t *other)
 {
+	transform_type_t type;
+	array_t *types;
+	int i;
+
 	if (&this->public == other)
 	{
 		return TRUE;
 	}
-	return (
-		algo_list_equals(this, other, ENCRYPTION_ALGORITHM) &&
-		algo_list_equals(this, other, INTEGRITY_ALGORITHM) &&
-		algo_list_equals(this, other, PSEUDO_RANDOM_FUNCTION) &&
-		algo_list_equals(this, other, DIFFIE_HELLMAN_GROUP) &&
-		algo_list_equals(this, other, EXTENDED_SEQUENCE_NUMBERS));
+
+	types = merge_types(this, (private_proposal_t*)other);
+	for (i = 0; i < array_count(types); i++)
+	{
+		array_get(types, i, &type);
+		if (!algo_list_equals(this, other, type))
+		{
+			array_destroy(types);
+			return FALSE;
+		}
+	}
+	array_destroy(types);
+	return TRUE;
 }
 
 METHOD(proposal_t, clone_, proposal_t*,
@@ -427,6 +558,7 @@ METHOD(proposal_t, clone_, proposal_t*,
 	private_proposal_t *clone;
 	enumerator_t *enumerator;
 	entry_t *entry;
+	transform_type_t *type;
 
 	clone = (private_proposal_t*)proposal_create(this->protocol, 0);
 
@@ -436,6 +568,12 @@ METHOD(proposal_t, clone_, proposal_t*,
 		array_insert(clone->transforms, ARRAY_TAIL, entry);
 	}
 	enumerator->destroy(enumerator);
+	enumerator = array_create_enumerator(this->types);
+	while (enumerator->enumerate(enumerator, &type))
+	{
+		array_insert(clone->types, ARRAY_TAIL, type);
+	}
+	enumerator->destroy(enumerator);
 
 	clone->spi = this->spi;
 	clone->number = this->number;
@@ -479,6 +617,7 @@ static void remove_transform(private_proposal_t *this, transform_type_t type)
 		}
 	}
 	e->destroy(e);
+	remove_type(this, type);
 }
 
 /**
@@ -571,6 +710,14 @@ static bool check_proposal(private_proposal_t *this)
 			 * we MUST NOT propose any integrity algorithms */
 			remove_transform(this, INTEGRITY_ALGORITHM);
 		}
+		else if (this->protocol == PROTO_IKE &&
+				 !get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL))
+		{
+			DBG1(DBG_CFG, "an integrity algorithm is mandatory in %N proposals "
+				 "with classic (non-AEAD) encryption algorithms",
+				 protocol_id_names, this->protocol);
+			return FALSE;
+		}
 	}
 	else
 	{	/* AES-GMAC is parsed as encryption algorithm, so we map that to the
@@ -605,6 +752,7 @@ static bool check_proposal(private_proposal_t *this)
 			}
 		}
 		e->destroy(e);
+		remove_type(this, ENCRYPTION_ALGORITHM);
 
 		if (!get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL))
 		{
@@ -623,6 +771,7 @@ static bool check_proposal(private_proposal_t *this)
 	}
 
 	array_compress(this->transforms);
+	array_compress(this->types);
 	return TRUE;
 }
 
@@ -646,30 +795,44 @@ static bool add_string_algo(private_proposal_t *this, const char *alg)
 }
 
 /**
- * print all algorithms of a kind to buffer
+ * Print all algorithms of the given type
  */
 static int print_alg(private_proposal_t *this, printf_hook_data_t *data,
-					 u_int kind, void *names, bool *first)
+					 transform_type_t type, bool *first)
 {
 	enumerator_t *enumerator;
 	size_t written = 0;
-	uint16_t alg, size;
+	entry_t *entry;
+	enum_name_t *names;
+
+	names = transform_get_enum_names(type);
 
-	enumerator = create_enumerator(this, kind);
-	while (enumerator->enumerate(enumerator, &alg, &size))
+	enumerator = array_create_enumerator(this->transforms);
+	while (enumerator->enumerate(enumerator, &entry))
 	{
+		char *prefix = "/";
+
+		if (type != entry->type)
+		{
+			continue;
+		}
 		if (*first)
 		{
-			written += print_in_hook(data, "%N", names, alg);
+			prefix = "";
 			*first = FALSE;
 		}
+		if (names)
+		{
+			written += print_in_hook(data, "%s%N", prefix, names, entry->alg);
+		}
 		else
 		{
-			written += print_in_hook(data, "/%N", names, alg);
+			written += print_in_hook(data, "%sUNKNOWN_%u_%u", prefix,
+									 entry->type, entry->alg);
 		}
-		if (size)
+		if (entry->key_size)
 		{
-			written += print_in_hook(data, "_%u", size);
+			written += print_in_hook(data, "_%u", entry->key_size);
 		}
 	}
 	enumerator->destroy(enumerator);
@@ -685,6 +848,7 @@ int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
 	private_proposal_t *this = *((private_proposal_t**)(args[0]));
 	linked_list_t *list = *((linked_list_t**)(args[0]));
 	enumerator_t *enumerator;
+	transform_type_t *type;
 	size_t written = 0;
 	bool first = TRUE;
 
@@ -713,16 +877,12 @@ int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
 	}
 
 	written = print_in_hook(data, "%N:", protocol_id_names, this->protocol);
-	written += print_alg(this, data, ENCRYPTION_ALGORITHM,
-						 encryption_algorithm_names, &first);
-	written += print_alg(this, data, INTEGRITY_ALGORITHM,
-						 integrity_algorithm_names, &first);
-	written += print_alg(this, data, PSEUDO_RANDOM_FUNCTION,
-						 pseudo_random_function_names, &first);
-	written += print_alg(this, data, DIFFIE_HELLMAN_GROUP,
-						 diffie_hellman_group_names, &first);
-	written += print_alg(this, data, EXTENDED_SEQUENCE_NUMBERS,
-						 extended_sequence_numbers_names, &first);
+	enumerator = array_create_enumerator(this->types);
+	while (enumerator->enumerate(enumerator, &type))
+	{
+		written += print_alg(this, data, *type, &first);
+	}
+	enumerator->destroy(enumerator);
 	return written;
 }
 
@@ -730,6 +890,7 @@ METHOD(proposal_t, destroy, void,
 	private_proposal_t *this)
 {
 	array_destroy(this->transforms);
+	array_destroy(this->types);
 	free(this);
 }
 
@@ -760,6 +921,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number)
 		.protocol = protocol,
 		.number = number,
 		.transforms = array_create(sizeof(entry_t), 0),
+		.types = array_create(sizeof(transform_type_t), 0),
 	);
 
 	return &this->public;
@@ -794,7 +956,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
 					add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
 					break;
 				case ENCR_CHACHA20_POLY1305:
-					add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
+					add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0);
 					break;
 				default:
 					break;
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
index cd4e5763c..e83e18829 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h
index b062221e5..585377a6b 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.h
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
index 420a66d7c..cad94aa82 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
@@ -32,7 +32,7 @@ error "gperf generated tables don't work with this execution character set. Plea
 
 /*
  * Copyright (C) 2009-2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -59,12 +59,12 @@ struct proposal_token {
 	uint16_t          keysize;
 };
 
-#define TOTAL_KEYWORDS 143
+#define TOTAL_KEYWORDS 144
 #define MIN_WORD_LENGTH 3
-#define MAX_WORD_LENGTH 17
+#define MAX_WORD_LENGTH 22
 #define MIN_HASH_VALUE 7
-#define MAX_HASH_VALUE 259
-/* maximum key range = 253, duplicates = 0 */
+#define MAX_HASH_VALUE 250
+/* maximum key range = 244, duplicates = 0 */
 
 #ifdef __GNUC__
 __inline
@@ -78,34 +78,34 @@ hash (str, len)
      register const char *str;
      register unsigned int len;
 {
-  static const unsigned short asso_values[] =
+  static const unsigned char asso_values[] =
     {
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260,  73,   2,
-       16,  40,  30,  26,   8,  15,   3,   1, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 106, 260,   2,   2,  16,
-       46,  75,   1,  78,   2,   4, 260, 260,   1,  18,
-        7,   2, 164,   5,  94, 116,  23,  41, 260, 260,
-        1,   2, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260, 260, 260, 260,
-      260, 260, 260, 260, 260, 260, 260
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251,  73,   2,
+       16,  47,  30,  26,   8,   6,   3,   1, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251,  98, 251,   2,   2,  16,
+       46,  75,   1,  78,   6,   4, 251, 251,   1,   4,
+        7,   2, 124,   1,  94, 116,  23,  64, 251, 251,
+        1,   2, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251, 251, 251, 251,
+      251, 251, 251, 251, 251, 251, 251
     };
   register int hval = len;
 
@@ -154,15 +154,16 @@ static const struct proposal_token wordlist[] =
     {"sha1",             INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,         0},
     {"aes128",           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            128},
     {"ntru128",          DIFFIE_HELLMAN_GROUP, NTRU_128_BIT,              0},
+    {"modp768",          DIFFIE_HELLMAN_GROUP, MODP_768_BIT,              0},
     {"md5",              INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_96,          0},
     {"modp8192",         DIFFIE_HELLMAN_GROUP, MODP_8192_BIT,             0},
     {"md5_128",          INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_128,         0},
     {"ecp192",           DIFFIE_HELLMAN_GROUP, ECP_192_BIT,               0},
     {"aes192",           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            192},
     {"prfsha256",        PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256,       0},
-    {"modp768",          DIFFIE_HELLMAN_GROUP, MODP_768_BIT,              0},
     {"ntru192",          DIFFIE_HELLMAN_GROUP, NTRU_192_BIT,              0},
     {"ntru112",          DIFFIE_HELLMAN_GROUP, NTRU_112_BIT,              0},
+    {"aescmac",          INTEGRITY_ALGORITHM,  AUTH_AES_CMAC_96,          0},
     {"ecp256",           DIFFIE_HELLMAN_GROUP, ECP_256_BIT,               0},
     {"aes256",           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            256},
     {"aes192ccm8",       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       192},
@@ -175,11 +176,9 @@ static const struct proposal_token wordlist[] =
     {"aes128ccm16",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      128},
     {"aesxcbc",          INTEGRITY_ALGORITHM,  AUTH_AES_XCBC_96,          0},
     {"prfsha512",        PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512,       0},
-    {"aescmac",          INTEGRITY_ALGORITHM,  AUTH_AES_CMAC_96,          0},
     {"camellia",         ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       128},
     {"sha512",           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,    0},
     {"aes192ccm12",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      192},
-    {"modpnull",         DIFFIE_HELLMAN_GROUP, MODP_NULL,                 0},
     {"aes128ccm12",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      128},
     {"ntru256",          DIFFIE_HELLMAN_GROUP, NTRU_256_BIT,              0},
     {"aes256ccm8",       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       256},
@@ -201,24 +200,25 @@ static const struct proposal_token wordlist[] =
     {"modp6144",         DIFFIE_HELLMAN_GROUP, MODP_6144_BIT,             0},
     {"aes128ccm64",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       128},
     {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
-    {"prfsha384",        PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384,       0},
+    {"modpnull",         DIFFIE_HELLMAN_GROUP, MODP_NULL,                 0},
     {"camellia128ccm8",  ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8,  128},
     {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
-    {"modp1536",         DIFFIE_HELLMAN_GROUP, MODP_1536_BIT,             0},
     {"sha384",           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,    0},
     {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
     {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
+    {"prfsha384",        PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384,       0},
     {"camelliaxcbc",     INTEGRITY_ALGORITHM,  AUTH_CAMELLIA_XCBC_96,     0},
     {"camellia256",      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       256},
+    {"modp1536",         DIFFIE_HELLMAN_GROUP, MODP_1536_BIT,             0},
     {"camellia256ccm8",  ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8,  256},
     {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
     {"aes256ccm64",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       256},
     {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
     {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
     {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+    {"prfmd5",           PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5,            0},
     {"modpnone",         DIFFIE_HELLMAN_GROUP, MODP_NONE,                 0},
     {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8,  192},
-    {"prfmd5",           PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5,            0},
     {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
     {"aes192gcm8",       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       192},
     {"aes192gcm128",     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      192},
@@ -236,6 +236,7 @@ static const struct proposal_token wordlist[] =
     {"aes256gcm8",       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       256},
     {"aes256gcm128",     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      256},
     {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8,  256},
+    {"prfcamelliaxcbc",  PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC,    0},
     {"aes256gcm96",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      256},
     {"aes256gcm16",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      256},
     {"modp1024",         DIFFIE_HELLMAN_GROUP, MODP_1024_BIT,             0},
@@ -247,46 +248,46 @@ static const struct proposal_token wordlist[] =
     {"aes256gcm12",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      256},
     {"serpent128",       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        128},
     {"aes192gcm64",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       192},
-    {"blowfish",         ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           128},
     {"aes128gcm64",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       128},
     {"3des",             ENCRYPTION_ALGORITHM, ENCR_3DES,                 0},
-    {"prfcamelliaxcbc",  PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC,    0},
+    {"blowfish",         ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           128},
+    {"ecp512bp",         DIFFIE_HELLMAN_GROUP, ECP_512_BP,                0},
     {"serpent256",       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        256},
     {"aes256ctr",        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,            256},
     {"aes256gmac",       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
-    {"serpent",          ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        128},
     {"modp3072",         DIFFIE_HELLMAN_GROUP, MODP_3072_BIT,             0},
+    {"serpent",          ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        128},
     {"camellia192ctr",   ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR,       192},
     {"modp2048s256",     DIFFIE_HELLMAN_GROUP, MODP_2048_256,             0},
     {"aes256gcm64",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       256},
     {"blowfish192",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           192},
     {"blowfish128",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           128},
+    {"ecp384bp",         DIFFIE_HELLMAN_GROUP, ECP_384_BP,                0},
+    {"ecp256bp",         DIFFIE_HELLMAN_GROUP, ECP_256_BP,                0},
     {"serpent192",       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        192},
-    {"twofish",          ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        128},
-    {"curve25519",       DIFFIE_HELLMAN_GROUP, CURVE_25519,               0},
-    {"camellia128ctr",   ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR,       128},
-    {"twofish128",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        128},
     {"sha256_96",        INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,     0},
     {"sha2_512",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,    0},
+    {"curve25519",       DIFFIE_HELLMAN_GROUP, CURVE_25519,               0},
+    {"camellia128ctr",   ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR,       128},
+    {"sha2_256",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,    0},
+    {"ecp224bp",         DIFFIE_HELLMAN_GROUP, ECP_224_BP,                0},
     {"blowfish256",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           256},
-    {"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305,  256},
+    {"sha2_256_96",      INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,     0},
     {"modp2048s224",     DIFFIE_HELLMAN_GROUP, MODP_2048_224,             0},
     {"modp1024s160",     DIFFIE_HELLMAN_GROUP, MODP_1024_160,             0},
     {"camellia256ctr",   ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR,       256},
-    {"sha2_256",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,    0},
-    {"twofish256",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        256},
-    {"sha2_256_96",      INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,     0},
-    {"ecp512bp",         DIFFIE_HELLMAN_GROUP, ECP_512_BP,                0},
+    {"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305,    0},
+    {"chacha20poly1305compat", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256},
     {"des",              ENCRYPTION_ALGORITHM, ENCR_DES,                  0},
-    {"twofish192",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        192},
-    {"ecp384bp",         DIFFIE_HELLMAN_GROUP, ECP_384_BP,                0},
-    {"ecp256bp",         DIFFIE_HELLMAN_GROUP, ECP_256_BP,                0},
+    {"twofish",          ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        128},
+    {"twofish128",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        128},
     {"sha2_384",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,    0},
     {"sha1_160",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_160,        0},
-    {"ecp224bp",         DIFFIE_HELLMAN_GROUP, ECP_224_BP,                0},
+    {"twofish256",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        256},
+    {"newhope128",       DIFFIE_HELLMAN_GROUP, NH_128_BIT,                0},
+    {"twofish192",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        192},
     {"prfaesxcbc",       PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC,         0},
-    {"prfaescmac",       PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC,         0},
-    {"newhope128",       DIFFIE_HELLMAN_GROUP, NH_128_BIT,                0}
+    {"prfaescmac",       PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC,         0}
   };
 
 static const short lookup[] =
@@ -294,29 +295,29 @@ static const short lookup[] =
      -1,  -1,  -1,  -1,  -1,  -1,  -1,   0,  -1,  -1,
      -1,   1,   2,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
       3,   4,  -1,  -1,  -1,  -1,  -1,   5,   6,   7,
-      8,  -1,  -1,   9,  -1,  -1,  10,  11,  12,  -1,
-     13,  14,  15,  16,  17,  18,  -1,  -1,  -1,  19,
-     20,  21,  22,  23,  24,  25,  26,  27,  28,  29,
-     30,  31,  32,  33,  34,  35,  36,  37,  38,  39,
-     40,  41,  42,  43,  44,  45,  -1,  46,  47,  48,
-     49,  50,  51,  52,  53,  54,  55,  56,  57,  58,
-     59,  60,  61,  62,  63,  -1,  64,  65,  -1,  66,
-     67,  68,  69,  70,  71,  -1,  72,  73,  -1,  74,
+      8,  -1,  -1,   9,  10,  -1,  11,  12,  13,  -1,
+     14,  15,  16,  -1,  17,  18,  -1,  19,  -1,  20,
+     21,  22,  23,  24,  25,  26,  27,  28,  29,  30,
+     31,  -1,  32,  33,  34,  -1,  35,  36,  37,  38,
+     39,  40,  41,  42,  43,  44,  -1,  45,  46,  47,
+     48,  49,  50,  51,  52,  53,  54,  55,  56,  57,
+     58,  -1,  59,  60,  61,  62,  63,  64,  65,  66,
+     67,  68,  69,  70,  71,  72,  73,  74,  -1,  -1,
      -1,  -1,  75,  76,  77,  78,  79,  80,  81,  82,
      83,  84,  85,  -1,  -1,  -1,  86,  87,  88,  -1,
-     89,  90,  91,  -1,  92,  93,  94,  95,  96,  97,
-     98,  99,  -1, 100, 101,  -1, 102, 103, 104,  -1,
-    105, 106,  -1,  -1, 107, 108, 109,  -1, 110, 111,
-     -1, 112, 113, 114,  -1, 115,  -1, 116,  -1,  -1,
-    117,  -1, 118,  -1,  -1, 119, 120,  -1,  -1, 121,
-    122, 123, 124, 125, 126, 127, 128, 129,  -1, 130,
-     -1, 131,  -1, 132, 133,  -1,  -1,  -1,  -1,  -1,
-     -1,  -1,  -1,  -1,  -1, 134,  -1,  -1, 135, 136,
-    137,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
-    138, 139,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
-     -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1, 140,
+     89,  90,  91,  92,  93,  94,  95,  96,  97,  98,
+     99, 100,  -1, 101, 102,  -1, 103,  -1, 104,  -1,
+    105, 106,  -1, 107, 108, 109, 110, 111, 112,  -1,
+     -1, 113, 114, 115,  -1, 116,  -1, 117, 118, 119,
+    120,  -1, 121, 122,  -1, 123, 124,  -1,  -1, 125,
+     -1, 126, 127, 128, 129, 130, 131, 132,  -1,  -1,
+    133,  -1,  -1,  -1, 134,  -1,  -1,  -1,  -1,  -1,
+     -1,  -1,  -1, 135,  -1,  -1, 136,  -1,  -1, 137,
+     -1,  -1, 138,  -1,  -1,  -1, 139,  -1,  -1, 140,
+     -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
+     -1,  -1, 141,  -1,  -1, 142,  -1,  -1,  -1,  -1,
      -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
-     -1,  -1,  -1,  -1, 141,  -1,  -1,  -1,  -1, 142
+    143
   };
 
 #ifdef __GNUC__
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h
index e28f46513..1345f36bb 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in
index ee9f7b9da..be77410ab 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.h.in
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
index c44ed96a0..b214a9edf 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@@ -1,7 +1,7 @@
 %{
 /*
  * Copyright (C) 2009-2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -78,7 +78,8 @@ aes256gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      256
 aes128gmac,       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128
 aes192gmac,       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192
 aes256gmac,       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256
-chacha20poly1305, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305,  256
+chacha20poly1305, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305,    0
+chacha20poly1305compat, ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256
 blowfish,         ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           128
 blowfish128,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           128
 blowfish192,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           192
diff --git a/src/libstrongswan/crypto/rngs/rng.c b/src/libstrongswan/crypto/rngs/rng.c
index 1f39dedb8..d2e34d9f3 100644
--- a/src/libstrongswan/crypto/rngs/rng.c
+++ b/src/libstrongswan/crypto/rngs/rng.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/rngs/rng.h b/src/libstrongswan/crypto/rngs/rng.h
index 0ca2cb114..11473030e 100644
--- a/src/libstrongswan/crypto/rngs/rng.h
+++ b/src/libstrongswan/crypto/rngs/rng.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/signers/mac_signer.c b/src/libstrongswan/crypto/signers/mac_signer.c
index 4426782b4..d2b484424 100644
--- a/src/libstrongswan/crypto/signers/mac_signer.c
+++ b/src/libstrongswan/crypto/signers/mac_signer.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/signers/mac_signer.h b/src/libstrongswan/crypto/signers/mac_signer.h
index a50c8cadf..7fcdac909 100644
--- a/src/libstrongswan/crypto/signers/mac_signer.h
+++ b/src/libstrongswan/crypto/signers/mac_signer.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/signers/signer.c b/src/libstrongswan/crypto/signers/signer.c
index 522b4e29d..2ba38ad7f 100644
--- a/src/libstrongswan/crypto/signers/signer.c
+++ b/src/libstrongswan/crypto/signers/signer.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index 8958e66e9..f0d6667ff 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c
index 808cb996e..77a57f527 100644
--- a/src/libstrongswan/crypto/transform.c
+++ b/src/libstrongswan/crypto/transform.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -17,21 +17,20 @@
 #include <crypto/hashers/hasher.h>
 #include <crypto/rngs/rng.h>
 
-ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, EXTENDED_OUTPUT_FUNCTION,
-	"UNDEFINED_TRANSFORM_TYPE",
-	"HASH_ALGORITHM",
-	"RANDOM_NUMBER_GENERATOR",
-	"AEAD_ALGORITHM",
-	"COMPRESSION_ALGORITHM",
-	"EXTENDED OUTPUT FUNCTION");
-ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS,
-								EXTENDED_OUTPUT_FUNCTION,
+ENUM_BEGIN(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS,
 	"ENCRYPTION_ALGORITHM",
 	"PSEUDO_RANDOM_FUNCTION",
 	"INTEGRITY_ALGORITHM",
 	"DIFFIE_HELLMAN_GROUP",
 	"EXTENDED_SEQUENCE_NUMBERS");
-ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
+ENUM_NEXT(transform_type_names, HASH_ALGORITHM, EXTENDED_OUTPUT_FUNCTION,
+		  EXTENDED_SEQUENCE_NUMBERS,
+	"HASH_ALGORITHM",
+	"RANDOM_NUMBER_GENERATOR",
+	"AEAD_ALGORITHM",
+	"COMPRESSION_ALGORITHM",
+	"EXTENDED OUTPUT FUNCTION");
+ENUM_END(transform_type_names, EXTENDED_OUTPUT_FUNCTION);
 
 
 ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
@@ -64,7 +63,6 @@ enum_name_t* transform_get_enum_names(transform_type_t type)
 			return extended_sequence_numbers_names;
 		case EXTENDED_OUTPUT_FUNCTION:
 			return ext_out_function_names;
-		case UNDEFINED_TRANSFORM_TYPE:
 		case COMPRESSION_ALGORITHM:
 			break;
 	}
diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h
index e043e605c..63881b373 100644
--- a/src/libstrongswan/crypto/transform.h
+++ b/src/libstrongswan/crypto/transform.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -29,17 +29,16 @@ typedef enum transform_type_t transform_type_t;
  * Type of a transform, as in IKEv2 RFC 3.3.2.
  */
 enum transform_type_t {
-	UNDEFINED_TRANSFORM_TYPE = 241,
-	HASH_ALGORITHM = 242,
-	RANDOM_NUMBER_GENERATOR = 243,
-	AEAD_ALGORITHM = 244,
-	COMPRESSION_ALGORITHM = 245,
-	EXTENDED_OUTPUT_FUNCTION = 246,
 	ENCRYPTION_ALGORITHM = 1,
 	PSEUDO_RANDOM_FUNCTION = 2,
 	INTEGRITY_ALGORITHM = 3,
 	DIFFIE_HELLMAN_GROUP = 4,
-	EXTENDED_SEQUENCE_NUMBERS = 5
+	EXTENDED_SEQUENCE_NUMBERS = 5,
+	HASH_ALGORITHM = 256,
+	RANDOM_NUMBER_GENERATOR = 257,
+	AEAD_ALGORITHM = 258,
+	COMPRESSION_ALGORITHM = 259,
+	EXTENDED_OUTPUT_FUNCTION = 260,
 };
 
 /**
diff --git a/src/libstrongswan/database/database.h b/src/libstrongswan/database/database.h
index ad5ccf95e..dc6ed1315 100644
--- a/src/libstrongswan/database/database.h
+++ b/src/libstrongswan/database/database.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/database/database_factory.c b/src/libstrongswan/database/database_factory.c
index 6c714ba51..e34aa9f6b 100644
--- a/src/libstrongswan/database/database_factory.c
+++ b/src/libstrongswan/database/database_factory.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/database/database_factory.h b/src/libstrongswan/database/database_factory.h
index 3213e1a08..18561fd2a 100644
--- a/src/libstrongswan/database/database_factory.h
+++ b/src/libstrongswan/database/database_factory.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/eap/eap.c b/src/libstrongswan/eap/eap.c
index 2b7295e3d..68f304006 100644
--- a/src/libstrongswan/eap/eap.c
+++ b/src/libstrongswan/eap/eap.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/eap/eap.h b/src/libstrongswan/eap/eap.h
index 2d4a238cd..b3c441900 100644
--- a/src/libstrongswan/eap/eap.h
+++ b/src/libstrongswan/eap/eap.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/fetcher/fetcher.h b/src/libstrongswan/fetcher/fetcher.h
index 6043dac2e..953bf11b9 100644
--- a/src/libstrongswan/fetcher/fetcher.h
+++ b/src/libstrongswan/fetcher/fetcher.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2011 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2011 revosec AG
  *
  * This program is free software; you can redistribute it and/or modify it
diff --git a/src/libstrongswan/fetcher/fetcher_manager.c b/src/libstrongswan/fetcher/fetcher_manager.c
index f36cfcf82..356270f28 100644
--- a/src/libstrongswan/fetcher/fetcher_manager.c
+++ b/src/libstrongswan/fetcher/fetcher_manager.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/fetcher/fetcher_manager.h b/src/libstrongswan/fetcher/fetcher_manager.h
index 449f284f7..725fc613b 100644
--- a/src/libstrongswan/fetcher/fetcher_manager.h
+++ b/src/libstrongswan/fetcher/fetcher_manager.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c
index c992eb5ad..16dbf8d41 100644
--- a/src/libstrongswan/ipsec/ipsec_types.c
+++ b/src/libstrongswan/ipsec/ipsec_types.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -37,6 +37,12 @@ ENUM(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_LZJH,
 	"IPCOMP_LZJH"
 );
 
+ENUM(hw_offload_names, HW_OFFLOAD_NO, HW_OFFLOAD_AUTO,
+	"no",
+	"yes",
+	"auto",
+);
+
 /*
  * See header
  */
diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h
index 1db78ba6f..4e6e2d9dc 100644
--- a/src/libstrongswan/ipsec/ipsec_types.h
+++ b/src/libstrongswan/ipsec/ipsec_types.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -26,6 +26,7 @@ typedef enum policy_dir_t policy_dir_t;
 typedef enum policy_type_t policy_type_t;
 typedef enum policy_priority_t policy_priority_t;
 typedef enum ipcomp_transform_t ipcomp_transform_t;
+typedef enum hw_offload_t hw_offload_t;
 typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t;
 typedef struct lifetime_cfg_t lifetime_cfg_t;
 typedef struct mark_t mark_t;
@@ -116,6 +117,20 @@ enum ipcomp_transform_t {
  */
 extern enum_name_t *ipcomp_transform_names;
 
+/**
+ * HW offload mode options
+ */
+enum hw_offload_t {
+	HW_OFFLOAD_NO = 0,
+	HW_OFFLOAD_YES = 1,
+	HW_OFFLOAD_AUTO = 2,
+};
+
+/**
+ * enum names for hw_offload_t.
+ */
+extern enum_name_t *hw_offload_names;
+
 /**
  * This struct contains details about IPsec SA(s) tied to a policy.
  */
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index dbdf5cfe9..86b275dad 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009-2016 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index 08316fd13..53f371c51 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2010-2016 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/networking/host.c b/src/libstrongswan/networking/host.c
index 953720498..110ece894 100644
--- a/src/libstrongswan/networking/host.c
+++ b/src/libstrongswan/networking/host.c
@@ -3,7 +3,7 @@
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/networking/host.h b/src/libstrongswan/networking/host.h
index a777f9f97..29283af8e 100644
--- a/src/libstrongswan/networking/host.h
+++ b/src/libstrongswan/networking/host.h
@@ -3,7 +3,7 @@
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/networking/host_resolver.c b/src/libstrongswan/networking/host_resolver.c
index bad87e434..580931e1f 100644
--- a/src/libstrongswan/networking/host_resolver.c
+++ b/src/libstrongswan/networking/host_resolver.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/networking/host_resolver.h b/src/libstrongswan/networking/host_resolver.h
index f944a9cdf..d28f3bb27 100644
--- a/src/libstrongswan/networking/host_resolver.h
+++ b/src/libstrongswan/networking/host_resolver.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/networking/packet.c b/src/libstrongswan/networking/packet.c
index f76a85a4b..00993f92b 100644
--- a/src/libstrongswan/networking/packet.c
+++ b/src/libstrongswan/networking/packet.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/networking/packet.h b/src/libstrongswan/networking/packet.h
index 8699d4abe..806337ba0 100644
--- a/src/libstrongswan/networking/packet.h
+++ b/src/libstrongswan/networking/packet.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/networking/streams/stream_service_unix.c b/src/libstrongswan/networking/streams/stream_service_unix.c
index 1ed27c499..a9b71d6fd 100644
--- a/src/libstrongswan/networking/streams/stream_service_unix.c
+++ b/src/libstrongswan/networking/streams/stream_service_unix.c
@@ -39,8 +39,9 @@ stream_service_t *stream_service_create_unix(char *uri, int backlog)
 	}
 	if (!lib->caps->check(lib->caps, CAP_CHOWN))
 	{	/* required to chown(2) service socket */
-		DBG1(DBG_NET, "socket '%s' requires CAP_CHOWN capability", uri);
-		return NULL;
+		DBG1(DBG_NET, "cannot change ownership of socket '%s' without "
+			 "CAP_CHOWN capability. socket directory should be accessible to "
+			 "UID/GID under which the daemon will run", uri);
 	}
 	fd = socket(AF_UNIX, SOCK_STREAM, 0);
 	if (fd == -1)
@@ -58,7 +59,9 @@ stream_service_t *stream_service_create_unix(char *uri, int backlog)
 		return NULL;
 	}
 	umask(old);
-	if (chown(addr.sun_path, lib->caps->get_uid(lib->caps),
+	/* only attempt to chown() socket if we have CAP_CHOWN */
+	if (lib->caps->check(lib->caps, CAP_CHOWN) &&
+		chown(addr.sun_path, lib->caps->get_uid(lib->caps),
 			  lib->caps->get_gid(lib->caps)) != 0)
 	{
 		DBG1(DBG_NET, "changing socket permissions for '%s' failed: %s",
diff --git a/src/libstrongswan/networking/tun_device.c b/src/libstrongswan/networking/tun_device.c
index 86951f1e7..3ebeb10ef 100644
--- a/src/libstrongswan/networking/tun_device.c
+++ b/src/libstrongswan/networking/tun_device.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2012 Martin Willi
  *
  * This program is free software; you can redistribute it and/or modify it
diff --git a/src/libstrongswan/networking/tun_device.h b/src/libstrongswan/networking/tun_device.h
index 4f9eacb07..798e3275d 100644
--- a/src/libstrongswan/networking/tun_device.h
+++ b/src/libstrongswan/networking/tun_device.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c
index 8829ba162..243a14296 100644
--- a/src/libstrongswan/plugins/aes/aes_crypter.c
+++ b/src/libstrongswan/plugins/aes/aes_crypter.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2001 Dr B. R. Gladman <brg@gladman.uk.net>
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/aes/aes_crypter.h b/src/libstrongswan/plugins/aes/aes_crypter.h
index 473772f04..d3e51ba75 100644
--- a/src/libstrongswan/plugins/aes/aes_crypter.h
+++ b/src/libstrongswan/plugins/aes/aes_crypter.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c
index 1e84a7c86..bfb356e58 100644
--- a/src/libstrongswan/plugins/aes/aes_plugin.c
+++ b/src/libstrongswan/plugins/aes/aes_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/aes/aes_plugin.h b/src/libstrongswan/plugins/aes/aes_plugin.h
index f0f0e8154..0fc42e4ec 100644
--- a/src/libstrongswan/plugins/aes/aes_plugin.h
+++ b/src/libstrongswan/plugins/aes/aes_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/aesni/aesni_cmac.c b/src/libstrongswan/plugins/aesni/aesni_cmac.c
index 07580c822..a232ef0e0 100644
--- a/src/libstrongswan/plugins/aesni/aesni_cmac.c
+++ b/src/libstrongswan/plugins/aesni/aesni_cmac.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2015 Martin Willi
  * Copyright (C) 2015 revosec AG
  *
diff --git a/src/libstrongswan/plugins/aesni/aesni_xcbc.c b/src/libstrongswan/plugins/aesni/aesni_xcbc.c
index 974c5fedc..55276f62c 100644
--- a/src/libstrongswan/plugins/aesni/aesni_xcbc.c
+++ b/src/libstrongswan/plugins/aesni/aesni_xcbc.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2015 Martin Willi
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2015 revosec AG
  *
  * This program is free software; you can redistribute it and/or modify it
diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c
index dc6adc457..c381dfeb3 100644
--- a/src/libstrongswan/plugins/agent/agent_plugin.c
+++ b/src/libstrongswan/plugins/agent/agent_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/agent/agent_plugin.h b/src/libstrongswan/plugins/agent/agent_plugin.h
index d352c305c..79d99b206 100644
--- a/src/libstrongswan/plugins/agent/agent_plugin.h
+++ b/src/libstrongswan/plugins/agent/agent_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c
index cf2c5ea85..77c29916c 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.c
+++ b/src/libstrongswan/plugins/agent/agent_private_key.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.h b/src/libstrongswan/plugins/agent/agent_private_key.h
index 0623f2bb9..32c129ec4 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.h
+++ b/src/libstrongswan/plugins/agent/agent_private_key.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c
index 964edcd93..a5b11d4ab 100644
--- a/src/libstrongswan/plugins/bliss/bliss_private_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c
@@ -782,7 +782,7 @@ static uint32_t nks_norm(int8_t *s1, int8_t *s2, int n, uint16_t kappa)
 	for (i = 0; i < n; i++)
 	{
 		wrap(t, n, i, t_wrapped);
-		qsort(t_wrapped, n, sizeof(int16_t), (__compar_fn_t)compare);
+		qsort(t_wrapped, n, sizeof(int16_t), (void*)compare);
 		max_kappa[i] = 0;
 
 		for (j = 1; j <= kappa; j++)
@@ -790,7 +790,7 @@ static uint32_t nks_norm(int8_t *s1, int8_t *s2, int n, uint16_t kappa)
 			max_kappa[i] += t_wrapped[n - j];
 		}
 	}
-	qsort(max_kappa, n, sizeof(int16_t), (__compar_fn_t)compare);
+	qsort(max_kappa, n, sizeof(int16_t), (void*)compare);
 
 	for (i = 1; i <= kappa; i++)
 	{
diff --git a/src/libstrongswan/plugins/blowfish/bf_enc.c b/src/libstrongswan/plugins/blowfish/bf_enc.c
index f9591c1a4..7c32e3fbb 100644
--- a/src/libstrongswan/plugins/blowfish/bf_enc.c
+++ b/src/libstrongswan/plugins/blowfish/bf_enc.c
@@ -50,7 +50,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * The licence and distribution terms for any publically available version or
+ * The licence and distribution terms for any publicly available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
diff --git a/src/libstrongswan/plugins/blowfish/bf_locl.h b/src/libstrongswan/plugins/blowfish/bf_locl.h
index e5f49280b..ad8deed80 100644
--- a/src/libstrongswan/plugins/blowfish/bf_locl.h
+++ b/src/libstrongswan/plugins/blowfish/bf_locl.h
@@ -50,7 +50,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * The licence and distribution terms for any publically available version or
+ * The licence and distribution terms for any publicly available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
diff --git a/src/libstrongswan/plugins/blowfish/bf_pi.h b/src/libstrongswan/plugins/blowfish/bf_pi.h
index 86c2ef366..650783192 100644
--- a/src/libstrongswan/plugins/blowfish/bf_pi.h
+++ b/src/libstrongswan/plugins/blowfish/bf_pi.h
@@ -50,7 +50,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * The licence and distribution terms for any publically available version or
+ * The licence and distribution terms for any publicly available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
diff --git a/src/libstrongswan/plugins/blowfish/bf_skey.c b/src/libstrongswan/plugins/blowfish/bf_skey.c
index 52a051890..f44b72383 100644
--- a/src/libstrongswan/plugins/blowfish/bf_skey.c
+++ b/src/libstrongswan/plugins/blowfish/bf_skey.c
@@ -50,7 +50,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * The licence and distribution terms for any publically available version or
+ * The licence and distribution terms for any publicly available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
diff --git a/src/libstrongswan/plugins/blowfish/blowfish.h b/src/libstrongswan/plugins/blowfish/blowfish.h
index 3c8f77a0f..771afcf15 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish.h
+++ b/src/libstrongswan/plugins/blowfish/blowfish.h
@@ -50,7 +50,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * The licence and distribution terms for any publically available version or
+ * The licence and distribution terms for any publicly available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
index 6d8d1d709..6ef60c883 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
@@ -49,7 +49,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * The licence and distribution terms for any publically available version or
+ * The licence and distribution terms for any publicly available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h
index 70dcae66e..4d30c92e4 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
index 7494c52c3..b7748df90 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009 Andreas Steffen
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.h b/src/libstrongswan/plugins/blowfish/blowfish_plugin.h
index 6a87f42ee..9d1c88f08 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.h
+++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/cmac/cmac.c b/src/libstrongswan/plugins/cmac/cmac.c
index 22f077f58..28a3228dd 100644
--- a/src/libstrongswan/plugins/cmac/cmac.c
+++ b/src/libstrongswan/plugins/cmac/cmac.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/cmac/cmac.h b/src/libstrongswan/plugins/cmac/cmac.h
index dc85e3bc3..fb3871588 100644
--- a/src/libstrongswan/plugins/cmac/cmac.h
+++ b/src/libstrongswan/plugins/cmac/cmac.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.c b/src/libstrongswan/plugins/cmac/cmac_plugin.c
index 694e598a5..d5efdabf5 100644
--- a/src/libstrongswan/plugins/cmac/cmac_plugin.c
+++ b/src/libstrongswan/plugins/cmac/cmac_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.h b/src/libstrongswan/plugins/cmac/cmac_plugin.h
index a31e1077d..89c450259 100644
--- a/src/libstrongswan/plugins/cmac/cmac_plugin.h
+++ b/src/libstrongswan/plugins/cmac/cmac_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c
index b52b35ba0..51ed89595 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.c
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2007 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.h b/src/libstrongswan/plugins/curl/curl_fetcher.h
index 6b9cad657..b6467c979 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.h
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c
index 42ae9cdd2..94da81c6a 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.c
+++ b/src/libstrongswan/plugins/curl/curl_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/curl/curl_plugin.h b/src/libstrongswan/plugins/curl/curl_plugin.h
index ae17285c2..31ecdd672 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.h
+++ b/src/libstrongswan/plugins/curl/curl_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c
index cb5064d90..159c3872a 100644
--- a/src/libstrongswan/plugins/des/des_crypter.c
+++ b/src/libstrongswan/plugins/des/des_crypter.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Derived from Plutos DES library by Eric Young.
  *
@@ -52,7 +52,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * The licence and distribution terms for any publically available version or
+ * The licence and distribution terms for any publicly available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
diff --git a/src/libstrongswan/plugins/des/des_crypter.h b/src/libstrongswan/plugins/des/des_crypter.h
index 07215d0c5..4493fddcb 100644
--- a/src/libstrongswan/plugins/des/des_crypter.h
+++ b/src/libstrongswan/plugins/des/des_crypter.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c
index be2587679..1b6a633af 100644
--- a/src/libstrongswan/plugins/des/des_plugin.c
+++ b/src/libstrongswan/plugins/des/des_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/des/des_plugin.h b/src/libstrongswan/plugins/des/des_plugin.h
index cfff420c0..d98052c05 100644
--- a/src/libstrongswan/plugins/des/des_plugin.h
+++ b/src/libstrongswan/plugins/des/des_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/dnskey/dnskey_builder.c b/src/libstrongswan/plugins/dnskey/dnskey_builder.c
index fd2471a48..ecad31d05 100644
--- a/src/libstrongswan/plugins/dnskey/dnskey_builder.c
+++ b/src/libstrongswan/plugins/dnskey/dnskey_builder.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/dnskey/dnskey_builder.h b/src/libstrongswan/plugins/dnskey/dnskey_builder.h
index 16eff3269..f6a6a642a 100644
--- a/src/libstrongswan/plugins/dnskey/dnskey_builder.h
+++ b/src/libstrongswan/plugins/dnskey/dnskey_builder.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
index 9a4f6252f..a879b1117 100644
--- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
+++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.h b/src/libstrongswan/plugins/dnskey/dnskey_plugin.h
index 8b49bd6cb..fabd452f5 100644
--- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.h
+++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/files/files_fetcher.c b/src/libstrongswan/plugins/files/files_fetcher.c
index e0b7cbdb6..90a60a1e6 100644
--- a/src/libstrongswan/plugins/files/files_fetcher.c
+++ b/src/libstrongswan/plugins/files/files_fetcher.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/files/files_fetcher.h b/src/libstrongswan/plugins/files/files_fetcher.h
index 7fc4ec98e..d0ee51b96 100644
--- a/src/libstrongswan/plugins/files/files_fetcher.h
+++ b/src/libstrongswan/plugins/files/files_fetcher.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/files/files_plugin.c b/src/libstrongswan/plugins/files/files_plugin.c
index 6ab735dab..df22af69c 100644
--- a/src/libstrongswan/plugins/files/files_plugin.c
+++ b/src/libstrongswan/plugins/files/files_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/files/files_plugin.h b/src/libstrongswan/plugins/files/files_plugin.h
index c121b9652..6e51690f9 100644
--- a/src/libstrongswan/plugins/files/files_plugin.h
+++ b/src/libstrongswan/plugins/files/files_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c
index 47676b32f..a51cfe105 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.h b/src/libstrongswan/plugins/fips_prf/fips_prf.h
index 514e3c5d9..3c66f7576 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf.h
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
index 68b6bacb2..b3526a636 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h
index 3bd26ad45..7b5c40946 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
index 80a8dc90d..4bee5b704 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h
index e565e28c7..4bc34ea5e 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
index 5519125ba..f59144a86 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
index c6259f7ac..822ffe205 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
index 199c1d6c9..564828e53 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h
index a7542bcdd..f37ab42c1 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 8a3de1e01..45fba242b 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h
index 05e5e7014..6cf87bf59 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
index bf11758b1..9a8424915 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h
index a0cc12369..57fb0b9ad 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h
index 0f3d66b80..3a8b7eec4 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h
index ca0a284a2..d92c64f44 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
index b01adfe01..f07dd36cc 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
@@ -4,7 +4,7 @@
  * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
index a8cde7bca..dfc8560e2 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c
index 700e29bf6..b0ae2d81d 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.c
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.h b/src/libstrongswan/plugins/gmp/gmp_plugin.h
index e4a87c8e2..6ffa485bb 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.h
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h
index 32e1f292c..1e7d15218 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2005-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
index 14dd71e0b..fb6288754 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c
index c777b47cd..63c294b32 100644
--- a/src/libstrongswan/plugins/hmac/hmac.c
+++ b/src/libstrongswan/plugins/hmac/hmac.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/hmac/hmac.h b/src/libstrongswan/plugins/hmac/hmac.h
index bf66dd4aa..d0993653a 100644
--- a/src/libstrongswan/plugins/hmac/hmac.h
+++ b/src/libstrongswan/plugins/hmac/hmac.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c
index 43d5a0364..68eb7d91a 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.c
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.h b/src/libstrongswan/plugins/hmac/hmac_plugin.h
index 03d1d1cf9..c73687d7b 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.h
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
index 635d5fc0e..23c1dbe2b 100644
--- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c
+++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2007 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.h b/src/libstrongswan/plugins/ldap/ldap_fetcher.h
index 30a141bae..d12c5a4fd 100644
--- a/src/libstrongswan/plugins/ldap/ldap_fetcher.h
+++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.c b/src/libstrongswan/plugins/ldap/ldap_plugin.c
index 210d33a93..dd0ccad6b 100644
--- a/src/libstrongswan/plugins/ldap/ldap_plugin.c
+++ b/src/libstrongswan/plugins/ldap/ldap_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.h b/src/libstrongswan/plugins/ldap/ldap_plugin.h
index e4fcebaa3..06da5a842 100644
--- a/src/libstrongswan/plugins/ldap/ldap_plugin.h
+++ b/src/libstrongswan/plugins/ldap/ldap_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/md4/md4_hasher.c b/src/libstrongswan/plugins/md4/md4_hasher.c
index ada6c05da..c008d0188 100644
--- a/src/libstrongswan/plugins/md4/md4_hasher.c
+++ b/src/libstrongswan/plugins/md4/md4_hasher.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 1990-1992, RSA Data Security, Inc. Created 1990.
  * All rights reserved.
  *
diff --git a/src/libstrongswan/plugins/md4/md4_hasher.h b/src/libstrongswan/plugins/md4/md4_hasher.h
index aeb68f718..7960a1337 100644
--- a/src/libstrongswan/plugins/md4/md4_hasher.h
+++ b/src/libstrongswan/plugins/md4/md4_hasher.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/md4/md4_plugin.c b/src/libstrongswan/plugins/md4/md4_plugin.c
index baa44b7f5..7847415bd 100644
--- a/src/libstrongswan/plugins/md4/md4_plugin.c
+++ b/src/libstrongswan/plugins/md4/md4_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/md4/md4_plugin.h b/src/libstrongswan/plugins/md4/md4_plugin.h
index 9fde665e6..8718ea65e 100644
--- a/src/libstrongswan/plugins/md4/md4_plugin.h
+++ b/src/libstrongswan/plugins/md4/md4_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/md5/md5_hasher.c b/src/libstrongswan/plugins/md5/md5_hasher.c
index d14c10ae5..ed78a9859 100644
--- a/src/libstrongswan/plugins/md5/md5_hasher.c
+++ b/src/libstrongswan/plugins/md5/md5_hasher.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 1991-1992, RSA Data Security, Inc. Created 1991.
  * All rights reserved.
  *
diff --git a/src/libstrongswan/plugins/md5/md5_hasher.h b/src/libstrongswan/plugins/md5/md5_hasher.h
index 7f29a9621..7bf21c2d4 100644
--- a/src/libstrongswan/plugins/md5/md5_hasher.h
+++ b/src/libstrongswan/plugins/md5/md5_hasher.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/md5/md5_plugin.c b/src/libstrongswan/plugins/md5/md5_plugin.c
index 4a61af618..c6219e1b7 100644
--- a/src/libstrongswan/plugins/md5/md5_plugin.c
+++ b/src/libstrongswan/plugins/md5/md5_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/md5/md5_plugin.h b/src/libstrongswan/plugins/md5/md5_plugin.h
index c4ca619dc..0a4ec916d 100644
--- a/src/libstrongswan/plugins/md5/md5_plugin.h
+++ b/src/libstrongswan/plugins/md5/md5_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c
index 211eba704..d7e35d9fd 100644
--- a/src/libstrongswan/plugins/mysql/mysql_database.c
+++ b/src/libstrongswan/plugins/mysql/mysql_database.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/mysql/mysql_database.h b/src/libstrongswan/plugins/mysql/mysql_database.h
index bbf6a33e9..d948a1c09 100644
--- a/src/libstrongswan/plugins/mysql/mysql_database.h
+++ b/src/libstrongswan/plugins/mysql/mysql_database.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.c b/src/libstrongswan/plugins/mysql/mysql_plugin.c
index 23d709739..cb4425cf8 100644
--- a/src/libstrongswan/plugins/mysql/mysql_plugin.c
+++ b/src/libstrongswan/plugins/mysql/mysql_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.h b/src/libstrongswan/plugins/mysql/mysql_plugin.h
index d1f21870c..49f5c1e7d 100644
--- a/src/libstrongswan/plugins/mysql/mysql_plugin.h
+++ b/src/libstrongswan/plugins/mysql/mysql_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/nonce/nonce_nonceg.c b/src/libstrongswan/plugins/nonce/nonce_nonceg.c
index 22c161df6..5f4162ed9 100644
--- a/src/libstrongswan/plugins/nonce/nonce_nonceg.c
+++ b/src/libstrongswan/plugins/nonce/nonce_nonceg.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/nonce/nonce_nonceg.h b/src/libstrongswan/plugins/nonce/nonce_nonceg.h
index 2ae0c97de..a4953c54e 100644
--- a/src/libstrongswan/plugins/nonce/nonce_nonceg.h
+++ b/src/libstrongswan/plugins/nonce/nonce_nonceg.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/nonce/nonce_plugin.c b/src/libstrongswan/plugins/nonce/nonce_plugin.c
index 90f2e8fac..724162193 100644
--- a/src/libstrongswan/plugins/nonce/nonce_plugin.c
+++ b/src/libstrongswan/plugins/nonce/nonce_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/nonce/nonce_plugin.h b/src/libstrongswan/plugins/nonce/nonce_plugin.h
index f4be1c3a8..d349145be 100644
--- a/src/libstrongswan/plugins/nonce/nonce_plugin.h
+++ b/src/libstrongswan/plugins/nonce/nonce_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Adrian-Ken Rueegsegger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/ntru/ntru_private_key.c b/src/libstrongswan/plugins/ntru/ntru_private_key.c
index 844c8baf3..642a35ca5 100644
--- a/src/libstrongswan/plugins/ntru/ntru_private_key.c
+++ b/src/libstrongswan/plugins/ntru/ntru_private_key.c
@@ -276,7 +276,7 @@ METHOD(ntru_private_key_t, decrypt, bool,
 	}
 	if (!msg_rep_good)
 	{
-		DBG1(DBG_LIB, "decryption failed due to unsufficient minimum weight");
+		DBG1(DBG_LIB, "decryption failed due to insufficient minimum weight");
 		success = FALSE;
 	}
 
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 88f7a67c2..bb5f20dcf 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -358,7 +358,7 @@ METHOD(certificate_t, get_validity, bool,
 	{
 		*not_after = this->nextUpdate;
 	}
-	return t <= this->nextUpdate;
+	return (t >= this->thisUpdate && t <= this->nextUpdate);
 }
 
 METHOD(certificate_t, get_encoding, bool,
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c
index b9085f9aa..74beb762e 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.h b/src/libstrongswan/plugins/openssl/openssl_crypter.h
index b12e7a6ab..2c5ef0b28 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.h
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index 8e9c1183f..a567f5f4f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2010 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
index 5de5520b5..43d1f3fa8 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index 11185e0c7..19de540b6 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
index fd60732b9..2f58c976d 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index faa940839..ba41c508f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009 Martin Willi
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
index 8094083a7..00c82aced 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.c b/src/libstrongswan/plugins/openssl/openssl_gcm.c
index 5ef885b16..4b096f049 100644
--- a/src/libstrongswan/plugins/openssl/openssl_gcm.c
+++ b/src/libstrongswan/plugins/openssl/openssl_gcm.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.h b/src/libstrongswan/plugins/openssl/openssl_gcm.h
index 4ae268bd6..a64c90129 100644
--- a/src/libstrongswan/plugins/openssl/openssl_gcm.h
+++ b/src/libstrongswan/plugins/openssl/openssl_gcm.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_hmac.c b/src/libstrongswan/plugins/openssl/openssl_hmac.c
index 16e707116..e3f44defa 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hmac.c
+++ b/src/libstrongswan/plugins/openssl/openssl_hmac.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_hmac.h b/src/libstrongswan/plugins/openssl/openssl_hmac.h
index 95ab6bfc3..f77e9acfb 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hmac.h
+++ b/src/libstrongswan/plugins/openssl/openssl_hmac.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c
index bbd400cac..c59c77b5b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c
+++ b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs12.h b/src/libstrongswan/plugins/openssl/openssl_pkcs12.h
index 5c3e5933d..3d6b5cb68 100644
--- a/src/libstrongswan/plugins/openssl/openssl_pkcs12.h
+++ b/src/libstrongswan/plugins/openssl/openssl_pkcs12.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.h b/src/libstrongswan/plugins/openssl/openssl_plugin.h
index 0762c37b9..a9c220a03 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.h
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
index 021257d3c..5654bcb58 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
index 3a6d2f193..8371bc17f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
+++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h
index 384e328e2..49db884ad 100644
--- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h
+++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c
index 6580e1c7d..b7f969f73 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.c
+++ b/src/libstrongswan/plugins/openssl/openssl_util.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009 Martin Willi
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h
index 7c5c367f7..80e557fa8 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.h
+++ b/src/libstrongswan/plugins/openssl/openssl_util.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 60c08770b..fae2d678f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -668,6 +668,9 @@ static bool parse_keyUsage_ext(private_openssl_x509_t *this,
 {
 	ASN1_BIT_STRING *usage;
 
+	/* to be compliant with RFC 4945 specific KUs have to be included */
+	this->flags &= ~X509_IKE_COMPLIANT;
+
 	usage = X509V3_EXT_d2i(ext);
 	if (usage)
 	{
@@ -682,6 +685,11 @@ static bool parse_keyUsage_ext(private_openssl_x509_t *this,
 			{
 				this->flags |= X509_CRL_SIGN;
 			}
+			if (flags & X509v3_KU_DIGITAL_SIGNATURE ||
+				flags & X509v3_KU_NON_REPUDIATION)
+			{
+				this->flags |= X509_IKE_COMPLIANT;
+			}
 			if (flags & X509v3_KU_KEY_CERT_SIGN)
 			{
 				/* we use the caBasicContraint, MUST be set */
@@ -988,6 +996,9 @@ static bool parse_extensions(private_openssl_x509_t *this)
 	STACK_OF(X509_EXTENSION) *extensions;
 	int i, num;
 
+	/* unless we see a keyUsage extension we are compliant with RFC 4945 */
+	this->flags |= X509_IKE_COMPLIANT;
+
 	extensions = X509_get0_extensions(this->x509);
 	if (extensions)
 	{
diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
index b5060de0a..2969f21d9 100644
--- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
+++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Thomas Kallenberg
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h
index 1c804860c..dc3182481 100644
--- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h
+++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Thomas Kallenberg
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c
index 9ce210961..a92f32d3c 100644
--- a/src/libstrongswan/plugins/padlock/padlock_plugin.c
+++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.h b/src/libstrongswan/plugins/padlock/padlock_plugin.h
index d99d4db0f..6f3926021 100644
--- a/src/libstrongswan/plugins/padlock/padlock_plugin.h
+++ b/src/libstrongswan/plugins/padlock/padlock_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.c b/src/libstrongswan/plugins/padlock/padlock_rng.c
index 6b337d82c..3153cf1bd 100644
--- a/src/libstrongswan/plugins/padlock/padlock_rng.c
+++ b/src/libstrongswan/plugins/padlock/padlock_rng.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.h b/src/libstrongswan/plugins/padlock/padlock_rng.h
index 776be8937..a1e22113e 100644
--- a/src/libstrongswan/plugins/padlock/padlock_rng.h
+++ b/src/libstrongswan/plugins/padlock/padlock_rng.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
index 30040da39..764227a4e 100644
--- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
+++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Thomas Kallenberg
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h
index bb45d7b4f..6373c4cad 100644
--- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h
+++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Thomas Kallenberg
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index ec90fb084..e9d464fe5 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
  * Copyright (C) 2001-2008 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pem/pem_builder.h b/src/libstrongswan/plugins/pem/pem_builder.h
index b1bfc6d4d..bf64762b1 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.h
+++ b/src/libstrongswan/plugins/pem/pem_builder.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pem/pem_encoder.h b/src/libstrongswan/plugins/pem/pem_encoder.h
index d8f05dd73..e779acb75 100644
--- a/src/libstrongswan/plugins/pem/pem_encoder.h
+++ b/src/libstrongswan/plugins/pem/pem_encoder.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c
index 662b0fe8e..eb9e420ff 100644
--- a/src/libstrongswan/plugins/pem/pem_plugin.c
+++ b/src/libstrongswan/plugins/pem/pem_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pem/pem_plugin.h b/src/libstrongswan/plugins/pem/pem_plugin.h
index 944a3fc85..c9ee761d0 100644
--- a/src/libstrongswan/plugins/pem/pem_plugin.h
+++ b/src/libstrongswan/plugins/pem/pem_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c
index e8f5c5ddf..64e1a4c96 100644
--- a/src/libstrongswan/plugins/pgp/pgp_builder.c
+++ b/src/libstrongswan/plugins/pgp/pgp_builder.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009 Martin Willi
  * Copyright (C) 2002-2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.h b/src/libstrongswan/plugins/pgp/pgp_builder.h
index 1168babd6..5fbf7c784 100644
--- a/src/libstrongswan/plugins/pgp/pgp_builder.h
+++ b/src/libstrongswan/plugins/pgp/pgp_builder.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c
index 392ef5440..47271e1af 100644
--- a/src/libstrongswan/plugins/pgp/pgp_cert.c
+++ b/src/libstrongswan/plugins/pgp/pgp_cert.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.h b/src/libstrongswan/plugins/pgp/pgp_cert.h
index 4db795ddc..e0c6795ff 100644
--- a/src/libstrongswan/plugins/pgp/pgp_cert.h
+++ b/src/libstrongswan/plugins/pgp/pgp_cert.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pgp/pgp_encoder.c b/src/libstrongswan/plugins/pgp/pgp_encoder.c
index eba936b83..3b5b19d12 100644
--- a/src/libstrongswan/plugins/pgp/pgp_encoder.c
+++ b/src/libstrongswan/plugins/pgp/pgp_encoder.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pgp/pgp_encoder.h b/src/libstrongswan/plugins/pgp/pgp_encoder.h
index b5bc2af44..79130bb60 100644
--- a/src/libstrongswan/plugins/pgp/pgp_encoder.h
+++ b/src/libstrongswan/plugins/pgp/pgp_encoder.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c
index a2cf403dc..2b5b7e098 100644
--- a/src/libstrongswan/plugins/pgp/pgp_plugin.c
+++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.h b/src/libstrongswan/plugins/pgp/pgp_plugin.h
index 8a0ab89d6..bbfba2d4a 100644
--- a/src/libstrongswan/plugins/pgp/pgp_plugin.h
+++ b/src/libstrongswan/plugins/pgp/pgp_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.c b/src/libstrongswan/plugins/pgp/pgp_utils.c
index 283bf8c36..5dbc03ad0 100644
--- a/src/libstrongswan/plugins/pgp/pgp_utils.c
+++ b/src/libstrongswan/plugins/pgp/pgp_utils.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.h b/src/libstrongswan/plugins/pgp/pgp_utils.h
index 180292a7a..36eed5866 100644
--- a/src/libstrongswan/plugins/pgp/pgp_utils.h
+++ b/src/libstrongswan/plugins/pgp/pgp_utils.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h
index 9f251833e..68c49e431 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c
index 905f14c88..8bcf6e866 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h
index 2eec736f1..7bd6c69c1 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h
index 588bde559..a28827cc4 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
index b0fa41b6a..3d3df57fd 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h
index 1ad58e7a1..3f68c62ec 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
index 89ae1969e..b42632fdb 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
@@ -899,8 +899,8 @@ METHOD(pkcs11_library_t, create_mechanism_enumerator, enumerator_t*,
 		return enumerator_create_empty();
 	}
 	enumerator->mechs = malloc(sizeof(CK_MECHANISM_TYPE) * enumerator->count);
-	enumerator->lib->f->C_GetMechanismList(slot, enumerator->mechs,
-										   &enumerator->count);
+	rv = enumerator->lib->f->C_GetMechanismList(slot, enumerator->mechs,
+												&enumerator->count);
 	if (rv != CKR_OK)
 	{
 		DBG1(DBG_CFG, "C_GetMechanismList() failed: %N", ck_rv_names, rv);
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h
index b8b4ff746..4038b7e8f 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
index bd2a2c114..d6bf4de42 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
index 6158f6d25..77cc9bd44 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2016 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h
index 6d3a9556e..b3bf911c2 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
index 36029fa30..ed450a6c7 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c
index 753835187..847309b38 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.h b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.h
index 998631f7e..1e4b6224b 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.h
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c b/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c
index 82fc0c0b9..a20c05e91 100644
--- a/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c
+++ b/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs12/pkcs12_decode.h b/src/libstrongswan/plugins/pkcs12/pkcs12_decode.h
index e2998968f..5369b9e50 100644
--- a/src/libstrongswan/plugins/pkcs12/pkcs12_decode.h
+++ b/src/libstrongswan/plugins/pkcs12/pkcs12_decode.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.c b/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.c
index 902d2971b..5c2c8b4c4 100644
--- a/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.c
+++ b/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.h b/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.h
index 3bd7f2df3..c05c261eb 100644
--- a/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.h
+++ b/src/libstrongswan/plugins/pkcs12/pkcs12_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -9,7 +9,7 @@
  *
  * This program is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPSE.  See the GNU General Public License
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  */
 
diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c
index efcd2b30a..445dedcf7 100644
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2008 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h
index d5f6156a1..f82ef6016 100644
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2008 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.c b/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.c
index 2c414c391..0eb57619c 100644
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.h b/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.h
index b685557fc..ea67ebb2d 100644
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.h
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c b/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c
index 5cd0d8f93..82d113dec 100644
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c
@@ -4,7 +4,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2002-2008 Andreas Steffen
  * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c b/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c
index 24d7cd848..9c3680190 100644
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_generic.c
@@ -4,7 +4,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2002-2008 Andreas Steffen
  * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_plugin.h b/src/libstrongswan/plugins/pkcs7/pkcs7_plugin.h
index 3d582c7c6..57c8cf0c1 100644
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_plugin.h
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_plugin.h
@@ -9,7 +9,7 @@
  *
  * This program is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPSE.  See the GNU General Public License
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  */
 
diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
index 6cd5da4fd..22b7829a4 100644
--- a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h
index b07f2d927..b78a532b3 100644
--- a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c
index fcd8f119e..b1c48f7ff 100644
--- a/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h
index 03ca950a3..6ada49209 100644
--- a/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -9,7 +9,7 @@
  *
  * This program is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPSE.  See the GNU General Public License
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  */
 
diff --git a/src/libstrongswan/plugins/plugin.h b/src/libstrongswan/plugins/plugin.h
index 7bfbdf1d4..0b67aa979 100644
--- a/src/libstrongswan/plugins/plugin.h
+++ b/src/libstrongswan/plugins/plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/plugin_feature.c b/src/libstrongswan/plugins/plugin_feature.c
index 39d86c82a..844698bd2 100644
--- a/src/libstrongswan/plugins/plugin_feature.c
+++ b/src/libstrongswan/plugins/plugin_feature.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2011 Martin Willi
  * Copyright (C) 2011 revosec AG
diff --git a/src/libstrongswan/plugins/plugin_feature.h b/src/libstrongswan/plugins/plugin_feature.h
index 8cc6277eb..d3c2df7f7 100644
--- a/src/libstrongswan/plugins/plugin_feature.h
+++ b/src/libstrongswan/plugins/plugin_feature.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2011 Martin Willi
  * Copyright (C) 2011 revosec AG
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c
index 7d0cc88ed..121248bbe 100644
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2010-2014 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h
index 156bd8656..c5a16fef3 100644
--- a/src/libstrongswan/plugins/plugin_loader.h
+++ b/src/libstrongswan/plugins/plugin_loader.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012-2014 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
index 81dad65b7..a7bf87e5b 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.h b/src/libstrongswan/plugins/pubkey/pubkey_cert.h
index 06e4e0fa3..039111f87 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_cert.h
+++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
index a898bbfcc..c79be9093 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
index db71bddc0..8f649c828 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
+++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c
index e159751be..9292de2cf 100644
--- a/src/libstrongswan/plugins/random/random_plugin.c
+++ b/src/libstrongswan/plugins/random/random_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/random/random_plugin.h b/src/libstrongswan/plugins/random/random_plugin.h
index ff79bef0c..302bf3086 100644
--- a/src/libstrongswan/plugins/random/random_plugin.h
+++ b/src/libstrongswan/plugins/random/random_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c
index 3760630ab..45dd0dfdc 100644
--- a/src/libstrongswan/plugins/random/random_rng.c
+++ b/src/libstrongswan/plugins/random/random_rng.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/random/random_rng.h b/src/libstrongswan/plugins/random/random_rng.h
index 4e6f3afb2..5fcf33d15 100644
--- a/src/libstrongswan/plugins/random/random_rng.h
+++ b/src/libstrongswan/plugins/random/random_rng.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/rc2/rc2_crypter.c b/src/libstrongswan/plugins/rc2/rc2_crypter.c
index d9681e834..de76580fc 100644
--- a/src/libstrongswan/plugins/rc2/rc2_crypter.c
+++ b/src/libstrongswan/plugins/rc2/rc2_crypter.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/rc2/rc2_crypter.h b/src/libstrongswan/plugins/rc2/rc2_crypter.h
index d478762a6..21f540dc4 100644
--- a/src/libstrongswan/plugins/rc2/rc2_crypter.h
+++ b/src/libstrongswan/plugins/rc2/rc2_crypter.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/rc2/rc2_plugin.c b/src/libstrongswan/plugins/rc2/rc2_plugin.c
index 6c6fa76d6..4365befd5 100644
--- a/src/libstrongswan/plugins/rc2/rc2_plugin.c
+++ b/src/libstrongswan/plugins/rc2/rc2_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/rc2/rc2_plugin.h b/src/libstrongswan/plugins/rc2/rc2_plugin.h
index cbbac51af..a387e0cc8 100644
--- a/src/libstrongswan/plugins/rc2/rc2_plugin.h
+++ b/src/libstrongswan/plugins/rc2/rc2_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c
index 1b68320df..f8e78ac0c 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@@ -1,8 +1,9 @@
 /*
+ * Copyright (C) 2015-2018 Tobias Brunner
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -15,6 +16,8 @@
  * for more details.
  */
 
+#include <time.h>
+
 #include "revocation_validator.h"
 
 #include <utils/debug.h>
@@ -56,7 +59,7 @@ static certificate_t *fetch_ocsp(char *url, certificate_t *subject,
 								 certificate_t *issuer)
 {
 	certificate_t *request, *response;
-	chunk_t send, receive;
+	chunk_t send, receive = chunk_empty;
 
 	/* TODO: requestor name, signature */
 	request = lib->creds->create(lib->creds,
@@ -84,6 +87,7 @@ static certificate_t *fetch_ocsp(char *url, certificate_t *subject,
 							FETCH_END) != SUCCESS)
 	{
 		DBG1(DBG_CFG, "ocsp request to %s failed", url);
+		chunk_free(&receive);
 		chunk_free(&send);
 		return NULL;
 	}
@@ -351,13 +355,10 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer,
 	{
 		valid = VALIDATION_FAILED;
 	}
-	if (auth)
-	{
-		auth->add(auth, AUTH_RULE_OCSP_VALIDATION, valid);
-		if (valid == VALIDATION_GOOD)
-		{	/* successful OCSP check fulfills also CRL constraint */
-			auth->add(auth, AUTH_RULE_CRL_VALIDATION, VALIDATION_GOOD);
-		}
+	auth->add(auth, AUTH_RULE_OCSP_VALIDATION, valid);
+	if (valid == VALIDATION_GOOD)
+	{	/* successful OCSP check fulfills also CRL constraint */
+		auth->add(auth, AUTH_RULE_CRL_VALIDATION, VALIDATION_GOOD);
 	}
 	DESTROY_IF(best);
 	return valid;
@@ -369,12 +370,13 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer,
 static certificate_t* fetch_crl(char *url)
 {
 	certificate_t *crl;
-	chunk_t chunk;
+	chunk_t chunk = chunk_empty;
 
 	DBG1(DBG_CFG, "  fetching crl from '%s' ...", url);
 	if (lib->fetcher->fetch(lib->fetcher, url, &chunk, FETCH_END) != SUCCESS)
 	{
 		DBG1(DBG_CFG, "crl fetching failed");
+		chunk_free(&chunk);
 		return NULL;
 	}
 	crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
@@ -417,11 +419,11 @@ static bool verify_crl(certificate_t *crl)
 /**
  * Report the given CRL's validity and cache it if valid and requested
  */
-static bool is_crl_valid(certificate_t *crl, bool cache)
+static bool is_crl_valid(certificate_t *crl, time_t now, bool cache)
 {
 	time_t valid_until;
 
-	if (crl->get_validity(crl, NULL, NULL, &valid_until))
+	if (crl->get_validity(crl, &now, NULL, &valid_until))
 	{
 		DBG1(DBG_CFG, "  crl is valid: until %T", &valid_until, FALSE);
 		if (cache)
@@ -434,6 +436,25 @@ static bool is_crl_valid(certificate_t *crl, bool cache)
 	return FALSE;
 }
 
+/**
+ * Check if the CRL should be used yet
+ */
+static bool is_crl_not_valid_yet(certificate_t *crl, time_t now)
+{
+	time_t this_update;
+
+	if (!crl->get_validity(crl, &now, &this_update, NULL))
+	{
+		if (this_update > now)
+		{
+			DBG1(DBG_CFG, "  crl is not valid: until %T", &this_update, FALSE);
+			return TRUE;
+		}
+		/* we accept stale CRLs */
+	}
+	return FALSE;
+}
+
 /**
  * Get the better of two CRLs, and check for usable CRL info
  */
@@ -442,7 +463,7 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best,
 					bool cache, crl_t *base)
 {
 	enumerator_t *enumerator;
-	time_t revocation;
+	time_t now, revocation;
 	crl_reason_t reason;
 	chunk_t subject_serial, serial;
 	crl_t *crl = (crl_t*)cand;
@@ -472,6 +493,12 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best,
 		cand->destroy(cand);
 		return best;
 	}
+	now = time(NULL);
+	if (is_crl_not_valid_yet(cand, now))
+	{
+		cand->destroy(cand);
+		return best;
+	}
 
 	subject_serial = chunk_skip_zero(subject->get_serial(subject));
 	enumerator = crl->create_enumerator(crl);
@@ -488,7 +515,7 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best,
 				/* if the cert is on hold, a newer CRL might not contain it */
 				*valid = VALIDATION_ON_HOLD;
 			}
-			is_crl_valid(cand, cache);
+			is_crl_valid(cand, now, cache);
 			DBG1(DBG_CFG, "certificate was revoked on %T, reason: %N",
 				 &revocation, TRUE, crl_reason_names, reason);
 			enumerator->destroy(enumerator);
@@ -503,7 +530,7 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best,
 	{
 		DESTROY_IF(best);
 		best = cand;
-		if (is_crl_valid(best, cache))
+		if (is_crl_valid(best, now, cache))
 		{
 			*valid = VALIDATION_GOOD;
 		}
@@ -578,6 +605,31 @@ static cert_validation_t find_crl(x509_t *subject, identification_t *issuer,
 	return valid;
 }
 
+/**
+ * Check if the issuer of the given CRL matches
+ */
+static bool check_issuer(certificate_t *crl, x509_t *issuer, x509_cdp_t *cdp)
+{
+	certificate_t *cissuer = (certificate_t*)issuer;
+	identification_t *id;
+	chunk_t chunk;
+	bool matches = FALSE;
+
+	if (cdp->issuer)
+	{
+		return crl->has_issuer(crl, cdp->issuer);
+	}
+	/* check SKI/AKI first, but fall back to DN matching */
+	chunk = issuer->get_subjectKeyIdentifier(issuer);
+	if (chunk.len)
+	{
+		id = identification_create_from_encoding(ID_KEY_ID, chunk);
+		matches = crl->has_issuer(crl, id);
+		id->destroy(id);
+	}
+	return matches || crl->has_issuer(crl, cissuer->get_subject(cissuer));
+}
+
 /**
  * Look for a delta CRL for a given base CRL
  */
@@ -585,7 +637,7 @@ static cert_validation_t check_delta_crl(x509_t *subject, x509_t *issuer,
 									crl_t *base, cert_validation_t base_valid)
 {
 	cert_validation_t valid = VALIDATION_SKIPPED;
-	certificate_t *best = NULL, *current;
+	certificate_t *best = NULL, *current, *cissuer = (certificate_t*)issuer;
 	enumerator_t *enumerator;
 	identification_t *id;
 	x509_cdp_t *cdp;
@@ -621,11 +673,12 @@ static cert_validation_t check_delta_crl(x509_t *subject, x509_t *issuer,
 		current = fetch_crl(cdp->uri);
 		if (current)
 		{
-			if (cdp->issuer && !current->has_issuer(current, cdp->issuer))
+			if (!check_issuer(current, issuer, cdp))
 			{
 				DBG1(DBG_CFG, "issuer of fetched delta CRL '%Y' does not match "
-					 "certificates CRL issuer '%Y'",
-					 current->get_issuer(current), cdp->issuer);
+					 "certificate's %sissuer '%Y'",
+					 current->get_issuer(current), cdp->issuer ? "CRL " : "",
+					 cdp->issuer ?: cissuer->get_subject(cissuer));
 				current->destroy(current);
 				continue;
 			}
@@ -653,7 +706,7 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer,
 								   auth_cfg_t *auth)
 {
 	cert_validation_t valid = VALIDATION_SKIPPED;
-	certificate_t *best = NULL;
+	certificate_t *best = NULL, *cissuer = (certificate_t*)issuer;
 	identification_t *id;
 	x509_cdp_t *cdp;
 	bool uri_found = FALSE;
@@ -692,11 +745,12 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer,
 			current = fetch_crl(cdp->uri);
 			if (current)
 			{
-				if (cdp->issuer && !current->has_issuer(current, cdp->issuer))
+				if (!check_issuer(current, issuer, cdp))
 				{
 					DBG1(DBG_CFG, "issuer of fetched CRL '%Y' does not match "
-						 "certificates CRL issuer '%Y'",
-						 current->get_issuer(current), cdp->issuer);
+						 "certificate's %sissuer '%Y'",
+						 current->get_issuer(current), cdp->issuer ? "CRL " : "",
+						 cdp->issuer ?: cissuer->get_subject(cissuer));
 					current->destroy(current);
 					continue;
 				}
@@ -722,18 +776,15 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer,
 	{
 		valid = VALIDATION_FAILED;
 	}
-	if (auth)
+	if (valid == VALIDATION_SKIPPED)
+	{	/* if we skipped CRL validation, we use the result of OCSP for
+		 * constraint checking */
+		auth->add(auth, AUTH_RULE_CRL_VALIDATION,
+				  auth->get(auth, AUTH_RULE_OCSP_VALIDATION));
+	}
+	else
 	{
-		if (valid == VALIDATION_SKIPPED)
-		{	/* if we skipped CRL validation, we use the result of OCSP for
-			 * constraint checking */
-			auth->add(auth, AUTH_RULE_CRL_VALIDATION,
-					  auth->get(auth, AUTH_RULE_OCSP_VALIDATION));
-		}
-		else
-		{
-			auth->add(auth, AUTH_RULE_CRL_VALIDATION, valid);
-		}
+		auth->add(auth, AUTH_RULE_CRL_VALIDATION, valid);
 	}
 	DESTROY_IF(best);
 	return valid;
@@ -753,8 +804,7 @@ METHOD(cert_validator_t, validate, bool,
 
 		if (this->enable_ocsp)
 		{
-			switch (check_ocsp((x509_t*)subject, (x509_t*)issuer,
-							   pathlen ? NULL : auth))
+			switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, auth))
 			{
 				case VALIDATION_GOOD:
 					DBG1(DBG_CFG, "certificate status is good");
@@ -776,11 +826,14 @@ METHOD(cert_validator_t, validate, bool,
 					break;
 			}
 		}
+		else
+		{
+			auth->add(auth, AUTH_RULE_OCSP_VALIDATION, VALIDATION_SKIPPED);
+		}
 
 		if (this->enable_crl)
 		{
-			switch (check_crl((x509_t*)subject, (x509_t*)issuer,
-							  pathlen ? NULL : auth))
+			switch (check_crl((x509_t*)subject, (x509_t*)issuer, auth))
 			{
 				case VALIDATION_GOOD:
 					DBG1(DBG_CFG, "certificate status is good");
@@ -800,6 +853,11 @@ METHOD(cert_validator_t, validate, bool,
 					break;
 			}
 		}
+		else
+		{
+			auth->add(auth, AUTH_RULE_CRL_VALIDATION,
+					  auth->get(auth, AUTH_RULE_OCSP_VALIDATION));
+		}
 
 		lib->credmgr->call_hook(lib->credmgr, CRED_HOOK_VALIDATION_FAILED,
 								subject);
diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.c b/src/libstrongswan/plugins/sha1/sha1_hasher.c
index fca65dfa2..4094175ab 100644
--- a/src/libstrongswan/plugins/sha1/sha1_hasher.c
+++ b/src/libstrongswan/plugins/sha1/sha1_hasher.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Ported from Steve Reid's <steve@edmweb.com> implementation
  * "SHA1 in C" found in strongSwan.
diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.h b/src/libstrongswan/plugins/sha1/sha1_hasher.h
index 7fa6f1bc0..7b409e2af 100644
--- a/src/libstrongswan/plugins/sha1/sha1_hasher.h
+++ b/src/libstrongswan/plugins/sha1/sha1_hasher.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.c b/src/libstrongswan/plugins/sha1/sha1_plugin.c
index 66c80b292..dc3663495 100644
--- a/src/libstrongswan/plugins/sha1/sha1_plugin.c
+++ b/src/libstrongswan/plugins/sha1/sha1_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.h b/src/libstrongswan/plugins/sha1/sha1_plugin.h
index cd1ff615d..43dc19d59 100644
--- a/src/libstrongswan/plugins/sha1/sha1_plugin.h
+++ b/src/libstrongswan/plugins/sha1/sha1_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.c b/src/libstrongswan/plugins/sha1/sha1_prf.c
index 464f4c9ec..c404b8eac 100644
--- a/src/libstrongswan/plugins/sha1/sha1_prf.c
+++ b/src/libstrongswan/plugins/sha1/sha1_prf.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.h b/src/libstrongswan/plugins/sha1/sha1_prf.h
index 1ab4cbc24..f3454a12b 100644
--- a/src/libstrongswan/plugins/sha1/sha1_prf.h
+++ b/src/libstrongswan/plugins/sha1/sha1_prf.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.c b/src/libstrongswan/plugins/sha2/sha2_hasher.c
index 2c56a2f1b..083b11de3 100644
--- a/src/libstrongswan/plugins/sha2/sha2_hasher.c
+++ b/src/libstrongswan/plugins/sha2/sha2_hasher.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2001 Jari Ruusu.
  *
  * Ported from strongSwans implementation written by Jari Ruusu.
diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.h b/src/libstrongswan/plugins/sha2/sha2_hasher.h
index ed57ae0bd..0a69a971b 100644
--- a/src/libstrongswan/plugins/sha2/sha2_hasher.h
+++ b/src/libstrongswan/plugins/sha2/sha2_hasher.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.c b/src/libstrongswan/plugins/sha2/sha2_plugin.c
index 94a7ccd61..86d48f0aa 100644
--- a/src/libstrongswan/plugins/sha2/sha2_plugin.c
+++ b/src/libstrongswan/plugins/sha2/sha2_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.h b/src/libstrongswan/plugins/sha2/sha2_plugin.h
index 48ee2d94c..d7b98a03c 100644
--- a/src/libstrongswan/plugins/sha2/sha2_plugin.h
+++ b/src/libstrongswan/plugins/sha2/sha2_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c
index 9f874212e..8cd08563c 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_database.c
+++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.h b/src/libstrongswan/plugins/sqlite/sqlite_database.h
index 75f89a7ed..504b74963 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_database.h
+++ b/src/libstrongswan/plugins/sqlite/sqlite_database.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
index 7f46aced7..56fe3001c 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
+++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -61,7 +61,7 @@ METHOD(plugin_t, destroy, void,
 plugin_t *sqlite_plugin_create()
 {
 	private_sqlite_plugin_t *this;
-	int threadsave = 0;
+	int threadsafe = 0;
 
 	INIT(this,
 		.public = {
@@ -74,10 +74,10 @@ plugin_t *sqlite_plugin_create()
 	);
 
 #if SQLITE_VERSION_NUMBER >= 3005000
-	threadsave = sqlite3_threadsafe();
+	threadsafe = sqlite3_threadsafe();
 #endif
 	DBG2(DBG_LIB, "using SQLite %s, thread safety %d",
-		 sqlite3_libversion(), threadsave);
+		 sqlite3_libversion(), threadsafe);
 
 	return &this->public.plugin;
 }
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.h b/src/libstrongswan/plugins/sqlite/sqlite_plugin.h
index dbc461cf4..2cc00aba6 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.h
+++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.c b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
index 4a9f5b849..eab6559b3 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_builder.c
+++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.h b/src/libstrongswan/plugins/sshkey/sshkey_builder.h
index 20979c283..8a2a5841a 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_builder.h
+++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_encoder.c b/src/libstrongswan/plugins/sshkey/sshkey_encoder.c
index d423671bd..9f5f8bd1f 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_encoder.c
+++ b/src/libstrongswan/plugins/sshkey/sshkey_encoder.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_encoder.h b/src/libstrongswan/plugins/sshkey/sshkey_encoder.h
index bdd31a6c8..f96778d64 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_encoder.h
+++ b/src/libstrongswan/plugins/sshkey/sshkey_encoder.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_plugin.c b/src/libstrongswan/plugins/sshkey/sshkey_plugin.c
index 1fde0c6e9..49838df57 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_plugin.c
+++ b/src/libstrongswan/plugins/sshkey/sshkey_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_plugin.h b/src/libstrongswan/plugins/sshkey/sshkey_plugin.h
index 2b9095a98..23c4b77f4 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_plugin.h
+++ b/src/libstrongswan/plugins/sshkey/sshkey_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h
index a68f43647..9bbe701ee 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors.h
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c
index de5658da7..715608291 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cbc.c
index 26aadb444..38aa94180 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cbc.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cbc.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c
index cc4121424..b38a23c8e 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_xcbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_xcbc.c
index 56d12f036..86f2bfd1b 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_xcbc.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_xcbc.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c b/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c
index a4e06180a..9e71d2e66 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2009 Martin Willi
  * Copyright (C) 2009 Andreas Steffen
  * Copyright (C) JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c
index 28c038878..75789fc91 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/cast.c b/src/libstrongswan/plugins/test_vectors/test_vectors/cast.c
index a33a219ed..3e0920bf5 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/cast.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/cast.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/des.c b/src/libstrongswan/plugins/test_vectors/test_vectors/des.c
index b4bf1fe6a..76dadc9a4 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/des.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/des.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/fips_prf.c b/src/libstrongswan/plugins/test_vectors/test_vectors/fips_prf.c
index 74e000419..b6e873bfa 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/fips_prf.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/fips_prf.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/idea.c b/src/libstrongswan/plugins/test_vectors/test_vectors/idea.c
index 4856a480f..50c890414 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/idea.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/idea.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c b/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c
index 3348e12d3..364a2f4de 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/md4.c b/src/libstrongswan/plugins/test_vectors/test_vectors/md4.c
index ef9406f5f..5b428c6ee 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/md4.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/md4.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/md5.c b/src/libstrongswan/plugins/test_vectors/test_vectors/md5.c
index c7b213674..e0c613f79 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/md5.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/md5.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/md5_hmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/md5_hmac.c
index 5221d530c..c7b992304 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/md5_hmac.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/md5_hmac.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/null.c b/src/libstrongswan/plugins/test_vectors/test_vectors/null.c
index c4f5d41b3..cd352ef31 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/null.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/null.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/rc2.c b/src/libstrongswan/plugins/test_vectors/test_vectors/rc2.c
index b03d12038..42e168970 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/rc2.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/rc2.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c b/src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c
index 458f63aa9..8d45e3c75 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c
index 3316c364d..8cb28e746 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c
index 256a59603..ec7b67df0 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha1.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha1.c
index 669adf8c6..aec6bbe04 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/sha1.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha1.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha1_hmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha1_hmac.c
index 8d6f66373..1cc068fda 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/sha1_hmac.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha1_hmac.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha2.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha2.c
index 4679c26b3..424451e23 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/sha2.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha2.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha2_hmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha2_hmac.c
index 536eba8f6..da01f9ec1 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/sha2_hmac.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha2_hmac.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c
index 9c3ca20cc..1d00f4cde 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
index c4d71848d..96faa561e 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h
index 661529295..3ee55837a 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/unbound/unbound_plugin.c b/src/libstrongswan/plugins/unbound/unbound_plugin.c
index f727cdaae..f719a8b40 100644
--- a/src/libstrongswan/plugins/unbound/unbound_plugin.c
+++ b/src/libstrongswan/plugins/unbound/unbound_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/unbound/unbound_plugin.h b/src/libstrongswan/plugins/unbound/unbound_plugin.h
index 1f0d36454..b8f7ea64f 100644
--- a/src/libstrongswan/plugins/unbound/unbound_plugin.h
+++ b/src/libstrongswan/plugins/unbound/unbound_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/unbound/unbound_resolver.c b/src/libstrongswan/plugins/unbound/unbound_resolver.c
index 745e59d5b..a53e974f1 100644
--- a/src/libstrongswan/plugins/unbound/unbound_resolver.c
+++ b/src/libstrongswan/plugins/unbound/unbound_resolver.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/unbound/unbound_resolver.h b/src/libstrongswan/plugins/unbound/unbound_resolver.h
index 818a717b8..caec42ba7 100644
--- a/src/libstrongswan/plugins/unbound/unbound_resolver.h
+++ b/src/libstrongswan/plugins/unbound/unbound_resolver.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/unbound/unbound_response.c b/src/libstrongswan/plugins/unbound/unbound_response.c
index 950df344c..e0e65c015 100644
--- a/src/libstrongswan/plugins/unbound/unbound_response.c
+++ b/src/libstrongswan/plugins/unbound/unbound_response.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/unbound/unbound_response.h b/src/libstrongswan/plugins/unbound/unbound_response.h
index c82f39d45..da4ea4bcd 100644
--- a/src/libstrongswan/plugins/unbound/unbound_response.h
+++ b/src/libstrongswan/plugins/unbound/unbound_response.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/unbound/unbound_rr.c b/src/libstrongswan/plugins/unbound/unbound_rr.c
index 91b5cdb33..a149aa500 100644
--- a/src/libstrongswan/plugins/unbound/unbound_rr.c
+++ b/src/libstrongswan/plugins/unbound/unbound_rr.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/unbound/unbound_rr.h b/src/libstrongswan/plugins/unbound/unbound_rr.h
index d7c114f86..ec13b6ba5 100644
--- a/src/libstrongswan/plugins/unbound/unbound_rr.h
+++ b/src/libstrongswan/plugins/unbound/unbound_rr.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/x509/x509_ac.h b/src/libstrongswan/plugins/x509/x509_ac.h
index da0988c6e..5e74fb80c 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.h
+++ b/src/libstrongswan/plugins/x509/x509_ac.h
@@ -4,7 +4,7 @@
  * Copyright (C) 2002-2008 Andreas Steffen
  * Copyright (C) 2009 Martin Willi
  *
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index d1f9d9aac..bc3a44346 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -704,6 +704,9 @@ static void parse_keyUsage(chunk_t blob, private_x509_cert_t *this)
 		KU_DECIPHER_ONLY =		8,
 	};
 
+	/* to be compliant with RFC 4945 specific KUs have to be included */
+	this->flags &= ~X509_IKE_COMPLIANT;
+
 	if (asn1_unwrap(&blob, &blob) == ASN1_BIT_STRING && blob.len)
 	{
 		int bit, byte, unused = blob.ptr[0];
@@ -724,10 +727,12 @@ static void parse_keyUsage(chunk_t blob, private_x509_cert_t *this)
 						case KU_CRL_SIGN:
 							this->flags |= X509_CRL_SIGN;
 							break;
-						case KU_KEY_CERT_SIGN:
-							/* we use the caBasicConstraint, MUST be set */
 						case KU_DIGITAL_SIGNATURE:
 						case KU_NON_REPUDIATION:
+							this->flags |= X509_IKE_COMPLIANT;
+							break;
+						case KU_KEY_CERT_SIGN:
+							/* we use the caBasicConstraint, MUST be set */
 						case KU_KEY_ENCIPHERMENT:
 						case KU_DATA_ENCIPHERMENT:
 						case KU_KEY_AGREEMENT:
@@ -1381,6 +1386,9 @@ static bool parse_certificate(private_x509_cert_t *this)
 
 	parser = asn1_parser_create(certObjects, this->encoding);
 
+	/* unless we see a keyUsage extension we are compliant with RFC 4945 */
+	this->flags |= X509_IKE_COMPLIANT;
+
 	while (parser->iterate(parser, &objectID, &object))
 	{
 		u_int level = parser->get_level(parser)+1;
diff --git a/src/libstrongswan/plugins/x509/x509_cert.h b/src/libstrongswan/plugins/x509/x509_cert.h
index 772117f1c..355b75fcf 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.h
+++ b/src/libstrongswan/plugins/x509/x509_cert.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index 699ac5a39..95cb11cf4 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -302,6 +302,7 @@ static bool parse(private_x509_crl_t *this)
 						}
 						break;
 					case OID_AUTHORITY_KEY_ID:
+						chunk_free(&this->authKeyIdentifier);
 						this->authKeyIdentifier =
 							x509_parse_authorityKeyIdentifier(
 									object, level, &this->authKeySerialNumber);
@@ -545,7 +546,7 @@ METHOD(certificate_t, get_validity, bool,
 	{
 		*not_after = this->nextUpdate;
 	}
-	return (t <= this->nextUpdate);
+	return (t >= this->thisUpdate && t <= this->nextUpdate);
 }
 
 METHOD(certificate_t, get_encoding, bool,
diff --git a/src/libstrongswan/plugins/x509/x509_crl.h b/src/libstrongswan/plugins/x509/x509_crl.h
index e8fe74e81..301b1544b 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.h
+++ b/src/libstrongswan/plugins/x509/x509_crl.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index de22ab6be..50e3c6160 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
  * Copyright (C) 2007-2014 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen
  *
  * This program is free software; you can redistribute it and/or modify it
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.h b/src/libstrongswan/plugins/x509/x509_ocsp_request.h
index 4c0e4b8f2..ca552b9ba 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.h
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.h b/src/libstrongswan/plugins/x509/x509_ocsp_response.h
index 7a525626e..90efabe2b 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.h
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c
index 54bef7357..1eb56cf00 100644
--- a/src/libstrongswan/plugins/x509/x509_plugin.c
+++ b/src/libstrongswan/plugins/x509/x509_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/x509/x509_plugin.h b/src/libstrongswan/plugins/x509/x509_plugin.h
index e3f959ffa..3857ee313 100644
--- a/src/libstrongswan/plugins/x509/x509_plugin.h
+++ b/src/libstrongswan/plugins/x509/x509_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c
index 820298e27..3dbcda75e 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.h b/src/libstrongswan/plugins/xcbc/xcbc.h
index a36069a17..1fb6cffa9 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
index 4706a9574..659741c13 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.h b/src/libstrongswan/plugins/xcbc/xcbc_plugin.h
index 9824088c6..bf34b05af 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/processing/jobs/callback_job.c b/src/libstrongswan/processing/jobs/callback_job.c
index 8258ccb33..99464586c 100644
--- a/src/libstrongswan/processing/jobs/callback_job.c
+++ b/src/libstrongswan/processing/jobs/callback_job.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2009-2012 Tobias Brunner
  * Copyright (C) 2007-2011 Martin Willi
  * Copyright (C) 2011 revosec AG
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/processing/jobs/callback_job.h b/src/libstrongswan/processing/jobs/callback_job.h
index 6f2e39eb8..e5cfdd405 100644
--- a/src/libstrongswan/processing/jobs/callback_job.h
+++ b/src/libstrongswan/processing/jobs/callback_job.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2007-2011 Martin Willi
  * Copyright (C) 2011 revosec AG
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/processing/jobs/job.h b/src/libstrongswan/processing/jobs/job.h
index 5b3a8a30b..d5d180392 100644
--- a/src/libstrongswan/processing/jobs/job.h
+++ b/src/libstrongswan/processing/jobs/job.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/processing/processor.c b/src/libstrongswan/processing/processor.c
index bd8d534a5..0634368da 100644
--- a/src/libstrongswan/processing/processor.c
+++ b/src/libstrongswan/processing/processor.c
@@ -3,7 +3,7 @@
  * Copyright (C) 2011 revosec AG
  * Copyright (C) 2008-2013 Tobias Brunner
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/processing/processor.h b/src/libstrongswan/processing/processor.h
index ee08870fb..4d5aa9bc8 100644
--- a/src/libstrongswan/processing/processor.h
+++ b/src/libstrongswan/processing/processor.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/processing/scheduler.c b/src/libstrongswan/processing/scheduler.c
index 374742939..92713fea8 100644
--- a/src/libstrongswan/processing/scheduler.c
+++ b/src/libstrongswan/processing/scheduler.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2008-2015 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/processing/scheduler.h b/src/libstrongswan/processing/scheduler.h
index 239487dae..77dd0f354 100644
--- a/src/libstrongswan/processing/scheduler.h
+++ b/src/libstrongswan/processing/scheduler.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2009-2015 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/resolver/resolver.h b/src/libstrongswan/resolver/resolver.h
index 5be52b8b1..a802226ba 100644
--- a/src/libstrongswan/resolver/resolver.h
+++ b/src/libstrongswan/resolver/resolver.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/resolver/resolver_manager.c b/src/libstrongswan/resolver/resolver_manager.c
index 55531e157..06d435d5b 100644
--- a/src/libstrongswan/resolver/resolver_manager.c
+++ b/src/libstrongswan/resolver/resolver_manager.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/resolver/resolver_manager.h b/src/libstrongswan/resolver/resolver_manager.h
index 6ea22aa24..5f6044f75 100644
--- a/src/libstrongswan/resolver/resolver_manager.h
+++ b/src/libstrongswan/resolver/resolver_manager.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011-2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/resolver/resolver_response.h b/src/libstrongswan/resolver/resolver_response.h
index e45fb6401..a30c06e91 100644
--- a/src/libstrongswan/resolver/resolver_response.h
+++ b/src/libstrongswan/resolver/resolver_response.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/resolver/rr.h b/src/libstrongswan/resolver/rr.h
index 109ec5135..73b760abf 100644
--- a/src/libstrongswan/resolver/rr.h
+++ b/src/libstrongswan/resolver/rr.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/resolver/rr_set.c b/src/libstrongswan/resolver/rr_set.c
index dea5c4086..f0a8ed85e 100644
--- a/src/libstrongswan/resolver/rr_set.c
+++ b/src/libstrongswan/resolver/rr_set.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/resolver/rr_set.h b/src/libstrongswan/resolver/rr_set.h
index 5a1737a05..bef363889 100644
--- a/src/libstrongswan/resolver/rr_set.h
+++ b/src/libstrongswan/resolver/rr_set.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Reto Guadagnini
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c
index 12f160224..cfd2b029d 100644
--- a/src/libstrongswan/selectors/traffic_selector.c
+++ b/src/libstrongswan/selectors/traffic_selector.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2007-2017 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -293,15 +293,16 @@ int traffic_selector_printf_hook(printf_hook_data_t *data,
 			written += print_in_hook(data, "%d", this->protocol);
 		}
 	}
-
-	if (has_proto && has_ports)
+	else
 	{
-		written += print_in_hook(data, "/");
+		written += print_in_hook(data, "0");
 	}
 
 	/* build port string */
 	if (has_ports)
 	{
+		written += print_in_hook(data, "/");
+
 		if (this->from_port == this->to_port)
 		{
 			struct servent *serv;
diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h
index a9f78303c..dd9ad7e1b 100644
--- a/src/libstrongswan/selectors/traffic_selector.h
+++ b/src/libstrongswan/selectors/traffic_selector.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2007-2017 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c
index c618d8837..a4c5060fa 100644
--- a/src/libstrongswan/settings/settings.c
+++ b/src/libstrongswan/settings/settings.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2010-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/settings/settings.h b/src/libstrongswan/settings/settings.h
index 28cde4876..e25c9da38 100644
--- a/src/libstrongswan/settings/settings.h
+++ b/src/libstrongswan/settings/settings.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/settings/settings_lexer.c b/src/libstrongswan/settings/settings_lexer.c
index 2151e930b..b13ff8009 100644
--- a/src/libstrongswan/settings/settings_lexer.c
+++ b/src/libstrongswan/settings/settings_lexer.c
@@ -468,8 +468,8 @@ static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner );
 	yyg->yy_c_buf_p = yy_cp;
 
 /* %% [4.0] data tables for the DFA and the user's section 1 definitions go here */
-#define YY_NUM_RULES 23
-#define YY_END_OF_BUFFER 24
+#define YY_NUM_RULES 30
+#define YY_END_OF_BUFFER 31
 /* This struct is not used in this scanner,
    but its presence is necessary. */
 struct yy_trans_info
@@ -477,13 +477,15 @@ struct yy_trans_info
 	flex_int32_t yy_verify;
 	flex_int32_t yy_nxt;
 	};
-static yyconst flex_int16_t yy_accept[49] =
+static yyconst flex_int16_t yy_accept[63] =
     {   0,
-        0,    0,    0,    0,    0,    0,   24,    9,    2,    3,
-        8,    1,    6,    9,    4,    5,   14,   10,   11,   12,
-       22,   15,   16,    9,    2,    1,    1,    3,    9,   14,
-       13,   22,   21,   20,   21,   17,   18,   19,    1,    9,
-        9,    9,    9,    9,    0,    7,    7,    0
+        0,    0,    0,    0,    0,    0,    0,    0,   31,    9,
+        2,    3,    2,    8,    1,    6,    9,    4,    5,   14,
+       11,   12,   10,   13,   20,   16,   15,   17,   18,   29,
+       21,   22,   23,    9,    2,    2,    1,    1,    3,    0,
+        9,   14,   11,   20,   19,   29,   28,   27,   28,   24,
+       25,   26,    1,    9,    9,    9,    9,    9,    0,    7,
+        7,    0
     } ;
 
 static yyconst YY_CHAR yy_ec[256] =
@@ -520,89 +522,111 @@ static yyconst YY_CHAR yy_ec[256] =
 
 static yyconst YY_CHAR yy_meta[21] =
     {   0,
-        1,    2,    3,    1,    4,    5,    4,    6,    7,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    8,    9
+        1,    2,    3,    4,    5,    6,    7,    8,    9,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,   10,    7
     } ;
 
-static yyconst flex_uint16_t yy_base[60] =
+static yyconst flex_uint16_t yy_base[77] =
     {   0,
-        0,    0,   19,   38,   21,   23,   55,    0,   47,  161,
-      161,   50,  161,   37,  161,  161,    0,  161,  161,    0,
-        0,  161,   56,    0,   44,    0,   47,  161,   39,    0,
-      161,    0,  161,  161,   45,  161,  161,  161,    0,   32,
-       24,   26,   11,   29,   31,  161,   33,  161,   73,   82,
-       91,   97,  101,  110,  115,  124,  133,  142,  151
+        0,    0,   19,   38,   57,   76,   23,   24,   70,    0,
+       95,  244,    0,  244,   31,  244,   54,  244,  244,    0,
+       44,  244,  244,  244,    0,  244,  244,  244,    0,    0,
+      244,  244,  100,    0,    0,    0,    0,   33,  244,   65,
+       57,    0,   45,    0,  244,    0,  244,  244,   62,  244,
+      244,  244,    0,   43,   36,   27,   19,   46,   50,  244,
+       51,  244,  117,  127,  137,  147,  155,  160,  170,  180,
+      186,  193,  203,  213,  223,  233
     } ;
 
-static yyconst flex_int16_t yy_def[60] =
+static yyconst flex_int16_t yy_def[77] =
     {   0,
-       48,    1,   49,   49,   50,   50,   48,   51,   52,   48,
-       48,   53,   48,   51,   48,   48,   54,   48,   48,   55,
-       56,   48,   57,   51,   52,   58,   53,   48,   51,   54,
-       48,   56,   48,   48,   48,   48,   48,   48,   58,   51,
-       51,   51,   51,   51,   59,   48,   59,    0,   48,   48,
-       48,   48,   48,   48,   48,   48,   48,   48,   48
+       62,    1,   63,   63,   64,   64,   65,   65,   62,   66,
+       62,   62,   67,   62,   68,   62,   66,   62,   62,   69,
+       62,   62,   62,   62,   70,   62,   62,   62,   71,   72,
+       62,   62,   73,   66,   11,   67,   74,   68,   62,   75,
+       66,   69,   62,   70,   62,   72,   62,   62,   62,   62,
+       62,   62,   74,   66,   66,   66,   66,   66,   76,   62,
+       76,    0,   62,   62,   62,   62,   62,   62,   62,   62,
+       62,   62,   62,   62,   62,   62
     } ;
 
-static yyconst flex_uint16_t yy_nxt[182] =
+static yyconst flex_uint16_t yy_nxt[265] =
     {   0,
-        8,    9,   10,    8,    9,   11,   12,   13,    8,    8,
-        8,    8,   14,    8,    8,    8,    8,    8,   15,   16,
-       18,   18,   44,   18,   19,   18,   22,   20,   22,   23,
-       45,   23,   47,   45,   47,   47,   43,   47,   18,   18,
-       18,   42,   18,   19,   18,   41,   20,   34,   40,   28,
-       26,   29,   28,   26,   48,   48,   48,   18,   34,   35,
-       48,   48,   48,   48,   48,   48,   48,   48,   48,   48,
-       36,   37,   38,   17,   17,   17,   17,   17,   17,   17,
-       17,   17,   21,   21,   21,   21,   21,   21,   21,   21,
-       21,   24,   48,   48,   48,   48,   48,   24,   25,   48,
-
-       25,   27,   27,   27,   27,   27,   27,   27,   27,   27,
-       30,   48,   48,   48,   48,   30,   48,   30,   31,   31,
-       48,   48,   48,   31,   32,   32,   32,   32,   48,   32,
-       48,   32,   32,   33,   33,   33,   33,   33,   33,   33,
-       33,   33,   39,   39,   48,   39,   39,   39,   39,   39,
-       39,   46,   46,   46,   46,   46,   48,   46,   46,   46,
-        7,   48,   48,   48,   48,   48,   48,   48,   48,   48,
-       48,   48,   48,   48,   48,   48,   48,   48,   48,   48,
-       48
+       10,   11,   12,   13,   11,   14,   15,   16,   10,   10,
+       10,   10,   17,   10,   10,   10,   10,   10,   18,   19,
+       21,   22,   23,   21,   24,   22,   31,   31,   32,   32,
+       58,   33,   33,   39,   40,   39,   40,   57,   22,   21,
+       22,   23,   21,   24,   22,   43,   43,   59,   43,   43,
+       59,   61,   61,   56,   61,   61,   55,   22,   26,   26,
+       27,   26,   28,   26,   48,   29,   54,   39,   41,   62,
+       62,   62,   62,   62,   62,   62,   26,   26,   26,   27,
+       26,   28,   26,   62,   29,   62,   62,   62,   62,   62,
+       62,   62,   62,   62,   62,   26,   35,   62,   36,   35,
+
+       62,   37,   48,   49,   62,   62,   62,   62,   62,   62,
+       62,   62,   62,   62,   50,   51,   52,   20,   20,   20,
+       20,   20,   20,   20,   20,   20,   20,   25,   25,   25,
+       25,   25,   25,   25,   25,   25,   25,   30,   30,   30,
+       30,   30,   30,   30,   30,   30,   30,   34,   62,   62,
+       62,   62,   62,   62,   62,   34,   36,   62,   36,   36,
+       38,   38,   38,   38,   38,   38,   38,   38,   38,   38,
+       42,   62,   62,   62,   62,   62,   62,   42,   42,   42,
+       44,   62,   62,   62,   62,   62,   62,   44,   62,   44,
+       45,   45,   45,   46,   46,   46,   62,   46,   62,   46,
+
+       46,   62,   46,   47,   47,   47,   47,   47,   47,   47,
+       47,   47,   47,   53,   53,   62,   62,   53,   53,   53,
+       53,   53,   53,   40,   40,   40,   40,   40,   40,   40,
+       40,   40,   40,   60,   60,   60,   60,   60,   60,   60,
+       62,   60,   60,    9,   62,   62,   62,   62,   62,   62,
+       62,   62,   62,   62,   62,   62,   62,   62,   62,   62,
+       62,   62,   62,   62
     } ;
 
-static yyconst flex_int16_t yy_chk[182] =
+static yyconst flex_int16_t yy_chk[265] =
     {   0,
         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        3,    3,   43,    3,    3,    3,    5,    3,    6,    5,
-       44,    6,   45,   44,   47,   45,   42,   47,    3,    4,
-        4,   41,    4,    4,    4,   40,    4,   35,   29,   27,
-       25,   14,   12,    9,    7,    0,    0,    4,   23,   23,
-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-       23,   23,   23,   49,   49,   49,   49,   49,   49,   49,
-       49,   49,   50,   50,   50,   50,   50,   50,   50,   50,
-       50,   51,    0,    0,    0,    0,    0,   51,   52,    0,
-
-       52,   53,   53,   53,   53,   53,   53,   53,   53,   53,
-       54,    0,    0,    0,    0,   54,    0,   54,   55,   55,
-        0,    0,    0,   55,   56,   56,   56,   56,    0,   56,
-        0,   56,   56,   57,   57,   57,   57,   57,   57,   57,
-       57,   57,   58,   58,    0,   58,   58,   58,   58,   58,
-       58,   59,   59,   59,   59,   59,    0,   59,   59,   59,
-       48,   48,   48,   48,   48,   48,   48,   48,   48,   48,
-       48,   48,   48,   48,   48,   48,   48,   48,   48,   48,
-       48
+        3,    3,    3,    3,    3,    3,    7,    8,    7,    8,
+       57,    7,    8,   15,   15,   38,   38,   56,    3,    4,
+        4,    4,    4,    4,    4,   21,   43,   58,   21,   43,
+       58,   59,   61,   55,   59,   61,   54,    4,    5,    5,
+        5,    5,    5,    5,   49,    5,   41,   40,   17,    9,
+        0,    0,    0,    0,    0,    0,    5,    6,    6,    6,
+        6,    6,    6,    0,    6,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    6,   11,    0,   11,   11,
+
+        0,   11,   33,   33,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,   33,   33,   33,   63,   63,   63,
+       63,   63,   63,   63,   63,   63,   63,   64,   64,   64,
+       64,   64,   64,   64,   64,   64,   64,   65,   65,   65,
+       65,   65,   65,   65,   65,   65,   65,   66,    0,    0,
+        0,    0,    0,    0,    0,   66,   67,    0,   67,   67,
+       68,   68,   68,   68,   68,   68,   68,   68,   68,   68,
+       69,    0,    0,    0,    0,    0,    0,   69,   69,   69,
+       70,    0,    0,    0,    0,    0,    0,   70,    0,   70,
+       71,   71,   71,   72,   72,   72,    0,   72,    0,   72,
+
+       72,    0,   72,   73,   73,   73,   73,   73,   73,   73,
+       73,   73,   73,   74,   74,    0,    0,   74,   74,   74,
+       74,   74,   74,   75,   75,   75,   75,   75,   75,   75,
+       75,   75,   75,   76,   76,   76,   76,   76,   76,   76,
+        0,   76,   76,   62,   62,   62,   62,   62,   62,   62,
+       62,   62,   62,   62,   62,   62,   62,   62,   62,   62,
+       62,   62,   62,   62
     } ;
 
 /* Table of booleans, true if rule could match eol. */
-static yyconst flex_int32_t yy_rule_can_match_eol[24] =
+static yyconst flex_int32_t yy_rule_can_match_eol[31] =
     {   0,
-0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
-    1, 0, 1, 0,     };
+0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 
+    0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0,     };
 
-static yyconst flex_int16_t yy_rule_linenum[23] =
+static yyconst flex_int16_t yy_rule_linenum[30] =
     {   0,
-       59,   60,   61,   63,   64,   65,   67,   72,   77,   85,
-      105,  108,  111,  114,  120,  122,  141,  142,  143,  144,
-      145,  146
+       61,   62,   63,   65,   66,   68,   73,   78,   83,   89,
+       90,   92,  112,  118,  125,  128,  148,  151,  154,  157,
+      163,  164,  166,  186,  187,  188,  189,  190,  191
     } ;
 
 /* The intent behind this definition is that it'll catch
@@ -616,7 +640,7 @@ static yyconst flex_int16_t yy_rule_linenum[23] =
 #line 2 "settings/settings_lexer.l"
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -646,15 +670,18 @@ static void include_files(parser_helper_t *ctx);
 /* prefix function/variable declarations */
 /* don't change the name of the output file otherwise autotools has issues */
 /* type of our extra data */
+/* state used to scan values */
+
 /* state used to scan include file patterns */
 
 /* state used to scan quoted strings */
 
-#line 654 "settings/settings_lexer.c"
+#line 680 "settings/settings_lexer.c"
 
 #define INITIAL 0
-#define inc 1
-#define str 2
+#define val 1
+#define inc 2
+#define str 3
 
 #ifndef YY_NO_UNISTD_H
 /* Special case for "unistd.h", since it is non-ANSI. We include it way
@@ -1003,10 +1030,10 @@ YY_DECL
 
 	{
 /* %% [7.0] user's declarations go here */
-#line 57 "settings/settings_lexer.l"
+#line 59 "settings/settings_lexer.l"
 
 
-#line 1010 "settings/settings_lexer.c"
+#line 1037 "settings/settings_lexer.c"
 
 	while ( /*CONSTCOND*/1 )		/* loops until end-of-file is reached */
 		{
@@ -1035,13 +1062,13 @@ yy_match:
 			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
 				{
 				yy_current_state = (int) yy_def[yy_current_state];
-				if ( yy_current_state >= 49 )
+				if ( yy_current_state >= 63 )
 					yy_c = yy_meta[(unsigned int) yy_c];
 				}
 			yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
 			++yy_cp;
 			}
-		while ( yy_base[yy_current_state] != 161 );
+		while ( yy_base[yy_current_state] != 244 );
 
 yy_find_action:
 /* %% [10.0] code to find the action number goes here */
@@ -1076,13 +1103,13 @@ do_action:	/* This label is used only to access EOF actions. */
 			{
 			if ( yy_act == 0 )
 				fprintf( stderr, "--scanner backing up\n" );
-			else if ( yy_act < 23 )
+			else if ( yy_act < 30 )
 				fprintf( stderr, "--accepting rule at line %ld (\"%s\")\n",
 				         (long)yy_rule_linenum[yy_act], yytext );
-			else if ( yy_act == 23 )
+			else if ( yy_act == 30 )
 				fprintf( stderr, "--accepting default rule (\"%s\")\n",
 				         yytext );
-			else if ( yy_act == 24 )
+			else if ( yy_act == 31 )
 				fprintf( stderr, "--(end of buffer or a NUL)\n" );
 			else
 				fprintf( stderr, "--EOF (start condition %d)\n", YY_START );
@@ -1100,29 +1127,35 @@ do_action:	/* This label is used only to access EOF actions. */
 
 case 1:
 YY_RULE_SETUP
-#line 59 "settings/settings_lexer.l"
+#line 61 "settings/settings_lexer.l"
 /* eat comments */
 	YY_BREAK
 case 2:
 YY_RULE_SETUP
-#line 60 "settings/settings_lexer.l"
+#line 62 "settings/settings_lexer.l"
 /* eat whitespace */
 	YY_BREAK
 case 3:
 /* rule 3 can match eol */
 YY_RULE_SETUP
-#line 61 "settings/settings_lexer.l"
+#line 63 "settings/settings_lexer.l"
 return NEWLINE; /* also eats comments at the end of a line */
 	YY_BREAK
 case 4:
-#line 64 "settings/settings_lexer.l"
+#line 66 "settings/settings_lexer.l"
 case 5:
-#line 65 "settings/settings_lexer.l"
-case 6:
 YY_RULE_SETUP
-#line 65 "settings/settings_lexer.l"
+#line 66 "settings/settings_lexer.l"
 return yytext[0];
 	YY_BREAK
+case 6:
+YY_RULE_SETUP
+#line 68 "settings/settings_lexer.l"
+{
+	yy_push_state(val, yyscanner);
+	return yytext[0];
+}
+	YY_BREAK
 case 7:
 /* rule 7 can match eol */
 *yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */
@@ -1130,7 +1163,7 @@ YY_LINENO_REWIND_TO(yy_cp - 1);
 yyg->yy_c_buf_p = yy_cp -= 1;
 YY_DO_BEFORE_ACTION; /* set up yytext again */
 YY_RULE_SETUP
-#line 67 "settings/settings_lexer.l"
+#line 73 "settings/settings_lexer.l"
 {
 	yyextra->string_init(yyextra);
 	yy_push_state(inc, yyscanner);
@@ -1138,28 +1171,88 @@ YY_RULE_SETUP
 	YY_BREAK
 case 8:
 YY_RULE_SETUP
-#line 72 "settings/settings_lexer.l"
+#line 78 "settings/settings_lexer.l"
 {
-	yyextra->string_init(yyextra);
-	yy_push_state(str, yyscanner);
+	PARSER_DBG1(yyextra, "unexpected string detected");
+	return STRING_ERROR;
 }
 	YY_BREAK
 case 9:
 YY_RULE_SETUP
-#line 77 "settings/settings_lexer.l"
+#line 83 "settings/settings_lexer.l"
 {
 	yylval->s = strdup(yytext);
 	return NAME;
 }
 	YY_BREAK
 
+case 10:
+YY_RULE_SETUP
+#line 89 "settings/settings_lexer.l"
+/* just ignore these */
+	YY_BREAK
+case 11:
+YY_RULE_SETUP
+#line 90 "settings/settings_lexer.l"
+
+	YY_BREAK
+case YY_STATE_EOF(val):
+#line 91 "settings/settings_lexer.l"
+case 12:
+/* rule 12 can match eol */
+YY_RULE_SETUP
+#line 92 "settings/settings_lexer.l"
+{
+		if (*yytext)
+		{
+			switch (yytext[0])
+			{
+				case '\n':
+					/* put the newline back to fix the line numbers */
+					unput('\n');
+					yy_set_bol(0);
+					break;
+				case '#':
+				case '}':
+					/* these are parsed outside of this start condition */
+					unput(yytext[0]);
+					break;
+			}
+		}
+		yy_pop_state(yyscanner);
+	}
+	YY_BREAK
+case 13:
+YY_RULE_SETUP
+#line 112 "settings/settings_lexer.l"
+{
+		yyextra->string_init(yyextra);
+		yy_push_state(str, yyscanner);
+	}
+	YY_BREAK
+/* same as above, but allow more characters */
+case 14:
+YY_RULE_SETUP
+#line 118 "settings/settings_lexer.l"
+{
+		yylval->s = strdup(yytext);
+		return NAME;
+	}
+	YY_BREAK
+
+
+case 15:
+YY_RULE_SETUP
+#line 125 "settings/settings_lexer.l"
+/* just ignore these */
+	YY_BREAK
 /* we allow all characters except #, } and spaces, they can be escaped */
 case YY_STATE_EOF(inc):
-#line 84 "settings/settings_lexer.l"
-case 10:
-/* rule 10 can match eol */
+#line 127 "settings/settings_lexer.l"
+case 16:
+/* rule 16 can match eol */
 YY_RULE_SETUP
-#line 85 "settings/settings_lexer.l"
+#line 128 "settings/settings_lexer.l"
 {
 		if (*yytext)
 		{
@@ -1181,44 +1274,49 @@ YY_RULE_SETUP
 		yy_pop_state(yyscanner);
 	}
 	YY_BREAK
-case 11:
+case 17:
 YY_RULE_SETUP
-#line 105 "settings/settings_lexer.l"
+#line 148 "settings/settings_lexer.l"
 {	/* string include */
 		yy_push_state(str, yyscanner);
 	}
 	YY_BREAK
-case 12:
+case 18:
 YY_RULE_SETUP
-#line 108 "settings/settings_lexer.l"
+#line 151 "settings/settings_lexer.l"
 {
 		yyextra->string_add(yyextra, yytext);
 	}
 	YY_BREAK
-case 13:
+case 19:
 YY_RULE_SETUP
-#line 111 "settings/settings_lexer.l"
+#line 154 "settings/settings_lexer.l"
 {
 		yyextra->string_add(yyextra, yytext+1);
 	}
 	YY_BREAK
-case 14:
+case 20:
 YY_RULE_SETUP
-#line 114 "settings/settings_lexer.l"
+#line 157 "settings/settings_lexer.l"
 {
 		yyextra->string_add(yyextra, yytext);
 	}
 	YY_BREAK
 
 
-case 15:
-#line 121 "settings/settings_lexer.l"
+case 21:
+YY_RULE_SETUP
+#line 163 "settings/settings_lexer.l"
+/* just ignore these */
+	YY_BREAK
+case 22:
+#line 165 "settings/settings_lexer.l"
 YY_RULE_SETUP
 case YY_STATE_EOF(str):
-#line 121 "settings/settings_lexer.l"
-case 16:
+#line 165 "settings/settings_lexer.l"
+case 23:
 YY_RULE_SETUP
-#line 122 "settings/settings_lexer.l"
+#line 166 "settings/settings_lexer.l"
 {
 		if (!streq(yytext, "\""))
 		{
@@ -1239,43 +1337,43 @@ YY_RULE_SETUP
 		}
 	}
 	YY_BREAK
-case 17:
+case 24:
 YY_RULE_SETUP
-#line 141 "settings/settings_lexer.l"
+#line 186 "settings/settings_lexer.l"
 yyextra->string_add(yyextra, "\n");
 	YY_BREAK
-case 18:
+case 25:
 YY_RULE_SETUP
-#line 142 "settings/settings_lexer.l"
+#line 187 "settings/settings_lexer.l"
 yyextra->string_add(yyextra, "\r");
 	YY_BREAK
-case 19:
+case 26:
 YY_RULE_SETUP
-#line 143 "settings/settings_lexer.l"
+#line 188 "settings/settings_lexer.l"
 yyextra->string_add(yyextra, "\t");
 	YY_BREAK
-case 20:
-/* rule 20 can match eol */
+case 27:
+/* rule 27 can match eol */
 YY_RULE_SETUP
-#line 144 "settings/settings_lexer.l"
-/* merge lines that end with EOL characters */
+#line 189 "settings/settings_lexer.l"
+/* merge lines that end with escaped EOL characters */
 	YY_BREAK
-case 21:
+case 28:
 YY_RULE_SETUP
-#line 145 "settings/settings_lexer.l"
+#line 190 "settings/settings_lexer.l"
 yyextra->string_add(yyextra, yytext+1);
 	YY_BREAK
-case 22:
-/* rule 22 can match eol */
+case 29:
+/* rule 29 can match eol */
 YY_RULE_SETUP
-#line 146 "settings/settings_lexer.l"
+#line 191 "settings/settings_lexer.l"
 {
 		yyextra->string_add(yyextra, yytext);
 	}
 	YY_BREAK
 
 case YY_STATE_EOF(INITIAL):
-#line 151 "settings/settings_lexer.l"
+#line 196 "settings/settings_lexer.l"
 {
 	settings_parser_pop_buffer_state(yyscanner);
 	if (!settings_parser_open_next_file(yyextra) && !YY_CURRENT_BUFFER)
@@ -1284,12 +1382,12 @@ case YY_STATE_EOF(INITIAL):
 	}
 }
 	YY_BREAK
-case 23:
+case 30:
 YY_RULE_SETUP
-#line 159 "settings/settings_lexer.l"
+#line 204 "settings/settings_lexer.l"
 YY_FATAL_ERROR( "flex scanner jammed" );
 	YY_BREAK
-#line 1293 "settings/settings_lexer.c"
+#line 1391 "settings/settings_lexer.c"
 
 	case YY_END_OF_BUFFER:
 		{
@@ -1607,7 +1705,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
 		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
 			{
 			yy_current_state = (int) yy_def[yy_current_state];
-			if ( yy_current_state >= 49 )
+			if ( yy_current_state >= 63 )
 				yy_c = yy_meta[(unsigned int) yy_c];
 			}
 		yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
@@ -1641,11 +1739,11 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
 	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
 		{
 		yy_current_state = (int) yy_def[yy_current_state];
-		if ( yy_current_state >= 49 )
+		if ( yy_current_state >= 63 )
 			yy_c = yy_meta[(unsigned int) yy_c];
 		}
 	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
-	yy_is_jam = (yy_current_state == 48);
+	yy_is_jam = (yy_current_state == 62);
 
 	(void)yyg;
 	return yy_is_jam ? 0 : yy_current_state;
@@ -2680,7 +2778,7 @@ void settings_parser_free (void * ptr , yyscan_t yyscanner)
 
 /* %ok-for-header */
 
-#line 159 "settings/settings_lexer.l"
+#line 204 "settings/settings_lexer.l"
 
 
 
diff --git a/src/libstrongswan/settings/settings_lexer.l b/src/libstrongswan/settings/settings_lexer.l
index ce9d4eedc..fa1ecac10 100644
--- a/src/libstrongswan/settings/settings_lexer.l
+++ b/src/libstrongswan/settings/settings_lexer.l
@@ -1,7 +1,7 @@
 %{
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -49,6 +49,8 @@ static void include_files(parser_helper_t *ctx);
 /* type of our extra data */
 %option extra-type="parser_helper_t*"
 
+/* state used to scan values */
+%x val
 /* state used to scan include file patterns */
 %x inc
 /* state used to scan quoted strings */
@@ -56,13 +58,17 @@ static void include_files(parser_helper_t *ctx);
 
 %%
 
-[\t ]*#[^\n]*			/* eat comments */
-[\t ]+					/* eat whitespace */
+[\t ]*#[^\r\n]*			/* eat comments */
+[\t\r ]+				/* eat whitespace */
 \n|#.*\n				return NEWLINE; /* also eats comments at the end of a line */
 
 "{"						|
-"}"						|
-"="						return yytext[0];
+"}"						return yytext[0];
+
+"="						{
+	yy_push_state(val, yyscanner);
+	return yytext[0];
+}
 
 "include"[\t ]+/[^=]	{
 	yyextra->string_init(yyextra);
@@ -70,16 +76,53 @@ static void include_files(parser_helper_t *ctx);
 }
 
 "\""					{
-	yyextra->string_init(yyextra);
-	yy_push_state(str, yyscanner);
+	PARSER_DBG1(yyextra, "unexpected string detected");
+	return STRING_ERROR;
 }
 
-[^#{}="\n\t ]+			{
+[^#{}="\r\n\t ]+			{
 	yylval->s = strdup(yytext);
 	return NAME;
 }
 
+<val>{
+	\r					/* just ignore these */
+	[\t ]+
+	<<EOF>>				|
+	[#}\n]			{
+		if (*yytext)
+		{
+			switch (yytext[0])
+			{
+				case '\n':
+					/* put the newline back to fix the line numbers */
+					unput('\n');
+					yy_set_bol(0);
+					break;
+				case '#':
+				case '}':
+					/* these are parsed outside of this start condition */
+					unput(yytext[0]);
+					break;
+			}
+		}
+		yy_pop_state(yyscanner);
+	}
+
+	"\""					{
+		yyextra->string_init(yyextra);
+		yy_push_state(str, yyscanner);
+	}
+
+	/* same as above, but allow more characters */
+	[^#}"\r\n\t ]+			{
+		yylval->s = strdup(yytext);
+		return NAME;
+	}
+}
+
 <inc>{
+	\r					/* just ignore these */
 	/* we allow all characters except #, } and spaces, they can be escaped */
 	<<EOF>>				|
 	[#}\n\t ]			{
@@ -111,12 +154,13 @@ static void include_files(parser_helper_t *ctx);
 	\\["#} ]			{
 		yyextra->string_add(yyextra, yytext+1);
 	}
-	[^"\\#}\n\t ]+ {
+	[^"\\#}\r\n\t ]+ {
 		yyextra->string_add(yyextra, yytext);
 	}
 }
 
 <str>{
+	\r					/* just ignore these */
 	"\""				|
 	<<EOF>>				|
 	\\					{
@@ -138,12 +182,13 @@ static void include_files(parser_helper_t *ctx);
 			return STRING;
 		}
 	}
+
 	\\n     yyextra->string_add(yyextra, "\n");
 	\\r     yyextra->string_add(yyextra, "\r");
 	\\t     yyextra->string_add(yyextra, "\t");
-	\\\r?\n /* merge lines that end with EOL characters */
+	\\\r?\n /* merge lines that end with escaped EOL characters */
 	\\.     yyextra->string_add(yyextra, yytext+1);
-	[^\\"]+			{
+	[^\\\r"]+			{
 		yyextra->string_add(yyextra, yytext);
 	}
 }
diff --git a/src/libstrongswan/settings/settings_parser.c b/src/libstrongswan/settings/settings_parser.c
index 47cf8ebd4..3d1a2ba27 100644
--- a/src/libstrongswan/settings/settings_parser.c
+++ b/src/libstrongswan/settings/settings_parser.c
@@ -72,7 +72,7 @@
 
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/settings/settings_parser.y b/src/libstrongswan/settings/settings_parser.y
index 96ab36faf..2ab9ea723 100644
--- a/src/libstrongswan/settings/settings_parser.y
+++ b/src/libstrongswan/settings/settings_parser.y
@@ -1,7 +1,7 @@
 %{
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/settings/settings_types.c b/src/libstrongswan/settings/settings_types.c
index d753720f5..1c2d61de7 100644
--- a/src/libstrongswan/settings/settings_types.c
+++ b/src/libstrongswan/settings/settings_types.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/settings/settings_types.h b/src/libstrongswan/settings/settings_types.h
index 67299d8e7..82bcb230a 100644
--- a/src/libstrongswan/settings/settings_types.h
+++ b/src/libstrongswan/settings/settings_types.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/tests/suites/test_array.c b/src/libstrongswan/tests/suites/test_array.c
index eed8fba56..da2bfbb76 100644
--- a/src/libstrongswan/tests/suites/test_array.c
+++ b/src/libstrongswan/tests/suites/test_array.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2013 Martin Willi
  * Copyright (C) 2013 revosec AG
diff --git a/src/libstrongswan/tests/suites/test_auth_cfg.c b/src/libstrongswan/tests/suites/test_auth_cfg.c
index d0fa8a045..9fc2bbd90 100644
--- a/src/libstrongswan/tests/suites/test_auth_cfg.c
+++ b/src/libstrongswan/tests/suites/test_auth_cfg.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2016 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/tests/suites/test_bio_reader.c b/src/libstrongswan/tests/suites/test_bio_reader.c
index d3b4b4358..f5387301e 100644
--- a/src/libstrongswan/tests/suites/test_bio_reader.c
+++ b/src/libstrongswan/tests/suites/test_bio_reader.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/tests/suites/test_bio_writer.c b/src/libstrongswan/tests/suites/test_bio_writer.c
index e74288eb7..97ebe7e05 100644
--- a/src/libstrongswan/tests/suites/test_bio_writer.c
+++ b/src/libstrongswan/tests/suites/test_bio_writer.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/tests/suites/test_chunk.c b/src/libstrongswan/tests/suites/test_chunk.c
index 9b2e48b0e..fbfb3ff9f 100644
--- a/src/libstrongswan/tests/suites/test_chunk.c
+++ b/src/libstrongswan/tests/suites/test_chunk.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/tests/suites/test_crypto_factory.c b/src/libstrongswan/tests/suites/test_crypto_factory.c
index 94f45dada..f0c851f57 100644
--- a/src/libstrongswan/tests/suites/test_crypto_factory.c
+++ b/src/libstrongswan/tests/suites/test_crypto_factory.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/tests/suites/test_enum.c b/src/libstrongswan/tests/suites/test_enum.c
index 70bfdb2aa..dd6b86f8e 100644
--- a/src/libstrongswan/tests/suites/test_enum.c
+++ b/src/libstrongswan/tests/suites/test_enum.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/tests/suites/test_enumerator.c b/src/libstrongswan/tests/suites/test_enumerator.c
index b781ae9fd..924b34786 100644
--- a/src/libstrongswan/tests/suites/test_enumerator.c
+++ b/src/libstrongswan/tests/suites/test_enumerator.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/tests/suites/test_hashtable.c b/src/libstrongswan/tests/suites/test_hashtable.c
index 8cc7bfe42..de5c3f22e 100644
--- a/src/libstrongswan/tests/suites/test_hashtable.c
+++ b/src/libstrongswan/tests/suites/test_hashtable.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010-2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/tests/suites/test_host.c b/src/libstrongswan/tests/suites/test_host.c
index 63f0eb20a..2a06dc61c 100644
--- a/src/libstrongswan/tests/suites/test_host.c
+++ b/src/libstrongswan/tests/suites/test_host.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/tests/suites/test_iv_gen.c b/src/libstrongswan/tests/suites/test_iv_gen.c
index 8b0a14b79..fa1c70940 100644
--- a/src/libstrongswan/tests/suites/test_iv_gen.c
+++ b/src/libstrongswan/tests/suites/test_iv_gen.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/tests/suites/test_linked_list.c b/src/libstrongswan/tests/suites/test_linked_list.c
index aa1e0429f..93e11c42e 100644
--- a/src/libstrongswan/tests/suites/test_linked_list.c
+++ b/src/libstrongswan/tests/suites/test_linked_list.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/tests/suites/test_linked_list_enumerator.c b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c
index 48d6f40e6..19f381ef3 100644
--- a/src/libstrongswan/tests/suites/test_linked_list_enumerator.c
+++ b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/tests/suites/test_proposal.c b/src/libstrongswan/tests/suites/test_proposal.c
index 1a2f97d5f..938fa38aa 100644
--- a/src/libstrongswan/tests/suites/test_proposal.c
+++ b/src/libstrongswan/tests/suites/test_proposal.c
@@ -29,6 +29,8 @@ static struct {
 	{ PROTO_IKE, "aes128", NULL },
 	{ PROTO_IKE, "aes128-sha256", NULL },
 	{ PROTO_IKE, "aes128-sha256-modpnone", NULL },
+	{ PROTO_IKE, "aes128-prfsha256", NULL },
+	{ PROTO_IKE, "aes128-prfsha256-modp2048", NULL },
 	{ PROTO_IKE, "aes128-sha256-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" },
 	{ PROTO_IKE, "aes128-sha256-prfsha384-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/MODP_3072" },
 	{ PROTO_IKE, "aes128gcm16-modp3072", NULL },
@@ -194,6 +196,106 @@ START_TEST(test_promote_dh_group_not_contained)
 }
 END_TEST
 
+START_TEST(test_unknown_transform_types_print)
+{
+	proposal_t *proposal;
+
+	proposal = proposal_create(PROTO_IKE, 0);
+	proposal->add_algorithm(proposal, 242, 42, 128);
+	assert_proposal_eq(proposal, "IKE:UNKNOWN_242_42_128");
+	proposal->destroy(proposal);
+
+	proposal = proposal_create_from_string(PROTO_IKE,
+										   "aes128-sha256-ecp256");
+	proposal->add_algorithm(proposal, 242, 42, 128);
+	proposal->add_algorithm(proposal, 243, 1, 0);
+	assert_proposal_eq(proposal, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256/UNKNOWN_242_42_128/UNKNOWN_243_1");
+	proposal->destroy(proposal);
+}
+END_TEST
+
+START_TEST(test_unknown_transform_types_equals)
+{
+	proposal_t *self, *other;
+
+	self = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
+	other = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
+	other->add_algorithm(other, 242, 42, 0);
+	ck_assert(!self->equals(self, other));
+	ck_assert(!other->equals(other, self));
+	self->add_algorithm(self, 242, 42, 0);
+	ck_assert(self->equals(self, other));
+	ck_assert(other->equals(other, self));
+	other->destroy(other);
+	self->destroy(self);
+}
+END_TEST
+
+START_TEST(test_unknown_transform_types_select_fail)
+{
+	proposal_t *self, *other, *selected;
+
+	self = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
+	other = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
+	other->add_algorithm(other, 242, 42, 0);
+
+	selected = self->select(self, other, TRUE, FALSE);
+	ck_assert(!selected);
+	other->destroy(other);
+	self->destroy(self);
+}
+END_TEST
+
+START_TEST(test_unknown_transform_types_select_fail_subtype)
+{
+	proposal_t *self, *other, *selected;
+
+	self = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
+	self->add_algorithm(self, 242, 8, 0);
+	other = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
+	other->add_algorithm(other, 242, 42, 0);
+
+	selected = self->select(self, other, TRUE, FALSE);
+	ck_assert(!selected);
+	other->destroy(other);
+	self->destroy(self);
+}
+END_TEST
+
+START_TEST(test_unknown_transform_types_select_success)
+{
+	proposal_t *self, *other, *selected;
+
+	self = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
+	self->add_algorithm(self, 242, 42, 128);
+	other = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
+	other->add_algorithm(other, 242, 42, 128);
+	other->add_algorithm(other, 242, 1, 0);
+
+	selected = self->select(self, other, TRUE, FALSE);
+	ck_assert(selected);
+	assert_proposal_eq(selected, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256/UNKNOWN_242_42_128");
+	selected->destroy(selected);
+	other->destroy(other);
+	self->destroy(self);
+}
+END_TEST
+
+START_TEST(test_chacha20_poly1305_key_length)
+{
+	proposal_t *proposal;
+	uint16_t alg, ks;
+
+	proposal = proposal_create_from_string(PROTO_IKE, "chacha20poly1305-prfsha256-ecp256");
+	proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &ks);
+	ck_assert_int_eq(alg, ENCR_CHACHA20_POLY1305);
+	ck_assert_int_eq(ks, 0);
+	assert_proposal_eq(proposal, "IKE:CHACHA20_POLY1305/PRF_HMAC_SHA2_256/ECP_256");
+	proposal->destroy(proposal);
+}
+END_TEST
+
+
 Suite *proposal_suite_create()
 {
 	Suite *s;
@@ -216,5 +318,17 @@ Suite *proposal_suite_create()
 	tcase_add_test(tc, test_promote_dh_group_not_contained);
 	suite_add_tcase(s, tc);
 
+	tc = tcase_create("unknown transform types");
+	tcase_add_test(tc, test_unknown_transform_types_print);
+	tcase_add_test(tc, test_unknown_transform_types_equals);
+	tcase_add_test(tc, test_unknown_transform_types_select_fail);
+	tcase_add_test(tc, test_unknown_transform_types_select_fail_subtype);
+	tcase_add_test(tc, test_unknown_transform_types_select_success);
+	suite_add_tcase(s, tc);
+
+	tc = tcase_create("chacha20/poly1305");
+	tcase_add_test(tc, test_chacha20_poly1305_key_length);
+	suite_add_tcase(s, tc);
+
 	return s;
 }
diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c
index 9d0a6dea1..0759f7013 100644
--- a/src/libstrongswan/tests/suites/test_settings.c
+++ b/src/libstrongswan/tests/suites/test_settings.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -1109,6 +1109,12 @@ START_TEST(test_valid)
 		"}\n");
 	ck_assert(chunk_write(contents, path, 0022, TRUE));
 	ck_assert(settings->load_files(settings, path, FALSE));
+
+	contents = chunk_from_str(
+		"equals = a setting with = and { character");
+	ck_assert(chunk_write(contents, path, 0022, TRUE));
+	ck_assert(settings->load_files(settings, path, FALSE));
+	verify_string("a setting with = and { character", "equals");
 }
 END_TEST
 
@@ -1148,12 +1154,110 @@ START_TEST(test_invalid)
 	ck_assert(!settings->load_files(settings, path, FALSE));
 
 	contents = chunk_from_str(
-		"only = a single setting = per line");
+		"\"unexpected\" = string");
 	ck_assert(chunk_write(contents, path, 0022, TRUE));
 	ck_assert(!settings->load_files(settings, path, FALSE));
 }
 END_TEST
 
+START_SETUP(setup_crlf_config)
+{
+	chunk_t inc1 = chunk_from_str(
+		"main {\r\n"
+		"	key1 = n1\r\n"
+		"	key2 = n2\n"
+		"	key3 = val3\n"
+		"	none = \n"
+		"	sub1 {\n"
+		"		key3 = value\n"
+		"	}\n"
+		"	sub2 {\n"
+		"		sub3 = val3\n"
+		"	}\n"
+		"	include " include2 "\n"
+		"}");
+	chunk_t inc2 = chunk_from_str(
+		"key2 = v2\n"
+		"sub1 {\n"
+		"	key = val\n"
+		"}");
+	ck_assert(chunk_write(inc1, include1, 0022, TRUE));
+	ck_assert(chunk_write(inc2, include2, 0022, TRUE));
+}
+END_SETUP
+
+START_TEST(test_crlf)
+{
+	chunk_t contents = chunk_from_str(
+		"main {\r\n"
+		"	key1 = val1\r\n"
+		"	none =\r\n"
+		"	sub1 {\r\n"
+		"		key2 = v2\r\n"
+		"		# key2 = v3\r\n"
+		"		sub1 {\r\n"
+		"			key = val\r\n"
+		"		}\r\n"
+		"	}\r\n"
+		"}");
+
+	create_settings(contents);
+
+	verify_string("val1", "main.key1");
+	verify_string("v2", "main.sub1.key2");
+	verify_string("val", "main.sub1.sub1.key");
+	verify_null("main.none");
+}
+END_TEST
+
+START_TEST(test_crlf_string)
+{
+	chunk_t contents = chunk_from_str(
+		"main {\r\n"
+		"	key1 = \"new\r\nline\"\r\n"
+		"	key2 = \"joi\\\r\nned\"\r\n"
+		"	none =\r\n"
+		"	sub1 {\r\n"
+		"		key2 = v2\r\n"
+		"		sub1 {\r\n"
+		"			key = val\r\n"
+		"		}\r\n"
+		"	}\r\n"
+		"}");
+
+	create_settings(contents);
+
+	verify_string("new\nline", "main.key1");
+	verify_string("joined", "main.key2");
+	verify_string("v2", "main.sub1.key2");
+	verify_string("val", "main.sub1.sub1.key");
+	verify_null("main.none");
+}
+END_TEST
+
+START_TEST(test_crlf_include)
+{
+	chunk_t contents = chunk_from_str(
+		"main {\r\n"
+		"	key1 = val1\r\n"
+		"	none =\r\n"
+		"	sub1 {\r\n"
+		"		key2 = v2\r\n"
+		"		sub1 {\r\n"
+		"			key = val\r\n"
+		"		}\r\n"
+		"	}\r\n"
+		"}");
+
+	create_settings(contents);
+
+	verify_string("val1", "main.key1");
+	verify_string("v2", "main.sub1.key2");
+	verify_string("val", "main.sub1.sub1.key");
+	verify_null("main.none");
+}
+END_TEST
+
 Suite *settings_suite_create()
 {
 	Suite *s;
@@ -1241,5 +1345,12 @@ Suite *settings_suite_create()
 	tcase_add_test(tc, test_invalid);
 	suite_add_tcase(s, tc);
 
+	tc = tcase_create("crlf");
+	tcase_add_checked_fixture(tc, setup_crlf_config, teardown_include_config);
+	tcase_add_test(tc, test_crlf);
+	tcase_add_test(tc, test_crlf_string);
+	tcase_add_test(tc, test_crlf_include);
+	suite_add_tcase(s, tc);
+
 	return s;
 }
diff --git a/src/libstrongswan/tests/suites/test_threading.c b/src/libstrongswan/tests/suites/test_threading.c
index 9a9fdd8e9..26e60db0d 100644
--- a/src/libstrongswan/tests/suites/test_threading.c
+++ b/src/libstrongswan/tests/suites/test_threading.c
@@ -1,7 +1,7 @@
 /*
- * Copyright (C) 2013 Tobias Brunner
+ * Copyright (C) 2013-2018 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -27,6 +27,36 @@
 #include <threading/semaphore.h>
 #include <threading/thread_value.h>
 
+#ifdef WIN32
+/* when running on AppVeyor the wait functions seem to frequently trigger a bit
+ * early, allow this if the difference is within 5ms. */
+static inline void time_is_at_least(timeval_t *expected, timeval_t *actual)
+{
+	if (!timercmp(actual, expected, >))
+	{
+		timeval_t diff;
+
+		timersub(expected, actual, &diff);
+		if (!diff.tv_sec && diff.tv_usec <= 5000)
+		{
+			warn("allow timer event %dus too early on Windows (expected: %u.%u, "
+				 "actual: %u.%u)", diff.tv_usec, expected->tv_sec,
+				 expected->tv_usec, actual->tv_sec, actual->tv_usec);
+			return;
+		}
+		fail("expected: %u.%u, actual: %u.%u", expected->tv_sec,
+			 expected->tv_usec, actual->tv_sec, actual->tv_usec);
+	}
+}
+#else /* WIN32 */
+static inline void time_is_at_least(timeval_t *expected, timeval_t *actual)
+{
+	ck_assert_msg(timercmp(actual, expected, >), "expected: %u.%u, actual: "
+				  "%u.%u", expected->tv_sec, expected->tv_usec, actual->tv_sec,
+				  actual->tv_usec);
+}
+#endif /* WIN32 */
+
 /*******************************************************************************
  * recursive mutex test
  */
@@ -380,8 +410,7 @@ START_TEST(test_condvar_timed)
 	time_monotonic(&end);
 	mutex->unlock(mutex);
 	timersub(&end, &start, &end);
-	ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u",
-					end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec);
+	time_is_at_least(&diff, &end);
 
 	thread = thread_create(condvar_run, NULL);
 
@@ -419,8 +448,7 @@ START_TEST(test_condvar_timed_abs)
 	}
 	time_monotonic(&end);
 	mutex->unlock(mutex);
-	ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u",
-					end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec);
+	time_is_at_least(&diff, &end);
 
 	thread = thread_create(condvar_run, NULL);
 
@@ -704,8 +732,7 @@ START_TEST(test_rwlock_condvar_timed)
 	rwlock->unlock(rwlock);
 	time_monotonic(&end);
 	timersub(&end, &start, &end);
-	ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u",
-					end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec);
+	time_is_at_least(&diff, &end);
 
 	thread = thread_create(rwlock_condvar_run, NULL);
 
@@ -743,8 +770,7 @@ START_TEST(test_rwlock_condvar_timed_abs)
 	}
 	rwlock->unlock(rwlock);
 	time_monotonic(&end);
-	ck_assert_msg(timercmp(&end, &abso, >), "end: %u.%u, abso: %u.%u",
-					end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec);
+	time_is_at_least(&abso, &end);
 
 	thread = thread_create(rwlock_condvar_run, NULL);
 
@@ -866,8 +892,7 @@ START_TEST(test_semaphore_timed)
 	ck_assert(semaphore->timed_wait(semaphore, diff.tv_usec / 1000));
 	time_monotonic(&end);
 	timersub(&end, &start, &end);
-	ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u",
-					end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec);
+	time_is_at_least(&diff, &end);
 
 	thread = thread_create(semaphore_run, NULL);
 
@@ -889,8 +914,7 @@ START_TEST(test_semaphore_timed_abs)
 	timeradd(&start, &diff, &abso);
 	ck_assert(semaphore->timed_wait_abs(semaphore, abso));
 	time_monotonic(&end);
-	ck_assert_msg(timercmp(&end, &abso, >), "end: %u.%u, abso: %u.%u",
-					end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec);
+	time_is_at_least(&abso, &end);
 
 	thread = thread_create(semaphore_run, NULL);
 
diff --git a/src/libstrongswan/tests/suites/test_traffic_selector.c b/src/libstrongswan/tests/suites/test_traffic_selector.c
index 93361f9bf..137c337dc 100644
--- a/src/libstrongswan/tests/suites/test_traffic_selector.c
+++ b/src/libstrongswan/tests/suites/test_traffic_selector.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2015 Martin Willi
  * Copyright (C) 2015 revosec AG
@@ -72,10 +72,13 @@ START_TEST(test_create_from_cidr)
 	verify("10.1.0.1/32[udp]", "10.1.0.1/32[17]",
 		traffic_selector_create_from_cidr("10.1.0.1/32", IPPROTO_UDP,
 										  0, 65535));
+	verify("10.1.0.1/32[0/domain]", "10.1.0.1/32[0/53]",
+		traffic_selector_create_from_cidr("10.1.0.1/32", 0,
+										  53, 53));
 	verify("10.1.0.1/32[udp/1234-1235]", "10.1.0.1/32[17/1234-1235]",
 		traffic_selector_create_from_cidr("10.1.0.1/32", IPPROTO_UDP,
 										  1234, 1235));
-	verify("10.1.0.0/16[OPAQUE]", NULL,
+	verify("10.1.0.0/16[0/OPAQUE]", NULL,
 		traffic_selector_create_from_cidr("10.1.0.0/16", 0, 65535, 0));
 
 	verify(NULL, NULL,
diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c
index b423d7d2d..00f000a6a 100644
--- a/src/libstrongswan/tests/suites/test_utils.c
+++ b/src/libstrongswan/tests/suites/test_utils.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/tests/suites/test_vectors.c b/src/libstrongswan/tests/suites/test_vectors.c
index a35342837..971b331b2 100644
--- a/src/libstrongswan/tests/suites/test_vectors.c
+++ b/src/libstrongswan/tests/suites/test_vectors.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2013 Martin Willi
  * Copyright (C) 2013 revosec AG
diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c
index b9a0fe6d6..c6dd97716 100644
--- a/src/libstrongswan/tests/test_runner.c
+++ b/src/libstrongswan/tests/test_runner.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2013 Martin Willi
  * Copyright (C) 2013 revosec AG
  *
diff --git a/src/libstrongswan/tests/test_suite.h b/src/libstrongswan/tests/test_suite.h
index 9b9fcad85..3bc3b38ca 100644
--- a/src/libstrongswan/tests/test_suite.h
+++ b/src/libstrongswan/tests/test_suite.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2013 Martin Willi
  * Copyright (C) 2013 revosec AG
  *
diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h
index 5fab227f2..9fc38d480 100644
--- a/src/libstrongswan/tests/tests.h
+++ b/src/libstrongswan/tests/tests.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/threading/condvar.h b/src/libstrongswan/threading/condvar.h
index 48c949c7c..37b493b55 100644
--- a/src/libstrongswan/threading/condvar.h
+++ b/src/libstrongswan/threading/condvar.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2009 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/threading/lock_profiler.h b/src/libstrongswan/threading/lock_profiler.h
index 1ae496455..a3c4241f7 100644
--- a/src/libstrongswan/threading/lock_profiler.h
+++ b/src/libstrongswan/threading/lock_profiler.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/threading/mutex.c b/src/libstrongswan/threading/mutex.c
index 10cf04542..19cc11d15 100644
--- a/src/libstrongswan/threading/mutex.c
+++ b/src/libstrongswan/threading/mutex.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2012 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/threading/mutex.h b/src/libstrongswan/threading/mutex.h
index ac36b6a25..147a3cde7 100644
--- a/src/libstrongswan/threading/mutex.h
+++ b/src/libstrongswan/threading/mutex.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2009 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/threading/rwlock.c b/src/libstrongswan/threading/rwlock.c
index d7374cddf..bd57b65f0 100644
--- a/src/libstrongswan/threading/rwlock.c
+++ b/src/libstrongswan/threading/rwlock.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2012 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/threading/rwlock.h b/src/libstrongswan/threading/rwlock.h
index a86a241c5..9fac91a82 100644
--- a/src/libstrongswan/threading/rwlock.h
+++ b/src/libstrongswan/threading/rwlock.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2009 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/threading/rwlock_condvar.h b/src/libstrongswan/threading/rwlock_condvar.h
index 2b40c3fc6..d21e73d03 100644
--- a/src/libstrongswan/threading/rwlock_condvar.h
+++ b/src/libstrongswan/threading/rwlock_condvar.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/threading/semaphore.c b/src/libstrongswan/threading/semaphore.c
index d90588b50..4147d7b93 100644
--- a/src/libstrongswan/threading/semaphore.c
+++ b/src/libstrongswan/threading/semaphore.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/threading/semaphore.h b/src/libstrongswan/threading/semaphore.h
index bb384e669..034c92b60 100644
--- a/src/libstrongswan/threading/semaphore.h
+++ b/src/libstrongswan/threading/semaphore.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2011 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/threading/spinlock.c b/src/libstrongswan/threading/spinlock.c
index a0de02ce5..901155089 100644
--- a/src/libstrongswan/threading/spinlock.c
+++ b/src/libstrongswan/threading/spinlock.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/threading/spinlock.h b/src/libstrongswan/threading/spinlock.h
index 883980cc2..2c7164ab3 100644
--- a/src/libstrongswan/threading/spinlock.h
+++ b/src/libstrongswan/threading/spinlock.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c
index de5cbaa21..487ea0401 100644
--- a/src/libstrongswan/threading/thread.c
+++ b/src/libstrongswan/threading/thread.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009-2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -348,6 +348,8 @@ thread_t *thread_create(thread_main_t main, void *arg)
 	{
 		DBG1(DBG_LIB, "failed to create thread!");
 		this->mutex->lock(this->mutex);
+		this->terminated = TRUE;
+		this->detached_or_joined = TRUE;
 		thread_destroy(this);
 		return NULL;
 	}
diff --git a/src/libstrongswan/threading/thread.h b/src/libstrongswan/threading/thread.h
index 35da24459..1dfc3772d 100644
--- a/src/libstrongswan/threading/thread.h
+++ b/src/libstrongswan/threading/thread.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/threading/thread_value.c b/src/libstrongswan/threading/thread_value.c
index 190b7434f..6d015494d 100644
--- a/src/libstrongswan/threading/thread_value.c
+++ b/src/libstrongswan/threading/thread_value.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009-2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/threading/thread_value.h b/src/libstrongswan/threading/thread_value.h
index 48f5f7d6b..028bdeebe 100644
--- a/src/libstrongswan/threading/thread_value.h
+++ b/src/libstrongswan/threading/thread_value.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c
index 18b19166e..146f91c4a 100644
--- a/src/libstrongswan/utils/backtrace.c
+++ b/src/libstrongswan/utils/backtrace.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006-2013 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2013 revosec AG
  *
  * This program is free software; you can redistribute it and/or modify it
diff --git a/src/libstrongswan/utils/backtrace.h b/src/libstrongswan/utils/backtrace.h
index 16e84c4d9..85d8d250c 100644
--- a/src/libstrongswan/utils/backtrace.h
+++ b/src/libstrongswan/utils/backtrace.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/capabilities.c b/src/libstrongswan/utils/capabilities.c
index ce5f550b5..38c2ee09e 100644
--- a/src/libstrongswan/utils/capabilities.c
+++ b/src/libstrongswan/utils/capabilities.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2012 Martin Willi
  * Copyright (C) 2012 revosec AG
  *
@@ -422,7 +422,10 @@ METHOD(capabilities_t, drop, bool,
 {
 #ifndef WIN32
 #ifdef HAVE_PRCTL
-	prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
+	if (has_capability(this, CAP_SETPCAP, NULL))
+	{
+		prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
+	}
 #endif
 
 	if (this->uid && !init_supplementary_groups(this))
diff --git a/src/libstrongswan/utils/capabilities.h b/src/libstrongswan/utils/capabilities.h
index 20c18554b..c7bdfa347 100644
--- a/src/libstrongswan/utils/capabilities.h
+++ b/src/libstrongswan/utils/capabilities.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  * Copyright (C) 2012 Martin Willi
  * Copyright (C) 2012 revosec AG
  *
@@ -47,6 +47,9 @@ typedef struct capabilities_t capabilities_t;
 #ifndef CAP_DAC_OVERRIDE
 # define CAP_DAC_OVERRIDE 1
 #endif
+#ifndef CAP_SETPCAP
+# define CAP_SETPCAP 8
+#endif
 
 /**
  * POSIX capability dropping abstraction layer.
diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c
index 3a7984098..239353879 100644
--- a/src/libstrongswan/utils/chunk.c
+++ b/src/libstrongswan/utils/chunk.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2008-2013 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h
index 160d09944..e60cd8ad0 100644
--- a/src/libstrongswan/utils/chunk.h
+++ b/src/libstrongswan/utils/chunk.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2008-2013 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/compat/android.h b/src/libstrongswan/utils/compat/android.h
index 6edd3effb..da8de6279 100644
--- a/src/libstrongswan/utils/compat/android.h
+++ b/src/libstrongswan/utils/compat/android.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/debug.c b/src/libstrongswan/utils/debug.c
index 8a80b81a2..812ade4f5 100644
--- a/src/libstrongswan/utils/debug.c
+++ b/src/libstrongswan/utils/debug.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/debug.h b/src/libstrongswan/utils/debug.h
index 3b554487c..a2258a879 100644
--- a/src/libstrongswan/utils/debug.h
+++ b/src/libstrongswan/utils/debug.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/enum.c b/src/libstrongswan/utils/enum.c
index 1cead77ca..25182f93d 100644
--- a/src/libstrongswan/utils/enum.c
+++ b/src/libstrongswan/utils/enum.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/enum.h b/src/libstrongswan/utils/enum.h
index 928f4079a..4312cb9a1 100644
--- a/src/libstrongswan/utils/enum.h
+++ b/src/libstrongswan/utils/enum.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
  * Copyright (C) 2006-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -53,7 +53,7 @@ typedef struct enum_name_t enum_name_t;
  * The ENUM and the ENUM_END define a enum_name_t pointer with the name supplied
  * in "name".
  *
- * Resolving of enum names is done using a printf hook. A printf fromat
+ * Resolving of enum names is done using a printf hook. A printf format
  * character %N is replaced by the enum string. Printf needs two arguments to
  * resolve a %N, the enum_name_t* (the defined name in ENUM_BEGIN) followed
  * by the numerical enum value.
diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h
index 206f7c3e0..704df7842 100644
--- a/src/libstrongswan/utils/identification.h
+++ b/src/libstrongswan/utils/identification.h
@@ -2,7 +2,7 @@
  * Copyright (C) 2009-2015 Tobias Brunner
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/integrity_checker.c b/src/libstrongswan/utils/integrity_checker.c
index 6f9510b3e..d39b587a9 100644
--- a/src/libstrongswan/utils/integrity_checker.c
+++ b/src/libstrongswan/utils/integrity_checker.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/integrity_checker.h b/src/libstrongswan/utils/integrity_checker.h
index 2ac21c608..2766a0a74 100644
--- a/src/libstrongswan/utils/integrity_checker.h
+++ b/src/libstrongswan/utils/integrity_checker.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index 1dfeea557..b873e12a8 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2013-2014 Tobias Brunner
  * Copyright (C) 2006-2013 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/leak_detective.h b/src/libstrongswan/utils/leak_detective.h
index ca70067d4..b27534e2a 100644
--- a/src/libstrongswan/utils/leak_detective.h
+++ b/src/libstrongswan/utils/leak_detective.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/lexparser.h b/src/libstrongswan/utils/lexparser.h
index 7eb68069b..4c9d2b342 100644
--- a/src/libstrongswan/utils/lexparser.h
+++ b/src/libstrongswan/utils/lexparser.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2001-2008 Andreas Steffen
  *
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c
index 6f721c9ef..5c5f649b7 100644
--- a/src/libstrongswan/utils/optionsfrom.c
+++ b/src/libstrongswan/utils/optionsfrom.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007-2008 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/optionsfrom.h b/src/libstrongswan/utils/optionsfrom.h
index b0a9d0096..3ce52365f 100644
--- a/src/libstrongswan/utils/optionsfrom.h
+++ b/src/libstrongswan/utils/optionsfrom.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2007-2008 Andreas Steffen
  *
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/parser_helper.c b/src/libstrongswan/utils/parser_helper.c
index 4c6aa251f..3ed22b61d 100644
--- a/src/libstrongswan/utils/parser_helper.c
+++ b/src/libstrongswan/utils/parser_helper.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/parser_helper.h b/src/libstrongswan/utils/parser_helper.h
index 09ed1991c..818062c66 100644
--- a/src/libstrongswan/utils/parser_helper.h
+++ b/src/libstrongswan/utils/parser_helper.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/printf_hook/printf_hook.h b/src/libstrongswan/utils/printf_hook/printf_hook.h
index c1d6fa90d..bced19146 100644
--- a/src/libstrongswan/utils/printf_hook/printf_hook.h
+++ b/src/libstrongswan/utils/printf_hook/printf_hook.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
  * Copyright (C) 2006-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c b/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c
index 5efe1d990..17b56d278 100644
--- a/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c
+++ b/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009-2013 Tobias Brunner
  * Copyright (C) 2006-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_vstr.c b/src/libstrongswan/utils/printf_hook/printf_hook_vstr.c
index ab93b24ba..6d8827624 100644
--- a/src/libstrongswan/utils/printf_hook/printf_hook_vstr.c
+++ b/src/libstrongswan/utils/printf_hook/printf_hook_vstr.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009-2013 Tobias Brunner
  * Copyright (C) 2006-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_vstr.h b/src/libstrongswan/utils/printf_hook/printf_hook_vstr.h
index 7c24b05e2..6d744b257 100644
--- a/src/libstrongswan/utils/printf_hook/printf_hook_vstr.h
+++ b/src/libstrongswan/utils/printf_hook/printf_hook_vstr.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
  * Copyright (C) 2006-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/test.c b/src/libstrongswan/utils/test.c
index 0b0a80f42..0e9f07cd0 100644
--- a/src/libstrongswan/utils/test.c
+++ b/src/libstrongswan/utils/test.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/test.h b/src/libstrongswan/utils/test.h
index f9a84713e..f7ae7d60c 100644
--- a/src/libstrongswan/utils/test.h
+++ b/src/libstrongswan/utils/test.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c
index 4deba0fe7..94863d3d6 100644
--- a/src/libstrongswan/utils/utils.c
+++ b/src/libstrongswan/utils/utils.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2015 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h
index ec994bfc5..ea08b68c2 100644
--- a/src/libstrongswan/utils/utils.h
+++ b/src/libstrongswan/utils/utils.h
@@ -206,7 +206,7 @@ void utils_deinit();
  * Block and wait for a set of signals
  *
  * We don't replicate the functionality of siginfo_t.  If info is not NULL
- * -1 is returend and errno is set to EINVAL.
+ * -1 is returned and errno is set to EINVAL.
  *
  * @param set		set of signals to wait for
  * @param info		must be NULL
diff --git a/src/libstrongswan/utils/utils/align.c b/src/libstrongswan/utils/utils/align.c
index ffdb1b5ce..bb76866f1 100644
--- a/src/libstrongswan/utils/utils/align.c
+++ b/src/libstrongswan/utils/utils/align.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/align.h b/src/libstrongswan/utils/utils/align.h
index a28dc3668..85eb25974 100644
--- a/src/libstrongswan/utils/utils/align.h
+++ b/src/libstrongswan/utils/utils/align.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/atomics.c b/src/libstrongswan/utils/utils/atomics.c
index 17e823e70..82a889614 100644
--- a/src/libstrongswan/utils/utils/atomics.c
+++ b/src/libstrongswan/utils/utils/atomics.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/atomics.h b/src/libstrongswan/utils/utils/atomics.h
index e5db0a1cb..a973b1adc 100644
--- a/src/libstrongswan/utils/utils/atomics.h
+++ b/src/libstrongswan/utils/utils/atomics.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/byteorder.h b/src/libstrongswan/utils/utils/byteorder.h
index 0665ef363..6bd626cbc 100644
--- a/src/libstrongswan/utils/utils/byteorder.h
+++ b/src/libstrongswan/utils/utils/byteorder.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/memory.c b/src/libstrongswan/utils/utils/memory.c
index 4b4b6ccee..82c30d88e 100644
--- a/src/libstrongswan/utils/utils/memory.c
+++ b/src/libstrongswan/utils/utils/memory.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -29,7 +29,7 @@ void memxor(uint8_t dst[], const uint8_t src[], size_t n)
 	{
 		dst[i] ^= src[i];
 	}
-	/* try to use words if src shares an aligment with dst */
+	/* try to use words if src shares an alignment with dst */
 	switch (((uintptr_t)&src[i] % sizeof(long)))
 	{
 		case 0:
diff --git a/src/libstrongswan/utils/utils/memory.h b/src/libstrongswan/utils/utils/memory.h
index e84033010..1dffe85df 100644
--- a/src/libstrongswan/utils/utils/memory.h
+++ b/src/libstrongswan/utils/utils/memory.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/object.h b/src/libstrongswan/utils/utils/object.h
index 301fb6685..24169dafc 100644
--- a/src/libstrongswan/utils/utils/object.h
+++ b/src/libstrongswan/utils/utils/object.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/path.c b/src/libstrongswan/utils/utils/path.c
index 3abbe77ed..d964c70cc 100644
--- a/src/libstrongswan/utils/utils/path.c
+++ b/src/libstrongswan/utils/utils/path.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/path.h b/src/libstrongswan/utils/utils/path.h
index 838ce73e6..b72bdaf42 100644
--- a/src/libstrongswan/utils/utils/path.h
+++ b/src/libstrongswan/utils/utils/path.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/status.c b/src/libstrongswan/utils/utils/status.c
index 4a97d846c..21f38a6de 100644
--- a/src/libstrongswan/utils/utils/status.c
+++ b/src/libstrongswan/utils/utils/status.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/status.h b/src/libstrongswan/utils/utils/status.h
index c96eebd44..8d96c2bfc 100644
--- a/src/libstrongswan/utils/utils/status.h
+++ b/src/libstrongswan/utils/utils/status.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/strerror.c b/src/libstrongswan/utils/utils/strerror.c
index d35bbec68..c29b2f773 100644
--- a/src/libstrongswan/utils/utils/strerror.c
+++ b/src/libstrongswan/utils/utils/strerror.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/strerror.h b/src/libstrongswan/utils/utils/strerror.h
index f59649c2a..46138824f 100644
--- a/src/libstrongswan/utils/utils/strerror.h
+++ b/src/libstrongswan/utils/utils/strerror.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/string.c b/src/libstrongswan/utils/utils/string.c
index 56910ed79..df7a9936b 100644
--- a/src/libstrongswan/utils/utils/string.c
+++ b/src/libstrongswan/utils/utils/string.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/string.h b/src/libstrongswan/utils/utils/string.h
index 562516b91..67a915166 100644
--- a/src/libstrongswan/utils/utils/string.h
+++ b/src/libstrongswan/utils/utils/string.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/tty.c b/src/libstrongswan/utils/utils/tty.c
index 7cce71dc5..9f36b58c3 100644
--- a/src/libstrongswan/utils/utils/tty.c
+++ b/src/libstrongswan/utils/utils/tty.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/tty.h b/src/libstrongswan/utils/utils/tty.h
index 6cd285a9a..f45d62e49 100644
--- a/src/libstrongswan/utils/utils/tty.h
+++ b/src/libstrongswan/utils/utils/tty.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/utils/utils/types.h b/src/libstrongswan/utils/utils/types.h
index 45b5043bf..c6a122aa3 100644
--- a/src/libstrongswan/utils/utils/types.h
+++ b/src/libstrongswan/utils/utils/types.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libtls/tls_application.h b/src/libtls/tls_application.h
index bd839fbb6..0debe9cee 100644
--- a/src/libtls/tls_application.h
+++ b/src/libtls/tls_application.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Andreas Steffen
- * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc_bind_function.c b/src/libtnccs/plugins/tnc_imc/tnc_imc_bind_function.c
index 26a5ed2b4..7e6b2f672 100644
--- a/src/libtnccs/plugins/tnc_imc/tnc_imc_bind_function.c
+++ b/src/libtnccs/plugins/tnc_imc/tnc_imc_bind_function.c
@@ -1,6 +1,8 @@
 /*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2006 Mike McCauley
- * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libtnccs/plugins/tnccs_11/batch/tnccs_batch.c b/src/libtnccs/plugins/tnccs_11/batch/tnccs_batch.c
index 660ba179d..292ceb6ad 100644
--- a/src/libtnccs/plugins/tnccs_11/batch/tnccs_batch.c
+++ b/src/libtnccs/plugins/tnccs_11/batch/tnccs_batch.c
@@ -1,6 +1,8 @@
 /*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2006 Mike McCauley (mikem@open.com.au)
- * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.c b/src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.c
index f0e821c8c..f3b0d3faa 100644
--- a/src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.c
+++ b/src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.c
@@ -1,6 +1,8 @@
 /*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2006 Mike McCauley (mikem@open.com.au)
- * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libtnccs/plugins/tnccs_11/messages/tnccs_error_msg.c b/src/libtnccs/plugins/tnccs_11/messages/tnccs_error_msg.c
index 26a6c032f..d20f8b09c 100644
--- a/src/libtnccs/plugins/tnccs_11/messages/tnccs_error_msg.c
+++ b/src/libtnccs/plugins/tnccs_11/messages/tnccs_error_msg.c
@@ -1,6 +1,8 @@
 /*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2006 Mike McCauley (mikem@open.com.au)
- * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c b/src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c
index e3736560d..4cb4b302e 100644
--- a/src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c
+++ b/src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c
@@ -1,6 +1,8 @@
 /*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2006 Mike McCauley (mikem@open.com.au)
- * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libtnccs/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c b/src/libtnccs/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c
index 710269ba9..3ff556699 100644
--- a/src/libtnccs/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c
+++ b/src/libtnccs/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c
@@ -1,6 +1,8 @@
 /*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2006 Mike McCauley (mikem@open.com.au)
- * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libtnccs/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c b/src/libtnccs/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c
index 7c2f9b3f9..e855c16c6 100644
--- a/src/libtnccs/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c
+++ b/src/libtnccs/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c
@@ -1,6 +1,8 @@
 /*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2006 Mike McCauley (mikem@open.com.au)
- * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libtnccs/plugins/tnccs_11/messages/tnccs_recommendation_msg.c b/src/libtnccs/plugins/tnccs_11/messages/tnccs_recommendation_msg.c
index 013e0c7ed..f685dc667 100644
--- a/src/libtnccs/plugins/tnccs_11/messages/tnccs_recommendation_msg.c
+++ b/src/libtnccs/plugins/tnccs_11/messages/tnccs_recommendation_msg.c
@@ -1,6 +1,8 @@
 /*
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2006 Mike McCauley (mikem@open.com.au)
- * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libtnccs/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c b/src/libtnccs/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c
index 0d3e1c2a0..cc1f09bfc 100644
--- a/src/libtnccs/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c
+++ b/src/libtnccs/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2010 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2010 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libtpmtss/plugins/tpm/tpm_cert.c b/src/libtpmtss/plugins/tpm/tpm_cert.c
index 248da7e53..126941f8d 100644
--- a/src/libtpmtss/plugins/tpm/tpm_cert.c
+++ b/src/libtpmtss/plugins/tpm/tpm_cert.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2017 Andreas Steffen
- * HSR Hochschule für Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libtpmtss/tpm_tss_tss2.c b/src/libtpmtss/tpm_tss_tss2.c
index 8b91fb44a..90a16c103 100644
--- a/src/libtpmtss/tpm_tss_tss2.c
+++ b/src/libtpmtss/tpm_tss_tss2.c
@@ -278,8 +278,9 @@ static bool initialize_tcti_tabrmd_context(private_tpm_tss_tss2_t *this)
 		return FALSE;
 	}
 
-	/* allocate memory for tcti context */
+	/* allocate and initialize memory for tcti context */
 	this->tcti_context = (TSS2_TCTI_CONTEXT*)malloc(tcti_context_size);
+	memset(this->tcti_context, 0x00, tcti_context_size);
 
 	/* initialize tcti context */
 	rval = tss2_tcti_tabrmd_init(this->tcti_context, &tcti_context_size);
diff --git a/src/manager/controller/auth_controller.c b/src/manager/controller/auth_controller.c
index 5f2de5154..8abce7312 100644
--- a/src/manager/controller/auth_controller.c
+++ b/src/manager/controller/auth_controller.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/controller/auth_controller.h b/src/manager/controller/auth_controller.h
index 07292273d..2e9548599 100644
--- a/src/manager/controller/auth_controller.h
+++ b/src/manager/controller/auth_controller.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/controller/config_controller.c b/src/manager/controller/config_controller.c
index bc93c542d..fbde2f23f 100644
--- a/src/manager/controller/config_controller.c
+++ b/src/manager/controller/config_controller.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/controller/config_controller.h b/src/manager/controller/config_controller.h
index 504ec8c3b..896ceb4c3 100644
--- a/src/manager/controller/config_controller.h
+++ b/src/manager/controller/config_controller.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/controller/control_controller.c b/src/manager/controller/control_controller.c
index a8db2f272..f0a16eeb2 100644
--- a/src/manager/controller/control_controller.c
+++ b/src/manager/controller/control_controller.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/controller/control_controller.h b/src/manager/controller/control_controller.h
index 0342f8ca2..9feb3c3b6 100644
--- a/src/manager/controller/control_controller.h
+++ b/src/manager/controller/control_controller.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/controller/gateway_controller.c b/src/manager/controller/gateway_controller.c
index 6c0257980..bb14451b1 100644
--- a/src/manager/controller/gateway_controller.c
+++ b/src/manager/controller/gateway_controller.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/controller/gateway_controller.h b/src/manager/controller/gateway_controller.h
index 170bc1bdb..f6bed4ddd 100644
--- a/src/manager/controller/gateway_controller.h
+++ b/src/manager/controller/gateway_controller.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/controller/ikesa_controller.c b/src/manager/controller/ikesa_controller.c
index df0e5f475..5cb5245aa 100644
--- a/src/manager/controller/ikesa_controller.c
+++ b/src/manager/controller/ikesa_controller.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/controller/ikesa_controller.h b/src/manager/controller/ikesa_controller.h
index 592047539..cd76ee5a5 100644
--- a/src/manager/controller/ikesa_controller.h
+++ b/src/manager/controller/ikesa_controller.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/gateway.c b/src/manager/gateway.c
index 58ee6ab54..362611da3 100644
--- a/src/manager/gateway.c
+++ b/src/manager/gateway.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/gateway.h b/src/manager/gateway.h
index 1f62d2365..04f4dfb65 100644
--- a/src/manager/gateway.h
+++ b/src/manager/gateway.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/main.c b/src/manager/main.c
index b6169082f..1ba8b1e04 100644
--- a/src/manager/main.c
+++ b/src/manager/main.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/manager.c b/src/manager/manager.c
index 22a4191d9..bbffb1bb8 100644
--- a/src/manager/manager.c
+++ b/src/manager/manager.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/manager.h b/src/manager/manager.h
index e0ed7fcaf..506127b7f 100644
--- a/src/manager/manager.h
+++ b/src/manager/manager.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/storage.c b/src/manager/storage.c
index 6a8e76e5e..5fdfe0318 100644
--- a/src/manager/storage.c
+++ b/src/manager/storage.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/storage.h b/src/manager/storage.h
index 4324e99fe..76c2b7b9b 100644
--- a/src/manager/storage.h
+++ b/src/manager/storage.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/xml.c b/src/manager/xml.c
index 0aee5f69b..17c2512da 100644
--- a/src/manager/xml.c
+++ b/src/manager/xml.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/manager/xml.h b/src/manager/xml.h
index bd11cb4f8..46503b8af 100644
--- a/src/manager/xml.h
+++ b/src/manager/xml.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/medsrv/controller/peer_controller.c b/src/medsrv/controller/peer_controller.c
index 4943647b5..7dbda8b49 100644
--- a/src/medsrv/controller/peer_controller.c
+++ b/src/medsrv/controller/peer_controller.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2008 Philip Boetschi, Adrian Doerig
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/medsrv/controller/peer_controller.h b/src/medsrv/controller/peer_controller.h
index 1282156b7..3bc640b93 100644
--- a/src/medsrv/controller/peer_controller.h
+++ b/src/medsrv/controller/peer_controller.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2008 Philip Boetschi, Adrian Doerig
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/medsrv/controller/user_controller.c b/src/medsrv/controller/user_controller.c
index 36d04e12c..8bdd86a42 100644
--- a/src/medsrv/controller/user_controller.c
+++ b/src/medsrv/controller/user_controller.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2008 Philip Boetschi, Adrian Doerig
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/medsrv/controller/user_controller.h b/src/medsrv/controller/user_controller.h
index 8443a8d2b..62e15a7cf 100644
--- a/src/medsrv/controller/user_controller.h
+++ b/src/medsrv/controller/user_controller.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2008 Philip Boetschi, Adrian Doerig
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/medsrv/filter/auth_filter.c b/src/medsrv/filter/auth_filter.c
index fb39bdb0e..713abe46b 100644
--- a/src/medsrv/filter/auth_filter.c
+++ b/src/medsrv/filter/auth_filter.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2008 Philip Boetschi, Adrian Doerig
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/medsrv/filter/auth_filter.h b/src/medsrv/filter/auth_filter.h
index 022254dde..15c254256 100644
--- a/src/medsrv/filter/auth_filter.h
+++ b/src/medsrv/filter/auth_filter.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2008 Philip Boetschi, Adrian Doerig
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/medsrv/main.c b/src/medsrv/main.c
index 745fcc359..6ad817334 100644
--- a/src/medsrv/main.c
+++ b/src/medsrv/main.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2008 Philip Boetschi, Adrian Doerig
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/medsrv/user.c b/src/medsrv/user.c
index 023dafbed..26b766f96 100644
--- a/src/medsrv/user.c
+++ b/src/medsrv/user.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/medsrv/user.h b/src/medsrv/user.h
index 475972a5b..b58d14ab1 100644
--- a/src/medsrv/user.h
+++ b/src/medsrv/user.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/pki/command.c b/src/pki/command.c
index f425af7e8..4ad4339a8 100644
--- a/src/pki/command.c
+++ b/src/pki/command.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/pki/command.h b/src/pki/command.h
index a7dade758..353f5141c 100644
--- a/src/pki/command.h
+++ b/src/pki/command.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/pki/commands/dn.c b/src/pki/commands/dn.c
index 75585fc16..96ce5326e 100644
--- a/src/pki/commands/dn.c
+++ b/src/pki/commands/dn.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/pki/commands/pkcs12.c b/src/pki/commands/pkcs12.c
index dcd1496ba..e218c4c89 100644
--- a/src/pki/commands/pkcs12.c
+++ b/src/pki/commands/pkcs12.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c
index dd667fb34..88ef448b5 100644
--- a/src/pki/commands/verify.c
+++ b/src/pki/commands/verify.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016 Tobias Brunner
+ * Copyright (C) 2016-2018 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -14,6 +14,9 @@
  * for more details.
  */
 
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
 #include <errno.h>
 
 #include "pki.h"
@@ -22,6 +25,84 @@
 #include <credentials/certificates/x509.h>
 #include <credentials/sets/mem_cred.h>
 
+/**
+ * Load a CA or CRL and add it to the credential set
+ */
+static bool load_cert(mem_cred_t *creds, char *path, certificate_type_t subtype)
+{
+	certificate_t *cert;
+	char *credname;
+
+	switch (subtype)
+	{
+		case CERT_X509:
+			credname = "CA certificate";
+			break;
+		case CERT_X509_CRL:
+			credname = "CRL";
+			break;
+		default:
+			return FALSE;
+	}
+	cert = lib->creds->create(lib->creds,
+							  CRED_CERTIFICATE, subtype,
+							  BUILD_FROM_FILE, path, BUILD_END);
+	if (!cert)
+	{
+		fprintf(stderr, "parsing %s from '%s' failed\n", credname, path);
+		return FALSE;
+	}
+	if (subtype == CERT_X509_CRL)
+	{
+		creds->add_crl(creds, (crl_t*)cert);
+	}
+	else
+	{
+		creds->add_cert(creds, TRUE, cert);
+	}
+	return TRUE;
+}
+
+/**
+ * Load CA cert or CRL either from a file or a path
+ */
+static bool load_certs(mem_cred_t *creds, char *path,
+					   certificate_type_t subtype)
+{
+	enumerator_t *enumerator;
+	struct stat st;
+	bool loaded = FALSE;
+
+	if (stat(path, &st))
+	{
+		fprintf(stderr, "failed to access '%s': %s\n", path, strerror(errno));
+		return FALSE;
+	}
+	if (S_ISDIR(st.st_mode))
+	{
+		enumerator = enumerator_create_directory(path);
+		if (!enumerator)
+		{
+			fprintf(stderr, "directory '%s' can not be opened: %s",
+					path, strerror(errno));
+			return FALSE;
+		}
+		while (enumerator->enumerate(enumerator, NULL, &path, &st))
+		{
+			if (S_ISREG(st.st_mode) && load_cert(creds, path, subtype))
+			{
+				loaded = TRUE;
+			}
+		}
+		enumerator->destroy(enumerator);
+	}
+	else
+	{
+		loaded = load_cert(creds, path, subtype);
+	}
+	return loaded;
+}
+
 /**
  * Verify a certificate signature
  */
@@ -49,28 +130,16 @@ static int verify()
 				file = arg;
 				continue;
 			case 'c':
-				cert = lib->creds->create(lib->creds,
-										  CRED_CERTIFICATE, CERT_X509,
-										  BUILD_FROM_FILE, arg, BUILD_END);
-				if (!cert)
+				if (load_certs(creds, arg, CERT_X509))
 				{
-					fprintf(stderr, "parsing CA certificate failed\n");
-					goto end;
+					has_ca = TRUE;
 				}
-				has_ca = TRUE;
-				creds->add_cert(creds, TRUE, cert);
 				continue;
 			case 'l':
-				cert = lib->creds->create(lib->creds,
-										  CRED_CERTIFICATE, CERT_X509_CRL,
-										  BUILD_FROM_FILE, arg, BUILD_END);
-				if (!cert)
+				if (load_certs(creds, arg, CERT_X509_CRL))
 				{
-					fprintf(stderr, "parsing CRL failed\n");
-					goto end;
+					online = TRUE;
 				}
-				online = TRUE;
-				creds->add_crl(creds, (crl_t*)cert);
 				continue;
 			case 'o':
 				online = TRUE;
@@ -108,7 +177,7 @@ static int verify()
 		fprintf(stderr, "parsing certificate failed\n");
 		goto end;
 	}
-	creds->add_cert(creds, !has_ca, cert);
+	cert = creds->add_cert_ref(creds, !has_ca, cert);
 
 	enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr,
 									KEY_ANY, cert->get_subject(cert), online);
@@ -153,6 +222,7 @@ static int verify()
 		printf("\n");
 	}
 	enumerator->destroy(enumerator);
+	cert->destroy(cert);
 
 	if (!trusted)
 	{
diff --git a/src/pki/man/pki---verify.1.in b/src/pki/man/pki---verify.1.in
index 74adaf150..a655858a1 100644
--- a/src/pki/man/pki---verify.1.in
+++ b/src/pki/man/pki---verify.1.in
@@ -47,10 +47,13 @@ X.509 certificate to verify. If not given it is read from \fISTDIN\fR.
 .TP
 .BI "\-c, \-\-cacert " file
 CA certificate to use for trustchain verification. If not given the certificate
-is assumed to be self\-signed.
+is assumed to be self\-signed. May optionally be a path to a directory from
+which CA certificates are loaded. Can be used multiple times.
 .TP
 .BI "\-l, \-\-crl " file
-Local CRL to use for trustchain verification. Implies \fB-o\fR.
+Local CRL to use for trustchain verification. May optionally be a path to a
+directory from which CRLs are loaded. Can be used multiple times.
+Implies \fB-o\fR.
 .TP
 .BI "\-o, \-\-online
 Enable online CRL/OCSP revocation checking.
diff --git a/src/pool/pool_attributes.c b/src/pool/pool_attributes.c
index 72af4f494..5ebdbeb37 100644
--- a/src/pool/pool_attributes.c
+++ b/src/pool/pool_attributes.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009-2010 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/pool/pool_attributes.h b/src/pool/pool_attributes.h
index 6a5af3349..8536d4205 100644
--- a/src/pool/pool_attributes.h
+++ b/src/pool/pool_attributes.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009-2010 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/pool/pool_usage.c b/src/pool/pool_usage.c
index 94cc041b5..2b380e386 100644
--- a/src/pool/pool_usage.c
+++ b/src/pool/pool_usage.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2009-2010 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/pool/pool_usage.h b/src/pool/pool_usage.h
index 0082ef6f2..a7fa672ff 100644
--- a/src/pool/pool_usage.h
+++ b/src/pool/pool_usage.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2009-2010 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c
index d31e16220..9f1faf454 100644
--- a/src/pt-tls-client/pt-tls-client.c
+++ b/src/pt-tls-client/pt-tls-client.c
@@ -1,7 +1,9 @@
 /*
- * Copyright (C) 2010-2013 Martin Willi, revosec AG
  * Copyright (C) 2013-2015 Andreas Steffen
- * HSR Hochschule für Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2010-2013 Martin Willi
+ * Copyright (C) 2010-2013 revosec AG
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c
index 5bb29bbd8..cc227cc7a 100644
--- a/src/scepclient/scep.c
+++ b/src/scepclient/scep.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/scepclient/scep.h b/src/scepclient/scep.h
index 4ef5eaf8e..97fc7bf8e 100644
--- a/src/scepclient/scep.h
+++ b/src/scepclient/scep.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c
index 853490f61..83079f3d8 100644
--- a/src/scepclient/scepclient.c
+++ b/src/scepclient/scepclient.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/args.c b/src/starter/args.c
index 477a52082..a37ce6a3e 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
  * Copyright (C) 2006 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/args.h b/src/starter/args.h
index 76c05de8c..d1181f4a4 100644
--- a/src/starter/args.h
+++ b/src/starter/args.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Andreas Steffen
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/confread.c b/src/starter/confread.c
index f154f8951..345d0b60b 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
  *
diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c
index 5d95305cb..e78e65792 100644
--- a/src/starter/invokecharon.c
+++ b/src/starter/invokecharon.c
@@ -1,6 +1,9 @@
-/* strongSwan charon launcher
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
+/*
+ * Copyright (C) 2006 Martin Willi
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2001-2002 Mathieu Lafon
+ * Arkoon Network Security
  *
  * Ported from invokepluto.c to fit charons needs.
  *
diff --git a/src/starter/invokecharon.h b/src/starter/invokecharon.h
index aaf913c9b..b789c761d 100644
--- a/src/starter/invokecharon.h
+++ b/src/starter/invokecharon.h
@@ -1,6 +1,9 @@
-/* strongSwan charon launcher
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
+/*
+ * Copyright (C) 2006 Martin Willi
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2001-2002 Mathieu Lafon
+ * Arkoon Network Security
  *
  * Ported from invokepluto.h to fit charons needs.
  *
diff --git a/src/starter/keywords.c b/src/starter/keywords.c
index 0e2d0fb4b..a8f50169a 100644
--- a/src/starter/keywords.c
+++ b/src/starter/keywords.c
@@ -32,7 +32,7 @@ error "gperf generated tables don't work with this execution character set. Plea
 
 /*
  * Copyright (C) 2005 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index 27d16b0b8..d017134d9 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2005 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/keywords.h.in b/src/starter/keywords.h.in
index d2b08f2cf..60ec2723a 100644
--- a/src/starter/keywords.h.in
+++ b/src/starter/keywords.h.in
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2005 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index dd673bc7a..e696dce8e 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -1,7 +1,7 @@
 %{
 /*
  * Copyright (C) 2005 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/parser/conf_parser.c b/src/starter/parser/conf_parser.c
index 66e0ae8e4..d35dad76c 100644
--- a/src/starter/parser/conf_parser.c
+++ b/src/starter/parser/conf_parser.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/parser/conf_parser.h b/src/starter/parser/conf_parser.h
index 49131a0db..db486a03f 100644
--- a/src/starter/parser/conf_parser.h
+++ b/src/starter/parser/conf_parser.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/parser/lexer.c b/src/starter/parser/lexer.c
index afca86341..d19cee08a 100644
--- a/src/starter/parser/lexer.c
+++ b/src/starter/parser/lexer.c
@@ -634,7 +634,7 @@ static yyconst flex_int16_t yy_rule_linenum[26] =
 #line 2 "parser/lexer.l"
 /*
  * Copyright (C) 2013-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/parser/lexer.l b/src/starter/parser/lexer.l
index f70658e68..e10fd1b38 100644
--- a/src/starter/parser/lexer.l
+++ b/src/starter/parser/lexer.l
@@ -1,7 +1,7 @@
 %{
 /*
  * Copyright (C) 2013-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/parser/parser.c b/src/starter/parser/parser.c
index 7204cc61d..7d9cd7805 100644
--- a/src/starter/parser/parser.c
+++ b/src/starter/parser/parser.c
@@ -72,7 +72,7 @@
 
 /*
  * Copyright (C) 2013-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/parser/parser.y b/src/starter/parser/parser.y
index 0b2b3b09f..1371fe931 100644
--- a/src/starter/parser/parser.y
+++ b/src/starter/parser/parser.y
@@ -1,7 +1,7 @@
 %{
 /*
  * Copyright (C) 2013-2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 51a42a504..8ca1af29c 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -276,7 +276,7 @@ static bool check_pid(char *pid_file)
 				pid = atoi(buf);
 			}
 			fclose(pidfile);
-			if (pid && kill(pid, 0) == 0)
+			if (pid && pid != getpid() && kill(pid, 0) == 0)
 			{	/* such a process is running */
 				return TRUE;
 			}
@@ -477,6 +477,7 @@ int main (int argc, char **argv)
 		}
 	}
 
+#ifndef STARTER_ALLOW_NON_ROOT
 	/* verify that we can start */
 	if (getuid() != 0)
 	{
@@ -484,6 +485,7 @@ int main (int argc, char **argv)
 		cleanup();
 		exit(LSB_RC_NOT_ALLOWED);
 	}
+#endif
 
 	if (check_pid(pid_file))
 	{
@@ -520,6 +522,7 @@ int main (int argc, char **argv)
 		exit(LSB_RC_INVALID_ARGUMENT);
 	}
 
+#ifndef SKIP_KERNEL_IPSEC_MODPROBES
 	/* determine if we have a native netkey IPsec stack */
 	if (!starter_netkey_init())
 	{
@@ -530,6 +533,7 @@ int main (int argc, char **argv)
 			DBG1(DBG_APP, "no known IPsec stack detected, ignoring!");
 		}
 	}
+#endif
 
 	last_reload = time_monotonic(NULL);
 
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 90af9372a..90ba1cd72 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2007-2015 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/starterstroke.h b/src/starter/starterstroke.h
index 126486325..685c528b6 100644
--- a/src/starter/starterstroke.h
+++ b/src/starter/starterstroke.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/tests/starter_tests.c b/src/starter/tests/starter_tests.c
index 4194c5256..23722e96f 100644
--- a/src/starter/tests/starter_tests.c
+++ b/src/starter/tests/starter_tests.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/tests/starter_tests.h b/src/starter/tests/starter_tests.h
index 3486597a0..79a75c568 100644
--- a/src/starter/tests/starter_tests.h
+++ b/src/starter/tests/starter_tests.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/starter/tests/suites/test_parser.c b/src/starter/tests/suites/test_parser.c
index 4ae7b22fa..81555a86f 100644
--- a/src/starter/tests/suites/test_parser.c
+++ b/src/starter/tests/suites/test_parser.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2014 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index 6571815e5..8248440dd 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2007-2015 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/stroke/stroke_keywords.c b/src/stroke/stroke_keywords.c
index 4dce7fbc8..17a3663fe 100644
--- a/src/stroke/stroke_keywords.c
+++ b/src/stroke/stroke_keywords.c
@@ -30,9 +30,9 @@ error "gperf generated tables don't work with this execution character set. Plea
 #endif
 
 
-/* stroke keywords
+/*
  * Copyright (C) 2006 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/stroke/stroke_keywords.h b/src/stroke/stroke_keywords.h
index 00b992769..4e0b66b3d 100644
--- a/src/stroke/stroke_keywords.h
+++ b/src/stroke/stroke_keywords.h
@@ -1,6 +1,6 @@
-/* stroke keywords
+/*
  * Copyright (C) 2006 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/stroke/stroke_keywords.h.in b/src/stroke/stroke_keywords.h.in
index 2b5780adc..416c8f9ad 100644
--- a/src/stroke/stroke_keywords.h.in
+++ b/src/stroke/stroke_keywords.h.in
@@ -1,6 +1,6 @@
-/* stroke keywords
+/*
  * Copyright (C) 2006 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/stroke/stroke_keywords.txt b/src/stroke/stroke_keywords.txt
index ceb0dd253..1d96ccdd1 100644
--- a/src/stroke/stroke_keywords.txt
+++ b/src/stroke/stroke_keywords.txt
@@ -1,7 +1,7 @@
 %{
-/* stroke keywords
+/*
  * Copyright (C) 2006 Andreas Steffen
- * Hochschule fuer Technik Rapperswil, Switzerland
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index 60ea0028d..08560d36f 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/sw-collector/sw-collector.8.in b/src/sw-collector/sw-collector.8.in
index b9041c77b..5c8d25656 100644
--- a/src/sw-collector/sw-collector.8.in
+++ b/src/sw-collector/sw-collector.8.in
@@ -34,6 +34,12 @@ sw-collector \- Extracts software installation events from dpkg history log
 .YS
 .
 .SY "sw-collector"
+.OP \-\-debug level
+.OP \-\-quiet
+.BR \-\-check
+.YS
+.
+.SY "sw-collector"
 .B \-h
 |
 .B \-\-help
@@ -76,7 +82,7 @@ installation status.
 .B "\-u, \-\-unregistered"
 Lists all software packages residing in the local collector database but for
 which no SWID tags exist yet in a central collector database reachable via a
-REST interface. 
+REST interface.
 .TP
 .B "\-g, \-\-generate"
 Generates ISO 19770-2:2015 SWID tags for all software packages residing in the
@@ -86,6 +92,10 @@ database reachable via a REST interface.
 .B "\-m, \-\-migrate"
 Can be used to migrate collector database versions. Currently all architecture
 suffixes are removed from dpkg package names.
+.TP
+.B "\-C, \-\-check"
+Checks the integrity of the collector database against the actual list of
+installed packages obtained with dpkg-query.
 .
 .SH "CONFIGURATION"
 .
diff --git a/src/sw-collector/sw-collector.c b/src/sw-collector/sw-collector.c
index a42f1068a..f8229a192 100644
--- a/src/sw-collector/sw-collector.c
+++ b/src/sw-collector/sw-collector.c
@@ -31,9 +31,10 @@
 #include <library.h>
 #include <utils/debug.h>
 #include <utils/lexparser.h>
+#include <collections/hashtable.h>
 
 #include <swid_gen/swid_gen.h>
-
+#include <swid_gen/swid_gen_info.h>
 /**
  * global debug output variables
  */
@@ -48,7 +49,8 @@ enum collector_op_t {
 	COLLECTOR_OP_LIST,
 	COLLECTOR_OP_UNREGISTERED,
 	COLLECTOR_OP_GENERATE,
-	COLLECTOR_OP_MIGRATE
+	COLLECTOR_OP_MIGRATE,
+	COLLECTOR_OP_CHECK
 };
 
 /**
@@ -119,7 +121,8 @@ Usage:\n\
 --list|-unregistered\n\
   sw-collector [--debug <level>] [--quiet] [--installed|--removed] \
 [--full] --generate\n\
-  sw-collector [--debug <level>] [--quiet] --migrate\n");
+  sw-collector [--debug <level>] [--quiet] --migrate\n\
+  sw-collector [--debug <level>] [--quiet] --check\n");
 }
 
 /**
@@ -140,6 +143,7 @@ static collector_op_t do_args(int argc, char *argv[], bool *full_tags,
 
 		struct option long_opts[] = {
 			{ "help", no_argument, NULL, 'h' },
+			{ "check", no_argument, NULL, 'C' },
 			{ "count", required_argument, NULL, 'c' },
 			{ "debug", required_argument, NULL, 'd' },
 			{ "full", no_argument, NULL, 'f' },
@@ -153,7 +157,7 @@ static collector_op_t do_args(int argc, char *argv[], bool *full_tags,
 			{ 0,0,0,0 }
 		};
 
-		c = getopt_long(argc, argv, "hc:d:fgilmqru", long_opts, NULL);
+		c = getopt_long(argc, argv, "hCc:d:fgilmqru", long_opts, NULL);
 		switch (c)
 		{
 			case EOF:
@@ -162,6 +166,9 @@ static collector_op_t do_args(int argc, char *argv[], bool *full_tags,
 				usage();
 				exit(SUCCESS);
 				break;
+			case 'C':
+				op = COLLECTOR_OP_CHECK;
+				continue;
 			case 'c':
 				count = atoi(optarg);
 				continue;
@@ -537,7 +544,7 @@ end:
 }
 
 /**
- * Append missing architecture suffix to package entries in the database
+ * Remove architecture suffix from package entries in the database
  */
 static int migrate(sw_collector_db_t *db)
 {
@@ -582,6 +589,84 @@ static int migrate(sw_collector_db_t *db)
 	return status;
 }
 
+/**
+ * Free hashtable entry
+ */
+static void free_entry(void *value, void *key)
+{
+	free(value);
+	free(key);
+}
+
+/**
+ * Check consistency of installed software identifiers in collector database
+ */
+static int check(sw_collector_db_t *db)
+{
+	sw_collector_dpkg_t *dpkg;
+	swid_gen_info_t *info;
+	hashtable_t *table;
+	enumerator_t *e;
+	char *dpkg_name, *name, *package, *arch, *version;
+	uint32_t sw_id, count = 0, installed;
+
+	dpkg = sw_collector_dpkg_create();
+	if (!dpkg)
+	{
+		return EXIT_FAILURE;
+	}
+	info = swid_gen_info_create();
+	table = hashtable_create(hashtable_hash_str, hashtable_equals_str, 4096);
+
+	/* Store all installed sw identifiers (according to dpkg) in hashtable */
+	e = dpkg->create_sw_enumerator(dpkg);
+	while (e->enumerate(e, &package, &arch, &version))
+	{
+		dpkg_name = info->create_sw_id(info, package, version);
+		table->put(table, strdup(package), dpkg_name);
+	}
+	e->destroy(e);
+
+	info->destroy(info);
+	dpkg->destroy(dpkg);
+
+	e = db->create_sw_enumerator(db, SW_QUERY_ALL, NULL);
+	if (!e)
+	{
+		table->destroy_function(table, (void*)free_entry);
+		return EXIT_FAILURE;
+	}
+	while (e->enumerate(e, &sw_id, &name, &package, &version, &installed))
+	{
+		dpkg_name = table->get(table, package);
+		if (installed)
+		{
+			if (!dpkg_name)
+			{
+				printf("%4d %s erroneously noted as installed\n", sw_id, name);
+			}
+			else if (!streq(name, dpkg_name))
+			{
+				printf("%4d %s erroneously noted as installed instead of\n "
+					   "    %s\n", sw_id, name, dpkg_name);
+			}
+		}
+		else
+		{
+			if (dpkg_name && streq(name, dpkg_name))
+			{
+				printf("%4d %s erroneously noted as removed\n", sw_id, name);
+			}
+		}
+		count++;
+	}
+	e->destroy(e);
+
+	table->destroy_function(table, (void*)free_entry);
+	printf("checked %d software identifiers\n", count);
+
+	return EXIT_SUCCESS;
+}
 
 int main(int argc, char *argv[])
 {
@@ -646,6 +731,9 @@ int main(int argc, char *argv[])
 		case COLLECTOR_OP_MIGRATE:
 			status = migrate(db);
 			break;
+		case COLLECTOR_OP_CHECK:
+			status = check(db);
+			break;
 	}
 	db->destroy(db);
 
diff --git a/src/swanctl/command.c b/src/swanctl/command.c
index 225dff617..63f4523bb 100644
--- a/src/swanctl/command.c
+++ b/src/swanctl/command.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/swanctl/command.h b/src/swanctl/command.h
index 0d93ae45c..f2640d90f 100644
--- a/src/swanctl/command.h
+++ b/src/swanctl/command.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/swanctl/commands/list_algs.c b/src/swanctl/commands/list_algs.c
index 616e6ff75..99b5c7627 100644
--- a/src/swanctl/commands/list_algs.c
+++ b/src/swanctl/commands/list_algs.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/swanctl/commands/redirect.c b/src/swanctl/commands/redirect.c
index 6edb936e6..46e0c5719 100644
--- a/src/swanctl/commands/redirect.c
+++ b/src/swanctl/commands/redirect.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/swanctl/commands/terminate.c b/src/swanctl/commands/terminate.c
index 8b3233c89..bce404a54 100644
--- a/src/swanctl/commands/terminate.c
+++ b/src/swanctl/commands/terminate.c
@@ -39,6 +39,7 @@ static int terminate(vici_conn_t *conn)
 	command_format_options_t format = COMMAND_FORMAT_NONE;
 	char *arg, *child = NULL, *ike = NULL;
 	int ret = 0, timeout = 0, level = 1, child_id = 0, ike_id = 0;
+	bool force = FALSE;
 
 	while (TRUE)
 	{
@@ -55,6 +56,9 @@ static int terminate(vici_conn_t *conn)
 			case 'c':
 				child = arg;
 				continue;
+			case 'f':
+				force = TRUE;
+				continue;
 			case 'i':
 				ike = arg;
 				continue;
@@ -101,6 +105,10 @@ static int terminate(vici_conn_t *conn)
 	{
 		vici_add_key_valuef(req, "ike-id", "%d", ike_id);
 	}
+	if (force)
+	{
+		vici_add_key_valuef(req, "force", "yes");
+	}
 	if (timeout)
 	{
 		vici_add_key_valuef(req, "timeout", "%d", timeout * 1000);
@@ -150,6 +158,7 @@ static void __attribute__ ((constructor))reg()
 			{"ike",			'i', 1, "terminate by IKE_SA name"},
 			{"child-id",	'C', 1, "terminate by CHILD_SA reqid"},
 			{"ike-id",		'I', 1, "terminate by IKE_SA unique identifier"},
+			{"force",		'f', 0, "terminate IKE_SA without waiting, unless timeout is set"},
 			{"timeout",		't', 1, "timeout in seconds before detaching"},
 			{"raw",			'r', 0, "dump raw response message"},
 			{"pretty",		'P', 0, "dump raw response message in pretty print"},
diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main
index 637661083..1f7e3a2cc 100644
--- a/src/swanctl/swanctl.conf.5.main
+++ b/src/swanctl/swanctl.conf.5.main
@@ -1146,7 +1146,13 @@ disables IPsec replay protection.
 .TP
 .BR connections.<conn>.children.<child>.hw_offload " [no]"
 Enable hardware offload for this CHILD_SA, if supported by the IPsec
-implementation.
+implementation. The value
+.RI "" "yes" ""
+enforces offloading and the installation will
+fail if it's not supported by either kernel or device.       The value
+.RI "" "auto" ""
+enables offloading, if it's supported, but the installation does not fail
+otherwise.
 
 .TP
 .BR connections.<conn>.children.<child>.start_action " [none]"
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index 5675b31ca..120e5812e 100644
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -931,6 +931,12 @@ connections.<conn>.children.<child>.hw_offload = no
 	Enable hardware offload for this CHILD_SA, if supported by the IPsec
 	implementation.
 
+	Enable hardware offload for this CHILD_SA, if supported by the IPsec
+	implementation. The value _yes_ enforces offloading and the installation
+	will fail if it's not supported by either kernel or device.	The value _auto_
+	enables offloading, if it's supported, but the installation does not fail
+	otherwise.
+
 connections.<conn>.children.<child>.start_action = none
 	Action to perform after loading the configuration (_none_, _trap_, _start_).
 
diff --git a/testing/hosts/default/etc/sysctl.conf b/testing/hosts/default/etc/sysctl.conf
index 43010d52e..364b64ad6 100644
--- a/testing/hosts/default/etc/sysctl.conf
+++ b/testing/hosts/default/etc/sysctl.conf
@@ -1,6 +1,6 @@
 #
 # /etc/sysctl.conf - Configuration file for setting system variables
-# See /etc/sysctl.d/ for additonal system variables
+# See /etc/sysctl.d/ for additional system variables
 # See sysctl.conf (5) for information.
 #
 
diff --git a/testing/scripts/recipes/patches/freeradius-tnc-fhh b/testing/scripts/recipes/patches/freeradius-tnc-fhh
index 6460c86a3..26a233d48 100644
--- a/testing/scripts/recipes/patches/freeradius-tnc-fhh
+++ b/testing/scripts/recipes/patches/freeradius-tnc-fhh
@@ -5363,7 +5363,7 @@ diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc
 -#define VLAN_ACCESS 2
 -/*
 - ****
-- * EAP - MD5 does not specify code, id & length but chap specifies them,
+- * EAP - MD5 doesnot specify code, id & length but chap specifies them,
 - *	for generalization purpose, complete header should be sent
 - *	and not just value_size, value and name.
 - *	future implementation.
diff --git a/testing/testing.conf b/testing/testing.conf
index 595fd9667..0da9aedad 100644
--- a/testing/testing.conf
+++ b/testing/testing.conf
@@ -24,14 +24,14 @@ fi
 : ${TESTDIR=/srv/strongswan-testing}
 
 # Kernel configuration
-: ${KERNELVERSION=4.15}
+: ${KERNELVERSION=4.15.18}
 : ${KERNEL=linux-$KERNELVERSION}
 : ${KERNELTARBALL=$KERNEL.tar.xz}
 : ${KERNELCONFIG=$DIR/../config/kernel/config-4.15}
-: ${KERNELPATCH=ha-4.14-abicompat.patch.bz2}
+: ${KERNELPATCH=ha-4.15.6-abicompat.patch.bz2}
 
 # strongSwan version used in tests
-: ${SWANVERSION=5.6.2}
+: ${SWANVERSION=5.6.3}
 
 # Build directory where the guest kernel and images will be built
 : ${BUILDDIR=$TESTDIR/build}
diff --git a/testing/tests/ikev2/alg-chacha20poly1305/description.txt b/testing/tests/ikev2/alg-chacha20poly1305/description.txt
index dd8918b68..a808c4b67 100644
--- a/testing/tests/ikev2/alg-chacha20poly1305/description.txt
+++ b/testing/tests/ikev2/alg-chacha20poly1305/description.txt
@@ -1,5 +1,5 @@
 Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite
-<b>CHACHA20_POLY1305_256</b> both for IKE and ESP by defining
+<b>CHACHA20_POLY1305</b> both for IKE and ESP by defining
 <b>ike=chacha20poly1305-prfsha256-ntru256</b> and
 <b>esp=chacha20poly1305-ntru256</b> in ipsec.conf, respectively.
 A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat b/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat
index ab54ce153..ac29c66ff 100644
--- a/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat
+++ b/testing/tests/ikev2/alg-chacha20poly1305/evaltest.dat
@@ -3,10 +3,10 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-moon:: ipsec statusall 2> /dev/null::IKE proposal: CHACHA20_POLY1305_256::YES
-carol::ipsec statusall 2> /dev/null::IKE proposal: CHACHA20_POLY1305_256::YES
-moon:: ipsec statusall 2> /dev/null::CHACHA20_POLY1305_256,::YES
-carol::ipsec statusall 2> /dev/null::CHACHA20_POLY1305_256,::YES
+moon:: ipsec statusall 2> /dev/null::IKE proposal: CHACHA20_POLY1305::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: CHACHA20_POLY1305::YES
+moon:: ipsec statusall 2> /dev/null::CHACHA20_POLY1305,::YES
+carol::ipsec statusall 2> /dev/null::CHACHA20_POLY1305,::YES
 moon:: ip xfrm state::aead rfc7539esp(chacha20,poly1305)::YES
 carol::ip xfrm state::aead rfc7539esp(chacha20,poly1305)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules
index 2d9a466b0..792fc56bc 100644
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules
@@ -5,8 +5,8 @@
 -P OUTPUT DROP
 -P FORWARD DROP
 
-# allow bootpc and bootps
--A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
+# allow bootps (in relay mode also in OUTPUT)
+-A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT
 -A INPUT  -p udp --sport bootps --dport bootps -j ACCEPT
 
 # allow broadcasts from eth1
diff --git a/testing/tests/ikev2/dhcp-dynamic/posttest.dat b/testing/tests/ikev2/dhcp-dynamic/posttest.dat
index d4a05b28b..60be3f95c 100644
--- a/testing/tests/ikev2/dhcp-dynamic/posttest.dat
+++ b/testing/tests/ikev2/dhcp-dynamic/posttest.dat
@@ -1,8 +1,9 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-venus::cat /var/state/dhcp/dhcpd.leases
+venus::cat /var/lib/dhcp/dhcpd.leases
 venus::service isc-dhcp-server stop 2> /dev/null
+venus::rm /var/lib/dhcp/dhcpd.leases*; touch /var/lib/dhcp/dhcpd.leases
 moon::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
 dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules
index 2d9a466b0..792fc56bc 100644
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules
@@ -5,8 +5,8 @@
 -P OUTPUT DROP
 -P FORWARD DROP
 
-# allow bootpc and bootps
--A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
+# allow bootps (in relay mode also in OUTPUT)
+-A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT
 -A INPUT  -p udp --sport bootps --dport bootps -j ACCEPT
 
 # allow broadcasts from eth1
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
index c4a0ff8bb..0883bf058 100644
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
@@ -6,6 +6,7 @@ charon {
   plugins {
     dhcp {
       server = 10.1.255.255
+      identity_lease = yes
     }
   }
 }
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules
index 2d9a466b0..792fc56bc 100644
--- a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules
@@ -5,8 +5,8 @@
 -P OUTPUT DROP
 -P FORWARD DROP
 
-# allow bootpc and bootps
--A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
+# allow bootps (in relay mode also in OUTPUT)
+-A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT
 -A INPUT  -p udp --sport bootps --dport bootps -j ACCEPT
 
 # allow broadcasts from eth1
diff --git a/testing/tests/ikev2/multi-level-ca-skipped/description.txt b/testing/tests/ikev2/multi-level-ca-skipped/description.txt
new file mode 100644
index 000000000..a5571d00c
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-skipped/description.txt
@@ -0,0 +1,4 @@
+The roadwarrior <b>carol</b> possesses a certificate issued by the Research CA.
+The CRL for the root CA can't be fetched and thus the status of the certificate
+of the Research CA is unknown and the authentication is rejected due to the
+strict CRL policy enforced by the gateway <b>moon</b>.
diff --git a/testing/tests/ikev2/multi-level-ca-skipped/evaltest.dat b/testing/tests/ikev2/multi-level-ca-skipped/evaltest.dat
new file mode 100644
index 000000000..5d445c27f
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-skipped/evaltest.dat
@@ -0,0 +1,4 @@
+moon:: cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES
+carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED::NO
+carol::ipsec status 2> /dev/null::home.*INSTALLED::NO
diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..297e348ea
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	strictcrlpolicy=yes
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+	auto=add
diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/certs/carolCert.pem
new file mode 100644
index 000000000..698e47cc0
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIELDCCAxSgAwIBAgIBCzANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTE1MDQyNjEwMjUwNFoXDTE5MDQwMzEwMjUw
+NFowWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKupuHqUUqSufsEtjSTZEkTF
+sTGWXQkwZoLbAPNlZ4PV0Dx1ju3xRvVtjQHN3Tsx6IsB1JO3k/dMExwttbeBA8HK
+oKYw+CFG8+6XWUU+tBT5xlwa5sdVUHIo8On1x7Rb3s+RDhJ2/YvCf/H13aOtqG+L
+7Xyt7OwRQZNx4Gx60sgU2Zhr9WsMslWJQeS92va6UiGYN4c6qRNyrS9zTZEJ0yib
+tflhd07LLcgz+jHqCdUcPK4g8+TH8HCtek0n2QRu3IfbEM+i6EaZjUJq1kp6k9HA
+IgKR48r9HVk3zBsWJBo6sxUn8/avFM54vdwD8NAClNn9xobEXsO3jwGljc5mb40C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRd
+qfnvgHGNOog5OOLebmYkmJ/faTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
+YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+TgUJbXL83e11Fzo+XGMQ24FfxdUvlex9IcnnNZnjsy4cYaUhofdI1AIkOhdh7R4i
+9dtdfbFLLQR3qc2jmL9ubdQP83FiZZQOXX55XV5/Gb4E4g2T2ZU8ahby+ZzQsEcI
+jGeot7fRfbxUrcjnIKxZd7JsQSaR45rMrNcUOQpFT212urojUngrEoAeaC5USEiX
+sF11P654UejR8DCczwLi4QBvjRTH3bcMC57FjsWt1n/KCB08dS0ojD+T+6lN7/1K
+yLreeRNynXzc1GAln5G03Ivwm9STFT1mYjkBMOCY+3ihEOpzlR9pWCWl9p728db3
+mk0VsDm1jdOf3PK1Xd2PJw==
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/private/carolKey.pem
new file mode 100644
index 000000000..3a5d7c487
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAq6m4epRSpK5+wS2NJNkSRMWxMZZdCTBmgtsA82Vng9XQPHWO
+7fFG9W2NAc3dOzHoiwHUk7eT90wTHC21t4EDwcqgpjD4IUbz7pdZRT60FPnGXBrm
+x1VQcijw6fXHtFvez5EOEnb9i8J/8fXdo62ob4vtfK3s7BFBk3HgbHrSyBTZmGv1
+awyyVYlB5L3a9rpSIZg3hzqpE3KtL3NNkQnTKJu1+WF3TsstyDP6MeoJ1Rw8riDz
+5MfwcK16TSfZBG7ch9sQz6LoRpmNQmrWSnqT0cAiApHjyv0dWTfMGxYkGjqzFSfz
+9q8Uzni93APw0AKU2f3GhsRew7ePAaWNzmZvjQIDAQABAoIBAEJqa+GhOUhV6ty6
+zv0Ory7EfgX9cwl3HHJMYVXKSf6L3wFFSoNs8lNKi1/DUnDwolQF5UUxpaHsYQhp
+9wCEffugdf9WuunFFeOd0wAjfnEPIlvIXLmKnJFOnccnPJjfYplUOemS+A32tqHa
+ymHlcmGV9dBjSmMbWg+942KVMrAOHtCnAk0yT2WlE+9efLTuXoZIQCx+Ico6Lwp8
+JCmZYW2pfUk9co9di6UCl50C+A5RcvpsE7CZcXCzEAqz06eFz4imgQuzQSLaedup
+F77cyPd13nD2N7+YGfWrWKbdqGMuQnmfrOQWZf94rlOsQjyCzbHIeItJsXT+DBKT
+0SwEIQECgYEA1mcoUiCYOcQcA+FtSO8byzSu0uQZO1cS/VES5mbtRIuLo33L0P0y
+bVnBIfk3iaBq70GU98XjhCGUwNwQDQm+zbLK+p+j+4L2ayvjtOV5ql0b2gk6eyRZ
+oX14evsmxC2OFqGmGD+VePN4pP+Q39QMCFvf26BMtKHyXQnkwA61G30CgYEAzPfH
+Lp3iT9xLqpp9zP9j2m9Ts6m6/Uzzuazpzl7rYMlLkd6fBWBquQ46qbO5Wv+SO7yZ
+aWU7OuWGe6zng1VWSrLBZlRMfu+ze1uEETNdedRI858nv1bMlHmt9+RiZgOgZe7H
+3D4dLphrQrJC8tlsaP0GWYRZkf64n+37KZX2QVECgYEAyKcmbyYeEQHeDius8XMF
+mfmmG6xpiMWG+hgkDgkJyPqoJswWMXKk/P3g6ACq31yId33zAqfqs8ARzSSmyOzz
+6uKHYGKDP2FjaQ1cP/H7GVumMzorxw9P6vjYBpCByVuw/LEwFsV7CAUkRZcAaNm0
+oSYKrSqqXuqpPjWCJdQd3qkCgYAdIf6ylohLN5GdrxXAZHBp5Lbt62sDg8OEmZol
+1gH4oMPX+N97YSfqI6ac5kmrMHY1fWoEu/m+Nk92Fq5VUXTRazTn+YVh6WoGV4ye
+8UERBuZTkkSRAqJTXDQo7tI5k7xhoJ3RpRZ6v/lG4pV3dQXeqlATuycMBDtzp9yy
+HXmB8QKBgQCut7SsOJ0DtgpzjatYzKBh43WgwjbeRyReyT6OWuPiLUiKQYN8W5od
+pZ51zorvFxu6iEMjAzXs0k1zbM4/EaQwwatTEZF0ZQMYMvm46f0ndhN3fY0O0ENY
+zZES5DrfCgboPlmrWoVexU3xEDCWO8hO0fLmwqIK8F4EU8ByOVsHcg==
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..fac55d63b
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem
diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..7a64dce30
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..fe69abe92
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	strictcrlpolicy=yes
+
+ca strongswan
+	cacert=strongswanCert.pem
+	crluri=http://crl.strongswan.org/not-available.crl
+	auto=add
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+
+conn alice
+	leftsubnet=PH_IP_ALICE/32
+	right=%any
+	rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
+	auto=add
diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
new file mode 100644
index 000000000..4d9fed09a
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBKDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTE0MDMyMjEzNTYyMloXDTE5MDMyMTEzNTYyMlowUTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
+cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
+FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU
+zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO
+/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0
+C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
++wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E
+BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
+VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAKHj4oUmSaG9u3QC
+wjbETgexmKo6EViRjaf++QlK54ILHmPHCkN6Smzr5xpmi7P/FnBLqMlfMIQ3DCD7
+Fof/8SqaE/V9cP7TXK6c5vZHLoVU/NZW1A/HucMHSxd1DEiTfmrz8Q9RNb/r5adZ
+Epbje7IRlufhpDD2hDNs1FyjmY9V9G4VfOBA/JBWlgs+A810uidNVD+YEFxDlIZG
+6Kr0d5/WZowOUX7G8LUaa5kjoCS7MJONeEX2D/wtsx7Zw3f7GjFDdJfdi+CbAwBN
+d8kt2l7yt7oEW9AfOcMQ7+HZOqihNrV8mCErk39p9f6zcZtYHnjM5fJlNRmc+EXC
+mk13kTA=
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..7a64dce30
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-skipped/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev2/multi-level-ca-skipped/posttest.dat b/testing/tests/ikev2/multi-level-ca-skipped/posttest.dat
new file mode 100644
index 000000000..f84b7e37b
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-skipped/posttest.dat
@@ -0,0 +1,3 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::rm /etc/ipsec.d/cacerts/*
diff --git a/testing/tests/ikev2/multi-level-ca-skipped/pretest.dat b/testing/tests/ikev2/multi-level-ca-skipped/pretest.dat
new file mode 100644
index 000000000..1d847c013
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-skipped/pretest.dat
@@ -0,0 +1,5 @@
+moon::ipsec start
+carol::ipsec start
+moon::expect-connection alice
+carol::expect-connection home
+carol::ipsec up home
diff --git a/testing/tests/ikev2/multi-level-ca-skipped/test.conf b/testing/tests/ikev2/multi-level-ca-skipped/test.conf
new file mode 100644
index 000000000..892f51cd9
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-skipped/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-c-w.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS=""
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ipv6/rw-psk-ikev2/description.txt b/testing/tests/ipv6/rw-psk-ikev2/description.txt
index 0bd1474a0..fd7369d8f 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/description.txt
+++ b/testing/tests/ipv6/rw-psk-ikev2/description.txt
@@ -1,4 +1,4 @@
-TThe roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 tunnel connection each
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 tunnel connection each
 to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
 and IPv6 addresses. Upon the successful establishment of the IPsec tunnels,
 automatically inserted ip6tables-based firewall rules let pass the tunneled traffic.
diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules
index 2d9a466b0..792fc56bc 100644
--- a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules
+++ b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules
@@ -5,8 +5,8 @@
 -P OUTPUT DROP
 -P FORWARD DROP
 
-# allow bootpc and bootps
--A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
+# allow bootps (in relay mode also in OUTPUT)
+-A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT
 -A INPUT  -p udp --sport bootps --dport bootps -j ACCEPT
 
 # allow broadcasts from eth1
diff --git a/testing/tests/swanctl/dhcp-dynamic/posttest.dat b/testing/tests/swanctl/dhcp-dynamic/posttest.dat
index 37e8b02d8..466fc931c 100644
--- a/testing/tests/swanctl/dhcp-dynamic/posttest.dat
+++ b/testing/tests/swanctl/dhcp-dynamic/posttest.dat
@@ -3,8 +3,9 @@ dave::swanctl --terminate --ike home
 carol::systemctl stop strongswan-swanctl
 dave::systemctl stop strongswan-swanctl
 moon::systemctl stop strongswan-swanctl
-venus::cat /var/state/dhcp/dhcpd.leases
-venus::server isc-dhcp-server stop 2> /dev/null
+venus::cat /var/lib/dhcp/dhcpd.leases
+venus::service isc-dhcp-server stop 2> /dev/null
+venus::rm /var/lib/dhcp/dhcpd.leases*; touch /var/lib/dhcp/dhcpd.leases
 moon::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
 dave::iptables-restore < /etc/iptables.flush
-- 
cgit v1.2.3