diff options
author | Tobias Brunner <tobias@strongswan.org> | 2017-08-30 15:15:31 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-10-10 11:04:17 +0200 |
commit | ea613d5d276f31aed9d7de3f3e28fe1b786b983a (patch) | |
tree | a5837f54d57350cc9e1c90273ca309c881781aec | |
parent | 4f575d62ed48e94332c3a65a62adf015eb0901be (diff) | |
download | strongswan-ea613d5d276f31aed9d7de3f3e28fe1b786b983a.tar.bz2 strongswan-ea613d5d276f31aed9d7de3f3e28fe1b786b983a.tar.xz |
starter: Don't define any hard-coded proposal strings
Just rely on the default proposals by charon if nothing is defined. The
hard-coded IKE proposal used curve25519, which depends on an optional
plugin (while enabled by default it might still not be loaded, or, like
on Debian, shipped in an optional package). With charon's default
proposal only loaded algorithms are proposed for IKE avoiding this issue.
-rw-r--r-- | src/starter/confread.c | 9 |
1 files changed, 0 insertions, 9 deletions
diff --git a/src/starter/confread.c b/src/starter/confread.c index b3e942fac..f154f8951 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -40,9 +40,6 @@ #define SA_REPLACEMENT_RETRIES_DEFAULT 3 #define SA_REPLAY_WINDOW_DEFAULT -1 /* use charon.replay_window */ -static const char ike_defaults[] = "aes128-sha256-curve25519"; -static const char esp_defaults[] = "aes128-sha256"; - static const char firewall_defaults[] = IPSEC_SCRIPT " _updown iptables"; /** @@ -206,7 +203,6 @@ static void conn_defaults(starter_conn_t *conn) conn->mode = MODE_TUNNEL; conn->options = SA_OPTION_MOBIKE; - conn->ike = strdupnull(ike_defaults); /* esp defaults are set after parsing the conn section */ conn->sa_ike_life_seconds = IKE_LIFETIME_DEFAULT; conn->sa_ipsec_life_seconds = IPSEC_LIFETIME_DEFAULT; @@ -622,11 +618,6 @@ static void load_conn(starter_conn_t *conn, starter_config_t *cfg, handle_firewall("left", &conn->left, cfg); handle_firewall("right", &conn->right, cfg); - - if (!conn->esp && !conn->ah) - { - conn->esp = strdupnull(esp_defaults); - } } /* |