starter: Removed pfs and pfsgroup options (handled via esp option).

author: Tobias Brunner <tobias@strongswan.org> 2012-05-15 13:26:49 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2012-06-11 17:33:31 +0200
commit: efc69e9f3889000bf6cecc04a510f6095bd9aca2 (patch)
tree: b2ad39c13447d2eb6b7fd70956d42ecb56f9716c /src
parent: 6d065f14ae04d582a5d3ef425a850fe7a85c9500 (diff)
download: strongswan-efc69e9f3889000bf6cecc04a510f6095bd9aca2.tar.bz2
strongswan-efc69e9f3889000bf6cecc04a510f6095bd9aca2.tar.xz
5 files changed, 2 insertions, 28 deletions
diff --git a/src/starter/args.c b/src/starter/args.c
index 3856c3df3..2f3e48b41 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -103,22 +103,6 @@ static const char *LST_keyexchange[] = {
 	 NULL
 };
 
-static const char *LST_pfsgroup[] = {
-	"modp1024",
-	"modp1536",
-	"modp2048",
-	"modp3072",
-	"modp4096",
-	"modp6144",
-	"modp8192",
-	"ecp192",
-	"ecp224",
-	"ecp256",
-	"ecp384",
-	"ecp521",
-	 NULL
-};
-
 static const char *LST_plutodebug[] = {
 	"none",
 	"all",
@@ -215,7 +199,6 @@ static const token_info_t token_info[] =
 	{ ARG_ENUM, offsetof(starter_conn_t, startup), LST_startup                     },
 	{ ARG_ENUM, offsetof(starter_conn_t, keyexchange), LST_keyexchange             },
 	{ ARG_MISC, 0, NULL  /* KW_TYPE */                                             },
-	{ ARG_MISC, 0, NULL  /* KW_PFS */                                              },
 	{ ARG_MISC, 0, NULL  /* KW_COMPRESS */                                         },
 	{ ARG_ENUM, offsetof(starter_conn_t, install_policy), LST_bool                 },
 	{ ARG_ENUM, offsetof(starter_conn_t, aggressive), LST_bool                     },
@@ -238,7 +221,6 @@ static const token_info_t token_info[] =
 	{ ARG_MISC, 0, NULL  /* KW_REAUTH */                                           },
 	{ ARG_STR,  offsetof(starter_conn_t, ike), NULL                                },
 	{ ARG_STR,  offsetof(starter_conn_t, esp), NULL                                },
-	{ ARG_STR,  offsetof(starter_conn_t, pfsgroup), LST_pfsgroup                   },
 	{ ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL                          },
 	{ ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL                        },
 	{ ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action               },
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 377964951..a003a14d6 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -35,7 +35,7 @@
 #define ip_version(string)	(strchr(string, '.') ? AF_INET : AF_INET6)
 
 static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
-static const char esp_defaults[] = "aes128-sha1,3des-sha1";
+static const char esp_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
 
 static const char firewall_defaults[] = "ipsec _updown iptables";
 
@@ -84,7 +84,7 @@ static void default_values(starter_config_t *cfg)
 	cfg->conn_default.startup = STARTUP_NO;
 	cfg->conn_default.state   = STATE_IGNORE;
 	cfg->conn_default.mode    = MODE_TUNNEL;
-	cfg->conn_default.policy  = POLICY_PFS | POLICY_MOBIKE;
+	cfg->conn_default.policy  = POLICY_MOBIKE;
 
 	cfg->conn_default.ike                   = strdupnull(ike_defaults);
 	cfg->conn_default.esp                   = strdupnull(esp_defaults);
@@ -561,9 +561,6 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
 				cfg->err++;
 			}
 			break;
-		case KW_PFS:
-			KW_POLICY_FLAG("yes", "no", POLICY_PFS)
-			break;
 		case KW_COMPRESS:
 			KW_POLICY_FLAG("yes", "no", POLICY_COMPRESS)
 			break;
diff --git a/src/starter/confread.h b/src/starter/confread.h
index e9a77d438..0aa6bd515 100644
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@@ -143,7 +143,6 @@ struct starter_conn {
 
 		char            *esp;
 		char            *ike;
-		char            *pfsgroup;
 
 		time_t          dpd_delay;
 		time_t          dpd_timeout;
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index c1b98dffc..3af235fec 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -64,7 +64,6 @@ typedef enum {
 	KW_CONN_SETUP,
 	KW_KEYEXCHANGE,
 	KW_TYPE,
-	KW_PFS,
 	KW_COMPRESS,
 	KW_INSTALLPOLICY,
 	KW_AGGRESSIVE,
@@ -87,7 +86,6 @@ typedef enum {
 	KW_REAUTH,
 	KW_IKE,
 	KW_ESP,
-	KW_PFSGROUP,
 	KW_DPDDELAY,
 	KW_DPDTIMEOUT,
 	KW_DPDACTION,
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index 96221778d..ab76eb518 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -57,7 +57,6 @@ pkcs11keepstate,   KW_PKCS11KEEPSTATE
 pkcs11proxy,       KW_PKCS11PROXY
 keyexchange,       KW_KEYEXCHANGE
 type,              KW_TYPE
-pfs,               KW_PFS
 compress,          KW_COMPRESS
 installpolicy,     KW_INSTALLPOLICY
 aggressive,        KW_AGGRESSIVE
@@ -78,7 +77,6 @@ rekey,             KW_REKEY
 reauth,            KW_REAUTH
 esp,               KW_ESP
 ike,               KW_IKE
-pfsgroup,          KW_PFSGROUP
 dpddelay,          KW_DPDDELAY
 dpdtimeout,        KW_DPDTIMEOUT
 dpdaction,         KW_DPDACTION
author	Tobias Brunner <tobias@strongswan.org>	2012-05-15 13:26:49 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2012-06-11 17:33:31 +0200
commit	efc69e9f3889000bf6cecc04a510f6095bd9aca2 (patch)
tree	b2ad39c13447d2eb6b7fd70956d42ecb56f9716c /src
parent	6d065f14ae04d582a5d3ef425a850fe7a85c9500 (diff)
download	strongswan-efc69e9f3889000bf6cecc04a510f6095bd9aca2.tar.bz2 strongswan-efc69e9f3889000bf6cecc04a510f6095bd9aca2.tar.xz