4 files changed, 99 insertions, 7 deletions

diff --git a/src/starter/args.c b/src/starter/args.c
index fadbad4eb..36f12057b 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -120,6 +120,7 @@ static const token_info_t token_info[] =
 	{ ARG_ENUM, offsetof(starter_config_t, setup.uniqueids), LST_unique            },
 	{ ARG_ENUM, offsetof(starter_config_t, setup.cachecrls), LST_bool              },
 	{ ARG_ENUM, offsetof(starter_config_t, setup.strictcrlpolicy), LST_strict      },
+	{ ARG_MISC, 0, NULL  /* KW_SETUP_DEPRECATED */                                 },
 
 	/* conn section keywords */
 	{ ARG_STR,  offsetof(starter_conn_t, name), NULL                               },
@@ -164,6 +165,7 @@ static const token_info_t token_info[] =
 	{ ARG_MISC, 0, NULL  /* KW_MARK_IN */                                          },
 	{ ARG_MISC, 0, NULL  /* KW_MARK_OUT */                                         },
 	{ ARG_MISC, 0, NULL  /* KW_TFC */                                              },
+	{ ARG_MISC, 0, NULL  /* KW_CONN_DEPRECATED */                                  },
 
 	/* ca section keywords */
 	{ ARG_STR,  offsetof(starter_ca_t, name), NULL                                 },
@@ -176,6 +178,7 @@ static const token_info_t token_info[] =
 	{ ARG_STR,  offsetof(starter_ca_t, ocspuri), NULL                              },
 	{ ARG_STR,  offsetof(starter_ca_t, ocspuri2), NULL                             },
 	{ ARG_STR,  offsetof(starter_ca_t, certuribase), NULL                          },
+	{ ARG_MISC, 0, NULL  /* KW_CA_DEPRECATED */                                    },
 
 	/* end keywords */
 	{ ARG_STR,  offsetof(starter_end_t, host), NULL                                },
@@ -200,6 +203,7 @@ static const token_info_t token_info[] =
 	{ ARG_STR,  offsetof(starter_end_t, ca), NULL                                  },
 	{ ARG_STR,  offsetof(starter_end_t, ca2), NULL                                 },
 	{ ARG_STR,  offsetof(starter_end_t, groups), NULL                              },
+	{ ARG_MISC, 0, NULL  /* KW_END_DEPRECATED */                                   },
 };
 
 static void free_list(char **list)
diff --git a/src/starter/confread.c b/src/starter/confread.c
index f4c697d23..81db70a1f 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -51,6 +51,32 @@ static bool daemon_exists(char *daemon, char *path)
 	return TRUE;
 }
 
+/**
+ * Process deprecated keywords
+ */
+static bool is_deprecated(kw_token_t token, kw_list_t *kw, char *name)
+{
+	switch (token)
+	{
+		case KW_SETUP_DEPRECATED:
+			DBG1(DBG_APP, "# deprecated keyword '%s' in config setup",
+				 kw->entry->name);
+			break;
+		case KW_CONN_DEPRECATED:
+		case KW_END_DEPRECATED:
+			DBG1(DBG_APP, "# deprecated keyword '%s' in conn '%s'",
+				 kw->entry->name, name);
+			break;
+		case KW_CA_DEPRECATED:
+			DBG1(DBG_APP, "# deprecated keyword '%s' in ca '%s'",
+				 kw->entry->name, name);
+			break;
+		default:
+			return FALSE;
+	}
+	return TRUE;
+}
+
 static void default_values(starter_config_t *cfg)
 {
 	if (cfg == NULL)
@@ -129,6 +155,12 @@ static void load_setup(starter_config_t *cfg, config_parsed_t *cfgp)
 			continue;
 		}
 
+		if (is_deprecated(token, kw, ""))
+		{
+			cfg->non_fatal_err++;
+			continue;
+		}
+
 		if (!assign_arg(token, KW_SETUP_FIRST, kw, (char *)cfg, &assigned))
 		{
 			DBG1(DBG_APP, "  bad argument value in config setup");
@@ -154,6 +186,12 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 	char *name  = kw->entry->name;
 	char *value = kw->value;
 
+	if (is_deprecated(token, kw, conn_name))
+	{
+		cfg->non_fatal_err++;
+		return;
+	}
+
 	if (!assign_arg(token, KW_END_FIRST, kw, (char *)end, &assigned))
 		goto err;
 
@@ -446,6 +484,12 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
 			continue;
 		}
 
+		if (is_deprecated(token, kw, conn_name))
+		{
+			cfg->non_fatal_err++;
+			continue;
+		}
+
 		if (!assign_arg(token, KW_CONN_FIRST, kw, (char *)conn, &assigned))
 		{
 			DBG1(DBG_APP, "  bad argument value in conn '%s'", conn_name);
@@ -631,6 +675,12 @@ static void load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg)
 			continue;
 		}
 
+		if (is_deprecated(token, kw, ca_name))
+		{
+			cfg->non_fatal_err++;
+			continue;
+		}
+
 		if (!assign_arg(token, KW_CA_FIRST, kw, (char *)ca, &assigned))
 		{
 			DBG1(DBG_APP, "  bad argument value in ca '%s'", ca_name);
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index 1e443a667..c1347dc94 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -22,9 +22,10 @@ typedef enum {
 	KW_UNIQUEIDS,
 	KW_CACHECRLS,
 	KW_STRICTCRLPOLICY,
+	KW_SETUP_DEPRECATED,
 
 #define KW_SETUP_FIRST  KW_CHARONDEBUG
-#define KW_SETUP_LAST   KW_STRICTCRLPOLICY
+#define KW_SETUP_LAST   KW_SETUP_DEPRECATED
 
 	/* conn section keywords */
 	KW_CONN_NAME,
@@ -69,9 +70,10 @@ typedef enum {
 	KW_MARK_IN,
 	KW_MARK_OUT,
 	KW_TFC,
+	KW_CONN_DEPRECATED,
 
 #define KW_CONN_FIRST   KW_CONN_SETUP
-#define KW_CONN_LAST    KW_TFC
+#define KW_CONN_LAST    KW_CONN_DEPRECATED
 
 	/* ca section keywords */
 	KW_CA_NAME,
@@ -84,9 +86,10 @@ typedef enum {
 	KW_OCSPURI,
 	KW_OCSPURI2,
 	KW_CERTURIBASE,
+	KW_CA_DEPRECATED,
 
 #define KW_CA_FIRST     KW_CA_SETUP
-#define KW_CA_LAST      KW_CERTURIBASE
+#define KW_CA_LAST      KW_CA_DEPRECATED
 
 	/* end keywords */
 	KW_HOST,
@@ -111,9 +114,10 @@ typedef enum {
 	KW_CA,
 	KW_CA2,
 	KW_GROUPS,
+	KW_END_DEPRECATED,
 
 #define KW_END_FIRST    KW_HOST
-#define KW_END_LAST     KW_GROUPS
+#define KW_END_LAST     KW_END_DEPRECATED
 
 	/* left end keywords */
 	KW_LEFT,
@@ -138,9 +142,10 @@ typedef enum {
 	KW_LEFTCA,
 	KW_LEFTCA2,
 	KW_LEFTGROUPS,
+	KW_LEFT_DEPRECATED,
 
 #define KW_LEFT_FIRST   KW_LEFT
-#define KW_LEFT_LAST    KW_LEFTGROUPS
+#define KW_LEFT_LAST    KW_LEFT_DEPRECATED
 
 	/* right end keywords */
 	KW_RIGHT,
@@ -165,13 +170,14 @@ typedef enum {
 	KW_RIGHTCA,
 	KW_RIGHTCA2,
 	KW_RIGHTGROUPS,
+	KW_RIGHT_DEPRECATED,
 
 #define KW_RIGHT_FIRST  KW_RIGHT
-#define KW_RIGHT_LAST   KW_RIGHTGROUPS
+#define KW_RIGHT_LAST   KW_RIGHT_DEPRECATED
 
 	/* general section keywords */
 	KW_ALSO,
-	KW_AUTO
+	KW_AUTO,
 
 } kw_token_t;
 
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index 82ee23ddf..eab8bd503 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -24,6 +24,7 @@ struct kw_entry {
     kw_token_t token;
 };
 %%
+# regular keywords
 charondebug,       KW_CHARONDEBUG
 uniqueids,         KW_UNIQUEIDS
 cachecrls,         KW_CACHECRLS
@@ -126,3 +127,34 @@ rightca2,          KW_RIGHTCA2
 rightgroups,       KW_RIGHTGROUPS
 also,              KW_ALSO
 auto,              KW_AUTO
+# deprecated/removed keywords
+interfaces,        KW_SETUP_DEPRECATED
+dumpdir,           KW_SETUP_DEPRECATED
+charonstart,       KW_SETUP_DEPRECATED
+plutostart,        KW_SETUP_DEPRECATED
+klipsdebug,        KW_SETUP_DEPRECATED
+plutodebug,        KW_SETUP_DEPRECATED
+prepluto,          KW_SETUP_DEPRECATED
+postpluto,         KW_SETUP_DEPRECATED
+plutostderrlog,    KW_SETUP_DEPRECATED
+fragicmp,          KW_SETUP_DEPRECATED
+packetdefault,     KW_SETUP_DEPRECATED
+hidetos,           KW_SETUP_DEPRECATED
+overridemtu,       KW_SETUP_DEPRECATED
+crlcheckinterval,  KW_SETUP_DEPRECATED
+nocrsend,          KW_SETUP_DEPRECATED
+nat_traversal,     KW_SETUP_DEPRECATED
+keep_alive,        KW_SETUP_DEPRECATED
+force_keepalive,   KW_SETUP_DEPRECATED
+virtual_private,   KW_SETUP_DEPRECATED
+pkcs11module,      KW_SETUP_DEPRECATED
+pkcs11initargs,    KW_SETUP_DEPRECATED
+pkcs11keepstate,   KW_SETUP_DEPRECATED
+pkcs11proxy,       KW_SETUP_DEPRECATED
+pfs,               KW_CONN_DEPRECATED
+pfsgroup,          KW_CONN_DEPRECATED
+eap,               KW_CONN_DEPRECATED
+leftnexthop,       KW_LEFT_DEPRECATED
+leftsubnetwithin,  KW_LEFT_DEPRECATED
+rightnexthop,      KW_RIGHT_DEPRECATED
+rightsubnetwithin, KW_RIGHT_DEPRECATED