7 files changed, 20 insertions, 22 deletions

diff --git a/src/pluto/ac.c b/src/pluto/ac.c
index 3339d91fb..cd8007aea 100644
--- a/src/pluto/ac.c
+++ b/src/pluto/ac.c
@@ -261,7 +261,7 @@ void ac_list_certs(bool utc)
 			whack_log(RC_COMMENT, "  hissuer:  \"%Y\"", holderIssuer);
 		}
 
-		holderSerial = ac->get_holderSerial(ac);
+		holderSerial = chunk_skip_zero(ac->get_holderSerial(ac));
 		if (holderSerial.ptr)
 		{
 			whack_log(RC_COMMENT, "  hserial:   %#B", &holderSerial);
@@ -277,7 +277,7 @@ void ac_list_certs(bool utc)
 		issuer = cert->get_issuer(cert);
 		whack_log(RC_COMMENT, "  issuer:   \"%Y\"", issuer);
 
-		serial = ac->get_serial(ac);
+		serial = chunk_skip_zero(ac->get_serial(ac));
 		whack_log(RC_COMMENT, "  serial:    %#B", &serial);
 
 		cert->get_validity(cert, &now, &notBefore, &notAfter);
diff --git a/src/pluto/crl.c b/src/pluto/crl.c
index 38db0f2fd..c49b09e19 100644
--- a/src/pluto/crl.c
+++ b/src/pluto/crl.c
@@ -507,7 +507,7 @@ void list_crls(bool utc, bool strict)
 		whack_log(RC_COMMENT, " ");
 		whack_log(RC_COMMENT, "  issuer:   \"%Y\"",
 				cert_crl->get_issuer(cert_crl));
-		serial = crl->get_serial(crl);
+		serial = chunk_skip_zero(crl->get_serial(crl));
 		if (serial.ptr)
 		{
 			whack_log(RC_COMMENT, "  serial:    %#B", &serial);
diff --git a/src/pluto/keys.c b/src/pluto/keys.c
index fb61bef5c..5fcbdfa40 100644
--- a/src/pluto/keys.c
+++ b/src/pluto/keys.c
@@ -1435,6 +1435,7 @@ void remove_x509_public_key(const cert_t *cert)
 void list_public_keys(bool utc)
 {
 	pubkey_list_t *p = pubkeys;
+	chunk_t serial;
 
 	if (p != NULL)
 	{
@@ -1465,7 +1466,8 @@ void list_public_keys(bool utc)
 		}
 		if (key->serial.len)
 		{
-			whack_log(RC_COMMENT,"  serial:    %#B", &key->serial);
+			serial = chunk_skip_zero(key->serial);
+			whack_log(RC_COMMENT,"  serial:    %#B", &serial);
 		}
 		p = p->next;
 	}
diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c
index d89bfdf01..c299e3d39 100644
--- a/src/pluto/ocsp.c
+++ b/src/pluto/ocsp.c
@@ -607,23 +607,23 @@ void list_ocsp_locations(ocsp_location_t *location, bool requests,
 			}
 			while (certinfo)
 			{
+				chunk_t serial = chunk_skip_zero(certinfo->serialNumber);
+
 				if (requests)
 				{
 					whack_log(RC_COMMENT, "  serial:    %#B, %d trials",
-						 &certinfo->serialNumber, certinfo->trials);
+						 &serial, certinfo->trials);
 				}
 				else if (certinfo->once)
 				{
 					whack_log(RC_COMMENT, "  serial:    %#B, %s, once%s",
-						&certinfo->serialNumber,
-						cert_status_names[certinfo->status],
+						&serial, cert_status_names[certinfo->status],
 						(certinfo->nextUpdate < time(NULL))? " (expired)": "");
 				}
 				else
 				{
 					whack_log(RC_COMMENT, "  serial:    %#B, %s, until %T %s",
-						&certinfo->serialNumber,
-						cert_status_names[certinfo->status],
+						&serial, cert_status_names[certinfo->status],
 						&certinfo->nextUpdate, utc,
 						check_expiry(certinfo->nextUpdate, OCSP_WARNING_INTERVAL, strict));
 				}
diff --git a/src/pluto/plugins/xauth/xauth_default_verifier.c b/src/pluto/plugins/xauth/xauth_default_verifier.c
index 776f77134..ca2e36aa0 100644
--- a/src/pluto/plugins/xauth/xauth_default_verifier.c
+++ b/src/pluto/plugins/xauth/xauth_default_verifier.c
@@ -43,6 +43,13 @@ METHOD(xauth_verifier_t, verify_secret, bool,
 	if (get_xauth_secret(user, server, &xauth_secret))
 	{
 		success = chunk_equals(secret, xauth_secret);
+
+		if (!success && secret.len && secret.ptr[secret.len - 1] == 0)
+		{	/* fix for null-terminated passwords (e.g. from Android 4) */
+			secret.len--;
+			success = chunk_equals(secret, xauth_secret);
+		}
+
 		chunk_clear(&xauth_secret);
 	}
 	return success;
diff --git a/src/pluto/timer.c b/src/pluto/timer.c
index c1ad55f5e..1d34d2c54 100644
--- a/src/pluto/timer.c
+++ b/src/pluto/timer.c
@@ -46,18 +46,7 @@
  */
 time_t now(void)
 {
-	static time_t delta = 0
-		, last_time = 0;
-	time_t n = time(NULL);
-
-	passert(n != (time_t)-1);
-	if (last_time > n)
-	{
-		plog("time moved backwards %ld seconds", (long)(last_time - n));
-		delta += last_time - n;
-	}
-	last_time = n;
-	return n + delta;
+	return time_monotonic(NULL);
 }
 
 /* This file has the event handling routines. Events are
diff --git a/src/pluto/x509.c b/src/pluto/x509.c
index 7e2aca862..f017e5775 100644
--- a/src/pluto/x509.c
+++ b/src/pluto/x509.c
@@ -410,7 +410,7 @@ void list_x509cert_chain(const char *caption, cert_t* cert,
 				certificate->get_subject(certificate));
 			whack_log(RC_COMMENT, "  issuer:   \"%Y\"",
 				certificate->get_issuer(certificate));
-				serial = x509->get_serial(x509);
+				serial = chunk_skip_zero(x509->get_serial(x509));
 			whack_log(RC_COMMENT, "  serial:    %#B", &serial);
 
 			/* list validity */