diff -Naur libreswan-4.1-orig/lib/libipsecconf/keywords.c libreswan-4.1/lib/libipsecconf/keywords.c --- libreswan-4.1-orig/lib/libipsecconf/keywords.c 2020-10-18 21:11:05.000000000 -0400 +++ libreswan-4.1/lib/libipsecconf/keywords.c 2020-10-27 23:47:09.999098076 -0400 @@ -366,6 +366,8 @@ { "interfaces", kv_config, kt_string, KSF_INTERFACES, NULL, NULL, }, { "curl-iface", kv_config, kt_string, KSF_CURLIFACE, NULL, NULL, }, { "curl-timeout", kv_config, kt_time, KBF_CURLTIMEOUT, NULL, NULL, }, + { "curl_iface", kv_config | kv_alias, kt_string, KSF_CURLIFACE, NULL, NULL, }, /* obsolete _ */ + { "curl_timeout", kv_config | kv_alias, kt_time, KBF_CURLTIMEOUT, NULL, NULL, }, /* obsolete _ */ { "myvendorid", kv_config, kt_string, KSF_MYVENDORID, NULL, NULL, }, { "syslog", kv_config, kt_string, KSF_SYSLOG, NULL, NULL, }, @@ -373,6 +375,7 @@ { "logfile", kv_config, kt_filename, KSF_LOGFILE, NULL, NULL, }, { "plutostderrlog", kv_config, kt_filename, KSF_LOGFILE, NULL, NULL, }, /* obsolete name, but very common :/ */ { "logtime", kv_config, kt_bool, KBF_LOGTIME, NULL, NULL, }, + { "plutostderrlogtime", kv_config | kv_alias, kt_bool, KBF_LOGTIME, NULL, NULL, }, /* obsolete */ { "logappend", kv_config, kt_bool, KBF_LOGAPPEND, NULL, NULL, }, { "logip", kv_config, kt_bool, KBF_LOGIP, NULL, NULL, }, { "audit-log", kv_config, kt_bool, KBF_AUDIT_LOG, NULL, NULL, }, @@ -392,13 +395,20 @@ { "global-redirect-to", kv_config, kt_string, KSF_GLOBAL_REDIRECT_TO, NULL, NULL, }, { "crl-strict", kv_config, kt_bool, KBF_CRL_STRICT, NULL, NULL, }, + { "crl_strict", kv_config | kv_alias, kt_bool, KBF_CRL_STRICT, NULL, NULL, }, /* obsolete _ */ { "crlcheckinterval", kv_config, kt_time, KBF_CRL_CHECKINTERVAL, NULL, NULL, }, + { "strictcrlpolicy", kv_config | kv_alias, kt_bool, KBF_CRL_STRICT, NULL, NULL, }, /* obsolete; used on openswan */ { "ocsp-strict", kv_config, kt_bool, KBF_OCSP_STRICT, NULL, NULL, }, + { "ocsp_strict", kv_config | kv_alias, kt_bool, KBF_OCSP_STRICT, NULL, NULL, }, /* obsolete _ */ { "ocsp-enable", kv_config, kt_bool, KBF_OCSP_ENABLE, NULL, NULL, }, + { "ocsp_enable", kv_config | kv_alias, kt_bool, KBF_OCSP_ENABLE, NULL, NULL, }, /* obsolete _ */ { "ocsp-uri", kv_config, kt_string, KSF_OCSP_URI, NULL, NULL, }, + { "ocsp_uri", kv_config | kv_alias, kt_string, KSF_OCSP_URI, NULL, NULL, }, /* obsolete _ */ { "ocsp-timeout", kv_config, kt_number, KBF_OCSP_TIMEOUT, NULL, NULL, }, + { "ocsp_timeout", kv_config | kv_alias, kt_number, KBF_OCSP_TIMEOUT, NULL, NULL, }, /* obsolete _ */ { "ocsp-trustname", kv_config, kt_string, KSF_OCSP_TRUSTNAME, NULL, NULL, }, + { "ocsp_trust_name", kv_config | kv_alias, kt_string, KSF_OCSP_TRUSTNAME, NULL, NULL, }, /* obsolete _ */ { "ocsp-cache-size", kv_config, kt_number, KBF_OCSP_CACHE_SIZE, NULL, NULL, }, { "ocsp-cache-min-age", kv_config, kt_time, KBF_OCSP_CACHE_MIN, NULL, NULL, }, { "ocsp-cache-max-age", kv_config, kt_time, KBF_OCSP_CACHE_MAX, NULL, NULL, }, @@ -418,6 +428,7 @@ { "virtual_private", kv_config, kt_string, KSF_VIRTUALPRIVATE, NULL, NULL, }, /* obsolete variant, very common */ { "seedbits", kv_config, kt_number, KBF_SEEDBITS, NULL, NULL, }, { "keep-alive", kv_config, kt_number, KBF_KEEPALIVE, NULL, NULL, }, + { "keep_alive", kv_config | kv_alias, kt_number, KBF_KEEPALIVE, NULL, NULL, }, /* obsolete _ */ { "listen-tcp", kv_config, kt_bool, KBF_LISTEN_TCP, NULL, NULL }, { "listen-udp", kv_config, kt_bool, KBF_LISTEN_UDP, NULL, NULL }, @@ -429,6 +440,8 @@ #ifdef HAVE_LABELED_IPSEC { "ikev1-secctx-attr-type", kv_config, kt_number, KBF_SECCTX, NULL, NULL, }, /* obsolete: not a value, a type */ { "secctx-attr-type", kv_config | kv_alias, kt_number, KBF_SECCTX, NULL, NULL, }, + { "secctx_attr_value", kv_config | kv_alias, kt_number, KBF_SECCTX, NULL, NULL, }, /* obsolete _ */ + { "secctx-attr-value", kv_config, kt_number, KBF_SECCTX, NULL, NULL, }, /* obsolete: not a value, a type */ #endif /* these options are obsoleted (and not old aliases) */ @@ -457,6 +470,8 @@ { "modecfgserver", kv_conn | kv_leftright, kt_bool, KNCF_MODECONFIGSERVER, NULL, NULL, }, { "modecfgclient", kv_conn | kv_leftright, kt_bool, KNCF_MODECONFIGCLIENT, NULL, NULL, }, { "username", kv_conn | kv_leftright, kt_string, KSCF_USERNAME, NULL, NULL, }, + { "xauthusername", kv_conn | kv_leftright | kv_alias, kt_string, KSCF_USERNAME, NULL, NULL, }, /* obsolete name */ + { "xauthname", kv_conn | kv_leftright | kv_alias, kt_string, KSCF_USERNAME, NULL, NULL, }, /* obsolete name */ { "addresspool", kv_conn | kv_leftright, kt_range, KSCF_ADDRESSPOOL, NULL, NULL, }, { "auth", kv_conn | kv_leftright, kt_enum, KNCF_AUTH, &kw_authby_lr_list, NULL, }, { "cat", kv_conn | kv_leftright, kt_bool, KNCF_CAT, NULL, NULL, }, @@ -479,6 +494,8 @@ { "esn", kv_conn | kv_processed, kt_enum, KNCF_ESN, &kw_esn_list, NULL, }, { "decap-dscp", kv_conn | kv_processed, kt_bool, KNCF_DECAP_DSCP, NULL, NULL, }, { "nopmtudisc", kv_conn | kv_processed, kt_bool, KNCF_NOPMTUDISC, NULL, NULL, }, + { "ike_frag", kv_conn | kv_processed | kv_alias, kt_enum, KNCF_IKE_FRAG, &kw_ynf_list, NULL, }, /* obsolete _ */ + { "ike-frag", kv_conn | kv_processed | kv_alias, kt_enum, KNCF_IKE_FRAG, &kw_ynf_list, NULL, }, /* obsolete name */ { "fragmentation", kv_conn | kv_processed, kt_enum, KNCF_IKE_FRAG, &kw_ynf_list, NULL, }, { "mobike", kv_conn, kt_bool, KNCF_MOBIKE, NULL, NULL, }, { "narrowing", kv_conn, kt_bool, KNCF_IKEv2_ALLOW_NARROWING, NULL, NULL, }, @@ -489,13 +506,18 @@ { "accept-redirect-to", kv_conn, kt_string, KSCF_ACCEPT_REDIRECT_TO, NULL, NULL, }, { "pfs", kv_conn, kt_bool, KNCF_PFS, NULL, NULL, }, + { "nat_keepalive", kv_conn | kv_alias, kt_bool, KNCF_NAT_KEEPALIVE, NULL, NULL, }, /* obsolete _ */ { "nat-keepalive", kv_conn, kt_bool, KNCF_NAT_KEEPALIVE, NULL, NULL, }, + { "initial_contact", kv_conn | kv_alias, kt_bool, KNCF_INITIAL_CONTACT, NULL, NULL, }, /* obsolete _ */ { "initial-contact", kv_conn, kt_bool, KNCF_INITIAL_CONTACT, NULL, NULL, }, + { "cisco_unity", kv_conn | kv_alias, kt_bool, KNCF_CISCO_UNITY, NULL, NULL, }, /* obsolete _ */ { "cisco-unity", kv_conn, kt_bool, KNCF_CISCO_UNITY, NULL, NULL, }, { "send-no-esp-tfc", kv_conn, kt_bool, KNCF_NO_ESP_TFC, NULL, NULL, }, { "fake-strongswan", kv_conn, kt_bool, KNCF_VID_STRONGSWAN, NULL, NULL, }, + { "send_vendorid", kv_conn | kv_alias, kt_bool, KNCF_SEND_VENDORID, NULL, NULL, }, /* obsolete _ */ { "send-vendorid", kv_conn, kt_bool, KNCF_SEND_VENDORID, NULL, NULL, }, + { "sha2_truncbug", kv_conn | kv_alias, kt_bool, KNCF_SHA2_TRUNCBUG, NULL, NULL, }, /* obsolete _ */ { "sha2-truncbug", kv_conn, kt_bool, KNCF_SHA2_TRUNCBUG, NULL, NULL, }, { "ms-dh-downgrade", kv_conn, kt_bool, KNCF_MSDH_DOWNGRADE, NULL, NULL, }, { "require-id-on-certificate", kv_conn, kt_bool, KNCF_SAN_ON_CERT, NULL, NULL, }, @@ -511,14 +533,19 @@ { "nat-ikev1-method", kv_conn | kv_processed, kt_enum, KNCF_IKEV1_NATT, &kw_ikev1natt_list, NULL, }, #ifdef HAVE_LABELED_IPSEC /* only policy label is used, non-zero means wanting labeled IPsec */ + { "labeled_ipsec", kv_conn, kt_obsolete, KNCF_WARNIGNORE, NULL, NULL, }, /* obsolete */ + { "labeled-ipsec", kv_conn, kt_obsolete, KNCF_WARNIGNORE, NULL, NULL, }, /* obsolete */ + { "policy_label", kv_conn | kv_alias, kt_string, KSCF_POLICY_LABEL, NULL, NULL, }, /* obsolete _ */ { "policy-label", kv_conn, kt_string, KSCF_POLICY_LABEL, NULL, NULL, }, #endif /* Cisco interop: remote peer type */ + { "remote_peer_type", kv_conn | kv_alias, kt_enum, KNCF_REMOTEPEERTYPE, &kw_remote_peer_type, NULL, }, /* obsolete _ */ { "remote-peer-type", kv_conn, kt_enum, KNCF_REMOTEPEERTYPE, &kw_remote_peer_type, NULL, }, /* Network Manager support */ #ifdef HAVE_NM + { "nm_configured", kv_conn | kv_alias, kt_bool, KNCF_NMCONFIGURED, NULL, NULL, }, /* obsolete _ */ { "nm-configured", kv_conn, kt_bool, KNCF_NMCONFIGURED, NULL, NULL, }, #endif @@ -526,7 +553,10 @@ { "xauthfail", kv_conn, kt_enum, KNCF_XAUTHFAIL, &kw_xauthfail, NULL, }, { "modecfgpull", kv_conn, kt_invertbool, KNCF_MODECONFIGPULL, NULL, NULL, }, { "modecfgdns", kv_conn, kt_string, KSCF_MODECFGDNS, NULL, NULL, }, + { "modecfgdns1", kv_conn | kv_alias, kt_string, KSCF_MODECFGDNS, NULL, NULL, }, /* obsolete */ + { "modecfgdns2", kv_conn, kt_obsolete, KNCF_WARNIGNORE, NULL, NULL, }, /* obsolete */ { "modecfgdomains", kv_conn, kt_string, KSCF_MODECFGDOMAINS, NULL, NULL, }, + { "modecfgdomain", kv_conn | kv_alias, kt_string, KSCF_MODECFGDOMAINS, NULL, NULL, }, /* obsolete */ { "modecfgbanner", kv_conn, kt_string, KSCF_MODECFGBANNER, NULL, NULL, }, { "mark", kv_conn, kt_string, KSCF_CONN_MARK_BOTH, NULL, NULL, }, { "mark-in", kv_conn, kt_string, KSCF_CONN_MARK_IN, NULL, NULL, },