./configure switch.
- The new libstrongswan constraints plugin provides advanced X.509 constraint
- checking. In additon to X.509 pathLen constraints, the plugin checks for
+ checking. In addition to X.509 pathLen constraints, the plugin checks for
nameConstraints and certificatePolicies, including policyMappings and
policyConstraints. The x509 certificate plugin and the pki tool have been
enhanced to support these extensions. The new left/rightcertpolicy ipsec.conf
ALERT_INSTALL_CHILD_POLICY_FAILED,
/** IKE_SA deleted because of "replace" unique policy, no argument */
ALERT_UNIQUE_REPLACE,
- /** IKE_SA deleted because of "keep" unique policy, no arguement */
+ /** IKE_SA deleted because of "keep" unique policy, no argument */
ALERT_UNIQUE_KEEP,
/** IKE_SA kept on failed child SA establishment, no argument */
ALERT_KEEP_ON_CHILD_SA_FAILURE,
AUTH_ONLY = 3,
/**
- * Aggresive (Aggressive mode)
+ * Aggressive (Aggressive mode)
*/
AGGRESSIVE = 4,
{
/* During IKE_SA rekey, the unique identifier changes. Fire update events
* and update the cached entry. During the invocation of this hook, the
- * virutal IPs have been migrated to new, hence remove that entry. */
+ * virtual IPs have been migrated to new, hence remove that entry. */
remove_entry(this, new);
add_entry(this, new);
}
/**
- * Rempve a subnet from the inclusion list for this IKE_SA
+ * Remove a subnet from the inclusion list for this IKE_SA
*/
static bool remove_include(private_unity_handler_t *this, chunk_t subnet)
{
switch (message->get_exchange_type(message))
{
case AGGRESSIVE:
- { /* proccess NAT-D payloads in the second request, already added ours
+ { /* process NAT-D payloads in the second request, already added ours
* in the first response */
result = SUCCESS;
/* fall */
break;
}
- /* check for erronous notifies */
+ /* check for erroneous notifies */
enumerator = message->create_payload_enumerator(message);
while (enumerator->enumerate(enumerator, &payload))
{
enumerator_t *enumerator;
payload_t *payload;
- /* check for erronous notifies */
+ /* check for erroneous notifies */
enumerator = message->create_payload_enumerator(message);
while (enumerator->enumerate(enumerator, &payload))
{
*
* @param size size of nonce in bytes
* @param buffer pointer where the generated nonce will be written
- * @return TRUE if nonce allocation was succesful, FALSE otherwise
+ * @return TRUE if nonce allocation was successful, FALSE otherwise
*/
bool (*get_nonce)(nonce_gen_t *this, size_t size,
u_int8_t *buffer) __attribute__((warn_unused_result));
*
* @param size size of nonce in bytes
* @param chunk chunk which will hold the generated nonce
- * @return TRUE if nonce allocation was succesful, FALSE otherwise
+ * @return TRUE if nonce allocation was successful, FALSE otherwise
*/
bool (*allocate_nonce)(nonce_gen_t *this, size_t size,
chunk_t *chunk) __attribute__((warn_unused_result));
rng->destroy(rng);
- /* additonally return p-1 */
+ /* additionally return p-1 */
mpz_sub_ui(*q, *p, 1);
return SUCCESS;
{
if (blob.len >= 2 &&
blob.ptr[0] == ASN1_SEQUENCE && blob.ptr[1] == 0x80)
- { /* looks like infinite lenght BER encoding, but we can't handle it.
+ { /* looks like infinite length BER encoding, but we can't handle it.
* ignore silently, our openssl backend can handle it */
return NULL;
}