- The openssl plugin now supports X.509 certificate and CRL functions.
- OCSP/CRL checking in IKEv2 has been moved to the revocation plugin, enabled
- by default. Plase update manual load directives in strongswan.conf.
+ by default. Please update manual load directives in strongswan.conf.
- RFC3779 ipAddrBlock constraint checking has been moved to the addrblock
plugin, disabled by default. Enable it and update manual load directives
- Several MOBIKE improvements: Detect changes in NAT mappings in DPD exchanges,
handle events if kernel detects NAT mapping changes in UDP-encapsulated
- ESP packets (requires kernel patch), reuse old addesses in MOBIKE updates as
+ ESP packets (requires kernel patch), reuse old addresses in MOBIKE updates as
long as possible and other fixes.
- Fixed a bug in addr_in_subnet() which caused insertion of wrong source
- In NAT traversal situations and multiple queued Quick Modes,
those pending connections inserted by auto=start after the
- port floating from 500 to 4500 were erronously deleted.
+ port floating from 500 to 4500 were erroneously deleted.
- Added a "forceencaps" connection parameter to enforce UDP encapsulation
to surmount restrictive firewalls. NAT detection payloads are faked to
strongswan-2.5.7
----------------
-- CA certicates are now automatically loaded from a smartcard
+- CA certificates are now automatically loaded from a smartcard
or USB crypto token and appear in the ipsec auto --listcacerts
listing.
- Under the native IPsec of the Linux 2.6 kernel, a %trap eroute
installed either by setting auto=route in ipsec.conf or by
a connection put into hold, generates an XFRM_AQUIRE event
- for each packet that wants to use the not-yet exisiting
+ for each packet that wants to use the not-yet existing
tunnel. Up to now each XFRM_AQUIRE event led to an entry in
the Quick Mode queue, causing multiple IPsec SA to be
established in rapid succession. Starting with strongswan-2.5.1
memory.
charon.cache_crls = no
- Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should
+ Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP should
be saved under a unique file name derived from the public key of the
Certification Authority (CA) to **/etc/ipsec.d/crls** (stroke) or
**/etc/swanctl/x509crl** (vici), respectively.
If the maximum Netlink socket receive buffer in bytes set by
_receive_buffer_size_ exceeds the system-wide maximum from
/proc/sys/net/core/rmem_max, this option can be used to override the limit.
- Enabling this option requires special priviliges (CAP_NET_ADMIN).
+ Enabling this option requires special privileges (CAP_NET_ADMIN).
charon.plugins.kernel-netlink.fwmark =
Firewall mark to set on the routing rule that directs traffic to our routing
const char *name;
/** takes argument */
int has_arg;
- /** decription of argument */
+ /** description of argument */
const char *arg;
/** short description to option */
const char *desc;
/*
- * Copyrigth (C) 2012 Reto Buerki
+ * Copyright (C) 2012 Reto Buerki
* Copyright (C) 2012 Adrian-Ken Rueegsegger
* Hochschule fuer Technik Rapperswil
*
/*
* Copyright (C) 2015 Tobias Brunner
- * Copyrigth (C) 2012 Reto Buerki
+ * Copyright (C) 2012 Reto Buerki
* Copyright (C) 2012 Adrian-Ken Rueegsegger
* Hochschule fuer Technik Rapperswil
*
/*
- * Copyrigth (C) 2012 Reto Buerki
+ * Copyright (C) 2012 Reto Buerki
* Copyright (C) 2012 Adrian-Ken Rueegsegger
* Hochschule fuer Technik Rapperswil
*
/*
- * Copyrigth (C) 2012 Reto Buerki
+ * Copyright (C) 2012 Reto Buerki
* Copyright (C) 2012 Adrian-Ken Rueegsegger
* Hochschule fuer Technik Rapperswil
*
extern enum_name_t *guest_state_names;
/**
- * Invoke function which lauches the UML guest.
+ * Invoke function which launches the UML guest.
*
* Consoles are all set to NULL, you may change them by adding additional UML
* options to args before invocation.
ike_sa_t *ike_sa;
/**
- * configuration setttings
+ * configuration settings
*/
settings_t *settings;
@interface Helper : NSObject
/**
- * Get the XPC connection singleton, installing helper if requried
+ * Get the XPC connection singleton, installing helper if required
*
* @return XPC service connection, as a singleton
*/
- (xpc_connection_t)getConnection;
/**
- * Return an errror string if if getConnection fails
+ * Return an error string if if getConnection fails
*
* @return error string, unretained
*/
};
/**
- * enum strings fro ike_version_t
+ * enum strings for ike_version_t
*/
extern enum_name_t *ike_version_names;
* method. The generated bytes are appended. After all payloads are added,
* the write_to_chunk method writes out all generated data since
* the creation of the generator.
- * The generater uses a set of encoding rules, which it can get from
- * the supplied payload. With this rules, the generater can generate
+ * The generator uses a set of encoding rules, which it can get from
+ * the supplied payload. With this rules, the generator can generate
* the payload and all substructures automatically.
*/
struct generator_t {
if (entry)
{
/* we don't require a traffic selector match for explicit reqids,
- * as we wan't to reuse a reqid for trap-triggered policies that
+ * as we want to reuse a reqid for trap-triggered policies that
* got narrowed during negotiation. */
reqid_entry_destroy(tmpl);
}
/**
* Destroy a certexpire_cron_t.
*
- * It currently is not possible to savely cancel a cron job. Make sure
+ * It currently is not possible to safely cancel a cron job. Make sure
* any scheduled jobs have been canceled before cleaning up.
*/
void (*destroy)(certexpire_cron_t *this);
* Hashtable entry with leases and attributes
*/
typedef struct {
- /** IKE_SA uniqe id we assign the IP lease */
+ /** IKE_SA unique id we assign the IP lease */
uintptr_t id;
/** list of IP leases received from AAA, as host_t */
linked_list_t *addrs;
xauth_round_t round;
/**
- * Concatentated password of all rounds
+ * Concatenated password of all rounds
*/
chunk_t pass;
};
chunk_t iv;
/* we need the last block (or expected next IV) of Phase 1, which gets
- * upated after successful en-/decryption depending on direction */
+ * updated after successful en-/decryption depending on direction */
if (incoming == plain)
{
if (message->get_message_id(message) == 0)
private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst,
uint8_t protocol, uint32_t *spi)
{
- /* To avoid sequencial SPIs, we use a one-to-one permuation function on
+ /* To avoid sequential SPIs, we use a one-to-one permutation function on
* an incrementing counter, that is a full period PRNG for the range we
* allocate SPIs in. We add some randomness using a fixed XOR and start
* the counter at random position. This is not cryptographically safe,
lookip_plugin_t public;
/**
- * Listener collecting virtual IP assignements
+ * Listener collecting virtual IP assignments
*/
lookip_listener_t *listener;
if (add)
{
if (!this->append && !this->original)
- { /* backup orignal config, start with empty set */
+ { /* backup original config, start with empty set */
this->original = arr;
arr = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
}
enumerator->destroy(enumerator);
}
- /* authentication metod (class, actually) */
+ /* authentication method (class, actually) */
if (strpfx(auth, "ike:") ||
strpfx(auth, "pubkey") ||
strpfx(auth, "rsa") ||
/**
* create a unique certificate list without duplicates
- * certicates having the same issuer are grouped together.
+ * certificates having the same issuer are grouped together.
*/
static linked_list_t* create_unique_cert_list(certificate_type_t type)
{
va_list args;
int i;
- /* allocate enumerator large enought to hold keyword pointers */
+ /* allocate enumerator large enough to hold keyword pointers */
i = 1;
va_start(args, this);
while (va_arg(args, char*))
* thread pool.
*
* Connecting requires an uri, which is currently either a UNIX socket path
- * prefixed with unix://, or a hostname:port touple prefixed with tcp://.
+ * prefixed with unix://, or a hostname:port tuple prefixed with tcp://.
* Passing NULL takes the system default socket path.
*
* After the connection has been established, request messages can be sent.
* - B allocates an SPI for the selected protocol
* - B calls child_sa_t.install for both, the allocated and received SPI
* - B sends the proposal with the allocated SPI to A
- * - A calls child_sa_t.install for both, the allocated and recevied SPI
+ * - A calls child_sa_t.install for both, the allocated and received SPI
*
* Once SAs are set up, policies can be added using add_policies.
*/
/**
* Set the negotiated IPsec mode to use.
*
- * @param mode TUNNEL | TRANPORT | BEET
+ * @param mode TUNNEL | TRANSPORT | BEET
*/
void (*set_mode)(child_sa_t *this, ipsec_mode_t mode);
* The EAP manager manages all EAP implementations and creates instances.
*
* A plugin registers it's implemented EAP method at the manager by
- * providing type and a contructor function. The manager then instanciates
+ * providing type and a constructor function. The manager then instantiates
* eap_method_t instances through the provided constructor to handle
* EAP authentication.
*/
/**
* Initiate the EAP exchange.
*
- * initiate() is only useable for server implementations, as clients only
+ * initiate() is only usable for server implementations, as clients only
* reply to server requests.
* A eap_payload is created in "out" if result is NEED_MORE.
*
* @param message_id ID of the request to retransmit
* @return
* - SUCCESS
- * - NOT_FOUND if request doesn't have to be retransmited
+ * - NOT_FOUND if request doesn't have to be retransmitted
*/
status_t (*retransmit) (ike_sa_t *this, uint32_t message_id);
void (*inherit_post) (ike_sa_t *this, ike_sa_t *other);
/**
- * Reset the IKE_SA, useable when initiating fails.
+ * Reset the IKE_SA, usable when initiating fails.
*
* @param new_spi TRUE to allocate a new initiator SPI
*/
type, value));
}
enumerator->destroy(enumerator);
- /* if a client did not re-request all adresses, release them */
+ /* if a client did not re-request all addresses, release them */
enumerator = migrated->create_enumerator(migrated);
while (enumerator->enumerate(enumerator, &found))
{
&this->cpi_r);
if (!list->get_count(list))
{
- DBG1(DBG_IKE, "peer did not acccept our IPComp proposal, "
+ DBG1(DBG_IKE, "peer did not accept our IPComp proposal, "
"IPComp disabled");
this->cpi_i = 0;
}
charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet);
}
- /* catch if we get resetted while processing */
+ /* catch if we get reset while processing */
this->reset = FALSE;
enumerator = array_create_enumerator(this->active_tasks);
while (enumerator->enumerate(enumerator, &task))
}
/**
- * Substitude any host address with NATed address in traffic selector
+ * Substitute any host address with NATed address in traffic selector
*/
static linked_list_t* get_transport_nat_ts(private_child_create_t *this,
bool local, linked_list_t *in)
* completed.
* For the initial IKE_SA setup, several tasks are queued: One for the
* unauthenticated IKE_SA setup, one for authentication, one for CHILD_SA setup
- * and maybe one for virtual IP assignement.
+ * and maybe one for virtual IP assignment.
* The task manager is also responsible for retransmission. It uses a backoff
* algorithm. The timeout is calculated using
* RETRANSMIT_TIMEOUT * (RETRANSMIT_BASE ** try).
* The XAuth manager manages all XAuth implementations and creates instances.
*
* A plugin registers it's implemented XAuth method at the manager by
- * providing type and a contructor function. The manager then instanciates
+ * providing type and a constructor function. The manager then instantiates
* xauth_method_t instances through the provided constructor to handle
* XAuth authentication.
*/
/**
* Initiate the XAuth exchange.
*
- * initiate() is only useable for server implementations, as clients only
+ * initiate() is only usable for server implementations, as clients only
* reply to server requests.
* A cp_payload is created in "out" if result is NEED_MORE.
*
* @param measurement File measurement hash
* @param filename Optional name of the file to be checked
* @param is_dir TRUE if part of directory measurement
- * @param id Primary key into direcories/files table
+ * @param id Primary key into directories/files table
* @return TRUE if successful
*/
bool (*add_file_measurement)(pts_database_t *this, int vid,
* Extend the content of a PCR
*
* @param pcr index of PCR
- * @param measurement measurment value to be extended into PCR
+ * @param measurement measurement value to be extended into PCR
* @return new content of PCR
*/
chunk_t (*extend)(pts_pcr_t *this, uint32_t pcr, chunk_t measurement);
* @param tls TLS socket to read from
* @param vendor receives Message Type Vendor ID from header
* @param type receives Message Type from header
- * @param identifier receives Message Identifer
+ * @param identifier receives Message Identifier
* @return reader over message value, NULL on error
*/
bio_reader_t* pt_tls_read(tls_socket_t *tls, uint32_t *vendor,
{
if (do_sasl(this))
{
- /* complete SASL with emtpy mechanism list */
+ /* complete SASL with empty mechanism list */
return pt_tls_write(this->tls, PT_TLS_SASL_MECHS, this->identifier++,
chunk_empty);
}
* RADIUS client functionality.
*
* To communicate with a RADIUS server, create a client and send messages over
- * it. The client allocates a socket from the best RADIUS server abailable.
+ * it. The client allocates a socket from the best RADIUS server available.
*/
struct radius_client_t {
radius_message_t *radius_message_create(radius_message_code_t code);
/**
- * Parse and verify a recevied RADIUS message.
+ * Parse and verify a received RADIUS message.
*
* @param data received message data
* @return radius_message_t object, NULL if length invalid
* @param id permanent identity to request quintuplet for
* @param rand random value rand
* @param auts resynchronization parameter auts
- * @return TRUE if calculated, FALSE if no matcing card found
+ * @return TRUE if calculated, FALSE if no matching card found
*/
bool (*card_resync)(simaka_manager_t *this, identification_t *id,
char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]);
struct attr_hdr_t {
/** attribute type */
uint8_t type;
- /** attibute length */
+ /** attribute length */
uint8_t length;
} __attribute__((__packed__));
* If a linked list contains objects with function pointers,
* invoke() can call a method on each of the objects. The
* method is specified by an offset of the function pointer,
- * which can be evalutated at compile time using the offsetof
+ * which can be evaluated at compile time using the offsetof
* macro, e.g.: list->invoke(list, offsetof(object_t, method));
*
* @param offset offset of the method to invoke on objects
}
enumerator->destroy(enumerator);
- /* if no explicit IKE signature contraints were added we add them for all
- * configured signature contraints */
+ /* if no explicit IKE signature constraints were added we add them for all
+ * configured signature constraints */
if (ike && !ike_added &&
lib->settings->get_bool(lib->settings,
"%s.signature_authentication_constraints", TRUE,
hashtable_t *cache[CRED_ENCODING_MAX];
/**
- * Registered encoding fuctions, cred_encoder_t
+ * Registered encoding functions, cred_encoder_t
*/
linked_list_t *encoders;
}
/**
- * certificate enumerator implemenation
+ * certificate enumerator implementation
*/
typedef struct {
/** implements enumerator_t interface */
{
enumerator = list->create_enumerator(list);
while (enumerator->enumerate(enumerator, &this))
- { /* call recursivly */
+ { /* call recursively */
if (first)
{
written += print_in_hook(data, "%P", this);
by Eric Young (eay@cryptsoft.com).
This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to. The following conditions
+the following conditions are adhered to. The following conditions
apply to all code found in this distribution.
Copyright remains Eric Young's, and as such any Copyright notices in
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
+ * the following conditions are adhered to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
+ * The word 'cryptographic' can be left out if the routines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
+ * the following conditions are adhered to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
+ * The word 'cryptographic' can be left out if the routines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
+ * the following conditions are adhered to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
+ * The word 'cryptographic' can be left out if the routines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
+ * the following conditions are adhered to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
+ * The word 'cryptographic' can be left out if the routines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
+ * the following conditions are adhered to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
+ * The word 'cryptographic' can be left out if the routines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
+ * the following conditions are adhered to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
+ * The word 'cryptographic' can be left out if the routines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.
+ * the following conditions are adhered to.
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
+ * The word 'cryptographic' can be left out if the routines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
#endif
/* The changes to this macro may help or hinder, depending on the
- * compiler and the achitecture. gcc2 always seems to do well :-).
+ * compiler and the architecture. gcc2 always seems to do well :-).
* Inspired by Dana How <how@isl.stanford.edu>
* DO NOT use the alternative version on machines with 8 byte longs.
* It does not seem to work on the Alpha, even when DES_LONG is 4
}
/**
- * Pack four 2-bit coefficents into one byte
+ * Pack four 2-bit coefficients into one byte
*/
static void pack_rec(private_newhope_ke_t *this, uint8_t *x, uint8_t *r)
{
}
/**
- * ASN.1 definition of the X.501 atttribute type
+ * ASN.1 definition of the X.501 attribute type
*/
static const asn1Object_t attributesObjects[] = {
{ 0, "attributes", ASN1_SET, ASN1_LOOP }, /* 0 */
* If \<ns>.load_modular is enabled (where \<ns> is lib->ns) the plugins to
* load are determined via a load option in their respective plugin config
* section e.g. \<ns>.plugins.\<plugin>.load = <priority|bool>.
- * The oder is determined by the configured priority. If two plugins have
+ * The order is determined by the configured priority. If two plugins have
* the same priority the order as seen in list is preserved. Plugins not
* found in list are loaded first, in alphabetical order.
*
* in-between got slower, as the number of events grew larger (O(n)).
* For each connection there could be several events: IKE-rekey, NAT-keepalive,
* retransmissions, expire (half-open), and others. So a gateway that probably
- * has to handle thousands of concurrent connnections has to be able to queue a
+ * has to handle thousands of concurrent connections has to be able to queue a
* large number of events as fast as possible. Locking makes this even worse, to
* provide thread-safety, no events can be processed, while an event is queued,
* so making the insertion fast is even more important.
void (*schedule_job_ms) (scheduler_t *this, job_t *job, uint32_t ms);
/**
- * Adds a event to the queue, using an absolut time.
+ * Adds a event to the queue, using an absolute time.
*
* The passed timeval should be calculated based on the time_monotonic()
* function.
*
* @param job job to schedule
- * @param time absolut time to schedule job
+ * @param time absolute time to schedule job
*/
void (*schedule_job_tv) (scheduler_t *this, job_t *job, timeval_t tv);
* A semaphore is basically an integer whose value is never allowed to be
* lower than 0. Two operations can be performed on it: increment the
* value by one, and decrement the value by one. If the value is currently
- * zero, then the decrement operation will blcok until the value becomes
+ * zero, then the decrement operation will block until the value becomes
* greater than zero.
*/
struct semaphore_t {
}
/**
- * convert a signle hex character to its binary value
+ * convert a single hex character to its binary value
*/
static char hex2bin(char hex)
{
}
/**
- * Caculate SipHash-2-4 with an optional first block given as argument.
+ * Calculate SipHash-2-4 with an optional first block given as argument.
*/
static uint64_t chunk_mac_inc(chunk_t chunk, u_char *key, uint64_t m)
{
bool consumed;
/**
- * Fatal alert discription
+ * Fatal alert description
*/
tls_alert_desc_t desc;
};
tls_cache_t *cache;
/**
- * All handshake data concatentated
+ * All handshake data concatenated
*/
chunk_t handshake;
#include <tncif.h>
/**
- * Classs representing the PB-PA message type.
+ * Class representing the PB-PA message type.
*/
struct imc_imv_msg_t {
#
# This definitions were set by the ca_init script DO NOT change
-# them manualy.
+# them manually.
CAHOME = /etc/openssl/duck
RANDFILE = $CAHOME/.rand
#
# This definitions were set by the ca_init script DO NOT change
-# them manualy.
+# them manually.
CAHOME = /etc/openssl/ecdsa
RANDFILE = $CAHOME/.rand
#
# This definitions were set by the ca_init script DO NOT change
-# them manualy.
+# them manually.
CAHOME = /etc/openssl/monster
RANDFILE = $CAHOME/.rand
#
# This definitions were set by the ca_init script DO NOT change
-# them manualy.
+# them manually.
CAHOME = /etc/openssl
RANDFILE = $CAHOME/.rand
#
# This definitions were set by the ca_init script DO NOT change
-# them manualy.
+# them manually.
CAHOME = /etc/openssl/research
RANDFILE = $CAHOME/.rand
#
# This definitions were set by the ca_init script DO NOT change
-# them manualy.
+# them manually.
CAHOME = /etc/openssl/rfc3779
RANDFILE = $CAHOME/.rand
#
# This definitions were set by the ca_init script DO NOT change
-# them manualy.
+# them manually.
CAHOME = /etc/openssl/sales
RANDFILE = $CAHOME/.rand
-#define VLAN_ACCESS 2
-/*
- ****
-- * EAP - MD5 doesnot specify code, id & length but chap specifies them,
+- * EAP - MD5 does not specify code, id & length but chap specifies them,
- * for generalization purpose, complete header should be sent
- * and not just value_size, value and name.
- * future implementation.
and <b>dave</b> are kept both on the local clients and the RADIUS server <b>alice</b>.
<b>carol</b> possesses the RADIUS class attribute <b>Research</b> and therefore obtains
access to the <b>research</b> subnet behind gateway <b>moon</b> whereas <b>dave</b>
-belongs to the class <b>Accounting</b> and has access to the <b>acccess</b> subnet.
+belongs to the class <b>Accounting</b> and has access to the <b>access</b> subnet.