starter: Don't define any hard-coded proposal strings

Just rely on the default proposals by charon if nothing is defined. The
hard-coded IKE proposal used curve25519, which depends on an optional
plugin (while enabled by default it might still not be loaded, or, like
on Debian, shipped in an optional package). With charon's default
proposal only loaded algorithms are proposed for IKE avoiding this issue.

diff --git a/src/starter/confread.c b/src/starter/confread.c
index b3e942facce9e98606671551912cf8fac5ffeab2..f154f8951c99364d1044b50f46a5aee856a7b9f5 100644 (file)
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -40,9 +40,6 @@
 #define SA_REPLACEMENT_RETRIES_DEFAULT   3
 #define SA_REPLAY_WINDOW_DEFAULT        -1 /* use charon.replay_window */
 
-static const char ike_defaults[] = "aes128-sha256-curve25519";
-static const char esp_defaults[] = "aes128-sha256";
-
 static const char firewall_defaults[] = IPSEC_SCRIPT " _updown iptables";
 
 /**
@@ -206,7 +203,6 @@ static void conn_defaults(starter_conn_t *conn)
        conn->mode    = MODE_TUNNEL;
        conn->options = SA_OPTION_MOBIKE;
 
-       conn->ike                   = strdupnull(ike_defaults);
        /* esp defaults are set after parsing the conn section */
        conn->sa_ike_life_seconds   = IKE_LIFETIME_DEFAULT;
        conn->sa_ipsec_life_seconds = IPSEC_LIFETIME_DEFAULT;
@@ -622,11 +618,6 @@ static void load_conn(starter_conn_t *conn, starter_config_t *cfg,
 
        handle_firewall("left", &conn->left, cfg);
        handle_firewall("right", &conn->right, cfg);
-
-       if (!conn->esp && !conn->ah)
-       {
-               conn->esp = strdupnull(esp_defaults);
-       }
 }
 
 /*