I've merged in Sahana's RSA-PSS code, which requires strongswan 5.6.3.
This means that if you don't upgrade the guests to this, the strongswan
tests will fail in swan-prep since it refuses to run the test (to avoid
people pingponging output when they have different strongswan versions)
For fedo
(This message is mostly archaeology, and incomplete at that.)
This function has a very useful rationale in comments:
/*
* In IKEv1, some implementations (including freeswan/openswan/libreswan)
* interpreted the RFC that the whole IKE message must padded to a multiple
* of 4 octets, but other i