updated documentation on leftsendcert

README

@@ -1510,7 +1510,11 @@ the other side. In these cases it is recommended to add
 to the connection definition[s] in order to avoid the sending of the host's
 own certificate. The default value is
 
-    leftsendcert=always.
+    leftsendcert=ifasked
+
+If a peer does not send a certificate request then use the setting
+
+    leftsendcert=always
 
 If a peer certificate contains a subjectAltName extension, then an alternative
 rightid type can be used, as the example "conn sun" shows. If no rightid

src/pluto/constants.h

@@ -703,7 +703,7 @@ extern enum_names cert_type_names;
 extern enum_name_t *cert_policy_names;
 
 typedef enum certpolicy {
-	CERT_ALWAYS_SEND   = 0,       /* the default */
+	CERT_ALWAYS_SEND   = 0,
 	CERT_SEND_IF_ASKED = 1, 
 	CERT_NEVER_SEND    = 2,