Fixed common misspellings.

Mostly found by 'codespell'.
12 years ago · f3bb1bd039
parent 20a44a5c66
commit f3bb1bd039
85 changed files with 146 additions and 146 deletions
--- a/2
+++ b/2
@ -9,7 +9,7 @@ For interested developers, we have a public repository. To check out and
 compile the code, you need the following tools:

    - Git
-    - a recent GNU C complier (>= 3.x)
+    - a recent GNU C compiler (>= 3.x)
    - automake
    - autoconf
    - libtool
--- a/20
+++ b/20
@ -520,7 +520,7 @@ strongswan-4.3.1
  CREATE_CHILD_SA request was sent. 2) Sending an IKE_AUTH request with either
  a missing TSi or TSr payload caused a null pointer derefence because the
  checks for TSi and TSr were interchanged. The IKEv2 fuzzer used was
-  developped by the Orange Labs vulnerability research team. The tool was
+  developed by the Orange Labs vulnerability research team. The tool was
  initially written by Gabriel Campana and is now maintained by Laurent Butti.

 - Added support for AES counter mode in ESP in IKEv2 using the proposal
@ -560,7 +560,7 @@ strongswan-4.2.14
 -----------------

 - The new server-side EAP RADIUS plugin (--enable-eap-radius)
-  relays EAP messages to and from a RADIUS server. Succesfully
+  relays EAP messages to and from a RADIUS server. Successfully
  tested with with a freeradius server using EAP-MD5 and EAP-SIM.

 - A vulnerability in the Dead Peer Detection (RFC 3706) code was found by
@ -588,7 +588,7 @@ strongswan-4.2.13
 - Fixed a use-after-free bug in the DPD timeout section of the
  IKEv1 pluto daemon which sporadically caused a segfault.

- Fixed a crash in the IKEv2 charon daemon occuring with
+- Fixed a crash in the IKEv2 charon daemon occurring with
  mixed RAM-based and SQL-based virtual IP address pools.

 - Fixed ASN.1 parsing of algorithmIdentifier objects where the
@ -678,7 +678,7 @@ strongswan-4.2.9
  The installpolicy=no option allows peaceful cooperation with a dominant
  mip6d daemon and the new type=transport_proxy implements the special MIPv6
  IPsec transport proxy mode where the IKEv2 daemon uses the Care-of-Address
-  but the IPsec SA is set up for the Home Adress.
+  but the IPsec SA is set up for the Home Address.

 - Implemented migration of Mobile IPv6 connections using the KMADDRESS
  field contained in XFRM_MSG_MIGRATE messages sent by the mip6d daemon
@ -841,7 +841,7 @@ strongswan-4.2.1
  connection setups over new ones, where the value "replace" replaces existing
  connections.

- The crypto factory in libstrongswan additionaly supports random number
+- The crypto factory in libstrongswan additionally supports random number
  generators, plugins may provide other sources of randomness. The default
  plugin reads raw random data from /dev/(u)random.

@ -1115,7 +1115,7 @@ strongswan-4.1.3
  is provided and more advanced backends (using e.g. a database) are trivial
  to implement.

- - Fixed a compilation failure in libfreeswan occuring with Linux kernel
+ - Fixed a compilation failure in libfreeswan occurring with Linux kernel
   headers > 2.6.17.


@ -1426,7 +1426,7 @@ strongswan-2.7.0
  the successful setup and teardown of an IPsec SA, respectively.
  left|rightfirwall can be used with KLIPS under any Linux 2.4
  kernel or with NETKEY under a Linux kernel version >= 2.6.16
-  in conjuction with iptables >= 1.3.5. For NETKEY under a Linux
+  in conjunction with iptables >= 1.3.5. For NETKEY under a Linux
  kernel version < 2.6.16 which does not support IPsec policy
  matching yet, please continue to use a copy of the _updown_espmark
  template loaded via the left|rightupdown keyword.
@ -1932,7 +1932,7 @@ strongswan-2.2.2
  and reduces the well-known four tunnel case on VPN gateways to
  a single tunnel definition (see README section 2.4).

- Fixed a bug occuring with NAT-Traversal enabled when the responder
+- Fixed a bug occurring with NAT-Traversal enabled when the responder
  suddenly turns initiator and the initiator cannot find a matching
  connection because of the floated IKE port 4500.

@ -1948,11 +1948,11 @@ strongswan-2.2.1
 - Introduced the ipsec auto --listalgs monitoring command which lists
  all currently registered IKE and ESP algorithms.

- Fixed a bug in the ESP algorithm selection occuring when the strict flag
+- Fixed a bug in the ESP algorithm selection occurring when the strict flag
  is set and the first proposed transform does not match.

 - Fixed another deadlock in the use of the lock_certs_and_keys() mutex,
-  occuring when a smartcard is present.
+  occurring when a smartcard is present.

 - Prevented that a superseded Phase1 state can trigger a DPD_TIMEOUT event.

--- a/6
+++ b/6
@ -138,7 +138,7 @@ interoperability with the Check Point VPN-1 NG gateway.
   
 In the following examples we assume for reasons of clarity that left designates
 the local host and that right is the remote host. Certificates for users, hosts
-and gateways are issued by a ficticious strongSwan CA. How to generate private keys
+and gateways are issued by a fictitious strongSwan CA. How to generate private keys
 and certificates using OpenSSL will be explained in section 3. The CA certificate
 "strongswanCert.pem" must be present on all VPN end points in order to be able to
 authenticate the peers.
@ -1959,7 +1959,7 @@ and the returned result might be a decrypted 128 bit AES key
   000 8836362e030e6707c32ffaa0bdad5540

 The leading three characters represent the return code of the whack channel
-with 000 signifying that no error has occured. Here is another example showing
+with 000 signifying that no error has occurred. Here is another example showing
 the use of the inbase and outbase attributes

   ipsec scdecrypt m/ewDnTs0k...woE= --inbase base64 --outbase text
@ -2195,7 +2195,7 @@ The command
    ipsec listpubkeys [--utc]

 lists all public keys currently installed in the chained list of public
-keys. These keys were statically loaded from ipsec.conf or aquired either
+keys. These keys were statically loaded from ipsec.conf or acquired either
 from received certificates or retrieved from secure DNS servers using
 opportunistic mode.

--- a/doc/architecture.h
+++ b/doc/architecture.h
@ -8,7 +8,7 @@ new keying daemon, which is called #charon.
 Daemon control is done over unix sockets. Pluto uses whack, as it did for years.
 Charon uses another socket interface, called stroke. Stroke uses another
 format as whack and therefore is not compatible to whack. The starter utility,
-wich does fast configuration parsing, speaks both the protocols, whack and
+which does fast configuration parsing, speaks both the protocols, whack and
 stroke. It also handles daemon startup and termination. 
 Pluto uses starter for some commands, for other it uses the whack utility. To be
 as close to pluto as possible, charon has the same split up of commands to
@ -47,7 +47,7 @@ Since IKEv2 uses the same port as IKEv1, both daemons must listen to UDP port
 500. Under Linux, there is no clean way to set up two sockets at the same port.
 To reslove this problem, charon uses a RAW socket, as they are used in network
 sniffers. An installed Linux Socket Filter (LSF) filters out all none-IKEv2
-traffic. Pluto receives any IKE message, independant of charons behavior.
+traffic. Pluto receives any IKE message, independent of charons behavior.
 Therefore plutos behavior is changed to discard any IKEv2 traffic silently.

 To gain some reusability of the code, generic crypto and utility functions are 
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@ -298,7 +298,7 @@ and
 .B rightsubnet
 , a connection is established.
 .B start
-loads a connection and brings it up immediatly.
+loads a connection and brings it up immediately.
 .B ignore
 ignores the connection. This is equal to delete a connection from the config
 file.
@ -1172,7 +1172,7 @@ so a new (automatically-keyed) connection using the same ID is
 almost invariably intended to replace an old one.
 The IKEv2 daemon also accepts the value
 .B replace
-wich is identical to
+which is identical to
 .B yes
 and the value
 .B keep
--- a/packages/maemo-applet/debian/rules
+++ b/packages/maemo-applet/debian/rules
@ -110,11 +110,11 @@ binary-common:
 	dh_gencontrol
 	dh_md5sums
 	dh_builddeb
-# Build architecture independant packages using the common target.
+# Build architecture independent packages using the common target.
 binary-indep: build-indep install
 	$(MAKE) -f debian/rules DH_OPTIONS=-i binary-common

-# Build architecture dependant packages using the common target.
+# Build architecture dependent packages using the common target.
 binary-arch: build-arch install
 	$(MAKE) -f debian/rules DH_OPTIONS=-s binary-common

--- a/packages/maemo-strongswan/debian/rules
+++ b/packages/maemo-strongswan/debian/rules
@ -130,11 +130,11 @@ binary-common:
 	dh_md5sums
 	dh_builddeb

-# Build architecture independant packages using the common target.
+# Build architecture independent packages using the common target.
 binary-indep: build-indep install
 	$(MAKE) -f debian/rules DH_OPTIONS=-i binary-common

-# Build architecture dependant packages using the common target.
+# Build architecture dependent packages using the common target.
 binary-arch: build-arch install
 	$(MAKE) -f debian/rules DH_OPTIONS=-s binary-common

--- a/packages/network-manager-strongswan/debian/control
+++ b/packages/network-manager-strongswan/debian/control
@ -23,7 +23,7 @@ Depends: strongswan-nm, strongswan-eap-gtc, strongswan-eap-md5, strongswan-eap-m
 Description: network management framework (strongSwan plugin)
 NetworkManager attempts to keep an active network connection available at
 all times.  It is intended primarily for laptops where it allows easy
- switching betwen local wireless networks, it's also useful on desktops
+ switching between local wireless networks, it's also useful on desktops
 with a selection of different interfaces to use.  It is not intended for
 usage on servers.
 .
--- a/src/frontends/gnome/po/de.po
+++ b/src/frontends/gnome/po/de.po
@ -89,7 +89,7 @@ msgstr ""
 #: ../properties/nm-strongswan-dialog.glade.h:12
 msgid ""
 "IPComp compresses raw IP packets before they get encrypted. This saves some "
-"bandwith, but uses more processing power."
+"bandwidth, but uses more processing power."
 msgstr ""
 "IPComp komprimiert IP-Pakete, bevor sie verschlüsselt werden. Diese Option "
 "kann Bandbreite sparen, benötigt jedoch zusätzliche Rechenleistung."
--- a/src/frontends/gnome/properties/nm-strongswan-dialog.glade
+++ b/src/frontends/gnome/properties/nm-strongswan-dialog.glade
@ -319,7 +319,7 @@
                        <property name="can_focus">True</property>
                        <property name="receives_default">False</property>
                        <property name="has_tooltip">True</property>
-                        <property name="tooltip" translatable="yes">IPComp compresses raw IP packets before they get encrypted. This saves some bandwith, but uses more processing power.</property>
+                        <property name="tooltip" translatable="yes">IPComp compresses raw IP packets before they get encrypted. This saves some bandwidth, but uses more processing power.</property>
                        <property name="use_underline">True</property>
                        <property name="draw_indicator">True</property>
                      </widget>
--- a/src/include/linux/udp.h
+++ b/src/include/linux/udp.h
@ -47,7 +47,7 @@ struct udp_sock {
 	unsigned int	 corkflag;	/* Cork is required */
 	__u16		 encap_type;	/* Is this an Encapsulation socket? */
 	/*
-	 * Following member retains the infomation to create a UDP header
+	 * Following member retains the information to create a UDP header
 	 * when the socket is uncorked.
 	 */
 	__u16		 len;		/* total length of pending frames */
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@ -177,7 +177,7 @@ struct bus_t {
 	/**
 	 * Send a log message to the bus.
 	 *
-	 * The signal specifies the type of the event occured. The format string
+	 * The signal specifies the type of the event occurred. The format string
 	 * specifies an additional informational or error message with a
 	 * printf() like variable argument list.
 	 * Use the DBG() macros.
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@ -84,7 +84,7 @@ struct listener_t {
 	/**
 	 * Hook called for received/sent messages of an IKE_SA.
 	 *
-	 * @param ike_sa	IKE_SA sending/receving a message
+	 * @param ike_sa	IKE_SA sending/receiving a message
 	 * @param message	message object
 	 * @param incoming	TRUE for incoming messages, FALSE for outgoing
 	 * @return			TRUE to stay registered, FALSE to unregister
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@ -73,7 +73,7 @@ struct child_cfg_t {
 	 * Add a proposal to the list.
 	 *
 	 * The proposals are stored by priority, first added
-	 * is the most prefered.
+	 * is the most preferred.
 	 * After add, proposal is owned by child_cfg.
 	 *
 	 * @param proposal		proposal to add
@ -95,7 +95,7 @@ struct child_cfg_t {
 	 *
 	 * Returned propsal is newly created and must be destroyed after usage.
 	 *
-	 * @param proposals		list from from wich proposals are selected
+	 * @param proposals		list from which proposals are selected
 	 * @param strip_dh		TRUE strip out diffie hellman groups
 	 * @param private		accept algorithms from a private range
 	 * @return				selected proposal, or NULL if nothing matches
--- a/src/libcharon/config/peer_cfg.c
+++ b/src/libcharon/config/peer_cfg.c
@ -110,7 +110,7 @@ struct private_peer_cfg_t {
 	u_int32_t reauth_time;

 	/**
-	 * Time, which specifies the range of a random value substracted from above.
+	 * Time, which specifies the range of a random value subtracted from above.
 	 */
 	u_int32_t jitter_time;

--- a/src/libcharon/config/peer_cfg.h
+++ b/src/libcharon/config/peer_cfg.h
@ -110,7 +110,7 @@ extern enum_name_t *unique_policy_names;
 * peer. Each config is enforced using the multiple authentication extension
 * (RFC4739).
 * The remote authentication configs are handled as constraints. The peer has
- * to fullfill each of these rules (using multiple authentication, in any order)
+ * to fulfill each of these rules (using multiple authentication, in any order)
 * to gain access to the configuration.
 */
 struct peer_cfg_t {
@ -328,14 +328,14 @@ struct peer_cfg_t {
 * (rekeylifetime - random(0, jitter)).
 *
 * @param name				name of the peer_cfg
- * @param ike_version		which IKE version we sould use for this peer
+ * @param ike_version		which IKE version we should use for this peer
 * @param ike_cfg			IKE config to use when acting as initiator
 * @param cert_policy		should we send a certificate payload?
 * @param unique			uniqueness of an IKE_SA
 * @param keyingtries		how many keying tries should be done before giving up
 * @param rekey_time		timeout before starting rekeying
 * @param reauth_time		timeout before starting reauthentication
- * @param jitter_time		timerange to randomly substract from rekey/reauth time
+ * @param jitter_time		timerange to randomly subtract from rekey/reauth time
 * @param over_time			maximum overtime before closing a rekeying/reauth SA
 * @param mobike			use MOBIKE (RFC4555) if peer supports it
 * @param dpd				DPD check interval, 0 to disable
--- a/src/libcharon/config/proposal.h
+++ b/src/libcharon/config/proposal.h
@ -120,7 +120,7 @@ struct proposal_t {
 	 * compared. If they have at least one algorithm of each type
 	 * in common, a resulting proposal of this kind is created.
 	 *
-	 * @param other			proposal to compair agains
+	 * @param other			proposal to compare against
 	 * @param private		accepts algorithms allocated in a private range
 	 * @return				selected proposal, NULL if proposals don't match
 	 */
@ -180,7 +180,7 @@ struct proposal_t {
 *
 * @param protocol			protocol, such as PROTO_ESP
 * @param number			proposal number, as encoded in SA payload
- * @return 					proposal_t object
+ * @return					proposal_t object
 */
 proposal_t *proposal_create(protocol_id_t protocol, u_int number);

@ -188,7 +188,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number);
 * Create a default proposal if nothing further specified.
 *
 * @param protocol			protocol, such as PROTO_ESP
- * @return 					proposal_t object
+ * @return					proposal_t object
 */
 proposal_t *proposal_create_default(protocol_id_t protocol);

@ -203,7 +203,7 @@ proposal_t *proposal_create_default(protocol_id_t protocol);
 *
 * @param protocol			protocol, such as PROTO_ESP
 * @param algs				algorithms as string
- * @return 					proposal_t object
+ * @return					proposal_t object
 */
 proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs);

--- a/src/libcharon/control/controller.c
+++ b/src/libcharon/control/controller.c
@ -334,7 +334,7 @@ METHOD(controller_t, terminate_ike, status_t,
 	else
 	{
 		charon->bus->listen(charon->bus, &job.listener.public, &job.public);
-		/* checkin of the ike_sa happend in the thread that executed the job */
+		/* checkin of the ike_sa happened in the thread that executed the job */
 		charon->bus->set_sa(charon->bus, NULL);
 	}
 	return job.listener.status;
@ -425,7 +425,7 @@ METHOD(controller_t, terminate_child, status_t,
 	else
 	{
 		charon->bus->listen(charon->bus, &job.listener.public, &job.public);
-		/* checkin of the ike_sa happend in the thread that executed the job */
+		/* checkin of the ike_sa happened in the thread that executed the job */
 		charon->bus->set_sa(charon->bus, NULL);
 	}
 	return job.listener.status;
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@ -63,13 +63,13 @@
 typedef struct {
 	/* Payload type */
 	 payload_type_t type;
-	/* Minimal occurence of this payload. */
+	/* Minimal occurrence of this payload. */
 	size_t min_occurence;
-	/* Max occurence of this payload. */
+	/* Max occurrence of this payload. */
 	size_t max_occurence;
 	/* TRUE if payload must be encrypted */
 	bool encrypted;
-	/* If payload occurs, the message rule is fullfilled */
+	/* If payload occurs, the message rule is fulfilled */
 	bool sufficient;
 } payload_rule_t;

@ -1405,7 +1405,7 @@ static status_t verify(private_message_t *this)
 				if (found > rule->max_occurence)
 				{
 					DBG1(DBG_ENC, "payload of type %N more than %d times (%d) "
-						 "occured in current message", payload_type_names,
+						 "occurred in current message", payload_type_names,
 						 type, rule->max_occurence, found);
 					enumerator->destroy(enumerator);
 					return VERIFY_ERROR;
@ -1416,7 +1416,7 @@ static status_t verify(private_message_t *this)

 		if (!complete && found < rule->min_occurence)
 		{
-			DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)",
+			DBG1(DBG_ENC, "payload of type %N not occurred %d times (%d)",
 				 payload_type_names, rule->type, rule->min_occurence, found);
 			return VERIFY_ERROR;
 		}
--- a/src/libcharon/encoding/message.h
+++ b/src/libcharon/encoding/message.h
@ -321,7 +321,7 @@ struct message_t {
 	/**
 	 * Find a payload of a specific type.
 	 *
-	 * Returns the first occurance.
+	 * Returns the first occurrence.
 	 *
 	 * @param type		type of the payload to find
 	 * @return			payload, or NULL if no such payload found
--- a/src/libcharon/encoding/payloads/encryption_payload.c
+++ b/src/libcharon/encoding/payloads/encryption_payload.c
@ -142,7 +142,7 @@ METHOD(payload_t, set_next_type, void,
 }

 /**
- * Compute the lenght of the whole payload
+ * Compute the length of the whole payload
 */
 static void compute_length(private_encryption_payload_t *this)
 {
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@ -407,7 +407,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(

 	this = (private_proposal_substructure_t*)proposal_substructure_create();

-	/* encryption algorithm is only availble in ESP */
+	/* encryption algorithm is only available in ESP */
 	enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM);
 	while (enumerator->enumerate(enumerator, &alg, &key_size))
 	{
--- a/src/libcharon/encoding/payloads/transform_substructure.c
+++ b/src/libcharon/encoding/payloads/transform_substructure.c
@ -84,7 +84,7 @@ encoding_rule_t transform_substructure_encodings[] = {
 	{ U_INT_8,				offsetof(private_transform_substructure_t, transform_type)	},
 	/* 1 Reserved Byte */
 	{ RESERVED_BYTE,		offsetof(private_transform_substructure_t, reserved[1])		},
-	/* tranform ID is a number of 8 bit */
+	/* transform ID is a number of 8 bit */
 	{ U_INT_16,				offsetof(private_transform_substructure_t, transform_id)	},
 	/* Attributes are stored in a transform attribute,
 	   offset points to a linked_list_t pointer */
--- a/src/libcharon/encoding/payloads/transform_substructure.h
+++ b/src/libcharon/encoding/payloads/transform_substructure.h
@ -118,7 +118,7 @@ transform_substructure_t *transform_substructure_create(void);
 *
 * @param type			type of transform to create
 * @param id			transform id specifc for the transform type
- * @param key_length	key length for key lenght attribute, 0 to omit
+ * @param key_length	key length for key length attribute, 0 to omit
 * @return				transform_substructure_t object
 */
 transform_substructure_t *transform_substructure_create_type(
--- a/src/libcharon/network/receiver.h
+++ b/src/libcharon/network/receiver.h
@ -30,7 +30,7 @@ typedef struct receiver_t receiver_t;
 /**
 * Receives packets from the socket and adds them to the job queue.
 *
- * The receiver starts a thread, wich reads on the blocking socket. A received
+ * The receiver starts a thread, which reads on the blocking socket. A received
 * packet is preparsed and a process_message_job is queued in the job queue.
 *
 * To endure DoS attacks, cookies are enabled when to many IKE_SAs are half
@ -38,7 +38,7 @@ typedef struct receiver_t receiver_t;
 * method in RFC4306. We do not include a nonce, because we think the advantage
 * we gain does not justify the overhead to parse the whole message.
 * Instead of VersionIdOfSecret, we include a timestamp. This allows us to
- * find out wich key was used for cookie creation. Further, we can set a
+ * find out which key was used for cookie creation. Further, we can set a
 * lifetime for the cookie, which allows us to reuse the secret for a longer
 * time.
 *		 COOKIE = time | sha1( IPi | SPIi | time | secret )
--- a/src/libcharon/plugins/android/android_logger.c
+++ b/src/libcharon/plugins/android/android_logger.c
@ -52,7 +52,7 @@ METHOD(listener_t, log_, bool,
 		snprintf(sgroup, sizeof(sgroup), "%N", debug_names, group);
 		vsnprintf(buffer, sizeof(buffer), format, args);
 		while (current)
-		{	/* log each line seperately */
+		{	/* log each line separately */
 			next = strchr(current, '\n');
 			if (next)
 			{
--- a/src/libcharon/plugins/load_tester/load_tester_plugin.c
+++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c
@ -68,7 +68,7 @@ struct private_load_tester_plugin_t {
 	int initiators;

 	/**
-	 * currenly running initiators
+	 * currently running initiators
 	 */
 	int running;

--- a/src/libcharon/plugins/medcli/medcli_config.c
+++ b/src/libcharon/plugins/medcli/medcli_config.c
@ -345,7 +345,7 @@ static job_requeue_t initiate_config(peer_cfg_t *peer_cfg)
 }

 /**
- * schedule initation of all "active" connections
+ * schedule initiation of all "active" connections
 */
 static void schedule_autoinit(private_medcli_config_t *this)
 {
--- a/src/libcharon/plugins/smp/schema.xml
+++ b/src/libcharon/plugins/smp/schema.xml
@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>

-<!-- strongSwan Managment Protocol (SMP) V1.0 -->
+<!-- strongSwan Management Protocol (SMP) V1.0 -->

 <!--
  Copyright (C) 2007 Martin Willi
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@ -871,7 +871,7 @@ METHOD(ike_sa_t, update_hosts, void,

 		if (!other->equals(other, this->other_host))
 		{
-			/* update others adress if we are NOT NATed */
+			/* update others address if we are NOT NATed */
 			if (force || !has_condition(this, COND_NAT_HERE))
 			{
 				set_other_host(this, other->clone(other));
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@ -689,7 +689,7 @@ struct ike_sa_t {
 	 *
 	 * Message processing may fail. If a critical failure occurs,
 	 * process_message() return DESTROY_ME. Then the caller must
-	 * destroy the IKE_SA immediatly, as it is unusable.
+	 * destroy the IKE_SA immediately, as it is unusable.
 	 *
 	 * @param message		message to process
 	 * @return
--- a/src/libcharon/sa/ike_sa_id.h
+++ b/src/libcharon/sa/ike_sa_id.h
@ -30,7 +30,7 @@ typedef struct ike_sa_id_t ike_sa_id_t;
 * An object of type ike_sa_id_t is used to identify an IKE_SA.
 *
 * An IKE_SA is identified by its initiator and responder spi's.
- * Additionaly it contains the role of the actual running IKEv2-Daemon
+ * Additionally it contains the role of the actual running IKEv2-Daemon
 * for the specific IKE_SA (original initiator or responder).
 */
 struct ike_sa_id_t {
@ -40,28 +40,28 @@ struct ike_sa_id_t {
 	 *
 	 * This function is called when a request or reply of a IKE_SA_INIT is received.
 	 *
-	 * @param responder_spi 	SPI of responder to set
+	 * @param responder_spi		SPI of responder to set
 	 */
 	void (*set_responder_spi) (ike_sa_id_t *this, u_int64_t responder_spi);

 	/**
 	 * Set the SPI of the initiator.
 	 *
-	 * @param initiator_spi 	SPI to set
+	 * @param initiator_spi		SPI to set
 	 */
 	void (*set_initiator_spi) (ike_sa_id_t *this, u_int64_t initiator_spi);

 	/**
 	 * Get the initiator SPI.
 	 *
-	 * @return 					SPI of the initiator
+	 * @return					SPI of the initiator
 	 */
 	u_int64_t (*get_initiator_spi) (ike_sa_id_t *this);

 	/**
 	 * Get the responder SPI.
 	 *
-	 * @return 					SPI of the responder
+	 * @return					SPI of the responder
 	 */
 	u_int64_t (*get_responder_spi) (ike_sa_id_t *this);

@ -70,8 +70,8 @@ struct ike_sa_id_t {
 	 *
 	 * Two ike_sa_id_t objects are equal if both SPI values and the role matches.
 	 *
-	 * @param other 			ike_sa_id_t object to check if equal
-	 * @return 					TRUE if given ike_sa_id_t are equal, FALSE otherwise
+	 * @param other				ike_sa_id_t object to check if equal
+	 * @return					TRUE if given ike_sa_id_t are equal, FALSE otherwise
 	 */
 	bool (*equals) (ike_sa_id_t *this, ike_sa_id_t *other);

@ -81,28 +81,28 @@ struct ike_sa_id_t {
 	 *
 	 * After calling this function, both objects are equal.
 	 *
-	 * @param other 			ike_sa_id_t object from which values will be taken
+	 * @param other			ike_sa_id_t object from which values will be taken
 	 */
 	void (*replace_values) (ike_sa_id_t *this, ike_sa_id_t *other);

 	/**
 	 * Get the initiator flag.
 	 *
-	 * @return 					TRUE if we are the original initator
+	 * @return					TRUE if we are the original initator
 	 */
 	bool (*is_initiator) (ike_sa_id_t *this);

 	/**
 	 * Switche the original initiator flag.
 	 *
-	 * @return 					TRUE if we are the original initator after switch, FALSE otherwise
+	 * @return					TRUE if we are the original initator after switch, FALSE otherwise
 	 */
 	bool (*switch_initiator) (ike_sa_id_t *this);

 	/**
 	 * Clones a given ike_sa_id_t object.
 	 *
-	 * @return 					cloned ike_sa_id_t object
+	 * @return					cloned ike_sa_id_t object
 	 */
 	ike_sa_id_t *(*clone) (ike_sa_id_t *this);

--- a/src/libcharon/sa/tasks/child_rekey.c
+++ b/src/libcharon/sa/tasks/child_rekey.c
@ -317,7 +317,7 @@ static status_t process_i(private_child_rekey_t *this, message_t *message)
 	if (message->get_payload(message, SECURITY_ASSOCIATION) == NULL)
 	{
 		/* establishing new child failed, reuse old. but not when we
-		 * recieved a delete in the meantime */
+		 * received a delete in the meantime */
 		if (!(this->collision &&
 			  this->collision->get_type(this->collision) == CHILD_DELETE))
 		{
--- a/src/libcharon/sa/tasks/ike_natd.c
+++ b/src/libcharon/sa/tasks/ike_natd.c
@ -353,7 +353,7 @@ static status_t build_r(private_ike_natd_t *this, message_t *message)
 	notify_payload_t *notify;
 	host_t *me, *other;

-	/* only add notifies on successfull responses. */
+	/* only add notifies on successful responses. */
 	if (message->get_exchange_type(message) == IKE_SA_INIT &&
 		message->get_payload(message, SECURITY_ASSOCIATION) == NULL)
 	{
--- a/src/libcharon/sa/tasks/task.h
+++ b/src/libcharon/sa/tasks/task.h
@ -89,7 +89,7 @@ extern enum_name_t *task_type_names;
 * A responder does the opposite; it calls process() first to handle an incoming
 * request and secondly calls build() to build an appropriate response.
 * Both methods return either SUCCESS, NEED_MORE or FAILED. A SUCCESS indicates
- * that the task completed, even when the task completed unsuccesfully. The
+ * that the task completed, even when the task completed unsuccessfully. The
 * manager then removes the task from the list. A NEED_MORE is returned when
 * the task needs further build()/process() calls to complete, the manager
 * leaves the taks in the queue. A returned FAILED indicates a critical failure.
@ -102,7 +102,7 @@ struct task_t {
 	 *
 	 * @param message		message to add payloads to
 	 * @return
-	 *						- FAILED if a critical error occured
+	 *						- FAILED if a critical error occurred
 	 *						- DESTROY_ME if IKE_SA has been properly deleted
 	 *						- NEED_MORE if another call to build/process needed
 	 *						- SUCCESS if task completed
@ -114,7 +114,7 @@ struct task_t {
 	 *
 	 * @param message		message to read payloads from
 	 * @return
-	 * 						- FAILED if a critical error occured
+	 * 						- FAILED if a critical error occurred
 	 *						- DESTROY_ME if IKE_SA has been properly deleted
 	 *						- NEED_MORE if another call to build/process needed
 	 *						- SUCCESS if task completed
--- a/src/libhydra/kernel/kernel_listener.h
+++ b/src/libhydra/kernel/kernel_listener.h
@ -84,7 +84,7 @@ struct kernel_listener_t {
 					policy_dir_t direction, host_t *local, host_t *remote);

 	/**
-	 * Hook called if changes in the networking layer occured (interfaces
+	 * Hook called if changes in the networking layer occurred (interfaces
 	 * up/down, routes added/deleted etc.).
 	 *
 	 * @param address		TRUE if address list, FALSE if routing changed
--- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
@ -2507,7 +2507,7 @@ static void init_ipsec_devices(private_kernel_klips_ipsec_t *this)
 }

 /**
- * Register a socket for AQUIRE/EXPIRE messages
+ * Register a socket for ACQUIRE/EXPIRE messages
 */
 static status_t register_pfkey_socket(private_kernel_klips_ipsec_t *this, u_int8_t satype)
 {
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@ -2327,7 +2327,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
 }

 /**
- * Register a socket for AQUIRE/EXPIRE messages
+ * Register a socket for ACQUIRE/EXPIRE messages
 */
 static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this,
 									  u_int8_t satype)
--- a/src/libstrongswan/chunk.c
+++ b/src/libstrongswan/chunk.c
@ -57,7 +57,7 @@ chunk_t chunk_create_clone(u_char *ptr, chunk_t chunk)
 }

 /**
- * Decribed in header.
+ * Described in header.
 */
 size_t chunk_length(const char* mode, ...)
 {
@ -87,7 +87,7 @@ size_t chunk_length(const char* mode, ...)
 }

 /**
- * Decribed in header.
+ * Described in header.
 */
 chunk_t chunk_create_cat(u_char *ptr, const char* mode, ...)
 {
@ -133,7 +133,7 @@ chunk_t chunk_create_cat(u_char *ptr, const char* mode, ...)
 }

 /**
- * Decribed in header.
+ * Described in header.
 */
 void chunk_split(chunk_t chunk, const char *mode, ...)
 {
@ -313,7 +313,7 @@ chunk_t chunk_from_hex(chunk_t hex, char *buf)
   /* subtract the number of optional ':' separation characters */
 	len = hex.len;
 	ptr = hex.ptr;
- 	for (i = 0; i < hex.len; i++)
+	for (i = 0; i < hex.len; i++)
 	{
 		if (*ptr++ == ':')
 		{
--- a/src/libstrongswan/chunk.h
+++ b/src/libstrongswan/chunk.h
@ -254,7 +254,7 @@ static inline bool chunk_equals(chunk_t a, chunk_t b)
 * Increment a chunk, as it would reprensent a network order integer.
 *
 * @param chunk			chunk to increment
- * @return				TRUE if an overflow occured
+ * @return				TRUE if an overflow occurred
 */
 bool chunk_increment(chunk_t chunk);

--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@ -31,7 +31,7 @@ typedef enum auth_class_t auth_class_t;
 /**
 * Class of authentication to use. This is different to auth_method_t in that
 * it does not specify a method, but a class of acceptable methods. The found
- * certificate finally dictates wich method is used.
+ * certificate finally dictates which method is used.
 */
 enum auth_class_t {
 	/** any class acceptable */
@ -57,7 +57,7 @@ extern enum_name_t *auth_class_names;
 * - For configs specifying local authentication behavior, the rules define
 *   which authentication method in which way.
 * - For configs specifying remote peer authentication, the rules define
- *   constraints the peer has to fullfill.
+ *   constraints the peer has to fulfill.
 *
 * Additionally to the rules, there is a set of helper items. These are used
 * to transport credentials during the authentication process.
--- a/src/libstrongswan/credentials/certificates/certificate.h
+++ b/src/libstrongswan/credentials/certificates/certificate.h
@ -176,7 +176,7 @@ struct certificate_t {
 	/**
 	 * Check if two certificates are equal.
 	 *
-	 * @param other			certificate to compair against this
+	 * @param other			certificate to compare against this
 	 * @return				TRUE if certificates are equal
 	 */
 	bool (*equals)(certificate_t *this, certificate_t *other);
--- a/src/libstrongswan/crypto/aead.h
+++ b/src/libstrongswan/crypto/aead.h
@ -111,7 +111,7 @@ struct aead_t {
 * Create a aead instance using traditional transforms.
 *
 * @param crypter		encryption transform for this aead
- * @param signer		integrity tranform for this aead
+ * @param signer		integrity transform for this aead
 * @return				aead transform
 */
 aead_t *aead_create(crypter_t *crypter, signer_t *signer);
--- a/src/libstrongswan/plugins/blowfish/COPYRIGHT
+++ b/src/libstrongswan/plugins/blowfish/COPYRIGHT
@ -37,7 +37,7 @@ SUCH DAMAGE.

 The license and distribution terms for any publically available version or
 derivative of this code cannot be changed.  i.e. this code cannot simply be
-copied and put under another distrubution license
+copied and put under another distribution license
 [including the GNU Public License.]

 The reason behind this being stated in this direct manner is past
--- a/src/libstrongswan/plugins/ccm/ccm_aead.c
+++ b/src/libstrongswan/plugins/ccm/ccm_aead.c
@ -67,7 +67,7 @@ typedef struct __attribute__((packed)) {
 		u_char salt[SALT_SIZE];
 		u_char iv[IV_SIZE];
 	} nonce;
-	/* lenght of plain text, q */
+	/* length of plain text, q */
 	u_char q[Q_SIZE];
 } b0_t;

--- a/src/libstrongswan/plugins/des/des_crypter.c
+++ b/src/libstrongswan/plugins/des/des_crypter.c
@ -80,7 +80,7 @@ struct private_des_crypter_t {
 	des_crypter_t public;

 	/**
-	 * Key size, depends on algoritm...
+	 * Key size, depends on algorithm...
 	 */
 	size_t key_size;

@ -127,7 +127,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #endif

 /* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
+ * Very much CPU dependent */
 #ifndef DES_UNROLL
 #define DES_UNROLL
 #endif
@ -316,7 +316,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 * bytes, probably an issue of accessing non-word aligned objects :-( */
 #ifdef DES_PTR

-/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
+/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
 * is no reason to not xor all the sub items together.  This potentially
 * saves a register since things can be xored directly into L */

--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@ -68,7 +68,7 @@ chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name, gcry_sexp_t key)
 			if (key)
 			{
 				/* gcrypt might return more bytes than necessary. Truncate
-				 * to key lenght if key given, or prepend zeros if needed  */
+				 * to key length if key given, or prepend zeros if needed  */
 				len = gcry_pk_get_nbits(key);
 				len = len / 8 + (len % 8 ? 1 : 0);
 				if (len > data.len)
--- a/src/libstrongswan/plugins/hmac/hmac.h
+++ b/src/libstrongswan/plugins/hmac/hmac.h
@ -30,7 +30,7 @@ typedef struct hmac_t hmac_t;
 * Message authentication using hash functions.
 *
 * This class implements the message authenticaion algorithm
- * described in RFC2104. It uses a hash function, wich must
+ * described in RFC2104. It uses a hash function, which must
 * be implemented as a hasher_t class.
 */
 struct hmac_t {
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
@ -495,7 +495,7 @@ typedef struct {
 	CK_SESSION_HANDLE session;
 	/* pkcs11 library */
 	pkcs11_library_t *lib;
-	/* attributes to retreive */
+	/* attributes to retrieve */
 	CK_ATTRIBUTE_PTR attr;
 	/* number of attributes */
 	CK_ULONG count;
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h
@ -32,7 +32,7 @@ typedef struct pkcs11_manager_t pkcs11_manager_t;
 *
 * @param data		user supplied data, as passed to pkcs11_manager_create()
 * @param p11		loaded PKCS#11 library token belongs to
- * @param slot		slot number the event occured in
+ * @param slot		slot number the event occurred in
 * @param add		TRUE if token was added to the slot, FALSE if removed
 */
 typedef void (*pkcs11_manager_token_event_t)(void *data, pkcs11_library_t *p11,
--- a/src/libstrongswan/plugins/plugin.h
+++ b/src/libstrongswan/plugins/plugin.h
@ -52,7 +52,7 @@ struct plugin_t {


 /**
- * Plugin constructor function definiton.
+ * Plugin constructor function definition.
 *
 * Each plugin has a constructor function. This function is called on daemon
 * startup to initialize each plugin.
--- a/src/libstrongswan/processing/jobs/callback_job.c
+++ b/src/libstrongswan/processing/jobs/callback_job.c
@ -62,7 +62,7 @@ struct private_callback_job_t {
 	mutex_t *mutex;

 	/**
-	 * list of asociated child jobs
+	 * list of associated child jobs
 	 */
 	linked_list_t *children;

--- a/src/libstrongswan/processing/scheduler.h
+++ b/src/libstrongswan/processing/scheduler.h
@ -35,7 +35,7 @@ typedef struct scheduler_t scheduler_t;
 * based data structure that satisfies the following property: if B is a child
 * node of A, then key(A) >= (or <=) key(B). So either the element with the
 * greatest (max-heap) or the smallest (min-heap) key is the root of the heap.
- * We use a min-heap whith the key being the absolute unix time at which an
+ * We use a min-heap with the key being the absolute unix time at which an
 * event is scheduled. So the root is always the event that will fire next.
 *
 * An earlier implementation of the scheduler used a sorted linked list to store
--- a/src/libstrongswan/settings.h
+++ b/src/libstrongswan/settings.h
@ -110,7 +110,7 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def);
 * already existing values are replaced.
 *
 * All settings included from files are added relative to the section the
- * include statment is in.
+ * include statement is in.
 *
 * The following files result in the same final config as above:
 *
--- a/src/libstrongswan/utils/enumerator.h
+++ b/src/libstrongswan/utils/enumerator.h
@ -36,7 +36,7 @@ struct enumerator_t {
 	 * The enumerate function takes a variable argument list containing
 	 * pointers where the enumerated values get written.
 	 *
-	 * @param ...	variable list of enumerated items, implementation dependant
+	 * @param ...	variable list of enumerated items, implementation dependent
 	 * @return		TRUE if pointers returned
 	 */
 	bool (*enumerate)(enumerator_t *this, ...);
--- a/src/libstrongswan/utils/host.c
+++ b/src/libstrongswan/utils/host.c
@ -40,7 +40,7 @@ struct private_host_t {
 	host_t public;

 	/**
-	 * low-lewel structure, wich stores the address
+	 * low-lewel structure, which stores the address
 	 */
 	union {
 		/** generic type */
--- a/src/libstrongswan/utils/identification.h
+++ b/src/libstrongswan/utils/identification.h
@ -293,7 +293,7 @@ struct identification_t {
 *
 * In favour of pluto, domainnames are prepended with an @, since
 * pluto resolves domainnames without an @ to IPv4 addresses. Since
- * we use a seperate host_t class for addresses, this doesn't
+ * we use a separate host_t class for addresses, this doesn't
 * make sense for us.
 *
 * A distinguished name may contain one or more of the following RDNs:
--- a/src/libtls/tls_alert.h
+++ b/src/libtls/tls_alert.h
@ -98,7 +98,7 @@ struct tls_alert_t {
 	/**
 	 * Did a fatal alert occur?.
 	 *
-	 * @return				TRUE if a fatal alert has occured
+	 * @return				TRUE if a fatal alert has occurred
 	 */
 	bool (*fatal)(tls_alert_t *this);

--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@ -603,7 +603,7 @@ static suite_algs_t suite_algs[] = {
 };

 /**
- * Look up algoritms by a suite
+ * Look up algorithms by a suite
 */
 static suite_algs_t *find_suite(tls_cipher_suite_t suite)
 {
--- a/src/libtls/tls_fragmentation.c
+++ b/src/libtls/tls_fragmentation.c
@ -242,7 +242,7 @@ METHOD(tls_fragmentation_t, process, status_t,
 	{
 		case ALERT_SENDING:
 		case ALERT_SENT:
-			/* don't accept more input, fatal error ocurred */
+			/* don't accept more input, fatal error occurred */
 			return NEED_MORE;
 		case ALERT_NONE:
 			break;
--- a/src/libtls/tls_protection.c
+++ b/src/libtls/tls_protection.c
@ -112,7 +112,7 @@ METHOD(tls_protection_t, process, status_t,
 	private_tls_protection_t *this, tls_content_type_t type, chunk_t data)
 {
 	if (this->alert->fatal(this->alert))
-	{	/* don't accept more input, fatal error ocurred */
+	{	/* don't accept more input, fatal error occurred */
 		return NEED_MORE;
 	}

--- a/src/manager/templates/static/jquery.js
+++ b/src/manager/templates/static/jquery.js
@ -2110,7 +2110,7 @@ var jsc = (new Date).getTime();

 jQuery.extend({
 	get: function( url, data, callback, type ) {
-		// shift arguments if data argument was ommited
+		// shift arguments if data argument was omitted
 		if ( jQuery.isFunction( data ) ) {
 			callback = data;
 			data = null;
--- a/src/medsrv/controller/user_controller.c
+++ b/src/medsrv/controller/user_controller.c
@ -44,7 +44,7 @@ struct private_user_controller_t {
 	user_t *user;

 	/**
-	 * minimum required password lenght
+	 * minimum required password length
 	 */
 	u_int password_length;
 };
--- a/src/pluto/constants.h
+++ b/src/pluto/constants.h
@ -658,7 +658,7 @@ extern const char *prettypolicy(lset_t policy);
 #define POLICY_COMPRESS      LELEM(4)   /* must be third */
 #define POLICY_TUNNEL        LELEM(5)
 #define POLICY_PFS           LELEM(6)
-#define POLICY_DISABLEARRIVALCHECK  LELEM(7)    /* supress tunnel egress address checking */
+#define POLICY_DISABLEARRIVALCHECK  LELEM(7)    /* suppress tunnel egress address checking */

 #define POLICY_IPSEC_SHIFT      2       /* log2(POLICY_ENCRYPT) */
 #define POLICY_IPSEC_MASK       LRANGES(POLICY_ENCRYPT, POLICY_DISABLEARRIVALCHECK)
--- a/src/pluto/demux.c
+++ b/src/pluto/demux.c
@ -544,7 +544,7 @@ init_demux(void)
 * - ip(7) describes IP_RECVERR
 * - recvmsg(2) describes MSG_ERRQUEUE
 * - readv(2) describes iovec
- * - cmsg(3) describes how to process auxilliary messages
+ * - cmsg(3) describes how to process auxiliary messages
 *
 * ??? we should link this message with one we've sent
 * so that the diagnostic can refer to that negotiation.
@ -1580,7 +1580,7 @@ process_packet(struct msg_digest **mdp)

 			/*
 			 * okay, now we have to figure out if we are receiving a bogus
-			 * new message in an oustanding XAUTH server conversation
+			 * new message in an outstanding XAUTH server conversation
 			 * (i.e. a reply to our challenge)
 			 * (this occurs with some broken other implementations).
 			 *
--- a/src/pluto/kernel_alg.c
+++ b/src/pluto/kernel_alg.c