Imported Upstream version 5.1.1

3 files changed, 266 insertions, 205 deletions

diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in
index cb9e9a82e..5c3d01558 100644
--- a/src/libcharon/plugins/ipseckey/Makefile.in
+++ b/src/libcharon/plugins/ipseckey/Makefile.in
@@ -1,9 +1,8 @@
-# Makefile.in generated by automake 1.11.6 from Makefile.am.
+# Makefile.in generated by automake 1.13.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
-# Foundation, Inc.
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -16,23 +15,51 @@
 @SET_MAKE@
 
 VPATH = @srcdir@
-am__make_dryrun = \
-  { \
-    am__dry=no; \
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
     case $$MAKEFLAGS in \
       *\\[\ \	]*) \
-        echo 'am--echo: ; @echo "AM"  OK' | $(MAKE) -f - 2>/dev/null \
-          | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
-      *) \
-        for am__flg in $$MAKEFLAGS; do \
-          case $$am__flg in \
-            *=*|--*) ;; \
-            *n*) am__dry=yes; break;; \
-          esac; \
-        done;; \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
     esac; \
-    test $$am__dry = yes; \
-  }
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -52,13 +79,15 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 subdir = src/libcharon/plugins/ipseckey
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+	$(top_srcdir)/depcomp
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 	$(top_srcdir)/m4/config/ltoptions.m4 \
 	$(top_srcdir)/m4/config/ltsugar.m4 \
 	$(top_srcdir)/m4/config/ltversion.m4 \
 	$(top_srcdir)/m4/config/lt~obsolete.m4 \
+	$(top_srcdir)/m4/macros/split-package-version.m4 \
 	$(top_srcdir)/m4/macros/with.m4 \
 	$(top_srcdir)/m4/macros/enable-disable.m4 \
 	$(top_srcdir)/m4/macros/add-plugin.m4 \
@@ -106,6 +135,7 @@ libstrongswan_ipseckey_la_OBJECTS =  \
 AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
+am__v_lt_1 = 
 libstrongswan_ipseckey_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_ipseckey_la_LDFLAGS) \
@@ -113,6 +143,18 @@ libstrongswan_ipseckey_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 @MONOLITHIC_FALSE@am_libstrongswan_ipseckey_la_rpath = -rpath \
 @MONOLITHIC_FALSE@	$(plugindir)
 @MONOLITHIC_TRUE@am_libstrongswan_ipseckey_la_rpath =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -125,20 +167,16 @@ LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(AM_CFLAGS) $(CFLAGS)
 AM_V_CC = $(am__v_CC_@AM_V@)
 am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo "  CC    " $@;
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
 CCLD = $(CC)
 LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(AM_LDFLAGS) $(LDFLAGS) -o $@
 AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo "  CCLD  " $@;
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo "  GEN   " $@;
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
 SOURCES = $(libstrongswan_ipseckey_la_SOURCES)
 DIST_SOURCES = $(libstrongswan_ipseckey_la_SOURCES)
 am__can_run_installinfo = \
@@ -146,6 +184,23 @@ am__can_run_installinfo = \
     n|no|NO) false;; \
     *) (install-info --version) >/dev/null 2>&1;; \
   esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
 ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -222,6 +277,10 @@ PACKAGE_STRING = @PACKAGE_STRING@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
 PATH_SEPARATOR = @PATH_SEPARATOR@
 PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
@@ -338,6 +397,7 @@ starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -398,12 +458,15 @@ $(am__aclocal_m4_deps):
 
 clean-noinstLTLIBRARIES:
 	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
+	@list='$(noinst_LTLIBRARIES)'; \
+	locs=`for p in $$list; do echo $$p; done | \
+	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+	      sort -u`; \
+	test -z "$$locs" || { \
+	  echo rm -f $${locs}; \
+	  rm -f $${locs}; \
+	}
+
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
@@ -430,12 +493,15 @@ uninstall-pluginLTLIBRARIES:
 
 clean-pluginLTLIBRARIES:
 	-test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
-	@list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
-	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
-	  test "$$dir" != "$$p" || dir=.; \
-	  echo "rm -f \"$${dir}/so_locations\""; \
-	  rm -f "$${dir}/so_locations"; \
-	done
+	@list='$(plugin_LTLIBRARIES)'; \
+	locs=`for p in $$list; do echo $$p; done | \
+	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+	      sort -u`; \
+	test -z "$$locs" || { \
+	  echo rm -f $${locs}; \
+	  rm -f $${locs}; \
+	}
+
 libstrongswan-ipseckey.la: $(libstrongswan_ipseckey_la_OBJECTS) $(libstrongswan_ipseckey_la_DEPENDENCIES) $(EXTRA_libstrongswan_ipseckey_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(libstrongswan_ipseckey_la_LINK) $(am_libstrongswan_ipseckey_la_rpath) $(libstrongswan_ipseckey_la_OBJECTS) $(libstrongswan_ipseckey_la_LIBADD) $(LIBS)
 
@@ -450,22 +516,25 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipseckey_plugin.Plo@am__quote@
 
 .c.o:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
@@ -476,26 +545,15 @@ mostlyclean-libtool:
 clean-libtool:
 	-rm -rf .libs _libs
 
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
-	      END { if (nonempty) { for (i in files) print i; }; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
 	set x; \
 	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
-	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	$(am__define_uniq_tagged_files); \
 	shift; \
 	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
 	  test -n "$$unique" || unique=$$empty_fix; \
@@ -507,15 +565,11 @@ TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	      $$unique; \
 	  fi; \
 	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
-	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
 	test -z "$(CTAGS_ARGS)$$unique" \
 	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
 	     $$unique
@@ -524,6 +578,21 @@ GTAGS:
 	here=`$(am__cd) $(top_builddir) && pwd` \
 	  && $(am__cd) $(top_srcdir) \
 	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
 
 distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
@@ -668,20 +737,20 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 
 .MAKE: install-am install-strip
 
-.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
 	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
-	ctags distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-dvi install-dvi-am install-exec \
-	install-exec-am install-html install-html-am install-info \
-	install-info-am install-man install-pdf install-pdf-am \
-	install-pluginLTLIBRARIES install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags uninstall uninstall-am \
-	uninstall-pluginLTLIBRARIES
+	cscopelist-am ctags ctags-am distclean distclean-compile \
+	distclean-generic distclean-libtool distclean-tags distdir dvi \
+	dvi-am html html-am info info-am install install-am \
+	install-data install-data-am install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-man install-pdf \
+	install-pdf-am install-pluginLTLIBRARIES install-ps \
+	install-ps-am install-strip installcheck installcheck-am \
+	installdirs maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+	uninstall-am uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.c b/src/libcharon/plugins/ipseckey/ipseckey_cred.c
index e8722f12c..3ff6dd87d 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey_cred.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.c
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2013 Tobias Brunner
  * Copyright (C) 2012 Reto Guadagnini
  * Hochschule fuer Technik Rapperswil
  *
@@ -12,6 +13,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  */
+
 #define _GNU_SOURCE
 #include <stdio.h>
 #include <string.h>
@@ -20,7 +22,6 @@
 #include "ipseckey.h"
 
 #include <bio/bio_reader.h>
-#include <daemon.h>
 
 typedef struct private_ipseckey_cred_t private_ipseckey_cred_t;
 
@@ -61,64 +62,59 @@ typedef struct {
 METHOD(enumerator_t, cert_enumerator_enumerate, bool,
 	cert_enumerator_t *this, certificate_t **cert)
 {
-	rr_t *cur_rr = NULL;
-	ipseckey_t *cur_ipseckey = NULL;
-	chunk_t pub_key;
-	public_key_t * key = NULL;
-	bool supported_ipseckey_found = FALSE;
+	ipseckey_t *cur_ipseckey;
+	public_key_t *public;
+	rr_t *cur_rr;
+	chunk_t key;
 
 	/* Get the next supported IPSECKEY using the inner enumerator. */
-	while (this->inner->enumerate(this->inner, &cur_rr) &&
-		   !supported_ipseckey_found)
+	while (this->inner->enumerate(this->inner, &cur_rr))
 	{
-		supported_ipseckey_found = TRUE;
-
 		cur_ipseckey = ipseckey_create_frm_rr(cur_rr);
 
 		if (!cur_ipseckey)
 		{
-			DBG1(DBG_CFG, "failed to parse ipseckey - skipping this key");
-			supported_ipseckey_found = FALSE;
+			DBG1(DBG_CFG, "  failed to parse IPSECKEY, skipping");
+			continue;
 		}
 
-		if (cur_ipseckey &&
-			cur_ipseckey->get_algorithm(cur_ipseckey) != IPSECKEY_ALGORITHM_RSA)
+		if (cur_ipseckey->get_algorithm(cur_ipseckey) != IPSECKEY_ALGORITHM_RSA)
 		{
-			DBG1(DBG_CFG, "unsupported ipseckey algorithm -skipping this key");
+			DBG1(DBG_CFG, "  unsupported IPSECKEY algorithm, skipping");
 			cur_ipseckey->destroy(cur_ipseckey);
-			supported_ipseckey_found = FALSE;
+			continue;
 		}
-	}
-
-	if (supported_ipseckey_found)
-	{
-		/*
-		 * Wrap the key of the IPSECKEY in a certificate and return this
-		 * certificate.
-		 */
-		pub_key = cur_ipseckey->get_public_key(cur_ipseckey);
-
-		key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
-								 BUILD_BLOB_DNSKEY, pub_key,
-								 BUILD_END);
 
-		if (!key)
+		/* wrap the key of the IPSECKEY in a certificate and return this
+		 * certificate */
+		key = cur_ipseckey->get_public_key(cur_ipseckey);
+		public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+									BUILD_BLOB_DNSKEY, key,
+									BUILD_END);
+		if (!public)
 		{
-			DBG1(DBG_CFG, "failed to create public key from ipseckey");
+			DBG1(DBG_CFG, "  failed to create public key from IPSECKEY");
 			cur_ipseckey->destroy(cur_ipseckey);
-			return FALSE;
+			continue;
 		}
 
 		*cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
 								   CERT_TRUSTED_PUBKEY,
-								   BUILD_PUBLIC_KEY, key,
+								   BUILD_PUBLIC_KEY, public,
 								   BUILD_SUBJECT, this->identity,
 								   BUILD_NOT_BEFORE_TIME, this->notBefore,
 								   BUILD_NOT_AFTER_TIME, this->notAfter,
 								   BUILD_END);
+		if (*cert == NULL)
+		{
+			DBG1(DBG_CFG, "  failed to create certificate from IPSECKEY");
+			cur_ipseckey->destroy(cur_ipseckey);
+			public->destroy(public);
+			continue;
+		}
+		cur_ipseckey->destroy(cur_ipseckey);
 		return TRUE;
 	}
-
 	return FALSE;
 }
 
@@ -134,101 +130,95 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 	private_ipseckey_cred_t *this, certificate_type_t cert, key_type_t key,
 	identification_t *id, bool trusted)
 {
-	char *fqdn = NULL;
-	resolver_response_t *response = NULL;
-	rr_set_t *rrset = NULL;
-	enumerator_t *rrsig_enum = NULL;
-	rr_t *rrsig = NULL;
-	bio_reader_t *reader = NULL;
-	chunk_t ignore;
-	u_int32_t nBefore, nAfter;
+	resolver_response_t *response;
+	enumerator_t *rrsig_enum;
 	cert_enumerator_t *e;
+	rr_set_t *rrset;
+	rr_t *rrsig;
+	bio_reader_t *reader;
+	u_int32_t nBefore, nAfter;
+	chunk_t ignore;
+	char *fqdn;
 
-	if (id && id->get_type(id) == ID_FQDN)
+	if (!id || id->get_type(id) != ID_FQDN)
 	{
-		/**	Query the DNS for the required IPSECKEY RRs */
-
-		if (0 >= asprintf(&fqdn, "%Y", id))
-		{
-			DBG1(DBG_CFG, "empty FQDN string");
-			return enumerator_create_empty();
-		}
-
-		DBG1(DBG_CFG, "performing a DNS query for IPSECKEY RRs of '%s'",
-					   fqdn);
-		response = this->res->query(this->res, fqdn, RR_CLASS_IN,
-									RR_TYPE_IPSECKEY);
-		if (!response)
-		{
-			DBG1(DBG_CFG, "  query for IPSECKEY RRs failed");
-			free(fqdn);
-			return enumerator_create_empty();
-		}
-
-		if (!response->has_data(response) ||
-			!response->query_name_exist(response))
-		{
-			DBG1(DBG_CFG, "  unable to retrieve IPSECKEY RRs from the DNS");
-			response->destroy(response);
-			free(fqdn);
-			return enumerator_create_empty();
-		}
-
-		if (!(response->get_security_state(response) == SECURE))
-		{
-			DBG1(DBG_CFG, "  DNSSEC state of IPSECKEY RRs is not secure");
-			response->destroy(response);
-			free(fqdn);
-			return enumerator_create_empty();
-		}
+		return enumerator_create_empty();
+	}
 
+	/* query the DNS for the required IPSECKEY RRs */
+	if (asprintf(&fqdn, "%Y", id) <= 0)
+	{
+		DBG1(DBG_CFG, "failed to determine FQDN to retrieve IPSECKEY RRs");
+		return enumerator_create_empty();
+	}
+	DBG1(DBG_CFG, "performing a DNS query for IPSECKEY RRs of '%s'", fqdn);
+	response = this->res->query(this->res, fqdn, RR_CLASS_IN, RR_TYPE_IPSECKEY);
+	if (!response)
+	{
+		DBG1(DBG_CFG, "  query for IPSECKEY RRs failed");
 		free(fqdn);
+		return enumerator_create_empty();
+	}
+	free(fqdn);
 
-		/** Determine the validity period of the retrieved IPSECKEYs
-		 *
-		 * We use the "Signature Inception" and "Signature Expiration" field
-		 * of the first RRSIG RR to determine the validity period of the
-		 * IPSECKEY RRs. TODO: Take multiple RRSIGs into account.
-		 */
-		rrset = response->get_rr_set(response);
-		rrsig_enum = rrset->create_rrsig_enumerator(rrset);
-		if (!rrsig_enum || !rrsig_enum->enumerate(rrsig_enum, &rrsig))
-		{
-			DBG1(DBG_CFG, "  unable to determine the validity period of "
-						  "IPSECKEY RRs because no RRSIGs are present");
-			DESTROY_IF(rrsig_enum);
-			response->destroy(response);
-			return enumerator_create_empty();
-		}
-
-		/**
-		 * Parse the RRSIG for its validity period (RFC 4034)
-		 */
-		reader = bio_reader_create(rrsig->get_rdata(rrsig));
-		reader->read_data(reader, 8, &ignore);
-		reader->read_uint32(reader, &nAfter);
-		reader->read_uint32(reader, &nBefore);
-		reader->destroy(reader);
+	if (!response->has_data(response) ||
+		!response->query_name_exist(response))
+	{
+		DBG1(DBG_CFG, "  unable to retrieve IPSECKEY RRs from the DNS");
+		response->destroy(response);
+		return enumerator_create_empty();
+	}
 
-		/*Create and return an iterator over the retrieved IPSECKEYs */
-		INIT(e,
-			.public = {
-				.enumerate = (void*)_cert_enumerator_enumerate,
-				.destroy = _cert_enumerator_destroy,
-			},
-			.inner = response->get_rr_set(response)->create_rr_enumerator(
-										  response->get_rr_set(response)),
-			.response = response,
-			.notBefore = nBefore,
-			.notAfter = nAfter,
-			.identity = id,
-		);
+	if (response->get_security_state(response) != SECURE)
+	{
+		DBG1(DBG_CFG, "  DNSSEC state of IPSECKEY RRs is not secure");
+		response->destroy(response);
+		return enumerator_create_empty();
+	}
 
-		return &e->public;
+	/* determine the validity period of the retrieved IPSECKEYs
+	 *
+	 * we use the "Signature Inception" and "Signature Expiration" field
+	 * of the first RRSIG RR to determine the validity period of the
+	 * IPSECKEY RRs.
+	 * TODO: Take multiple RRSIGs into account. */
+	rrset = response->get_rr_set(response);
+	rrsig_enum = rrset->create_rrsig_enumerator(rrset);
+	if (!rrsig_enum || !rrsig_enum->enumerate(rrsig_enum, &rrsig))
+	{
+		DBG1(DBG_CFG, "  unable to determine the validity period of "
+			 "IPSECKEY RRs because no RRSIGs are present");
+		DESTROY_IF(rrsig_enum);
+		response->destroy(response);
+		return enumerator_create_empty();
 	}
+	rrsig_enum->destroy(rrsig_enum);
 
+	/* parse the RRSIG for its validity period (RFC 4034) */
+	reader = bio_reader_create(rrsig->get_rdata(rrsig));
+	if (!reader->read_data(reader, 8, &ignore) ||
+		!reader->read_uint32(reader, &nAfter) ||
+		!reader->read_uint32(reader, &nBefore))
+	{
+		DBG1(DBG_CFG, "  unable to determine the validity period of RRSIG RRs");
+		reader->destroy(reader);
+		response->destroy(response);
+		return enumerator_create_empty();
+	}
+	reader->destroy(reader);
 
-	return enumerator_create_empty();
+	INIT(e,
+		.public = {
+			.enumerate = (void*)_cert_enumerator_enumerate,
+			.destroy = _cert_enumerator_destroy,
+		},
+		.inner = rrset->create_rr_enumerator(rrset),
+		.response = response,
+		.notBefore = nBefore,
+		.notAfter = nAfter,
+		.identity = id,
+	);
+	return &e->public;
 }
 
 METHOD(ipseckey_cred_t, destroy, void,
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
index 2fd820f94..9bc49ba28 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c
@@ -109,6 +109,8 @@ METHOD(plugin_t, get_features, int,
 		PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL),
 			PLUGIN_PROVIDE(CUSTOM, "ipseckey"),
 				PLUGIN_DEPENDS(RESOLVER),
+				PLUGIN_DEPENDS(PUBKEY, KEY_RSA),
+				PLUGIN_DEPENDS(CERT_ENCODE, CERT_TRUSTED_PUBKEY),
 	};
 	*features = f;
 	return countof(f);