Import upstream release 5.2.1

3 files changed, 129 insertions, 13 deletions

diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index c34d34903..2e221c8b4 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -232,6 +232,7 @@ ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+GEM = @GEM@
 GENHTML = @GENHTML@
 GPERF = @GPERF@
 GPRBUILD = @GPRBUILD@
@@ -292,6 +293,7 @@ PYTHON_VERSION = @PYTHON_VERSION@
 RANLIB = @RANLIB@
 RTLIB = @RTLIB@
 RUBY = @RUBY@
+RUBYGEMDIR = @RUBYGEMDIR@
 RUBYINCLUDE = @RUBYINCLUDE@
 RUBYLIB = @RUBYLIB@
 SED = @SED@
@@ -357,6 +359,8 @@ ipsecdir = @ipsecdir@
 ipsecgroup = @ipsecgroup@
 ipseclibdir = @ipseclibdir@
 ipsecuser = @ipsecuser@
+json_CFLAGS = @json_CFLAGS@
+json_LIBS = @json_LIBS@
 libdir = @libdir@
 libexecdir = @libexecdir@
 linux_headers = @linux_headers@
@@ -404,6 +408,10 @@ strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
 swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
+systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
+systemd_daemon_LIBS = @systemd_daemon_LIBS@
+systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
+systemd_journal_LIBS = @systemd_journal_LIBS@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
 target_alias = @target_alias@
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c
index 620cf74f3..7653c1986 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.c
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.c
@@ -86,6 +86,7 @@ METHOD(fetcher_t, fetch, status_t,
 	private_curl_fetcher_t *this, char *uri, void *userdata)
 {
 	char error[CURL_ERROR_SIZE], *enc_uri;
+	CURLcode curl_status;
 	status_t status;
 	long result = 0;
 	cb_data_t data = {
@@ -123,7 +124,8 @@ METHOD(fetcher_t, fetch, status_t,
 	}
 
 	DBG2(DBG_LIB, "  sending http request to '%s'...", uri);
-	switch (curl_easy_perform(this->curl))
+	curl_status = curl_easy_perform(this->curl);
+	switch (curl_status)
 	{
 		case CURLE_UNSUPPORTED_PROTOCOL:
 			status = NOT_SUPPORTED;
@@ -138,7 +140,8 @@ METHOD(fetcher_t, fetch, status_t,
 			status = (result >= 200 && result < 300) ? SUCCESS : FAILED;
 			break;
 		default:
-			DBG1(DBG_LIB, "libcurl http request failed: %s", error);
+			DBG1(DBG_LIB, "libcurl http request failed [%d]: %s", curl_status,
+				 error);
 			status = FAILED;
 			break;
 	}
diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c
index 062fe129f..89296677e 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.c
+++ b/src/libstrongswan/plugins/curl/curl_plugin.c
@@ -32,8 +32,107 @@ struct private_curl_plugin_t {
 	 * public functions
 	 */
 	curl_plugin_t public;
+
+	/**
+	 * Supported features, CURL protocols + 1
+	 */
+	plugin_feature_t *features;
+
+	/**
+	 * Number of supported features
+	 */
+	int count;
 };
 
+/**
+ * Append a feature to supported feature list
+ */
+static void add_feature(private_curl_plugin_t *this, plugin_feature_t f)
+{
+	this->features = realloc(this->features, ++this->count * sizeof(f));
+	this->features[this->count - 1] = f;
+}
+
+/**
+ * Try to add a feature, and the appropriate SSL dependencies
+ */
+static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl,
+								 char *proto, plugin_feature_t f)
+{
+	/* http://curl.haxx.se/libcurl/c/libcurl-tutorial.html#Multi-threading */
+	if (strpfx(ssl, "OpenSSL"))
+	{
+		add_feature(this, f);
+		add_feature(this, PLUGIN_DEPENDS(CUSTOM, "openssl-threading"));
+	}
+	else if (strpfx(ssl, "GnuTLS"))
+	{
+		add_feature(this, f);
+		add_feature(this, PLUGIN_DEPENDS(CUSTOM, "gcrypt-threading"));
+	}
+	else if (strpfx(ssl, "NSS"))
+	{
+		add_feature(this, f);
+	}
+	else
+	{
+		DBG1(DBG_LIB, "curl SSL backend '%s' not supported, %s disabled",
+			 ssl, proto);
+	}
+}
+
+/**
+ * Get supported protocols, build plugin feature set
+ */
+static bool query_protocols(private_curl_plugin_t *this)
+{
+
+	struct {
+		/* protocol we are interested in, suffixed with "://" */
+		char *name;
+		/* require SSL library initialization? */
+		bool ssl;
+	} protos[] = {
+		{ "file://",		FALSE,	},
+		{ "http://",		FALSE,	},
+		{ "https://",		TRUE,	},
+		{ "ftp://",			FALSE,	},
+	};
+	curl_version_info_data *info;
+	char *name;
+	int i, j;
+
+	add_feature(this, PLUGIN_REGISTER(FETCHER, curl_fetcher_create));
+
+	info = curl_version_info(CURLVERSION_NOW);
+
+	for (i = 0; info->protocols[i]; i++)
+	{
+		for (j = 0; j < countof(protos); j++)
+		{
+			name = protos[j].name;
+			if (strlen(info->protocols[i]) == strlen(name) - strlen("://"))
+			{
+				if (strneq(info->protocols[i], name,
+						   strlen(name) - strlen("://")))
+				{
+					if (protos[j].ssl)
+					{
+						add_feature_with_ssl(this, info->ssl_version, name,
+									PLUGIN_PROVIDE(FETCHER, name));
+					}
+					else
+					{
+						add_feature(this, PLUGIN_PROVIDE(FETCHER, name));
+					}
+				}
+			}
+		}
+	}
+
+	return this->count > 1;
+}
+
 METHOD(plugin_t, get_name, char*,
 	private_curl_plugin_t *this)
 {
@@ -43,21 +142,15 @@ METHOD(plugin_t, get_name, char*,
 METHOD(plugin_t, get_features, int,
 	private_curl_plugin_t *this, plugin_feature_t *features[])
 {
-	static plugin_feature_t f[] = {
-		PLUGIN_REGISTER(FETCHER, curl_fetcher_create),
-			PLUGIN_PROVIDE(FETCHER, "file://"),
-			PLUGIN_PROVIDE(FETCHER, "http://"),
-			PLUGIN_PROVIDE(FETCHER, "https://"),
-			PLUGIN_PROVIDE(FETCHER, "ftp://"),
-	};
-	*features = f;
-	return countof(f);
+	*features = this->features;
+	return this->count;
 }
 
 METHOD(plugin_t, destroy, void,
 	private_curl_plugin_t *this)
 {
 	curl_global_cleanup();
+	free(this->features);
 	free(this);
 }
 
@@ -79,7 +172,12 @@ plugin_t *curl_plugin_create()
 		},
 	);
 
-	res = curl_global_init(CURL_GLOBAL_NOTHING);
+	res = curl_global_init(CURL_GLOBAL_SSL);
+	if (res != CURLE_OK)
+	{
+		/* no SSL support? Try without */
+		res = curl_global_init(CURL_GLOBAL_NOTHING);
+	}
 	if (res != CURLE_OK)
 	{
 		DBG1(DBG_LIB, "global libcurl initializing failed: %s",
@@ -87,6 +185,13 @@ plugin_t *curl_plugin_create()
 		destroy(this);
 		return NULL;
 	}
+
+	if (!query_protocols(this))
+	{
+		DBG1(DBG_LIB, "no usable CURL protocols found, curl disabled");
+		destroy(this);
+		return NULL;
+	}
+
 	return &this->public.plugin;
 }
-