3 files changed, 95 insertions, 33 deletions
diff --git a/src/pt-tls-client/Makefile.am b/src/pt-tls-client/Makefile.am
index 2ce1a10f3..8d1567eef 100644
--- a/src/pt-tls-client/Makefile.am
+++ b/src/pt-tls-client/Makefile.am
@@ -11,7 +11,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libtncif \
 	-I$(top_srcdir)/src/libtnccs \
 	-DIPSEC_CONFDIR=\"${sysconfdir}\" \
-	-DPLUGINS="\"pem openssl nonce tnc-tnccs tnc-imc tnccs-20\""
+	-DPLUGINS="\"x509 pem pkcs1 pubkey openssl nonce tnc-tnccs tnc-imc tnccs-20\""
 
 pt_tls_client_LDADD = \
 	$(top_builddir)/src/libstrongswan/libstrongswan.la \
diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in
index d9a8259e9..efbba98d2 100644
--- a/src/pt-tls-client/Makefile.in
+++ b/src/pt-tls-client/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
@@ -235,6 +235,7 @@ NM = @NM@
 NMEDIT = @NMEDIT@
 OBJDUMP = @OBJDUMP@
 OBJEXT = @OBJEXT@
+OPENSSL_LIB = @OPENSSL_LIB@
 OTOOL = @OTOOL@
 OTOOL64 = @OTOOL64@
 PACKAGE = @PACKAGE@
@@ -253,6 +254,7 @@ PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
 PTHREADLIB = @PTHREADLIB@
 PYTHON = @PYTHON@
 PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
@@ -280,6 +282,7 @@ abs_top_srcdir = @abs_top_srcdir@
 ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+aikgen_plugins = @aikgen_plugins@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
 am__quote = @am__quote@
@@ -371,6 +374,7 @@ srcdir = @srcdir@
 starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
 strongswan_options = @strongswan_options@
+swanctldir = @swanctldir@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
@@ -389,7 +393,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libtncif \
 	-I$(top_srcdir)/src/libtnccs \
 	-DIPSEC_CONFDIR=\"${sysconfdir}\" \
-	-DPLUGINS="\"pem openssl nonce tnc-tnccs tnc-imc tnccs-20\""
+	-DPLUGINS="\"x509 pem pkcs1 pubkey openssl nonce tnc-tnccs tnc-imc tnccs-20\""
 
 pt_tls_client_LDADD = \
 	$(top_builddir)/src/libstrongswan/libstrongswan.la \
diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c
index 90edb0c8e..8b41ae25e 100644
--- a/src/pt-tls-client/pt-tls-client.c
+++ b/src/pt-tls-client/pt-tls-client.c
@@ -1,6 +1,7 @@
 /*
  * Copyright (C) 2010-2013 Martin Willi, revosec AG
- * Copyright (C) 2013 Andreas Steffen, HSR Hochschule für Technik Rapperswil
+ * Copyright (C) 2013-2014 Andreas Steffen
+ * HSR Hochschule für Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -16,11 +17,13 @@
 #include <unistd.h>
 #include <stdio.h>
 #include <sys/types.h>
-#include <sys/socket.h>
 #include <getopt.h>
 #include <errno.h>
 #include <string.h>
 #include <stdlib.h>
+#ifdef HAVE_SYSLOG
+#include <syslog.h>
+#endif
 
 #include <pt_tls.h>
 #include <pt_tls_client.h>
@@ -35,12 +38,13 @@
 /**
  * Print usage information
  */
-static void usage(FILE *out, char *cmd)
+static void usage(FILE *out)
 {
-	fprintf(out, "usage:\n");
-	fprintf(out, "  %s --connect <address> [--port <port>] [--cert <file>]+\n", cmd);
-	fprintf(out, "               [--client <client-id>] [--secret <password>]\n");
-	fprintf(out, "	             [--optionsfrom <filename>]\n");
+	fprintf(out,
+		"Usage: pt-tls  --connect <hostname|address> [--port <port>]\n"
+		"              [--cert <file>]+ [--key <file>]\n"
+		"              [--client <client-id>] [--secret <password>]\n"
+		"              [--optionsfrom <filename>] [--quiet] [--debug <level>]\n");
 }
 
 /**
@@ -121,24 +125,74 @@ static bool load_key(char *filename)
 }
 
 /**
- * Debug level
+ * Logging and debug level
  */
-static level_t pt_tls_level = 1;
+static bool log_to_stderr = TRUE;
+#ifdef HAVE_SYSLOG
+static bool log_to_syslog = TRUE;
+#endif /* HAVE_SYSLOG */
+static level_t default_loglevel = 1;
 
 static void dbg_pt_tls(debug_t group, level_t level, char *fmt, ...)
 {
-	if (level <= pt_tls_level)
+	va_list args;
+
+	if (level <= default_loglevel)
 	{
-		va_list args;
+		if (log_to_stderr)
+		{
+			va_start(args, fmt);
+			vfprintf(stderr, fmt, args);
+			va_end(args);
+			fprintf(stderr, "\n");
+		}
+#ifdef HAVE_SYSLOG
+		if (log_to_syslog)
+		{
+			char buffer[8192];
+			char *current = buffer, *next;
+
+			/* write in memory buffer first */
+			va_start(args, fmt);
+			vsnprintf(buffer, sizeof(buffer), fmt, args);
+			va_end(args);
 
-		va_start(args, fmt);
-		vfprintf(stderr, fmt, args);
-		fprintf(stderr, "\n");
-		va_end(args);
+			/* do a syslog with every line */
+			while (current)
+			{
+				next = strchr(current, '\n');
+				if (next)
+				{
+					*(next++) = '\0';
+				}
+				syslog(LOG_INFO, "%s\n", current);
+				current = next;
+			}
+		}
+#endif /* HAVE_SYSLOG */
 	}
 }
 
 /**
+ * Initialize logging to stderr/syslog
+ */
+static void init_log(const char *program)
+{
+	dbg = dbg_pt_tls;
+
+	if (log_to_stderr)
+	{
+		setbuf(stderr, NULL);
+	}
+#ifdef HAVE_SYSLOG
+	if (log_to_syslog)
+	{
+		openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV);
+	}
+#endif /* HAVE_SYSLOG */
+}
+
+/**
  * Handles --optionsfrom arguments
  */
 options_t *options;
@@ -169,7 +223,7 @@ static void init()
 	library_init(NULL, "pt-tls-client");
 	libtnccs_init();
 
-	dbg = dbg_pt_tls;
+	init_log("pt-tls-client");
 	options = options_create();
 
 	lib->plugins->add_static_features(lib->plugins, "pt-tls-client", features,
@@ -204,6 +258,7 @@ int main(int argc, char *argv[])
 			{"port",		required_argument,		NULL,		'p' },
 			{"cert",		required_argument,		NULL,		'x' },
 			{"key",			required_argument,		NULL,		'k' },
+			{"quiet",		no_argument,			NULL,		'q' },
 			{"debug",		required_argument,		NULL,		'd' },
 			{"optionsfrom",	required_argument,		NULL,		'+' },
 			{0,0,0,0 }
@@ -212,56 +267,59 @@ int main(int argc, char *argv[])
 		{
 			case EOF:
 				break;
-			case 'h':
-				usage(stdout, argv[0]);
+			case 'h':			/* --help */
+				usage(stdout);
 				return 0;
-			case 'x':
+			case 'x':			/* --cert <file> */
 				if (!load_certificate(optarg))
 				{
 					return 1;
 				}
 				continue;
-			case 'k':
+			case 'k':			/* --key <file> */
 				if (!load_key(optarg))
 				{
 					return 1;
 				}
 				continue;
-			case 'c':
+			case 'c':			/* --connect <hostname|address> */
 				if (address)
 				{
-					usage(stderr, argv[0]);
+					usage(stderr);
 					return 1;
 				}
 				address = optarg;
 				continue;
-			case 'i':
+			case 'i':			/* --client <client-id> */
 				identity = optarg;
 				continue;
-			case 's':
+			case 's':			/* --secret <password> */
 				secret = optarg;
 				continue;
-			case 'p':
+			case 'p':			/* --port <port> */
 				port = atoi(optarg);
 				continue;
-			case 'd':
-				pt_tls_level = atoi(optarg);
+			case 'q':       	/* --quiet */
+				log_to_stderr = FALSE;
+				continue;
+			case 'd':			/* --debug <level> */
+				default_loglevel = atoi(optarg);
 				continue;
-			case '+':	/* --optionsfrom <filename> */
+			case '+':			/* --optionsfrom <filename> */
 				if (!options->from(options, optarg, &argc, &argv, optind))
 				{
 					return 1;
 				}
 				continue;
 			default:
-				usage(stderr, argv[0]);
+				usage(stderr);
 				return 1;
 		}
 		break;
 	}
 	if (!address)
 	{
-		usage(stderr, argv[0]);
+		usage(stderr);
 		return 1;
 	}
 	if (secret)