From 7b8b352039efd78338a7bf451a0550644ec8a8da Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Sun, 28 Nov 2010 12:11:49 +0000 Subject: New upstream version. --- Android.mk | 2 +- ChangeLog | 2 +- Doxyfile.in | 7 +- Makefile.am | 2 +- Makefile.in | 24 +- NEWS | 73 +- README | 5 +- TODO | 2 +- aclocal.m4 | 153 +- config.guess | 149 +- config.sub | 47 +- configure | 2988 ++++++++++++++------ configure.in | 328 ++- debian/changelog | 6 + m4/macros/add-plugin.m4 | 10 + man/Makefile.am | 11 + man/Makefile.in | 507 ++++ man/ipsec.conf.5 | 1358 +++++++++ man/ipsec.conf.5.in | 1358 +++++++++ man/ipsec.secrets.5 | 176 ++ man/ipsec.secrets.5.in | 176 ++ man/strongswan.conf.5 | 910 ++++++ man/strongswan.conf.5.in | 910 ++++++ scripts/Makefile.am | 16 +- scripts/Makefile.in | 52 +- scripts/crypt_burn.c | 102 + scripts/key2keyid.c | 4 +- scripts/pubkey_speed.c | 10 +- src/Makefile.am | 4 + src/Makefile.in | 53 +- src/_copyright/Makefile.in | 20 +- src/_copyright/_copyright.c | 5 + src/_updown/Makefile.in | 20 +- src/_updown/_updown.in | 2 +- src/_updown_espmark/Makefile.in | 20 +- src/_updown_espmark/_updown_espmark | 2 +- src/charon/Makefile.in | 20 +- src/charon/charon.c | 4 +- src/checksum/Makefile.am | 12 +- src/checksum/Makefile.in | 31 +- src/checksum/checksum_builder.c | 205 +- src/dumm/Makefile.in | 20 +- src/dumm/cowfs.c | 256 +- src/dumm/cowfs.h | 24 +- src/dumm/dumm.c | 157 +- src/dumm/dumm.h | 41 +- src/dumm/ext/dumm.c | 152 +- src/dumm/ext/lib/dumm.rb | 6 +- src/dumm/ext/lib/dumm/guest.rb | 21 +- src/dumm/guest.c | 47 +- src/dumm/guest.h | 25 +- src/include/Makefile.in | 20 +- src/ipsec/Makefile.in | 20 +- src/ipsec/ipsec.8 | 2 +- src/libcharon/Android.mk | 16 +- src/libcharon/Makefile.am | 151 +- src/libcharon/Makefile.in | 484 ++-- src/libcharon/bus/bus.c | 3 +- src/libcharon/bus/listeners/file_logger.c | 35 +- src/libcharon/bus/listeners/file_logger.h | 3 +- src/libcharon/bus/listeners/sys_logger.c | 28 +- src/libcharon/bus/listeners/sys_logger.h | 3 +- src/libcharon/config/child_cfg.c | 9 - src/libcharon/config/child_cfg.h | 53 +- src/libcharon/config/proposal.c | 205 +- src/libcharon/config/proposal.h | 10 +- src/libcharon/daemon.c | 44 +- src/libcharon/daemon.h | 32 +- src/libcharon/encoding/generator.c | 80 +- src/libcharon/encoding/generator.h | 26 +- src/libcharon/encoding/message.c | 973 +++---- src/libcharon/encoding/message.h | 48 +- src/libcharon/encoding/payloads/delete_payload.c | 213 +- src/libcharon/encoding/payloads/delete_payload.h | 9 +- .../encoding/payloads/encryption_payload.c | 610 ++-- .../encoding/payloads/encryption_payload.h | 118 +- src/libcharon/encoding/payloads/notify_payload.c | 56 +- src/libcharon/encoding/payloads/notify_payload.h | 24 +- .../encoding/payloads/proposal_substructure.c | 321 +-- .../encoding/payloads/proposal_substructure.h | 33 +- src/libcharon/encoding/payloads/sa_payload.c | 277 +- src/libcharon/encoding/payloads/sa_payload.h | 22 +- src/libcharon/kernel/kernel_handler.c | 163 ++ src/libcharon/kernel/kernel_handler.h | 50 + src/libcharon/kernel/kernel_interface.c | 388 --- src/libcharon/kernel/kernel_interface.h | 408 --- src/libcharon/kernel/kernel_ipsec.c | 29 - src/libcharon/kernel/kernel_ipsec.h | 292 -- src/libcharon/kernel/kernel_net.h | 143 - src/libcharon/network/receiver.c | 29 +- src/libcharon/network/sender.c | 2 +- src/libcharon/network/socket.h | 21 +- src/libcharon/network/socket_manager.c | 63 +- src/libcharon/network/socket_manager.h | 14 +- src/libcharon/plugins/addrblock/Makefile.in | 20 +- src/libcharon/plugins/addrblock/addrblock_plugin.c | 6 +- src/libcharon/plugins/android/Makefile.in | 20 +- src/libcharon/plugins/android/android_plugin.c | 6 +- src/libcharon/plugins/android/android_service.c | 4 +- src/libcharon/plugins/dhcp/Makefile.in | 20 +- src/libcharon/plugins/dhcp/dhcp_plugin.c | 6 +- src/libcharon/plugins/dhcp/dhcp_socket.c | 25 +- src/libcharon/plugins/eap_aka/Makefile.in | 20 +- src/libcharon/plugins/eap_aka_3gpp2/Makefile.in | 20 +- src/libcharon/plugins/eap_gtc/Makefile.in | 20 +- src/libcharon/plugins/eap_identity/Makefile.in | 20 +- src/libcharon/plugins/eap_identity/eap_identity.c | 115 +- src/libcharon/plugins/eap_identity/eap_identity.h | 2 +- .../plugins/eap_identity/eap_identity_plugin.c | 15 +- src/libcharon/plugins/eap_md5/Makefile.in | 20 +- src/libcharon/plugins/eap_md5/eap_md5.c | 120 +- src/libcharon/plugins/eap_md5/eap_md5.h | 2 +- src/libcharon/plugins/eap_md5/eap_md5_plugin.c | 15 +- src/libcharon/plugins/eap_mschapv2/Makefile.in | 20 +- src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c | 10 +- src/libcharon/plugins/eap_radius/Makefile.in | 20 +- src/libcharon/plugins/eap_radius/eap_radius.c | 91 +- src/libcharon/plugins/eap_radius/eap_radius.h | 2 +- .../plugins/eap_radius/eap_radius_plugin.c | 6 +- src/libcharon/plugins/eap_radius/radius_server.h | 1 + src/libcharon/plugins/eap_sim/Makefile.in | 20 +- src/libcharon/plugins/eap_sim_file/Makefile.in | 20 +- .../plugins/eap_simaka_pseudonym/Makefile.in | 20 +- .../plugins/eap_simaka_reauth/Makefile.in | 20 +- src/libcharon/plugins/eap_simaka_sql/Makefile.in | 20 +- .../plugins/eap_simaka_sql/eap_simaka_sql_plugin.c | 6 +- src/libcharon/plugins/eap_tls/Makefile.am | 17 + src/libcharon/plugins/eap_tls/Makefile.in | 605 ++++ src/libcharon/plugins/eap_tls/eap_tls.c | 155 + src/libcharon/plugins/eap_tls/eap_tls.h | 59 + src/libcharon/plugins/eap_tls/eap_tls_plugin.c | 52 + src/libcharon/plugins/eap_tls/eap_tls_plugin.h | 47 + src/libcharon/plugins/eap_tnc/Makefile.am | 17 + src/libcharon/plugins/eap_tnc/Makefile.in | 605 ++++ src/libcharon/plugins/eap_tnc/eap_tnc.c | 156 + src/libcharon/plugins/eap_tnc/eap_tnc.h | 57 + src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c | 51 + src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h | 42 + src/libcharon/plugins/eap_ttls/Makefile.am | 21 + src/libcharon/plugins/eap_ttls/Makefile.in | 615 ++++ src/libcharon/plugins/eap_ttls/eap_ttls.c | 165 ++ src/libcharon/plugins/eap_ttls/eap_ttls.h | 59 + src/libcharon/plugins/eap_ttls/eap_ttls_avp.c | 187 ++ src/libcharon/plugins/eap_ttls/eap_ttls_avp.h | 68 + src/libcharon/plugins/eap_ttls/eap_ttls_peer.c | 316 +++ src/libcharon/plugins/eap_ttls/eap_ttls_peer.h | 47 + src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c | 52 + src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h | 47 + src/libcharon/plugins/eap_ttls/eap_ttls_server.c | 365 +++ src/libcharon/plugins/eap_ttls/eap_ttls_server.h | 47 + src/libcharon/plugins/farp/Makefile.in | 20 +- src/libcharon/plugins/farp/farp_plugin.c | 6 +- src/libcharon/plugins/farp/farp_spoofer.c | 2 +- src/libcharon/plugins/ha/Makefile.in | 20 +- src/libcharon/plugins/ha/ha_cache.c | 2 +- src/libcharon/plugins/ha/ha_ctl.c | 12 +- src/libcharon/plugins/ha/ha_dispatcher.c | 6 +- src/libcharon/plugins/ha/ha_kernel.c | 5 + src/libcharon/plugins/ha/ha_plugin.c | 6 +- src/libcharon/plugins/ha/ha_segments.c | 8 +- src/libcharon/plugins/ha/ha_socket.c | 2 +- src/libcharon/plugins/kernel_klips/Makefile.am | 17 - src/libcharon/plugins/kernel_klips/Makefile.in | 590 ---- .../plugins/kernel_klips/kernel_klips_ipsec.c | 2660 ----------------- .../plugins/kernel_klips/kernel_klips_ipsec.h | 46 - .../plugins/kernel_klips/kernel_klips_plugin.c | 56 - .../plugins/kernel_klips/kernel_klips_plugin.h | 42 - src/libcharon/plugins/kernel_klips/pfkeyv2.h | 322 --- src/libcharon/plugins/kernel_netlink/Makefile.am | 20 - src/libcharon/plugins/kernel_netlink/Makefile.in | 597 ---- .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 2265 --------------- .../plugins/kernel_netlink/kernel_netlink_ipsec.h | 46 - .../plugins/kernel_netlink/kernel_netlink_net.c | 1506 ---------- .../plugins/kernel_netlink/kernel_netlink_net.h | 46 - .../plugins/kernel_netlink/kernel_netlink_plugin.c | 59 - .../plugins/kernel_netlink/kernel_netlink_plugin.h | 42 - .../plugins/kernel_netlink/kernel_netlink_shared.c | 306 -- .../plugins/kernel_netlink/kernel_netlink_shared.h | 77 - src/libcharon/plugins/kernel_pfkey/Makefile.am | 17 - src/libcharon/plugins/kernel_pfkey/Makefile.in | 590 ---- .../plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 2210 --------------- .../plugins/kernel_pfkey/kernel_pfkey_ipsec.h | 46 - .../plugins/kernel_pfkey/kernel_pfkey_plugin.c | 56 - .../plugins/kernel_pfkey/kernel_pfkey_plugin.h | 42 - src/libcharon/plugins/kernel_pfroute/Makefile.am | 17 - src/libcharon/plugins/kernel_pfroute/Makefile.in | 590 ---- .../plugins/kernel_pfroute/kernel_pfroute_net.c | 729 ----- .../plugins/kernel_pfroute/kernel_pfroute_net.h | 46 - .../plugins/kernel_pfroute/kernel_pfroute_plugin.c | 58 - .../plugins/kernel_pfroute/kernel_pfroute_plugin.h | 42 - src/libcharon/plugins/led/Makefile.am | 16 + src/libcharon/plugins/led/Makefile.in | 601 ++++ src/libcharon/plugins/led/led_listener.c | 241 ++ src/libcharon/plugins/led/led_listener.h | 49 + src/libcharon/plugins/led/led_plugin.c | 67 + src/libcharon/plugins/led/led_plugin.h | 42 + src/libcharon/plugins/load_tester/Makefile.in | 20 +- .../plugins/load_tester/load_tester_ipsec.c | 15 +- .../plugins/load_tester/load_tester_listener.c | 2 +- .../plugins/load_tester/load_tester_plugin.c | 7 +- src/libcharon/plugins/maemo/Makefile.am | 23 + src/libcharon/plugins/maemo/Makefile.in | 631 +++++ src/libcharon/plugins/maemo/maemo_plugin.c | 70 + src/libcharon/plugins/maemo/maemo_plugin.h | 42 + src/libcharon/plugins/maemo/maemo_service.c | 510 ++++ src/libcharon/plugins/maemo/maemo_service.h | 49 + .../plugins/maemo/org.strongswan.charon.service | 4 + src/libcharon/plugins/medcli/Makefile.in | 20 +- src/libcharon/plugins/medcli/medcli_config.c | 30 +- src/libcharon/plugins/medsrv/Makefile.in | 20 +- src/libcharon/plugins/nm/Makefile.in | 20 +- src/libcharon/plugins/nm/nm_creds.c | 97 +- src/libcharon/plugins/nm/nm_creds.h | 17 + src/libcharon/plugins/nm/nm_plugin.c | 2 +- src/libcharon/plugins/nm/nm_service.c | 108 +- src/libcharon/plugins/smp/Makefile.in | 20 +- src/libcharon/plugins/smp/smp.c | 4 +- src/libcharon/plugins/socket_default/Makefile.in | 20 +- .../plugins/socket_default/socket_default_plugin.c | 25 +- .../plugins/socket_default/socket_default_socket.c | 35 +- .../plugins/socket_default/socket_default_socket.h | 4 - src/libcharon/plugins/socket_dynamic/Makefile.in | 20 +- .../plugins/socket_dynamic/socket_dynamic_plugin.c | 25 +- .../plugins/socket_dynamic/socket_dynamic_socket.c | 35 +- .../plugins/socket_dynamic/socket_dynamic_socket.h | 4 - src/libcharon/plugins/socket_raw/Makefile.in | 20 +- .../plugins/socket_raw/socket_raw_plugin.c | 25 +- .../plugins/socket_raw/socket_raw_socket.c | 42 +- .../plugins/socket_raw/socket_raw_socket.h | 4 - src/libcharon/plugins/sql/Makefile.am | 3 - src/libcharon/plugins/sql/Makefile.in | 23 +- src/libcharon/plugins/stroke/Makefile.in | 20 +- src/libcharon/plugins/stroke/stroke_config.c | 25 +- src/libcharon/plugins/stroke/stroke_control.c | 2 +- src/libcharon/plugins/stroke/stroke_cred.c | 715 +++-- src/libcharon/plugins/stroke/stroke_list.c | 41 +- src/libcharon/plugins/stroke/stroke_socket.c | 59 +- src/libcharon/plugins/tnc_imc/Makefile.am | 19 + src/libcharon/plugins/tnc_imc/Makefile.in | 603 ++++ src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c | 57 + src/libcharon/plugins/tnc_imc/tnc_imc_plugin.h | 42 + src/libcharon/plugins/tnc_imv/Makefile.am | 19 + src/libcharon/plugins/tnc_imv/Makefile.in | 603 ++++ src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c | 54 + src/libcharon/plugins/tnc_imv/tnc_imv_plugin.h | 42 + src/libcharon/plugins/tnccs_11/Makefile.am | 21 + src/libcharon/plugins/tnccs_11/Makefile.in | 607 ++++ src/libcharon/plugins/tnccs_11/tnccs_11.c | 328 +++ src/libcharon/plugins/tnccs_11/tnccs_11.h | 36 + src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c | 47 + src/libcharon/plugins/tnccs_11/tnccs_11_plugin.h | 42 + src/libcharon/plugins/tnccs_20/Makefile.am | 21 + src/libcharon/plugins/tnccs_20/Makefile.in | 607 ++++ src/libcharon/plugins/tnccs_20/tnccs_20.c | 103 + src/libcharon/plugins/tnccs_20/tnccs_20.h | 36 + src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c | 47 + src/libcharon/plugins/tnccs_20/tnccs_20_plugin.h | 42 + src/libcharon/plugins/uci/Makefile.in | 20 +- src/libcharon/plugins/uci/uci_control.c | 2 +- src/libcharon/plugins/unit_tester/Makefile.in | 20 +- .../plugins/unit_tester/tests/test_cert.c | 4 +- .../plugins/unit_tester/tests/test_rsa_gen.c | 6 +- src/libcharon/plugins/updown/Makefile.in | 20 +- src/libcharon/plugins/updown/updown_listener.c | 5 +- src/libcharon/processing/jobs/acquire_job.h | 2 +- src/libcharon/processing/jobs/callback_job.c | 271 -- src/libcharon/processing/jobs/callback_job.h | 118 - .../processing/jobs/delete_child_sa_job.h | 2 +- src/libcharon/processing/jobs/delete_ike_sa_job.h | 2 +- src/libcharon/processing/jobs/inactivity_job.c | 10 +- src/libcharon/processing/jobs/inactivity_job.h | 2 +- .../processing/jobs/initiate_mediation_job.h | 2 +- src/libcharon/processing/jobs/job.h | 52 - src/libcharon/processing/jobs/mediation_job.h | 2 +- src/libcharon/processing/jobs/migrate_job.h | 2 +- .../processing/jobs/process_message_job.h | 2 +- src/libcharon/processing/jobs/rekey_child_sa_job.h | 2 +- src/libcharon/processing/jobs/rekey_ike_sa_job.h | 2 +- src/libcharon/processing/jobs/retransmit_job.h | 2 +- src/libcharon/processing/jobs/roam_job.h | 2 +- src/libcharon/processing/jobs/send_dpd_job.h | 2 +- src/libcharon/processing/jobs/send_keepalive_job.h | 2 +- src/libcharon/processing/jobs/update_sa_job.h | 2 +- src/libcharon/processing/processor.c | 273 -- src/libcharon/processing/processor.h | 94 - src/libcharon/processing/scheduler.c | 358 --- src/libcharon/processing/scheduler.h | 130 - src/libcharon/sa/authenticators/eap/eap_manager.c | 54 +- src/libcharon/sa/authenticators/eap/eap_method.c | 47 - src/libcharon/sa/authenticators/eap/eap_method.h | 30 +- .../sa/authenticators/eap_authenticator.c | 122 +- .../sa/authenticators/pubkey_authenticator.c | 6 +- src/libcharon/sa/child_sa.c | 532 ++-- src/libcharon/sa/connect_manager.c | 14 +- src/libcharon/sa/ike_sa.c | 237 +- src/libcharon/sa/ike_sa.h | 8 + src/libcharon/sa/ike_sa_manager.c | 5 +- src/libcharon/sa/ike_sa_manager.h | 2 + src/libcharon/sa/keymat.c | 348 +-- src/libcharon/sa/keymat.h | 15 +- src/libcharon/sa/mediation_manager.c | 2 +- src/libcharon/sa/task_manager.c | 21 +- src/libcharon/sa/tasks/child_create.c | 4 +- src/libcharon/sa/tasks/child_delete.c | 17 +- src/libcharon/sa/tasks/child_rekey.c | 31 +- src/libcharon/sa/tasks/ike_auth.c | 12 +- src/libcharon/sa/tasks/ike_init.c | 2 +- src/libcharon/sa/tasks/ike_me.c | 10 +- src/libcharon/sa/tasks/ike_mobike.c | 215 +- src/libcharon/sa/tasks/ike_mobike.h | 5 + src/libcharon/sa/tasks/ike_natd.c | 41 +- src/libcharon/sa/tasks/ike_rekey.c | 83 +- src/libcharon/sa/tasks/ike_vendor.c | 14 +- src/libcharon/sa/trap_manager.c | 5 +- src/libcharon/tnccs/tnccs.c | 22 + src/libcharon/tnccs/tnccs.h | 52 + src/libcharon/tnccs/tnccs_manager.c | 148 + src/libcharon/tnccs/tnccs_manager.h | 74 + src/libfast/Makefile.in | 20 +- src/libfreeswan/Makefile.am | 1 + src/libfreeswan/Makefile.in | 21 +- src/libhydra/Android.mk | 12 +- src/libhydra/Makefile.am | 34 +- src/libhydra/Makefile.in | 77 +- src/libhydra/attributes/mem_pool.c | 301 +- src/libhydra/hydra.c | 2 + src/libhydra/hydra.h | 9 + src/libhydra/kernel/kernel_interface.c | 522 ++++ src/libhydra/kernel/kernel_interface.h | 476 ++++ src/libhydra/kernel/kernel_ipsec.c | 37 + src/libhydra/kernel/kernel_ipsec.h | 368 +++ src/libhydra/kernel/kernel_listener.h | 96 + src/libhydra/kernel/kernel_net.h | 145 + src/libhydra/plugins/attr/Makefile.am | 3 +- src/libhydra/plugins/attr/Makefile.in | 24 +- src/libhydra/plugins/attr_sql/Makefile.am | 2 +- src/libhydra/plugins/attr_sql/Makefile.in | 22 +- src/libhydra/plugins/kernel_klips/Makefile.am | 16 + src/libhydra/plugins/kernel_klips/Makefile.in | 604 ++++ .../plugins/kernel_klips/kernel_klips_ipsec.c | 2643 +++++++++++++++++ .../plugins/kernel_klips/kernel_klips_ipsec.h | 46 + .../plugins/kernel_klips/kernel_klips_plugin.c | 58 + .../plugins/kernel_klips/kernel_klips_plugin.h | 42 + src/libhydra/plugins/kernel_klips/pfkeyv2.h | 322 +++ src/libhydra/plugins/kernel_netlink/Makefile.am | 21 + src/libhydra/plugins/kernel_netlink/Makefile.in | 614 ++++ .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 2221 +++++++++++++++ .../plugins/kernel_netlink/kernel_netlink_ipsec.h | 46 + .../plugins/kernel_netlink/kernel_netlink_net.c | 1578 +++++++++++ .../plugins/kernel_netlink/kernel_netlink_net.h | 46 + .../plugins/kernel_netlink/kernel_netlink_plugin.c | 63 + .../plugins/kernel_netlink/kernel_netlink_plugin.h | 42 + .../plugins/kernel_netlink/kernel_netlink_shared.c | 306 ++ .../plugins/kernel_netlink/kernel_netlink_shared.h | 77 + src/libhydra/plugins/kernel_pfkey/Makefile.am | 17 + src/libhydra/plugins/kernel_pfkey/Makefile.in | 606 ++++ .../plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 2178 ++++++++++++++ .../plugins/kernel_pfkey/kernel_pfkey_ipsec.h | 46 + .../plugins/kernel_pfkey/kernel_pfkey_plugin.c | 58 + .../plugins/kernel_pfkey/kernel_pfkey_plugin.h | 42 + src/libhydra/plugins/kernel_pfroute/Makefile.am | 17 + src/libhydra/plugins/kernel_pfroute/Makefile.in | 606 ++++ .../plugins/kernel_pfroute/kernel_pfroute_net.c | 742 +++++ .../plugins/kernel_pfroute/kernel_pfroute_net.h | 46 + .../plugins/kernel_pfroute/kernel_pfroute_plugin.c | 58 + .../plugins/kernel_pfroute/kernel_pfroute_plugin.h | 42 + src/libhydra/plugins/resolve/Makefile.am | 3 +- src/libhydra/plugins/resolve/Makefile.in | 24 +- src/libsimaka/Makefile.in | 20 +- src/libsimaka/simaka_message.c | 9 +- src/libstrongswan/Android.mk | 12 +- src/libstrongswan/Makefile.am | 43 +- src/libstrongswan/Makefile.in | 188 +- src/libstrongswan/asn1/oid.c | 370 +-- src/libstrongswan/asn1/oid.h | 173 +- src/libstrongswan/asn1/oid.txt | 2 + src/libstrongswan/chunk.c | 28 +- src/libstrongswan/chunk.h | 6 +- src/libstrongswan/credentials/auth_cfg.c | 65 +- src/libstrongswan/credentials/auth_cfg.h | 32 +- src/libstrongswan/credentials/builder.c | 6 +- src/libstrongswan/credentials/builder.h | 18 +- src/libstrongswan/credentials/credential_factory.c | 76 +- src/libstrongswan/credentials/credential_factory.h | 18 +- src/libstrongswan/credentials/credential_manager.c | 43 +- src/libstrongswan/credentials/keys/private_key.h | 10 +- src/libstrongswan/credentials/keys/public_key.c | 10 + src/libstrongswan/credentials/keys/public_key.h | 36 +- src/libstrongswan/credentials/sets/callback_cred.c | 144 + src/libstrongswan/credentials/sets/callback_cred.h | 67 + src/libstrongswan/credentials/sets/mem_cred.c | 433 +++ src/libstrongswan/credentials/sets/mem_cred.h | 77 + src/libstrongswan/crypto/aead.c | 162 ++ src/libstrongswan/crypto/aead.h | 119 + src/libstrongswan/crypto/crypters/crypter.c | 23 +- src/libstrongswan/crypto/crypters/crypter.h | 39 +- src/libstrongswan/crypto/crypto_factory.c | 507 ++-- src/libstrongswan/crypto/crypto_factory.h | 54 +- src/libstrongswan/crypto/crypto_tester.c | 614 +++- src/libstrongswan/crypto/crypto_tester.h | 60 +- src/libstrongswan/crypto/diffie_hellman.c | 24 +- src/libstrongswan/crypto/diffie_hellman.h | 10 + src/libstrongswan/crypto/prfs/prf.c | 7 +- src/libstrongswan/crypto/prfs/prf.h | 8 +- .../crypto/proposal/proposal_keywords.c | 254 +- .../crypto/proposal/proposal_keywords.txt | 22 + src/libstrongswan/crypto/signers/signer.c | 9 +- src/libstrongswan/crypto/signers/signer.h | 10 + src/libstrongswan/crypto/transform.c | 7 +- src/libstrongswan/crypto/transform.h | 1 + src/libstrongswan/debug.c | 4 + src/libstrongswan/debug.h | 4 + src/libstrongswan/eap/eap.c | 131 + src/libstrongswan/eap/eap.h | 89 + src/libstrongswan/enum.c | 29 +- src/libstrongswan/enum.h | 18 + src/libstrongswan/library.c | 4 + src/libstrongswan/library.h | 18 + src/libstrongswan/plugins/aes/Makefile.in | 20 +- src/libstrongswan/plugins/aes/aes_crypter.c | 109 +- src/libstrongswan/plugins/aes/aes_crypter.h | 4 +- src/libstrongswan/plugins/aes/aes_plugin.c | 18 +- src/libstrongswan/plugins/agent/Makefile.in | 20 +- src/libstrongswan/plugins/agent/agent_plugin.c | 18 +- .../plugins/agent/agent_private_key.c | 103 +- .../plugins/agent/agent_private_key.h | 2 +- src/libstrongswan/plugins/blowfish/Makefile.in | 20 +- .../plugins/blowfish/blowfish_crypter.c | 78 +- .../plugins/blowfish/blowfish_crypter.h | 4 +- .../plugins/blowfish/blowfish_plugin.c | 18 +- src/libstrongswan/plugins/ccm/Makefile.am | 16 + src/libstrongswan/plugins/ccm/Makefile.in | 600 ++++ src/libstrongswan/plugins/ccm/ccm_aead.c | 397 +++ src/libstrongswan/plugins/ccm/ccm_aead.h | 51 + src/libstrongswan/plugins/ccm/ccm_plugin.c | 69 + src/libstrongswan/plugins/ccm/ccm_plugin.h | 42 + src/libstrongswan/plugins/ctr/Makefile.am | 16 + src/libstrongswan/plugins/ctr/Makefile.in | 600 ++++ src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c | 173 ++ src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h | 54 + src/libstrongswan/plugins/ctr/ctr_plugin.c | 65 + src/libstrongswan/plugins/ctr/ctr_plugin.h | 42 + src/libstrongswan/plugins/curl/Makefile.in | 20 +- src/libstrongswan/plugins/curl/curl_fetcher.c | 10 +- src/libstrongswan/plugins/des/Makefile.in | 20 +- src/libstrongswan/plugins/des/des_crypter.c | 114 +- src/libstrongswan/plugins/des/des_crypter.h | 4 +- src/libstrongswan/plugins/des/des_plugin.c | 16 +- src/libstrongswan/plugins/dnskey/Makefile.in | 20 +- src/libstrongswan/plugins/dnskey/dnskey_plugin.c | 4 +- src/libstrongswan/plugins/fips_prf/Makefile.in | 20 +- src/libstrongswan/plugins/gcm/Makefile.am | 16 + src/libstrongswan/plugins/gcm/Makefile.in | 600 ++++ src/libstrongswan/plugins/gcm/gcm_aead.c | 425 +++ src/libstrongswan/plugins/gcm/gcm_aead.h | 51 + src/libstrongswan/plugins/gcm/gcm_plugin.c | 63 + src/libstrongswan/plugins/gcm/gcm_plugin.h | 42 + src/libstrongswan/plugins/gcrypt/Makefile.in | 20 +- src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c | 136 +- src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_dh.c | 113 +- src/libstrongswan/plugins/gcrypt/gcrypt_dh.h | 11 + src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c | 50 +- src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h | 2 +- src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c | 32 +- src/libstrongswan/plugins/gcrypt/gcrypt_rng.c | 37 +- .../plugins/gcrypt/gcrypt_rsa_private_key.c | 116 +- .../plugins/gcrypt/gcrypt_rsa_private_key.h | 2 +- .../plugins/gcrypt/gcrypt_rsa_public_key.c | 98 +- .../plugins/gcrypt/gcrypt_rsa_public_key.h | 2 +- src/libstrongswan/plugins/gmp/Makefile.in | 20 +- src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c | 106 +- src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h | 11 + src/libstrongswan/plugins/gmp/gmp_plugin.c | 27 +- .../plugins/gmp/gmp_rsa_private_key.c | 127 +- .../plugins/gmp/gmp_rsa_private_key.h | 2 +- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 111 +- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h | 2 +- src/libstrongswan/plugins/hmac/Makefile.in | 20 +- src/libstrongswan/plugins/hmac/hmac.c | 58 +- src/libstrongswan/plugins/hmac/hmac_plugin.c | 20 +- src/libstrongswan/plugins/hmac/hmac_prf.c | 77 +- src/libstrongswan/plugins/hmac/hmac_prf.h | 4 +- src/libstrongswan/plugins/hmac/hmac_signer.c | 108 +- src/libstrongswan/plugins/hmac/hmac_signer.h | 7 +- src/libstrongswan/plugins/ldap/Makefile.in | 20 +- src/libstrongswan/plugins/md4/Makefile.in | 20 +- src/libstrongswan/plugins/md5/Makefile.in | 20 +- src/libstrongswan/plugins/mysql/Makefile.in | 20 +- src/libstrongswan/plugins/openssl/Makefile.in | 20 +- src/libstrongswan/plugins/openssl/openssl_crl.c | 17 +- .../plugins/openssl/openssl_crypter.c | 174 +- .../plugins/openssl/openssl_crypter.h | 4 +- .../plugins/openssl/openssl_diffie_hellman.c | 72 +- .../plugins/openssl/openssl_diffie_hellman.h | 5 +- .../plugins/openssl/openssl_ec_diffie_hellman.c | 59 +- .../plugins/openssl/openssl_ec_private_key.c | 114 +- .../plugins/openssl/openssl_ec_private_key.h | 2 +- .../plugins/openssl/openssl_ec_public_key.c | 104 +- .../plugins/openssl/openssl_ec_public_key.h | 2 +- src/libstrongswan/plugins/openssl/openssl_hasher.c | 50 +- src/libstrongswan/plugins/openssl/openssl_hasher.h | 4 +- src/libstrongswan/plugins/openssl/openssl_plugin.c | 72 +- .../plugins/openssl/openssl_rsa_private_key.c | 229 +- .../plugins/openssl/openssl_rsa_private_key.h | 2 +- .../plugins/openssl/openssl_rsa_public_key.c | 123 +- .../plugins/openssl/openssl_rsa_public_key.h | 2 +- .../plugins/openssl/openssl_sha1_prf.c | 16 +- src/libstrongswan/plugins/openssl/openssl_x509.c | 57 +- src/libstrongswan/plugins/padlock/Makefile.in | 20 +- .../plugins/padlock/padlock_aes_crypter.c | 79 +- .../plugins/padlock/padlock_aes_crypter.h | 4 +- src/libstrongswan/plugins/padlock/padlock_plugin.c | 18 +- src/libstrongswan/plugins/padlock/padlock_rng.c | 46 +- .../plugins/padlock/padlock_sha1_hasher.c | 55 +- .../plugins/padlock/padlock_sha1_hasher.h | 2 +- src/libstrongswan/plugins/pem/Makefile.in | 20 +- src/libstrongswan/plugins/pem/pem_builder.c | 93 +- src/libstrongswan/plugins/pem/pem_plugin.c | 38 +- src/libstrongswan/plugins/pgp/Makefile.in | 20 +- src/libstrongswan/plugins/pgp/pgp_builder.c | 2 +- src/libstrongswan/plugins/pgp/pgp_plugin.c | 10 +- src/libstrongswan/plugins/pkcs1/Makefile.in | 20 +- src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c | 6 +- src/libstrongswan/plugins/pkcs11/Makefile.am | 21 + src/libstrongswan/plugins/pkcs11/Makefile.in | 614 ++++ src/libstrongswan/plugins/pkcs11/pkcs11.h | 1357 +++++++++ src/libstrongswan/plugins/pkcs11/pkcs11_creds.c | 249 ++ src/libstrongswan/plugins/pkcs11/pkcs11_creds.h | 68 + src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c | 323 +++ src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h | 47 + src/libstrongswan/plugins/pkcs11/pkcs11_library.c | 869 ++++++ src/libstrongswan/plugins/pkcs11/pkcs11_library.h | 110 + src/libstrongswan/plugins/pkcs11/pkcs11_manager.c | 407 +++ src/libstrongswan/plugins/pkcs11/pkcs11_manager.h | 78 + src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c | 176 ++ src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h | 42 + .../plugins/pkcs11/pkcs11_private_key.c | 600 ++++ .../plugins/pkcs11/pkcs11_private_key.h | 63 + .../plugins/pkcs11/pkcs11_public_key.c | 473 ++++ .../plugins/pkcs11/pkcs11_public_key.h | 49 + src/libstrongswan/plugins/plugin_loader.c | 6 +- src/libstrongswan/plugins/pubkey/Makefile.in | 20 +- src/libstrongswan/plugins/pubkey/pubkey_plugin.c | 2 +- src/libstrongswan/plugins/random/Makefile.in | 20 +- src/libstrongswan/plugins/revocation/Makefile.in | 20 +- .../plugins/revocation/revocation_plugin.c | 6 +- src/libstrongswan/plugins/sha1/Makefile.in | 20 +- src/libstrongswan/plugins/sha2/Makefile.in | 20 +- src/libstrongswan/plugins/sqlite/Makefile.in | 20 +- src/libstrongswan/plugins/test_vectors/Makefile.am | 5 + src/libstrongswan/plugins/test_vectors/Makefile.in | 74 +- .../plugins/test_vectors/test_vectors.h | 41 + .../plugins/test_vectors/test_vectors/aes_ccm.c | 157 + .../plugins/test_vectors/test_vectors/aes_ctr.c | 148 + .../plugins/test_vectors/test_vectors/aes_gcm.c | 139 + .../test_vectors/test_vectors/camellia_ctr.c | 148 + .../test_vectors/test_vectors/camellia_xcbc.c | 58 + .../plugins/test_vectors/test_vectors_plugin.c | 16 + src/libstrongswan/plugins/x509/Makefile.in | 20 +- src/libstrongswan/plugins/x509/x509_cert.c | 52 +- src/libstrongswan/plugins/x509/x509_pkcs10.c | 2 +- src/libstrongswan/plugins/x509/x509_plugin.c | 20 +- src/libstrongswan/plugins/xcbc/Makefile.in | 20 +- src/libstrongswan/plugins/xcbc/xcbc.c | 110 +- src/libstrongswan/plugins/xcbc/xcbc_plugin.c | 28 +- src/libstrongswan/plugins/xcbc/xcbc_prf.c | 61 +- src/libstrongswan/plugins/xcbc/xcbc_prf.h | 4 +- src/libstrongswan/plugins/xcbc/xcbc_signer.c | 77 +- src/libstrongswan/plugins/xcbc/xcbc_signer.h | 4 +- src/libstrongswan/printf_hook.c | 100 +- src/libstrongswan/printf_hook.h | 6 +- src/libstrongswan/processing/jobs/callback_job.c | 271 ++ src/libstrongswan/processing/jobs/callback_job.h | 118 + src/libstrongswan/processing/jobs/job.h | 52 + src/libstrongswan/processing/processor.c | 273 ++ src/libstrongswan/processing/processor.h | 94 + src/libstrongswan/processing/scheduler.c | 358 +++ src/libstrongswan/processing/scheduler.h | 130 + src/libstrongswan/settings.c | 128 +- src/libstrongswan/settings.h | 5 +- src/libstrongswan/utils.c | 2 +- src/libstrongswan/utils.h | 22 + src/libstrongswan/utils/identification.c | 24 +- src/libstrongswan/utils/leak_detective.c | 5 + src/libstrongswan/utils/linked_list.h | 34 +- src/libtls/Makefile.am | 18 + src/libtls/Makefile.in | 559 ++++ src/libtls/tls.c | 481 ++++ src/libtls/tls.h | 236 ++ src/libtls/tls_alert.c | 228 ++ src/libtls/tls_alert.h | 126 + src/libtls/tls_application.h | 63 + src/libtls/tls_compression.c | 72 + src/libtls/tls_compression.h | 80 + src/libtls/tls_crypto.c | 1674 +++++++++++ src/libtls/tls_crypto.h | 554 ++++ src/libtls/tls_eap.c | 379 +++ src/libtls/tls_eap.h | 81 + src/libtls/tls_fragmentation.c | 471 +++ src/libtls/tls_fragmentation.h | 88 + src/libtls/tls_handshake.h | 90 + src/libtls/tls_peer.c | 1099 +++++++ src/libtls/tls_peer.h | 54 + src/libtls/tls_prf.c | 190 ++ src/libtls/tls_prf.h | 72 + src/libtls/tls_protection.c | 333 +++ src/libtls/tls_protection.h | 98 + src/libtls/tls_reader.c | 200 ++ src/libtls/tls_reader.h | 131 + src/libtls/tls_server.c | 1032 +++++++ src/libtls/tls_server.h | 55 + src/libtls/tls_socket.c | 219 ++ src/libtls/tls_socket.h | 75 + src/libtls/tls_writer.c | 237 ++ src/libtls/tls_writer.h | 136 + src/manager/Makefile.am | 2 +- src/manager/Makefile.in | 22 +- src/medsrv/Makefile.am | 2 +- src/medsrv/Makefile.in | 22 +- src/openac/Makefile.am | 2 +- src/openac/Makefile.in | 22 +- src/openac/openac.c | 12 +- src/pki/Makefile.am | 2 +- src/pki/Makefile.in | 22 +- src/pki/commands/issue.c | 34 +- src/pki/commands/print.c | 61 +- src/pki/commands/pub.c | 18 +- src/pki/commands/req.c | 2 +- src/pki/commands/self.c | 19 +- src/pki/commands/signcrl.c | 32 +- src/pki/pki.c | 67 + src/pluto/Makefile.am | 16 +- src/pluto/Makefile.in | 129 +- src/pluto/alg_info.c | 2 +- src/pluto/builder.c | 4 +- src/pluto/certs.c | 99 +- src/pluto/certs.h | 2 - src/pluto/connections.c | 85 +- src/pluto/connections.h | 4 +- src/pluto/constants.c | 10 +- src/pluto/constants.h | 21 +- src/pluto/crypto.c | 347 +-- src/pluto/crypto.h | 7 + src/pluto/defs.h | 15 - src/pluto/demux.c | 15 +- src/pluto/event_queue.c | 195 ++ src/pluto/event_queue.h | 69 + src/pluto/ike_alg.c | 12 +- src/pluto/ipsec.secrets.5 | 175 -- src/pluto/ipsec.secrets.5.in | 175 -- src/pluto/ipsec_doi.c | 9 +- src/pluto/kernel.c | 2236 +++++---------- src/pluto/kernel.h | 80 +- src/pluto/kernel_alg.c | 78 +- src/pluto/kernel_alg.h | 1 - src/pluto/kernel_netlink.c | 1319 --------- src/pluto/kernel_netlink.h | 18 - src/pluto/kernel_noklips.c | 124 - src/pluto/kernel_noklips.h | 17 - src/pluto/kernel_pfkey.c | 862 ++---- src/pluto/kernel_pfkey.h | 17 +- src/pluto/keys.c | 127 +- src/pluto/log.c | 3 - src/pluto/modecfg.c | 2 +- src/pluto/nat_traversal.c | 108 +- src/pluto/nat_traversal.h | 14 +- src/pluto/pkcs7.c | 8 +- src/pluto/plugins/xauth/Makefile.in | 20 +- src/pluto/pluto.8 | 95 +- src/pluto/pluto.c | 2 + src/pluto/pluto.h | 7 + src/pluto/plutomain.c | 46 +- src/pluto/server.c | 54 +- src/pluto/smartcard.c | 26 +- src/pluto/spdb.c | 6 +- src/pluto/state.c | 56 +- src/pluto/state.h | 3 - src/pluto/timer.c | 7 - src/pluto/x509.c | 2 +- src/scepclient/Makefile.am | 2 +- src/scepclient/Makefile.in | 22 +- src/scepclient/scepclient.c | 4 +- src/starter/Makefile.am | 11 +- src/starter/Makefile.in | 97 +- src/starter/README | 5 +- src/starter/args.c | 1 + src/starter/confread.c | 37 +- src/starter/confread.h | 12 +- src/starter/interfaces.c | 4 +- src/starter/ipsec.conf.5 | 1330 --------- src/starter/ipsec.conf.5.in | 1330 --------- src/starter/keywords.c | 321 +-- src/starter/keywords.h | 3 +- src/starter/keywords.txt | 1 + src/starter/starterstroke.c | 12 +- src/starter/starterwhack.c | 2 +- src/stroke/Makefile.in | 20 +- src/stroke/stroke.c | 55 +- src/stroke/stroke_keywords.c | 19 +- src/stroke/stroke_keywords.h | 4 +- src/stroke/stroke_keywords.txt | 1 + src/stroke/stroke_msg.h | 19 + src/whack/Makefile.am | 1 + src/whack/Makefile.in | 21 +- src/whack/whack.c | 7 +- testing/INSTALL | 14 +- testing/Makefile.am | 2 +- testing/Makefile.in | 22 +- testing/do-tests.in | 106 +- testing/hosts/alice/etc/init.d/radiusd | 64 + testing/hosts/alice/etc/ipsec.conf | 1 + testing/hosts/alice/etc/raddb/certs/aaaCert.pem | 25 + testing/hosts/alice/etc/raddb/certs/aaaKey.pem | 27 + testing/hosts/alice/etc/raddb/certs/dh | 5 + testing/hosts/alice/etc/raddb/certs/random | Bin 0 -> 1024 bytes .../hosts/alice/etc/raddb/certs/strongswanCert.pem | 22 + testing/hosts/alice/etc/strongswan.conf | 2 +- testing/hosts/bob/etc/ipsec.conf | 1 + testing/hosts/bob/etc/strongswan.conf | 2 +- testing/hosts/carol/etc/ipsec.conf | 1 + testing/hosts/carol/etc/strongswan.conf | 2 +- testing/hosts/dave/etc/ipsec.conf | 1 + testing/hosts/dave/etc/strongswan.conf | 2 +- testing/hosts/moon/etc/ipsec.conf | 1 + testing/hosts/moon/etc/strongswan.conf | 2 +- testing/hosts/sun/etc/ipsec.conf | 1 + testing/hosts/sun/etc/strongswan.conf | 2 +- testing/hosts/venus/etc/ipsec.conf | 1 + testing/hosts/venus/etc/strongswan.conf | 2 +- testing/hosts/winnetou/etc/openssl/index.txt | 1 + testing/hosts/winnetou/etc/openssl/index.txt.old | 1 + testing/hosts/winnetou/etc/openssl/newcerts/22.pem | 25 + testing/hosts/winnetou/etc/openssl/serial | 2 +- testing/hosts/winnetou/etc/openssl/serial.old | 2 +- testing/scripts/build-umlkernel | 4 +- testing/scripts/build-umlrootfs | 48 +- testing/scripts/gstart-umls | 2 +- testing/scripts/load-testconfig | 16 +- testing/scripts/restore-defaults | 2 +- testing/ssh_config | 10 + testing/testing.conf | 22 +- .../alg-camellia/hosts/carol/etc/ipsec.conf | 1 + .../alg-camellia/hosts/carol/etc/strongswan.conf | 2 +- .../alg-camellia/hosts/moon/etc/ipsec.conf | 1 + .../alg-camellia/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/gcrypt-ikev1/alg-camellia/test.conf | 4 +- .../alg-serpent/hosts/carol/etc/ipsec.conf | 1 + .../alg-serpent/hosts/carol/etc/strongswan.conf | 2 +- .../alg-serpent/hosts/moon/etc/ipsec.conf | 1 + .../alg-serpent/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/gcrypt-ikev1/alg-serpent/test.conf | 4 +- .../alg-twofish/hosts/carol/etc/ipsec.conf | 1 + .../alg-twofish/hosts/carol/etc/strongswan.conf | 2 +- .../alg-twofish/hosts/moon/etc/ipsec.conf | 1 + .../alg-twofish/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/gcrypt-ikev1/alg-twofish/test.conf | 4 +- .../rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../rw-cert/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/gcrypt-ikev2/alg-camellia/test.conf | 4 +- .../rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../ike/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../tests/ike/rw-cert/hosts/dave/etc/ipsec.conf | 2 +- .../tests/ike/rw-cert/hosts/moon/etc/ipsec.conf | 1 + .../ike/rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../rw_v1-net_v2/hosts/moon/etc/strongswan.conf | 2 +- .../after-2038-certs/hosts/carol/etc/ipsec.conf | 1 + .../after-2038-certs/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf | 1 + .../alg-blowfish/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf | 1 + .../alg-blowfish/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev1/alg-blowfish/test.conf | 4 +- .../ikev1/alg-sha256-96/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/alg-sha256-96/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/alg-sha256-96/test.conf | 4 +- .../ikev1/alg-sha256/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/alg-sha256/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/alg-sha256/test.conf | 4 +- .../ikev1/alg-sha384/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/alg-sha384/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/alg-sha384/test.conf | 4 +- .../ikev1/alg-sha512/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/alg-sha512/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/alg-sha512/test.conf | 4 +- .../ikev1/attr-cert/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/attr-cert/hosts/dave/etc/ipsec.conf | 1 + .../ikev1/attr-cert/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/attr-cert/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/compress/hosts/carol/etc/ipsec.conf | 1 + .../tests/ikev1/compress/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/compress/test.conf | 4 +- .../crl-from-cache/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/crl-from-cache/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/crl-ldap/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/crl-ldap/hosts/carol/etc/strongswan.conf | 2 +- .../tests/ikev1/crl-ldap/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/crl-ldap/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/crl-revoked/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/crl-revoked/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/crl-strict/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/crl-strict/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/crl-to-cache/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/crl-to-cache/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/default-keys/hosts/carol/etc/ipsec.conf | 1 + .../default-keys/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/default-keys/hosts/moon/etc/ipsec.conf | 1 + .../default-keys/hosts/moon/etc/strongswan.conf | 2 +- .../double-nat-net/hosts/alice/etc/ipsec.conf | 1 + .../ikev1/double-nat-net/hosts/bob/etc/ipsec.conf | 1 + .../ikev1/double-nat/hosts/alice/etc/ipsec.conf | 1 + .../ikev1/dpd-clear/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/dpd-restart/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/dpd-restart/hosts/moon/etc/ipsec.conf | 1 + .../dynamic-initiator/hosts/carol/etc/ipsec.conf | 1 + .../dynamic-initiator/hosts/dave/etc/ipsec.conf | 1 + .../dynamic-initiator/hosts/moon/etc/ipsec.conf | 1 + .../dynamic-responder/hosts/carol/etc/ipsec.conf | 1 + .../dynamic-responder/hosts/dave/etc/ipsec.conf | 1 + .../dynamic-responder/hosts/moon/etc/ipsec.conf | 1 + .../dynamic-two-peers/hosts/carol/etc/ipsec.conf | 1 + .../dynamic-two-peers/hosts/dave/etc/ipsec.conf | 1 + .../dynamic-two-peers/hosts/moon/etc/ipsec.conf | 1 + .../esp-ah-transport/hosts/carol/etc/ipsec.conf | 1 + .../esp-ah-transport/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/esp-ah-tunnel/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/esp-ah-tunnel/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/esp-ah-tunnel/test.conf | 4 +- testing/tests/ikev1/esp-alg-aes-ccm/test.conf | 4 +- testing/tests/ikev1/esp-alg-aes-ctr/test.conf | 4 +- testing/tests/ikev1/esp-alg-aes-gcm/test.conf | 4 +- testing/tests/ikev1/esp-alg-aes-gmac/test.conf | 4 +- .../esp-alg-aesxcbc/hosts/carol/etc/ipsec.conf | 1 + .../esp-alg-aesxcbc/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/esp-alg-aesxcbc/test.conf | 4 +- .../ikev1/esp-alg-des/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/esp-alg-des/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/esp-alg-des/test.conf | 4 +- .../ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf | 1 + testing/tests/ikev1/esp-alg-null/test.conf | 4 +- .../esp-alg-strict-fail/hosts/carol/etc/ipsec.conf | 1 + .../esp-alg-strict-fail/hosts/moon/etc/ipsec.conf | 1 + .../esp-alg-strict/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/esp-alg-weak/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/esp-alg-weak/hosts/moon/etc/ipsec.conf | 1 + .../host2host-swapped/hosts/moon/etc/ipsec.conf | 1 + .../host2host-swapped/hosts/sun/etc/ipsec.conf | 1 + .../host2host-transport/hosts/moon/etc/ipsec.conf | 1 + .../host2host-transport/hosts/sun/etc/ipsec.conf | 1 + .../ike-alg-strict-fail/hosts/carol/etc/ipsec.conf | 1 + .../ike-alg-strict-fail/hosts/moon/etc/ipsec.conf | 1 + .../ike-alg-strict/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../ip-pool-db-push/hosts/dave/etc/strongswan.conf | 2 +- .../ip-pool-db-push/hosts/moon/etc/strongswan.conf | 2 +- .../ip-pool-db/hosts/carol/etc/strongswan.conf | 2 +- .../ip-pool-db/hosts/dave/etc/strongswan.conf | 2 +- .../ip-pool-db/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/ip-pool/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/ip-pool/hosts/dave/etc/strongswan.conf | 2 +- .../ikev1/ip-pool/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/alice/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../ip-two-pools/hosts/alice/etc/strongswan.conf | 2 +- .../ip-two-pools/hosts/carol/etc/strongswan.conf | 2 +- .../ip-two-pools/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/ipsec.conf | 1 + .../mode-config-multiple/hosts/dave/etc/ipsec.conf | 1 + .../mode-config-multiple/hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../mode-config-push/hosts/carol/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../mode-config-push/hosts/dave/etc/ipsec.conf | 1 + .../hosts/dave/etc/strongswan.conf | 2 +- .../mode-config-push/hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../mode-config-swapped/hosts/carol/etc/ipsec.conf | 1 + .../mode-config-swapped/hosts/dave/etc/ipsec.conf | 1 + .../mode-config-swapped/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/mode-config/hosts/carol/etc/ipsec.conf | 1 + .../mode-config/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/mode-config/hosts/dave/etc/ipsec.conf | 1 + .../mode-config/hosts/dave/etc/strongswan.conf | 2 +- .../ikev1/mode-config/hosts/moon/etc/ipsec.conf | 1 + .../mode-config/hosts/moon/etc/strongswan.conf | 2 +- .../multi-level-ca-ldap/hosts/carol/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../multi-level-ca-ldap/hosts/dave/etc/ipsec.conf | 1 + .../hosts/dave/etc/strongswan.conf | 2 +- .../multi-level-ca-ldap/hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../multi-level-ca-loop/hosts/carol/etc/ipsec.conf | 1 + .../multi-level-ca-loop/hosts/moon/etc/ipsec.conf | 1 + .../hosts/carol/etc/ipsec.conf | 1 + .../hosts/moon/etc/ipsec.conf | 1 + .../hosts/carol/etc/ipsec.conf | 1 + .../hosts/moon/etc/ipsec.conf | 1 + .../hosts/carol/etc/ipsec.conf | 1 + .../hosts/dave/etc/ipsec.conf | 1 + .../hosts/moon/etc/ipsec.conf | 1 + .../multi-level-ca/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf | 1 + .../ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/nat-before-esp/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/nat-before-esp/hosts/sun/etc/ipsec.conf | 1 + .../tests/ikev1/nat-two-rw-mark/description.txt | 16 + testing/tests/ikev1/nat-two-rw-mark/evaltest.dat | 18 + .../nat-two-rw-mark/hosts/alice/etc/ipsec.conf | 27 + .../ikev1/nat-two-rw-mark/hosts/sun/etc/ipsec.conf | 36 + .../nat-two-rw-mark/hosts/sun/etc/mark_updown | 527 ++++ .../nat-two-rw-mark/hosts/venus/etc/ipsec.conf | 27 + testing/tests/ikev1/nat-two-rw-mark/posttest.dat | 11 + testing/tests/ikev1/nat-two-rw-mark/pretest.dat | 21 + testing/tests/ikev1/nat-two-rw-mark/test.conf | 21 + .../nat-two-rw-psk/hosts/alice/etc/ipsec.conf | 1 + .../nat-two-rw-psk/hosts/alice/etc/strongswan.conf | 2 +- .../ikev1/nat-two-rw-psk/hosts/sun/etc/ipsec.conf | 1 + .../nat-two-rw-psk/hosts/sun/etc/strongswan.conf | 2 +- .../nat-two-rw-psk/hosts/venus/etc/ipsec.conf | 1 + .../nat-two-rw-psk/hosts/venus/etc/strongswan.conf | 2 +- .../ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf | 1 + .../net2net-pgp-v3/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf | 1 + .../net2net-pgp-v3/hosts/sun/etc/strongswan.conf | 2 +- .../ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf | 1 + .../net2net-pgp-v4/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf | 1 + .../net2net-pgp-v4/hosts/sun/etc/strongswan.conf | 2 +- .../net2net-psk-fail/hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../net2net-psk-fail/hosts/sun/etc/ipsec.conf | 1 + .../net2net-psk-fail/hosts/sun/etc/strongswan.conf | 2 +- .../ikev1/net2net-psk/hosts/moon/etc/ipsec.conf | 1 + .../net2net-psk/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/net2net-psk/hosts/sun/etc/ipsec.conf | 1 + .../net2net-psk/hosts/sun/etc/strongswan.conf | 2 +- .../ikev1/net2net-route/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/net2net-rsa/hosts/moon/etc/ipsec.conf | 1 + .../net2net-rsa/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/net2net-rsa/hosts/sun/etc/ipsec.conf | 1 + .../net2net-rsa/hosts/sun/etc/strongswan.conf | 2 +- .../tests/ikev1/net2net-same-nets/description.txt | 15 + testing/tests/ikev1/net2net-same-nets/evaltest.dat | 10 + .../net2net-same-nets/hosts/moon/etc/ipsec.conf | 25 + .../net2net-same-nets/hosts/sun/etc/ipsec.conf | 27 + .../net2net-same-nets/hosts/sun/etc/mark_updown | 376 +++ testing/tests/ikev1/net2net-same-nets/posttest.dat | 7 + testing/tests/ikev1/net2net-same-nets/pretest.dat | 6 + testing/tests/ikev1/net2net-same-nets/test.conf | 21 + .../ikev1/net2net-start/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/ocsp-revoked/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/ocsp-revoked/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/ocsp-strict/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/ocsp-strict/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/passthrough/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/passthrough/hosts/sun/etc/ipsec.conf | 1 + .../protoport-dual/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/protoport-dual/hosts/moon/etc/ipsec.conf | 1 + .../protoport-pass/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/protoport-pass/hosts/moon/etc/ipsec.conf | 1 + .../protoport-route/hosts/carol/etc/ipsec.conf | 1 + .../protoport-route/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/req-pkcs10/hosts/carol/etc/ipsec.conf | 1 + .../req-pkcs10/hosts/carol/etc/strongswan.conf | 2 +- .../req-pkcs10/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/rw-cert/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev1/rw-mark-in-out/description.txt | 16 + testing/tests/ikev1/rw-mark-in-out/evaltest.dat | 18 + .../rw-mark-in-out/hosts/alice/etc/init.d/iptables | 77 + .../rw-mark-in-out/hosts/alice/etc/ipsec.conf | 26 + .../ikev1/rw-mark-in-out/hosts/sun/etc/ipsec.conf | 37 + .../ikev1/rw-mark-in-out/hosts/sun/etc/mark_updown | 527 ++++ .../rw-mark-in-out/hosts/venus/etc/init.d/iptables | 77 + .../rw-mark-in-out/hosts/venus/etc/ipsec.conf | 26 + testing/tests/ikev1/rw-mark-in-out/posttest.dat | 12 + testing/tests/ikev1/rw-mark-in-out/pretest.dat | 18 + testing/tests/ikev1/rw-mark-in-out/test.conf | 21 + .../rw-psk-fqdn-named/hosts/carol/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../rw-psk-fqdn-named/hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/rw-psk-fqdn/hosts/carol/etc/ipsec.conf | 1 + .../rw-psk-fqdn/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/rw-psk-fqdn/hosts/moon/etc/ipsec.conf | 1 + .../rw-psk-fqdn/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/rw-psk-ipv4/hosts/carol/etc/ipsec.conf | 1 + .../rw-psk-ipv4/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/rw-psk-ipv4/hosts/moon/etc/ipsec.conf | 1 + .../rw-psk-ipv4/hosts/moon/etc/strongswan.conf | 2 +- .../rw-psk-no-policy/hosts/carol/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../rw-psk-no-policy/hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf | 1 + .../rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf | 1 + .../rw-rsa-no-policy/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/self-signed/hosts/carol/etc/ipsec.conf | 1 + .../self-signed/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/self-signed/hosts/moon/etc/ipsec.conf | 1 + .../self-signed/hosts/moon/etc/strongswan.conf | 2 +- .../starter-also-loop/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/starter-also/hosts/moon/etc/ipsec.conf | 1 + .../starter-includes/hosts/carol/etc/ipsec.conf | 1 + .../starter-includes/hosts/dave/etc/ipsec.conf | 1 + .../hosts/moon/etc/ipsec.connections | 1 + .../ikev1/strong-certs/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/strong-certs/hosts/dave/etc/ipsec.conf | 1 + .../ikev1/strong-certs/hosts/moon/etc/ipsec.conf | 1 + .../virtual-ip-swapped/hosts/carol/etc/ipsec.conf | 1 + .../virtual-ip-swapped/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/virtual-ip/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/virtual-ip/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/wildcards/hosts/carol/etc/ipsec.conf | 1 + .../ikev1/wildcards/hosts/dave/etc/ipsec.conf | 1 + .../ikev1/wildcards/hosts/moon/etc/ipsec.conf | 1 + .../tests/ikev1/wlan/hosts/alice/etc/ipsec.conf | 1 + testing/tests/ikev1/wlan/hosts/moon/etc/ipsec.conf | 1 + .../tests/ikev1/wlan/hosts/venus/etc/ipsec.conf | 1 + .../hosts/carol/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/ipsec.conf | 1 + .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 4 +- .../ikev1/xauth-id-psk-mode-config/posttest.dat | 2 +- .../ikev1/xauth-id-psk/hosts/carol/etc/ipsec.conf | 1 + .../xauth-id-psk/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/xauth-id-psk/hosts/dave/etc/ipsec.conf | 1 + .../xauth-id-psk/hosts/dave/etc/strongswan.conf | 2 +- .../ikev1/xauth-id-psk/hosts/moon/etc/ipsec.conf | 1 + .../xauth-id-psk/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.conf | 1 + .../xauth-id-rsa/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.conf | 1 + .../xauth-id-rsa/hosts/dave/etc/strongswan.conf | 2 +- .../ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.conf | 1 + .../xauth-id-rsa/hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/xauth-psk/hosts/carol/etc/ipsec.conf | 1 + .../xauth-psk/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/xauth-psk/hosts/dave/etc/ipsec.conf | 1 + .../ikev1/xauth-psk/hosts/dave/etc/strongswan.conf | 2 +- .../ikev1/xauth-psk/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/xauth-psk/hosts/moon/etc/strongswan.conf | 2 +- .../xauth-rsa-fail/hosts/carol/etc/ipsec.conf | 1 + .../xauth-rsa-fail/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/xauth-rsa-fail/hosts/moon/etc/ipsec.conf | 1 + .../xauth-rsa-fail/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/ipsec.conf | 1 + .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../tests/ikev1/xauth-rsa-mode-config/posttest.dat | 2 +- .../xauth-rsa-nosecret/hosts/carol/etc/ipsec.conf | 1 + .../hosts/carol/etc/strongswan.conf | 2 +- .../xauth-rsa-nosecret/hosts/moon/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../ikev1/xauth-rsa/hosts/carol/etc/ipsec.conf | 1 + .../xauth-rsa/hosts/carol/etc/strongswan.conf | 2 +- .../ikev1/xauth-rsa/hosts/dave/etc/ipsec.conf | 1 + .../ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf | 2 +- .../ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf | 1 + .../ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/alg-3des-md5/test.conf | 4 +- testing/tests/ikev2/alg-aes-ccm/description.txt | 4 + testing/tests/ikev2/alg-aes-ccm/evaltest.dat | 11 + .../ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf | 25 + .../alg-aes-ccm/hosts/carol/etc/strongswan.conf | 5 + .../ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf | 24 + .../alg-aes-ccm/hosts/moon/etc/strongswan.conf | 5 + testing/tests/ikev2/alg-aes-ccm/posttest.dat | 4 + testing/tests/ikev2/alg-aes-ccm/pretest.dat | 6 + testing/tests/ikev2/alg-aes-ccm/test.conf | 21 + testing/tests/ikev2/alg-aes-ctr/description.txt | 4 + testing/tests/ikev2/alg-aes-ctr/evaltest.dat | 12 + .../ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf | 25 + .../alg-aes-ctr/hosts/carol/etc/strongswan.conf | 5 + .../ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf | 24 + .../alg-aes-ctr/hosts/moon/etc/strongswan.conf | 5 + testing/tests/ikev2/alg-aes-ctr/posttest.dat | 4 + testing/tests/ikev2/alg-aes-ctr/pretest.dat | 6 + testing/tests/ikev2/alg-aes-ctr/test.conf | 21 + testing/tests/ikev2/alg-aes-gcm/description.txt | 5 + testing/tests/ikev2/alg-aes-gcm/evaltest.dat | 11 + .../ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf | 25 + .../alg-aes-gcm/hosts/carol/etc/strongswan.conf | 5 + .../ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf | 24 + .../alg-aes-gcm/hosts/moon/etc/strongswan.conf | 5 + testing/tests/ikev2/alg-aes-gcm/posttest.dat | 4 + testing/tests/ikev2/alg-aes-gcm/pretest.dat | 6 + testing/tests/ikev2/alg-aes-gcm/test.conf | 21 + testing/tests/ikev2/alg-aes-xcbc/test.conf | 4 +- testing/tests/ikev2/alg-sha256-96/test.conf | 4 +- testing/tests/ikev2/alg-sha256/test.conf | 4 +- testing/tests/ikev2/alg-sha384/test.conf | 4 +- testing/tests/ikev2/alg-sha512/test.conf | 4 +- testing/tests/ikev2/compress/test.conf | 4 +- testing/tests/ikev2/dpd-hold/test.conf | 4 +- .../tests/ikev2/esp-alg-aes-ccm/description.txt | 4 - testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat | 9 - .../esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf | 25 - .../hosts/carol/etc/strongswan.conf | 5 - .../esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf | 24 - .../esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf | 5 - testing/tests/ikev2/esp-alg-aes-ccm/posttest.dat | 4 - testing/tests/ikev2/esp-alg-aes-ccm/pretest.dat | 6 - testing/tests/ikev2/esp-alg-aes-ccm/test.conf | 21 - .../tests/ikev2/esp-alg-aes-ctr/description.txt | 3 - testing/tests/ikev2/esp-alg-aes-ctr/evaltest.dat | 10 - .../esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf | 25 - .../hosts/carol/etc/strongswan.conf | 5 - .../esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf | 24 - .../esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf | 5 - testing/tests/ikev2/esp-alg-aes-ctr/posttest.dat | 4 - testing/tests/ikev2/esp-alg-aes-ctr/pretest.dat | 6 - testing/tests/ikev2/esp-alg-aes-ctr/test.conf | 21 - .../tests/ikev2/esp-alg-aes-gcm/description.txt | 4 - testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat | 9 - .../esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf | 25 - .../hosts/carol/etc/strongswan.conf | 5 - .../esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf | 24 - .../esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf | 5 - testing/tests/ikev2/esp-alg-aes-gcm/posttest.dat | 4 - testing/tests/ikev2/esp-alg-aes-gcm/pretest.dat | 6 - testing/tests/ikev2/esp-alg-aes-gcm/test.conf | 21 - testing/tests/ikev2/esp-alg-aes-gmac/test.conf | 4 +- testing/tests/ikev2/esp-alg-null/test.conf | 4 +- testing/tests/ikev2/ip-pool-db/posttest.dat | 2 +- testing/tests/ikev2/ip-pool-wish/posttest.dat | 2 +- testing/tests/ikev2/ip-pool/posttest.dat | 2 +- testing/tests/ikev2/ip-split-pools-db/posttest.dat | 2 +- testing/tests/ikev2/ip-two-pools-db/posttest.dat | 2 +- testing/tests/ikev2/ip-two-pools/posttest.dat | 2 +- .../ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat | 2 +- .../nat-two-rw-mark/hosts/sun/etc/mark_updown | 2 +- .../net2net-same-nets/hosts/sun/etc/mark_updown | 2 +- .../tests/ikev2/ocsp-no-signer-cert/evaltest.dat | 2 +- testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat | 2 +- .../tests/ikev2/ocsp-untrusted-cert/evaltest.dat | 2 +- .../ikev2/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../ikev2/rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/alice/etc/raddb/sites-available/default | 18 - .../tests/ikev2/rw-eap-md5-id-radius/pretest.dat | 4 - testing/tests/ikev2/rw-eap-md5-id-radius/test.conf | 5 + .../hosts/alice/etc/raddb/sites-available/default | 17 - testing/tests/ikev2/rw-eap-md5-radius/pretest.dat | 4 - testing/tests/ikev2/rw-eap-md5-radius/test.conf | 5 + .../hosts/alice/etc/raddb/sites-available/default | 19 - .../tests/ikev2/rw-eap-sim-id-radius/pretest.dat | 3 - testing/tests/ikev2/rw-eap-sim-id-radius/test.conf | 5 + .../ikev2/rw-eap-sim-only-radius/evaltest.dat | 2 +- .../hosts/alice/etc/raddb/sites-available/default | 18 - .../hosts/carol/etc/strongswan.conf | 1 - .../hosts/dave/etc/strongswan.conf | 1 - .../hosts/moon/etc/strongswan.conf | 1 - .../tests/ikev2/rw-eap-sim-only-radius/pretest.dat | 3 - .../tests/ikev2/rw-eap-sim-only-radius/test.conf | 5 + testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat | 2 +- .../ikev2/rw-eap-tls-fragments/description.txt | 5 + .../tests/ikev2/rw-eap-tls-fragments/evaltest.dat | 9 + .../hosts/carol/etc/ipsec.conf | 23 + .../hosts/carol/etc/ipsec.d/cacerts/ca_A_cert.der | Bin 0 -> 4534 bytes .../hosts/carol/etc/ipsec.d/certs/carol_D_cert.der | Bin 0 -> 3432 bytes .../hosts/carol/etc/ipsec.d/private/carol_key.der | Bin 0 -> 4652 bytes .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 12 + .../rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf | 24 + .../hosts/moon/etc/ipsec.d/cacerts/ca_A_cert.der | Bin 0 -> 4534 bytes .../hosts/moon/etc/ipsec.d/cacerts/ca_B_cert.der | Bin 0 -> 4542 bytes .../hosts/moon/etc/ipsec.d/cacerts/ca_C_cert.der | Bin 0 -> 4550 bytes .../hosts/moon/etc/ipsec.d/cacerts/ca_D_cert.der | Bin 0 -> 4550 bytes .../hosts/moon/etc/ipsec.d/certs/moon_D_cert.der | Bin 0 -> 3430 bytes .../hosts/moon/etc/ipsec.d/private/ca_A_key.der | Bin 0 -> 9262 bytes .../hosts/moon/etc/ipsec.d/private/ca_B_key.der | Bin 0 -> 9261 bytes .../hosts/moon/etc/ipsec.d/private/ca_C_key.der | Bin 0 -> 9261 bytes .../hosts/moon/etc/ipsec.d/private/ca_D_key.der | Bin 0 -> 9262 bytes .../hosts/moon/etc/ipsec.d/private/moon_key.der | Bin 0 -> 4651 bytes .../hosts/moon/etc/ipsec.secrets | 3 + .../hosts/moon/etc/strongswan.conf | 12 + .../tests/ikev2/rw-eap-tls-fragments/posttest.dat | 10 + .../tests/ikev2/rw-eap-tls-fragments/pretest.dat | 9 + testing/tests/ikev2/rw-eap-tls-fragments/test.conf | 21 + .../tests/ikev2/rw-eap-tls-only/description.txt | 4 + testing/tests/ikev2/rw-eap-tls-only/evaltest.dat | 9 + .../rw-eap-tls-only/hosts/carol/etc/ipsec.conf | 22 + .../hosts/carol/etc/strongswan.conf | 6 + .../rw-eap-tls-only/hosts/moon/etc/ipsec.conf | 23 + .../rw-eap-tls-only/hosts/moon/etc/strongswan.conf | 6 + testing/tests/ikev2/rw-eap-tls-only/posttest.dat | 4 + testing/tests/ikev2/rw-eap-tls-only/pretest.dat | 7 + testing/tests/ikev2/rw-eap-tls-only/test.conf | 21 + .../tests/ikev2/rw-eap-tls-radius/description.txt | 5 + testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat | 11 + .../hosts/alice/etc/raddb/clients.conf | 4 + .../hosts/alice/etc/raddb/eap.conf | 13 + .../hosts/alice/etc/raddb/proxy.conf | 5 + .../hosts/alice/etc/raddb/radiusd.conf | 120 + .../hosts/alice/etc/raddb/sites-available/default | 42 + .../rw-eap-tls-radius/hosts/alice/etc/raddb/users | 1 + .../rw-eap-tls-radius/hosts/carol/etc/ipsec.conf | 24 + .../hosts/carol/etc/strongswan.conf | 6 + .../hosts/moon/etc/init.d/iptables | 84 + .../rw-eap-tls-radius/hosts/moon/etc/ipsec.conf | 24 + .../rw-eap-tls-radius/hosts/moon/etc/ipsec.secrets | 3 + .../hosts/moon/etc/strongswan.conf | 12 + testing/tests/ikev2/rw-eap-tls-radius/posttest.dat | 5 + testing/tests/ikev2/rw-eap-tls-radius/pretest.dat | 8 + testing/tests/ikev2/rw-eap-tls-radius/test.conf | 26 + .../tests/ikev2/rw-eap-tnc-block/description.txt | 8 + testing/tests/ikev2/rw-eap-tnc-block/evaltest.dat | 12 + .../rw-eap-tnc-block/hosts/carol/etc/ipsec.conf | 23 + .../rw-eap-tnc-block/hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../hosts/carol/etc/tnc/dummyimc.file | 1 + .../rw-eap-tnc-block/hosts/carol/etc/tnc_config | 3 + .../rw-eap-tnc-block/hosts/dave/etc/ipsec.conf | 23 + .../rw-eap-tnc-block/hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 6 + .../hosts/dave/etc/tnc/dummyimc.file | 1 + .../rw-eap-tnc-block/hosts/dave/etc/tnc_config | 3 + .../rw-eap-tnc-block/hosts/moon/etc/ipsec.conf | 26 + .../rw-eap-tnc-block/hosts/moon/etc/ipsec.secrets | 6 + .../hosts/moon/etc/strongswan.conf | 13 + .../rw-eap-tnc-block/hosts/moon/etc/tnc_config | 3 + testing/tests/ikev2/rw-eap-tnc-block/posttest.dat | 6 + testing/tests/ikev2/rw-eap-tnc-block/pretest.dat | 15 + testing/tests/ikev2/rw-eap-tnc-block/test.conf | 26 + .../ikev2/rw-eap-tnc-radius-block/description.txt | 11 + .../ikev2/rw-eap-tnc-radius-block/evaltest.dat | 14 + .../hosts/alice/etc/raddb/clients.conf | 4 + .../hosts/alice/etc/raddb/dictionary | 2 + .../hosts/alice/etc/raddb/dictionary.tnc | 5 + .../hosts/alice/etc/raddb/eap.conf | 25 + .../hosts/alice/etc/raddb/proxy.conf | 5 + .../hosts/alice/etc/raddb/radiusd.conf | 120 + .../hosts/alice/etc/raddb/sites-available/default | 44 + .../alice/etc/raddb/sites-available/inner-tunnel | 32 + .../etc/raddb/sites-available/inner-tunnel-second | 23 + .../hosts/alice/etc/raddb/users | 2 + .../hosts/alice/etc/tnc_config | 3 + .../hosts/carol/etc/ipsec.conf | 24 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../hosts/carol/etc/tnc/dummyimc.file | 1 + .../hosts/carol/etc/tnc_config | 3 + .../hosts/dave/etc/ipsec.conf | 24 + .../hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 6 + .../hosts/dave/etc/tnc/dummyimc.file | 1 + .../hosts/dave/etc/tnc_config | 3 + .../hosts/moon/etc/init.d/iptables | 84 + .../hosts/moon/etc/ipsec.conf | 25 + .../hosts/moon/etc/ipsec.secrets | 3 + .../hosts/moon/etc/strongswan.conf | 12 + .../ikev2/rw-eap-tnc-radius-block/posttest.dat | 8 + .../ikev2/rw-eap-tnc-radius-block/pretest.dat | 15 + .../tests/ikev2/rw-eap-tnc-radius-block/test.conf | 26 + .../tests/ikev2/rw-eap-tnc-radius/description.txt | 10 + testing/tests/ikev2/rw-eap-tnc-radius/evaltest.dat | 19 + .../hosts/alice/etc/raddb/clients.conf | 4 + .../hosts/alice/etc/raddb/dictionary | 2 + .../hosts/alice/etc/raddb/dictionary.tnc | 5 + .../hosts/alice/etc/raddb/eap.conf | 25 + .../hosts/alice/etc/raddb/proxy.conf | 5 + .../hosts/alice/etc/raddb/radiusd.conf | 120 + .../hosts/alice/etc/raddb/sites-available/default | 44 + .../alice/etc/raddb/sites-available/inner-tunnel | 32 + .../etc/raddb/sites-available/inner-tunnel-second | 36 + .../rw-eap-tnc-radius/hosts/alice/etc/raddb/users | 2 + .../rw-eap-tnc-radius/hosts/alice/etc/tnc_config | 3 + .../rw-eap-tnc-radius/hosts/carol/etc/ipsec.conf | 24 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../hosts/carol/etc/tnc/dummyimc.file | 1 + .../rw-eap-tnc-radius/hosts/carol/etc/tnc_config | 3 + .../rw-eap-tnc-radius/hosts/dave/etc/ipsec.conf | 24 + .../rw-eap-tnc-radius/hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 6 + .../hosts/dave/etc/tnc/dummyimc.file | 1 + .../rw-eap-tnc-radius/hosts/dave/etc/tnc_config | 3 + .../hosts/moon/etc/init.d/iptables | 84 + .../rw-eap-tnc-radius/hosts/moon/etc/ipsec.conf | 35 + .../rw-eap-tnc-radius/hosts/moon/etc/ipsec.secrets | 3 + .../hosts/moon/etc/strongswan.conf | 13 + testing/tests/ikev2/rw-eap-tnc-radius/posttest.dat | 8 + testing/tests/ikev2/rw-eap-tnc-radius/pretest.dat | 18 + testing/tests/ikev2/rw-eap-tnc-radius/test.conf | 26 + testing/tests/ikev2/rw-eap-tnc-tls/description.txt | 7 + testing/tests/ikev2/rw-eap-tnc-tls/evaltest.dat | 19 + .../rw-eap-tnc-tls/hosts/carol/etc/ipsec.conf | 24 + .../rw-eap-tnc-tls/hosts/carol/etc/strongswan.conf | 6 + .../hosts/carol/etc/tnc/dummyimc.file | 1 + .../rw-eap-tnc-tls/hosts/carol/etc/tnc_config | 3 + .../ikev2/rw-eap-tnc-tls/hosts/dave/etc/ipsec.conf | 24 + .../rw-eap-tnc-tls/hosts/dave/etc/strongswan.conf | 6 + .../hosts/dave/etc/tnc/dummyimc.file | 1 + .../ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc_config | 3 + .../ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.conf | 36 + .../rw-eap-tnc-tls/hosts/moon/etc/ipsec.secrets | 6 + .../rw-eap-tnc-tls/hosts/moon/etc/strongswan.conf | 13 + .../ikev2/rw-eap-tnc-tls/hosts/moon/etc/tnc_config | 3 + testing/tests/ikev2/rw-eap-tnc-tls/posttest.dat | 6 + testing/tests/ikev2/rw-eap-tnc-tls/pretest.dat | 15 + testing/tests/ikev2/rw-eap-tnc-tls/test.conf | 26 + testing/tests/ikev2/rw-eap-tnc/description.txt | 9 + testing/tests/ikev2/rw-eap-tnc/evaltest.dat | 19 + .../ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf | 23 + .../ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.secrets | 3 + .../rw-eap-tnc/hosts/carol/etc/strongswan.conf | 6 + .../rw-eap-tnc/hosts/carol/etc/tnc/dummyimc.file | 1 + .../ikev2/rw-eap-tnc/hosts/carol/etc/tnc_config | 3 + .../ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf | 23 + .../ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.secrets | 3 + .../rw-eap-tnc/hosts/dave/etc/strongswan.conf | 6 + .../rw-eap-tnc/hosts/dave/etc/tnc/dummyimc.file | 1 + .../ikev2/rw-eap-tnc/hosts/dave/etc/tnc_config | 3 + .../ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.conf | 36 + .../ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.secrets | 6 + .../rw-eap-tnc/hosts/moon/etc/strongswan.conf | 13 + .../ikev2/rw-eap-tnc/hosts/moon/etc/tnc_config | 3 + testing/tests/ikev2/rw-eap-tnc/posttest.dat | 6 + testing/tests/ikev2/rw-eap-tnc/pretest.dat | 15 + testing/tests/ikev2/rw-eap-tnc/test.conf | 26 + .../tests/ikev2/rw-eap-ttls-only/description.txt | 11 + testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat | 19 + .../rw-eap-ttls-only/hosts/carol/etc/ipsec.conf | 23 + .../rw-eap-ttls-only/hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../rw-eap-ttls-only/hosts/dave/etc/ipsec.conf | 23 + .../rw-eap-ttls-only/hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 6 + .../rw-eap-ttls-only/hosts/moon/etc/ipsec.conf | 24 + .../rw-eap-ttls-only/hosts/moon/etc/ipsec.secrets | 6 + .../hosts/moon/etc/strongswan.conf | 11 + testing/tests/ikev2/rw-eap-ttls-only/posttest.dat | 6 + testing/tests/ikev2/rw-eap-ttls-only/pretest.dat | 10 + testing/tests/ikev2/rw-eap-ttls-only/test.conf | 21 + .../rw-eap-ttls-phase2-piggyback/description.txt | 10 + .../rw-eap-ttls-phase2-piggyback/evaltest.dat | 19 + .../hosts/carol/etc/ipsec.conf | 23 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../hosts/dave/etc/ipsec.conf | 23 + .../hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 6 + .../hosts/moon/etc/ipsec.conf | 24 + .../hosts/moon/etc/ipsec.secrets | 6 + .../hosts/moon/etc/strongswan.conf | 12 + .../rw-eap-ttls-phase2-piggyback/posttest.dat | 6 + .../ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat | 10 + .../ikev2/rw-eap-ttls-phase2-piggyback/test.conf | 21 + .../tests/ikev2/rw-eap-ttls-radius/description.txt | 8 + .../tests/ikev2/rw-eap-ttls-radius/evaltest.dat | 21 + .../hosts/alice/etc/raddb/clients.conf | 4 + .../hosts/alice/etc/raddb/eap.conf | 18 + .../hosts/alice/etc/raddb/proxy.conf | 5 + .../hosts/alice/etc/raddb/radiusd.conf | 120 + .../hosts/alice/etc/raddb/sites-available/default | 44 + .../alice/etc/raddb/sites-available/inner-tunnel | 32 + .../rw-eap-ttls-radius/hosts/alice/etc/raddb/users | 2 + .../rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf | 24 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf | 24 + .../hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 6 + .../hosts/moon/etc/init.d/iptables | 84 + .../rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf | 25 + .../hosts/moon/etc/ipsec.secrets | 3 + .../hosts/moon/etc/strongswan.conf | 12 + .../tests/ikev2/rw-eap-ttls-radius/posttest.dat | 7 + testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat | 11 + testing/tests/ikev2/rw-eap-ttls-radius/test.conf | 26 + .../ikev2/rw-mark-in-out/hosts/sun/etc/mark_updown | 2 +- .../ipv6/host2host-ikev1/hosts/moon/etc/ipsec.conf | 1 + .../ipv6/host2host-ikev1/hosts/sun/etc/ipsec.conf | 1 + .../ipv6/net2net-ikev1/hosts/moon/etc/ipsec.conf | 1 + .../ipv6/net2net-ikev1/hosts/sun/etc/ipsec.conf | 1 + .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/sun/etc/strongswan.conf | 2 +- .../tests/ipv6/rw-ikev1/hosts/carol/etc/ipsec.conf | 1 + .../tests/ipv6/rw-ikev1/hosts/moon/etc/ipsec.conf | 1 + .../ipv6/rw-psk-ikev1/hosts/carol/etc/ipsec.conf | 1 + .../ipv6/rw-psk-ikev1/hosts/moon/etc/ipsec.conf | 1 + .../ipv6/transport-ikev1/hosts/moon/etc/ipsec.conf | 1 + .../ipv6/transport-ikev1/hosts/sun/etc/ipsec.conf | 1 + .../alg-camellia/hosts/carol/etc/ipsec.conf | 1 + .../alg-camellia/hosts/carol/etc/strongswan.conf | 2 +- .../alg-camellia/hosts/moon/etc/ipsec.conf | 1 + .../alg-camellia/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/openssl-ikev1/alg-camellia/test.conf | 4 +- .../alg-ecp-high/hosts/carol/etc/strongswan.conf | 2 +- .../alg-ecp-high/hosts/dave/etc/strongswan.conf | 2 +- .../alg-ecp-high/hosts/moon/etc/strongswan.conf | 2 +- .../alg-ecp-low/hosts/carol/etc/strongswan.conf | 2 +- .../alg-ecp-low/hosts/dave/etc/strongswan.conf | 2 +- .../alg-ecp-low/hosts/moon/etc/strongswan.conf | 2 +- .../ecdsa-certs/hosts/carol/etc/strongswan.conf | 2 +- .../ecdsa-certs/hosts/dave/etc/strongswan.conf | 2 +- .../ecdsa-certs/hosts/moon/etc/strongswan.conf | 2 +- .../rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../rw-cert/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/openssl-ikev2/alg-camellia/test.conf | 4 +- .../rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../openssl-ikev2/rw-eap-tls-only/description.txt | 5 + .../openssl-ikev2/rw-eap-tls-only/evaltest.dat | 10 + .../rw-eap-tls-only/hosts/carol/etc/ipsec.conf | 25 + .../carol/etc/ipsec.d/cacerts/strongswanCert.pem | 17 + .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 18 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 8 + .../rw-eap-tls-only/hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 6 + .../rw-eap-tls-only/hosts/moon/etc/ipsec.conf | 26 + .../moon/etc/ipsec.d/cacerts/strongswanCert.pem | 17 + .../hosts/moon/etc/ipsec.d/certs/moonCert.pem | 20 + .../hosts/moon/etc/ipsec.d/private/moonKey.pem | 7 + .../rw-eap-tls-only/hosts/moon/etc/ipsec.secrets | 3 + .../rw-eap-tls-only/hosts/moon/etc/strongswan.conf | 13 + .../openssl-ikev2/rw-eap-tls-only/posttest.dat | 4 + .../openssl-ikev2/rw-eap-tls-only/pretest.dat | 7 + .../tests/openssl-ikev2/rw-eap-tls-only/test.conf | 21 + testing/tests/pfkey/alg-aes-xcbc/test.conf | 4 +- testing/tests/pfkey/alg-sha384/test.conf | 4 +- testing/tests/pfkey/alg-sha512/test.conf | 4 +- testing/tests/pfkey/esp-alg-null/test.conf | 4 +- testing/tests/sql/ip-pool-db-expired/posttest.dat | 2 +- testing/tests/sql/ip-pool-db-restart/posttest.dat | 2 +- testing/tests/sql/ip-pool-db/posttest.dat | 2 +- .../sql/ip-split-pools-db-restart/posttest.dat | 2 +- testing/tests/sql/ip-split-pools-db/posttest.dat | 2 +- 1443 files changed, 73355 insertions(+), 33038 deletions(-) create mode 100644 m4/macros/add-plugin.m4 create mode 100644 man/Makefile.am create mode 100644 man/Makefile.in create mode 100644 man/ipsec.conf.5 create mode 100644 man/ipsec.conf.5.in create mode 100644 man/ipsec.secrets.5 create mode 100644 man/ipsec.secrets.5.in create mode 100644 man/strongswan.conf.5 create mode 100644 man/strongswan.conf.5.in create mode 100644 scripts/crypt_burn.c create mode 100644 src/libcharon/kernel/kernel_handler.c create mode 100644 src/libcharon/kernel/kernel_handler.h delete mode 100644 src/libcharon/kernel/kernel_interface.c delete mode 100644 src/libcharon/kernel/kernel_interface.h delete mode 100644 src/libcharon/kernel/kernel_ipsec.c delete mode 100644 src/libcharon/kernel/kernel_ipsec.h delete mode 100644 src/libcharon/kernel/kernel_net.h create mode 100644 src/libcharon/plugins/eap_tls/Makefile.am create mode 100644 src/libcharon/plugins/eap_tls/Makefile.in create mode 100644 src/libcharon/plugins/eap_tls/eap_tls.c create mode 100644 src/libcharon/plugins/eap_tls/eap_tls.h create mode 100644 src/libcharon/plugins/eap_tls/eap_tls_plugin.c create mode 100644 src/libcharon/plugins/eap_tls/eap_tls_plugin.h create mode 100644 src/libcharon/plugins/eap_tnc/Makefile.am create mode 100644 src/libcharon/plugins/eap_tnc/Makefile.in create mode 100644 src/libcharon/plugins/eap_tnc/eap_tnc.c create mode 100644 src/libcharon/plugins/eap_tnc/eap_tnc.h create mode 100644 src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c create mode 100644 src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h create mode 100644 src/libcharon/plugins/eap_ttls/Makefile.am create mode 100644 src/libcharon/plugins/eap_ttls/Makefile.in create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls.c create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls.h create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_avp.c create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_avp.h create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_peer.c create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_peer.h create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_server.c create mode 100644 src/libcharon/plugins/eap_ttls/eap_ttls_server.h delete mode 100644 src/libcharon/plugins/kernel_klips/Makefile.am delete mode 100644 src/libcharon/plugins/kernel_klips/Makefile.in delete mode 100644 src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c delete mode 100644 src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.h delete mode 100644 src/libcharon/plugins/kernel_klips/kernel_klips_plugin.c delete mode 100644 src/libcharon/plugins/kernel_klips/kernel_klips_plugin.h delete mode 100644 src/libcharon/plugins/kernel_klips/pfkeyv2.h delete mode 100644 src/libcharon/plugins/kernel_netlink/Makefile.am delete mode 100644 src/libcharon/plugins/kernel_netlink/Makefile.in delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c delete mode 100644 src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h delete mode 100644 src/libcharon/plugins/kernel_pfkey/Makefile.am delete mode 100644 src/libcharon/plugins/kernel_pfkey/Makefile.in delete mode 100644 src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c delete mode 100644 src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h delete mode 100644 src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c delete mode 100644 src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h delete mode 100644 src/libcharon/plugins/kernel_pfroute/Makefile.am delete mode 100644 src/libcharon/plugins/kernel_pfroute/Makefile.in delete mode 100644 src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c delete mode 100644 src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h delete mode 100644 src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c delete mode 100644 src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h create mode 100644 src/libcharon/plugins/led/Makefile.am create mode 100644 src/libcharon/plugins/led/Makefile.in create mode 100644 src/libcharon/plugins/led/led_listener.c create mode 100644 src/libcharon/plugins/led/led_listener.h create mode 100644 src/libcharon/plugins/led/led_plugin.c create mode 100644 src/libcharon/plugins/led/led_plugin.h create mode 100644 src/libcharon/plugins/maemo/Makefile.am create mode 100644 src/libcharon/plugins/maemo/Makefile.in create mode 100644 src/libcharon/plugins/maemo/maemo_plugin.c create mode 100644 src/libcharon/plugins/maemo/maemo_plugin.h create mode 100644 src/libcharon/plugins/maemo/maemo_service.c create mode 100644 src/libcharon/plugins/maemo/maemo_service.h create mode 100644 src/libcharon/plugins/maemo/org.strongswan.charon.service create mode 100644 src/libcharon/plugins/tnc_imc/Makefile.am create mode 100644 src/libcharon/plugins/tnc_imc/Makefile.in create mode 100644 src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c create mode 100644 src/libcharon/plugins/tnc_imc/tnc_imc_plugin.h create mode 100644 src/libcharon/plugins/tnc_imv/Makefile.am create mode 100644 src/libcharon/plugins/tnc_imv/Makefile.in create mode 100644 src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c create mode 100644 src/libcharon/plugins/tnc_imv/tnc_imv_plugin.h create mode 100644 src/libcharon/plugins/tnccs_11/Makefile.am create mode 100644 src/libcharon/plugins/tnccs_11/Makefile.in create mode 100644 src/libcharon/plugins/tnccs_11/tnccs_11.c create mode 100644 src/libcharon/plugins/tnccs_11/tnccs_11.h create mode 100644 src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c create mode 100644 src/libcharon/plugins/tnccs_11/tnccs_11_plugin.h create mode 100644 src/libcharon/plugins/tnccs_20/Makefile.am create mode 100644 src/libcharon/plugins/tnccs_20/Makefile.in create mode 100644 src/libcharon/plugins/tnccs_20/tnccs_20.c create mode 100644 src/libcharon/plugins/tnccs_20/tnccs_20.h create mode 100644 src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c create mode 100644 src/libcharon/plugins/tnccs_20/tnccs_20_plugin.h delete mode 100644 src/libcharon/processing/jobs/callback_job.c delete mode 100644 src/libcharon/processing/jobs/callback_job.h delete mode 100644 src/libcharon/processing/jobs/job.h delete mode 100644 src/libcharon/processing/processor.c delete mode 100644 src/libcharon/processing/processor.h delete mode 100644 src/libcharon/processing/scheduler.c delete mode 100644 src/libcharon/processing/scheduler.h create mode 100644 src/libcharon/tnccs/tnccs.c create mode 100644 src/libcharon/tnccs/tnccs.h create mode 100644 src/libcharon/tnccs/tnccs_manager.c create mode 100644 src/libcharon/tnccs/tnccs_manager.h create mode 100644 src/libhydra/kernel/kernel_interface.c create mode 100644 src/libhydra/kernel/kernel_interface.h create mode 100644 src/libhydra/kernel/kernel_ipsec.c create mode 100644 src/libhydra/kernel/kernel_ipsec.h create mode 100644 src/libhydra/kernel/kernel_listener.h create mode 100644 src/libhydra/kernel/kernel_net.h create mode 100644 src/libhydra/plugins/kernel_klips/Makefile.am create mode 100644 src/libhydra/plugins/kernel_klips/Makefile.in create mode 100644 src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c create mode 100644 src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.h create mode 100644 src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c create mode 100644 src/libhydra/plugins/kernel_klips/kernel_klips_plugin.h create mode 100644 src/libhydra/plugins/kernel_klips/pfkeyv2.h create mode 100644 src/libhydra/plugins/kernel_netlink/Makefile.am create mode 100644 src/libhydra/plugins/kernel_netlink/Makefile.in create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.h create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_net.h create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.h create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c create mode 100644 src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h create mode 100644 src/libhydra/plugins/kernel_pfkey/Makefile.am create mode 100644 src/libhydra/plugins/kernel_pfkey/Makefile.in create mode 100644 src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c create mode 100644 src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.h create mode 100644 src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c create mode 100644 src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.h create mode 100644 src/libhydra/plugins/kernel_pfroute/Makefile.am create mode 100644 src/libhydra/plugins/kernel_pfroute/Makefile.in create mode 100644 src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c create mode 100644 src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.h create mode 100644 src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c create mode 100644 src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.h create mode 100644 src/libstrongswan/credentials/sets/callback_cred.c create mode 100644 src/libstrongswan/credentials/sets/callback_cred.h create mode 100644 src/libstrongswan/credentials/sets/mem_cred.c create mode 100644 src/libstrongswan/credentials/sets/mem_cred.h create mode 100644 src/libstrongswan/crypto/aead.c create mode 100644 src/libstrongswan/crypto/aead.h create mode 100644 src/libstrongswan/eap/eap.c create mode 100644 src/libstrongswan/eap/eap.h create mode 100644 src/libstrongswan/plugins/ccm/Makefile.am create mode 100644 src/libstrongswan/plugins/ccm/Makefile.in create mode 100644 src/libstrongswan/plugins/ccm/ccm_aead.c create mode 100644 src/libstrongswan/plugins/ccm/ccm_aead.h create mode 100644 src/libstrongswan/plugins/ccm/ccm_plugin.c create mode 100644 src/libstrongswan/plugins/ccm/ccm_plugin.h create mode 100644 src/libstrongswan/plugins/ctr/Makefile.am create mode 100644 src/libstrongswan/plugins/ctr/Makefile.in create mode 100644 src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c create mode 100644 src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h create mode 100644 src/libstrongswan/plugins/ctr/ctr_plugin.c create mode 100644 src/libstrongswan/plugins/ctr/ctr_plugin.h create mode 100644 src/libstrongswan/plugins/gcm/Makefile.am create mode 100644 src/libstrongswan/plugins/gcm/Makefile.in create mode 100644 src/libstrongswan/plugins/gcm/gcm_aead.c create mode 100644 src/libstrongswan/plugins/gcm/gcm_aead.h create mode 100644 src/libstrongswan/plugins/gcm/gcm_plugin.c create mode 100644 src/libstrongswan/plugins/gcm/gcm_plugin.h create mode 100644 src/libstrongswan/plugins/pkcs11/Makefile.am create mode 100644 src/libstrongswan/plugins/pkcs11/Makefile.in create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_creds.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_creds.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_library.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_library.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_manager.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_manager.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c create mode 100644 src/libstrongswan/processing/jobs/callback_job.c create mode 100644 src/libstrongswan/processing/jobs/callback_job.h create mode 100644 src/libstrongswan/processing/jobs/job.h create mode 100644 src/libstrongswan/processing/processor.c create mode 100644 src/libstrongswan/processing/processor.h create mode 100644 src/libstrongswan/processing/scheduler.c create mode 100644 src/libstrongswan/processing/scheduler.h create mode 100644 src/libtls/Makefile.am create mode 100644 src/libtls/Makefile.in create mode 100644 src/libtls/tls.c create mode 100644 src/libtls/tls.h create mode 100644 src/libtls/tls_alert.c create mode 100644 src/libtls/tls_alert.h create mode 100644 src/libtls/tls_application.h create mode 100644 src/libtls/tls_compression.c create mode 100644 src/libtls/tls_compression.h create mode 100644 src/libtls/tls_crypto.c create mode 100644 src/libtls/tls_crypto.h create mode 100644 src/libtls/tls_eap.c create mode 100644 src/libtls/tls_eap.h create mode 100644 src/libtls/tls_fragmentation.c create mode 100644 src/libtls/tls_fragmentation.h create mode 100644 src/libtls/tls_handshake.h create mode 100644 src/libtls/tls_peer.c create mode 100644 src/libtls/tls_peer.h create mode 100644 src/libtls/tls_prf.c create mode 100644 src/libtls/tls_prf.h create mode 100644 src/libtls/tls_protection.c create mode 100644 src/libtls/tls_protection.h create mode 100644 src/libtls/tls_reader.c create mode 100644 src/libtls/tls_reader.h create mode 100644 src/libtls/tls_server.c create mode 100644 src/libtls/tls_server.h create mode 100644 src/libtls/tls_socket.c create mode 100644 src/libtls/tls_socket.h create mode 100644 src/libtls/tls_writer.c create mode 100644 src/libtls/tls_writer.h create mode 100644 src/pluto/event_queue.c create mode 100644 src/pluto/event_queue.h delete mode 100644 src/pluto/ipsec.secrets.5 delete mode 100644 src/pluto/ipsec.secrets.5.in delete mode 100644 src/pluto/kernel_netlink.c delete mode 100644 src/pluto/kernel_netlink.h delete mode 100644 src/pluto/kernel_noklips.c delete mode 100644 src/pluto/kernel_noklips.h delete mode 100644 src/starter/ipsec.conf.5 delete mode 100644 src/starter/ipsec.conf.5.in create mode 100755 testing/hosts/alice/etc/init.d/radiusd create mode 100644 testing/hosts/alice/etc/raddb/certs/aaaCert.pem create mode 100644 testing/hosts/alice/etc/raddb/certs/aaaKey.pem create mode 100644 testing/hosts/alice/etc/raddb/certs/dh create mode 100644 testing/hosts/alice/etc/raddb/certs/random create mode 100644 testing/hosts/alice/etc/raddb/certs/strongswanCert.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/22.pem create mode 100644 testing/ssh_config create mode 100644 testing/tests/ikev1/nat-two-rw-mark/description.txt create mode 100644 testing/tests/ikev1/nat-two-rw-mark/evaltest.dat create mode 100755 testing/tests/ikev1/nat-two-rw-mark/hosts/alice/etc/ipsec.conf create mode 100755 testing/tests/ikev1/nat-two-rw-mark/hosts/sun/etc/ipsec.conf create mode 100755 testing/tests/ikev1/nat-two-rw-mark/hosts/sun/etc/mark_updown create mode 100755 testing/tests/ikev1/nat-two-rw-mark/hosts/venus/etc/ipsec.conf create mode 100644 testing/tests/ikev1/nat-two-rw-mark/posttest.dat create mode 100644 testing/tests/ikev1/nat-two-rw-mark/pretest.dat create mode 100644 testing/tests/ikev1/nat-two-rw-mark/test.conf create mode 100644 testing/tests/ikev1/net2net-same-nets/description.txt create mode 100644 testing/tests/ikev1/net2net-same-nets/evaltest.dat create mode 100755 testing/tests/ikev1/net2net-same-nets/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev1/net2net-same-nets/hosts/sun/etc/ipsec.conf create mode 100755 testing/tests/ikev1/net2net-same-nets/hosts/sun/etc/mark_updown create mode 100644 testing/tests/ikev1/net2net-same-nets/posttest.dat create mode 100644 testing/tests/ikev1/net2net-same-nets/pretest.dat create mode 100644 testing/tests/ikev1/net2net-same-nets/test.conf create mode 100644 testing/tests/ikev1/rw-mark-in-out/description.txt create mode 100644 testing/tests/ikev1/rw-mark-in-out/evaltest.dat create mode 100755 testing/tests/ikev1/rw-mark-in-out/hosts/alice/etc/init.d/iptables create mode 100755 testing/tests/ikev1/rw-mark-in-out/hosts/alice/etc/ipsec.conf create mode 100755 testing/tests/ikev1/rw-mark-in-out/hosts/sun/etc/ipsec.conf create mode 100755 testing/tests/ikev1/rw-mark-in-out/hosts/sun/etc/mark_updown create mode 100755 testing/tests/ikev1/rw-mark-in-out/hosts/venus/etc/init.d/iptables create mode 100755 testing/tests/ikev1/rw-mark-in-out/hosts/venus/etc/ipsec.conf create mode 100644 testing/tests/ikev1/rw-mark-in-out/posttest.dat create mode 100644 testing/tests/ikev1/rw-mark-in-out/pretest.dat create mode 100644 testing/tests/ikev1/rw-mark-in-out/test.conf create mode 100644 testing/tests/ikev2/alg-aes-ccm/description.txt create mode 100644 testing/tests/ikev2/alg-aes-ccm/evaltest.dat create mode 100755 testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/alg-aes-ccm/posttest.dat create mode 100644 testing/tests/ikev2/alg-aes-ccm/pretest.dat create mode 100644 testing/tests/ikev2/alg-aes-ccm/test.conf create mode 100644 testing/tests/ikev2/alg-aes-ctr/description.txt create mode 100644 testing/tests/ikev2/alg-aes-ctr/evaltest.dat create mode 100755 testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/alg-aes-ctr/posttest.dat create mode 100644 testing/tests/ikev2/alg-aes-ctr/pretest.dat create mode 100644 testing/tests/ikev2/alg-aes-ctr/test.conf create mode 100644 testing/tests/ikev2/alg-aes-gcm/description.txt create mode 100644 testing/tests/ikev2/alg-aes-gcm/evaltest.dat create mode 100755 testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/alg-aes-gcm/posttest.dat create mode 100644 testing/tests/ikev2/alg-aes-gcm/pretest.dat create mode 100644 testing/tests/ikev2/alg-aes-gcm/test.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/description.txt delete mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat delete mode 100755 testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf delete mode 100755 testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/posttest.dat delete mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/pretest.dat delete mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/test.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ctr/description.txt delete mode 100644 testing/tests/ikev2/esp-alg-aes-ctr/evaltest.dat delete mode 100755 testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf delete mode 100755 testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-ctr/posttest.dat delete mode 100644 testing/tests/ikev2/esp-alg-aes-ctr/pretest.dat delete mode 100644 testing/tests/ikev2/esp-alg-aes-ctr/test.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/description.txt delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat delete mode 100755 testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf delete mode 100755 testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/posttest.dat delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/pretest.dat delete mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.d/cacerts/ca_A_cert.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.d/certs/carol_D_cert.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.d/private/carol_key.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/cacerts/ca_A_cert.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/cacerts/ca_B_cert.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/cacerts/ca_C_cert.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/cacerts/ca_D_cert.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/certs/moon_D_cert.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/private/ca_A_key.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/private/ca_B_key.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/private/ca_C_key.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/private/ca_D_key.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.d/private/moon_key.der create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tls-fragments/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-only/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tls-only/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-only/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tls-only/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tls-only/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/clients.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/eap.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/proxy.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/radiusd.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/sites-available/default create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/users create mode 100755 testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tls-radius/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/tnc_config create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-block/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/evaltest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/clients.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/dictionary create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/dictionary.tnc create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/eap.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/proxy.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/radiusd.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/default create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/users create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius-block/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/evaltest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/clients.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/dictionary create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/dictionary.tnc create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/eap.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/proxy.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/radiusd.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/default create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/users create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-radius/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/tnc_config create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc-tls/test.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc/description.txt create mode 100644 testing/tests/ikev2/rw-eap-tnc/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/tnc/dummyimc.file create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/tnc_config create mode 100755 testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/tnc_config create mode 100644 testing/tests/ikev2/rw-eap-tnc/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-tnc/test.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/description.txt create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-ttls-only/test.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/description.txt create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/test.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/description.txt create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/clients.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/eap.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/proxy.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/radiusd.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/sites-available/default create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/users create mode 100755 testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-ttls-radius/test.conf create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/description.txt create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat create mode 100755 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/certs/carolCert.pem create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/certs/moonCert.pem create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/private/moonKey.pem create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/posttest.dat create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/pretest.dat create mode 100644 testing/tests/openssl-ikev2/rw-eap-tls-only/test.conf diff --git a/Android.mk b/Android.mk index 0a9fc5387..d6c83367f 100644 --- a/Android.mk +++ b/Android.mk @@ -53,7 +53,7 @@ strongswan_CFLAGS := \ -DUSE_VSTR \ -DROUTING_TABLE=0 \ -DROUTING_TABLE_PRIO=220 \ - -DVERSION=\"4.4.1\" \ + -DVERSION=\"4.5.0\" \ -DPLUGINS='"$(strongswan_PLUGINS)"' \ -DIPSEC_DIR=\"/system/bin\" \ -DIPSEC_PIDDIR=\"/data/misc/vpn\" \ diff --git a/ChangeLog b/ChangeLog index 41f530506..5ddeff5f4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,3 @@ A summary of changes is available in the NEWS file. For a more detailed Changelog, use the repository (see HACKING) or the -online interface available at http://trac.strongswan.org. +online interface available at http://git.strongswan.org. diff --git a/Doxyfile.in b/Doxyfile.in index b79c9909d..e7f5b50a4 100644 --- a/Doxyfile.in +++ b/Doxyfile.in @@ -531,6 +531,7 @@ INPUT = @SRC_DIR@/src/libstrongswan \ @SRC_DIR@/src/libhydra \ @SRC_DIR@/src/libcharon \ @SRC_DIR@/src/libsimaka \ + @SRC_DIR@/src/libtls \ @SRC_DIR@/src/libfast \ @SRC_DIR@/src/manager @@ -575,7 +576,7 @@ EXCLUDE_SYMLINKS = NO # against the file with absolute path, so to exclude all test directories # for example use the pattern */test/* -EXCLUDE_PATTERNS = */.svn/* +EXCLUDE_PATTERNS = */.git/* # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the @@ -699,7 +700,7 @@ VERBATIM_HEADERS = YES # of all compounds will be generated. Enable this if the project # contains a lot of classes, structs, unions or interfaces. -ALPHABETICAL_INDEX = NO +ALPHABETICAL_INDEX = YES # If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then # the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns @@ -843,7 +844,7 @@ TOC_EXPAND = NO # top of each HTML page. The value NO (the default) enables the index and # the value YES disables it. -DISABLE_INDEX = YES +DISABLE_INDEX = NO # This tag can be used to set the number of enum values (range [1..20]) # that doxygen will group on one line in the generated HTML documentation. diff --git a/Makefile.am b/Makefile.am index af0465fee..cba5048b1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,4 +1,4 @@ -SUBDIRS = src testing +SUBDIRS = src man testing if USE_SCRIPTS SUBDIRS += scripts diff --git a/Makefile.in b/Makefile.in index 522683ab1..56c31b104 100644 --- a/Makefile.in +++ b/Makefile.in @@ -48,6 +48,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -72,7 +73,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ distdir dist dist-all distcheck ETAGS = etags CTAGS = ctags -DIST_SUBDIRS = src testing scripts +DIST_SUBDIRS = src man testing scripts DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -174,6 +175,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -205,14 +208,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -227,24 +233,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -252,7 +265,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ @@ -264,7 +280,7 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -SUBDIRS = src testing $(am__append_1) +SUBDIRS = src man testing $(am__append_1) ACLOCAL_AMFLAGS = -I m4/config EXTRA_DIST = Doxyfile.in CREDITS Android.mk.in Android.mk CLEANFILES = Doxyfile diff --git a/NEWS b/NEWS index a5f4a16ff..ed0d18211 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,74 @@ + +strongswan-4.5.0 +---------------- + +- IMPORTANT: the default keyexchange mode 'ike' is changing with release 4.5 + from 'ikev1' to 'ikev2', thus commemorating the five year anniversary of the + IKEv2 RFC 4306 and its mature successor RFC 5996. The time has definitively + come for IKEv1 to go into retirement and to cede its place to the much more + robust, powerful and versatile IKEv2 protocol! + +- Added new ctr, ccm and gcm plugins providing Counter, Counter with CBC-MAC + and Galois/Counter Modes based on existing CBC implementations. These + new plugins bring support for AES and Camellia Counter and CCM algorithms + and the AES GCM algorithms for use in IKEv2. + +- The new pkcs11 plugin brings full Smartcard support to the IKEv2 daemon and + the pki utility using one or more PKCS#11 libraries. It currently supports + RSA private and public key operations and loads X.509 certificates from + tokens. + +- Implemented a general purpose TLS stack based on crypto and credential + primitives of libstrongswan. libtls supports TLS versions 1.0, 1.1 and 1.2, + ECDHE-ECDSA/RSA, DHE-RSA and RSA key exchange algorithms and RSA/ECDSA based + client authentication. + +- Based on libtls, the eap-tls plugin brings certificate based EAP + authentication for client and server. It is compatible to Windows 7 IKEv2 + Smartcard authentication and the OpenSSL based FreeRADIUS EAP-TLS backend. + +- Implemented the TNCCS 1.1 Trusted Network Connect protocol using the + libtnc library on the strongSwan client and server side via the tnccs_11 + plugin and optionally connecting to a TNC@FHH-enhanced FreeRADIUS AAA server. + Depending on the resulting TNC Recommendation, strongSwan clients are granted + access to a network behind a strongSwan gateway (allow), are put into a + remediation zone (isolate) or are blocked (none), respectively. Any number + of Integrity Measurement Collector/Verifier pairs can be attached + via the tnc-imc and tnc-imv charon plugins. + +- The IKEv1 daemon pluto now uses the same kernel interfaces as the IKEv2 + daemon charon. As a result of this, pluto now supports xfrm marks which + were introduced in charon with 4.4.1. + +- Applets for Maemo 5 (Nokia) allow to easily configure and control IKEv2 + based VPN connections with EAP authentication on supported devices. + +- The RADIUS plugin eap-radius now supports multiple RADIUS servers for + redundant setups. Servers are selected by a defined priority, server load and + availability. + +- The simple led plugin controls hardware LEDs through the Linux LED subsystem. + It currently shows activity of the IKE daemon and is a good example how to + implement a simple event listener. + +- Improved MOBIKE behavior in several corner cases, for instance, if the + initial responder moves to a different address. + +- Fixed left-/rightnexthop option, which was broken since 4.4.0. + +- Fixed a bug not releasing a virtual IP address to a pool if the XAUTH + identity was different from the IKE identity. + +- Fixed the alignment of ModeConfig messages on 4-byte boundaries in the + case where the attributes are not a multiple of 4 bytes (e.g. Cisco's + UNITY_BANNER). + +- Fixed the interoperability of the socket_raw and socket_default + charon plugins. + +- Added man page for strongswan.conf + + strongswan-4.4.1 ---------------- @@ -761,7 +832,7 @@ strongswan-4.1.7 - Preview of strongSwan Manager, a web based configuration and monitoring application. It uses a new XML control interface to query the IKEv2 daemon - (see http://trac.strongswan.org/wiki/Manager). + (see http://wiki.strongswan.org/wiki/Manager). - Experimental SQLite configuration backend which will provide the configuration interface for strongSwan Manager in future releases. diff --git a/README b/README index 101e4838c..1d186afd9 100644 --- a/README +++ b/README @@ -81,7 +81,7 @@ Contents strongSwan is an OpenSource IPsec solution for the Linux operating system and currently supports the following features: - * runs both on Linux 2.4 (KLIPS) and Linux 2.6 (native IPsec) kernels. + * runs on Linux 2.6 (native IPsec) kernels. * strong 3DES, AES, Serpent, Twofish, or Blowfish encryption. @@ -2656,9 +2656,6 @@ with the line and can be used when the following prerequisites are fulfilled: - - Linux 2.4.x kernel, KLIPS IPsec stack, and arbitrary iptables version. - Filtering of tunneled traffic is based on ipsecN interfaces. - - Linux 2.6.16 kernel or newer, native NETKEY IPsec stack, and iptables-1.3.5 or newer. Filtering of tunneled traffic is based on IPsec policy matching rules. diff --git a/TODO b/TODO index c398ebab8..6b626e9ff 100644 --- a/TODO +++ b/TODO @@ -5,7 +5,7 @@ This is a TODO list we should keep in mind. A roadmap of the strongSwan project is available online at: - http://trac.strongswan.org/roadmap + http://wiki.strongswan.org/projects/strongswan/roadmap Certificate support ------------------- diff --git a/aclocal.m4 b/aclocal.m4 index 23b7e59ee..9d68d0d80 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -13,14 +13,14 @@ m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl -m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.65],, -[m4_warning([this file was generated for autoconf 2.65. +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.67],, +[m4_warning([this file was generated for autoconf 2.67. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically `autoreconf'.])]) -# lib-prefix.m4 serial 5 (gettext-0.15) -dnl Copyright (C) 2001-2005 Free Software Foundation, Inc. +# lib-prefix.m4 serial 7 (gettext-0.18) +dnl Copyright (C) 2001-2005, 2008-2010 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. @@ -174,38 +174,78 @@ AC_DEFUN([AC_LIB_WITH_FINAL_PREFIX], prefix="$acl_save_prefix" ]) -dnl AC_LIB_PREPARE_MULTILIB creates a variable acl_libdirstem, containing -dnl the basename of the libdir, either "lib" or "lib64". +dnl AC_LIB_PREPARE_MULTILIB creates +dnl - a variable acl_libdirstem, containing the basename of the libdir, either +dnl "lib" or "lib64" or "lib/64", +dnl - a variable acl_libdirstem2, as a secondary possible value for +dnl acl_libdirstem, either the same as acl_libdirstem or "lib/sparcv9" or +dnl "lib/amd64". AC_DEFUN([AC_LIB_PREPARE_MULTILIB], [ - dnl There is no formal standard regarding lib and lib64. The current - dnl practice is that on a system supporting 32-bit and 64-bit instruction - dnl sets or ABIs, 64-bit libraries go under $prefix/lib64 and 32-bit - dnl libraries go under $prefix/lib. We determine the compiler's default - dnl mode by looking at the compiler's library search path. If at least - dnl of its elements ends in /lib64 or points to a directory whose absolute - dnl pathname ends in /lib64, we assume a 64-bit ABI. Otherwise we use the - dnl default, namely "lib". + dnl There is no formal standard regarding lib and lib64. + dnl On glibc systems, the current practice is that on a system supporting + dnl 32-bit and 64-bit instruction sets or ABIs, 64-bit libraries go under + dnl $prefix/lib64 and 32-bit libraries go under $prefix/lib. We determine + dnl the compiler's default mode by looking at the compiler's library search + dnl path. If at least one of its elements ends in /lib64 or points to a + dnl directory whose absolute pathname ends in /lib64, we assume a 64-bit ABI. + dnl Otherwise we use the default, namely "lib". + dnl On Solaris systems, the current practice is that on a system supporting + dnl 32-bit and 64-bit instruction sets or ABIs, 64-bit libraries go under + dnl $prefix/lib/64 (which is a symlink to either $prefix/lib/sparcv9 or + dnl $prefix/lib/amd64) and 32-bit libraries go under $prefix/lib. + AC_REQUIRE([AC_CANONICAL_HOST]) acl_libdirstem=lib - searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` - if test -n "$searchpath"; then - acl_save_IFS="${IFS= }"; IFS=":" - for searchdir in $searchpath; do - if test -d "$searchdir"; then - case "$searchdir" in - */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; - *) searchdir=`cd "$searchdir" && pwd` - case "$searchdir" in - */lib64 ) acl_libdirstem=lib64 ;; - esac ;; + acl_libdirstem2= + case "$host_os" in + solaris*) + dnl See Solaris 10 Software Developer Collection > Solaris 64-bit Developer's Guide > The Development Environment + dnl . + dnl "Portable Makefiles should refer to any library directories using the 64 symbolic link." + dnl But we want to recognize the sparcv9 or amd64 subdirectory also if the + dnl symlink is missing, so we set acl_libdirstem2 too. + AC_CACHE_CHECK([for 64-bit host], [gl_cv_solaris_64bit], + [AC_EGREP_CPP([sixtyfour bits], [ +#ifdef _LP64 +sixtyfour bits +#endif + ], [gl_cv_solaris_64bit=yes], [gl_cv_solaris_64bit=no]) + ]) + if test $gl_cv_solaris_64bit = yes; then + acl_libdirstem=lib/64 + case "$host_cpu" in + sparc*) acl_libdirstem2=lib/sparcv9 ;; + i*86 | x86_64) acl_libdirstem2=lib/amd64 ;; esac fi - done - IFS="$acl_save_IFS" - fi + ;; + *) + searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` + if test -n "$searchpath"; then + acl_save_IFS="${IFS= }"; IFS=":" + for searchdir in $searchpath; do + if test -d "$searchdir"; then + case "$searchdir" in + */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; + */../ | */.. ) + # Better ignore directories of this form. They are misleading. + ;; + *) searchdir=`cd "$searchdir" && pwd` + case "$searchdir" in + */lib64 ) acl_libdirstem=lib64 ;; + esac ;; + esac + fi + done + IFS="$acl_save_IFS" + fi + ;; + esac + test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem" ]) # pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +# serial 1 (pkg-config-0.24) # # Copyright © 2004 Scott James Remnant . # @@ -233,7 +273,10 @@ AC_DEFUN([AC_LIB_PREPARE_MULTILIB], AC_DEFUN([PKG_PROG_PKG_CONFIG], [m4_pattern_forbid([^_?PKG_[A-Z_]+$]) m4_pattern_allow([^PKG_CONFIG(_PATH)?$]) -AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl +AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) +AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) +AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) + if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) fi @@ -246,7 +289,6 @@ if test -n "$PKG_CONFIG"; then AC_MSG_RESULT([no]) PKG_CONFIG="" fi - fi[]dnl ])# PKG_PROG_PKG_CONFIG @@ -255,34 +297,31 @@ fi[]dnl # Check to see whether a particular set of modules exists. Similar # to PKG_CHECK_MODULES(), but does not set variables or print errors. # -# -# Similar to PKG_CHECK_MODULES, make sure that the first instance of -# this or PKG_CHECK_MODULES is called, or make sure to call -# PKG_CHECK_EXISTS manually +# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +# only at the first occurence in configure.ac, so if the first place +# it's called might be skipped (such as if it is within an "if", you +# have to call PKG_CHECK_EXISTS manually # -------------------------------------------------------------- AC_DEFUN([PKG_CHECK_EXISTS], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl if test -n "$PKG_CONFIG" && \ AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then - m4_ifval([$2], [$2], [:]) + m4_default([$2], [:]) m4_ifvaln([$3], [else $3])dnl fi]) - # _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) # --------------------------------------------- m4_define([_PKG_CONFIG], -[if test -n "$PKG_CONFIG"; then - if test -n "$$1"; then - pkg_cv_[]$1="$$1" - else - PKG_CHECK_EXISTS([$3], - [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], - [pkg_failed=yes]) - fi -else - pkg_failed=untried +[if test -n "$$1"; then + pkg_cv_[]$1="$$1" + elif test -n "$PKG_CONFIG"; then + PKG_CHECK_EXISTS([$3], + [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], + [pkg_failed=yes]) + else + pkg_failed=untried fi[]dnl ])# _PKG_CONFIG @@ -324,16 +363,17 @@ and $1[]_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.]) if test $pkg_failed = yes; then + AC_MSG_RESULT([no]) _PKG_SHORT_ERRORS_SUPPORTED if test $_pkg_short_errors_supported = yes; then - $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "$2"` + $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$2" 2>&1` else - $1[]_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"` + $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors "$2" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD - ifelse([$4], , [AC_MSG_ERROR(dnl + m4_default([$4], [AC_MSG_ERROR( [Package requirements ($2) were not met: $$1_PKG_ERRORS @@ -341,25 +381,24 @@ $$1_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. -_PKG_TEXT -])], - [AC_MSG_RESULT([no]) - $4]) +_PKG_TEXT])dnl + ]) elif test $pkg_failed = untried; then - ifelse([$4], , [AC_MSG_FAILURE(dnl + AC_MSG_RESULT([no]) + m4_default([$4], [AC_MSG_FAILURE( [The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. _PKG_TEXT -To get pkg-config, see .])], - [$4]) +To get pkg-config, see .])dnl + ]) else $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS $1[]_LIBS=$pkg_cv_[]$1[]_LIBS AC_MSG_RESULT([yes]) - ifelse([$3], , :, [$3]) + $3 fi[]dnl ])# PKG_CHECK_MODULES diff --git a/config.guess b/config.guess index e3a2116a7..c2246a4f7 100755 --- a/config.guess +++ b/config.guess @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 # Free Software Foundation, Inc. -timestamp='2009-06-10' +timestamp='2009-12-30' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,16 +27,16 @@ timestamp='2009-06-10' # the same distribution terms that you use for the rest of that program. -# Originally written by Per Bothner . -# Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# Originally written by Per Bothner. Please send patches (context +# diff format) to and include a ChangeLog +# entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # -# The plan is that this can be called by configure scripts if you -# don't specify an explicit build system type. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD me=`echo "$0" | sed -e 's,.*/,,'` @@ -56,8 +56,9 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, -2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -333,6 +334,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux${UNAME_RELEASE} + exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build SUN_ARCH="i386" @@ -807,12 +811,12 @@ EOF i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - *:Interix*:[3456]*) + *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; - EM64T | authenticamd | genuineintel) + authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) @@ -854,6 +858,20 @@ EOF i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ @@ -876,6 +894,17 @@ EOF frv:Linux:*:*) echo frv-unknown-linux-gnu exit ;; + i*86:Linux:*:*) + LIBC=gnu + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; @@ -901,39 +930,18 @@ EOF #endif #endif EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^CPU/{ - s: ::g - p - }'`" + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) echo or32-unknown-linux-gnu exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu - exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu - exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} - exit ;; padre:Linux:*:*) echo sparc-unknown-linux-gnu exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in @@ -942,8 +950,11 @@ EOF *) echo hppa-unknown-linux-gnu ;; esac exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux @@ -966,58 +977,6 @@ EOF xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; - i*86:Linux:*:*) - # The BFD linker knows what the default object file format is, so - # first see if it will tell us. cd to the root directory to prevent - # problems with other programs or directories called `ld' in the path. - # Set LC_ALL=C to ensure ld outputs messages in English. - ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ - | sed -ne '/supported targets:/!d - s/[ ][ ]*/ /g - s/.*supported targets: *// - s/ .*// - p'` - case "$ld_supported_targets" in - elf32-i386) - TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" - ;; - esac - # Determine whether the default compiler is a.out or elf - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #ifdef __ELF__ - # ifdef __GLIBC__ - # if __GLIBC__ >= 2 - LIBC=gnu - # else - LIBC=gnulibc1 - # endif - # else - LIBC=gnulibc1 - # endif - #else - #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) - LIBC=gnu - #else - LIBC=gnuaout - #endif - #endif - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' - /^LIBC/{ - s: ::g - p - }'`" - test x"${LIBC}" != x && { - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" - exit - } - test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } - ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both @@ -1247,6 +1206,16 @@ EOF *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in + i386) + eval $set_cc_for_build + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + UNAME_PROCESSOR="x86_64" + fi + fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} diff --git a/config.sub b/config.sub index eb0389a69..c2d125724 100755 --- a/config.sub +++ b/config.sub @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 # Free Software Foundation, Inc. -timestamp='2009-06-11' +timestamp='2010-01-22' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -32,13 +32,16 @@ timestamp='2009-06-11' # Please send patches to . Submit a context -# diff and a properly formatted ChangeLog entry. +# diff and a properly formatted GNU ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. @@ -72,8 +75,9 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, -2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -149,7 +153,7 @@ case $os in -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray) + -apple | -axis | -knuth | -cray | -microblaze) os= basic_machine=$1 ;; @@ -284,6 +288,7 @@ case $basic_machine in | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ + | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ @@ -291,13 +296,14 @@ case $basic_machine in | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ + | ubicom32 \ | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12) + m6811 | m68hc11 | m6812 | m68hc12 | picochip) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none @@ -340,7 +346,7 @@ case $basic_machine in | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ @@ -368,15 +374,17 @@ case $basic_machine in | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ - | romp-* | rs6000-* \ + | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile-* | tilegx-* \ | tron-* \ + | ubicom32-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ @@ -726,6 +734,9 @@ case $basic_machine in basic_machine=ns32k-utek os=-sysv ;; + microblaze) + basic_machine=microblaze-xilinx + ;; mingw32) basic_machine=i386-pc os=-mingw32 @@ -1076,6 +1087,11 @@ case $basic_machine in basic_machine=tic6x-unknown os=-coff ;; + # This must be matched before tile*. + tilegx*) + basic_machine=tilegx-unknown + os=-linux-gnu + ;; tile*) basic_machine=tile-unknown os=-linux-gnu @@ -1247,6 +1263,9 @@ case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; @@ -1268,8 +1287,8 @@ case $os in # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ - | -kopensolaris* \ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ @@ -1290,7 +1309,7 @@ case $os in | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1423,6 +1442,8 @@ case $os in -dicos*) os=-dicos ;; + -nacl*) + ;; -none) ;; *) diff --git a/configure b/configure index 64ecd2c57..d823c3045 100755 --- a/configure +++ b/configure @@ -1,11 +1,11 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.65 for strongSwan 4.4.1. +# Generated by GNU Autoconf 2.67 for strongSwan 4.5.0. # # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, -# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software +# Foundation, Inc. # # # This configure script is free software; the Free Software Foundation @@ -316,7 +316,7 @@ $as_echo X"$as_dir" | test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p @@ -356,19 +356,19 @@ else fi # as_fn_arith -# as_fn_error ERROR [LINENO LOG_FD] -# --------------------------------- +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with status $?, using 1 if that was 0. +# script with STATUS, using 1 if that was 0. as_fn_error () { - as_status=$?; test $as_status -eq 0 && as_status=1 - if test "$3"; then - as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi - $as_echo "$as_me: error: $1" >&2 + $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error @@ -679,7 +679,7 @@ test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. -# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` @@ -698,8 +698,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='strongSwan' PACKAGE_TARNAME='strongswan' -PACKAGE_VERSION='4.4.1' -PACKAGE_STRING='strongSwan 4.4.1' +PACKAGE_VERSION='4.5.0' +PACKAGE_STRING='strongSwan 4.5.0' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -745,6 +745,8 @@ LTLIBOBJS LIBOBJS MONOLITHIC_FALSE MONOLITHIC_TRUE +USE_TLS_FALSE +USE_TLS_TRUE USE_SIMAKA_FALSE USE_SIMAKA_TRUE USE_VSTR_FALSE @@ -797,6 +799,14 @@ USE_XAUTH_FALSE USE_XAUTH_TRUE USE_RESOLVE_FALSE USE_RESOLVE_TRUE +USE_KERNEL_PFROUTE_FALSE +USE_KERNEL_PFROUTE_TRUE +USE_KERNEL_PFKEY_FALSE +USE_KERNEL_PFKEY_TRUE +USE_KERNEL_NETLINK_FALSE +USE_KERNEL_NETLINK_TRUE +USE_KERNEL_KLIPS_FALSE +USE_KERNEL_KLIPS_TRUE USE_ATTR_SQL_FALSE USE_ATTR_SQL_TRUE USE_ATTR_FALSE @@ -811,16 +821,22 @@ USE_SOCKET_RAW_FALSE USE_SOCKET_RAW_TRUE USE_SOCKET_DEFAULT_FALSE USE_SOCKET_DEFAULT_TRUE -USE_KERNEL_KLIPS_FALSE -USE_KERNEL_KLIPS_TRUE -USE_KERNEL_PFROUTE_FALSE -USE_KERNEL_PFROUTE_TRUE -USE_KERNEL_PFKEY_FALSE -USE_KERNEL_PFKEY_TRUE -USE_KERNEL_NETLINK_FALSE -USE_KERNEL_NETLINK_TRUE +USE_TNCCS_20_FALSE +USE_TNCCS_20_TRUE +USE_TNCCS_11_FALSE +USE_TNCCS_11_TRUE +USE_TNC_IMV_FALSE +USE_TNC_IMV_TRUE +USE_TNC_IMC_FALSE +USE_TNC_IMC_TRUE USE_EAP_RADIUS_FALSE USE_EAP_RADIUS_TRUE +USE_EAP_TNC_FALSE +USE_EAP_TNC_TRUE +USE_EAP_TTLS_FALSE +USE_EAP_TTLS_TRUE +USE_EAP_TLS_FALSE +USE_EAP_TLS_TRUE USE_EAP_MSCHAPV2_FALSE USE_EAP_MSCHAPV2_TRUE USE_EAP_AKA_3GPP2_FALSE @@ -843,6 +859,8 @@ USE_EAP_SIM_FILE_FALSE USE_EAP_SIM_FILE_TRUE USE_EAP_SIM_FALSE USE_EAP_SIM_TRUE +USE_LED_FALSE +USE_LED_TRUE USE_HA_FALSE USE_HA_TRUE USE_LOAD_TESTER_FALSE @@ -857,6 +875,8 @@ USE_SQL_FALSE USE_SQL_TRUE USE_SMP_FALSE USE_SMP_TRUE +USE_MAEMO_FALSE +USE_MAEMO_TRUE USE_ANDROID_FALSE USE_ANDROID_TRUE USE_UCI_FALSE @@ -869,6 +889,14 @@ USE_MEDSRV_FALSE USE_MEDSRV_TRUE USE_STROKE_FALSE USE_STROKE_TRUE +USE_GCM_FALSE +USE_GCM_TRUE +USE_CCM_FALSE +USE_CCM_TRUE +USE_CTR_FALSE +USE_CTR_TRUE +USE_PKCS11_FALSE +USE_PKCS11_TRUE USE_AGENT_FALSE USE_AGENT_TRUE USE_GCRYPT_FALSE @@ -925,11 +953,24 @@ USE_CURL_FALSE USE_CURL_TRUE USE_TEST_VECTORS_FALSE USE_TEST_VECTORS_TRUE +s_plugins +h_plugins +p_plugins +c_plugins +medsrv_plugins +manager_plugins +scripts_plugins +pki_plugins +scepclient_plugins +openac_plugins +pool_plugins pluto_plugins -libhydra_plugins -libstrongswan_plugins +libcharon_plugins nm_LIBS nm_CFLAGS +dbusservicedir +maemo_LIBS +maemo_CFLAGS MYSQLCFLAG MYSQLLIB MYSQLCONFIG @@ -1012,6 +1053,8 @@ strongswan_conf urandom_device random_device default_pkcs11 +PKG_CONFIG_LIBDIR +PKG_CONFIG_PATH PKG_CONFIG am__untar am__tar @@ -1140,7 +1183,14 @@ enable_eap_gtc enable_eap_aka enable_eap_aka_3gpp2 enable_eap_mschapv2 +enable_eap_tls +enable_eap_ttls +enable_eap_tnc enable_eap_radius +enable_tnc_imc +enable_tnc_imv +enable_tnccs_11 +enable_tnccs_20 enable_kernel_netlink enable_kernel_pfkey enable_kernel_pfroute @@ -1173,11 +1223,17 @@ enable_padlock enable_openssl enable_gcrypt enable_agent +enable_pkcs11 +enable_ctr +enable_ccm +enable_gcm enable_addrblock enable_uci enable_android +enable_maemo enable_nm enable_ha +enable_led enable_vstr enable_monolithic enable_dependency_tracking @@ -1193,6 +1249,8 @@ enable_libtool_lock host_alias target_alias PKG_CONFIG +PKG_CONFIG_PATH +PKG_CONFIG_LIBDIR CC CFLAGS LDFLAGS @@ -1205,6 +1263,8 @@ xml_CFLAGS xml_LIBS gtk_CFLAGS gtk_LIBS +maemo_CFLAGS +maemo_LIBS nm_CFLAGS nm_LIBS' @@ -1269,8 +1329,9 @@ do fi case $ac_option in - *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; - *) ac_optarg=yes ;; + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. @@ -1315,7 +1376,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid feature name: $ac_useropt" + as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1341,7 +1402,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid feature name: $ac_useropt" + as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1545,7 +1606,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid package name: $ac_useropt" + as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1561,7 +1622,7 @@ do ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error "invalid package name: $ac_useropt" + as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in @@ -1591,8 +1652,8 @@ do | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; - -*) as_fn_error "unrecognized option: \`$ac_option' -Try \`$0 --help' for more information." + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" ;; *=*) @@ -1600,7 +1661,7 @@ Try \`$0 --help' for more information." # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) - as_fn_error "invalid variable name: \`$ac_envvar'" ;; + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; @@ -1618,13 +1679,13 @@ done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` - as_fn_error "missing argument to $ac_option" + as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; - fatal) as_fn_error "unrecognized options: $ac_unrecognized_opts" ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi @@ -1647,7 +1708,7 @@ do [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac - as_fn_error "expected an absolute directory name for --$ac_var: $ac_val" + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' @@ -1661,8 +1722,8 @@ target=$target_alias if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe - $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. - If a cross compiler is detected then cross compile mode will be used." >&2 + $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used" >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi @@ -1677,9 +1738,9 @@ test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || - as_fn_error "working directory cannot be determined" + as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || - as_fn_error "pwd does not report name of working directory" + as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. @@ -1718,11 +1779,11 @@ else fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." - as_fn_error "cannot find sources ($ac_unique_file) in $srcdir" + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( - cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error "$ac_msg" + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then @@ -1748,7 +1809,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures strongSwan 4.4.1 to adapt to many kinds of systems. +\`configure' configures strongSwan 4.5.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1762,7 +1823,7 @@ Configuration: --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit - -q, --quiet, --silent do not print \`checking...' messages + -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files @@ -1818,7 +1879,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of strongSwan 4.4.1:";; + short | recursive ) echo "Configuration of strongSwan 4.5.0:";; esac cat <<\_ACEOF @@ -1870,7 +1931,7 @@ Optional Features: --enable-lock-profiler enable lock/mutex profiling code. --enable-unit-tests enable unit tests on IKEv2 daemon startup. --enable-load-tester enable load testing plugin for IKEv2 daemon. - --enable-eap-sim enable SIM authenication module for EAP. + --enable-eap-sim enable SIM authentication module for EAP. --enable-eap-sim-file enable EAP-SIM backend based on a triplet file. --enable-eap-simaka-sql enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database. @@ -1880,13 +1941,20 @@ Optional Features: enable EAP-SIM/AKA reauthentication data storage plugin. --enable-eap-identity enable EAP module providing EAP-Identity helper. - --enable-eap-md5 enable EAP MD5 (CHAP) authenication module. - --enable-eap-gtc enable PAM based EAP GTC authenication module. + --enable-eap-md5 enable EAP MD5 (CHAP) authentication module. + --enable-eap-gtc enable PAM based EAP GTC authentication module. --enable-eap-aka enable EAP AKA authentication module. --enable-eap-aka-3gpp2 enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp. - --enable-eap-mschapv2 enable EAP MS-CHAPv2 authenication module. - --enable-eap-radius enable RADIUS proxy authenication module. + --enable-eap-mschapv2 enable EAP MS-CHAPv2 authentication module. + --enable-eap-tls enable EAP TLS authentication module. + --enable-eap-ttls enable EAP TTLS authentication module. + --enable-eap-tnc enable EAP TNC trusted network connect module. + --enable-eap-radius enable RADIUS proxy authentication module. + --enable-tnc-imc enable TNC IMC module. + --enable-tnc-imv enable TNC IMV module. + --enable-tnccs-11 enable TNCCS 1.1 protocol module. + --enable-tnccs-20 enable TNCCS 2.0 protocol module. --disable-kernel-netlink disable the netlink kernel interface. --enable-kernel-pfkey enable the PF_KEY kernel interface. @@ -1932,11 +2000,18 @@ Optional Features: --enable-openssl enables the OpenSSL crypto plugin. --enable-gcrypt enables the libgcrypt plugin. --enable-agent enables the ssh-agent signing plugin. + --enable-pkcs11 enables the PKCS11 token support plugin. + --enable-ctr enables the Counter Mode wrapper crypto plugin. + --enable-ccm enables the CCM AEAD wrapper crypto plugin. + --enable-gcm enables the GCM AEAD wrapper crypto plugin. --enable-addrblock enables RFC 3779 address block constraint support. --enable-uci enable OpenWRT UCI configuration plugin. --enable-android enable Android specific plugin. + --enable-maemo enable Maemo specific plugin. --enable-nm enable NetworkManager plugin. --enable-ha enable high availability cluster plugin. + --enable-led enable plugin to control LEDs on IKEv2 activity + using the Linux kernel LED subsystem. --enable-vstr enforce using the Vstr string library to replace glibc-like printf hooks. --enable-monolithic build monolithic version of libstrongswan that @@ -2000,6 +2075,10 @@ Optional Packages: Some influential environment variables: PKG_CONFIG path to pkg-config utility + PKG_CONFIG_PATH + directories to add to pkg-config's search path + PKG_CONFIG_LIBDIR + path overriding pkg-config's built-in search path CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a @@ -2017,6 +2096,9 @@ Some influential environment variables: xml_LIBS linker flags for xml, overriding pkg-config gtk_CFLAGS C compiler flags for gtk, overriding pkg-config gtk_LIBS linker flags for gtk, overriding pkg-config + maemo_CFLAGS + C compiler flags for maemo, overriding pkg-config + maemo_LIBS linker flags for maemo, overriding pkg-config nm_CFLAGS C compiler flags for nm, overriding pkg-config nm_LIBS linker flags for nm, overriding pkg-config @@ -2086,10 +2168,10 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -strongSwan configure 4.4.1 -generated by GNU Autoconf 2.65 +strongSwan configure 4.5.0 +generated by GNU Autoconf 2.67 -Copyright (C) 2009 Free Software Foundation, Inc. +Copyright (C) 2010 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF @@ -2138,6 +2220,43 @@ fi } # ac_fn_c_try_compile +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + # ac_fn_c_try_run LINENO # ---------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes @@ -2180,43 +2299,6 @@ fi } # ac_fn_c_try_run -# ac_fn_c_try_cpp LINENO -# ---------------------- -# Try to preprocess conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_cpp () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} - as_fn_set_status $ac_retval - -} # ac_fn_c_try_cpp - # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in @@ -2226,7 +2308,7 @@ ac_fn_c_check_header_compile () as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -2302,7 +2384,7 @@ ac_fn_c_check_func () as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -2370,7 +2452,7 @@ ac_fn_c_check_type () as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 else eval "$3=no" @@ -2423,10 +2505,10 @@ $as_echo "$ac_res" >&6; } ac_fn_c_check_header_mongrel () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : + if eval "test \"\${$3+set}\"" = set; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 fi eval ac_res=\$$3 @@ -2462,7 +2544,7 @@ if ac_fn_c_try_cpp "$LINENO"; then : else ac_header_preproc=no fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } @@ -2489,7 +2571,7 @@ $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } -if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$3+set}\"" = set; then : $as_echo_n "(cached) " >&6 else eval "$3=\$ac_header_compiler" @@ -2511,7 +2593,7 @@ ac_fn_c_check_member () as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 $as_echo_n "checking for $2.$3... " >&6; } -if { as_var=$4; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${$4+set}\"" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -2562,8 +2644,8 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by strongSwan $as_me 4.4.1, which was -generated by GNU Autoconf 2.65. Invocation command line was +It was created by strongSwan $as_me 4.5.0, which was +generated by GNU Autoconf 2.67. Invocation command line was $ $0 $@ @@ -2673,11 +2755,9 @@ trap 'exit_status=$? { echo - cat <<\_ASBOX -## ---------------- ## + $as_echo "## ---------------- ## ## Cache variables. ## -## ---------------- ## -_ASBOX +## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( @@ -2711,11 +2791,9 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; ) echo - cat <<\_ASBOX -## ----------------- ## + $as_echo "## ----------------- ## ## Output variables. ## -## ----------------- ## -_ASBOX +## ----------------- ##" echo for ac_var in $ac_subst_vars do @@ -2728,11 +2806,9 @@ _ASBOX echo if test -n "$ac_subst_files"; then - cat <<\_ASBOX -## ------------------- ## + $as_echo "## ------------------- ## ## File substitutions. ## -## ------------------- ## -_ASBOX +## ------------------- ##" echo for ac_var in $ac_subst_files do @@ -2746,11 +2822,9 @@ _ASBOX fi if test -s confdefs.h; then - cat <<\_ASBOX -## ----------- ## + $as_echo "## ----------- ## ## confdefs.h. ## -## ----------- ## -_ASBOX +## ----------- ##" echo cat confdefs.h echo @@ -2805,7 +2879,12 @@ _ACEOF ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then - ac_site_file1=$CONFIG_SITE + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site @@ -2820,7 +2899,11 @@ do { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 - . "$ac_site_file" + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5 ; } fi done @@ -2896,7 +2979,7 @@ if $ac_cache_corrupted; then $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## @@ -2913,16 +2996,22 @@ am__api_version='1.11' ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do - for ac_t in install-sh install.sh shtool; do - if test -f "$ac_dir/$ac_t"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/$ac_t -c" - break 2 - fi - done + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi done if test -z "$ac_aux_dir"; then - as_fn_error "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 + as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi # These three variables are undocumented and unsupported, @@ -3038,11 +3127,11 @@ am_lf=' ' case `pwd` in *[\\\"\#\$\&\'\`$am_lf]*) - as_fn_error "unsafe absolute working directory name" "$LINENO" 5;; + as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5 ;; esac case $srcdir in *[\\\"\#\$\&\'\`$am_lf\ \ ]*) - as_fn_error "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;; + as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5 ;; esac # Do `set' in a subshell so we don't clobber the current shell's @@ -3064,7 +3153,7 @@ if ( # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". - as_fn_error "ls -t appears to fail. Make sure there is not a broken + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken alias in your environment" "$LINENO" 5 fi @@ -3074,7 +3163,7 @@ then # Ok. : else - as_fn_error "newly created file is older than distributed files! + as_fn_error $? "newly created file is older than distributed files! Check your system clock" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 @@ -3312,7 +3401,7 @@ done $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` -if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then : +if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\"" = set; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF @@ -3320,7 +3409,7 @@ SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF -# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; @@ -3354,7 +3443,7 @@ if test "`cd $srcdir && pwd`" != "`pwd`"; then am__isrc=' -I$(srcdir)' # test to see if srcdir already configured if test -f $srcdir/config.status; then - as_fn_error "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 + as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi fi @@ -3370,7 +3459,7 @@ fi # Define the identity of the package. PACKAGE='strongswan' - VERSION='4.4.1' + VERSION='4.5.0' cat >>confdefs.h <<_ACEOF @@ -3494,6 +3583,10 @@ $as_echo "$am_cv_prog_tar_ustar" >&6; } + + + + if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. @@ -3606,7 +3699,6 @@ $as_echo "yes" >&6; } $as_echo "no" >&6; } PKG_CONFIG="" fi - fi @@ -4530,6 +4622,51 @@ else fi +# Check whether --enable-eap-tls was given. +if test "${enable_eap_tls+set}" = set; then : + enableval=$enable_eap_tls; eap_tls_given=true + if test x$enableval = xyes; then + eap_tls=true + else + eap_tls=false + fi +else + eap_tls=false + eap_tls_given=false + +fi + + +# Check whether --enable-eap-ttls was given. +if test "${enable_eap_ttls+set}" = set; then : + enableval=$enable_eap_ttls; eap_ttls_given=true + if test x$enableval = xyes; then + eap_ttls=true + else + eap_ttls=false + fi +else + eap_ttls=false + eap_ttls_given=false + +fi + + +# Check whether --enable-eap-tnc was given. +if test "${enable_eap_tnc+set}" = set; then : + enableval=$enable_eap_tnc; eap_tnc_given=true + if test x$enableval = xyes; then + eap_tnc=true + else + eap_tnc=false + fi +else + eap_tnc=false + eap_tnc_given=false + +fi + + # Check whether --enable-eap-radius was given. if test "${enable_eap_radius+set}" = set; then : enableval=$enable_eap_radius; eap_radius_given=true @@ -4545,6 +4682,66 @@ else fi +# Check whether --enable-tnc-imc was given. +if test "${enable_tnc_imc+set}" = set; then : + enableval=$enable_tnc_imc; tnc_imc_given=true + if test x$enableval = xyes; then + tnc_imc=true + else + tnc_imc=false + fi +else + tnc_imc=false + tnc_imc_given=false + +fi + + +# Check whether --enable-tnc-imv was given. +if test "${enable_tnc_imv+set}" = set; then : + enableval=$enable_tnc_imv; tnc_imv_given=true + if test x$enableval = xyes; then + tnc_imv=true + else + tnc_imv=false + fi +else + tnc_imv=false + tnc_imv_given=false + +fi + + +# Check whether --enable-tnccs-11 was given. +if test "${enable_tnccs_11+set}" = set; then : + enableval=$enable_tnccs_11; tnccs_11_given=true + if test x$enableval = xyes; then + tnccs_11=true + else + tnccs_11=false + fi +else + tnccs_11=false + tnccs_11_given=false + +fi + + +# Check whether --enable-tnccs-20 was given. +if test "${enable_tnccs_20+set}" = set; then : + enableval=$enable_tnccs_20; tnccs_20_given=true + if test x$enableval = xyes; then + tnccs_20=true + else + tnccs_20=false + fi +else + tnccs_20=false + tnccs_20_given=false + +fi + + # Check whether --enable-kernel-netlink was given. if test "${enable_kernel_netlink+set}" = set; then : enableval=$enable_kernel_netlink; kernel_netlink_given=true @@ -5025,6 +5222,66 @@ else fi +# Check whether --enable-pkcs11 was given. +if test "${enable_pkcs11+set}" = set; then : + enableval=$enable_pkcs11; pkcs11_given=true + if test x$enableval = xyes; then + pkcs11=true + else + pkcs11=false + fi +else + pkcs11=false + pkcs11_given=false + +fi + + +# Check whether --enable-ctr was given. +if test "${enable_ctr+set}" = set; then : + enableval=$enable_ctr; ctr_given=true + if test x$enableval = xyes; then + ctr=true + else + ctr=false + fi +else + ctr=false + ctr_given=false + +fi + + +# Check whether --enable-ccm was given. +if test "${enable_ccm+set}" = set; then : + enableval=$enable_ccm; ccm_given=true + if test x$enableval = xyes; then + ccm=true + else + ccm=false + fi +else + ccm=false + ccm_given=false + +fi + + +# Check whether --enable-gcm was given. +if test "${enable_gcm+set}" = set; then : + enableval=$enable_gcm; gcm_given=true + if test x$enableval = xyes; then + gcm=true + else + gcm=false + fi +else + gcm=false + gcm_given=false + +fi + + # Check whether --enable-addrblock was given. if test "${enable_addrblock+set}" = set; then : enableval=$enable_addrblock; addrblock_given=true @@ -5070,6 +5327,21 @@ else fi +# Check whether --enable-maemo was given. +if test "${enable_maemo+set}" = set; then : + enableval=$enable_maemo; maemo_given=true + if test x$enableval = xyes; then + maemo=true + else + maemo=false + fi +else + maemo=false + maemo_given=false + +fi + + # Check whether --enable-nm was given. if test "${enable_nm+set}" = set; then : enableval=$enable_nm; nm_given=true @@ -5100,6 +5372,21 @@ else fi +# Check whether --enable-led was given. +if test "${enable_led+set}" = set; then : + enableval=$enable_led; led_given=true + if test x$enableval = xyes; then + led=true + else + led=false + fi +else + led=false + led_given=false + +fi + + # Check whether --enable-vstr was given. if test "${enable_vstr+set}" = set; then : enableval=$enable_vstr; vstr_given=true @@ -5435,8 +5722,8 @@ fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "no acceptable C compiler found in \$PATH -See \`config.log' for more details." "$LINENO" 5; } +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5 ; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 @@ -5550,9 +5837,8 @@ sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -{ as_fn_set_status 77 -as_fn_error "C compiler cannot create executables -See \`config.log' for more details." "$LINENO" 5; }; } +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5 ; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -5594,8 +5880,8 @@ done else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details." "$LINENO" 5; } +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5 ; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 @@ -5652,9 +5938,9 @@ $as_echo "$ac_try_echo"; } >&5 else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "cannot run C compiled programs. +as_fn_error $? "cannot run C compiled programs. If you meant to cross compile, use \`--host'. -See \`config.log' for more details." "$LINENO" 5; } +See \`config.log' for more details" "$LINENO" 5 ; } fi fi fi @@ -5705,8 +5991,8 @@ sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "cannot compute suffix of object files: cannot compile -See \`config.log' for more details." "$LINENO" 5; } +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5 ; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi @@ -6117,7 +6403,7 @@ fi # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - as_fn_error "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } @@ -6128,16 +6414,16 @@ else test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && - as_fn_error "cannot guess build type; you must specify one" "$LINENO" 5 + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || - as_fn_error "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; -*) as_fn_error "invalid value of canonical build" "$LINENO" 5;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5 ;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' @@ -6162,7 +6448,7 @@ else ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || - as_fn_error "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi @@ -6170,7 +6456,7 @@ fi $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; -*) as_fn_error "invalid value of canonical host" "$LINENO" 5;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5 ;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' @@ -6187,198 +6473,49 @@ case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac - acl_libdirstem=lib - searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` - if test -n "$searchpath"; then - acl_save_IFS="${IFS= }"; IFS=":" - for searchdir in $searchpath; do - if test -d "$searchdir"; then - case "$searchdir" in - */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; - *) searchdir=`cd "$searchdir" && pwd` - case "$searchdir" in - */lib64 ) acl_libdirstem=lib64 ;; - esac ;; - esac - fi - done - IFS="$acl_save_IFS" - fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if test "${ac_cv_prog_CPP+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : - - if test "X$prefix" = "XNONE"; then - acl_final_prefix="$ac_default_prefix" - else - acl_final_prefix="$prefix" - fi - if test "X$exec_prefix" = "XNONE"; then - acl_final_exec_prefix='${prefix}' - else - acl_final_exec_prefix="$exec_prefix" - fi - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - eval acl_final_exec_prefix=\"$acl_final_exec_prefix\" - prefix="$acl_save_prefix" - - - - - - - - use_additional=yes - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - - eval additional_includedir=\"$includedir\" - eval additional_libdir=\"$libdir\" - - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - -# Check whether --with-lib-prefix was given. -if test "${with_lib_prefix+set}" = set; then : - withval=$with_lib_prefix; - if test "X$withval" = "Xno"; then - use_additional=no - else - if test "X$withval" = "X"; then - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - - eval additional_includedir=\"$includedir\" - eval additional_libdir=\"$libdir\" - - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - else - additional_includedir="$withval/include" - additional_libdir="$withval/$acl_libdirstem" - fi - fi - -fi - - if test $use_additional = yes; then - if test "X$additional_includedir" != "X/usr/include"; then - haveit= - for x in $CPPFLAGS; do - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - if test "X$x" = "X-I$additional_includedir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - if test "X$additional_includedir" = "X/usr/local/include"; then - if test -n "$GCC"; then - case $host_os in - linux* | gnu* | k*bsd*-gnu) haveit=yes;; - esac - fi - fi - if test -z "$haveit"; then - if test -d "$additional_includedir"; then - CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-I$additional_includedir" - fi - fi - fi - fi - if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then - haveit= - for x in $LDFLAGS; do - - acl_save_prefix="$prefix" - prefix="$acl_final_prefix" - acl_save_exec_prefix="$exec_prefix" - exec_prefix="$acl_final_exec_prefix" - eval x=\"$x\" - exec_prefix="$acl_save_exec_prefix" - prefix="$acl_save_prefix" - - if test "X$x" = "X-L$additional_libdir"; then - haveit=yes - break - fi - done - if test -z "$haveit"; then - if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then - if test -n "$GCC"; then - case $host_os in - linux*) haveit=yes;; - esac - fi - fi - if test -z "$haveit"; then - if test -d "$additional_libdir"; then - LDFLAGS="${LDFLAGS}${LDFLAGS:+ }-L$additional_libdir" - fi - fi - fi - fi - fi - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -$as_echo_n "checking how to run the C preprocessor... " >&6; } -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= -fi -if test -z "$CPP"; then - if test "${ac_cv_prog_CPP+set}" = set; then : - $as_echo_n "(cached) " >&6 -else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" - do - ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - -else - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.$ac_ext +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -6394,11 +6531,11 @@ else ac_preproc_ok=: break fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.err conftest.$ac_ext +rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi @@ -6437,7 +6574,7 @@ else # Broken: fails on valid input. continue fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -6453,18 +6590,18 @@ else ac_preproc_ok=: break fi -rm -f conftest.err conftest.$ac_ext +rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.err conftest.$ac_ext +rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details." "$LINENO" 5; } +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5 ; } fi ac_ext=c @@ -6525,7 +6662,7 @@ esac done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then - as_fn_error "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP @@ -6591,7 +6728,7 @@ esac done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then - as_fn_error "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP @@ -6604,79 +6741,272 @@ $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 -$as_echo_n "checking for ANSI C header files... " >&6; } -if test "${ac_cv_header_stdc+set}" = set; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include -#include -int -main () -{ - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_stdc=yes + acl_libdirstem=lib + acl_libdirstem2= + case "$host_os" in + solaris*) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 64-bit host" >&5 +$as_echo_n "checking for 64-bit host... " >&6; } +if test "${gl_cv_solaris_64bit+set}" = set; then : + $as_echo_n "(cached) " >&6 else - ac_cv_header_stdc=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + +#ifdef _LP64 +sixtyfour bits +#endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then : - + $EGREP "sixtyfour bits" >/dev/null 2>&1; then : + gl_cv_solaris_64bit=yes else - ac_cv_header_stdc=no + gl_cv_solaris_64bit=no fi rm -f conftest* + fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_solaris_64bit" >&5 +$as_echo "$gl_cv_solaris_64bit" >&6; } + if test $gl_cv_solaris_64bit = yes; then + acl_libdirstem=lib/64 + case "$host_cpu" in + sparc*) acl_libdirstem2=lib/sparcv9 ;; + i*86 | x86_64) acl_libdirstem2=lib/amd64 ;; + esac + fi + ;; + *) + searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` + if test -n "$searchpath"; then + acl_save_IFS="${IFS= }"; IFS=":" + for searchdir in $searchpath; do + if test -d "$searchdir"; then + case "$searchdir" in + */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; + */../ | */.. ) + # Better ignore directories of this form. They are misleading. + ;; + *) searchdir=`cd "$searchdir" && pwd` + case "$searchdir" in + */lib64 ) acl_libdirstem=lib64 ;; + esac ;; + esac + fi + done + IFS="$acl_save_IFS" + fi + ;; + esac + test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem" -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then : + if test "X$prefix" = "XNONE"; then + acl_final_prefix="$ac_default_prefix" + else + acl_final_prefix="$prefix" + fi + if test "X$exec_prefix" = "XNONE"; then + acl_final_exec_prefix='${prefix}' + else + acl_final_exec_prefix="$exec_prefix" + fi + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + eval acl_final_exec_prefix=\"$acl_final_exec_prefix\" + prefix="$acl_save_prefix" -else - ac_cv_header_stdc=no -fi -rm -f conftest* -fi -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then : - : -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-lib-prefix was given. +if test "${with_lib_prefix+set}" = set; then : + withval=$with_lib_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + fi + fi + +fi + + if test $use_additional = yes; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-I$additional_includedir" + fi + fi + fi + fi + if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then + haveit= + for x in $LDFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then + if test -n "$GCC"; then + case $host_os in + linux*) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LDFLAGS="${LDFLAGS}${LDFLAGS:+ }-L$additional_libdir" + fi + fi + fi + fi + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if test "${ac_cv_header_stdc+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ @@ -6723,8 +7053,7 @@ do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " -eval as_val=\$$as_ac_Header - if test "x$as_val" = x""yes; then : +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF @@ -6954,8 +7283,8 @@ $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h ;; #( *) - as_fn_error "unknown endianness - presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; + as_fn_error $? "unknown endianness + presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; esac @@ -7043,7 +7372,7 @@ esac done IFS=$as_save_IFS if test -z "$ac_cv_path_SED"; then - as_fn_error "no acceptable sed could be found in \$PATH" "$LINENO" 5 + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 fi else ac_cv_path_SED=$SED @@ -7122,7 +7451,7 @@ esac done IFS=$as_save_IFS if test -z "$ac_cv_path_FGREP"; then - as_fn_error "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_FGREP=$FGREP @@ -7238,7 +7567,7 @@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -test -z "$LD" && as_fn_error "no acceptable ld found in \$PATH" "$LINENO" 5 +test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } if test "${lt_cv_prog_gnu_ld+set}" = set; then : @@ -7440,13 +7769,13 @@ if test "${lt_cv_nm_interface+set}" = set; then : else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:7443: $ac_compile\"" >&5) + (eval echo "\"\$as_me:7772: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 - (eval echo "\"\$as_me:7446: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval echo "\"\$as_me:7775: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 - (eval echo "\"\$as_me:7449: output\"" >&5) + (eval echo "\"\$as_me:7778: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" @@ -8651,7 +8980,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 8654 "configure"' > conftest.$ac_ext + echo '#line 8983 "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -9913,11 +10242,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9916: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10245: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9920: \$? = $ac_status" >&5 + echo "$as_me:10249: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -10252,11 +10581,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:10255: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10584: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:10259: \$? = $ac_status" >&5 + echo "$as_me:10588: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -10357,11 +10686,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:10360: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10689: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:10364: \$? = $ac_status" >&5 + echo "$as_me:10693: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10412,11 +10741,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:10415: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10744: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:10419: \$? = $ac_status" >&5 + echo "$as_me:10748: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12796,7 +13125,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12799 "configure" +#line 13128 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12892,7 +13221,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12895 "configure" +#line 13224 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -13173,7 +13502,7 @@ esac done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then - as_fn_error "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP @@ -13313,7 +13642,7 @@ if test -f lex.yy.c; then elif test -f lexyy.c; then ac_cv_prog_lex_root=lexyy else - as_fn_error "cannot find output from $LEX; giving up" "$LINENO" 5 + as_fn_error $? "cannot find output from $LEX; giving up" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5 @@ -13534,7 +13863,7 @@ if test -n "$ipsecuid"; then $as_echo "$ipsecuid" >&6; } else - as_fn_error "not found" "$LINENO" 5 + as_fn_error $? "not found" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gid of group \"$ipsecgroup\"" >&5 $as_echo_n "checking for gid of group \"$ipsecgroup\"... " >&6; } @@ -13544,7 +13873,7 @@ if test -n "$ipsecgid"; then $as_echo "$ipsecgid" >&6; } else - as_fn_error "not found" "$LINENO" 5 + as_fn_error $? "not found" "$LINENO" 5 fi @@ -13562,6 +13891,10 @@ if test x$eap_sim = xtrue; then simaka=true; fi +if test x$eap_tls = xtrue -o x$eap_ttls = xtrue; then + tls=true; +fi + if test x$fips_prf = xtrue; then if test x$openssl = xfalse; then sha1=true; @@ -13834,8 +14167,7 @@ if test $ac_cv_os_cray = yes; then for ac_func in _getb67 GETB67 getb67; do as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -eval as_val=\$$as_ac_var - if test "x$as_val" = x""yes; then : +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define CRAY_STACKSEG_END $ac_func @@ -14414,8 +14746,7 @@ for ac_header in net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -eval as_val=\$$as_ac_Header - if test "x$as_val" = x""yes; then : +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF @@ -14672,7 +15003,7 @@ $as_echo "$ac_cv_lib_vstr_main" >&6; } if test "x$ac_cv_lib_vstr_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "Vstr string library not found" "$LINENO" 5 + as_fn_error $? "Vstr string library not found" "$LINENO" 5 fi ac_cv_lib_vstr=ac_cv_lib_vstr_main @@ -14720,7 +15051,7 @@ _ACEOF LIBS="-lgmp $LIBS" else - as_fn_error "GNU Multi Precision library gmp not found" "$LINENO" 5 + as_fn_error $? "GNU Multi Precision library gmp not found" "$LINENO" 5 fi ac_cv_lib_gmp=ac_cv_lib_gmp_main @@ -14777,7 +15108,7 @@ if ac_fn_c_try_compile "$LINENO"; then : $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; }; as_fn_error "No usable gmp.h found!" "$LINENO" 5 +$as_echo "no" >&6; }; as_fn_error $? "No usable gmp.h found!" "$LINENO" 5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext @@ -14817,7 +15148,7 @@ $as_echo "$ac_cv_lib_ldap_main" >&6; } if test "x$ac_cv_lib_ldap_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "LDAP library ldap not found" "$LINENO" 5 + as_fn_error $? "LDAP library ldap not found" "$LINENO" 5 fi ac_cv_lib_ldap=ac_cv_lib_ldap_main @@ -14854,7 +15185,7 @@ $as_echo "$ac_cv_lib_lber_main" >&6; } if test "x$ac_cv_lib_lber_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "LDAP library lber not found" "$LINENO" 5 + as_fn_error $? "LDAP library lber not found" "$LINENO" 5 fi ac_cv_lib_lber=ac_cv_lib_lber_main @@ -14862,7 +15193,7 @@ ac_cv_lib_lber=ac_cv_lib_lber_main if test "x$ac_cv_header_ldap_h" = x""yes; then : else - as_fn_error "LDAP header ldap.h not found!" "$LINENO" 5 + as_fn_error $? "LDAP header ldap.h not found!" "$LINENO" 5 fi @@ -14902,7 +15233,7 @@ $as_echo "$ac_cv_lib_curl_main" >&6; } if test "x$ac_cv_lib_curl_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "CURL library curl not found" "$LINENO" 5 + as_fn_error $? "CURL library curl not found" "$LINENO" 5 fi ac_cv_lib_curl=ac_cv_lib_curl_main @@ -14910,7 +15241,7 @@ ac_cv_lib_curl=ac_cv_lib_curl_main if test "x$ac_cv_header_curl_curl_h" = x""yes; then : else - as_fn_error "CURL header curl/curl.h not found!" "$LINENO" 5 + as_fn_error $? "CURL header curl/curl.h not found!" "$LINENO" 5 fi @@ -14922,11 +15253,10 @@ pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for xml" >&5 $as_echo_n "checking for xml... " >&6; } -if test -n "$PKG_CONFIG"; then - if test -n "$xml_CFLAGS"; then - pkg_cv_xml_CFLAGS="$xml_CFLAGS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$xml_CFLAGS"; then + pkg_cv_xml_CFLAGS="$xml_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libxml-2.0\""; } >&5 ($PKG_CONFIG --exists --print-errors "libxml-2.0") 2>&5 ac_status=$? @@ -14936,15 +15266,13 @@ if test -n "$PKG_CONFIG"; then else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi -if test -n "$PKG_CONFIG"; then - if test -n "$xml_LIBS"; then - pkg_cv_xml_LIBS="$xml_LIBS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$xml_LIBS"; then + pkg_cv_xml_LIBS="$xml_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libxml-2.0\""; } >&5 ($PKG_CONFIG --exists --print-errors "libxml-2.0") 2>&5 ac_status=$? @@ -14954,14 +15282,15 @@ if test -n "$PKG_CONFIG"; then else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes @@ -14969,14 +15298,14 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - xml_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libxml-2.0"` + xml_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "libxml-2.0" 2>&1` else - xml_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libxml-2.0"` + xml_PKG_ERRORS=`$PKG_CONFIG --print-errors "libxml-2.0" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$xml_PKG_ERRORS" >&5 - as_fn_error "Package requirements (libxml-2.0) were not met: + as_fn_error $? "Package requirements (libxml-2.0) were not met: $xml_PKG_ERRORS @@ -14985,12 +15314,13 @@ installed software in a non-standard prefix. Alternatively, you may set the environment variables xml_CFLAGS and xml_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. -" "$LINENO" 5 +See the pkg-config man page for more details." "$LINENO" 5 elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "The pkg-config script could not be found or is too old. Make sure it +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -14999,13 +15329,13 @@ and xml_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details." "$LINENO" 5; } +See \`config.log' for more details" "$LINENO" 5 ; } else xml_CFLAGS=$pkg_cv_xml_CFLAGS xml_LIBS=$pkg_cv_xml_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - : + fi @@ -15017,11 +15347,10 @@ pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gtk" >&5 $as_echo_n "checking for gtk... " >&6; } -if test -n "$PKG_CONFIG"; then - if test -n "$gtk_CFLAGS"; then - pkg_cv_gtk_CFLAGS="$gtk_CFLAGS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$gtk_CFLAGS"; then + pkg_cv_gtk_CFLAGS="$gtk_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5 ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5 ac_status=$? @@ -15031,15 +15360,13 @@ if test -n "$PKG_CONFIG"; then else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi -if test -n "$PKG_CONFIG"; then - if test -n "$gtk_LIBS"; then - pkg_cv_gtk_LIBS="$gtk_LIBS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$gtk_LIBS"; then + pkg_cv_gtk_LIBS="$gtk_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5 ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5 ac_status=$? @@ -15049,14 +15376,15 @@ if test -n "$PKG_CONFIG"; then else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes @@ -15064,14 +15392,14 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - gtk_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "gtk+-2.0 vte"` + gtk_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "gtk+-2.0 vte" 2>&1` else - gtk_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "gtk+-2.0 vte"` + gtk_PKG_ERRORS=`$PKG_CONFIG --print-errors "gtk+-2.0 vte" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$gtk_PKG_ERRORS" >&5 - as_fn_error "Package requirements (gtk+-2.0 vte) were not met: + as_fn_error $? "Package requirements (gtk+-2.0 vte) were not met: $gtk_PKG_ERRORS @@ -15080,12 +15408,13 @@ installed software in a non-standard prefix. Alternatively, you may set the environment variables gtk_CFLAGS and gtk_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. -" "$LINENO" 5 +See the pkg-config man page for more details." "$LINENO" 5 elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "The pkg-config script could not be found or is too old. Make sure it +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -15094,13 +15423,13 @@ and gtk_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details." "$LINENO" 5; } +See \`config.log' for more details" "$LINENO" 5 ; } else gtk_CFLAGS=$pkg_cv_gtk_CFLAGS gtk_LIBS=$pkg_cv_gtk_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - : + fi @@ -15162,14 +15491,14 @@ $as_echo "$i" >&6; } fi done if test x"$RUBYINCLUDE" = xnone; then - as_fn_error "ruby.h not found" "$LINENO" 5 + as_fn_error $? "ruby.h not found" "$LINENO" 5 fi else - as_fn_error "unable to determine ruby configuration" "$LINENO" 5 + as_fn_error $? "unable to determine ruby configuration" "$LINENO" 5 fi else - as_fn_error "don't know how to run ruby" "$LINENO" 5 + as_fn_error $? "don't know how to run ruby" "$LINENO" 5 fi fi @@ -15207,7 +15536,7 @@ $as_echo "$ac_cv_lib_neo_cgi_main" >&6; } if test "x$ac_cv_lib_neo_cgi_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "ClearSilver library neo_cgi not found!" "$LINENO" 5 + as_fn_error $? "ClearSilver library neo_cgi not found!" "$LINENO" 5 fi ac_cv_lib_neo_cgi=ac_cv_lib_neo_cgi_main @@ -15244,7 +15573,7 @@ $as_echo "$ac_cv_lib_neo_utl_main" >&6; } if test "x$ac_cv_lib_neo_utl_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "ClearSilver library neo_utl not found!" "$LINENO" 5 + as_fn_error $? "ClearSilver library neo_utl not found!" "$LINENO" 5 fi ac_cv_lib_neo_utl=ac_cv_lib_neo_utl_main @@ -15281,7 +15610,7 @@ $as_echo "$ac_cv_lib_z_main" >&6; } if test "x$ac_cv_lib_z_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "ClearSilver dependency zlib not found!" "$LINENO" 5 + as_fn_error $? "ClearSilver dependency zlib not found!" "$LINENO" 5 fi ac_cv_lib_z=ac_cv_lib_z_main @@ -15319,7 +15648,7 @@ $as_echo "$ac_cv_lib_fcgi_main" >&6; } if test "x$ac_cv_lib_fcgi_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "FastCGI library fcgi not found!" "$LINENO" 5 + as_fn_error $? "FastCGI library fcgi not found!" "$LINENO" 5 fi ac_cv_lib_fcgi=ac_cv_lib_fcgi_main @@ -15327,7 +15656,7 @@ ac_cv_lib_fcgi=ac_cv_lib_fcgi_main if test "x$ac_cv_header_fcgiapp_h" = x""yes; then : else - as_fn_error "FastCGI header file fcgiapp.h not found!" "$LINENO" 5 + as_fn_error $? "FastCGI header file fcgiapp.h not found!" "$LINENO" 5 fi @@ -15376,7 +15705,7 @@ fi if test x$MYSQLCONFIG = x; then - as_fn_error "mysql_config not found!" "$LINENO" 5 + as_fn_error $? "mysql_config not found!" "$LINENO" 5 fi MYSQLLIB=`$MYSQLCONFIG --libs_r` @@ -15418,7 +15747,7 @@ $as_echo "$ac_cv_lib_sqlite3_main" >&6; } if test "x$ac_cv_lib_sqlite3_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "SQLite library sqlite3 not found" "$LINENO" 5 + as_fn_error $? "SQLite library sqlite3 not found" "$LINENO" 5 fi ac_cv_lib_sqlite3=ac_cv_lib_sqlite3_main @@ -15426,7 +15755,7 @@ ac_cv_lib_sqlite3=ac_cv_lib_sqlite3_main if test "x$ac_cv_header_sqlite3_h" = x""yes; then : else - as_fn_error "SQLite header sqlite3.h not found!" "$LINENO" 5 + as_fn_error $? "SQLite header sqlite3.h not found!" "$LINENO" 5 fi @@ -15478,7 +15807,7 @@ if ac_fn_c_try_compile "$LINENO"; then : $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; }; as_fn_error "SQLite version >= 3.3.1 required!" "$LINENO" 5 +$as_echo "no" >&6; }; as_fn_error $? "SQLite version >= 3.3.1 required!" "$LINENO" 5 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi @@ -15517,7 +15846,7 @@ $as_echo "$ac_cv_lib_crypto_main" >&6; } if test "x$ac_cv_lib_crypto_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "OpenSSL crypto library not found" "$LINENO" 5 + as_fn_error $? "OpenSSL crypto library not found" "$LINENO" 5 fi ac_cv_lib_crypto=ac_cv_lib_crypto_main @@ -15525,7 +15854,7 @@ ac_cv_lib_crypto=ac_cv_lib_crypto_main if test "x$ac_cv_header_openssl_evp_h" = x""yes; then : else - as_fn_error "OpenSSL header openssl/evp.h not found!" "$LINENO" 5 + as_fn_error $? "OpenSSL header openssl/evp.h not found!" "$LINENO" 5 fi @@ -15565,7 +15894,7 @@ $as_echo "$ac_cv_lib_gcrypt_main" >&6; } if test "x$ac_cv_lib_gcrypt_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "gcrypt library not found" "$LINENO" 5 + as_fn_error $? "gcrypt library not found" "$LINENO" 5 fi ac_cv_lib_gcrypt=ac_cv_lib_gcrypt_main @@ -15573,7 +15902,7 @@ ac_cv_lib_gcrypt=ac_cv_lib_gcrypt_main if test "x$ac_cv_header_gcrypt_h" = x""yes; then : else - as_fn_error "gcrypt header gcrypt.h not found!" "$LINENO" 5 + as_fn_error $? "gcrypt header gcrypt.h not found!" "$LINENO" 5 fi @@ -15602,6 +15931,17 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi +if test x$tnccs_11 = xtrue -o x$tnc_imc = xtrue -o x$tnc_imv = xtrue; then + ac_fn_c_check_header_mongrel "$LINENO" "libtnc.h" "ac_cv_header_libtnc_h" "$ac_includes_default" +if test "x$ac_cv_header_libtnc_h" = x""yes; then : + +else + as_fn_error $? "libtnc header libtnc.h not found!" "$LINENO" 5 +fi + + +fi + if test x$uci = xtrue; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -luci" >&5 $as_echo_n "checking for main in -luci... " >&6; } @@ -15636,7 +15976,7 @@ $as_echo "$ac_cv_lib_uci_main" >&6; } if test "x$ac_cv_lib_uci_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "UCI library libuci not found" "$LINENO" 5 + as_fn_error $? "UCI library libuci not found" "$LINENO" 5 fi ac_cv_lib_uci=ac_cv_lib_uci_main @@ -15644,7 +15984,7 @@ ac_cv_lib_uci=ac_cv_lib_uci_main if test "x$ac_cv_header_uci_h" = x""yes; then : else - as_fn_error "UCI header uci.h not found!" "$LINENO" 5 + as_fn_error $? "UCI header uci.h not found!" "$LINENO" 5 fi @@ -15684,7 +16024,7 @@ $as_echo "$ac_cv_lib_cutils_main" >&6; } if test "x$ac_cv_lib_cutils_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "Android library libcutils not found" "$LINENO" 5 + as_fn_error $? "Android library libcutils not found" "$LINENO" 5 fi ac_cv_lib_cutils=ac_cv_lib_cutils_main @@ -15692,7 +16032,7 @@ ac_cv_lib_cutils=ac_cv_lib_cutils_main if test "x$ac_cv_header_cutils_properties_h" = x""yes; then : else - as_fn_error "Android header cutils/properties.h not found!" "$LINENO" 5 + as_fn_error $? "Android header cutils/properties.h not found!" "$LINENO" 5 fi @@ -15700,58 +16040,50 @@ fi fi -if test x$nm = xtrue; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnm-glib\""; } >&5 - ($PKG_CONFIG --exists --print-errors "libnm-glib") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then +if test x$maemo = xtrue; then pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nm" >&5 -$as_echo_n "checking for nm... " >&6; } - -if test -n "$PKG_CONFIG"; then - if test -n "$nm_CFLAGS"; then - pkg_cv_nm_CFLAGS="$nm_CFLAGS" - else - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn\""; } >&5 - ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn") 2>&5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for maemo" >&5 +$as_echo_n "checking for maemo... " >&6; } + +if test -n "$maemo_CFLAGS"; then + pkg_cv_maemo_CFLAGS="$maemo_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0 gthread-2.0 libosso osso-af-settings\""; } >&5 + ($PKG_CONFIG --exists --print-errors "glib-2.0 gthread-2.0 libosso osso-af-settings") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_nm_CFLAGS=`$PKG_CONFIG --cflags "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn" 2>/dev/null` + pkg_cv_maemo_CFLAGS=`$PKG_CONFIG --cflags "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>/dev/null` else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi -if test -n "$PKG_CONFIG"; then - if test -n "$nm_LIBS"; then - pkg_cv_nm_LIBS="$nm_LIBS" - else - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn\""; } >&5 - ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn") 2>&5 +if test -n "$maemo_LIBS"; then + pkg_cv_maemo_LIBS="$maemo_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0 gthread-2.0 libosso osso-af-settings\""; } >&5 + ($PKG_CONFIG --exists --print-errors "glib-2.0 gthread-2.0 libosso osso-af-settings") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_nm_LIBS=`$PKG_CONFIG --libs "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn" 2>/dev/null` + pkg_cv_maemo_LIBS=`$PKG_CONFIG --libs "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>/dev/null` else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes @@ -15759,43 +16091,146 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - nm_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn"` + maemo_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>&1` else - nm_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn"` + maemo_PKG_ERRORS=`$PKG_CONFIG --print-errors "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>&1` fi # Put the nasty error message in config.log where it belongs - echo "$nm_PKG_ERRORS" >&5 + echo "$maemo_PKG_ERRORS" >&5 - as_fn_error "Package requirements (NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn) were not met: + as_fn_error $? "Package requirements (glib-2.0 gthread-2.0 libosso osso-af-settings) were not met: -$nm_PKG_ERRORS +$maemo_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. -Alternatively, you may set the environment variables nm_CFLAGS -and nm_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. -" "$LINENO" 5 +Alternatively, you may set the environment variables maemo_CFLAGS +and maemo_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "The pkg-config script could not be found or is too old. Make sure it +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. -Alternatively, you may set the environment variables nm_CFLAGS -and nm_LIBS to avoid the need to call pkg-config. +Alternatively, you may set the environment variables maemo_CFLAGS +and maemo_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details." "$LINENO" 5; } +See \`config.log' for more details" "$LINENO" 5 ; } else - nm_CFLAGS=$pkg_cv_nm_CFLAGS - nm_LIBS=$pkg_cv_nm_LIBS + maemo_CFLAGS=$pkg_cv_maemo_CFLAGS + maemo_LIBS=$pkg_cv_maemo_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - : + +fi + + + dbusservicedir="/usr/share/dbus-1/system-services" + +fi + +if test x$nm = xtrue; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnm-glib\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libnm-glib") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nm" >&5 +$as_echo_n "checking for nm... " >&6; } + +if test -n "$nm_CFLAGS"; then + pkg_cv_nm_CFLAGS="$nm_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn\""; } >&5 + ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_nm_CFLAGS=`$PKG_CONFIG --cflags "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$nm_LIBS"; then + pkg_cv_nm_LIBS="$nm_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn\""; } >&5 + ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_nm_LIBS=`$PKG_CONFIG --libs "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + nm_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn" 2>&1` + else + nm_PKG_ERRORS=`$PKG_CONFIG --print-errors "NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$nm_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn) were not met: + +$nm_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables nm_CFLAGS +and nm_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables nm_CFLAGS +and nm_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5 ; } +else + nm_CFLAGS=$pkg_cv_nm_CFLAGS + nm_LIBS=$pkg_cv_nm_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi else @@ -15803,11 +16238,10 @@ pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nm" >&5 $as_echo_n "checking for nm... " >&6; } -if test -n "$PKG_CONFIG"; then - if test -n "$nm_CFLAGS"; then - pkg_cv_nm_CFLAGS="$nm_CFLAGS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$nm_CFLAGS"; then + pkg_cv_nm_CFLAGS="$nm_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn\""; } >&5 ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn") 2>&5 ac_status=$? @@ -15817,15 +16251,13 @@ if test -n "$PKG_CONFIG"; then else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi -if test -n "$PKG_CONFIG"; then - if test -n "$nm_LIBS"; then - pkg_cv_nm_LIBS="$nm_LIBS" - else - if test -n "$PKG_CONFIG" && \ +if test -n "$nm_LIBS"; then + pkg_cv_nm_LIBS="$nm_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn\""; } >&5 ($PKG_CONFIG --exists --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn") 2>&5 ac_status=$? @@ -15835,14 +16267,15 @@ if test -n "$PKG_CONFIG"; then else pkg_failed=yes fi - fi -else - pkg_failed=untried + else + pkg_failed=untried fi if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes @@ -15850,14 +16283,14 @@ else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then - nm_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn"` + nm_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn" 2>&1` else - nm_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn"` + nm_PKG_ERRORS=`$PKG_CONFIG --print-errors "NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$nm_PKG_ERRORS" >&5 - as_fn_error "Package requirements (NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn) were not met: + as_fn_error $? "Package requirements (NetworkManager gthread-2.0 libnm_glib libnm_glib_vpn) were not met: $nm_PKG_ERRORS @@ -15866,12 +16299,13 @@ installed software in a non-standard prefix. Alternatively, you may set the environment variables nm_CFLAGS and nm_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details. -" "$LINENO" 5 +See the pkg-config man page for more details." "$LINENO" 5 elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error "The pkg-config script could not be found or is too old. Make sure it +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. @@ -15880,13 +16314,13 @@ and nm_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . -See \`config.log' for more details." "$LINENO" 5; } +See \`config.log' for more details" "$LINENO" 5 ; } else nm_CFLAGS=$pkg_cv_nm_CFLAGS nm_LIBS=$pkg_cv_nm_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - : + fi fi @@ -15928,7 +16362,7 @@ $as_echo "$ac_cv_lib_pam_main" >&6; } if test "x$ac_cv_lib_pam_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "PAM library not found" "$LINENO" 5 + as_fn_error $? "PAM library not found" "$LINENO" 5 fi ac_cv_lib_pam=ac_cv_lib_pam_main @@ -15936,7 +16370,7 @@ ac_cv_lib_pam=ac_cv_lib_pam_main if test "x$ac_cv_header_security_pam_appl_h" = x""yes; then : else - as_fn_error "PAM header security/pam_appl.h not found!" "$LINENO" 5 + as_fn_error $? "PAM header security/pam_appl.h not found!" "$LINENO" 5 fi @@ -15961,7 +16395,7 @@ done if test "x$ac_cv_func_capset" = x""yes; then : else - as_fn_error "capset() not found!" "$LINENO" 5 + as_fn_error $? "capset() not found!" "$LINENO" 5 fi $as_echo "#define CAPABILITIES_NATIVE 1" >>confdefs.h @@ -16002,197 +16436,695 @@ $as_echo "$ac_cv_lib_cap_main" >&6; } if test "x$ac_cv_lib_cap_main" = x""yes; then : LIBS="$LIBS" else - as_fn_error "libcap library not found" "$LINENO" 5 + as_fn_error $? "libcap library not found" "$LINENO" 5 fi ac_cv_lib_cap=ac_cv_lib_cap_main - ac_fn_c_check_header_mongrel "$LINENO" "sys/capability.h" "ac_cv_header_sys_capability_h" "$ac_includes_default" -if test "x$ac_cv_header_sys_capability_h" = x""yes; then : - $as_echo "#define HAVE_SYS_CAPABILITY_H 1" >>confdefs.h + ac_fn_c_check_header_mongrel "$LINENO" "sys/capability.h" "ac_cv_header_sys_capability_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_capability_h" = x""yes; then : + $as_echo "#define HAVE_SYS_CAPABILITY_H 1" >>confdefs.h + +else + as_fn_error $? "libcap header sys/capability.h not found!" "$LINENO" 5 +fi + + + $as_echo "#define CAPABILITIES_LIBCAP 1" >>confdefs.h + +fi + +if test x$integrity_test = xtrue; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dladdr()" >&5 +$as_echo_n "checking for dladdr()... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _GNU_SOURCE + #include +int +main () +{ +Dl_info info; dladdr(main, &info); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; + as_fn_error $? "dladdr() not supported, required by integrity-test!" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dl_iterate_phdr()" >&5 +$as_echo_n "checking for dl_iterate_phdr()... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _GNU_SOURCE + #include +int +main () +{ +dl_iterate_phdr((void*)0, (void*)0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; + as_fn_error $? "dl_iterate_phdr() not supported, required by integrity-test!" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + + +# ADD_PLUGIN(plugin, category list) +# ----------------------------------- +# Append the plugin name $1 to the category list variable $2_plugin + + + +# plugin lists for all components +libcharon_plugins= +pluto_plugins= +pool_plugins= +openac_plugins= +scepclient_plugins= +pki_plugins= +scripts_plugins= +manager_plugins= +medsrv_plugins= + +# location specific lists for checksumming, +# for src/libcharon, src/pluto, src/libhydra and src/libstrongswan +c_plugins= +p_plugins= +h_plugins= +s_plugins= + +if test x$test_vectors = xtrue; then + s_plugins=${s_plugins}" test-vectors" + libcharon_plugins=${libcharon_plugins}" test-vectors" + pluto_plugins=${pluto_plugins}" test-vectors" + openac_plugins=${openac_plugins}" test-vectors" + scepclient_plugins=${scepclient_plugins}" test-vectors" + pki_plugins=${pki_plugins}" test-vectors" + + fi + +if test x$curl = xtrue; then + s_plugins=${s_plugins}" curl" + libcharon_plugins=${libcharon_plugins}" curl" + pluto_plugins=${pluto_plugins}" curl" + scepclient_plugins=${scepclient_plugins}" curl" + + fi + +if test x$ldap = xtrue; then + s_plugins=${s_plugins}" ldap" + libcharon_plugins=${libcharon_plugins}" ldap" + pluto_plugins=${pluto_plugins}" ldap" + scepclient_plugins=${scepclient_plugins}" ldap" + + fi + +if test x$mysql = xtrue; then + s_plugins=${s_plugins}" mysql" + libcharon_plugins=${libcharon_plugins}" mysql" + pluto_plugins=${pluto_plugins}" mysql" + pool_plugins=${pool_plugins}" mysql" + manager_plugins=${manager_plugins}" mysql" + medsrv_plugins=${medsrv_plugins}" mysql" + + fi + +if test x$sqlite = xtrue; then + s_plugins=${s_plugins}" sqlite" + libcharon_plugins=${libcharon_plugins}" sqlite" + pluto_plugins=${pluto_plugins}" sqlite" + pool_plugins=${pool_plugins}" sqlite" + manager_plugins=${manager_plugins}" sqlite" + medsrv_plugins=${medsrv_plugins}" sqlite" + + fi + +if test x$aes = xtrue; then + s_plugins=${s_plugins}" aes" + libcharon_plugins=${libcharon_plugins}" aes" + pluto_plugins=${pluto_plugins}" aes" + openac_plugins=${openac_plugins}" aes" + scepclient_plugins=${scepclient_plugins}" aes" + pki_plugins=${pki_plugins}" aes" + scripts_plugins=${scripts_plugins}" aes" + + fi + +if test x$des = xtrue; then + s_plugins=${s_plugins}" des" + libcharon_plugins=${libcharon_plugins}" des" + pluto_plugins=${pluto_plugins}" des" + openac_plugins=${openac_plugins}" des" + scepclient_plugins=${scepclient_plugins}" des" + pki_plugins=${pki_plugins}" des" + scripts_plugins=${scripts_plugins}" des" + + fi + +if test x$blowfish = xtrue; then + s_plugins=${s_plugins}" blowfish" + libcharon_plugins=${libcharon_plugins}" blowfish" + pluto_plugins=${pluto_plugins}" blowfish" + openac_plugins=${openac_plugins}" blowfish" + scepclient_plugins=${scepclient_plugins}" blowfish" + pki_plugins=${pki_plugins}" blowfish" + scripts_plugins=${scripts_plugins}" blowfish" + + fi + +if test x$sha1 = xtrue; then + s_plugins=${s_plugins}" sha1" + libcharon_plugins=${libcharon_plugins}" sha1" + pluto_plugins=${pluto_plugins}" sha1" + openac_plugins=${openac_plugins}" sha1" + scepclient_plugins=${scepclient_plugins}" sha1" + pki_plugins=${pki_plugins}" sha1" + scripts_plugins=${scripts_plugins}" sha1" + medsrv_plugins=${medsrv_plugins}" sha1" + + fi + +if test x$sha2 = xtrue; then + s_plugins=${s_plugins}" sha2" + libcharon_plugins=${libcharon_plugins}" sha2" + pluto_plugins=${pluto_plugins}" sha2" + openac_plugins=${openac_plugins}" sha2" + scepclient_plugins=${scepclient_plugins}" sha2" + pki_plugins=${pki_plugins}" sha2" + scripts_plugins=${scripts_plugins}" sha2" + medsrv_plugins=${medsrv_plugins}" sha2" + + fi + +if test x$md4 = xtrue; then + s_plugins=${s_plugins}" md4" + libcharon_plugins=${libcharon_plugins}" md4" + openac_plugins=${openac_plugins}" md4" + manager_plugins=${manager_plugins}" md4" + scepclient_plugins=${scepclient_plugins}" md4" + pki_plugins=${pki_plugins}" md4" + + fi + +if test x$md5 = xtrue; then + s_plugins=${s_plugins}" md5" + libcharon_plugins=${libcharon_plugins}" md5" + pluto_plugins=${pluto_plugins}" md5" + openac_plugins=${openac_plugins}" md5" + scepclient_plugins=${scepclient_plugins}" md5" + pki_plugins=${pki_plugins}" md5" + + fi + +if test x$random = xtrue; then + s_plugins=${s_plugins}" random" + libcharon_plugins=${libcharon_plugins}" random" + pluto_plugins=${pluto_plugins}" random" + openac_plugins=${openac_plugins}" random" + scepclient_plugins=${scepclient_plugins}" random" + pki_plugins=${pki_plugins}" random" + scripts_plugins=${scripts_plugins}" random" + medsrv_plugins=${medsrv_plugins}" random" + + fi + +if test x$x509 = xtrue; then + s_plugins=${s_plugins}" x509" + libcharon_plugins=${libcharon_plugins}" x509" + pluto_plugins=${pluto_plugins}" x509" + openac_plugins=${openac_plugins}" x509" + scepclient_plugins=${scepclient_plugins}" x509" + pki_plugins=${pki_plugins}" x509" + scripts_plugins=${scripts_plugins}" x509" + + fi + +if test x$revocation = xtrue; then + s_plugins=${s_plugins}" revocation" + libcharon_plugins=${libcharon_plugins}" revocation" + + fi + +if test x$pubkey = xtrue; then + s_plugins=${s_plugins}" pubkey" + libcharon_plugins=${libcharon_plugins}" pubkey" + + fi + +if test x$pkcs1 = xtrue; then + s_plugins=${s_plugins}" pkcs1" + libcharon_plugins=${libcharon_plugins}" pkcs1" + pluto_plugins=${pluto_plugins}" pkcs1" + openac_plugins=${openac_plugins}" pkcs1" + scepclient_plugins=${scepclient_plugins}" pkcs1" + pki_plugins=${pki_plugins}" pkcs1" + scripts_plugins=${scripts_plugins}" pkcs1" + manager_plugins=${manager_plugins}" pkcs1" + medsrv_plugins=${medsrv_plugins}" pkcs1" + + fi + +if test x$pgp = xtrue; then + s_plugins=${s_plugins}" pgp" + libcharon_plugins=${libcharon_plugins}" pgp" + pluto_plugins=${pluto_plugins}" pgp" + + fi + +if test x$dnskey = xtrue; then + s_plugins=${s_plugins}" dnskey" + pluto_plugins=${pluto_plugins}" dnskey" + + fi + +if test x$pem = xtrue; then + s_plugins=${s_plugins}" pem" + libcharon_plugins=${libcharon_plugins}" pem" + pluto_plugins=${pluto_plugins}" pem" + openac_plugins=${openac_plugins}" pem" + scepclient_plugins=${scepclient_plugins}" pem" + pki_plugins=${pki_plugins}" pem" + scripts_plugins=${scripts_plugins}" pem" + manager_plugins=${manager_plugins}" pem" + medsrv_plugins=${medsrv_plugins}" pem" + + fi + +if test x$padlock = xtrue; then + s_plugins=${s_plugins}" padlock" + libcharon_plugins=${libcharon_plugins}" padlock" + + fi + +if test x$openssl = xtrue; then + s_plugins=${s_plugins}" openssl" + libcharon_plugins=${libcharon_plugins}" openssl" + pluto_plugins=${pluto_plugins}" openssl" + openac_plugins=${openac_plugins}" openssl" + scepclient_plugins=${scepclient_plugins}" openssl" + pki_plugins=${pki_plugins}" openssl" + scripts_plugins=${scripts_plugins}" openssl" + manager_plugins=${manager_plugins}" openssl" + medsrv_plugins=${medsrv_plugins}" openssl" + + fi + +if test x$gcrypt = xtrue; then + s_plugins=${s_plugins}" gcrypt" + libcharon_plugins=${libcharon_plugins}" gcrypt" + pluto_plugins=${pluto_plugins}" gcrypt" + openac_plugins=${openac_plugins}" gcrypt" + scepclient_plugins=${scepclient_plugins}" gcrypt" + pki_plugins=${pki_plugins}" gcrypt" + scripts_plugins=${scripts_plugins}" gcrypt" + manager_plugins=${manager_plugins}" gcrypt" + medsrv_plugins=${medsrv_plugins}" gcrypt" + + fi + +if test x$fips_prf = xtrue; then + s_plugins=${s_plugins}" fips-prf" + libcharon_plugins=${libcharon_plugins}" fips-prf" + + fi + +if test x$gmp = xtrue; then + s_plugins=${s_plugins}" gmp" + libcharon_plugins=${libcharon_plugins}" gmp" + pluto_plugins=${pluto_plugins}" gmp" + openac_plugins=${openac_plugins}" gmp" + scepclient_plugins=${scepclient_plugins}" gmp" + pki_plugins=${pki_plugins}" gmp" + scripts_plugins=${scripts_plugins}" gmp" + manager_plugins=${manager_plugins}" gmp" + medsrv_plugins=${medsrv_plugins}" gmp" + + fi + +if test x$agent = xtrue; then + s_plugins=${s_plugins}" agent" + libcharon_plugins=${libcharon_plugins}" agent" + + fi + +if test x$pkcs11 = xtrue; then + s_plugins=${s_plugins}" pkcs11" + libcharon_plugins=${libcharon_plugins}" pkcs11" + pki_plugins=${pki_plugins}" pkcs11" + + fi + +if test x$xcbc = xtrue; then + s_plugins=${s_plugins}" xcbc" + libcharon_plugins=${libcharon_plugins}" xcbc" + + fi + +if test x$hmac = xtrue; then + s_plugins=${s_plugins}" hmac" + libcharon_plugins=${libcharon_plugins}" hmac" + pluto_plugins=${pluto_plugins}" hmac" + scripts_plugins=${scripts_plugins}" hmac" + + fi + +if test x$ctr = xtrue; then + s_plugins=${s_plugins}" ctr" + libcharon_plugins=${libcharon_plugins}" ctr" + scripts_plugins=${scripts_plugins}" ctr" + + fi + +if test x$ccm = xtrue; then + s_plugins=${s_plugins}" ccm" + libcharon_plugins=${libcharon_plugins}" ccm" + scripts_plugins=${scripts_plugins}" ccm" + + fi + +if test x$gcm = xtrue; then + s_plugins=${s_plugins}" gcm" + libcharon_plugins=${libcharon_plugins}" gcm" + scripts_plugins=${scripts_plugins}" gcm" + + fi + +if test x$xauth = xtrue; then + p_plugins=${p_plugins}" xauth" + pluto_plugins=${pluto_plugins}" xauth" + + fi + +if test x$attr = xtrue; then + h_plugins=${h_plugins}" attr" + libcharon_plugins=${libcharon_plugins}" attr" + pluto_plugins=${pluto_plugins}" attr" + + fi + +if test x$attr_sql = xtrue; then + h_plugins=${h_plugins}" attr-sql" + libcharon_plugins=${libcharon_plugins}" attr-sql" + pluto_plugins=${pluto_plugins}" attr-sql" + + fi + +if test x$kernel_pfkey = xtrue; then + h_plugins=${h_plugins}" kernel-pfkey" + libcharon_plugins=${libcharon_plugins}" kernel-pfkey" + pluto_plugins=${pluto_plugins}" kernel-pfkey" + + fi + +if test x$kernel_pfroute = xtrue; then + h_plugins=${h_plugins}" kernel-pfroute" + libcharon_plugins=${libcharon_plugins}" kernel-pfroute" + pluto_plugins=${pluto_plugins}" kernel-pfroute" + + fi + +if test x$kernel_klips = xtrue; then + h_plugins=${h_plugins}" kernel-klips" + libcharon_plugins=${libcharon_plugins}" kernel-klips" + pluto_plugins=${pluto_plugins}" kernel-klips" + + fi + +if test x$kernel_netlink = xtrue; then + h_plugins=${h_plugins}" kernel-netlink" + libcharon_plugins=${libcharon_plugins}" kernel-netlink" + pluto_plugins=${pluto_plugins}" kernel-netlink" + + fi + +if test x$resolve = xtrue; then + h_plugins=${h_plugins}" resolve" + libcharon_plugins=${libcharon_plugins}" resolve" + pluto_plugins=${pluto_plugins}" resolve" + + fi + +if test x$load_tester = xtrue; then + c_plugins=${c_plugins}" load-tester" + libcharon_plugins=${libcharon_plugins}" load-tester" + + fi + +if test x$socket_default = xtrue; then + c_plugins=${c_plugins}" socket-default" + libcharon_plugins=${libcharon_plugins}" socket-default" + + fi + +if test x$socket_raw = xtrue; then + c_plugins=${c_plugins}" socket-raw" + libcharon_plugins=${libcharon_plugins}" socket-raw" + + fi + +if test x$socket_dynamic = xtrue; then + c_plugins=${c_plugins}" socket-dynamic" + libcharon_plugins=${libcharon_plugins}" socket-dynamic" + + fi + +if test x$farp = xtrue; then + c_plugins=${c_plugins}" farp" + libcharon_plugins=${libcharon_plugins}" farp" + + fi + +if test x$stroke = xtrue; then + c_plugins=${c_plugins}" stroke" + libcharon_plugins=${libcharon_plugins}" stroke" + + fi + +if test x$smp = xtrue; then + c_plugins=${c_plugins}" smp" + libcharon_plugins=${libcharon_plugins}" smp" + + fi + +if test x$sql = xtrue; then + c_plugins=${c_plugins}" sql" + libcharon_plugins=${libcharon_plugins}" sql" + + fi + +if test x$updown = xtrue; then + c_plugins=${c_plugins}" updown" + libcharon_plugins=${libcharon_plugins}" updown" + + fi + +if test x$eap_identity = xtrue; then + c_plugins=${c_plugins}" eap-identity" + libcharon_plugins=${libcharon_plugins}" eap-identity" + + fi + +if test x$eap_sim = xtrue; then + c_plugins=${c_plugins}" eap-sim" + libcharon_plugins=${libcharon_plugins}" eap-sim" + + fi + +if test x$eap_sim_file = xtrue; then + c_plugins=${c_plugins}" eap-sim-file" + libcharon_plugins=${libcharon_plugins}" eap-sim-file" + + fi + +if test x$eap_simaka_sql = xtrue; then + c_plugins=${c_plugins}" eap-simaka-sql" + libcharon_plugins=${libcharon_plugins}" eap-simaka-sql" + + fi + +if test x$eap_simaka_pseudonym = xtrue; then + c_plugins=${c_plugins}" eap-simaka-pseudonym" + libcharon_plugins=${libcharon_plugins}" eap-simaka-pseudonym" + + fi + +if test x$eap_simaka_reauth = xtrue; then + c_plugins=${c_plugins}" eap-simaka-reauth" + libcharon_plugins=${libcharon_plugins}" eap-simaka-reauth" + + fi + +if test x$eap_aka = xtrue; then + c_plugins=${c_plugins}" eap-aka" + libcharon_plugins=${libcharon_plugins}" eap-aka" + + fi + +if test x$eap_aka_3gpp2 = xtrue; then + c_plugins=${c_plugins}" eap-aka-3gpp2" + libcharon_plugins=${libcharon_plugins}" eap-aka-3gpp2" + + fi + +if test x$eap_md5 = xtrue; then + c_plugins=${c_plugins}" eap-md5" + libcharon_plugins=${libcharon_plugins}" eap-md5" + + fi + +if test x$eap_gtc = xtrue; then + c_plugins=${c_plugins}" eap-gtc" + libcharon_plugins=${libcharon_plugins}" eap-gtc" + + fi + +if test x$eap_mschapv2 = xtrue; then + c_plugins=${c_plugins}" eap-mschapv2" + libcharon_plugins=${libcharon_plugins}" eap-mschapv2" + + fi + +if test x$eap_radius = xtrue; then + c_plugins=${c_plugins}" eap-radius" + libcharon_plugins=${libcharon_plugins}" eap-radius" + + fi + +if test x$eap_tls = xtrue; then + c_plugins=${c_plugins}" eap-tls" + libcharon_plugins=${libcharon_plugins}" eap-tls" + + fi + +if test x$eap_ttls = xtrue; then + c_plugins=${c_plugins}" eap-ttls" + libcharon_plugins=${libcharon_plugins}" eap-ttls" + + fi + +if test x$eap_tnc = xtrue; then + c_plugins=${c_plugins}" eap-tnc" + libcharon_plugins=${libcharon_plugins}" eap-tnc" + + fi + +if test x$tnc_imc = xtrue; then + c_plugins=${c_plugins}" tnc-imc" + libcharon_plugins=${libcharon_plugins}" tnc-imc" + + fi + +if test x$tnc_imv = xtrue; then + c_plugins=${c_plugins}" tnc-imv" + libcharon_plugins=${libcharon_plugins}" tnc-imv" + + fi + +if test x$tnccs_11 = xtrue; then + c_plugins=${c_plugins}" tnccs-11" + libcharon_plugins=${libcharon_plugins}" tnccs-11" + + fi + +if test x$tnccs_20 = xtrue; then + c_plugins=${c_plugins}" tnccs-20" + libcharon_plugins=${libcharon_plugins}" tnccs-20" + + fi + +if test x$medsrv = xtrue; then + c_plugins=${c_plugins}" medsrv" + libcharon_plugins=${libcharon_plugins}" medsrv" + + fi + +if test x$medcli = xtrue; then + c_plugins=${c_plugins}" medcli" + libcharon_plugins=${libcharon_plugins}" medcli" + + fi + +if test x$nm = xtrue; then + c_plugins=${c_plugins}" nm" + libcharon_plugins=${libcharon_plugins}" nm" + + fi + +if test x$dhcp = xtrue; then + c_plugins=${c_plugins}" dhcp" + libcharon_plugins=${libcharon_plugins}" dhcp" + + fi + +if test x$android = xtrue; then + c_plugins=${c_plugins}" android" + libcharon_plugins=${libcharon_plugins}" android" + + fi + +if test x$ha = xtrue; then + c_plugins=${c_plugins}" ha" + libcharon_plugins=${libcharon_plugins}" ha" + + fi + +if test x$led = xtrue; then + c_plugins=${c_plugins}" led" + libcharon_plugins=${libcharon_plugins}" led" + + fi + +if test x$maemo = xtrue; then + c_plugins=${c_plugins}" maemo" + libcharon_plugins=${libcharon_plugins}" maemo" + + fi + +if test x$uci = xtrue; then + c_plugins=${c_plugins}" uci" + libcharon_plugins=${libcharon_plugins}" uci" + + fi + +if test x$addrblock = xtrue; then + c_plugins=${c_plugins}" addrblock" + libcharon_plugins=${libcharon_plugins}" addrblock" + + fi + +if test x$unit_tester = xtrue; then + c_plugins=${c_plugins}" unit-tester" + libcharon_plugins=${libcharon_plugins}" unit-tester" + + fi + + -else - as_fn_error "libcap header sys/capability.h not found!" "$LINENO" 5 -fi - $as_echo "#define CAPABILITIES_LIBCAP 1" >>confdefs.h -fi -if test x$integrity_test = xtrue; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dladdr()" >&5 -$as_echo_n "checking for dladdr()... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#define _GNU_SOURCE - #include -int -main () -{ -Dl_info info; dladdr(main, &info); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; }; - as_fn_error "dladdr() not supported, required by integrity-test!" "$LINENO" 5 -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dl_iterate_phdr()" >&5 -$as_echo_n "checking for dl_iterate_phdr()... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#define _GNU_SOURCE - #include -int -main () -{ -dl_iterate_phdr((void*)0, (void*)0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; }; - as_fn_error "dl_iterate_phdr() not supported, required by integrity-test!" "$LINENO" 5 -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -libstrongswan_plugins= -libhydra_plugins= -pluto_plugins= -if test x$test_vectors = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" test-vectors" - pluto_plugins=${pluto_plugins}" test-vectors" -fi -if test x$curl = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" curl" - pluto_plugins=${pluto_plugins}" curl" -fi -if test x$ldap = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" ldap" - pluto_plugins=${pluto_plugins}" ldap" -fi -if test x$aes = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" aes" - pluto_plugins=${pluto_plugins}" aes" -fi -if test x$des = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" des" - pluto_plugins=${pluto_plugins}" des" -fi -if test x$blowfish = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" blowfish" - pluto_plugins=${pluto_plugins}" blowfish" -fi -if test x$sha1 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" sha1" - pluto_plugins=${pluto_plugins}" sha1" -fi -if test x$sha2 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" sha2" - pluto_plugins=${pluto_plugins}" sha2" -fi -if test x$md4 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" md4" -fi -if test x$md5 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" md5" - pluto_plugins=${pluto_plugins}" md5" -fi -if test x$random = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" random" - pluto_plugins=${pluto_plugins}" random" -fi -if test x$x509 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" x509" - pluto_plugins=${pluto_plugins}" x509" -fi -if test x$revocation = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" revocation" -fi -if test x$pubkey = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pubkey" - pluto_plugins=${pluto_plugins}" pubkey" -fi -if test x$pkcs1 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pkcs1" - pluto_plugins=${pluto_plugins}" pkcs1" -fi -if test x$pgp = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pgp" - pluto_plugins=${pluto_plugins}" pgp" -fi -if test x$dnskey = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" dnskey" - pluto_plugins=${pluto_plugins}" dnskey" -fi -if test x$pem = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pem" - pluto_plugins=${pluto_plugins}" pem" -fi -if test x$mysql = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" mysql" - pluto_plugins=${pluto_plugins}" mysql" -fi -if test x$sqlite = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" sqlite" - pluto_plugins=${pluto_plugins}" sqlite" -fi -if test x$padlock = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" padlock" -fi -if test x$openssl = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" openssl" - pluto_plugins=${pluto_plugins}" openssl" -fi -if test x$gcrypt = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" gcrypt" - pluto_plugins=${pluto_plugins}" gcrypt" -fi -if test x$fips_prf = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" fips-prf" -fi -if test x$xcbc = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" xcbc" -fi -if test x$hmac = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" hmac" - pluto_plugins=${pluto_plugins}" hmac" -fi -if test x$agent = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" agent" -fi -if test x$gmp = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" gmp" - pluto_plugins=${pluto_plugins}" gmp" -fi -if test x$xauth = xtrue; then - pluto_plugins=${pluto_plugins}" xauth" -fi -if test x$attr = xtrue; then - libhydra_plugins=${libhydra_plugins}" attr" -fi -if test x$attr_sql = xtrue -o x$sql = xtrue; then - libhydra_plugins=${libhydra_plugins}" attr-sql" -fi -if test x$resolve = xtrue; then - libhydra_plugins=${libhydra_plugins}" resolve" -fi @@ -16423,6 +17355,38 @@ else USE_AGENT_FALSE= fi + if test x$pkcs11 = xtrue; then + USE_PKCS11_TRUE= + USE_PKCS11_FALSE='#' +else + USE_PKCS11_TRUE='#' + USE_PKCS11_FALSE= +fi + + if test x$ctr = xtrue; then + USE_CTR_TRUE= + USE_CTR_FALSE='#' +else + USE_CTR_TRUE='#' + USE_CTR_FALSE= +fi + + if test x$ccm = xtrue; then + USE_CCM_TRUE= + USE_CCM_FALSE='#' +else + USE_CCM_TRUE='#' + USE_CCM_FALSE= +fi + + if test x$gcm = xtrue; then + USE_GCM_TRUE= + USE_GCM_FALSE='#' +else + USE_GCM_TRUE='#' + USE_GCM_FALSE= +fi + if test x$stroke = xtrue; then USE_STROKE_TRUE= @@ -16472,6 +17436,14 @@ else USE_ANDROID_FALSE= fi + if test x$maemo = xtrue; then + USE_MAEMO_TRUE= + USE_MAEMO_FALSE='#' +else + USE_MAEMO_TRUE='#' + USE_MAEMO_FALSE= +fi + if test x$smp = xtrue; then USE_SMP_TRUE= USE_SMP_FALSE='#' @@ -16528,6 +17500,14 @@ else USE_HA_FALSE= fi + if test x$led = xtrue; then + USE_LED_TRUE= + USE_LED_FALSE='#' +else + USE_LED_TRUE='#' + USE_LED_FALSE= +fi + if test x$eap_sim = xtrue; then USE_EAP_SIM_TRUE= USE_EAP_SIM_FALSE='#' @@ -16616,6 +17596,30 @@ else USE_EAP_MSCHAPV2_FALSE= fi + if test x$eap_tls = xtrue; then + USE_EAP_TLS_TRUE= + USE_EAP_TLS_FALSE='#' +else + USE_EAP_TLS_TRUE='#' + USE_EAP_TLS_FALSE= +fi + + if test x$eap_ttls = xtrue; then + USE_EAP_TTLS_TRUE= + USE_EAP_TTLS_FALSE='#' +else + USE_EAP_TTLS_TRUE='#' + USE_EAP_TTLS_FALSE= +fi + + if test x$eap_tnc = xtrue; then + USE_EAP_TNC_TRUE= + USE_EAP_TNC_FALSE='#' +else + USE_EAP_TNC_TRUE='#' + USE_EAP_TNC_FALSE= +fi + if test x$eap_radius = xtrue; then USE_EAP_RADIUS_TRUE= USE_EAP_RADIUS_FALSE='#' @@ -16624,36 +17628,36 @@ else USE_EAP_RADIUS_FALSE= fi - if test x$kernel_netlink = xtrue; then - USE_KERNEL_NETLINK_TRUE= - USE_KERNEL_NETLINK_FALSE='#' + if test x$tnc_imc = xtrue; then + USE_TNC_IMC_TRUE= + USE_TNC_IMC_FALSE='#' else - USE_KERNEL_NETLINK_TRUE='#' - USE_KERNEL_NETLINK_FALSE= + USE_TNC_IMC_TRUE='#' + USE_TNC_IMC_FALSE= fi - if test x$kernel_pfkey = xtrue; then - USE_KERNEL_PFKEY_TRUE= - USE_KERNEL_PFKEY_FALSE='#' + if test x$tnc_imv = xtrue; then + USE_TNC_IMV_TRUE= + USE_TNC_IMV_FALSE='#' else - USE_KERNEL_PFKEY_TRUE='#' - USE_KERNEL_PFKEY_FALSE= + USE_TNC_IMV_TRUE='#' + USE_TNC_IMV_FALSE= fi - if test x$kernel_pfroute = xtrue; then - USE_KERNEL_PFROUTE_TRUE= - USE_KERNEL_PFROUTE_FALSE='#' + if test x$tnccs_11 = xtrue; then + USE_TNCCS_11_TRUE= + USE_TNCCS_11_FALSE='#' else - USE_KERNEL_PFROUTE_TRUE='#' - USE_KERNEL_PFROUTE_FALSE= + USE_TNCCS_11_TRUE='#' + USE_TNCCS_11_FALSE= fi - if test x$kernel_klips = xtrue; then - USE_KERNEL_KLIPS_TRUE= - USE_KERNEL_KLIPS_FALSE='#' + if test x$tnccs_20 = xtrue; then + USE_TNCCS_20_TRUE= + USE_TNCCS_20_FALSE='#' else - USE_KERNEL_KLIPS_TRUE='#' - USE_KERNEL_KLIPS_FALSE= + USE_TNCCS_20_TRUE='#' + USE_TNCCS_20_FALSE= fi if test x$socket_default = xtrue; then @@ -16713,6 +17717,38 @@ else USE_ATTR_SQL_FALSE= fi + if test x$kernel_klips = xtrue; then + USE_KERNEL_KLIPS_TRUE= + USE_KERNEL_KLIPS_FALSE='#' +else + USE_KERNEL_KLIPS_TRUE='#' + USE_KERNEL_KLIPS_FALSE= +fi + + if test x$kernel_netlink = xtrue; then + USE_KERNEL_NETLINK_TRUE= + USE_KERNEL_NETLINK_FALSE='#' +else + USE_KERNEL_NETLINK_TRUE='#' + USE_KERNEL_NETLINK_FALSE= +fi + + if test x$kernel_pfkey = xtrue; then + USE_KERNEL_PFKEY_TRUE= + USE_KERNEL_PFKEY_FALSE='#' +else + USE_KERNEL_PFKEY_TRUE='#' + USE_KERNEL_PFKEY_FALSE= +fi + + if test x$kernel_pfroute = xtrue; then + USE_KERNEL_PFROUTE_TRUE= + USE_KERNEL_PFROUTE_FALSE='#' +else + USE_KERNEL_PFROUTE_TRUE='#' + USE_KERNEL_PFROUTE_FALSE= +fi + if test x$resolve = xtrue; then USE_RESOLVE_TRUE= USE_RESOLVE_FALSE='#' @@ -16923,6 +17959,14 @@ else USE_SIMAKA_FALSE= fi + if test x$tls = xtrue; then + USE_TLS_TRUE= + USE_TLS_FALSE='#' +else + USE_TLS_TRUE='#' + USE_TLS_FALSE= +fi + if test x$monolithic = xtrue; then MONOLITHIC_TRUE= MONOLITHIC_FALSE='#' @@ -16948,7 +17992,7 @@ fi -ac_config_files="$ac_config_files Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libhydra/Makefile src/libhydra/plugins/attr/Makefile src/libhydra/plugins/attr_sql/Makefile src/libhydra/plugins/resolve/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile src/pluto/Makefile src/pluto/plugins/xauth/Makefile src/whack/Makefile src/charon/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_klips/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_raw/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/nm/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/android/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/unit_tester/Makefile src/libcharon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/pki/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile scripts/Makefile testing/Makefile" +ac_config_files="$ac_config_files Makefile man/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libhydra/Makefile src/libhydra/plugins/attr/Makefile src/libhydra/plugins/attr_sql/Makefile src/libhydra/plugins/kernel_klips/Makefile src/libhydra/plugins/kernel_netlink/Makefile src/libhydra/plugins/kernel_pfkey/Makefile src/libhydra/plugins/kernel_pfroute/Makefile src/libhydra/plugins/resolve/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile src/libtls/Makefile src/pluto/Makefile src/pluto/plugins/xauth/Makefile src/whack/Makefile src/charon/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/tnc_imc/Makefile src/libcharon/plugins/tnc_imv/Makefile src/libcharon/plugins/tnccs_11/Makefile src/libcharon/plugins/tnccs_20/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_raw/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/nm/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/android/Makefile src/libcharon/plugins/maemo/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/unit_tester/Makefile src/libcharon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/pki/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile scripts/Makefile testing/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -17069,6 +18113,7 @@ DEFS=`sed -n "$ac_script" confdefs.h` ac_libobjs= ac_ltlibobjs= +U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' @@ -17092,376 +18137,432 @@ else fi if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then - as_fn_error "conditional \"AMDEP\" was never defined. + as_fn_error $? "conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then - as_fn_error "conditional \"am__fastdepCC\" was never defined. + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_TEST_VECTORS_TRUE}" && test -z "${USE_TEST_VECTORS_FALSE}"; then - as_fn_error "conditional \"USE_TEST_VECTORS\" was never defined. + as_fn_error $? "conditional \"USE_TEST_VECTORS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_CURL_TRUE}" && test -z "${USE_CURL_FALSE}"; then - as_fn_error "conditional \"USE_CURL\" was never defined. + as_fn_error $? "conditional \"USE_CURL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LDAP_TRUE}" && test -z "${USE_LDAP_FALSE}"; then - as_fn_error "conditional \"USE_LDAP\" was never defined. + as_fn_error $? "conditional \"USE_LDAP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_AES_TRUE}" && test -z "${USE_AES_FALSE}"; then - as_fn_error "conditional \"USE_AES\" was never defined. + as_fn_error $? "conditional \"USE_AES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_DES_TRUE}" && test -z "${USE_DES_FALSE}"; then - as_fn_error "conditional \"USE_DES\" was never defined. + as_fn_error $? "conditional \"USE_DES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_BLOWFISH_TRUE}" && test -z "${USE_BLOWFISH_FALSE}"; then - as_fn_error "conditional \"USE_BLOWFISH\" was never defined. + as_fn_error $? "conditional \"USE_BLOWFISH\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MD4_TRUE}" && test -z "${USE_MD4_FALSE}"; then - as_fn_error "conditional \"USE_MD4\" was never defined. + as_fn_error $? "conditional \"USE_MD4\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MD5_TRUE}" && test -z "${USE_MD5_FALSE}"; then - as_fn_error "conditional \"USE_MD5\" was never defined. + as_fn_error $? "conditional \"USE_MD5\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SHA1_TRUE}" && test -z "${USE_SHA1_FALSE}"; then - as_fn_error "conditional \"USE_SHA1\" was never defined. + as_fn_error $? "conditional \"USE_SHA1\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SHA2_TRUE}" && test -z "${USE_SHA2_FALSE}"; then - as_fn_error "conditional \"USE_SHA2\" was never defined. + as_fn_error $? "conditional \"USE_SHA2\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_FIPS_PRF_TRUE}" && test -z "${USE_FIPS_PRF_FALSE}"; then - as_fn_error "conditional \"USE_FIPS_PRF\" was never defined. + as_fn_error $? "conditional \"USE_FIPS_PRF\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_GMP_TRUE}" && test -z "${USE_GMP_FALSE}"; then - as_fn_error "conditional \"USE_GMP\" was never defined. + as_fn_error $? "conditional \"USE_GMP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_RANDOM_TRUE}" && test -z "${USE_RANDOM_FALSE}"; then - as_fn_error "conditional \"USE_RANDOM\" was never defined. + as_fn_error $? "conditional \"USE_RANDOM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_X509_TRUE}" && test -z "${USE_X509_FALSE}"; then - as_fn_error "conditional \"USE_X509\" was never defined. + as_fn_error $? "conditional \"USE_X509\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_REVOCATION_TRUE}" && test -z "${USE_REVOCATION_FALSE}"; then - as_fn_error "conditional \"USE_REVOCATION\" was never defined. + as_fn_error $? "conditional \"USE_REVOCATION\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PUBKEY_TRUE}" && test -z "${USE_PUBKEY_FALSE}"; then - as_fn_error "conditional \"USE_PUBKEY\" was never defined. + as_fn_error $? "conditional \"USE_PUBKEY\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PKCS1_TRUE}" && test -z "${USE_PKCS1_FALSE}"; then - as_fn_error "conditional \"USE_PKCS1\" was never defined. + as_fn_error $? "conditional \"USE_PKCS1\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PGP_TRUE}" && test -z "${USE_PGP_FALSE}"; then - as_fn_error "conditional \"USE_PGP\" was never defined. + as_fn_error $? "conditional \"USE_PGP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_DNSKEY_TRUE}" && test -z "${USE_DNSKEY_FALSE}"; then - as_fn_error "conditional \"USE_DNSKEY\" was never defined. + as_fn_error $? "conditional \"USE_DNSKEY\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PEM_TRUE}" && test -z "${USE_PEM_FALSE}"; then - as_fn_error "conditional \"USE_PEM\" was never defined. + as_fn_error $? "conditional \"USE_PEM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_HMAC_TRUE}" && test -z "${USE_HMAC_FALSE}"; then - as_fn_error "conditional \"USE_HMAC\" was never defined. + as_fn_error $? "conditional \"USE_HMAC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_XCBC_TRUE}" && test -z "${USE_XCBC_FALSE}"; then - as_fn_error "conditional \"USE_XCBC\" was never defined. + as_fn_error $? "conditional \"USE_XCBC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MYSQL_TRUE}" && test -z "${USE_MYSQL_FALSE}"; then - as_fn_error "conditional \"USE_MYSQL\" was never defined. + as_fn_error $? "conditional \"USE_MYSQL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SQLITE_TRUE}" && test -z "${USE_SQLITE_FALSE}"; then - as_fn_error "conditional \"USE_SQLITE\" was never defined. + as_fn_error $? "conditional \"USE_SQLITE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PADLOCK_TRUE}" && test -z "${USE_PADLOCK_FALSE}"; then - as_fn_error "conditional \"USE_PADLOCK\" was never defined. + as_fn_error $? "conditional \"USE_PADLOCK\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_OPENSSL_TRUE}" && test -z "${USE_OPENSSL_FALSE}"; then - as_fn_error "conditional \"USE_OPENSSL\" was never defined. + as_fn_error $? "conditional \"USE_OPENSSL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_GCRYPT_TRUE}" && test -z "${USE_GCRYPT_FALSE}"; then - as_fn_error "conditional \"USE_GCRYPT\" was never defined. + as_fn_error $? "conditional \"USE_GCRYPT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_AGENT_TRUE}" && test -z "${USE_AGENT_FALSE}"; then - as_fn_error "conditional \"USE_AGENT\" was never defined. + as_fn_error $? "conditional \"USE_AGENT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_PKCS11_TRUE}" && test -z "${USE_PKCS11_FALSE}"; then + as_fn_error $? "conditional \"USE_PKCS11\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_CTR_TRUE}" && test -z "${USE_CTR_FALSE}"; then + as_fn_error $? "conditional \"USE_CTR\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_CCM_TRUE}" && test -z "${USE_CCM_FALSE}"; then + as_fn_error $? "conditional \"USE_CCM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_GCM_TRUE}" && test -z "${USE_GCM_FALSE}"; then + as_fn_error $? "conditional \"USE_GCM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_STROKE_TRUE}" && test -z "${USE_STROKE_FALSE}"; then - as_fn_error "conditional \"USE_STROKE\" was never defined. + as_fn_error $? "conditional \"USE_STROKE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MEDSRV_TRUE}" && test -z "${USE_MEDSRV_FALSE}"; then - as_fn_error "conditional \"USE_MEDSRV\" was never defined. + as_fn_error $? "conditional \"USE_MEDSRV\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MEDCLI_TRUE}" && test -z "${USE_MEDCLI_FALSE}"; then - as_fn_error "conditional \"USE_MEDCLI\" was never defined. + as_fn_error $? "conditional \"USE_MEDCLI\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_NM_TRUE}" && test -z "${USE_NM_FALSE}"; then - as_fn_error "conditional \"USE_NM\" was never defined. + as_fn_error $? "conditional \"USE_NM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_UCI_TRUE}" && test -z "${USE_UCI_FALSE}"; then - as_fn_error "conditional \"USE_UCI\" was never defined. + as_fn_error $? "conditional \"USE_UCI\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_ANDROID_TRUE}" && test -z "${USE_ANDROID_FALSE}"; then - as_fn_error "conditional \"USE_ANDROID\" was never defined. + as_fn_error $? "conditional \"USE_ANDROID\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_MAEMO_TRUE}" && test -z "${USE_MAEMO_FALSE}"; then + as_fn_error $? "conditional \"USE_MAEMO\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SMP_TRUE}" && test -z "${USE_SMP_FALSE}"; then - as_fn_error "conditional \"USE_SMP\" was never defined. + as_fn_error $? "conditional \"USE_SMP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SQL_TRUE}" && test -z "${USE_SQL_FALSE}"; then - as_fn_error "conditional \"USE_SQL\" was never defined. + as_fn_error $? "conditional \"USE_SQL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_UPDOWN_TRUE}" && test -z "${USE_UPDOWN_FALSE}"; then - as_fn_error "conditional \"USE_UPDOWN\" was never defined. + as_fn_error $? "conditional \"USE_UPDOWN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_DHCP_TRUE}" && test -z "${USE_DHCP_FALSE}"; then - as_fn_error "conditional \"USE_DHCP\" was never defined. + as_fn_error $? "conditional \"USE_DHCP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_UNIT_TESTS_TRUE}" && test -z "${USE_UNIT_TESTS_FALSE}"; then - as_fn_error "conditional \"USE_UNIT_TESTS\" was never defined. + as_fn_error $? "conditional \"USE_UNIT_TESTS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LOAD_TESTER_TRUE}" && test -z "${USE_LOAD_TESTER_FALSE}"; then - as_fn_error "conditional \"USE_LOAD_TESTER\" was never defined. + as_fn_error $? "conditional \"USE_LOAD_TESTER\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_HA_TRUE}" && test -z "${USE_HA_FALSE}"; then - as_fn_error "conditional \"USE_HA\" was never defined. + as_fn_error $? "conditional \"USE_HA\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_LED_TRUE}" && test -z "${USE_LED_FALSE}"; then + as_fn_error $? "conditional \"USE_LED\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_SIM_TRUE}" && test -z "${USE_EAP_SIM_FALSE}"; then - as_fn_error "conditional \"USE_EAP_SIM\" was never defined. + as_fn_error $? "conditional \"USE_EAP_SIM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_SIM_FILE_TRUE}" && test -z "${USE_EAP_SIM_FILE_FALSE}"; then - as_fn_error "conditional \"USE_EAP_SIM_FILE\" was never defined. + as_fn_error $? "conditional \"USE_EAP_SIM_FILE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_SIMAKA_SQL_TRUE}" && test -z "${USE_EAP_SIMAKA_SQL_FALSE}"; then - as_fn_error "conditional \"USE_EAP_SIMAKA_SQL\" was never defined. + as_fn_error $? "conditional \"USE_EAP_SIMAKA_SQL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_SIMAKA_PSEUDONYM_TRUE}" && test -z "${USE_EAP_SIMAKA_PSEUDONYM_FALSE}"; then - as_fn_error "conditional \"USE_EAP_SIMAKA_PSEUDONYM\" was never defined. + as_fn_error $? "conditional \"USE_EAP_SIMAKA_PSEUDONYM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_SIMAKA_REAUTH_TRUE}" && test -z "${USE_EAP_SIMAKA_REAUTH_FALSE}"; then - as_fn_error "conditional \"USE_EAP_SIMAKA_REAUTH\" was never defined. + as_fn_error $? "conditional \"USE_EAP_SIMAKA_REAUTH\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_IDENTITY_TRUE}" && test -z "${USE_EAP_IDENTITY_FALSE}"; then - as_fn_error "conditional \"USE_EAP_IDENTITY\" was never defined. + as_fn_error $? "conditional \"USE_EAP_IDENTITY\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_MD5_TRUE}" && test -z "${USE_EAP_MD5_FALSE}"; then - as_fn_error "conditional \"USE_EAP_MD5\" was never defined. + as_fn_error $? "conditional \"USE_EAP_MD5\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_GTC_TRUE}" && test -z "${USE_EAP_GTC_FALSE}"; then - as_fn_error "conditional \"USE_EAP_GTC\" was never defined. + as_fn_error $? "conditional \"USE_EAP_GTC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_AKA_TRUE}" && test -z "${USE_EAP_AKA_FALSE}"; then - as_fn_error "conditional \"USE_EAP_AKA\" was never defined. + as_fn_error $? "conditional \"USE_EAP_AKA\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_AKA_3GPP2_TRUE}" && test -z "${USE_EAP_AKA_3GPP2_FALSE}"; then - as_fn_error "conditional \"USE_EAP_AKA_3GPP2\" was never defined. + as_fn_error $? "conditional \"USE_EAP_AKA_3GPP2\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_MSCHAPV2_TRUE}" && test -z "${USE_EAP_MSCHAPV2_FALSE}"; then - as_fn_error "conditional \"USE_EAP_MSCHAPV2\" was never defined. + as_fn_error $? "conditional \"USE_EAP_MSCHAPV2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_EAP_TLS_TRUE}" && test -z "${USE_EAP_TLS_FALSE}"; then + as_fn_error $? "conditional \"USE_EAP_TLS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_EAP_TTLS_TRUE}" && test -z "${USE_EAP_TTLS_FALSE}"; then + as_fn_error $? "conditional \"USE_EAP_TTLS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_EAP_TNC_TRUE}" && test -z "${USE_EAP_TNC_FALSE}"; then + as_fn_error $? "conditional \"USE_EAP_TNC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_EAP_RADIUS_TRUE}" && test -z "${USE_EAP_RADIUS_FALSE}"; then - as_fn_error "conditional \"USE_EAP_RADIUS\" was never defined. + as_fn_error $? "conditional \"USE_EAP_RADIUS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${USE_KERNEL_NETLINK_TRUE}" && test -z "${USE_KERNEL_NETLINK_FALSE}"; then - as_fn_error "conditional \"USE_KERNEL_NETLINK\" was never defined. +if test -z "${USE_TNC_IMC_TRUE}" && test -z "${USE_TNC_IMC_FALSE}"; then + as_fn_error $? "conditional \"USE_TNC_IMC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${USE_KERNEL_PFKEY_TRUE}" && test -z "${USE_KERNEL_PFKEY_FALSE}"; then - as_fn_error "conditional \"USE_KERNEL_PFKEY\" was never defined. +if test -z "${USE_TNC_IMV_TRUE}" && test -z "${USE_TNC_IMV_FALSE}"; then + as_fn_error $? "conditional \"USE_TNC_IMV\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${USE_KERNEL_PFROUTE_TRUE}" && test -z "${USE_KERNEL_PFROUTE_FALSE}"; then - as_fn_error "conditional \"USE_KERNEL_PFROUTE\" was never defined. +if test -z "${USE_TNCCS_11_TRUE}" && test -z "${USE_TNCCS_11_FALSE}"; then + as_fn_error $? "conditional \"USE_TNCCS_11\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${USE_KERNEL_KLIPS_TRUE}" && test -z "${USE_KERNEL_KLIPS_FALSE}"; then - as_fn_error "conditional \"USE_KERNEL_KLIPS\" was never defined. +if test -z "${USE_TNCCS_20_TRUE}" && test -z "${USE_TNCCS_20_FALSE}"; then + as_fn_error $? "conditional \"USE_TNCCS_20\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SOCKET_DEFAULT_TRUE}" && test -z "${USE_SOCKET_DEFAULT_FALSE}"; then - as_fn_error "conditional \"USE_SOCKET_DEFAULT\" was never defined. + as_fn_error $? "conditional \"USE_SOCKET_DEFAULT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SOCKET_RAW_TRUE}" && test -z "${USE_SOCKET_RAW_FALSE}"; then - as_fn_error "conditional \"USE_SOCKET_RAW\" was never defined. + as_fn_error $? "conditional \"USE_SOCKET_RAW\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SOCKET_DYNAMIC_TRUE}" && test -z "${USE_SOCKET_DYNAMIC_FALSE}"; then - as_fn_error "conditional \"USE_SOCKET_DYNAMIC\" was never defined. + as_fn_error $? "conditional \"USE_SOCKET_DYNAMIC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_FARP_TRUE}" && test -z "${USE_FARP_FALSE}"; then - as_fn_error "conditional \"USE_FARP\" was never defined. + as_fn_error $? "conditional \"USE_FARP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_ADDRBLOCK_TRUE}" && test -z "${USE_ADDRBLOCK_FALSE}"; then - as_fn_error "conditional \"USE_ADDRBLOCK\" was never defined. + as_fn_error $? "conditional \"USE_ADDRBLOCK\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_ATTR_TRUE}" && test -z "${USE_ATTR_FALSE}"; then - as_fn_error "conditional \"USE_ATTR\" was never defined. + as_fn_error $? "conditional \"USE_ATTR\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_ATTR_SQL_TRUE}" && test -z "${USE_ATTR_SQL_FALSE}"; then - as_fn_error "conditional \"USE_ATTR_SQL\" was never defined. + as_fn_error $? "conditional \"USE_ATTR_SQL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_KERNEL_KLIPS_TRUE}" && test -z "${USE_KERNEL_KLIPS_FALSE}"; then + as_fn_error $? "conditional \"USE_KERNEL_KLIPS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_KERNEL_NETLINK_TRUE}" && test -z "${USE_KERNEL_NETLINK_FALSE}"; then + as_fn_error $? "conditional \"USE_KERNEL_NETLINK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_KERNEL_PFKEY_TRUE}" && test -z "${USE_KERNEL_PFKEY_FALSE}"; then + as_fn_error $? "conditional \"USE_KERNEL_PFKEY\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_KERNEL_PFROUTE_TRUE}" && test -z "${USE_KERNEL_PFROUTE_FALSE}"; then + as_fn_error $? "conditional \"USE_KERNEL_PFROUTE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_RESOLVE_TRUE}" && test -z "${USE_RESOLVE_FALSE}"; then - as_fn_error "conditional \"USE_RESOLVE\" was never defined. + as_fn_error $? "conditional \"USE_RESOLVE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_XAUTH_TRUE}" && test -z "${USE_XAUTH_FALSE}"; then - as_fn_error "conditional \"USE_XAUTH\" was never defined. + as_fn_error $? "conditional \"USE_XAUTH\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SMARTCARD_TRUE}" && test -z "${USE_SMARTCARD_FALSE}"; then - as_fn_error "conditional \"USE_SMARTCARD\" was never defined. + as_fn_error $? "conditional \"USE_SMARTCARD\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_CISCO_QUIRKS_TRUE}" && test -z "${USE_CISCO_QUIRKS_FALSE}"; then - as_fn_error "conditional \"USE_CISCO_QUIRKS\" was never defined. + as_fn_error $? "conditional \"USE_CISCO_QUIRKS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LEAK_DETECTIVE_TRUE}" && test -z "${USE_LEAK_DETECTIVE_FALSE}"; then - as_fn_error "conditional \"USE_LEAK_DETECTIVE\" was never defined. + as_fn_error $? "conditional \"USE_LEAK_DETECTIVE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LOCK_PROFILER_TRUE}" && test -z "${USE_LOCK_PROFILER_FALSE}"; then - as_fn_error "conditional \"USE_LOCK_PROFILER\" was never defined. + as_fn_error $? "conditional \"USE_LOCK_PROFILER\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_NAT_TRANSPORT_TRUE}" && test -z "${USE_NAT_TRANSPORT_FALSE}"; then - as_fn_error "conditional \"USE_NAT_TRANSPORT\" was never defined. + as_fn_error $? "conditional \"USE_NAT_TRANSPORT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_VENDORID_TRUE}" && test -z "${USE_VENDORID_FALSE}"; then - as_fn_error "conditional \"USE_VENDORID\" was never defined. + as_fn_error $? "conditional \"USE_VENDORID\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_XAUTH_VID_TRUE}" && test -z "${USE_XAUTH_VID_FALSE}"; then - as_fn_error "conditional \"USE_XAUTH_VID\" was never defined. + as_fn_error $? "conditional \"USE_XAUTH_VID\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_DUMM_TRUE}" && test -z "${USE_DUMM_FALSE}"; then - as_fn_error "conditional \"USE_DUMM\" was never defined. + as_fn_error $? "conditional \"USE_DUMM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_FAST_TRUE}" && test -z "${USE_FAST_FALSE}"; then - as_fn_error "conditional \"USE_FAST\" was never defined. + as_fn_error $? "conditional \"USE_FAST\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_MANAGER_TRUE}" && test -z "${USE_MANAGER_FALSE}"; then - as_fn_error "conditional \"USE_MANAGER\" was never defined. + as_fn_error $? "conditional \"USE_MANAGER\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_ME_TRUE}" && test -z "${USE_ME_FALSE}"; then - as_fn_error "conditional \"USE_ME\" was never defined. + as_fn_error $? "conditional \"USE_ME\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_INTEGRITY_TEST_TRUE}" && test -z "${USE_INTEGRITY_TEST_FALSE}"; then - as_fn_error "conditional \"USE_INTEGRITY_TEST\" was never defined. + as_fn_error $? "conditional \"USE_INTEGRITY_TEST\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LOAD_WARNING_TRUE}" && test -z "${USE_LOAD_WARNING_FALSE}"; then - as_fn_error "conditional \"USE_LOAD_WARNING\" was never defined. + as_fn_error $? "conditional \"USE_LOAD_WARNING\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_PLUTO_TRUE}" && test -z "${USE_PLUTO_FALSE}"; then - as_fn_error "conditional \"USE_PLUTO\" was never defined. + as_fn_error $? "conditional \"USE_PLUTO\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_THREADS_TRUE}" && test -z "${USE_THREADS_FALSE}"; then - as_fn_error "conditional \"USE_THREADS\" was never defined. + as_fn_error $? "conditional \"USE_THREADS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_CHARON_TRUE}" && test -z "${USE_CHARON_FALSE}"; then - as_fn_error "conditional \"USE_CHARON\" was never defined. + as_fn_error $? "conditional \"USE_CHARON\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_TOOLS_TRUE}" && test -z "${USE_TOOLS_FALSE}"; then - as_fn_error "conditional \"USE_TOOLS\" was never defined. + as_fn_error $? "conditional \"USE_TOOLS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SCRIPTS_TRUE}" && test -z "${USE_SCRIPTS_FALSE}"; then - as_fn_error "conditional \"USE_SCRIPTS\" was never defined. + as_fn_error $? "conditional \"USE_SCRIPTS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LIBSTRONGSWAN_TRUE}" && test -z "${USE_LIBSTRONGSWAN_FALSE}"; then - as_fn_error "conditional \"USE_LIBSTRONGSWAN\" was never defined. + as_fn_error $? "conditional \"USE_LIBSTRONGSWAN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LIBHYDRA_TRUE}" && test -z "${USE_LIBHYDRA_FALSE}"; then - as_fn_error "conditional \"USE_LIBHYDRA\" was never defined. + as_fn_error $? "conditional \"USE_LIBHYDRA\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_FILE_CONFIG_TRUE}" && test -z "${USE_FILE_CONFIG_FALSE}"; then - as_fn_error "conditional \"USE_FILE_CONFIG\" was never defined. + as_fn_error $? "conditional \"USE_FILE_CONFIG\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_LIBCAP_TRUE}" && test -z "${USE_LIBCAP_FALSE}"; then - as_fn_error "conditional \"USE_LIBCAP\" was never defined. + as_fn_error $? "conditional \"USE_LIBCAP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_VSTR_TRUE}" && test -z "${USE_VSTR_FALSE}"; then - as_fn_error "conditional \"USE_VSTR\" was never defined. + as_fn_error $? "conditional \"USE_VSTR\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SIMAKA_TRUE}" && test -z "${USE_SIMAKA_FALSE}"; then - as_fn_error "conditional \"USE_SIMAKA\" was never defined. + as_fn_error $? "conditional \"USE_SIMAKA\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_TLS_TRUE}" && test -z "${USE_TLS_FALSE}"; then + as_fn_error $? "conditional \"USE_TLS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${MONOLITHIC_TRUE}" && test -z "${MONOLITHIC_FALSE}"; then - as_fn_error "conditional \"MONOLITHIC\" was never defined. + as_fn_error $? "conditional \"MONOLITHIC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi @@ -17611,19 +18712,19 @@ export LANGUAGE (unset CDPATH) >/dev/null 2>&1 && unset CDPATH -# as_fn_error ERROR [LINENO LOG_FD] -# --------------------------------- +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with status $?, using 1 if that was 0. +# script with STATUS, using 1 if that was 0. as_fn_error () { - as_status=$?; test $as_status -eq 0 && as_status=1 - if test "$3"; then - as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi - $as_echo "$as_me: error: $1" >&2 + $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error @@ -17819,7 +18920,7 @@ $as_echo X"$as_dir" | test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p @@ -17872,8 +18973,8 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by strongSwan $as_me 4.4.1, which was -generated by GNU Autoconf 2.65. Invocation command line was +This file was extended by strongSwan $as_me 4.5.0, which was +generated by GNU Autoconf 2.67. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -17929,11 +19030,11 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -strongSwan config.status 4.4.1 -configured by $0, generated by GNU Autoconf 2.65, +strongSwan config.status 4.5.0 +configured by $0, generated by GNU Autoconf 2.67, with options \\"\$ac_cs_config\\" -Copyright (C) 2009 Free Software Foundation, Inc. +Copyright (C) 2010 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -17951,11 +19052,16 @@ ac_need_defaults=: while test $# != 0 do case $1 in - --*=*) + --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; *) ac_option=$1 ac_optarg=$2 @@ -17977,6 +19083,7 @@ do $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; @@ -17987,7 +19094,7 @@ do ac_cs_silent=: ;; # This is an error. - -*) as_fn_error "unrecognized option: \`$1' + -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" @@ -18299,6 +19406,7 @@ do "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "src/include/Makefile") CONFIG_FILES="$CONFIG_FILES src/include/Makefile" ;; "src/libstrongswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/Makefile" ;; @@ -18329,13 +19437,22 @@ do "src/libstrongswan/plugins/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/openssl/Makefile" ;; "src/libstrongswan/plugins/gcrypt/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/gcrypt/Makefile" ;; "src/libstrongswan/plugins/agent/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/agent/Makefile" ;; + "src/libstrongswan/plugins/pkcs11/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/pkcs11/Makefile" ;; + "src/libstrongswan/plugins/ctr/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/ctr/Makefile" ;; + "src/libstrongswan/plugins/ccm/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/ccm/Makefile" ;; + "src/libstrongswan/plugins/gcm/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/gcm/Makefile" ;; "src/libstrongswan/plugins/test_vectors/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/test_vectors/Makefile" ;; "src/libhydra/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/Makefile" ;; "src/libhydra/plugins/attr/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/attr/Makefile" ;; "src/libhydra/plugins/attr_sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/attr_sql/Makefile" ;; + "src/libhydra/plugins/kernel_klips/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/kernel_klips/Makefile" ;; + "src/libhydra/plugins/kernel_netlink/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/kernel_netlink/Makefile" ;; + "src/libhydra/plugins/kernel_pfkey/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/kernel_pfkey/Makefile" ;; + "src/libhydra/plugins/kernel_pfroute/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/kernel_pfroute/Makefile" ;; "src/libhydra/plugins/resolve/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/resolve/Makefile" ;; "src/libfreeswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libfreeswan/Makefile" ;; "src/libsimaka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libsimaka/Makefile" ;; + "src/libtls/Makefile") CONFIG_FILES="$CONFIG_FILES src/libtls/Makefile" ;; "src/pluto/Makefile") CONFIG_FILES="$CONFIG_FILES src/pluto/Makefile" ;; "src/pluto/plugins/xauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/pluto/plugins/xauth/Makefile" ;; "src/whack/Makefile") CONFIG_FILES="$CONFIG_FILES src/whack/Makefile" ;; @@ -18352,11 +19469,14 @@ do "src/libcharon/plugins/eap_simaka_pseudonym/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_simaka_pseudonym/Makefile" ;; "src/libcharon/plugins/eap_simaka_reauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_simaka_reauth/Makefile" ;; "src/libcharon/plugins/eap_mschapv2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_mschapv2/Makefile" ;; + "src/libcharon/plugins/eap_tls/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_tls/Makefile" ;; + "src/libcharon/plugins/eap_ttls/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_ttls/Makefile" ;; + "src/libcharon/plugins/eap_tnc/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_tnc/Makefile" ;; "src/libcharon/plugins/eap_radius/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_radius/Makefile" ;; - "src/libcharon/plugins/kernel_netlink/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_netlink/Makefile" ;; - "src/libcharon/plugins/kernel_pfkey/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_pfkey/Makefile" ;; - "src/libcharon/plugins/kernel_pfroute/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_pfroute/Makefile" ;; - "src/libcharon/plugins/kernel_klips/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_klips/Makefile" ;; + "src/libcharon/plugins/tnc_imc/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnc_imc/Makefile" ;; + "src/libcharon/plugins/tnc_imv/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnc_imv/Makefile" ;; + "src/libcharon/plugins/tnccs_11/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnccs_11/Makefile" ;; + "src/libcharon/plugins/tnccs_20/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnccs_20/Makefile" ;; "src/libcharon/plugins/socket_default/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_default/Makefile" ;; "src/libcharon/plugins/socket_raw/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_raw/Makefile" ;; "src/libcharon/plugins/socket_dynamic/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_dynamic/Makefile" ;; @@ -18369,7 +19489,9 @@ do "src/libcharon/plugins/addrblock/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/addrblock/Makefile" ;; "src/libcharon/plugins/uci/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/uci/Makefile" ;; "src/libcharon/plugins/ha/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/ha/Makefile" ;; + "src/libcharon/plugins/led/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/led/Makefile" ;; "src/libcharon/plugins/android/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/android/Makefile" ;; + "src/libcharon/plugins/maemo/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/maemo/Makefile" ;; "src/libcharon/plugins/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/stroke/Makefile" ;; "src/libcharon/plugins/updown/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/updown/Makefile" ;; "src/libcharon/plugins/dhcp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/dhcp/Makefile" ;; @@ -18393,7 +19515,7 @@ do "scripts/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/Makefile" ;; "testing/Makefile") CONFIG_FILES="$CONFIG_FILES testing/Makefile" ;; - *) as_fn_error "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5 ;; esac done @@ -18430,7 +19552,7 @@ $debug || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") -} || as_fn_error "cannot create a temporary directory in ." "$LINENO" 5 +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. @@ -18447,7 +19569,7 @@ if test "x$ac_cr" = x; then fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then - ac_cs_awk_cr='\r' + ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi @@ -18461,18 +19583,18 @@ _ACEOF echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || - as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 -ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'` + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || - as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then - as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi @@ -18561,20 +19683,28 @@ if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then else cat fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \ - || as_fn_error "could not setup config files machinery" "$LINENO" 5 + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF -# VPATH may cause trouble with some makes, so we remove $(srcdir), -# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then - ac_vpsub='/^[ ]*VPATH[ ]*=/{ -s/:*\$(srcdir):*/:/ -s/:*\${srcdir}:*/:/ -s/:*@srcdir@:*/:/ -s/^\([^=]*=[ ]*\):*/\1/ + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// s/^[^=]*=[ ]*$// }' fi @@ -18592,7 +19722,7 @@ do esac case $ac_mode$ac_tag in :[FHL]*:*);; - :L* | :C*:*) as_fn_error "invalid tag \`$ac_tag'" "$LINENO" 5;; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5 ;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac @@ -18620,7 +19750,7 @@ do [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || - as_fn_error "cannot find input file: \`$ac_f'" "$LINENO" 5;; + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5 ;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" @@ -18647,7 +19777,7 @@ $as_echo "$as_me: creating $ac_file" >&6;} case $ac_tag in *:-:* | *:-) cat >"$tmp/stdin" \ - || as_fn_error "could not create $ac_file" "$LINENO" 5 ;; + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac @@ -18784,22 +19914,22 @@ s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \ - || as_fn_error "could not create $ac_file" "$LINENO" 5 + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined." >&5 +which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined." >&2;} +which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$tmp/stdin" case $ac_file in -) cat "$tmp/out" && rm -f "$tmp/out";; *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";; esac \ - || as_fn_error "could not create $ac_file" "$LINENO" 5 + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; @@ -19550,7 +20680,7 @@ _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || - as_fn_error "write failure creating $CONFIG_STATUS" "$LINENO" 5 + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. @@ -19571,7 +20701,7 @@ if test "$no_create" != yes; then exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. - $ac_cs_success || as_fn_exit $? + $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 diff --git a/configure.in b/configure.in index d829071ea..83c35d614 100644 --- a/configure.in +++ b/configure.in @@ -16,7 +16,7 @@ dnl =========================== dnl initialize & set some vars dnl =========================== -AC_INIT(strongSwan,4.4.1) +AC_INIT(strongSwan,4.5.0) AM_INIT_AUTOMAKE(tar-ustar) AC_CONFIG_MACRO_DIR([m4/config]) PKG_PROG_PKG_CONFIG @@ -100,18 +100,25 @@ ARG_ENABL_SET([leak-detective], [enable malloc hooks to find memory leaks.]) ARG_ENABL_SET([lock-profiler], [enable lock/mutex profiling code.]) ARG_ENABL_SET([unit-tests], [enable unit tests on IKEv2 daemon startup.]) ARG_ENABL_SET([load-tester], [enable load testing plugin for IKEv2 daemon.]) -ARG_ENABL_SET([eap-sim], [enable SIM authenication module for EAP.]) +ARG_ENABL_SET([eap-sim], [enable SIM authentication module for EAP.]) ARG_ENABL_SET([eap-sim-file], [enable EAP-SIM backend based on a triplet file.]) ARG_ENABL_SET([eap-simaka-sql], [enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database.]) ARG_ENABL_SET([eap-simaka-pseudonym], [enable EAP-SIM/AKA pseudonym storage plugin.]) ARG_ENABL_SET([eap-simaka-reauth], [enable EAP-SIM/AKA reauthentication data storage plugin.]) ARG_ENABL_SET([eap-identity], [enable EAP module providing EAP-Identity helper.]) -ARG_ENABL_SET([eap-md5], [enable EAP MD5 (CHAP) authenication module.]) -ARG_ENABL_SET([eap-gtc], [enable PAM based EAP GTC authenication module.]) +ARG_ENABL_SET([eap-md5], [enable EAP MD5 (CHAP) authentication module.]) +ARG_ENABL_SET([eap-gtc], [enable PAM based EAP GTC authentication module.]) ARG_ENABL_SET([eap-aka], [enable EAP AKA authentication module.]) ARG_ENABL_SET([eap-aka-3gpp2], [enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp.]) -ARG_ENABL_SET([eap-mschapv2], [enable EAP MS-CHAPv2 authenication module.]) -ARG_ENABL_SET([eap-radius], [enable RADIUS proxy authenication module.]) +ARG_ENABL_SET([eap-mschapv2], [enable EAP MS-CHAPv2 authentication module.]) +ARG_ENABL_SET([eap-tls], [enable EAP TLS authentication module.]) +ARG_ENABL_SET([eap-ttls], [enable EAP TTLS authentication module.]) +ARG_ENABL_SET([eap-tnc], [enable EAP TNC trusted network connect module.]) +ARG_ENABL_SET([eap-radius], [enable RADIUS proxy authentication module.]) +ARG_ENABL_SET([tnc-imc], [enable TNC IMC module.]) +ARG_ENABL_SET([tnc-imv], [enable TNC IMV module.]) +ARG_ENABL_SET([tnccs-11], [enable TNCCS 1.1 protocol module.]) +ARG_ENABL_SET([tnccs-20], [enable TNCCS 2.0 protocol module.]) ARG_DISBL_SET([kernel-netlink], [disable the netlink kernel interface.]) ARG_ENABL_SET([kernel-pfkey], [enable the PF_KEY kernel interface.]) ARG_ENABL_SET([kernel-pfroute], [enable the PF_ROUTE kernel interface.]) @@ -144,11 +151,17 @@ ARG_ENABL_SET([padlock], [enables VIA Padlock crypto plugin.]) ARG_ENABL_SET([openssl], [enables the OpenSSL crypto plugin.]) ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.]) ARG_ENABL_SET([agent], [enables the ssh-agent signing plugin.]) +ARG_ENABL_SET([pkcs11], [enables the PKCS11 token support plugin.]) +ARG_ENABL_SET([ctr], [enables the Counter Mode wrapper crypto plugin.]) +ARG_ENABL_SET([ccm], [enables the CCM AEAD wrapper crypto plugin.]) +ARG_ENABL_SET([gcm], [enables the GCM AEAD wrapper crypto plugin.]) ARG_ENABL_SET([addrblock], [enables RFC 3779 address block constraint support.]) ARG_ENABL_SET([uci], [enable OpenWRT UCI configuration plugin.]) ARG_ENABL_SET([android], [enable Android specific plugin.]) +ARG_ENABL_SET([maemo], [enable Maemo specific plugin.]) ARG_ENABL_SET([nm], [enable NetworkManager plugin.]) ARG_ENABL_SET([ha], [enable high availability cluster plugin.]) +ARG_ENABL_SET([led], [enable plugin to control LEDs on IKEv2 activity using the Linux kernel LED subsystem.]) ARG_ENABL_SET([vstr], [enforce using the Vstr string library to replace glibc-like printf hooks.]) ARG_ENABL_SET([monolithic], [build monolithic version of libstrongswan that includes all enabled plugins. Similarly, the plugins of charon are assembled in libcharon.]) @@ -224,6 +237,10 @@ if test x$eap_sim = xtrue; then simaka=true; fi +if test x$eap_tls = xtrue -o x$eap_ttls = xtrue; then + tls=true; +fi + if test x$fips_prf = xtrue; then if test x$openssl = xfalse; then sha1=true; @@ -590,6 +607,10 @@ if test x$gcrypt = xtrue; then ) fi +if test x$tnccs_11 = xtrue -o x$tnc_imc = xtrue -o x$tnc_imv = xtrue; then + AC_CHECK_HEADER([libtnc.h],,[AC_MSG_ERROR([libtnc header libtnc.h not found!])]) +fi + if test x$uci = xtrue; then AC_HAVE_LIBRARY([uci],[LIBS="$LIBS"],[AC_MSG_ERROR([UCI library libuci not found])]) AC_CHECK_HEADER([uci.h],,[AC_MSG_ERROR([UCI header uci.h not found!])]) @@ -604,6 +625,14 @@ if test x$android = xtrue; then AC_SUBST(DLLIB) fi +if test x$maemo = xtrue; then + PKG_CHECK_MODULES(maemo, [glib-2.0 gthread-2.0 libosso osso-af-settings]) + AC_SUBST(maemo_CFLAGS) + AC_SUBST(maemo_LIBS) + dbusservicedir="/usr/share/dbus-1/system-services" + AC_SUBST(dbusservicedir) +fi + if test x$nm = xtrue; then PKG_CHECK_EXISTS([libnm-glib], [PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn])], @@ -654,136 +683,124 @@ if test x$integrity_test = xtrue; then ) fi -dnl ========================================================== -dnl collect all plugins for libstrongswan, libhydra and pluto -dnl ========================================================== +dnl ============================================== +dnl collect plugin list for strongSwan components +dnl ============================================== -libstrongswan_plugins= -libhydra_plugins= -pluto_plugins= +m4_include(m4/macros/add-plugin.m4) -if test x$test_vectors = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" test-vectors" - pluto_plugins=${pluto_plugins}" test-vectors" -fi -if test x$curl = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" curl" - pluto_plugins=${pluto_plugins}" curl" -fi -if test x$ldap = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" ldap" - pluto_plugins=${pluto_plugins}" ldap" -fi -if test x$aes = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" aes" - pluto_plugins=${pluto_plugins}" aes" -fi -if test x$des = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" des" - pluto_plugins=${pluto_plugins}" des" -fi -if test x$blowfish = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" blowfish" - pluto_plugins=${pluto_plugins}" blowfish" -fi -if test x$sha1 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" sha1" - pluto_plugins=${pluto_plugins}" sha1" -fi -if test x$sha2 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" sha2" - pluto_plugins=${pluto_plugins}" sha2" -fi -if test x$md4 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" md4" -fi -if test x$md5 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" md5" - pluto_plugins=${pluto_plugins}" md5" -fi -if test x$random = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" random" - pluto_plugins=${pluto_plugins}" random" -fi -if test x$x509 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" x509" - pluto_plugins=${pluto_plugins}" x509" -fi -if test x$revocation = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" revocation" -fi -if test x$pubkey = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pubkey" - pluto_plugins=${pluto_plugins}" pubkey" -fi -if test x$pkcs1 = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pkcs1" - pluto_plugins=${pluto_plugins}" pkcs1" -fi -if test x$pgp = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pgp" - pluto_plugins=${pluto_plugins}" pgp" -fi -if test x$dnskey = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" dnskey" - pluto_plugins=${pluto_plugins}" dnskey" -fi -if test x$pem = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" pem" - pluto_plugins=${pluto_plugins}" pem" -fi -if test x$mysql = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" mysql" - pluto_plugins=${pluto_plugins}" mysql" -fi -if test x$sqlite = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" sqlite" - pluto_plugins=${pluto_plugins}" sqlite" -fi -if test x$padlock = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" padlock" -fi -if test x$openssl = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" openssl" - pluto_plugins=${pluto_plugins}" openssl" -fi -if test x$gcrypt = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" gcrypt" - pluto_plugins=${pluto_plugins}" gcrypt" -fi -if test x$fips_prf = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" fips-prf" -fi -if test x$xcbc = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" xcbc" -fi -if test x$hmac = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" hmac" - pluto_plugins=${pluto_plugins}" hmac" -fi -if test x$agent = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" agent" -fi -if test x$gmp = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" gmp" - pluto_plugins=${pluto_plugins}" gmp" -fi -if test x$xauth = xtrue; then - pluto_plugins=${pluto_plugins}" xauth" -fi -if test x$attr = xtrue; then - libhydra_plugins=${libhydra_plugins}" attr" -fi -if test x$attr_sql = xtrue -o x$sql = xtrue; then - libhydra_plugins=${libhydra_plugins}" attr-sql" -fi -if test x$resolve = xtrue; then - libhydra_plugins=${libhydra_plugins}" resolve" -fi - -AC_SUBST(libstrongswan_plugins) -AC_SUBST(libhydra_plugins) +# plugin lists for all components +libcharon_plugins= +pluto_plugins= +pool_plugins= +openac_plugins= +scepclient_plugins= +pki_plugins= +scripts_plugins= +manager_plugins= +medsrv_plugins= + +# location specific lists for checksumming, +# for src/libcharon, src/pluto, src/libhydra and src/libstrongswan +c_plugins= +p_plugins= +h_plugins= +s_plugins= + +ADD_PLUGIN([test-vectors], [s libcharon pluto openac scepclient pki]) +ADD_PLUGIN([curl], [s libcharon pluto scepclient]) +ADD_PLUGIN([ldap], [s libcharon pluto scepclient]) +ADD_PLUGIN([mysql], [s libcharon pluto pool manager medsrv]) +ADD_PLUGIN([sqlite], [s libcharon pluto pool manager medsrv]) +ADD_PLUGIN([aes], [s libcharon pluto openac scepclient pki scripts]) +ADD_PLUGIN([des], [s libcharon pluto openac scepclient pki scripts]) +ADD_PLUGIN([blowfish], [s libcharon pluto openac scepclient pki scripts]) +ADD_PLUGIN([sha1], [s libcharon pluto openac scepclient pki scripts medsrv]) +ADD_PLUGIN([sha2], [s libcharon pluto openac scepclient pki scripts medsrv]) +ADD_PLUGIN([md4], [s libcharon openac manager scepclient pki]) +ADD_PLUGIN([md5], [s libcharon pluto openac scepclient pki]) +ADD_PLUGIN([random], [s libcharon pluto openac scepclient pki scripts medsrv]) +ADD_PLUGIN([x509], [s libcharon pluto openac scepclient pki scripts]) +ADD_PLUGIN([revocation], [s libcharon]) +ADD_PLUGIN([pubkey], [s libcharon]) +ADD_PLUGIN([pkcs1], [s libcharon pluto openac scepclient pki scripts manager medsrv]) +ADD_PLUGIN([pgp], [s libcharon pluto]) +ADD_PLUGIN([dnskey], [s pluto]) +ADD_PLUGIN([pem], [s libcharon pluto openac scepclient pki scripts manager medsrv]) +ADD_PLUGIN([padlock], [s libcharon]) +ADD_PLUGIN([openssl], [s libcharon pluto openac scepclient pki scripts manager medsrv]) +ADD_PLUGIN([gcrypt], [s libcharon pluto openac scepclient pki scripts manager medsrv]) +ADD_PLUGIN([fips-prf], [s libcharon]) +ADD_PLUGIN([gmp], [s libcharon pluto openac scepclient pki scripts manager medsrv]) +ADD_PLUGIN([agent], [s libcharon]) +ADD_PLUGIN([pkcs11], [s libcharon pki]) +ADD_PLUGIN([xcbc], [s libcharon]) +ADD_PLUGIN([hmac], [s libcharon pluto scripts]) +ADD_PLUGIN([ctr], [s libcharon scripts]) +ADD_PLUGIN([ccm], [s libcharon scripts]) +ADD_PLUGIN([gcm], [s libcharon scripts]) +ADD_PLUGIN([xauth], [p pluto]) +ADD_PLUGIN([attr], [h libcharon pluto]) +ADD_PLUGIN([attr-sql], [h libcharon pluto]) +ADD_PLUGIN([kernel-pfkey], [h libcharon pluto]) +ADD_PLUGIN([kernel-pfroute], [h libcharon pluto]) +ADD_PLUGIN([kernel-klips], [h libcharon pluto]) +ADD_PLUGIN([kernel-netlink], [h libcharon pluto]) +ADD_PLUGIN([resolve], [h libcharon pluto]) +ADD_PLUGIN([load-tester], [c libcharon]) +ADD_PLUGIN([socket-default], [c libcharon]) +ADD_PLUGIN([socket-raw], [c libcharon]) +ADD_PLUGIN([socket-dynamic], [c libcharon]) +ADD_PLUGIN([farp], [c libcharon]) +ADD_PLUGIN([stroke], [c libcharon]) +ADD_PLUGIN([smp], [c libcharon]) +ADD_PLUGIN([sql], [c libcharon]) +ADD_PLUGIN([updown], [c libcharon]) +ADD_PLUGIN([eap-identity], [c libcharon]) +ADD_PLUGIN([eap-sim], [c libcharon]) +ADD_PLUGIN([eap-sim-file], [c libcharon]) +ADD_PLUGIN([eap-simaka-sql], [c libcharon]) +ADD_PLUGIN([eap-simaka-pseudonym], [c libcharon]) +ADD_PLUGIN([eap-simaka-reauth], [c libcharon]) +ADD_PLUGIN([eap-aka], [c libcharon]) +ADD_PLUGIN([eap-aka-3gpp2], [c libcharon]) +ADD_PLUGIN([eap-md5], [c libcharon]) +ADD_PLUGIN([eap-gtc], [c libcharon]) +ADD_PLUGIN([eap-mschapv2], [c libcharon]) +ADD_PLUGIN([eap-radius], [c libcharon]) +ADD_PLUGIN([eap-tls], [c libcharon]) +ADD_PLUGIN([eap-ttls], [c libcharon]) +ADD_PLUGIN([eap-tnc], [c libcharon]) +ADD_PLUGIN([tnc-imc], [c libcharon]) +ADD_PLUGIN([tnc-imv], [c libcharon]) +ADD_PLUGIN([tnccs-11], [c libcharon]) +ADD_PLUGIN([tnccs-20], [c libcharon]) +ADD_PLUGIN([medsrv], [c libcharon]) +ADD_PLUGIN([medcli], [c libcharon]) +ADD_PLUGIN([nm], [c libcharon]) +ADD_PLUGIN([dhcp], [c libcharon]) +ADD_PLUGIN([android], [c libcharon]) +ADD_PLUGIN([ha], [c libcharon]) +ADD_PLUGIN([led], [c libcharon]) +ADD_PLUGIN([maemo], [c libcharon]) +ADD_PLUGIN([uci], [c libcharon]) +ADD_PLUGIN([addrblock], [c libcharon]) +ADD_PLUGIN([unit-tester], [c libcharon]) + +AC_SUBST(libcharon_plugins) AC_SUBST(pluto_plugins) +AC_SUBST(pool_plugins) +AC_SUBST(openac_plugins) +AC_SUBST(scepclient_plugins) +AC_SUBST(pki_plugins) +AC_SUBST(scripts_plugins) +AC_SUBST(manager_plugins) +AC_SUBST(medsrv_plugins) + +AC_SUBST(c_plugins) +AC_SUBST(p_plugins) +AC_SUBST(h_plugins) +AC_SUBST(s_plugins) dnl ========================= dnl set Makefile.am vars @@ -819,6 +836,10 @@ AM_CONDITIONAL(USE_PADLOCK, test x$padlock = xtrue) AM_CONDITIONAL(USE_OPENSSL, test x$openssl = xtrue) AM_CONDITIONAL(USE_GCRYPT, test x$gcrypt = xtrue) AM_CONDITIONAL(USE_AGENT, test x$agent = xtrue) +AM_CONDITIONAL(USE_PKCS11, test x$pkcs11 = xtrue) +AM_CONDITIONAL(USE_CTR, test x$ctr = xtrue) +AM_CONDITIONAL(USE_CCM, test x$ccm = xtrue) +AM_CONDITIONAL(USE_GCM, test x$gcm = xtrue) dnl charon plugins dnl ============== @@ -828,6 +849,7 @@ AM_CONDITIONAL(USE_MEDCLI, test x$medcli = xtrue) AM_CONDITIONAL(USE_NM, test x$nm = xtrue) AM_CONDITIONAL(USE_UCI, test x$uci = xtrue) AM_CONDITIONAL(USE_ANDROID, test x$android = xtrue) +AM_CONDITIONAL(USE_MAEMO, test x$maemo = xtrue) AM_CONDITIONAL(USE_SMP, test x$smp = xtrue) AM_CONDITIONAL(USE_SQL, test x$sql = xtrue) AM_CONDITIONAL(USE_UPDOWN, test x$updown = xtrue) @@ -835,6 +857,7 @@ AM_CONDITIONAL(USE_DHCP, test x$dhcp = xtrue) AM_CONDITIONAL(USE_UNIT_TESTS, test x$unit_tests = xtrue) AM_CONDITIONAL(USE_LOAD_TESTER, test x$load_tester = xtrue) AM_CONDITIONAL(USE_HA, test x$ha = xtrue) +AM_CONDITIONAL(USE_LED, test x$led = xtrue) AM_CONDITIONAL(USE_EAP_SIM, test x$eap_sim = xtrue) AM_CONDITIONAL(USE_EAP_SIM_FILE, test x$eap_sim_file = xtrue) AM_CONDITIONAL(USE_EAP_SIMAKA_SQL, test x$eap_simaka_sql = xtrue) @@ -846,11 +869,14 @@ AM_CONDITIONAL(USE_EAP_GTC, test x$eap_gtc = xtrue) AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue) AM_CONDITIONAL(USE_EAP_AKA_3GPP2, test x$eap_aka_3gpp2 = xtrue) AM_CONDITIONAL(USE_EAP_MSCHAPV2, test x$eap_mschapv2 = xtrue) +AM_CONDITIONAL(USE_EAP_TLS, test x$eap_tls = xtrue) +AM_CONDITIONAL(USE_EAP_TTLS, test x$eap_ttls = xtrue) +AM_CONDITIONAL(USE_EAP_TNC, test x$eap_tnc = xtrue) AM_CONDITIONAL(USE_EAP_RADIUS, test x$eap_radius = xtrue) -AM_CONDITIONAL(USE_KERNEL_NETLINK, test x$kernel_netlink = xtrue) -AM_CONDITIONAL(USE_KERNEL_PFKEY, test x$kernel_pfkey = xtrue) -AM_CONDITIONAL(USE_KERNEL_PFROUTE, test x$kernel_pfroute = xtrue) -AM_CONDITIONAL(USE_KERNEL_KLIPS, test x$kernel_klips = xtrue) +AM_CONDITIONAL(USE_TNC_IMC, test x$tnc_imc = xtrue) +AM_CONDITIONAL(USE_TNC_IMV, test x$tnc_imv = xtrue) +AM_CONDITIONAL(USE_TNCCS_11, test x$tnccs_11 = xtrue) +AM_CONDITIONAL(USE_TNCCS_20, test x$tnccs_20 = xtrue) AM_CONDITIONAL(USE_SOCKET_DEFAULT, test x$socket_default = xtrue) AM_CONDITIONAL(USE_SOCKET_RAW, test x$socket_raw = xtrue) AM_CONDITIONAL(USE_SOCKET_DYNAMIC, test x$socket_dynamic = xtrue) @@ -861,6 +887,10 @@ dnl hydra plugins dnl ============= AM_CONDITIONAL(USE_ATTR, test x$attr = xtrue) AM_CONDITIONAL(USE_ATTR_SQL, test x$attr_sql = xtrue -o x$sql = xtrue) +AM_CONDITIONAL(USE_KERNEL_KLIPS, test x$kernel_klips = xtrue) +AM_CONDITIONAL(USE_KERNEL_NETLINK, test x$kernel_netlink = xtrue) +AM_CONDITIONAL(USE_KERNEL_PFKEY, test x$kernel_pfkey = xtrue) +AM_CONDITIONAL(USE_KERNEL_PFROUTE, test x$kernel_pfroute = xtrue) AM_CONDITIONAL(USE_RESOLVE, test x$resolve = xtrue) dnl pluto plugins @@ -893,6 +923,7 @@ AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue) AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap) AM_CONDITIONAL(USE_VSTR, test x$vstr = xtrue) AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue) +AM_CONDITIONAL(USE_TLS, test x$tls = xtrue) AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue) dnl ============================== @@ -916,6 +947,7 @@ dnl ============================== AC_OUTPUT( Makefile + man/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile @@ -946,13 +978,22 @@ AC_OUTPUT( src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile + src/libstrongswan/plugins/pkcs11/Makefile + src/libstrongswan/plugins/ctr/Makefile + src/libstrongswan/plugins/ccm/Makefile + src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libhydra/Makefile src/libhydra/plugins/attr/Makefile src/libhydra/plugins/attr_sql/Makefile + src/libhydra/plugins/kernel_klips/Makefile + src/libhydra/plugins/kernel_netlink/Makefile + src/libhydra/plugins/kernel_pfkey/Makefile + src/libhydra/plugins/kernel_pfroute/Makefile src/libhydra/plugins/resolve/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile + src/libtls/Makefile src/pluto/Makefile src/pluto/plugins/xauth/Makefile src/whack/Makefile @@ -969,11 +1010,14 @@ AC_OUTPUT( src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile + src/libcharon/plugins/eap_tls/Makefile + src/libcharon/plugins/eap_ttls/Makefile + src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile - src/libcharon/plugins/kernel_netlink/Makefile - src/libcharon/plugins/kernel_pfkey/Makefile - src/libcharon/plugins/kernel_pfroute/Makefile - src/libcharon/plugins/kernel_klips/Makefile + src/libcharon/plugins/tnc_imc/Makefile + src/libcharon/plugins/tnc_imv/Makefile + src/libcharon/plugins/tnccs_11/Makefile + src/libcharon/plugins/tnccs_20/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_raw/Makefile src/libcharon/plugins/socket_dynamic/Makefile @@ -986,7 +1030,9 @@ AC_OUTPUT( src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile + src/libcharon/plugins/led/Makefile src/libcharon/plugins/android/Makefile + src/libcharon/plugins/maemo/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile diff --git a/debian/changelog b/debian/changelog index 61045972e..fd4dfc123 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +strongswan (4.5.0-1) unstable; urgency=low + + * New upstream version 4.5.0 + + -- Rene Mayrhofer Sun, 28 Nov 2010 13:09:42 +0100 + strongswan (4.4.1-5) unstable; urgency=medium * Fixed init script for restart to work when either pluto or charon diff --git a/m4/macros/add-plugin.m4 b/m4/macros/add-plugin.m4 new file mode 100644 index 000000000..4986a5449 --- /dev/null +++ b/m4/macros/add-plugin.m4 @@ -0,0 +1,10 @@ +# ADD_PLUGIN(plugin, category list) +# ----------------------------------- +# Append the plugin name $1 to the category list variable $2_plugin +AC_DEFUN([ADD_PLUGIN], + if test [patsubst(x$$1, [-], [_])] = xtrue; then + [m4_foreach_w([category], [$2], + [m4_format([%s_plugins=${%s_plugins}" $1"], category, category)] + )] + fi +) diff --git a/man/Makefile.am b/man/Makefile.am new file mode 100644 index 000000000..a74a901b8 --- /dev/null +++ b/man/Makefile.am @@ -0,0 +1,11 @@ +dist_man_MANS = ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 +EXTRA_DIST = ipsec.conf.5.in ipsec.secrets.5.in strongswan.conf.5.in +CLEANFILES = ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 + +SUFFIXES = .in + +.in: + sed \ + -e "s:@IPSEC_VERSION@:$(PACKAGE_VERSION):" \ + $(srcdir)/$@.in > $@ + diff --git a/man/Makefile.in b/man/Makefile.in new file mode 100644 index 000000000..4388e318b --- /dev/null +++ b/man/Makefile.in @@ -0,0 +1,507 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = man +DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +SOURCES = +DIST_SOURCES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +man5dir = $(mandir)/man5 +am__installdirs = "$(DESTDIR)$(man5dir)" +NROFF = nroff +MANS = $(dist_man_MANS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +dist_man_MANS = ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 +EXTRA_DIST = ipsec.conf.5.in ipsec.secrets.5.in strongswan.conf.5.in +CLEANFILES = ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 +SUFFIXES = .in +all: all-am + +.SUFFIXES: +.SUFFIXES: .in +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu man/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu man/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man5: $(dist_man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" + @list=''; test -n "$(man5dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ + done; } + +uninstall-man5: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man5dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + test -z "$$files" || { \ + echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(MANS) +installdirs: + for dir in "$(DESTDIR)$(man5dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-man + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: install-man5 + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-man + +uninstall-man: uninstall-man5 + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + distclean distclean-generic distclean-libtool distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-man5 \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + uninstall uninstall-am uninstall-man uninstall-man5 + + +.in: + sed \ + -e "s:@IPSEC_VERSION@:$(PACKAGE_VERSION):" \ + $(srcdir)/$@.in > $@ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/man/ipsec.conf.5 b/man/ipsec.conf.5 new file mode 100644 index 000000000..b1e60b280 --- /dev/null +++ b/man/ipsec.conf.5 @@ -0,0 +1,1358 @@ +.TH IPSEC.CONF 5 "2010-10-19" "4.5.0rc2" "strongSwan" +.SH NAME +ipsec.conf \- IPsec configuration and connections +.SH DESCRIPTION +The optional +.I ipsec.conf +file +specifies most configuration and control information for the +strongSwan IPsec subsystem. +The major exception is secrets for authentication; +see +.IR ipsec.secrets (5). +Its contents are not security-sensitive. +.PP +The file is a text file, consisting of one or more +.IR sections . +White space followed by +.B # +followed by anything to the end of the line +is a comment and is ignored, +as are empty lines which are not within a section. +.PP +A line which contains +.B include +and a file name, separated by white space, +is replaced by the contents of that file, +preceded and followed by empty lines. +If the file name is not a full pathname, +it is considered to be relative to the directory containing the +including file. +Such inclusions can be nested. +Only a single filename may be supplied, and it may not contain white space, +but it may include shell wildcards (see +.IR sh (1)); +for example: +.PP +.B include +.B "ipsec.*.conf" +.PP +The intention of the include facility is mostly to permit keeping +information on connections, or sets of connections, +separate from the main configuration file. +This permits such connection descriptions to be changed, +copied to the other security gateways involved, etc., +without having to constantly extract them from the configuration +file and then insert them back into it. +Note also the +.B also +parameter (described below) which permits splitting a single logical +section (e.g. a connection description) into several actual sections. +.PP +A section +begins with a line of the form: +.PP +.I type +.I name +.PP +where +.I type +indicates what type of section follows, and +.I name +is an arbitrary name which distinguishes the section from others +of the same type. +Names must start with a letter and may contain only +letters, digits, periods, underscores, and hyphens. +All subsequent non-empty lines +which begin with white space are part of the section; +comments within a section must begin with white space too. +There may be only one section of a given type with a given name. +.PP +Lines within the section are generally of the form +.PP +\ \ \ \ \ \fIparameter\fB=\fIvalue\fR +.PP +(note the mandatory preceding white space). +There can be white space on either side of the +.BR = . +Parameter names follow the same syntax as section names, +and are specific to a section type. +Unless otherwise explicitly specified, +no parameter name may appear more than once in a section. +.PP +An empty +.I value +stands for the system default value (if any) of the parameter, +i.e. it is roughly equivalent to omitting the parameter line entirely. +A +.I value +may contain white space only if the entire +.I value +is enclosed in double quotes (\fB"\fR); +a +.I value +cannot itself contain a double quote, +nor may it be continued across more than one line. +.PP +Numeric values are specified to be either an ``integer'' +(a sequence of digits) or a ``decimal number'' +(sequence of digits optionally followed by `.' and another sequence of digits). +.PP +There is currently one parameter which is available in any type of +section: +.TP +.B also +the value is a section name; +the parameters of that section are appended to this section, +as if they had been written as part of it. +The specified section must exist, must follow the current one, +and must have the same section type. +(Nesting is permitted, +and there may be more than one +.B also +in a single section, +although it is forbidden to append the same section more than once.) +.PP +A section with name +.B %default +specifies defaults for sections of the same type. +For each parameter in it, +any section of that type which does not have a parameter of the same name +gets a copy of the one from the +.B %default +section. +There may be multiple +.B %default +sections of a given type, +but only one default may be supplied for any specific parameter name, +and all +.B %default +sections of a given type must precede all non-\c +.B %default +sections of that type. +.B %default +sections may not contain the +.B also +parameter. +.PP +Currently there are three types of sections: +a +.B config +section specifies general configuration information for IPsec, a +.B conn +section specifies an IPsec connection, while a +.B ca +section specifies special properties of a certification authority. +.SH "CONN SECTIONS" +A +.B conn +section contains a +.IR "connection specification" , +defining a network connection to be made using IPsec. +The name given is arbitrary, and is used to identify the connection. +Here's a simple example: +.PP +.ne 10 +.nf +.ft B +.ta 1c +conn snt + left=192.168.0.1 + leftsubnet=10.1.0.0/16 + right=192.168.0.2 + rightsubnet=10.1.0.0/16 + keyingtries=%forever + auto=add +.ft +.fi +.PP +A note on terminology: There are two kinds of communications going on: +transmission of user IP packets, and gateway-to-gateway negotiations for +keying, rekeying, and general control. +The path to control the connection is called 'ISAKMP SA' in IKEv1 +and 'IKE SA' in the IKEv2 protocol. That what is being negotiated, the kernel +level data path, is called 'IPsec SA' or 'Child SA'. +strongSwan currently uses two separate keying daemons. \fIpluto\fP handles +all IKEv1 connections, \fIcharon\fP is the daemon handling the IKEv2 +protocol. +.PP +To avoid trivial editing of the configuration file to suit it to each system +involved in a connection, +connection specifications are written in terms of +.I left +and +.I right +participants, +rather than in terms of local and remote. +Which participant is considered +.I left +or +.I right +is arbitrary; +for every connection description an attempt is made to figure out whether +the local endpoint should act as the +.I left +or +.I right +endpoint. This is done by matching the IP addresses defined for both endpoints +with the IP addresses assigned to local network interfaces. If a match is found +then the role (left or right) that matches is going to be considered local. +If no match is found during startup, +.I left +is considered local. +This permits using identical connection specifications on both ends. +There are cases where there is no symmetry; a good convention is to +use +.I left +for the local side and +.I right +for the remote side (the first letters are a good mnemonic). +.PP +Many of the parameters relate to one participant or the other; +only the ones for +.I left +are listed here, but every parameter whose name begins with +.B left +has a +.B right +counterpart, +whose description is the same but with +.B left +and +.B right +reversed. +.PP +Parameters are optional unless marked '(required)'. +.SS "CONN PARAMETERS" +Unless otherwise noted, for a connection to work, +in general it is necessary for the two ends to agree exactly +on the values of these parameters. +.TP +.BR aaa_identity " = " +defines the identity of the AAA backend used during IKEv2 EAP authentication. +This is required if the EAP client uses a method that verifies the server +identity (such as EAP-TLS), but it does not match the IKEv2 gateway identity. +.TP +.BR also " = " +includes conn section +.BR . +.TP +.BR auth " = " esp " | ah" +whether authentication should be done as part of +ESP encryption, or separately using the AH protocol; +acceptable values are +.B esp +(the default) and +.BR ah . +.br +The IKEv2 daemon currently supports ESP only. +.TP +.BR authby " = " pubkey " | rsasig | ecdsasig | psk | eap | never | xauth..." +how the two security gateways should authenticate each other; +acceptable values are +.B psk +or +.B secret +for pre-shared secrets, +.B pubkey +(the default) for public key signatures as well as the synonyms +.B rsasig +for RSA digital signatures and +.B ecdsasig +for Elliptic Curve DSA signatures. +.B never +can be used if negotiation is never to be attempted or accepted (useful for +shunt-only conns). +Digital signatures are superior in every way to shared secrets. +IKEv1 additionally supports the values +.B xauthpsk +and +.B xauthrsasig +that will enable eXtended AUTHentication (XAUTH) in addition to IKEv1 main mode +based on shared secrets or digital RSA signatures, respectively. +IKEv2 additionally supports the value +.BR eap , +which indicates an initiator to request EAP authentication. The EAP method +to use is selected by the server (see +.BR eap ). +This parameter is deprecated for IKEv2 connections, as two peers do not need +to agree on an authentication method. Use the +.B leftauth +parameter instead to define authentication methods in IKEv2. +.TP +.BR auto " = " ignore " | add | route | start" +what operation, if any, should be done automatically at IPsec startup; +currently-accepted values are +.BR add , +.BR route , +.B start +and +.B ignore +(the default). +.B add +loads a connection without starting it. +.B route +loads a connection and installs kernel traps. If traffic is detected between +.B leftsubnet +and +.B rightsubnet +, a connection is established. +.B start +loads a connection and brings it up immediatly. +.B ignore +ignores the connection. This is equal to delete a connection from the config +file. +Relevant only locally, other end need not agree on it +(but in general, for an intended-to-be-permanent connection, +both ends should use +.B auto=start +to ensure that any reboot causes immediate renegotiation). +.TP +.BR compress " = yes | " no +whether IPComp compression of content is proposed on the connection +(link-level compression does not work on encrypted data, +so to be effective, compression must be done \fIbefore\fR encryption); +acceptable values are +.B yes +and +.B no +(the default). A value of +.B yes +causes IPsec to propose both compressed and uncompressed, +and prefer compressed. +A value of +.B no +prevents IPsec from proposing compression; +a proposal to compress will still be accepted. +.TP +.BR dpdaction " = " none " | clear | hold | restart" +controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where +R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) +are periodically sent in order to check the +liveliness of the IPsec peer. The values +.BR clear , +.BR hold , +and +.B restart +all activate DPD. If no activity is detected, all connections with a dead peer +are stopped and unrouted +.RB ( clear ), +put in the hold state +.RB ( hold ) +or restarted +.RB ( restart ). +For IKEv1, the default is +.B none +which disables the active sending of R_U_THERE notifications. +Nevertheless pluto will always send the DPD Vendor ID during connection set up +in order to signal the readiness to act passively as a responder if the peer +wants to use DPD. For IKEv2, +.B none +does't make sense, since all messages are used to detect dead peers. If specified, +it has the same meaning as the default +.RB ( clear ). +.TP +.BR dpddelay " = " 30s " |