From b34738ed08c2227300d554b139e2495ca5da97d6 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Thu, 28 Jun 2012 21:16:07 +0200 Subject: Imported Upstream version 4.6.4 --- Android.mk | 83 +- Android.mk.in | 83 +- COPYING | 43 +- Doxyfile.in | 3 + INSTALL | 8 +- Makefile.in | 9 +- NEWS | 176 +- README | 6 +- TODO | 1 - configure | 1158 ++++++++++-- configure.in | 200 +- init/Makefile.in | 7 + init/systemd/Makefile.in | 7 + man/Makefile.in | 7 + man/ipsec.conf.5 | 105 +- man/ipsec.conf.5.in | 105 +- man/ipsec.secrets.5 | 23 +- man/ipsec.secrets.5.in | 23 +- man/strongswan.conf.5 | 347 +++- man/strongswan.conf.5.in | 347 +++- scripts/Makefile.am | 8 +- scripts/Makefile.in | 34 +- scripts/bin2sql.c | 2 - scripts/crypt_burn.c | 2 +- scripts/tls_test.c | 317 ++++ src/Makefile.am | 20 + src/Makefile.in | 51 +- src/_copyright/Makefile.in | 7 + src/_updown/Makefile.in | 7 + src/_updown_espmark/Makefile.in | 7 + src/charon/Android.mk | 2 + src/charon/Makefile.in | 7 + src/charon/charon.c | 17 +- src/checksum/Makefile.am | 106 +- src/checksum/Makefile.in | 179 +- src/checksum/checksum_builder.c | 41 +- src/conftest/Makefile.in | 7 + src/conftest/actions.c | 36 +- src/dumm/Makefile.am | 9 +- src/dumm/Makefile.in | 70 +- src/dumm/bridge.c | 45 +- src/dumm/cowfs.c | 40 +- src/dumm/dumm.c | 130 +- src/dumm/ext/dumm.c | 14 +- src/dumm/guest.c | 138 +- src/dumm/iface.c | 90 +- src/dumm/iface.h | 10 +- src/dumm/mconsole.c | 45 +- src/include/Makefile.am | 2 +- src/include/Makefile.in | 9 +- src/include/linux/jhash.h | 143 -- src/include/linux/rtnetlink.h | 1 + src/include/linux/udp.h | 2 +- src/ipsec/Android.mk | 33 + src/ipsec/Makefile.am | 3 +- src/ipsec/Makefile.in | 10 +- src/ipsec/ipsec.8 | 2 +- src/ipsec/ipsec.in | 11 +- src/libcharon/Android.mk | 37 +- src/libcharon/Makefile.am | 70 +- src/libcharon/Makefile.in | 368 ++-- src/libcharon/bus/bus.c | 39 +- src/libcharon/bus/bus.h | 14 +- src/libcharon/bus/listeners/listener.h | 2 +- src/libcharon/config/backend_manager.c | 8 + src/libcharon/config/child_cfg.h | 4 +- src/libcharon/config/ike_cfg.c | 20 +- src/libcharon/config/peer_cfg.c | 288 ++- src/libcharon/config/peer_cfg.h | 15 +- src/libcharon/config/proposal.c | 5 + src/libcharon/config/proposal.h | 8 +- src/libcharon/control/controller.c | 228 ++- src/libcharon/control/controller.h | 21 +- src/libcharon/daemon.c | 50 +- src/libcharon/daemon.h | 30 +- src/libcharon/encoding/generator.c | 2 +- src/libcharon/encoding/message.c | 36 +- src/libcharon/encoding/message.h | 2 +- src/libcharon/encoding/parser.c | 60 +- src/libcharon/encoding/payloads/certreq_payload.c | 3 +- src/libcharon/encoding/payloads/cp_payload.h | 2 +- src/libcharon/encoding/payloads/eap_payload.c | 12 + src/libcharon/encoding/payloads/eap_payload.h | 13 +- .../encoding/payloads/encryption_payload.c | 2 +- src/libcharon/encoding/payloads/endpoint_notify.c | 125 +- src/libcharon/encoding/payloads/endpoint_notify.h | 15 +- src/libcharon/encoding/payloads/ike_header.c | 9 +- src/libcharon/encoding/payloads/ike_header.h | 5 + src/libcharon/encoding/payloads/notify_payload.c | 50 +- src/libcharon/encoding/payloads/notify_payload.h | 22 +- src/libcharon/encoding/payloads/payload.c | 23 +- src/libcharon/encoding/payloads/payload.h | 7 +- .../encoding/payloads/proposal_substructure.c | 2 +- src/libcharon/encoding/payloads/sa_payload.c | 12 - .../encoding/payloads/transform_substructure.c | 2 +- .../encoding/payloads/transform_substructure.h | 2 +- src/libcharon/kernel/kernel_handler.c | 2 + src/libcharon/network/receiver.c | 221 ++- src/libcharon/network/receiver.h | 4 +- src/libcharon/network/sender.c | 4 +- src/libcharon/network/socket.c | 36 + src/libcharon/network/socket.h | 15 + src/libcharon/plugins/addrblock/Makefile.in | 7 + src/libcharon/plugins/android/Makefile.in | 7 + src/libcharon/plugins/android/android_handler.c | 36 +- src/libcharon/plugins/android/android_handler.h | 6 +- src/libcharon/plugins/android/android_logger.c | 5 +- src/libcharon/plugins/android/android_plugin.c | 11 +- src/libcharon/plugins/certexpire/Makefile.am | 19 + src/libcharon/plugins/certexpire/Makefile.in | 621 ++++++ src/libcharon/plugins/certexpire/certexpire_cron.c | 227 +++ src/libcharon/plugins/certexpire/certexpire_cron.h | 67 + .../plugins/certexpire/certexpire_export.c | 388 ++++ .../plugins/certexpire/certexpire_export.h | 52 + .../plugins/certexpire/certexpire_listener.c | 148 ++ .../plugins/certexpire/certexpire_listener.h | 54 + .../plugins/certexpire/certexpire_plugin.c | 82 + .../plugins/certexpire/certexpire_plugin.h | 42 + src/libcharon/plugins/coupling/Makefile.in | 7 + src/libcharon/plugins/dhcp/Makefile.in | 7 + src/libcharon/plugins/dhcp/dhcp_socket.c | 4 +- src/libcharon/plugins/duplicheck/Makefile.in | 7 + .../plugins/duplicheck/duplicheck_notify.c | 4 +- .../plugins/duplicheck/duplicheck_plugin.c | 2 +- src/libcharon/plugins/eap_aka/Makefile.in | 7 + src/libcharon/plugins/eap_aka/eap_aka_peer.c | 48 +- src/libcharon/plugins/eap_aka/eap_aka_peer.h | 2 +- src/libcharon/plugins/eap_aka/eap_aka_plugin.c | 75 +- src/libcharon/plugins/eap_aka/eap_aka_plugin.h | 5 + src/libcharon/plugins/eap_aka/eap_aka_server.c | 45 +- src/libcharon/plugins/eap_aka/eap_aka_server.h | 2 +- src/libcharon/plugins/eap_aka_3gpp2/Makefile.am | 9 +- src/libcharon/plugins/eap_aka_3gpp2/Makefile.in | 16 +- .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c | 61 +- .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h | 6 +- .../eap_aka_3gpp2/eap_aka_3gpp2_functions.c | 71 +- .../eap_aka_3gpp2/eap_aka_3gpp2_functions.h | 2 +- .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c | 79 +- .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c | 56 +- .../plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h | 6 +- src/libcharon/plugins/eap_gtc/Makefile.in | 7 + src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c | 19 +- src/libcharon/plugins/eap_identity/Makefile.in | 7 + .../plugins/eap_identity/eap_identity_plugin.c | 24 +- src/libcharon/plugins/eap_md5/Makefile.in | 7 + src/libcharon/plugins/eap_md5/eap_md5_plugin.c | 28 +- src/libcharon/plugins/eap_mschapv2/Makefile.in | 7 + src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c | 9 +- .../plugins/eap_mschapv2/eap_mschapv2_plugin.c | 32 +- src/libcharon/plugins/eap_peap/Makefile.in | 7 + src/libcharon/plugins/eap_peap/eap_peap.c | 3 +- src/libcharon/plugins/eap_peap/eap_peap_avp.c | 19 +- src/libcharon/plugins/eap_peap/eap_peap_avp.h | 8 +- src/libcharon/plugins/eap_peap/eap_peap_peer.c | 4 +- src/libcharon/plugins/eap_peap/eap_peap_plugin.c | 33 +- src/libcharon/plugins/eap_peap/eap_peap_server.c | 4 +- src/libcharon/plugins/eap_radius/Makefile.am | 10 +- src/libcharon/plugins/eap_radius/Makefile.in | 31 +- src/libcharon/plugins/eap_radius/eap_radius.c | 61 +- .../plugins/eap_radius/eap_radius_accounting.c | 339 ++++ .../plugins/eap_radius/eap_radius_accounting.h | 49 + src/libcharon/plugins/eap_radius/eap_radius_dae.c | 543 ++++++ src/libcharon/plugins/eap_radius/eap_radius_dae.h | 44 + .../plugins/eap_radius/eap_radius_forward.c | 458 +++++ .../plugins/eap_radius/eap_radius_forward.h | 65 + .../plugins/eap_radius/eap_radius_plugin.c | 177 +- .../plugins/eap_radius/eap_radius_plugin.h | 9 +- src/libcharon/plugins/eap_radius/radius_client.c | 186 -- src/libcharon/plugins/eap_radius/radius_client.h | 66 - src/libcharon/plugins/eap_radius/radius_message.c | 457 ----- src/libcharon/plugins/eap_radius/radius_message.h | 276 --- src/libcharon/plugins/eap_radius/radius_server.c | 219 --- src/libcharon/plugins/eap_radius/radius_server.h | 97 - src/libcharon/plugins/eap_radius/radius_socket.c | 355 ---- src/libcharon/plugins/eap_radius/radius_socket.h | 76 - src/libcharon/plugins/eap_sim/Makefile.in | 7 + src/libcharon/plugins/eap_sim/eap_sim_peer.c | 42 +- src/libcharon/plugins/eap_sim/eap_sim_peer.h | 3 - src/libcharon/plugins/eap_sim/eap_sim_plugin.c | 74 +- src/libcharon/plugins/eap_sim/eap_sim_plugin.h | 5 + src/libcharon/plugins/eap_sim/eap_sim_server.c | 44 +- src/libcharon/plugins/eap_sim/eap_sim_server.h | 3 - src/libcharon/plugins/eap_sim_file/Makefile.am | 3 +- src/libcharon/plugins/eap_sim_file/Makefile.in | 13 +- .../plugins/eap_sim_file/eap_sim_file_card.c | 4 +- .../plugins/eap_sim_file/eap_sim_file_card.h | 6 +- .../plugins/eap_sim_file/eap_sim_file_plugin.c | 79 +- .../plugins/eap_sim_file/eap_sim_file_provider.c | 2 +- .../plugins/eap_sim_file/eap_sim_file_provider.h | 6 +- .../plugins/eap_sim_file/eap_sim_file_triplets.c | 12 +- .../plugins/eap_sim_file/eap_sim_file_triplets.h | 2 +- src/libcharon/plugins/eap_sim_pcsc/Makefile.am | 9 +- src/libcharon/plugins/eap_sim_pcsc/Makefile.in | 18 +- .../plugins/eap_sim_pcsc/eap_sim_pcsc_card.c | 25 +- .../plugins/eap_sim_pcsc/eap_sim_pcsc_card.h | 6 +- .../plugins/eap_sim_pcsc/eap_sim_pcsc_plugin.c | 24 +- .../plugins/eap_simaka_pseudonym/Makefile.am | 3 +- .../plugins/eap_simaka_pseudonym/Makefile.in | 13 +- .../eap_simaka_pseudonym_card.c | 58 +- .../eap_simaka_pseudonym_card.h | 6 +- .../eap_simaka_pseudonym_plugin.c | 68 +- .../eap_simaka_pseudonym_provider.c | 47 +- .../eap_simaka_pseudonym_provider.h | 6 +- .../plugins/eap_simaka_reauth/Makefile.am | 3 +- .../plugins/eap_simaka_reauth/Makefile.in | 13 +- .../eap_simaka_reauth/eap_simaka_reauth_card.c | 59 +- .../eap_simaka_reauth/eap_simaka_reauth_card.h | 6 +- .../eap_simaka_reauth/eap_simaka_reauth_plugin.c | 68 +- .../eap_simaka_reauth/eap_simaka_reauth_provider.c | 58 +- .../eap_simaka_reauth/eap_simaka_reauth_provider.h | 6 +- src/libcharon/plugins/eap_simaka_sql/Makefile.am | 3 +- src/libcharon/plugins/eap_simaka_sql/Makefile.in | 13 +- .../plugins/eap_simaka_sql/eap_simaka_sql_card.c | 4 +- .../plugins/eap_simaka_sql/eap_simaka_sql_card.h | 6 +- .../plugins/eap_simaka_sql/eap_simaka_sql_plugin.c | 114 +- .../eap_simaka_sql/eap_simaka_sql_provider.c | 12 +- .../eap_simaka_sql/eap_simaka_sql_provider.h | 6 +- src/libcharon/plugins/eap_tls/Makefile.in | 7 + src/libcharon/plugins/eap_tls/eap_tls.c | 6 +- src/libcharon/plugins/eap_tls/eap_tls_plugin.c | 31 +- src/libcharon/plugins/eap_tnc/Makefile.am | 13 +- src/libcharon/plugins/eap_tnc/Makefile.in | 24 +- src/libcharon/plugins/eap_tnc/eap_tnc.c | 6 +- src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c | 28 +- src/libcharon/plugins/eap_ttls/Makefile.am | 3 +- src/libcharon/plugins/eap_ttls/Makefile.in | 10 +- src/libcharon/plugins/eap_ttls/eap_ttls.c | 3 +- src/libcharon/plugins/eap_ttls/eap_ttls_avp.c | 8 +- src/libcharon/plugins/eap_ttls/eap_ttls_avp.h | 8 +- src/libcharon/plugins/eap_ttls/eap_ttls_peer.c | 8 +- src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c | 33 +- src/libcharon/plugins/eap_ttls/eap_ttls_server.c | 4 +- src/libcharon/plugins/farp/Makefile.in | 7 + src/libcharon/plugins/farp/farp_listener.c | 147 +- src/libcharon/plugins/farp/farp_listener.h | 9 +- src/libcharon/plugins/farp/farp_spoofer.c | 20 +- src/libcharon/plugins/ha/Makefile.am | 2 +- src/libcharon/plugins/ha/Makefile.in | 9 +- src/libcharon/plugins/ha/ha_cache.c | 35 +- src/libcharon/plugins/ha/ha_ctl.c | 4 +- src/libcharon/plugins/ha/ha_dispatcher.c | 21 +- src/libcharon/plugins/ha/ha_ike.c | 19 +- src/libcharon/plugins/ha/ha_kernel.c | 157 +- src/libcharon/plugins/ha/ha_message.c | 4 +- src/libcharon/plugins/ha/ha_message.h | 4 +- src/libcharon/plugins/ha/ha_segments.c | 7 +- src/libcharon/plugins/ha/ha_segments.h | 4 +- src/libcharon/plugins/ha/ha_socket.c | 4 +- src/libcharon/plugins/led/Makefile.in | 7 + src/libcharon/plugins/led/led_listener.c | 6 +- src/libcharon/plugins/load_tester/Makefile.in | 7 + .../plugins/load_tester/load_tester_config.c | 162 +- .../plugins/load_tester/load_tester_creds.c | 130 +- .../plugins/load_tester/load_tester_ipsec.c | 60 +- .../plugins/load_tester/load_tester_listener.c | 59 +- .../plugins/load_tester/load_tester_listener.h | 7 + .../plugins/load_tester/load_tester_plugin.c | 47 +- src/libcharon/plugins/maemo/Makefile.in | 7 + src/libcharon/plugins/maemo/maemo_service.c | 5 +- src/libcharon/plugins/medcli/Makefile.in | 7 + src/libcharon/plugins/medcli/medcli_config.c | 92 +- src/libcharon/plugins/medcli/medcli_creds.c | 96 +- src/libcharon/plugins/medcli/medcli_listener.c | 44 +- src/libcharon/plugins/medsrv/Makefile.in | 7 + src/libcharon/plugins/medsrv/medsrv_config.c | 67 +- src/libcharon/plugins/medsrv/medsrv_creds.c | 74 +- src/libcharon/plugins/nm/Makefile.in | 7 + src/libcharon/plugins/nm/nm_creds.c | 176 +- src/libcharon/plugins/nm/nm_handler.c | 61 +- src/libcharon/plugins/nm/nm_plugin.c | 5 +- src/libcharon/plugins/nm/nm_service.c | 8 +- src/libcharon/plugins/nm/nm_service.h | 2 +- src/libcharon/plugins/radattr/Makefile.am | 17 + src/libcharon/plugins/radattr/Makefile.in | 616 ++++++ src/libcharon/plugins/radattr/radattr_listener.c | 221 +++ src/libcharon/plugins/radattr/radattr_listener.h | 49 + src/libcharon/plugins/radattr/radattr_plugin.c | 75 + src/libcharon/plugins/radattr/radattr_plugin.h | 42 + src/libcharon/plugins/smp/Makefile.in | 7 + src/libcharon/plugins/smp/smp.c | 39 +- src/libcharon/plugins/socket_default/Makefile.in | 7 + .../plugins/socket_default/socket_default_plugin.c | 19 +- .../plugins/socket_default/socket_default_socket.c | 9 +- src/libcharon/plugins/socket_dynamic/Makefile.in | 7 + .../plugins/socket_dynamic/socket_dynamic_plugin.c | 18 +- .../plugins/socket_dynamic/socket_dynamic_socket.c | 2 +- src/libcharon/plugins/socket_raw/Makefile.in | 7 + .../plugins/socket_raw/socket_raw_plugin.c | 18 +- .../plugins/socket_raw/socket_raw_socket.c | 22 +- src/libcharon/plugins/sql/Makefile.in | 7 + src/libcharon/plugins/sql/sql_logger.c | 38 +- src/libcharon/plugins/stroke/Makefile.in | 7 + src/libcharon/plugins/stroke/stroke_ca.c | 2 +- src/libcharon/plugins/stroke/stroke_config.c | 225 ++- src/libcharon/plugins/stroke/stroke_config.h | 10 + src/libcharon/plugins/stroke/stroke_control.c | 100 +- src/libcharon/plugins/stroke/stroke_cred.c | 223 ++- src/libcharon/plugins/stroke/stroke_cred.h | 24 +- src/libcharon/plugins/stroke/stroke_list.c | 232 ++- src/libcharon/plugins/stroke/stroke_list.h | 4 +- src/libcharon/plugins/stroke/stroke_socket.c | 199 +- src/libcharon/plugins/tnc_ifmap/Makefile.am | 21 + src/libcharon/plugins/tnc_ifmap/Makefile.in | 620 ++++++ .../plugins/tnc_ifmap/tnc_ifmap_listener.c | 173 ++ .../plugins/tnc_ifmap/tnc_ifmap_listener.h | 51 + src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.c | 99 + src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.h | 42 + src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c | 859 +++++++++ src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h | 95 + src/libcharon/plugins/tnc_imc/Makefile.am | 9 +- src/libcharon/plugins/tnc_imc/Makefile.in | 21 +- src/libcharon/plugins/tnc_imc/tnc_imc.c | 214 ++- .../plugins/tnc_imc/tnc_imc_bind_function.c | 147 +- src/libcharon/plugins/tnc_imc/tnc_imc_manager.c | 130 +- src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c | 183 +- src/libcharon/plugins/tnc_imv/Makefile.am | 11 +- src/libcharon/plugins/tnc_imv/Makefile.in | 23 +- src/libcharon/plugins/tnc_imv/tnc_imv.c | 211 ++- .../plugins/tnc_imv/tnc_imv_bind_function.c | 117 +- src/libcharon/plugins/tnc_imv/tnc_imv_manager.c | 142 +- src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c | 179 +- .../plugins/tnc_imv/tnc_imv_recommendations.c | 29 +- src/libcharon/plugins/tnc_pdp/Makefile.am | 24 + src/libcharon/plugins/tnc_pdp/Makefile.in | 627 ++++++ src/libcharon/plugins/tnc_pdp/tnc_pdp.c | 648 +++++++ src/libcharon/plugins/tnc_pdp/tnc_pdp.h | 46 + .../plugins/tnc_pdp/tnc_pdp_connections.c | 220 +++ .../plugins/tnc_pdp/tnc_pdp_connections.h | 77 + src/libcharon/plugins/tnc_pdp/tnc_pdp_plugin.c | 91 + src/libcharon/plugins/tnc_pdp/tnc_pdp_plugin.h | 42 + src/libcharon/plugins/tnc_tnccs/Makefile.am | 22 + src/libcharon/plugins/tnc_tnccs/Makefile.in | 624 ++++++ .../plugins/tnc_tnccs/tnc_tnccs_manager.c | 712 +++++++ .../plugins/tnc_tnccs/tnc_tnccs_manager.h | 31 + src/libcharon/plugins/tnc_tnccs/tnc_tnccs_plugin.c | 98 + src/libcharon/plugins/tnc_tnccs/tnc_tnccs_plugin.h | 42 + src/libcharon/plugins/tnccs_11/Makefile.am | 11 +- src/libcharon/plugins/tnccs_11/Makefile.in | 24 +- src/libcharon/plugins/tnccs_11/batch/tnccs_batch.c | 5 +- .../plugins/tnccs_11/messages/imc_imv_msg.c | 3 +- .../plugins/tnccs_11/messages/imc_imv_msg.h | 2 +- .../messages/tnccs_preferred_language_msg.h | 2 +- .../tnccs_11/messages/tnccs_reason_strings_msg.c | 45 + .../tnccs_11/messages/tnccs_recommendation_msg.c | 2 +- .../tnccs_11/messages/tnccs_recommendation_msg.h | 2 +- src/libcharon/plugins/tnccs_11/tnccs_11.c | 114 +- src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c | 23 +- src/libcharon/plugins/tnccs_20/Makefile.am | 11 +- src/libcharon/plugins/tnccs_20/Makefile.in | 22 +- .../plugins/tnccs_20/batch/pb_tnc_batch.c | 64 +- .../messages/pb_access_recommendation_msg.c | 12 +- .../tnccs_20/messages/pb_assessment_result_msg.c | 15 +- .../plugins/tnccs_20/messages/pb_error_msg.c | 19 +- .../tnccs_20/messages/pb_language_preference_msg.c | 4 +- .../plugins/tnccs_20/messages/pb_pa_msg.c | 41 +- .../plugins/tnccs_20/messages/pb_pa_msg.h | 30 +- .../tnccs_20/messages/pb_reason_string_msg.c | 12 +- .../messages/pb_remediation_parameters_msg.c | 12 +- src/libcharon/plugins/tnccs_20/tnccs_20.c | 161 +- src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c | 23 +- src/libcharon/plugins/tnccs_dynamic/Makefile.am | 11 +- src/libcharon/plugins/tnccs_dynamic/Makefile.in | 22 +- .../plugins/tnccs_dynamic/tnccs_dynamic.c | 8 +- .../plugins/tnccs_dynamic/tnccs_dynamic_plugin.c | 24 +- src/libcharon/plugins/uci/Makefile.in | 7 + src/libcharon/plugins/uci/uci_config.c | 112 +- src/libcharon/plugins/uci/uci_control.c | 37 +- src/libcharon/plugins/uci/uci_creds.c | 70 +- src/libcharon/plugins/uci/uci_parser.c | 43 +- src/libcharon/plugins/uci/uci_plugin.c | 4 +- src/libcharon/plugins/unit_tester/Makefile.in | 7 + src/libcharon/plugins/updown/Makefile.in | 7 + src/libcharon/plugins/updown/updown_listener.c | 46 +- src/libcharon/plugins/whitelist/Makefile.in | 7 + .../plugins/whitelist/whitelist_control.c | 4 +- src/libcharon/processing/jobs/acquire_job.c | 7 + .../processing/jobs/delete_child_sa_job.c | 7 + src/libcharon/processing/jobs/delete_ike_sa_job.c | 7 + src/libcharon/processing/jobs/inactivity_job.c | 17 +- .../processing/jobs/initiate_mediation_job.c | 50 +- src/libcharon/processing/jobs/mediation_job.c | 43 +- src/libcharon/processing/jobs/migrate_job.c | 13 +- .../processing/jobs/process_message_job.c | 22 + src/libcharon/processing/jobs/rekey_child_sa_job.c | 7 + src/libcharon/processing/jobs/rekey_ike_sa_job.c | 7 + src/libcharon/processing/jobs/retransmit_job.c | 7 + src/libcharon/processing/jobs/roam_job.c | 10 +- src/libcharon/processing/jobs/send_dpd_job.c | 7 + src/libcharon/processing/jobs/send_keepalive_job.c | 7 + src/libcharon/processing/jobs/start_action_job.c | 23 +- src/libcharon/processing/jobs/update_sa_job.c | 7 + src/libcharon/sa/authenticators/authenticator.c | 7 +- src/libcharon/sa/authenticators/authenticator.h | 6 + src/libcharon/sa/authenticators/eap/eap_method.c | 20 + src/libcharon/sa/authenticators/eap/eap_method.h | 15 + src/libcharon/sa/authenticators/eap/sim_card.h | 125 -- src/libcharon/sa/authenticators/eap/sim_hooks.h | 53 - src/libcharon/sa/authenticators/eap/sim_manager.c | 534 ------ src/libcharon/sa/authenticators/eap/sim_manager.h | 291 --- src/libcharon/sa/authenticators/eap/sim_provider.h | 124 -- .../sa/authenticators/eap_authenticator.c | 25 +- src/libcharon/sa/child_sa.c | 150 +- src/libcharon/sa/connect_manager.c | 322 ++-- src/libcharon/sa/ike_sa.c | 391 ++-- src/libcharon/sa/ike_sa.h | 126 +- src/libcharon/sa/ike_sa_id.c | 103 +- src/libcharon/sa/ike_sa_id.h | 22 +- src/libcharon/sa/ike_sa_manager.c | 176 +- src/libcharon/sa/ike_sa_manager.h | 12 +- src/libcharon/sa/keymat.c | 2 + src/libcharon/sa/keymat.h | 7 +- src/libcharon/sa/mediation_manager.c | 131 +- src/libcharon/sa/shunt_manager.c | 251 +++ src/libcharon/sa/shunt_manager.h | 69 + src/libcharon/sa/task_manager.c | 118 +- src/libcharon/sa/tasks/child_create.c | 10 +- src/libcharon/sa/tasks/child_delete.c | 109 +- src/libcharon/sa/tasks/child_rekey.c | 93 +- src/libcharon/sa/tasks/ike_auth.c | 82 +- src/libcharon/sa/tasks/ike_auth.h | 2 +- src/libcharon/sa/tasks/ike_auth_lifetime.c | 69 +- src/libcharon/sa/tasks/ike_cert_post.c | 72 +- src/libcharon/sa/tasks/ike_cert_post.h | 2 +- src/libcharon/sa/tasks/ike_cert_pre.c | 75 +- src/libcharon/sa/tasks/ike_cert_pre.h | 2 +- src/libcharon/sa/tasks/ike_config.c | 79 +- src/libcharon/sa/tasks/ike_delete.c | 75 +- src/libcharon/sa/tasks/ike_dpd.c | 57 +- src/libcharon/sa/tasks/ike_dpd.h | 2 +- src/libcharon/sa/tasks/ike_init.c | 130 +- src/libcharon/sa/tasks/ike_init.h | 2 +- src/libcharon/sa/tasks/ike_me.c | 159 +- src/libcharon/sa/tasks/ike_mobike.c | 59 +- src/libcharon/sa/tasks/ike_natd.c | 95 +- src/libcharon/sa/tasks/ike_natd.h | 2 +- src/libcharon/sa/tasks/ike_reauth.c | 145 +- src/libcharon/sa/tasks/ike_rekey.c | 10 +- src/libcharon/sa/tasks/ike_vendor.h | 2 +- src/libcharon/sa/tasks/task.h | 6 +- src/libcharon/sa/trap_manager.c | 178 +- src/libcharon/sa/trap_manager.h | 5 + src/libcharon/tnc/imc/imc.h | 175 -- src/libcharon/tnc/imc/imc_manager.h | 124 -- src/libcharon/tnc/imv/imv.h | 175 -- src/libcharon/tnc/imv/imv_manager.h | 145 -- src/libcharon/tnc/imv/imv_recommendations.c | 24 - src/libcharon/tnc/imv/imv_recommendations.h | 117 -- src/libcharon/tnc/tnccs/tnccs.c | 23 - src/libcharon/tnc/tnccs/tnccs.h | 83 - src/libcharon/tnc/tnccs/tnccs_manager.c | 505 ----- src/libcharon/tnc/tnccs/tnccs_manager.h | 186 -- src/libcharon/tnc/tncif.h | 106 -- src/libcharon/tnc/tncifimc.h | 180 -- src/libcharon/tnc/tncifimv.c | 36 - src/libcharon/tnc/tncifimv.h | 248 --- src/libfast/Makefile.am | 4 +- src/libfast/Makefile.in | 63 +- src/libfast/dispatcher.c | 104 +- src/libfast/request.c | 183 +- src/libfast/session.c | 56 +- src/libfast/session.h | 2 - src/libfast/smtp.h | 2 +- src/libfreeswan/Android.mk | 38 + src/libfreeswan/Makefile.am | 20 +- src/libfreeswan/Makefile.in | 27 +- src/libfreeswan/datatot.c | 1 - src/libfreeswan/pfkey_v2_parse.c | 4 +- src/libhydra/Android.mk | 4 +- src/libhydra/Makefile.am | 4 +- src/libhydra/Makefile.in | 77 +- src/libhydra/attributes/attribute_manager.c | 124 +- src/libhydra/attributes/attributes.c | 58 +- src/libhydra/attributes/attributes.h | 1 + src/libhydra/kernel/kernel_interface.c | 60 +- src/libhydra/kernel/kernel_interface.h | 28 +- src/libhydra/kernel/kernel_ipsec.c | 24 +- src/libhydra/kernel/kernel_ipsec.h | 60 +- src/libhydra/kernel/kernel_listener.h | 2 +- src/libhydra/kernel/kernel_net.c | 37 + src/libhydra/kernel/kernel_net.h | 15 + src/libhydra/plugins/attr/Makefile.in | 7 + src/libhydra/plugins/attr_sql/Makefile.in | 7 + src/libhydra/plugins/attr_sql/pool.c | 8 +- src/libhydra/plugins/attr_sql/sql_attribute.c | 56 +- src/libhydra/plugins/kernel_klips/Makefile.in | 7 + .../plugins/kernel_klips/kernel_klips_ipsec.c | 27 +- .../plugins/kernel_klips/kernel_klips_plugin.c | 17 +- src/libhydra/plugins/kernel_netlink/Makefile.in | 7 + .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 1035 +++++++--- .../plugins/kernel_netlink/kernel_netlink_net.c | 41 +- .../plugins/kernel_netlink/kernel_netlink_plugin.c | 23 +- .../plugins/kernel_netlink/kernel_netlink_shared.c | 41 +- src/libhydra/plugins/kernel_pfkey/Makefile.in | 7 + .../plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 917 ++++++--- .../plugins/kernel_pfkey/kernel_pfkey_plugin.c | 17 +- src/libhydra/plugins/kernel_pfroute/Makefile.in | 7 + .../plugins/kernel_pfroute/kernel_pfroute_net.c | 4 +- .../plugins/kernel_pfroute/kernel_pfroute_plugin.c | 17 +- src/libhydra/plugins/resolve/Makefile.in | 7 + src/libhydra/plugins/resolve/resolve_handler.c | 245 ++- src/libhydra/plugins/resolve/resolve_plugin.c | 2 +- src/libimcv/Makefile.am | 38 + src/libimcv/Makefile.in | 845 +++++++++ src/libimcv/ietf/ietf_attr.c | 63 + src/libimcv/ietf/ietf_attr.h | 63 + src/libimcv/ietf/ietf_attr_pa_tnc_error.c | 472 +++++ src/libimcv/ietf/ietf_attr_pa_tnc_error.h | 134 ++ src/libimcv/ietf/ietf_attr_port_filter.c | 288 +++ src/libimcv/ietf/ietf_attr_port_filter.h | 74 + src/libimcv/ietf/ietf_attr_product_info.c | 255 +++ src/libimcv/ietf/ietf_attr_product_info.h | 67 + src/libimcv/imc/imc_agent.c | 693 +++++++ src/libimcv/imc/imc_agent.h | 175 ++ src/libimcv/imc/imc_state.h | 79 + src/libimcv/imcv.c | 161 ++ src/libimcv/imcv.h | 49 + src/libimcv/imv/imv_agent.c | 792 ++++++++ src/libimcv/imv/imv_agent.h | 197 ++ src/libimcv/imv/imv_state.h | 111 ++ src/libimcv/ita/ita_attr.c | 35 + src/libimcv/ita/ita_attr.h | 50 + src/libimcv/ita/ita_attr_command.c | 196 ++ src/libimcv/ita/ita_attr_command.h | 61 + src/libimcv/pa_tnc/pa_tnc_attr.h | 96 + src/libimcv/pa_tnc/pa_tnc_attr_manager.c | 155 ++ src/libimcv/pa_tnc/pa_tnc_attr_manager.h | 85 + src/libimcv/pa_tnc/pa_tnc_msg.c | 427 +++++ src/libimcv/pa_tnc/pa_tnc_msg.h | 103 + src/libimcv/plugins/imc_scanner/Makefile.am | 15 + src/libimcv/plugins/imc_scanner/Makefile.in | 600 ++++++ src/libimcv/plugins/imc_scanner/imc_scanner.c | 384 ++++ .../plugins/imc_scanner/imc_scanner_state.c | 115 ++ .../plugins/imc_scanner/imc_scanner_state.h | 47 + src/libimcv/plugins/imc_test/Makefile.am | 15 + src/libimcv/plugins/imc_test/Makefile.in | 600 ++++++ src/libimcv/plugins/imc_test/imc_test.c | 379 ++++ src/libimcv/plugins/imc_test/imc_test_state.c | 178 ++ src/libimcv/plugins/imc_test/imc_test_state.h | 80 + src/libimcv/plugins/imv_scanner/Makefile.am | 15 + src/libimcv/plugins/imv_scanner/Makefile.in | 600 ++++++ src/libimcv/plugins/imv_scanner/imv_scanner.c | 409 ++++ .../plugins/imv_scanner/imv_scanner_state.c | 243 +++ .../plugins/imv_scanner/imv_scanner_state.h | 52 + src/libimcv/plugins/imv_test/Makefile.am | 15 + src/libimcv/plugins/imv_test/Makefile.in | 600 ++++++ src/libimcv/plugins/imv_test/imv_test.c | 315 ++++ src/libimcv/plugins/imv_test/imv_test_state.c | 297 +++ src/libimcv/plugins/imv_test/imv_test_state.h | 70 + src/libpts/Makefile.am | 58 + src/libpts/Makefile.in | 1083 +++++++++++ src/libpts/libpts.c | 96 + src/libpts/libpts.h | 49 + src/libpts/plugins/imc_attestation/Makefile.am | 18 + src/libpts/plugins/imc_attestation/Makefile.in | 608 ++++++ .../plugins/imc_attestation/imc_attestation.c | 358 ++++ .../imc_attestation/imc_attestation_process.c | 466 +++++ .../imc_attestation/imc_attestation_process.h | 49 + .../imc_attestation/imc_attestation_state.c | 161 ++ .../imc_attestation/imc_attestation_state.h | 73 + src/libpts/plugins/imv_attestation/Makefile.am | 33 + src/libpts/plugins/imv_attestation/Makefile.in | 686 +++++++ src/libpts/plugins/imv_attestation/attest.c | 373 ++++ src/libpts/plugins/imv_attestation/attest_db.c | 1200 ++++++++++++ src/libpts/plugins/imv_attestation/attest_db.h | 190 ++ src/libpts/plugins/imv_attestation/attest_usage.c | 80 + src/libpts/plugins/imv_attestation/attest_usage.h | 25 + src/libpts/plugins/imv_attestation/data.sql | 1305 +++++++++++++ .../plugins/imv_attestation/imv_attestation.c | 520 +++++ .../imv_attestation/imv_attestation_build.c | 300 +++ .../imv_attestation/imv_attestation_build.h | 50 + .../imv_attestation/imv_attestation_process.c | 399 ++++ .../imv_attestation/imv_attestation_process.h | 57 + .../imv_attestation/imv_attestation_state.c | 407 ++++ .../imv_attestation/imv_attestation_state.h | 156 ++ src/libpts/plugins/imv_attestation/tables.sql | 82 + src/libpts/pts/components/ita/ita_comp_func_name.c | 45 + src/libpts/pts/components/ita/ita_comp_func_name.h | 85 + src/libpts/pts/components/ita/ita_comp_ima.c | 439 +++++ src/libpts/pts/components/ita/ita_comp_ima.h | 36 + src/libpts/pts/components/ita/ita_comp_tboot.c | 335 ++++ src/libpts/pts/components/ita/ita_comp_tboot.h | 36 + src/libpts/pts/components/ita/ita_comp_tgrub.c | 184 ++ src/libpts/pts/components/ita/ita_comp_tgrub.h | 36 + src/libpts/pts/components/pts_comp_evidence.c | 251 +++ src/libpts/pts/components/pts_comp_evidence.h | 170 ++ src/libpts/pts/components/pts_comp_func_name.c | 152 ++ src/libpts/pts/components/pts_comp_func_name.h | 96 + src/libpts/pts/components/pts_component.h | 94 + src/libpts/pts/components/pts_component_manager.c | 317 ++++ src/libpts/pts/components/pts_component_manager.h | 125 ++ src/libpts/pts/components/tcg/tcg_comp_func_name.c | 48 + src/libpts/pts/components/tcg/tcg_comp_func_name.h | 98 + src/libpts/pts/pts.c | 1539 +++++++++++++++ src/libpts/pts/pts.h | 353 ++++ src/libpts/pts/pts_creds.c | 136 ++ src/libpts/pts/pts_creds.h | 55 + src/libpts/pts/pts_database.c | 312 +++ src/libpts/pts/pts_database.h | 153 ++ src/libpts/pts/pts_dh_group.c | 175 ++ src/libpts/pts/pts_dh_group.h | 104 + src/libpts/pts/pts_error.c | 99 + src/libpts/pts/pts_error.h | 89 + src/libpts/pts/pts_file_meas.c | 186 ++ src/libpts/pts/pts_file_meas.h | 85 + src/libpts/pts/pts_file_meta.c | 96 + src/libpts/pts/pts_file_meta.h | 85 + src/libpts/pts/pts_file_type.c | 33 + src/libpts/pts/pts_file_type.h | 63 + src/libpts/pts/pts_meas_algo.c | 170 ++ src/libpts/pts/pts_meas_algo.h | 105 ++ src/libpts/pts/pts_proto_caps.h | 44 + src/libpts/pts/pts_req_func_comp_evid.h | 42 + src/libpts/pts/pts_simple_evid_final.h | 47 + src/libpts/tcg/tcg_attr.c | 209 ++ src/libpts/tcg/tcg_attr.h | 81 + src/libpts/tcg/tcg_pts_attr_aik.c | 256 +++ src/libpts/tcg/tcg_pts_attr_aik.h | 65 + src/libpts/tcg/tcg_pts_attr_dh_nonce_finish.c | 276 +++ src/libpts/tcg/tcg_pts_attr_dh_nonce_finish.h | 89 + src/libpts/tcg/tcg_pts_attr_dh_nonce_params_req.c | 247 +++ src/libpts/tcg/tcg_pts_attr_dh_nonce_params_req.h | 72 + src/libpts/tcg/tcg_pts_attr_dh_nonce_params_resp.c | 295 +++ src/libpts/tcg/tcg_pts_attr_dh_nonce_params_resp.h | 93 + src/libpts/tcg/tcg_pts_attr_file_meas.c | 308 +++ src/libpts/tcg/tcg_pts_attr_file_meas.h | 65 + src/libpts/tcg/tcg_pts_attr_gen_attest_evid.c | 214 +++ src/libpts/tcg/tcg_pts_attr_gen_attest_evid.h | 53 + src/libpts/tcg/tcg_pts_attr_get_aik.c | 211 +++ src/libpts/tcg/tcg_pts_attr_get_aik.h | 53 + src/libpts/tcg/tcg_pts_attr_get_tpm_version_info.c | 214 +++ src/libpts/tcg/tcg_pts_attr_get_tpm_version_info.h | 54 + src/libpts/tcg/tcg_pts_attr_meas_algo.c | 230 +++ src/libpts/tcg/tcg_pts_attr_meas_algo.h | 68 + src/libpts/tcg/tcg_pts_attr_proto_caps.c | 230 +++ src/libpts/tcg/tcg_pts_attr_proto_caps.h | 67 + src/libpts/tcg/tcg_pts_attr_req_file_meas.c | 303 +++ src/libpts/tcg/tcg_pts_attr_req_file_meas.h | 91 + src/libpts/tcg/tcg_pts_attr_req_file_meta.c | 286 +++ src/libpts/tcg/tcg_pts_attr_req_file_meta.h | 81 + src/libpts/tcg/tcg_pts_attr_req_func_comp_evid.c | 378 ++++ src/libpts/tcg/tcg_pts_attr_req_func_comp_evid.h | 80 + src/libpts/tcg/tcg_pts_attr_simple_comp_evid.c | 514 +++++ src/libpts/tcg/tcg_pts_attr_simple_comp_evid.h | 64 + src/libpts/tcg/tcg_pts_attr_simple_evid_final.c | 394 ++++ src/libpts/tcg/tcg_pts_attr_simple_evid_final.h | 91 + src/libpts/tcg/tcg_pts_attr_tpm_version_info.c | 237 +++ src/libpts/tcg/tcg_pts_attr_tpm_version_info.h | 70 + src/libpts/tcg/tcg_pts_attr_unix_file_meta.c | 360 ++++ src/libpts/tcg/tcg_pts_attr_unix_file_meta.h | 65 + src/libradius/Makefile.am | 11 + src/libradius/Makefile.in | 598 ++++++ src/libradius/radius_client.c | 157 ++ src/libradius/radius_client.h | 68 + src/libradius/radius_config.c | 221 +++ src/libradius/radius_config.h | 100 + src/libradius/radius_message.c | 515 +++++ src/libradius/radius_message.h | 302 +++ src/libradius/radius_mppe.h | 40 + src/libradius/radius_socket.c | 373 ++++ src/libradius/radius_socket.h | 77 + src/libsimaka/Makefile.am | 5 +- src/libsimaka/Makefile.in | 94 +- src/libsimaka/simaka_card.h | 129 ++ src/libsimaka/simaka_crypto.c | 136 +- src/libsimaka/simaka_hooks.h | 55 + src/libsimaka/simaka_manager.c | 626 ++++++ src/libsimaka/simaka_manager.h | 315 ++++ src/libsimaka/simaka_message.c | 169 +- src/libsimaka/simaka_message.h | 11 +- src/libsimaka/simaka_provider.h | 128 ++ src/libstrongswan/Android.mk | 14 +- src/libstrongswan/Makefile.am | 27 +- src/libstrongswan/Makefile.in | 344 ++-- src/libstrongswan/asn1/asn1.c | 69 +- src/libstrongswan/asn1/asn1.h | 10 +- src/libstrongswan/asn1/asn1_parser.c | 18 +- src/libstrongswan/asn1/oid.c | 676 +++---- src/libstrongswan/asn1/oid.h | 357 ++-- src/libstrongswan/asn1/oid.txt | 6 + src/libstrongswan/bio/bio_reader.c | 215 +++ src/libstrongswan/bio/bio_reader.h | 139 ++ src/libstrongswan/bio/bio_writer.c | 249 +++ src/libstrongswan/bio/bio_writer.h | 143 ++ src/libstrongswan/chunk.c | 11 +- src/libstrongswan/chunk.h | 16 +- src/libstrongswan/credentials/auth_cfg.c | 413 ++-- src/libstrongswan/credentials/auth_cfg.h | 46 +- src/libstrongswan/credentials/builder.c | 3 +- src/libstrongswan/credentials/builder.h | 8 +- src/libstrongswan/credentials/cert_validator.h | 2 +- src/libstrongswan/credentials/certificates/ac.h | 1 - .../credentials/certificates/certificate.c | 1 + .../credentials/certificates/certificate.h | 18 +- src/libstrongswan/credentials/certificates/crl.h | 6 +- src/libstrongswan/credentials/certificates/x509.h | 12 +- src/libstrongswan/credentials/cred_encoding.c | 70 +- src/libstrongswan/credentials/cred_encoding.h | 2 +- src/libstrongswan/credentials/credential_factory.h | 2 +- src/libstrongswan/credentials/credential_manager.c | 4 +- src/libstrongswan/credentials/credential_manager.h | 28 +- src/libstrongswan/credentials/credential_set.h | 4 +- .../credentials/ietf_attributes/ietf_attributes.c | 118 +- src/libstrongswan/credentials/keys/private_key.h | 10 +- src/libstrongswan/credentials/keys/public_key.c | 3 +- src/libstrongswan/credentials/keys/public_key.h | 12 +- src/libstrongswan/credentials/keys/shared_key.c | 47 +- .../credentials/sets/auth_cfg_wrapper.c | 39 +- src/libstrongswan/credentials/sets/cert_cache.c | 52 +- .../credentials/sets/ocsp_response_wrapper.c | 40 +- src/libstrongswan/crypto/aead.h | 2 +- src/libstrongswan/crypto/crypto_tester.c | 10 + src/libstrongswan/crypto/diffie_hellman.c | 24 +- src/libstrongswan/crypto/diffie_hellman.h | 7 +- src/libstrongswan/crypto/pkcs9.c | 112 +- src/libstrongswan/crypto/prf_plus.c | 35 +- .../crypto/proposal/proposal_keywords.c | 31 +- .../crypto/proposal/proposal_keywords.txt | 3 + src/libstrongswan/crypto/signers/signer.h | 4 +- src/libstrongswan/database/database.c | 22 + src/libstrongswan/database/database.h | 7 + src/libstrongswan/database/database_factory.c | 47 +- src/libstrongswan/debug.c | 8 + src/libstrongswan/debug.h | 8 + src/libstrongswan/eap/eap.c | 18 - src/libstrongswan/fetcher/fetcher_manager.h | 2 +- src/libstrongswan/integrity_checker.h | 1 - src/libstrongswan/library.c | 79 +- src/libstrongswan/library.h | 31 +- src/libstrongswan/pen/pen.c | 33 + src/libstrongswan/pen/pen.h | 46 + src/libstrongswan/plugins/aes/Makefile.in | 7 + src/libstrongswan/plugins/aes/aes_plugin.c | 20 +- src/libstrongswan/plugins/af_alg/Makefile.in | 7 + src/libstrongswan/plugins/af_alg/af_alg_crypter.c | 19 +- src/libstrongswan/plugins/af_alg/af_alg_crypter.h | 11 +- src/libstrongswan/plugins/af_alg/af_alg_hasher.c | 7 +- src/libstrongswan/plugins/af_alg/af_alg_hasher.h | 11 +- src/libstrongswan/plugins/af_alg/af_alg_ops.c | 2 +- src/libstrongswan/plugins/af_alg/af_alg_plugin.c | 38 +- src/libstrongswan/plugins/af_alg/af_alg_prf.c | 9 +- src/libstrongswan/plugins/af_alg/af_alg_prf.h | 11 +- src/libstrongswan/plugins/af_alg/af_alg_signer.c | 7 +- src/libstrongswan/plugins/af_alg/af_alg_signer.h | 11 +- src/libstrongswan/plugins/agent/Makefile.in | 7 + src/libstrongswan/plugins/agent/agent_plugin.c | 17 +- .../plugins/agent/agent_private_key.c | 6 +- src/libstrongswan/plugins/blowfish/Makefile.in | 7 + src/libstrongswan/plugins/ccm/Makefile.in | 7 + src/libstrongswan/plugins/ccm/ccm_aead.c | 2 +- src/libstrongswan/plugins/ccm/ccm_plugin.c | 79 +- src/libstrongswan/plugins/cmac/Makefile.am | 16 + src/libstrongswan/plugins/cmac/Makefile.in | 613 ++++++ src/libstrongswan/plugins/cmac/cmac.c | 321 ++++ src/libstrongswan/plugins/cmac/cmac.h | 78 + src/libstrongswan/plugins/cmac/cmac_plugin.c | 81 + src/libstrongswan/plugins/cmac/cmac_plugin.h | 42 + src/libstrongswan/plugins/cmac/cmac_prf.c | 121 ++ src/libstrongswan/plugins/cmac/cmac_prf.h | 50 + src/libstrongswan/plugins/cmac/cmac_signer.c | 159 ++ src/libstrongswan/plugins/cmac/cmac_signer.h | 47 + src/libstrongswan/plugins/constraints/Makefile.in | 7 + src/libstrongswan/plugins/ctr/Makefile.in | 7 + src/libstrongswan/plugins/ctr/ctr_plugin.c | 42 +- src/libstrongswan/plugins/curl/Makefile.in | 7 + src/libstrongswan/plugins/curl/curl_plugin.c | 35 +- src/libstrongswan/plugins/des/Makefile.in | 7 + src/libstrongswan/plugins/des/des_crypter.c | 6 +- src/libstrongswan/plugins/des/des_plugin.c | 24 +- src/libstrongswan/plugins/dnskey/Makefile.in | 7 + src/libstrongswan/plugins/dnskey/dnskey_plugin.c | 21 +- src/libstrongswan/plugins/fips_prf/Makefile.in | 7 + src/libstrongswan/plugins/fips_prf/fips_prf.c | 6 +- .../plugins/fips_prf/fips_prf_plugin.c | 25 +- src/libstrongswan/plugins/gcm/Makefile.in | 7 + src/libstrongswan/plugins/gcm/gcm_plugin.c | 46 +- src/libstrongswan/plugins/gcrypt/Makefile.in | 7 + src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c | 174 +- .../plugins/gcrypt/gcrypt_rsa_private_key.c | 6 +- src/libstrongswan/plugins/gmp/Makefile.in | 7 + src/libstrongswan/plugins/gmp/gmp_plugin.c | 121 +- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 2 +- src/libstrongswan/plugins/hmac/Makefile.in | 7 + src/libstrongswan/plugins/hmac/hmac.c | 4 +- src/libstrongswan/plugins/hmac/hmac.h | 4 +- src/libstrongswan/plugins/hmac/hmac_plugin.c | 105 +- src/libstrongswan/plugins/ldap/Makefile.in | 7 + src/libstrongswan/plugins/ldap/ldap_plugin.c | 21 +- src/libstrongswan/plugins/md4/Makefile.in | 7 + src/libstrongswan/plugins/md4/md4_hasher.c | 48 +- src/libstrongswan/plugins/md4/md4_plugin.c | 18 +- src/libstrongswan/plugins/md5/Makefile.in | 7 + src/libstrongswan/plugins/md5/md5_hasher.c | 50 +- src/libstrongswan/plugins/md5/md5_plugin.c | 16 +- src/libstrongswan/plugins/mysql/Makefile.in | 7 + src/libstrongswan/plugins/mysql/mysql_database.c | 1 + src/libstrongswan/plugins/mysql/mysql_plugin.c | 18 +- src/libstrongswan/plugins/openssl/Makefile.in | 7 + src/libstrongswan/plugins/openssl/openssl_crl.c | 2 +- .../plugins/openssl/openssl_ec_diffie_hellman.c | 2 +- .../plugins/openssl/openssl_ec_private_key.c | 39 +- src/libstrongswan/plugins/openssl/openssl_plugin.c | 309 +-- .../plugins/openssl/openssl_rsa_public_key.c | 3 +- src/libstrongswan/plugins/openssl/openssl_util.c | 2 +- src/libstrongswan/plugins/openssl/openssl_x509.c | 45 +- src/libstrongswan/plugins/padlock/Makefile.in | 7 + src/libstrongswan/plugins/pem/Makefile.in | 7 + src/libstrongswan/plugins/pem/pem_builder.c | 49 +- src/libstrongswan/plugins/pem/pem_plugin.c | 114 +- src/libstrongswan/plugins/pgp/Makefile.in | 7 + src/libstrongswan/plugins/pgp/pgp_builder.c | 4 +- src/libstrongswan/plugins/pgp/pgp_cert.c | 156 +- src/libstrongswan/plugins/pgp/pgp_plugin.c | 42 +- src/libstrongswan/plugins/pgp/pgp_utils.c | 18 +- src/libstrongswan/plugins/pkcs1/Makefile.in | 7 + src/libstrongswan/plugins/pkcs1/pkcs1_builder.c | 6 +- src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c | 29 +- src/libstrongswan/plugins/pkcs11/Makefile.am | 2 + src/libstrongswan/plugins/pkcs11/Makefile.in | 14 +- src/libstrongswan/plugins/pkcs11/pkcs11.h | 24 + src/libstrongswan/plugins/pkcs11/pkcs11_dh.c | 446 +++++ src/libstrongswan/plugins/pkcs11/pkcs11_dh.h | 51 + src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c | 3 +- src/libstrongswan/plugins/pkcs11/pkcs11_library.c | 203 +- src/libstrongswan/plugins/pkcs11/pkcs11_library.h | 46 +- src/libstrongswan/plugins/pkcs11/pkcs11_manager.c | 19 +- src/libstrongswan/plugins/pkcs11/pkcs11_manager.h | 10 +- src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c | 217 ++- .../plugins/pkcs11/pkcs11_private_key.c | 184 +- .../plugins/pkcs11/pkcs11_private_key.h | 16 +- .../plugins/pkcs11/pkcs11_public_key.c | 597 +++++- .../plugins/pkcs11/pkcs11_public_key.h | 2 +- src/libstrongswan/plugins/pkcs11/pkcs11_rng.c | 137 ++ src/libstrongswan/plugins/pkcs11/pkcs11_rng.h | 47 + src/libstrongswan/plugins/pkcs8/Makefile.am | 16 + src/libstrongswan/plugins/pkcs8/Makefile.in | 611 ++++++ src/libstrongswan/plugins/pkcs8/pkcs8_builder.c | 632 +++++++ src/libstrongswan/plugins/pkcs8/pkcs8_builder.h | 36 + src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c | 78 + src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h | 42 + src/libstrongswan/plugins/plugin.h | 18 +- src/libstrongswan/plugins/plugin_feature.c | 383 ++++ src/libstrongswan/plugins/plugin_feature.h | 331 ++++ src/libstrongswan/plugins/plugin_loader.c | 485 ++++- src/libstrongswan/plugins/plugin_loader.h | 18 +- src/libstrongswan/plugins/pubkey/Makefile.in | 7 + src/libstrongswan/plugins/pubkey/pubkey_cert.c | 170 +- src/libstrongswan/plugins/pubkey/pubkey_plugin.c | 17 +- src/libstrongswan/plugins/random/Makefile.in | 7 + src/libstrongswan/plugins/random/random_plugin.c | 21 +- src/libstrongswan/plugins/revocation/Makefile.in | 7 + .../plugins/revocation/revocation_validator.c | 12 +- src/libstrongswan/plugins/sha1/Makefile.in | 7 + src/libstrongswan/plugins/sha1/sha1_hasher.c | 49 +- src/libstrongswan/plugins/sha1/sha1_plugin.c | 24 +- src/libstrongswan/plugins/sha1/sha1_prf.c | 60 +- src/libstrongswan/plugins/sha2/Makefile.in | 7 + src/libstrongswan/plugins/sha2/sha2_hasher.c | 279 ++- src/libstrongswan/plugins/sha2/sha2_plugin.c | 27 +- src/libstrongswan/plugins/soup/Makefile.in | 7 + src/libstrongswan/plugins/soup/soup_plugin.c | 21 +- src/libstrongswan/plugins/sqlite/Makefile.in | 7 + src/libstrongswan/plugins/sqlite/sqlite_plugin.c | 18 +- src/libstrongswan/plugins/test_vectors/Makefile.am | 1 + src/libstrongswan/plugins/test_vectors/Makefile.in | 27 +- .../plugins/test_vectors/test_vectors.h | 11 + .../plugins/test_vectors/test_vectors/aes_cmac.c | 141 ++ src/libstrongswan/plugins/x509/Makefile.in | 7 + src/libstrongswan/plugins/x509/x509_ac.c | 206 +- src/libstrongswan/plugins/x509/x509_cert.c | 76 +- src/libstrongswan/plugins/x509/x509_crl.c | 12 +- src/libstrongswan/plugins/x509/x509_ocsp_request.c | 126 +- .../plugins/x509/x509_ocsp_response.c | 154 +- src/libstrongswan/plugins/x509/x509_pkcs10.c | 146 +- src/libstrongswan/plugins/x509/x509_plugin.c | 80 +- src/libstrongswan/plugins/xcbc/Makefile.in | 7 + src/libstrongswan/plugins/xcbc/xcbc.c | 4 +- src/libstrongswan/plugins/xcbc/xcbc.h | 2 +- src/libstrongswan/plugins/xcbc/xcbc_plugin.c | 44 +- src/libstrongswan/printf_hook.c | 2 +- src/libstrongswan/processing/jobs/callback_job.c | 31 +- src/libstrongswan/processing/jobs/callback_job.h | 16 + src/libstrongswan/processing/jobs/job.c | 23 + src/libstrongswan/processing/jobs/job.h | 32 +- src/libstrongswan/processing/processor.c | 154 +- src/libstrongswan/processing/processor.h | 15 +- src/libstrongswan/processing/scheduler.c | 3 +- src/libstrongswan/processing/scheduler.h | 2 +- src/libstrongswan/selectors/traffic_selector.c | 166 +- src/libstrongswan/settings.c | 1 + src/libstrongswan/settings.h | 2 +- src/libstrongswan/threading/mutex.c | 128 +- src/libstrongswan/threading/rwlock.c | 106 +- src/libstrongswan/threading/thread.c | 96 +- src/libstrongswan/threading/thread_value.c | 32 +- src/libstrongswan/utils.c | 78 +- src/libstrongswan/utils.h | 99 +- src/libstrongswan/utils/backtrace.c | 87 +- src/libstrongswan/utils/backtrace.h | 14 + src/libstrongswan/utils/enumerator.h | 4 +- src/libstrongswan/utils/hashtable.c | 225 +-- src/libstrongswan/utils/host.c | 98 +- src/libstrongswan/utils/identification.c | 2 + src/libstrongswan/utils/identification.h | 6 +- src/libstrongswan/utils/iterator.h | 114 -- src/libstrongswan/utils/leak_detective.c | 224 ++- src/libstrongswan/utils/leak_detective.h | 7 + src/libstrongswan/utils/linked_list.c | 547 ++---- src/libstrongswan/utils/linked_list.h | 60 +- src/libstrongswan/utils/optionsfrom.c | 10 +- src/libtls/Makefile.am | 5 +- src/libtls/Makefile.in | 97 +- src/libtls/tls.c | 12 +- src/libtls/tls.h | 9 +- src/libtls/tls_alert.h | 2 +- src/libtls/tls_application.h | 8 +- src/libtls/tls_cache.c | 237 +++ src/libtls/tls_cache.h | 78 + src/libtls/tls_compression.h | 4 +- src/libtls/tls_crypto.c | 174 +- src/libtls/tls_crypto.h | 60 +- src/libtls/tls_fragmentation.c | 50 +- src/libtls/tls_fragmentation.h | 4 +- src/libtls/tls_handshake.h | 22 +- src/libtls/tls_peer.c | 169 +- src/libtls/tls_protection.c | 57 +- src/libtls/tls_protection.h | 4 +- src/libtls/tls_reader.c | 200 -- src/libtls/tls_reader.h | 131 -- src/libtls/tls_server.c | 209 +- src/libtls/tls_socket.c | 115 +- src/libtls/tls_socket.h | 22 +- src/libtls/tls_writer.c | 237 --- src/libtls/tls_writer.h | 136 -- src/libtnccs/Android.mk | 33 + src/libtnccs/Makefile.am | 16 + src/libtnccs/Makefile.in | 629 ++++++ src/libtnccs/tnc/imc/imc.h | 230 +++ src/libtnccs/tnc/imc/imc_manager.h | 165 ++ src/libtnccs/tnc/imv/imv.h | 230 +++ src/libtnccs/tnc/imv/imv_manager.h | 186 ++ src/libtnccs/tnc/imv/imv_recommendations.c | 24 + src/libtnccs/tnc/imv/imv_recommendations.h | 123 ++ src/libtnccs/tnc/tnc.c | 268 +++ src/libtnccs/tnc/tnc.h | 87 + src/libtnccs/tnc/tnccs/tnccs.c | 24 + src/libtnccs/tnc/tnccs/tnccs.h | 82 + src/libtnccs/tnc/tnccs/tnccs_manager.c | 63 + src/libtnccs/tnc/tnccs/tnccs_manager.h | 203 ++ src/libtncif/Android.mk | 28 + src/libtncif/Makefile.am | 9 + src/libtncif/Makefile.in | 545 ++++++ src/libtncif/tncif.h | 142 ++ src/libtncif/tncif_names.c | 47 + src/libtncif/tncif_names.h | 34 + src/libtncif/tncif_pa_subtypes.c | 93 + src/libtncif/tncif_pa_subtypes.h | 104 + src/libtncif/tncifimc.h | 307 +++ src/libtncif/tncifimv.h | 336 ++++ src/manager/Makefile.in | 7 + src/manager/controller/auth_controller.c | 39 +- src/manager/controller/config_controller.c | 39 +- src/manager/controller/control_controller.c | 39 +- src/manager/controller/gateway_controller.c | 40 +- src/manager/controller/ikesa_controller.c | 39 +- src/manager/gateway.c | 65 +- src/manager/gateway.h | 3 +- src/manager/manager.c | 63 +- src/manager/manager.h | 4 +- src/manager/storage.c | 35 +- src/manager/storage.h | 2 +- src/manager/templates/static/jquery.js | 2 +- src/manager/xml.c | 66 +- src/medsrv/Makefile.am | 2 +- src/medsrv/Makefile.in | 11 +- src/medsrv/controller/peer_controller.c | 41 +- src/medsrv/controller/user_controller.c | 46 +- src/medsrv/filter/auth_filter.c | 137 +- src/medsrv/filter/auth_filter.h | 90 +- src/medsrv/user.c | 34 +- src/openac/Makefile.in | 7 + src/pki/Makefile.in | 7 + src/pki/command.c | 7 + src/pki/commands/issue.c | 2 +- src/pki/commands/print.c | 7 +- src/pki/commands/self.c | 2 +- src/pki/commands/signcrl.c | 30 +- src/pluto/Android.mk | 80 + src/pluto/Makefile.am | 26 +- src/pluto/Makefile.in | 166 +- src/pluto/ac.c | 4 +- src/pluto/adns.c | 4 - src/pluto/adns.h | 11 +- src/pluto/builder.c | 18 +- src/pluto/ca.c | 7 +- src/pluto/connections.c | 21 +- src/pluto/constants.c | 4 + src/pluto/constants.h | 2 +- src/pluto/crl.c | 2 +- src/pluto/crypto.c | 2 +- src/pluto/defs.c | 8 +- src/pluto/demux.c | 4 +- src/pluto/dnskey.c | 341 +--- src/pluto/dnskey.h | 7 - src/pluto/event_queue.c | 4 +- src/pluto/ipsec_doi.c | 17 +- src/pluto/kernel.c | 15 +- src/pluto/kernel_alg.c | 2 +- src/pluto/keys.c | 58 +- src/pluto/lex.h | 2 +- src/pluto/log.c | 55 +- src/pluto/myid.c | 2 +- src/pluto/nat_traversal.c | 2 +- src/pluto/ocsp.c | 18 +- src/pluto/plugin_list.c | 72 + src/pluto/plugin_list.h | 21 + src/pluto/plugins/xauth/Makefile.in | 7 + src/pluto/plugins/xauth/xauth_default_verifier.c | 7 + src/pluto/pluto.8 | 4 +- src/pluto/plutomain.c | 188 +- src/pluto/rcv_whack.c | 17 +- src/pluto/server.c | 88 +- src/pluto/spdb.c | 2 +- src/pluto/spdb.h | 2 +- src/pluto/state.c | 2 +- src/pluto/timer.c | 13 +- src/pluto/vendor.c | 2 +- src/pluto/x509.c | 2 +- src/scepclient/Makefile.in | 7 + src/scepclient/scepclient.c | 49 +- src/starter/Android.mk | 47 + src/starter/Makefile.am | 26 +- src/starter/Makefile.in | 83 +- src/starter/args.c | 5 +- src/starter/args.h | 2 +- src/starter/confread.c | 170 +- src/starter/confread.h | 9 +- src/starter/files.h | 1 - src/starter/invokepluto.c | 5 +- src/starter/ipsec-parser.h | 55 + src/starter/keywords.c | 267 +-- src/starter/keywords.h | 1 + src/starter/keywords.txt | 1 + src/starter/lex.yy.c | 1968 ------------------- src/starter/lexer.c | 1992 ++++++++++++++++++++ src/starter/lexer.l | 215 +++ src/starter/netkey.c | 17 +- src/starter/parser.c | 1846 ++++++++++++++++++ src/starter/parser.h | 141 +- src/starter/parser.l | 191 -- src/starter/parser.y | 2 +- src/starter/starter.c | 142 +- src/starter/starterstroke.c | 42 +- src/starter/y.tab.c | 1846 ------------------ src/starter/y.tab.h | 88 - src/stroke/Android.mk | 27 + src/stroke/Makefile.am | 6 +- src/stroke/Makefile.in | 13 +- src/stroke/stroke.c | 73 +- src/stroke/stroke_keywords.c | 90 +- src/stroke/stroke_keywords.h | 4 + src/stroke/stroke_keywords.txt | 4 + src/stroke/stroke_msg.h | 19 +- src/whack/Android.mk | 30 + src/whack/Makefile.am | 6 +- src/whack/Makefile.in | 14 +- src/whack/whack.c | 10 +- src/whack/whack.h | 3 +- testing/Makefile.in | 7 + testing/do-tests.in | 17 + .../hosts/winnetou/etc/openssl/duck/openssl.cnf | 6 +- .../hosts/winnetou/etc/openssl/ecdsa/openssl.cnf | 6 +- testing/hosts/winnetou/etc/openssl/index.txt | 12 +- testing/hosts/winnetou/etc/openssl/index.txt.old | 12 +- .../hosts/winnetou/etc/openssl/monster/openssl.cnf | 6 +- testing/hosts/winnetou/etc/openssl/newcerts/24.pem | 25 + testing/hosts/winnetou/etc/openssl/newcerts/25.pem | 25 + testing/hosts/winnetou/etc/openssl/newcerts/26.pem | 25 + testing/hosts/winnetou/etc/openssl/newcerts/27.pem | 95 + testing/hosts/winnetou/etc/openssl/openssl.cnf | 6 +- .../winnetou/etc/openssl/research/openssl.cnf | 6 +- .../hosts/winnetou/etc/openssl/rfc3779/openssl.cnf | 6 +- .../hosts/winnetou/etc/openssl/sales/openssl.cnf | 6 +- testing/hosts/winnetou/etc/openssl/serial | 2 +- testing/hosts/winnetou/etc/openssl/serial.old | 2 +- testing/scripts/build-umlrootfs | 50 + testing/scripts/load-testconfig | 4 +- testing/testing.conf | 24 +- testing/tests/ha/both-active/evaltest.dat | 4 +- testing/tests/ikev1/esp-ah-transport/pretest.dat | 2 +- testing/tests/ikev1/esp-ah-tunnel/pretest.dat | 2 +- testing/tests/ikev1/starter-also/pretest.dat | 2 +- testing/tests/ikev1/strong-certs/description.txt | 2 +- .../carol/etc/ipsec.d/certs/carolCert-sha384.pem | 34 +- .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 50 +- .../dave/etc/ipsec.d/certs/daveCert-sha512.pem | 34 +- .../hosts/dave/etc/ipsec.d/private/daveKey.pem | 50 +- .../ikev1/strong-certs/hosts/moon/etc/ipsec.conf | 2 +- .../moon/etc/ipsec.d/certs/moonCert-sha224.pem | 25 + .../moon/etc/ipsec.d/certs/moonCert-sha256.pem | 25 - .../hosts/moon/etc/ipsec.d/private/moonKey.pem | 50 +- testing/tests/ikev2/compress/evaltest.dat | 4 +- .../tests/ikev2/esp-alg-md5-128/description.txt | 3 + testing/tests/ikev2/esp-alg-md5-128/evaltest.dat | 9 + .../esp-alg-md5-128/hosts/carol/etc/ipsec.conf | 25 + .../hosts/carol/etc/strongswan.conf | 5 + .../esp-alg-md5-128/hosts/moon/etc/ipsec.conf | 24 + .../esp-alg-md5-128/hosts/moon/etc/strongswan.conf | 5 + testing/tests/ikev2/esp-alg-md5-128/posttest.dat | 4 + testing/tests/ikev2/esp-alg-md5-128/pretest.dat | 7 + testing/tests/ikev2/esp-alg-md5-128/test.conf | 21 + .../tests/ikev2/esp-alg-sha1-160/description.txt | 3 + testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat | 9 + .../esp-alg-sha1-160/hosts/carol/etc/ipsec.conf | 25 + .../hosts/carol/etc/strongswan.conf | 5 + .../esp-alg-sha1-160/hosts/moon/etc/ipsec.conf | 24 + .../hosts/moon/etc/strongswan.conf | 5 + testing/tests/ikev2/esp-alg-sha1-160/posttest.dat | 4 + testing/tests/ikev2/esp-alg-sha1-160/pretest.dat | 7 + testing/tests/ikev2/esp-alg-sha1-160/test.conf | 21 + testing/tests/ikev2/net2net-esn/description.txt | 7 + testing/tests/ikev2/net2net-esn/evaltest.dat | 14 + .../ikev2/net2net-esn/hosts/moon/etc/ipsec.conf | 28 + .../net2net-esn/hosts/moon/etc/strongswan.conf | 6 + .../ikev2/net2net-esn/hosts/sun/etc/ipsec.conf | 28 + .../net2net-esn/hosts/sun/etc/strongswan.conf | 6 + testing/tests/ikev2/net2net-esn/posttest.dat | 5 + testing/tests/ikev2/net2net-esn/pretest.dat | 6 + testing/tests/ikev2/net2net-esn/test.conf | 21 + testing/tests/ikev2/net2net-pubkey/description.txt | 7 + testing/tests/ikev2/net2net-pubkey/evaltest.dat | 7 + .../ikev2/net2net-pubkey/hosts/moon/etc/ipsec.conf | 25 + .../hosts/moon/etc/ipsec.d/certs/moonPub.der | Bin 0 -> 291 bytes .../hosts/moon/etc/ipsec.d/certs/sunPub.der | Bin 0 -> 292 bytes .../hosts/moon/etc/ipsec.d/private/moonKey.der | Bin 0 -> 1187 bytes .../net2net-pubkey/hosts/moon/etc/ipsec.secrets | 3 + .../net2net-pubkey/hosts/moon/etc/strongswan.conf | 5 + .../ikev2/net2net-pubkey/hosts/sun/etc/ipsec.conf | 23 + .../hosts/sun/etc/ipsec.d/certs/moonPub.der | Bin 0 -> 291 bytes .../hosts/sun/etc/ipsec.d/certs/sunPub.der | Bin 0 -> 292 bytes .../hosts/sun/etc/ipsec.d/private/sunKey.der | Bin 0 -> 1189 bytes .../net2net-pubkey/hosts/sun/etc/ipsec.secrets | 3 + .../net2net-pubkey/hosts/sun/etc/strongswan.conf | 5 + testing/tests/ikev2/net2net-pubkey/posttest.dat | 8 + testing/tests/ikev2/net2net-pubkey/pretest.dat | 8 + testing/tests/ikev2/net2net-pubkey/test.conf | 21 + testing/tests/ikev2/net2net-rsa/description.txt | 7 + testing/tests/ikev2/net2net-rsa/evaltest.dat | 7 + .../ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf | 25 + .../hosts/moon/etc/ipsec.d/private/moonKey.der | Bin 0 -> 1187 bytes .../ikev2/net2net-rsa/hosts/moon/etc/ipsec.secrets | 3 + .../net2net-rsa/hosts/moon/etc/strongswan.conf | 5 + .../ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf | 23 + .../hosts/sun/etc/ipsec.d/private/sunKey.der | Bin 0 -> 1189 bytes .../ikev2/net2net-rsa/hosts/sun/etc/ipsec.secrets | 3 + .../net2net-rsa/hosts/sun/etc/strongswan.conf | 5 + testing/tests/ikev2/net2net-rsa/posttest.dat | 6 + testing/tests/ikev2/net2net-rsa/pretest.dat | 8 + testing/tests/ikev2/net2net-rsa/test.conf | 21 + .../tests/ikev2/ocsp-no-signer-cert/evaltest.dat | 2 +- .../carol/etc/ipsec.d/certs/carolCert-ocsp.pem | 103 +- .../carol/etc/ipsec.d/private/carolKey-ocsp.pem | 50 +- testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat | 2 +- .../carol/etc/ipsec.d/certs/carolCert-ocsp.pem | 103 +- .../carol/etc/ipsec.d/private/carolKey-ocsp.pem | 50 +- .../tests/ikev2/ocsp-untrusted-cert/evaltest.dat | 2 +- testing/tests/ikev2/reauth-late/evaltest.dat | 2 +- .../ikev2/reauth-late/hosts/moon/etc/ipsec.conf | 4 +- .../ikev2/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../ikev2/rw-cert/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/rw-eap-aka-rsa/description.txt | 2 +- .../rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf | 6 +- .../rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf | 6 +- .../ikev2/rw-eap-md5-id-prompt/description.txt | 9 + .../tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat | 13 + .../hosts/carol/etc/ipsec.conf | 21 + .../hosts/carol/etc/ipsec.secrets | 1 + .../hosts/carol/etc/strongswan.conf | 5 + .../rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf | 25 + .../hosts/moon/etc/ipsec.secrets | 5 + .../hosts/moon/etc/strongswan.conf | 5 + .../tests/ikev2/rw-eap-md5-id-prompt/posttest.dat | 4 + .../tests/ikev2/rw-eap-md5-id-prompt/pretest.dat | 8 + testing/tests/ikev2/rw-eap-md5-id-prompt/test.conf | 21 + testing/tests/ikev2/rw-eap-md5-rsa/description.txt | 2 +- .../ikev2/rw-eap-mschapv2-id-rsa/description.txt | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../rw-eap-peap-md5/hosts/dave/etc/strongswan.conf | 2 +- .../rw-eap-peap-md5/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/rw-eap-sim-rsa/description.txt | 2 +- .../rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf | 6 +- .../rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf | 7 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../rw-eap-tls-only/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../rw-eap-tnc-11-radius-block/description.txt | 11 - .../ikev2/rw-eap-tnc-11-radius-block/evaltest.dat | 14 - .../hosts/alice/etc/raddb/clients.conf | 4 - .../hosts/alice/etc/raddb/dictionary | 2 - .../hosts/alice/etc/raddb/dictionary.tnc | 5 - .../hosts/alice/etc/raddb/eap.conf | 25 - .../hosts/alice/etc/raddb/proxy.conf | 5 - .../hosts/alice/etc/raddb/radiusd.conf | 120 -- .../hosts/alice/etc/raddb/sites-available/default | 44 - .../alice/etc/raddb/sites-available/inner-tunnel | 32 - .../etc/raddb/sites-available/inner-tunnel-second | 23 - .../hosts/alice/etc/raddb/users | 2 - .../hosts/alice/etc/tnc_config | 3 - .../hosts/carol/etc/ipsec.conf | 24 - .../hosts/carol/etc/ipsec.secrets | 3 - .../hosts/carol/etc/strongswan.conf | 6 - .../hosts/carol/etc/tnc/dummyimc.file | 1 - .../hosts/carol/etc/tnc_config | 3 - .../hosts/dave/etc/ipsec.conf | 24 - .../hosts/dave/etc/ipsec.secrets | 3 - .../hosts/dave/etc/strongswan.conf | 6 - .../hosts/dave/etc/tnc/dummyimc.file | 1 - .../hosts/dave/etc/tnc_config | 3 - .../hosts/moon/etc/init.d/iptables | 84 - .../hosts/moon/etc/ipsec.conf | 25 - .../hosts/moon/etc/ipsec.secrets | 3 - .../hosts/moon/etc/strongswan.conf | 12 - .../ikev2/rw-eap-tnc-11-radius-block/posttest.dat | 8 - .../ikev2/rw-eap-tnc-11-radius-block/pretest.dat | 15 - .../ikev2/rw-eap-tnc-11-radius-block/test.conf | 26 - .../ikev2/rw-eap-tnc-11-radius/description.txt | 10 - .../tests/ikev2/rw-eap-tnc-11-radius/evaltest.dat | 19 - .../hosts/alice/etc/raddb/clients.conf | 4 - .../hosts/alice/etc/raddb/dictionary | 2 - .../hosts/alice/etc/raddb/dictionary.tnc | 5 - .../hosts/alice/etc/raddb/eap.conf | 25 - .../hosts/alice/etc/raddb/proxy.conf | 5 - .../hosts/alice/etc/raddb/radiusd.conf | 120 -- .../hosts/alice/etc/raddb/sites-available/default | 44 - .../alice/etc/raddb/sites-available/inner-tunnel | 32 - .../etc/raddb/sites-available/inner-tunnel-second | 36 - .../hosts/alice/etc/raddb/users | 2 - .../hosts/alice/etc/tnc_config | 3 - .../hosts/carol/etc/ipsec.conf | 24 - .../hosts/carol/etc/ipsec.secrets | 3 - .../hosts/carol/etc/strongswan.conf | 6 - .../hosts/carol/etc/tnc/dummyimc.file | 1 - .../hosts/carol/etc/tnc_config | 3 - .../rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.conf | 24 - .../hosts/dave/etc/ipsec.secrets | 3 - .../hosts/dave/etc/strongswan.conf | 6 - .../hosts/dave/etc/tnc/dummyimc.file | 1 - .../rw-eap-tnc-11-radius/hosts/dave/etc/tnc_config | 3 - .../hosts/moon/etc/init.d/iptables | 84 - .../rw-eap-tnc-11-radius/hosts/moon/etc/ipsec.conf | 35 - .../hosts/moon/etc/ipsec.secrets | 3 - .../hosts/moon/etc/strongswan.conf | 13 - .../tests/ikev2/rw-eap-tnc-11-radius/posttest.dat | 8 - .../tests/ikev2/rw-eap-tnc-11-radius/pretest.dat | 18 - testing/tests/ikev2/rw-eap-tnc-11-radius/test.conf | 26 - testing/tests/ikev2/rw-eap-tnc-11/description.txt | 9 - testing/tests/ikev2/rw-eap-tnc-11/evaltest.dat | 21 - .../ikev2/rw-eap-tnc-11/hosts/carol/etc/ipsec.conf | 23 - .../rw-eap-tnc-11/hosts/carol/etc/ipsec.secrets | 3 - .../rw-eap-tnc-11/hosts/carol/etc/strongswan.conf | 6 - .../hosts/carol/etc/tnc/dummyimc.file | 1 - .../hosts/carol/etc/tnc/log4cxx.properties | 15 - .../ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc_config | 4 - .../ikev2/rw-eap-tnc-11/hosts/dave/etc/ipsec.conf | 23 - .../rw-eap-tnc-11/hosts/dave/etc/ipsec.secrets | 3 - .../rw-eap-tnc-11/hosts/dave/etc/strongswan.conf | 6 - .../rw-eap-tnc-11/hosts/dave/etc/tnc/dummyimc.file | 1 - .../hosts/dave/etc/tnc/log4cxx.properties | 15 - .../ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc_config | 4 - .../ikev2/rw-eap-tnc-11/hosts/moon/etc/ipsec.conf | 36 - .../rw-eap-tnc-11/hosts/moon/etc/ipsec.secrets | 6 - .../rw-eap-tnc-11/hosts/moon/etc/strongswan.conf | 13 - .../hosts/moon/etc/tnc/dummyimv.policy | 1 - .../hosts/moon/etc/tnc/hostscannerimv.policy | 40 - .../hosts/moon/etc/tnc/log4cxx.properties | 15 - .../ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc_config | 4 - testing/tests/ikev2/rw-eap-tnc-11/posttest.dat | 6 - testing/tests/ikev2/rw-eap-tnc-11/pretest.dat | 15 - testing/tests/ikev2/rw-eap-tnc-11/test.conf | 26 - .../ikev2/rw-eap-tnc-20-block/description.txt | 11 - .../tests/ikev2/rw-eap-tnc-20-block/evaltest.dat | 14 - .../rw-eap-tnc-20-block/hosts/carol/etc/ipsec.conf | 23 - .../hosts/carol/etc/ipsec.secrets | 3 - .../hosts/carol/etc/strongswan.conf | 14 - .../hosts/carol/etc/tnc/dummyimc.file | 1 - .../rw-eap-tnc-20-block/hosts/carol/etc/tnc_config | 3 - .../rw-eap-tnc-20-block/hosts/dave/etc/ipsec.conf | 23 - .../hosts/dave/etc/ipsec.secrets | 3 - .../hosts/dave/etc/strongswan.conf | 14 - .../hosts/dave/etc/tnc/dummyimc.file | 1 - .../rw-eap-tnc-20-block/hosts/dave/etc/tnc_config | 3 - .../rw-eap-tnc-20-block/hosts/moon/etc/ipsec.conf | 26 - .../hosts/moon/etc/ipsec.secrets | 6 - .../hosts/moon/etc/strongswan.conf | 19 - .../hosts/moon/etc/tnc/dummyimv.policy | 1 - .../rw-eap-tnc-20-block/hosts/moon/etc/tnc_config | 3 - .../tests/ikev2/rw-eap-tnc-20-block/posttest.dat | 6 - .../tests/ikev2/rw-eap-tnc-20-block/pretest.dat | 15 - testing/tests/ikev2/rw-eap-tnc-20-block/test.conf | 26 - .../tests/ikev2/rw-eap-tnc-20-tls/description.txt | 10 - testing/tests/ikev2/rw-eap-tnc-20-tls/evaltest.dat | 21 - .../rw-eap-tnc-20-tls/hosts/carol/etc/ipsec.conf | 24 - .../hosts/carol/etc/strongswan.conf | 11 - .../hosts/carol/etc/tnc/dummyimc.file | 1 - .../rw-eap-tnc-20-tls/hosts/carol/etc/tnc_config | 3 - .../rw-eap-tnc-20-tls/hosts/dave/etc/ipsec.conf | 24 - .../hosts/dave/etc/strongswan.conf | 11 - .../hosts/dave/etc/tnc/dummyimc.file | 1 - .../rw-eap-tnc-20-tls/hosts/dave/etc/tnc_config | 3 - .../rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.conf | 36 - .../rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.secrets | 6 - .../hosts/moon/etc/strongswan.conf | 16 - .../hosts/moon/etc/tnc/dummyimv.policy | 1 - .../rw-eap-tnc-20-tls/hosts/moon/etc/tnc_config | 3 - testing/tests/ikev2/rw-eap-tnc-20-tls/posttest.dat | 6 - testing/tests/ikev2/rw-eap-tnc-20-tls/pretest.dat | 15 - testing/tests/ikev2/rw-eap-tnc-20-tls/test.conf | 26 - testing/tests/ikev2/rw-eap-tnc-20/description.txt | 11 - testing/tests/ikev2/rw-eap-tnc-20/evaltest.dat | 21 - .../ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.conf | 23 - .../rw-eap-tnc-20/hosts/carol/etc/ipsec.secrets | 3 - .../rw-eap-tnc-20/hosts/carol/etc/strongswan.conf | 11 - .../hosts/carol/etc/tnc/dummyimc.file | 1 - .../hosts/carol/etc/tnc/log4cxx.properties | 15 - .../ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc_config | 4 - .../ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.conf | 23 - .../rw-eap-tnc-20/hosts/dave/etc/ipsec.secrets | 3 - .../rw-eap-tnc-20/hosts/dave/etc/strongswan.conf | 11 - .../rw-eap-tnc-20/hosts/dave/etc/tnc/dummyimc.file | 1 - .../hosts/dave/etc/tnc/log4cxx.properties | 15 - .../ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc_config | 4 - .../ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.conf | 36 - .../rw-eap-tnc-20/hosts/moon/etc/ipsec.secrets | 6 - .../rw-eap-tnc-20/hosts/moon/etc/strongswan.conf | 16 - .../hosts/moon/etc/tnc/dummyimv.policy | 1 - .../hosts/moon/etc/tnc/hostscannerimv.policy | 40 - .../hosts/moon/etc/tnc/log4cxx.properties | 15 - .../ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc_config | 4 - testing/tests/ikev2/rw-eap-tnc-20/posttest.dat | 6 - testing/tests/ikev2/rw-eap-tnc-20/pretest.dat | 15 - testing/tests/ikev2/rw-eap-tnc-20/test.conf | 26 - .../tests/ikev2/rw-eap-tnc-dynamic/description.txt | 12 - .../tests/ikev2/rw-eap-tnc-dynamic/evaltest.dat | 29 - .../rw-eap-tnc-dynamic/hosts/carol/etc/ipsec.conf | 23 - .../hosts/carol/etc/ipsec.secrets | 3 - .../hosts/carol/etc/strongswan.conf | 11 - .../hosts/carol/etc/tnc/dummyimc.file | 1 - .../rw-eap-tnc-dynamic/hosts/carol/etc/tnc_config | 4 - .../rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.conf | 23 - .../hosts/dave/etc/ipsec.secrets | 3 - .../hosts/dave/etc/strongswan.conf | 11 - .../hosts/dave/etc/tnc/dummyimc.file | 1 - .../rw-eap-tnc-dynamic/hosts/dave/etc/tnc_config | 4 - .../rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.conf | 36 - .../hosts/moon/etc/ipsec.secrets | 6 - .../hosts/moon/etc/strongswan.conf | 16 - .../hosts/moon/etc/tnc/dummyimv.policy | 1 - .../rw-eap-tnc-dynamic/hosts/moon/etc/tnc_config | 4 - .../tests/ikev2/rw-eap-tnc-dynamic/posttest.dat | 6 - testing/tests/ikev2/rw-eap-tnc-dynamic/pretest.dat | 15 - testing/tests/ikev2/rw-eap-tnc-dynamic/test.conf | 26 - .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/rw-pkcs8/description.txt | 10 + testing/tests/ikev2/rw-pkcs8/evaltest.dat | 10 + .../ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf | 23 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 29 + .../ikev2/rw-pkcs8/hosts/carol/etc/ipsec.secrets | 3 + .../ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf | 5 + .../tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf | 23 + .../hosts/dave/etc/ipsec.d/private/daveKey.pem | 30 + .../ikev2/rw-pkcs8/hosts/dave/etc/ipsec.secrets | 3 + .../ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf | 5 + .../tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf | 22 + .../hosts/moon/etc/ipsec.d/private/moonKey.pem | 28 + .../ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf | 5 + testing/tests/ikev2/rw-pkcs8/posttest.dat | 6 + testing/tests/ikev2/rw-pkcs8/pretest.dat | 9 + testing/tests/ikev2/rw-pkcs8/test.conf | 21 + .../ikev2/rw-radius-accounting/description.txt | 14 + .../tests/ikev2/rw-radius-accounting/evaltest.dat | 15 + .../hosts/alice/etc/raddb/clients.conf | 4 + .../hosts/alice/etc/raddb/eap.conf | 5 + .../hosts/alice/etc/raddb/proxy.conf | 5 + .../hosts/alice/etc/raddb/radiusd.conf | 120 ++ .../hosts/alice/etc/raddb/sites-available/default | 43 + .../hosts/alice/etc/raddb/users | 1 + .../hosts/carol/etc/ipsec.conf | 24 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 5 + .../hosts/moon/etc/init.d/iptables | 88 + .../rw-radius-accounting/hosts/moon/etc/ipsec.conf | 26 + .../hosts/moon/etc/ipsec.secrets | 3 + .../hosts/moon/etc/strongswan.conf | 12 + .../tests/ikev2/rw-radius-accounting/posttest.dat | 7 + .../tests/ikev2/rw-radius-accounting/pretest.dat | 9 + testing/tests/ikev2/rw-radius-accounting/test.conf | 26 + testing/tests/ikev2/shunt-policies/description.txt | 11 + testing/tests/ikev2/shunt-policies/evaltest.dat | 16 + .../shunt-policies/hosts/moon/etc/init.d/iptables | 84 + .../ikev2/shunt-policies/hosts/moon/etc/ipsec.conf | 43 + .../shunt-policies/hosts/moon/etc/strongswan.conf | 7 + .../ikev2/shunt-policies/hosts/sun/etc/ipsec.conf | 25 + .../shunt-policies/hosts/sun/etc/strongswan.conf | 6 + testing/tests/ikev2/shunt-policies/posttest.dat | 5 + testing/tests/ikev2/shunt-policies/pretest.dat | 6 + testing/tests/ikev2/shunt-policies/test.conf | 21 + .../tests/ikev2/strong-keys-certs/description.txt | 2 +- .../carol/etc/ipsec.d/certs/carolCert-sha384.pem | 34 +- .../carol/etc/ipsec.d/private/carolKey-aes192.pem | 52 +- .../dave/etc/ipsec.d/certs/daveCert-sha512.pem | 34 +- .../dave/etc/ipsec.d/private/daveKey-aes256.pem | 52 +- .../strong-keys-certs/hosts/moon/etc/ipsec.conf | 2 +- .../moon/etc/ipsec.d/certs/moonCert-sha224.pem | 25 + .../moon/etc/ipsec.d/certs/moonCert-sha256.pem | 25 - .../moon/etc/ipsec.d/private/moonKey-aes128.pem | 52 +- .../alg-ecp-high/hosts/dave/etc/strongswan.conf | 2 +- .../alg-ecp-low/hosts/dave/etc/strongswan.conf | 2 +- .../alg-ecp-high/hosts/dave/etc/strongswan.conf | 2 +- .../alg-ecp-low/hosts/dave/etc/strongswan.conf | 2 +- .../openssl-ikev2/ecdsa-pkcs8/description.txt | 14 + .../tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat | 14 + .../ecdsa-pkcs8/hosts/carol/etc/ipsec.conf | 23 + .../carol/etc/ipsec.d/cacerts/strongswanCert.pem | 17 + .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 18 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 6 + .../ecdsa-pkcs8/hosts/carol/etc/ipsec.secrets | 3 + .../ecdsa-pkcs8/hosts/carol/etc/strongswan.conf | 5 + .../ecdsa-pkcs8/hosts/dave/etc/ipsec.conf | 23 + .../dave/etc/ipsec.d/cacerts/strongswanCert.pem | 17 + .../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 19 + .../hosts/dave/etc/ipsec.d/private/daveKey.pem | 8 + .../ecdsa-pkcs8/hosts/dave/etc/ipsec.secrets | 3 + .../ecdsa-pkcs8/hosts/dave/etc/strongswan.conf | 5 + .../ecdsa-pkcs8/hosts/moon/etc/ipsec.conf | 22 + .../moon/etc/ipsec.d/cacerts/strongswanCert.pem | 17 + .../hosts/moon/etc/ipsec.d/certs/moonCert.pem | 20 + .../hosts/moon/etc/ipsec.d/private/moonKey.pem | 8 + .../ecdsa-pkcs8/hosts/moon/etc/ipsec.secrets | 3 + .../ecdsa-pkcs8/hosts/moon/etc/strongswan.conf | 5 + .../tests/openssl-ikev2/ecdsa-pkcs8/posttest.dat | 6 + .../tests/openssl-ikev2/ecdsa-pkcs8/pretest.dat | 9 + testing/tests/openssl-ikev2/ecdsa-pkcs8/test.conf | 21 + .../rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../rw-cert/hosts/moon/etc/strongswan.conf | 2 +- .../openssl-ikev2/rw-eap-tls-only/evaltest.dat | 2 +- testing/tests/pfkey/shunt-policies/description.txt | 11 + testing/tests/pfkey/shunt-policies/evaltest.dat | 16 + .../shunt-policies/hosts/moon/etc/init.d/iptables | 84 + .../pfkey/shunt-policies/hosts/moon/etc/ipsec.conf | 43 + .../shunt-policies/hosts/moon/etc/strongswan.conf | 7 + .../pfkey/shunt-policies/hosts/sun/etc/ipsec.conf | 25 + .../shunt-policies/hosts/sun/etc/strongswan.conf | 6 + testing/tests/pfkey/shunt-policies/posttest.dat | 5 + testing/tests/pfkey/shunt-policies/pretest.dat | 6 + testing/tests/pfkey/shunt-policies/test.conf | 21 + .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../sql/ip-pool-db/hosts/carol/etc/strongswan.conf | 2 +- .../sql/ip-pool-db/hosts/dave/etc/strongswan.conf | 2 +- .../sql/ip-pool-db/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../multi-level-ca/hosts/carol/etc/strongswan.conf | 2 +- .../multi-level-ca/hosts/dave/etc/strongswan.conf | 2 +- .../multi-level-ca/hosts/moon/etc/strongswan.conf | 2 +- .../net2net-cert/hosts/moon/etc/strongswan.conf | 2 +- .../sql/net2net-cert/hosts/sun/etc/strongswan.conf | 2 +- .../sql/net2net-psk/hosts/moon/etc/strongswan.conf | 2 +- .../sql/net2net-psk/hosts/sun/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/sun/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../hosts/sun/etc/strongswan.conf | 2 +- .../sql/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- .../sql/rw-cert/hosts/dave/etc/strongswan.conf | 2 +- .../sql/rw-cert/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/sql/rw-eap-aka-rsa/description.txt | 2 +- .../rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf | 2 +- .../rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf | 2 +- .../rw-psk-ipv4/hosts/carol/etc/strongswan.conf | 2 +- .../sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf | 2 +- .../sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf | 2 +- .../rw-psk-ipv6/hosts/carol/etc/strongswan.conf | 2 +- .../sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf | 2 +- .../sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf | 2 +- .../hosts/carol/etc/strongswan.conf | 2 +- .../hosts/dave/etc/strongswan.conf | 2 +- .../hosts/moon/etc/strongswan.conf | 2 +- .../rw-rsa-keyid/hosts/carol/etc/strongswan.conf | 2 +- .../rw-rsa-keyid/hosts/dave/etc/strongswan.conf | 2 +- .../rw-rsa-keyid/hosts/moon/etc/strongswan.conf | 2 +- .../sql/rw-rsa/hosts/carol/etc/strongswan.conf | 2 +- .../sql/rw-rsa/hosts/dave/etc/strongswan.conf | 2 +- .../sql/rw-rsa/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/sql/shunt-policies/description.txt | 11 + testing/tests/sql/shunt-policies/evaltest.dat | 16 + .../shunt-policies/hosts/moon/etc/init.d/iptables | 84 + .../sql/shunt-policies/hosts/moon/etc/ipsec.conf | 8 + .../shunt-policies/hosts/moon/etc/ipsec.d/data.sql | 227 +++ .../shunt-policies/hosts/moon/etc/ipsec.secrets | 3 + .../shunt-policies/hosts/moon/etc/strongswan.conf | 11 + .../sql/shunt-policies/hosts/sun/etc/ipsec.conf | 8 + .../shunt-policies/hosts/sun/etc/ipsec.d/data.sql | 152 ++ .../sql/shunt-policies/hosts/sun/etc/ipsec.secrets | 3 + .../shunt-policies/hosts/sun/etc/strongswan.conf | 10 + testing/tests/sql/shunt-policies/posttest.dat | 6 + testing/tests/sql/shunt-policies/pretest.dat | 12 + testing/tests/sql/shunt-policies/test.conf | 21 + testing/tests/tnc/tnccs-11-fhh/description.txt | 13 + testing/tests/tnc/tnccs-11-fhh/evaltest.dat | 19 + .../tnc/tnccs-11-fhh/hosts/carol/etc/ipsec.conf | 23 + .../tnc/tnccs-11-fhh/hosts/carol/etc/ipsec.secrets | 3 + .../tnccs-11-fhh/hosts/carol/etc/strongswan.conf | 6 + .../tnccs-11-fhh/hosts/carol/etc/tnc/dummyimc.file | 1 + .../hosts/carol/etc/tnc/log4cxx.properties | 15 + .../tnc/tnccs-11-fhh/hosts/carol/etc/tnc_config | 4 + .../tnc/tnccs-11-fhh/hosts/dave/etc/ipsec.conf | 23 + .../tnc/tnccs-11-fhh/hosts/dave/etc/ipsec.secrets | 3 + .../tnccs-11-fhh/hosts/dave/etc/strongswan.conf | 6 + .../tnccs-11-fhh/hosts/dave/etc/tnc/dummyimc.file | 1 + .../hosts/dave/etc/tnc/log4cxx.properties | 15 + .../tnc/tnccs-11-fhh/hosts/dave/etc/tnc_config | 4 + .../tnc/tnccs-11-fhh/hosts/moon/etc/ipsec.conf | 36 + .../tnc/tnccs-11-fhh/hosts/moon/etc/ipsec.secrets | 6 + .../tnccs-11-fhh/hosts/moon/etc/strongswan.conf | 13 + .../hosts/moon/etc/tnc/dummyimv.policy | 1 + .../hosts/moon/etc/tnc/hostscannerimv.policy | 40 + .../hosts/moon/etc/tnc/log4cxx.properties | 15 + .../tnc/tnccs-11-fhh/hosts/moon/etc/tnc_config | 4 + testing/tests/tnc/tnccs-11-fhh/posttest.dat | 6 + testing/tests/tnc/tnccs-11-fhh/pretest.dat | 15 + testing/tests/tnc/tnccs-11-fhh/test.conf | 26 + .../tnc/tnccs-11-radius-block/description.txt | 14 + .../tests/tnc/tnccs-11-radius-block/evaltest.dat | 14 + .../hosts/alice/etc/raddb/clients.conf | 4 + .../hosts/alice/etc/raddb/dictionary | 2 + .../hosts/alice/etc/raddb/dictionary.tnc | 5 + .../hosts/alice/etc/raddb/eap.conf | 25 + .../hosts/alice/etc/raddb/proxy.conf | 5 + .../hosts/alice/etc/raddb/radiusd.conf | 120 ++ .../hosts/alice/etc/raddb/sites-available/default | 44 + .../alice/etc/raddb/sites-available/inner-tunnel | 32 + .../etc/raddb/sites-available/inner-tunnel-second | 23 + .../hosts/alice/etc/raddb/users | 2 + .../hosts/alice/etc/strongswan.conf | 11 + .../hosts/alice/etc/tnc/log4cxx.properties | 15 + .../hosts/alice/etc/tnc_config | 4 + .../hosts/carol/etc/ipsec.conf | 24 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 14 + .../hosts/carol/etc/tnc_config | 4 + .../hosts/dave/etc/ipsec.conf | 24 + .../hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 6 + .../hosts/dave/etc/tnc_config | 4 + .../hosts/moon/etc/init.d/iptables | 84 + .../hosts/moon/etc/ipsec.conf | 25 + .../hosts/moon/etc/ipsec.secrets | 3 + .../hosts/moon/etc/strongswan.conf | 12 + .../tests/tnc/tnccs-11-radius-block/posttest.dat | 9 + .../tests/tnc/tnccs-11-radius-block/pretest.dat | 14 + testing/tests/tnc/tnccs-11-radius-block/test.conf | 26 + testing/tests/tnc/tnccs-11-radius/description.txt | 13 + testing/tests/tnc/tnccs-11-radius/evaltest.dat | 19 + .../hosts/alice/etc/raddb/clients.conf | 4 + .../hosts/alice/etc/raddb/dictionary | 2 + .../hosts/alice/etc/raddb/dictionary.tnc | 5 + .../tnccs-11-radius/hosts/alice/etc/raddb/eap.conf | 25 + .../hosts/alice/etc/raddb/proxy.conf | 5 + .../hosts/alice/etc/raddb/radiusd.conf | 120 ++ .../hosts/alice/etc/raddb/sites-available/default | 44 + .../alice/etc/raddb/sites-available/inner-tunnel | 32 + .../etc/raddb/sites-available/inner-tunnel-second | 36 + .../tnccs-11-radius/hosts/alice/etc/raddb/users | 2 + .../hosts/alice/etc/strongswan.conf | 15 + .../hosts/alice/etc/tnc/log4cxx.properties | 15 + .../tnc/tnccs-11-radius/hosts/alice/etc/tnc_config | 4 + .../tnc/tnccs-11-radius/hosts/carol/etc/ipsec.conf | 24 + .../tnccs-11-radius/hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 14 + .../tnc/tnccs-11-radius/hosts/carol/etc/tnc_config | 4 + .../tnc/tnccs-11-radius/hosts/dave/etc/ipsec.conf | 24 + .../tnccs-11-radius/hosts/dave/etc/ipsec.secrets | 3 + .../tnccs-11-radius/hosts/dave/etc/strongswan.conf | 14 + .../tnc/tnccs-11-radius/hosts/dave/etc/tnc_config | 4 + .../tnccs-11-radius/hosts/moon/etc/init.d/iptables | 84 + .../tnc/tnccs-11-radius/hosts/moon/etc/ipsec.conf | 35 + .../tnccs-11-radius/hosts/moon/etc/ipsec.secrets | 3 + .../tnccs-11-radius/hosts/moon/etc/strongswan.conf | 13 + testing/tests/tnc/tnccs-11-radius/posttest.dat | 8 + testing/tests/tnc/tnccs-11-radius/pretest.dat | 16 + testing/tests/tnc/tnccs-11-radius/test.conf | 26 + testing/tests/tnc/tnccs-11/description.txt | 11 + testing/tests/tnc/tnccs-11/evaltest.dat | 19 + .../tests/tnc/tnccs-11/hosts/carol/etc/ipsec.conf | 23 + .../tnc/tnccs-11/hosts/carol/etc/ipsec.secrets | 3 + .../tnc/tnccs-11/hosts/carol/etc/strongswan.conf | 14 + .../tests/tnc/tnccs-11/hosts/carol/etc/tnc_config | 4 + .../tests/tnc/tnccs-11/hosts/dave/etc/ipsec.conf | 23 + .../tnc/tnccs-11/hosts/dave/etc/ipsec.secrets | 3 + .../tnc/tnccs-11/hosts/dave/etc/strongswan.conf | 14 + .../tests/tnc/tnccs-11/hosts/dave/etc/tnc_config | 4 + .../tests/tnc/tnccs-11/hosts/moon/etc/ipsec.conf | 36 + .../tnc/tnccs-11/hosts/moon/etc/ipsec.secrets | 6 + .../tnc/tnccs-11/hosts/moon/etc/strongswan.conf | 26 + .../tests/tnc/tnccs-11/hosts/moon/etc/tnc_config | 4 + testing/tests/tnc/tnccs-11/posttest.dat | 6 + testing/tests/tnc/tnccs-11/pretest.dat | 13 + testing/tests/tnc/tnccs-11/test.conf | 26 + testing/tests/tnc/tnccs-20-block/description.txt | 12 + testing/tests/tnc/tnccs-20-block/evaltest.dat | 12 + .../tnc/tnccs-20-block/hosts/carol/etc/ipsec.conf | 23 + .../tnccs-20-block/hosts/carol/etc/ipsec.secrets | 3 + .../tnccs-20-block/hosts/carol/etc/strongswan.conf | 22 + .../tnc/tnccs-20-block/hosts/carol/etc/tnc_config | 4 + .../tnc/tnccs-20-block/hosts/dave/etc/ipsec.conf | 23 + .../tnccs-20-block/hosts/dave/etc/ipsec.secrets | 3 + .../tnccs-20-block/hosts/dave/etc/strongswan.conf | 14 + .../tnc/tnccs-20-block/hosts/dave/etc/tnc_config | 4 + .../tnc/tnccs-20-block/hosts/moon/etc/ipsec.conf | 26 + .../tnccs-20-block/hosts/moon/etc/ipsec.secrets | 6 + .../tnccs-20-block/hosts/moon/etc/strongswan.conf | 29 + .../tnc/tnccs-20-block/hosts/moon/etc/tnc_config | 4 + testing/tests/tnc/tnccs-20-block/posttest.dat | 7 + testing/tests/tnc/tnccs-20-block/pretest.dat | 14 + testing/tests/tnc/tnccs-20-block/test.conf | 26 + .../tnc/tnccs-20-client-retry/description.txt | 13 + .../tests/tnc/tnccs-20-client-retry/evaltest.dat | 19 + .../hosts/carol/etc/ipsec.conf | 23 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 21 + .../hosts/carol/etc/tnc_config | 4 + .../hosts/dave/etc/ipsec.conf | 23 + .../hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 23 + .../hosts/dave/etc/tnc_config | 4 + .../hosts/moon/etc/ipsec.conf | 36 + .../hosts/moon/etc/ipsec.secrets | 6 + .../hosts/moon/etc/strongswan.conf | 29 + .../hosts/moon/etc/tnc_config | 4 + .../tests/tnc/tnccs-20-client-retry/posttest.dat | 6 + .../tests/tnc/tnccs-20-client-retry/pretest.dat | 13 + testing/tests/tnc/tnccs-20-client-retry/test.conf | 26 + testing/tests/tnc/tnccs-20-fhh/description.txt | 13 + testing/tests/tnc/tnccs-20-fhh/evaltest.dat | 19 + .../tnc/tnccs-20-fhh/hosts/carol/etc/ipsec.conf | 23 + .../tnc/tnccs-20-fhh/hosts/carol/etc/ipsec.secrets | 3 + .../tnccs-20-fhh/hosts/carol/etc/strongswan.conf | 11 + .../tnccs-20-fhh/hosts/carol/etc/tnc/dummyimc.file | 1 + .../hosts/carol/etc/tnc/log4cxx.properties | 15 + .../tnc/tnccs-20-fhh/hosts/carol/etc/tnc_config | 3 + .../tnc/tnccs-20-fhh/hosts/dave/etc/ipsec.conf | 23 + .../tnc/tnccs-20-fhh/hosts/dave/etc/ipsec.secrets | 3 + .../tnccs-20-fhh/hosts/dave/etc/strongswan.conf | 11 + .../tnccs-20-fhh/hosts/dave/etc/tnc/dummyimc.file | 1 + .../hosts/dave/etc/tnc/log4cxx.properties | 15 + .../tnc/tnccs-20-fhh/hosts/dave/etc/tnc_config | 3 + .../tnc/tnccs-20-fhh/hosts/moon/etc/ipsec.conf | 36 + .../tnc/tnccs-20-fhh/hosts/moon/etc/ipsec.secrets | 6 + .../tnccs-20-fhh/hosts/moon/etc/strongswan.conf | 16 + .../hosts/moon/etc/tnc/dummyimv.policy | 1 + .../hosts/moon/etc/tnc/hostscannerimv.policy | 40 + .../hosts/moon/etc/tnc/log4cxx.properties | 15 + .../tnc/tnccs-20-fhh/hosts/moon/etc/tnc_config | 3 + testing/tests/tnc/tnccs-20-fhh/posttest.dat | 6 + testing/tests/tnc/tnccs-20-fhh/pretest.dat | 16 + testing/tests/tnc/tnccs-20-fhh/test.conf | 26 + testing/tests/tnc/tnccs-20-pdp/description.txt | 12 + testing/tests/tnc/tnccs-20-pdp/evaltest.dat | 19 + .../tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.conf | 10 + .../hosts/alice/etc/ipsec.d/certs/aaaCert.pem | 25 + .../hosts/alice/etc/ipsec.d/private/aaaKey.pem | 27 + .../tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets | 6 + .../tnccs-20-pdp/hosts/alice/etc/strongswan.conf | 33 + .../tnc/tnccs-20-pdp/hosts/alice/etc/tnc_config | 4 + .../tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf | 24 + .../tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets | 3 + .../tnccs-20-pdp/hosts/carol/etc/strongswan.conf | 18 + .../tnc/tnccs-20-pdp/hosts/carol/etc/tnc_config | 4 + .../tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf | 24 + .../tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets | 3 + .../tnccs-20-pdp/hosts/dave/etc/strongswan.conf | 18 + .../tnc/tnccs-20-pdp/hosts/dave/etc/tnc_config | 4 + .../tnccs-20-pdp/hosts/moon/etc/init.d/iptables | 84 + .../tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf | 35 + .../tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.secrets | 3 + .../tnccs-20-pdp/hosts/moon/etc/strongswan.conf | 14 + testing/tests/tnc/tnccs-20-pdp/posttest.dat | 7 + testing/tests/tnc/tnccs-20-pdp/pretest.dat | 14 + testing/tests/tnc/tnccs-20-pdp/test.conf | 26 + .../tnc/tnccs-20-server-retry/description.txt | 13 + .../tests/tnc/tnccs-20-server-retry/evaltest.dat | 19 + .../hosts/carol/etc/ipsec.conf | 23 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/carol/etc/strongswan.conf | 20 + .../hosts/carol/etc/tnc_config | 4 + .../hosts/dave/etc/ipsec.conf | 23 + .../hosts/dave/etc/ipsec.secrets | 3 + .../hosts/dave/etc/strongswan.conf | 23 + .../hosts/dave/etc/tnc_config | 4 + .../hosts/moon/etc/ipsec.conf | 36 + .../hosts/moon/etc/ipsec.secrets | 6 + .../hosts/moon/etc/strongswan.conf | 29 + .../hosts/moon/etc/tnc_config | 4 + .../tests/tnc/tnccs-20-server-retry/posttest.dat | 6 + .../tests/tnc/tnccs-20-server-retry/pretest.dat | 13 + testing/tests/tnc/tnccs-20-server-retry/test.conf | 26 + testing/tests/tnc/tnccs-20-tls/description.txt | 11 + testing/tests/tnc/tnccs-20-tls/evaltest.dat | 19 + .../tnc/tnccs-20-tls/hosts/carol/etc/ipsec.conf | 24 + .../tnccs-20-tls/hosts/carol/etc/strongswan.conf | 19 + .../tnc/tnccs-20-tls/hosts/carol/etc/tnc_config | 4 + .../tnc/tnccs-20-tls/hosts/dave/etc/ipsec.conf | 24 + .../tnccs-20-tls/hosts/dave/etc/strongswan.conf | 19 + .../tnc/tnccs-20-tls/hosts/dave/etc/tnc_config | 4 + .../tnc/tnccs-20-tls/hosts/moon/etc/ipsec.conf | 36 + .../tnc/tnccs-20-tls/hosts/moon/etc/ipsec.secrets | 6 + .../tnccs-20-tls/hosts/moon/etc/strongswan.conf | 26 + .../tnc/tnccs-20-tls/hosts/moon/etc/tnc_config | 4 + testing/tests/tnc/tnccs-20-tls/posttest.dat | 6 + testing/tests/tnc/tnccs-20-tls/pretest.dat | 13 + testing/tests/tnc/tnccs-20-tls/test.conf | 26 + testing/tests/tnc/tnccs-20/description.txt | 12 + testing/tests/tnc/tnccs-20/evaltest.dat | 19 + .../tests/tnc/tnccs-20/hosts/carol/etc/ipsec.conf | 23 + .../tnc/tnccs-20/hosts/carol/etc/ipsec.secrets | 3 + .../tnc/tnccs-20/hosts/carol/etc/strongswan.conf | 20 + .../tests/tnc/tnccs-20/hosts/carol/etc/tnc_config | 4 + .../tests/tnc/tnccs-20/hosts/dave/etc/ipsec.conf | 23 + .../tnc/tnccs-20/hosts/dave/etc/ipsec.secrets | 3 + .../tnc/tnccs-20/hosts/dave/etc/strongswan.conf | 23 + .../tests/tnc/tnccs-20/hosts/dave/etc/tnc_config | 4 + .../tests/tnc/tnccs-20/hosts/moon/etc/ipsec.conf | 36 + .../tnc/tnccs-20/hosts/moon/etc/ipsec.secrets | 6 + .../tnc/tnccs-20/hosts/moon/etc/strongswan.conf | 29 + .../tests/tnc/tnccs-20/hosts/moon/etc/tnc_config | 4 + testing/tests/tnc/tnccs-20/posttest.dat | 6 + testing/tests/tnc/tnccs-20/pretest.dat | 13 + testing/tests/tnc/tnccs-20/test.conf | 26 + testing/tests/tnc/tnccs-dynamic/description.txt | 12 + testing/tests/tnc/tnccs-dynamic/evaltest.dat | 27 + .../tnc/tnccs-dynamic/hosts/carol/etc/ipsec.conf | 23 + .../tnccs-dynamic/hosts/carol/etc/ipsec.secrets | 3 + .../tnccs-dynamic/hosts/carol/etc/strongswan.conf | 23 + .../tnc/tnccs-dynamic/hosts/carol/etc/tnc_config | 4 + .../tnc/tnccs-dynamic/hosts/dave/etc/ipsec.conf | 23 + .../tnc/tnccs-dynamic/hosts/dave/etc/ipsec.secrets | 3 + .../tnccs-dynamic/hosts/dave/etc/strongswan.conf | 23 + .../tnc/tnccs-dynamic/hosts/dave/etc/tnc_config | 4 + .../tnc/tnccs-dynamic/hosts/moon/etc/ipsec.conf | 36 + .../tnc/tnccs-dynamic/hosts/moon/etc/ipsec.secrets | 6 + .../tnccs-dynamic/hosts/moon/etc/strongswan.conf | 30 + .../tnc/tnccs-dynamic/hosts/moon/etc/tnc_config | 4 + testing/tests/tnc/tnccs-dynamic/posttest.dat | 6 + testing/tests/tnc/tnccs-dynamic/pretest.dat | 13 + testing/tests/tnc/tnccs-dynamic/test.conf | 26 + ylwrap | 222 +++ 1772 files changed, 90608 insertions(+), 26193 deletions(-) create mode 100644 scripts/tls_test.c delete mode 100644 src/include/linux/jhash.h create mode 100644 src/ipsec/Android.mk create mode 100644 src/libcharon/network/socket.c create mode 100644 src/libcharon/plugins/certexpire/Makefile.am create mode 100644 src/libcharon/plugins/certexpire/Makefile.in create mode 100644 src/libcharon/plugins/certexpire/certexpire_cron.c create mode 100644 src/libcharon/plugins/certexpire/certexpire_cron.h create mode 100644 src/libcharon/plugins/certexpire/certexpire_export.c create mode 100644 src/libcharon/plugins/certexpire/certexpire_export.h create mode 100644 src/libcharon/plugins/certexpire/certexpire_listener.c create mode 100644 src/libcharon/plugins/certexpire/certexpire_listener.h create mode 100644 src/libcharon/plugins/certexpire/certexpire_plugin.c create mode 100644 src/libcharon/plugins/certexpire/certexpire_plugin.h create mode 100644 src/libcharon/plugins/eap_radius/eap_radius_accounting.c create mode 100644 src/libcharon/plugins/eap_radius/eap_radius_accounting.h create mode 100644 src/libcharon/plugins/eap_radius/eap_radius_dae.c create mode 100644 src/libcharon/plugins/eap_radius/eap_radius_dae.h create mode 100644 src/libcharon/plugins/eap_radius/eap_radius_forward.c create mode 100644 src/libcharon/plugins/eap_radius/eap_radius_forward.h delete mode 100644 src/libcharon/plugins/eap_radius/radius_client.c delete mode 100644 src/libcharon/plugins/eap_radius/radius_client.h delete mode 100644 src/libcharon/plugins/eap_radius/radius_message.c delete mode 100644 src/libcharon/plugins/eap_radius/radius_message.h delete mode 100644 src/libcharon/plugins/eap_radius/radius_server.c delete mode 100644 src/libcharon/plugins/eap_radius/radius_server.h delete mode 100644 src/libcharon/plugins/eap_radius/radius_socket.c delete mode 100644 src/libcharon/plugins/eap_radius/radius_socket.h create mode 100644 src/libcharon/plugins/radattr/Makefile.am create mode 100644 src/libcharon/plugins/radattr/Makefile.in create mode 100644 src/libcharon/plugins/radattr/radattr_listener.c create mode 100644 src/libcharon/plugins/radattr/radattr_listener.h create mode 100644 src/libcharon/plugins/radattr/radattr_plugin.c create mode 100644 src/libcharon/plugins/radattr/radattr_plugin.h create mode 100644 src/libcharon/plugins/tnc_ifmap/Makefile.am create mode 100644 src/libcharon/plugins/tnc_ifmap/Makefile.in create mode 100644 src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c create mode 100644 src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.h create mode 100644 src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.c create mode 100644 src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.h create mode 100644 src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c create mode 100644 src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h create mode 100644 src/libcharon/plugins/tnc_pdp/Makefile.am create mode 100644 src/libcharon/plugins/tnc_pdp/Makefile.in create mode 100644 src/libcharon/plugins/tnc_pdp/tnc_pdp.c create mode 100644 src/libcharon/plugins/tnc_pdp/tnc_pdp.h create mode 100644 src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c create mode 100644 src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.h create mode 100644 src/libcharon/plugins/tnc_pdp/tnc_pdp_plugin.c create mode 100644 src/libcharon/plugins/tnc_pdp/tnc_pdp_plugin.h create mode 100644 src/libcharon/plugins/tnc_tnccs/Makefile.am create mode 100644 src/libcharon/plugins/tnc_tnccs/Makefile.in create mode 100644 src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c create mode 100644 src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.h create mode 100644 src/libcharon/plugins/tnc_tnccs/tnc_tnccs_plugin.c create mode 100644 src/libcharon/plugins/tnc_tnccs/tnc_tnccs_plugin.h delete mode 100644 src/libcharon/sa/authenticators/eap/sim_card.h delete mode 100644 src/libcharon/sa/authenticators/eap/sim_hooks.h delete mode 100644 src/libcharon/sa/authenticators/eap/sim_manager.c delete mode 100644 src/libcharon/sa/authenticators/eap/sim_manager.h delete mode 100644 src/libcharon/sa/authenticators/eap/sim_provider.h create mode 100644 src/libcharon/sa/shunt_manager.c create mode 100644 src/libcharon/sa/shunt_manager.h delete mode 100644 src/libcharon/tnc/imc/imc.h delete mode 100644 src/libcharon/tnc/imc/imc_manager.h delete mode 100644 src/libcharon/tnc/imv/imv.h delete mode 100644 src/libcharon/tnc/imv/imv_manager.h delete mode 100644 src/libcharon/tnc/imv/imv_recommendations.c delete mode 100644 src/libcharon/tnc/imv/imv_recommendations.h delete mode 100644 src/libcharon/tnc/tnccs/tnccs.c delete mode 100644 src/libcharon/tnc/tnccs/tnccs.h delete mode 100644 src/libcharon/tnc/tnccs/tnccs_manager.c delete mode 100644 src/libcharon/tnc/tnccs/tnccs_manager.h delete mode 100644 src/libcharon/tnc/tncif.h delete mode 100644 src/libcharon/tnc/tncifimc.h delete mode 100644 src/libcharon/tnc/tncifimv.c delete mode 100644 src/libcharon/tnc/tncifimv.h create mode 100644 src/libfreeswan/Android.mk create mode 100644 src/libhydra/kernel/kernel_net.c create mode 100644 src/libimcv/Makefile.am create mode 100644 src/libimcv/Makefile.in create mode 100644 src/libimcv/ietf/ietf_attr.c create mode 100644 src/libimcv/ietf/ietf_attr.h create mode 100644 src/libimcv/ietf/ietf_attr_pa_tnc_error.c create mode 100644 src/libimcv/ietf/ietf_attr_pa_tnc_error.h create mode 100644 src/libimcv/ietf/ietf_attr_port_filter.c create mode 100644 src/libimcv/ietf/ietf_attr_port_filter.h create mode 100644 src/libimcv/ietf/ietf_attr_product_info.c create mode 100644 src/libimcv/ietf/ietf_attr_product_info.h create mode 100644 src/libimcv/imc/imc_agent.c create mode 100644 src/libimcv/imc/imc_agent.h create mode 100644 src/libimcv/imc/imc_state.h create mode 100644 src/libimcv/imcv.c create mode 100644 src/libimcv/imcv.h create mode 100644 src/libimcv/imv/imv_agent.c create mode 100644 src/libimcv/imv/imv_agent.h create mode 100644 src/libimcv/imv/imv_state.h create mode 100644 src/libimcv/ita/ita_attr.c create mode 100644 src/libimcv/ita/ita_attr.h create mode 100644 src/libimcv/ita/ita_attr_command.c create mode 100644 src/libimcv/ita/ita_attr_command.h create mode 100644 src/libimcv/pa_tnc/pa_tnc_attr.h create mode 100644 src/libimcv/pa_tnc/pa_tnc_attr_manager.c create mode 100644 src/libimcv/pa_tnc/pa_tnc_attr_manager.h create mode 100644 src/libimcv/pa_tnc/pa_tnc_msg.c create mode 100644 src/libimcv/pa_tnc/pa_tnc_msg.h create mode 100644 src/libimcv/plugins/imc_scanner/Makefile.am create mode 100644 src/libimcv/plugins/imc_scanner/Makefile.in create mode 100644 src/libimcv/plugins/imc_scanner/imc_scanner.c create mode 100644 src/libimcv/plugins/imc_scanner/imc_scanner_state.c create mode 100644 src/libimcv/plugins/imc_scanner/imc_scanner_state.h create mode 100644 src/libimcv/plugins/imc_test/Makefile.am create mode 100644 src/libimcv/plugins/imc_test/Makefile.in create mode 100644 src/libimcv/plugins/imc_test/imc_test.c create mode 100644 src/libimcv/plugins/imc_test/imc_test_state.c create mode 100644 src/libimcv/plugins/imc_test/imc_test_state.h create mode 100644 src/libimcv/plugins/imv_scanner/Makefile.am create mode 100644 src/libimcv/plugins/imv_scanner/Makefile.in create mode 100644 src/libimcv/plugins/imv_scanner/imv_scanner.c create mode 100644 src/libimcv/plugins/imv_scanner/imv_scanner_state.c create mode 100644 src/libimcv/plugins/imv_scanner/imv_scanner_state.h create mode 100644 src/libimcv/plugins/imv_test/Makefile.am create mode 100644 src/libimcv/plugins/imv_test/Makefile.in create mode 100644 src/libimcv/plugins/imv_test/imv_test.c create mode 100644 src/libimcv/plugins/imv_test/imv_test_state.c create mode 100644 src/libimcv/plugins/imv_test/imv_test_state.h create mode 100644 src/libpts/Makefile.am create mode 100644 src/libpts/Makefile.in create mode 100644 src/libpts/libpts.c create mode 100644 src/libpts/libpts.h create mode 100644 src/libpts/plugins/imc_attestation/Makefile.am create mode 100644 src/libpts/plugins/imc_attestation/Makefile.in create mode 100644 src/libpts/plugins/imc_attestation/imc_attestation.c create mode 100644 src/libpts/plugins/imc_attestation/imc_attestation_process.c create mode 100644 src/libpts/plugins/imc_attestation/imc_attestation_process.h create mode 100644 src/libpts/plugins/imc_attestation/imc_attestation_state.c create mode 100644 src/libpts/plugins/imc_attestation/imc_attestation_state.h create mode 100644 src/libpts/plugins/imv_attestation/Makefile.am create mode 100644 src/libpts/plugins/imv_attestation/Makefile.in create mode 100644 src/libpts/plugins/imv_attestation/attest.c create mode 100644 src/libpts/plugins/imv_attestation/attest_db.c create mode 100644 src/libpts/plugins/imv_attestation/attest_db.h create mode 100644 src/libpts/plugins/imv_attestation/attest_usage.c create mode 100644 src/libpts/plugins/imv_attestation/attest_usage.h create mode 100644 src/libpts/plugins/imv_attestation/data.sql create mode 100644 src/libpts/plugins/imv_attestation/imv_attestation.c create mode 100644 src/libpts/plugins/imv_attestation/imv_attestation_build.c create mode 100644 src/libpts/plugins/imv_attestation/imv_attestation_build.h create mode 100644 src/libpts/plugins/imv_attestation/imv_attestation_process.c create mode 100644 src/libpts/plugins/imv_attestation/imv_attestation_process.h create mode 100644 src/libpts/plugins/imv_attestation/imv_attestation_state.c create mode 100644 src/libpts/plugins/imv_attestation/imv_attestation_state.h create mode 100644 src/libpts/plugins/imv_attestation/tables.sql create mode 100644 src/libpts/pts/components/ita/ita_comp_func_name.c create mode 100644 src/libpts/pts/components/ita/ita_comp_func_name.h create mode 100644 src/libpts/pts/components/ita/ita_comp_ima.c create mode 100644 src/libpts/pts/components/ita/ita_comp_ima.h create mode 100644 src/libpts/pts/components/ita/ita_comp_tboot.c create mode 100644 src/libpts/pts/components/ita/ita_comp_tboot.h create mode 100644 src/libpts/pts/components/ita/ita_comp_tgrub.c create mode 100644 src/libpts/pts/components/ita/ita_comp_tgrub.h create mode 100644 src/libpts/pts/components/pts_comp_evidence.c create mode 100644 src/libpts/pts/components/pts_comp_evidence.h create mode 100644 src/libpts/pts/components/pts_comp_func_name.c create mode 100644 src/libpts/pts/components/pts_comp_func_name.h create mode 100644 src/libpts/pts/components/pts_component.h create mode 100644 src/libpts/pts/components/pts_component_manager.c create mode 100644 src/libpts/pts/components/pts_component_manager.h create mode 100644 src/libpts/pts/components/tcg/tcg_comp_func_name.c create mode 100644 src/libpts/pts/components/tcg/tcg_comp_func_name.h create mode 100644 src/libpts/pts/pts.c create mode 100644 src/libpts/pts/pts.h create mode 100644 src/libpts/pts/pts_creds.c create mode 100644 src/libpts/pts/pts_creds.h create mode 100644 src/libpts/pts/pts_database.c create mode 100644 src/libpts/pts/pts_database.h create mode 100644 src/libpts/pts/pts_dh_group.c create mode 100644 src/libpts/pts/pts_dh_group.h create mode 100644 src/libpts/pts/pts_error.c create mode 100644 src/libpts/pts/pts_error.h create mode 100644 src/libpts/pts/pts_file_meas.c create mode 100644 src/libpts/pts/pts_file_meas.h create mode 100644 src/libpts/pts/pts_file_meta.c create mode 100644 src/libpts/pts/pts_file_meta.h create mode 100644 src/libpts/pts/pts_file_type.c create mode 100644 src/libpts/pts/pts_file_type.h create mode 100644 src/libpts/pts/pts_meas_algo.c create mode 100644 src/libpts/pts/pts_meas_algo.h create mode 100644 src/libpts/pts/pts_proto_caps.h create mode 100644 src/libpts/pts/pts_req_func_comp_evid.h create mode 100644 src/libpts/pts/pts_simple_evid_final.h create mode 100644 src/libpts/tcg/tcg_attr.c create mode 100644 src/libpts/tcg/tcg_attr.h create mode 100644 src/libpts/tcg/tcg_pts_attr_aik.c create mode 100644 src/libpts/tcg/tcg_pts_attr_aik.h create mode 100644 src/libpts/tcg/tcg_pts_attr_dh_nonce_finish.c create mode 100644 src/libpts/tcg/tcg_pts_attr_dh_nonce_finish.h create mode 100644 src/libpts/tcg/tcg_pts_attr_dh_nonce_params_req.c create mode 100644 src/libpts/tcg/tcg_pts_attr_dh_nonce_params_req.h create mode 100644 src/libpts/tcg/tcg_pts_attr_dh_nonce_params_resp.c create mode 100644 src/libpts/tcg/tcg_pts_attr_dh_nonce_params_resp.h create mode 100644 src/libpts/tcg/tcg_pts_attr_file_meas.c create mode 100644 src/libpts/tcg/tcg_pts_attr_file_meas.h create mode 100644 src/libpts/tcg/tcg_pts_attr_gen_attest_evid.c create mode 100644 src/libpts/tcg/tcg_pts_attr_gen_attest_evid.h create mode 100644 src/libpts/tcg/tcg_pts_attr_get_aik.c create mode 100644 src/libpts/tcg/tcg_pts_attr_get_aik.h create mode 100644 src/libpts/tcg/tcg_pts_attr_get_tpm_version_info.c create mode 100644 src/libpts/tcg/tcg_pts_attr_get_tpm_version_info.h create mode 100644 src/libpts/tcg/tcg_pts_attr_meas_algo.c create mode 100644 src/libpts/tcg/tcg_pts_attr_meas_algo.h create mode 100644 src/libpts/tcg/tcg_pts_attr_proto_caps.c create mode 100644 src/libpts/tcg/tcg_pts_attr_proto_caps.h create mode 100644 src/libpts/tcg/tcg_pts_attr_req_file_meas.c create mode 100644 src/libpts/tcg/tcg_pts_attr_req_file_meas.h create mode 100644 src/libpts/tcg/tcg_pts_attr_req_file_meta.c create mode 100644 src/libpts/tcg/tcg_pts_attr_req_file_meta.h create mode 100644 src/libpts/tcg/tcg_pts_attr_req_func_comp_evid.c create mode 100644 src/libpts/tcg/tcg_pts_attr_req_func_comp_evid.h create mode 100644 src/libpts/tcg/tcg_pts_attr_simple_comp_evid.c create mode 100644 src/libpts/tcg/tcg_pts_attr_simple_comp_evid.h create mode 100644 src/libpts/tcg/tcg_pts_attr_simple_evid_final.c create mode 100644 src/libpts/tcg/tcg_pts_attr_simple_evid_final.h create mode 100644 src/libpts/tcg/tcg_pts_attr_tpm_version_info.c create mode 100644 src/libpts/tcg/tcg_pts_attr_tpm_version_info.h create mode 100644 src/libpts/tcg/tcg_pts_attr_unix_file_meta.c create mode 100644 src/libpts/tcg/tcg_pts_attr_unix_file_meta.h create mode 100644 src/libradius/Makefile.am create mode 100644 src/libradius/Makefile.in create mode 100644 src/libradius/radius_client.c create mode 100644 src/libradius/radius_client.h create mode 100644 src/libradius/radius_config.c create mode 100644 src/libradius/radius_config.h create mode 100644 src/libradius/radius_message.c create mode 100644 src/libradius/radius_message.h create mode 100644 src/libradius/radius_mppe.h create mode 100644 src/libradius/radius_socket.c create mode 100644 src/libradius/radius_socket.h create mode 100644 src/libsimaka/simaka_card.h create mode 100644 src/libsimaka/simaka_hooks.h create mode 100644 src/libsimaka/simaka_manager.c create mode 100644 src/libsimaka/simaka_manager.h create mode 100644 src/libsimaka/simaka_provider.h create mode 100644 src/libstrongswan/bio/bio_reader.c create mode 100644 src/libstrongswan/bio/bio_reader.h create mode 100644 src/libstrongswan/bio/bio_writer.c create mode 100644 src/libstrongswan/bio/bio_writer.h create mode 100644 src/libstrongswan/database/database.c create mode 100644 src/libstrongswan/pen/pen.c create mode 100644 src/libstrongswan/pen/pen.h create mode 100644 src/libstrongswan/plugins/cmac/Makefile.am create mode 100644 src/libstrongswan/plugins/cmac/Makefile.in create mode 100644 src/libstrongswan/plugins/cmac/cmac.c create mode 100644 src/libstrongswan/plugins/cmac/cmac.h create mode 100644 src/libstrongswan/plugins/cmac/cmac_plugin.c create mode 100644 src/libstrongswan/plugins/cmac/cmac_plugin.h create mode 100644 src/libstrongswan/plugins/cmac/cmac_prf.c create mode 100644 src/libstrongswan/plugins/cmac/cmac_prf.h create mode 100644 src/libstrongswan/plugins/cmac/cmac_signer.c create mode 100644 src/libstrongswan/plugins/cmac/cmac_signer.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_dh.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_dh.h create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_rng.c create mode 100644 src/libstrongswan/plugins/pkcs11/pkcs11_rng.h create mode 100644 src/libstrongswan/plugins/pkcs8/Makefile.am create mode 100644 src/libstrongswan/plugins/pkcs8/Makefile.in create mode 100644 src/libstrongswan/plugins/pkcs8/pkcs8_builder.c create mode 100644 src/libstrongswan/plugins/pkcs8/pkcs8_builder.h create mode 100644 src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c create mode 100644 src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h create mode 100644 src/libstrongswan/plugins/plugin_feature.c create mode 100644 src/libstrongswan/plugins/plugin_feature.h create mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c create mode 100644 src/libstrongswan/processing/jobs/job.c delete mode 100644 src/libstrongswan/utils/iterator.h create mode 100644 src/libtls/tls_cache.c create mode 100644 src/libtls/tls_cache.h delete mode 100644 src/libtls/tls_reader.c delete mode 100644 src/libtls/tls_reader.h delete mode 100644 src/libtls/tls_writer.c delete mode 100644 src/libtls/tls_writer.h create mode 100644 src/libtnccs/Android.mk create mode 100644 src/libtnccs/Makefile.am create mode 100644 src/libtnccs/Makefile.in create mode 100644 src/libtnccs/tnc/imc/imc.h create mode 100644 src/libtnccs/tnc/imc/imc_manager.h create mode 100644 src/libtnccs/tnc/imv/imv.h create mode 100644 src/libtnccs/tnc/imv/imv_manager.h create mode 100644 src/libtnccs/tnc/imv/imv_recommendations.c create mode 100644 src/libtnccs/tnc/imv/imv_recommendations.h create mode 100644 src/libtnccs/tnc/tnc.c create mode 100644 src/libtnccs/tnc/tnc.h create mode 100644 src/libtnccs/tnc/tnccs/tnccs.c create mode 100644 src/libtnccs/tnc/tnccs/tnccs.h create mode 100644 src/libtnccs/tnc/tnccs/tnccs_manager.c create mode 100644 src/libtnccs/tnc/tnccs/tnccs_manager.h create mode 100644 src/libtncif/Android.mk create mode 100644 src/libtncif/Makefile.am create mode 100644 src/libtncif/Makefile.in create mode 100644 src/libtncif/tncif.h create mode 100644 src/libtncif/tncif_names.c create mode 100644 src/libtncif/tncif_names.h create mode 100644 src/libtncif/tncif_pa_subtypes.c create mode 100644 src/libtncif/tncif_pa_subtypes.h create mode 100644 src/libtncif/tncifimc.h create mode 100644 src/libtncif/tncifimv.h create mode 100644 src/pluto/Android.mk create mode 100644 src/pluto/plugin_list.c create mode 100644 src/pluto/plugin_list.h create mode 100644 src/starter/Android.mk create mode 100644 src/starter/ipsec-parser.h delete mode 100644 src/starter/lex.yy.c create mode 100644 src/starter/lexer.c create mode 100644 src/starter/lexer.l create mode 100644 src/starter/parser.c delete mode 100644 src/starter/parser.l delete mode 100644 src/starter/y.tab.c delete mode 100644 src/starter/y.tab.h create mode 100644 src/stroke/Android.mk create mode 100644 src/whack/Android.mk create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/24.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/25.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/26.pem create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/27.pem create mode 100644 testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem delete mode 100644 testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha256.pem create mode 100644 testing/tests/ikev2/esp-alg-md5-128/description.txt create mode 100644 testing/tests/ikev2/esp-alg-md5-128/evaltest.dat create mode 100755 testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/esp-alg-md5-128/posttest.dat create mode 100644 testing/tests/ikev2/esp-alg-md5-128/pretest.dat create mode 100644 testing/tests/ikev2/esp-alg-md5-128/test.conf create mode 100644 testing/tests/ikev2/esp-alg-sha1-160/description.txt create mode 100644 testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat create mode 100755 testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/esp-alg-sha1-160/posttest.dat create mode 100644 testing/tests/ikev2/esp-alg-sha1-160/pretest.dat create mode 100644 testing/tests/ikev2/esp-alg-sha1-160/test.conf create mode 100644 testing/tests/ikev2/net2net-esn/description.txt create mode 100644 testing/tests/ikev2/net2net-esn/evaltest.dat create mode 100755 testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev2/net2net-esn/posttest.dat create mode 100644 testing/tests/ikev2/net2net-esn/pretest.dat create mode 100644 testing/tests/ikev2/net2net-esn/test.conf create mode 100644 testing/tests/ikev2/net2net-pubkey/description.txt create mode 100644 testing/tests/ikev2/net2net-pubkey/evaltest.dat create mode 100755 testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/moonPub.der create mode 100644 testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/sunPub.der create mode 100644 testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/private/moonKey.der create mode 100644 testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/moonPub.der create mode 100644 testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/sunPub.der create mode 100644 testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/private/sunKey.der create mode 100644 testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev2/net2net-pubkey/posttest.dat create mode 100644 testing/tests/ikev2/net2net-pubkey/pretest.dat create mode 100644 testing/tests/ikev2/net2net-pubkey/test.conf create mode 100644 testing/tests/ikev2/net2net-rsa/description.txt create mode 100644 testing/tests/ikev2/net2net-rsa/evaltest.dat create mode 100755 testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.d/private/moonKey.der create mode 100644 testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.d/private/sunKey.der create mode 100644 testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev2/net2net-rsa/posttest.dat create mode 100644 testing/tests/ikev2/net2net-rsa/pretest.dat create mode 100644 testing/tests/ikev2/net2net-rsa/test.conf create mode 100644 testing/tests/ikev2/rw-eap-md5-id-prompt/description.txt create mode 100644 testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-eap-md5-id-prompt/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-md5-id-prompt/test.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/description.txt delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/evaltest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/clients.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/dictionary delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/eap.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/proxy.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/radiusd.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/default delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/users delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/tnc/dummyimc.file delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/tnc/dummyimc.file delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/init.d/iptables delete mode 100755 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/posttest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/pretest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius-block/test.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/description.txt delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/evaltest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/clients.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/dictionary delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/dictionary.tnc delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/eap.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/proxy.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/radiusd.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/default delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/users delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc/dummyimc.file delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc/dummyimc.file delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/init.d/iptables delete mode 100755 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/posttest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/pretest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11-radius/test.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/description.txt delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/evaltest.dat delete mode 100755 testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc/dummyimc.file delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc/log4cxx.properties delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc/dummyimc.file delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc/log4cxx.properties delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/dummyimv.policy delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/hostscannerimv.policy delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/log4cxx.properties delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc_config delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/posttest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/pretest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-11/test.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/description.txt delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/evaltest.dat delete mode 100755 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/tnc/dummyimc.file delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/tnc/dummyimc.file delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc/dummyimv.policy delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc_config delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/posttest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/pretest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-block/test.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/description.txt delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/evaltest.dat delete mode 100755 testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/tnc/dummyimc.file delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/tnc/dummyimc.file delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc/dummyimv.policy delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc_config delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/posttest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/pretest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20-tls/test.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/description.txt delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/evaltest.dat delete mode 100755 testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc/dummyimc.file delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc/log4cxx.properties delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc/dummyimc.file delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc/log4cxx.properties delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc/dummyimv.policy delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc/hostscannerimv.policy delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc/log4cxx.properties delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc_config delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/posttest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/pretest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-20/test.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/description.txt delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/evaltest.dat delete mode 100755 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc/dummyimc.file delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc/dummyimc.file delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc_config delete mode 100755 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/strongswan.conf delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc/dummyimv.policy delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc_config delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/posttest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/pretest.dat delete mode 100644 testing/tests/ikev2/rw-eap-tnc-dynamic/test.conf create mode 100644 testing/tests/ikev2/rw-pkcs8/description.txt create mode 100644 testing/tests/ikev2/rw-pkcs8/evaltest.dat create mode 100755 testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem create mode 100644 testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem create mode 100644 testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-pkcs8/posttest.dat create mode 100644 testing/tests/ikev2/rw-pkcs8/pretest.dat create mode 100644 testing/tests/ikev2/rw-pkcs8/test.conf create mode 100644 testing/tests/ikev2/rw-radius-accounting/description.txt create mode 100644 testing/tests/ikev2/rw-radius-accounting/evaltest.dat create mode 100644 testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/clients.conf create mode 100644 testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/eap.conf create mode 100644 testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/proxy.conf create mode 100644 testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/radiusd.conf create mode 100644 testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/sites-available/default create mode 100644 testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/users create mode 100755 testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/ikev2/rw-radius-accounting/posttest.dat create mode 100644 testing/tests/ikev2/rw-radius-accounting/pretest.dat create mode 100644 testing/tests/ikev2/rw-radius-accounting/test.conf create mode 100644 testing/tests/ikev2/shunt-policies/description.txt create mode 100644 testing/tests/ikev2/shunt-policies/evaltest.dat create mode 100755 testing/tests/ikev2/shunt-policies/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/shunt-policies/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/shunt-policies/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/ikev2/shunt-policies/posttest.dat create mode 100644 testing/tests/ikev2/shunt-policies/pretest.dat create mode 100644 testing/tests/ikev2/shunt-policies/test.conf create mode 100644 testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem delete mode 100644 testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha256.pem create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/description.txt create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat create mode 100755 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/certs/carolCert.pem create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/strongswan.conf create mode 100755 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/certs/daveCert.pem create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/strongswan.conf create mode 100755 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/certs/moonCert.pem create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/posttest.dat create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/pretest.dat create mode 100644 testing/tests/openssl-ikev2/ecdsa-pkcs8/test.conf create mode 100644 testing/tests/pfkey/shunt-policies/description.txt create mode 100644 testing/tests/pfkey/shunt-policies/evaltest.dat create mode 100755 testing/tests/pfkey/shunt-policies/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/pfkey/shunt-policies/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/pfkey/shunt-policies/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/pfkey/shunt-policies/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/pfkey/shunt-policies/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/pfkey/shunt-policies/posttest.dat create mode 100644 testing/tests/pfkey/shunt-policies/pretest.dat create mode 100644 testing/tests/pfkey/shunt-policies/test.conf create mode 100644 testing/tests/sql/shunt-policies/description.txt create mode 100644 testing/tests/sql/shunt-policies/evaltest.dat create mode 100755 testing/tests/sql/shunt-policies/hosts/moon/etc/init.d/iptables create mode 100644 testing/tests/sql/shunt-policies/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/sql/shunt-policies/hosts/moon/etc/ipsec.d/data.sql create mode 100644 testing/tests/sql/shunt-policies/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/sql/shunt-policies/hosts/moon/etc/strongswan.conf create mode 100755 testing/tests/sql/shunt-policies/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/sql/shunt-policies/hosts/sun/etc/ipsec.d/data.sql create mode 100644 testing/tests/sql/shunt-policies/hosts/sun/etc/ipsec.secrets create mode 100644 testing/tests/sql/shunt-policies/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/sql/shunt-policies/posttest.dat create mode 100644 testing/tests/sql/shunt-policies/pretest.dat create mode 100644 testing/tests/sql/shunt-policies/test.conf create mode 100644 testing/tests/tnc/tnccs-11-fhh/description.txt create mode 100644 testing/tests/tnc/tnccs-11-fhh/evaltest.dat create mode 100755 testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc/dummyimc.file create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc/log4cxx.properties create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc/dummyimc.file create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc/log4cxx.properties create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/dummyimv.policy create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/hostscannerimv.policy create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/log4cxx.properties create mode 100644 testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-11-fhh/posttest.dat create mode 100644 testing/tests/tnc/tnccs-11-fhh/pretest.dat create mode 100644 testing/tests/tnc/tnccs-11-fhh/test.conf create mode 100644 testing/tests/tnc/tnccs-11-radius-block/description.txt create mode 100644 testing/tests/tnc/tnccs-11-radius-block/evaltest.dat create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/clients.conf create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/eap.conf create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/proxy.conf create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/radiusd.conf create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/default create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/users create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/tnc/log4cxx.properties create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-11-radius-block/posttest.dat create mode 100644 testing/tests/tnc/tnccs-11-radius-block/pretest.dat create mode 100644 testing/tests/tnc/tnccs-11-radius-block/test.conf create mode 100644 testing/tests/tnc/tnccs-11-radius/description.txt create mode 100644 testing/tests/tnc/tnccs-11-radius/evaltest.dat create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/clients.conf create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary.tnc create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/eap.conf create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/proxy.conf create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/radiusd.conf create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/default create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/users create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc/log4cxx.properties create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-11-radius/posttest.dat create mode 100644 testing/tests/tnc/tnccs-11-radius/pretest.dat create mode 100644 testing/tests/tnc/tnccs-11-radius/test.conf create mode 100644 testing/tests/tnc/tnccs-11/description.txt create mode 100644 testing/tests/tnc/tnccs-11/evaltest.dat create mode 100755 testing/tests/tnc/tnccs-11/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-11/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-11/hosts/carol/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-11/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-11/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-11/hosts/dave/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-11/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-11/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-11/hosts/moon/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-11/posttest.dat create mode 100644 testing/tests/tnc/tnccs-11/pretest.dat create mode 100644 testing/tests/tnc/tnccs-11/test.conf create mode 100644 testing/tests/tnc/tnccs-20-block/description.txt create mode 100644 testing/tests/tnc/tnccs-20-block/evaltest.dat create mode 100755 testing/tests/tnc/tnccs-20-block/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-block/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-block/hosts/carol/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20-block/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-block/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-block/hosts/dave/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20-block/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-block/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-block/hosts/moon/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-20-block/posttest.dat create mode 100644 testing/tests/tnc/tnccs-20-block/pretest.dat create mode 100644 testing/tests/tnc/tnccs-20-block/test.conf create mode 100644 testing/tests/tnc/tnccs-20-client-retry/description.txt create mode 100644 testing/tests/tnc/tnccs-20-client-retry/evaltest.dat create mode 100755 testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-20-client-retry/posttest.dat create mode 100644 testing/tests/tnc/tnccs-20-client-retry/pretest.dat create mode 100644 testing/tests/tnc/tnccs-20-client-retry/test.conf create mode 100644 testing/tests/tnc/tnccs-20-fhh/description.txt create mode 100644 testing/tests/tnc/tnccs-20-fhh/evaltest.dat create mode 100755 testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc/dummyimc.file create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc/log4cxx.properties create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc/dummyimc.file create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc/log4cxx.properties create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/dummyimv.policy create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/hostscannerimv.policy create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/log4cxx.properties create mode 100644 testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-20-fhh/posttest.dat create mode 100644 testing/tests/tnc/tnccs-20-fhh/pretest.dat create mode 100644 testing/tests/tnc/tnccs-20-fhh/test.conf create mode 100644 testing/tests/tnc/tnccs-20-pdp/description.txt create mode 100644 testing/tests/tnc/tnccs-20-pdp/evaltest.dat create mode 100755 testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/certs/aaaCert.pem create mode 100644 testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.d/private/aaaKey.pem create mode 100644 testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-pdp/posttest.dat create mode 100644 testing/tests/tnc/tnccs-20-pdp/pretest.dat create mode 100644 testing/tests/tnc/tnccs-20-pdp/test.conf create mode 100644 testing/tests/tnc/tnccs-20-server-retry/description.txt create mode 100644 testing/tests/tnc/tnccs-20-server-retry/evaltest.dat create mode 100755 testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-20-server-retry/posttest.dat create mode 100644 testing/tests/tnc/tnccs-20-server-retry/pretest.dat create mode 100644 testing/tests/tnc/tnccs-20-server-retry/test.conf create mode 100644 testing/tests/tnc/tnccs-20-tls/description.txt create mode 100644 testing/tests/tnc/tnccs-20-tls/evaltest.dat create mode 100755 testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-20-tls/posttest.dat create mode 100644 testing/tests/tnc/tnccs-20-tls/pretest.dat create mode 100644 testing/tests/tnc/tnccs-20-tls/test.conf create mode 100644 testing/tests/tnc/tnccs-20/description.txt create mode 100644 testing/tests/tnc/tnccs-20/evaltest.dat create mode 100755 testing/tests/tnc/tnccs-20/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20/hosts/carol/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20/hosts/dave/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-20/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-20/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-20/hosts/moon/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-20/posttest.dat create mode 100644 testing/tests/tnc/tnccs-20/pretest.dat create mode 100644 testing/tests/tnc/tnccs-20/test.conf create mode 100644 testing/tests/tnc/tnccs-dynamic/description.txt create mode 100644 testing/tests/tnc/tnccs-dynamic/evaltest.dat create mode 100755 testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/tnc_config create mode 100755 testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/tnc_config create mode 100644 testing/tests/tnc/tnccs-dynamic/posttest.dat create mode 100644 testing/tests/tnc/tnccs-dynamic/pretest.dat create mode 100644 testing/tests/tnc/tnccs-dynamic/test.conf create mode 100755 ylwrap diff --git a/Android.mk b/Android.mk index d3188974d..59d27775a 100644 --- a/Android.mk +++ b/Android.mk @@ -1,11 +1,39 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) +# the executables that should be installed on the final system have to be added +# to PRODUCT_PACKAGES in +# build/target/product/core.mk +# possible executables are +# starter - allows to control and configure the daemons from the command line +# charon - the IKEv2 daemon +# pluto - the IKEv1 daemon + +# if you enable starter and/or pluto (see above) uncomment the proper lines here +# strongswan_BUILD_STARTER := true +# strongswan_BUILD_PLUTO := true + # this is the list of plugins that are built into libstrongswan and charon # also these plugins are loaded by default (if not changed in strongswan.conf) -strongswan_PLUGINS := openssl fips-prf random pubkey pkcs1 \ +strongswan_CHARON_PLUGINS := openssl fips-prf random pubkey pkcs1 \ pem xcbc hmac kernel-netlink socket-default android \ - eap-identity eap-mschapv2 eap-md5 + stroke eap-identity eap-mschapv2 eap-md5 + +ifneq ($(strongswan_BUILD_PLUTO),) +# if both daemons are enabled we use raw sockets in charon +strongswan_CHARON_PLUGINS := $(subst socket-default,socket-raw, \ + $(strongswan_CHARON_PLUGINS)) +# plugins loaded by pluto +strongswan_PLUTO_PLUGINS := openssl fips-prf random pubkey pkcs1 \ + pem xcbc hmac kernel-netlink xauth +endif + +strongswan_STARTER_PLUGINS := kernel-netlink + +# list of all plugins - used to enable them with the function below +strongswan_PLUGINS := $(sort $(strongswan_CHARON_PLUGINS) \ + $(strongswan_PLUTO_PLUGINS) \ + $(strongswan_STARTER_PLUGINS)) # helper macros to only add source files for plugins included in the list above # source files are relative to the android.mk that called the macro @@ -25,6 +53,15 @@ strongswan_PATH := $(LOCAL_PATH) libvstr_PATH := external/strongswan-support/vstr/include libgmp_PATH := external/strongswan-support/gmp +# some definitions +strongswan_VERSION := "4.6.4" +strongswan_DIR := "/system/bin" +strongswan_SBINDIR := "/system/bin" +strongswan_PIDDIR := "/data/misc/vpn" +strongswan_PLUGINDIR := "$(strongswan_IPSEC_DIR)/ipsec" +strongswan_CONFDIR := "/system/etc" +strongswan_STRONGSWAN_CONF := "$(strongswan_CONFDIR)/strongswan.conf" + # CFLAGS (partially from a configure run using droid-gcc) strongswan_CFLAGS := \ -Wno-format \ @@ -51,14 +88,15 @@ strongswan_CFLAGS := \ -DCAPABILITIES_NATIVE \ -DMONOLITHIC \ -DUSE_VSTR \ + -DDEBUG \ -DROUTING_TABLE=0 \ -DROUTING_TABLE_PRIO=220 \ - -DVERSION=\"4.5.2\" \ - -DPLUGINS='"$(strongswan_PLUGINS)"' \ - -DPLUGINDIR=\"/system/bin/ipsec\" \ - -DIPSEC_DIR=\"/system/bin\" \ - -DIPSEC_PIDDIR=\"/data/misc/vpn\" \ - -DSTRONGSWAN_CONF=\"/system/etc/strongswan.conf\" \ + -DVERSION=\"$(strongswan_VERSION)\" \ + -DPLUGINDIR=\"$(strongswan_PLUGINDIR)\" \ + -DIPSEC_DIR=\"$(strongswan_DIR)\" \ + -DIPSEC_PIDDIR=\"$(strongswan_PIDDIR)\" \ + -DIPSEC_CONFDIR=\"$(strongswan_CONFDIR)\" \ + -DSTRONGSWAN_CONF=\"$(strongswan_STRONGSWAN_CONF)\" \ -DDEV_RANDOM=\"/dev/random\" \ -DDEV_URANDOM=\"/dev/urandom\" @@ -66,9 +104,28 @@ strongswan_CFLAGS := \ strongswan_CFLAGS += \ -DHAVE_IN6ADDR_ANY +strongswan_BUILD := \ + charon \ + libcharon \ + libhydra \ + libstrongswan \ + libtncif \ + libtnccs + +ifneq ($(strongswan_BUILD_STARTER),) +strongswan_BUILD += \ + libfreeswan \ + starter \ + stroke \ + ipsec +endif + +ifneq ($(strongswan_BUILD_PLUTO),) +strongswan_BUILD += \ + libfreeswan \ + pluto \ + whack +endif + include $(addprefix $(LOCAL_PATH)/src/,$(addsuffix /Android.mk, \ - charon \ - libcharon \ - libhydra \ - libstrongswan \ - )) + $(sort $(strongswan_BUILD)))) diff --git a/Android.mk.in b/Android.mk.in index d1bec5a29..e1f061350 100644 --- a/Android.mk.in +++ b/Android.mk.in @@ -1,11 +1,39 @@ LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) +# the executables that should be installed on the final system have to be added +# to PRODUCT_PACKAGES in +# build/target/product/core.mk +# possible executables are +# starter - allows to control and configure the daemons from the command line +# charon - the IKEv2 daemon +# pluto - the IKEv1 daemon + +# if you enable starter and/or pluto (see above) uncomment the proper lines here +# strongswan_BUILD_STARTER := true +# strongswan_BUILD_PLUTO := true + # this is the list of plugins that are built into libstrongswan and charon # also these plugins are loaded by default (if not changed in strongswan.conf) -strongswan_PLUGINS := openssl fips-prf random pubkey pkcs1 \ +strongswan_CHARON_PLUGINS := openssl fips-prf random pubkey pkcs1 \ pem xcbc hmac kernel-netlink socket-default android \ - eap-identity eap-mschapv2 eap-md5 + stroke eap-identity eap-mschapv2 eap-md5 + +ifneq ($(strongswan_BUILD_PLUTO),) +# if both daemons are enabled we use raw sockets in charon +strongswan_CHARON_PLUGINS := $(subst socket-default,socket-raw, \ + $(strongswan_CHARON_PLUGINS)) +# plugins loaded by pluto +strongswan_PLUTO_PLUGINS := openssl fips-prf random pubkey pkcs1 \ + pem xcbc hmac kernel-netlink xauth +endif + +strongswan_STARTER_PLUGINS := kernel-netlink + +# list of all plugins - used to enable them with the function below +strongswan_PLUGINS := $(sort $(strongswan_CHARON_PLUGINS) \ + $(strongswan_PLUTO_PLUGINS) \ + $(strongswan_STARTER_PLUGINS)) # helper macros to only add source files for plugins included in the list above # source files are relative to the android.mk that called the macro @@ -25,6 +53,15 @@ strongswan_PATH := $(LOCAL_PATH) libvstr_PATH := external/strongswan-support/vstr/include libgmp_PATH := external/strongswan-support/gmp +# some definitions +strongswan_VERSION := "@PACKAGE_VERSION@" +strongswan_DIR := "/system/bin" +strongswan_SBINDIR := "/system/bin" +strongswan_PIDDIR := "/data/misc/vpn" +strongswan_PLUGINDIR := "$(strongswan_IPSEC_DIR)/ipsec" +strongswan_CONFDIR := "/system/etc" +strongswan_STRONGSWAN_CONF := "$(strongswan_CONFDIR)/strongswan.conf" + # CFLAGS (partially from a configure run using droid-gcc) strongswan_CFLAGS := \ -Wno-format \ @@ -51,14 +88,15 @@ strongswan_CFLAGS := \ -DCAPABILITIES_NATIVE \ -DMONOLITHIC \ -DUSE_VSTR \ + -DDEBUG \ -DROUTING_TABLE=0 \ -DROUTING_TABLE_PRIO=220 \ - -DVERSION=\"@PACKAGE_VERSION@\" \ - -DPLUGINS='"$(strongswan_PLUGINS)"' \ - -DPLUGINDIR=\"/system/bin/ipsec\" \ - -DIPSEC_DIR=\"/system/bin\" \ - -DIPSEC_PIDDIR=\"/data/misc/vpn\" \ - -DSTRONGSWAN_CONF=\"/system/etc/strongswan.conf\" \ + -DVERSION=\"$(strongswan_VERSION)\" \ + -DPLUGINDIR=\"$(strongswan_PLUGINDIR)\" \ + -DIPSEC_DIR=\"$(strongswan_DIR)\" \ + -DIPSEC_PIDDIR=\"$(strongswan_PIDDIR)\" \ + -DIPSEC_CONFDIR=\"$(strongswan_CONFDIR)\" \ + -DSTRONGSWAN_CONF=\"$(strongswan_STRONGSWAN_CONF)\" \ -DDEV_RANDOM=\"/dev/random\" \ -DDEV_URANDOM=\"/dev/urandom\" @@ -66,9 +104,28 @@ strongswan_CFLAGS := \ strongswan_CFLAGS += \ -DHAVE_IN6ADDR_ANY +strongswan_BUILD := \ + charon \ + libcharon \ + libhydra \ + libstrongswan \ + libtncif \ + libtnccs + +ifneq ($(strongswan_BUILD_STARTER),) +strongswan_BUILD += \ + libfreeswan \ + starter \ + stroke \ + ipsec +endif + +ifneq ($(strongswan_BUILD_PLUTO),) +strongswan_BUILD += \ + libfreeswan \ + pluto \ + whack +endif + include $(addprefix $(LOCAL_PATH)/src/,$(addsuffix /Android.mk, \ - charon \ - libcharon \ - libhydra \ - libstrongswan \ - )) + $(sort $(strongswan_BUILD)))) diff --git a/COPYING b/COPYING index 60549be51..d159169d1 100644 --- a/COPYING +++ b/COPYING @@ -1,12 +1,12 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. - Preamble + Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public @@ -15,7 +15,7 @@ software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to +the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not @@ -55,8 +55,8 @@ patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. - - GNU GENERAL PUBLIC LICENSE + + GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains @@ -110,7 +110,7 @@ above, provided that you also meet all of these conditions: License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) - + These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in @@ -168,7 +168,7 @@ access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. - + 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is @@ -225,7 +225,7 @@ impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. - + 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License @@ -255,7 +255,7 @@ make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. - NO WARRANTY + NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN @@ -277,9 +277,9 @@ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it @@ -291,7 +291,7 @@ convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. - Copyright (C) 19yy + Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -303,17 +303,16 @@ the "copyright" line and a pointer to where the full notice is found. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: - Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. @@ -336,5 +335,5 @@ necessary. Here is a sample; alter the names: This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Library General +library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. diff --git a/Doxyfile.in b/Doxyfile.in index e7f5b50a4..7fb516190 100644 --- a/Doxyfile.in +++ b/Doxyfile.in @@ -532,6 +532,9 @@ INPUT = @SRC_DIR@/src/libstrongswan \ @SRC_DIR@/src/libcharon \ @SRC_DIR@/src/libsimaka \ @SRC_DIR@/src/libtls \ + @SRC_DIR@/src/libradius \ + @SRC_DIR@/src/libtnccs \ + @SRC_DIR@/src/libtncif \ @SRC_DIR@/src/libfast \ @SRC_DIR@/src/manager diff --git a/INSTALL b/INSTALL index 72c26929a..0cd375ea2 100644 --- a/INSTALL +++ b/INSTALL @@ -18,7 +18,7 @@ Contents -------- The strongSwan 4.x branch introduces a new build environment featuring - GNU autotools. This should simplify the build process and package + GNU autotools. This should simplify the build process and package maintenance. First check for the availability of required packages on your system (section 2.). You may want to include support for additional features, which @@ -42,9 +42,9 @@ Contents To check if your kernel fullfills the requirements, see section 4. - Next add your connections to "/etc/ipsec.conf" and your secrets to + Next add your connections to "/etc/ipsec.conf" and your secrets to "/etc/ipsec.secrets". Connections that are to be negotiated by the new - IKEv2 charon keying daemon should be designated by "keyexchange=ikev2" and + IKEv2 charon keying daemon should be designated by "keyexchange=ikev2" and those by the IKEv1 pluto keying daemon either by "keyexchange=ikev1" or the default "keyexchange=ike". @@ -118,7 +118,7 @@ Contents --------------------------------- If you want to securely store your X.509 certificates and private RSA keys - on a smart card or a USB crypto token then you will need a PKCS #11 library + on a smart card or a USB crypto token then you will need a PKCS #11 library for the smart card of your choice. The OpenSC PKCS#11 library (use versions >= 0.9.4) available from http://www.opensc.org/ supports quite a selection of cards and tokens (e.g. Aladdin eToken Pro32k, Schlumberger diff --git a/Makefile.in b/Makefile.in index b2a4a2ef9..4b9363f5f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -39,7 +39,7 @@ DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(top_srcdir)/configure \ $(top_srcdir)/src/dumm/ext/extconf.rb.in AUTHORS COPYING \ ChangeLog INSTALL NEWS TODO config.guess config.sub depcomp \ - install-sh ltmain.sh missing + install-sh ltmain.sh missing ylwrap ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -201,6 +201,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -209,6 +212,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -225,11 +229,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -273,6 +279,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/NEWS b/NEWS index cc18e08f3..deef65b91 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,159 @@ +strongswan-4.6.4 +---------------- + +- Fixed a security vulnerability in the gmp plugin. If this plugin was used + for RSA signature verification an empty or zeroed signature was handled as + a legitimate one. + +- Fixed several issues with reauthentication and address updates. + + +strongswan-4.6.3 +---------------- + +- The tnc-pdp plugin implements a RADIUS server interface allowing + a strongSwan TNC server to act as a Policy Decision Point. + +- The eap-radius authentication backend enforces Session-Timeout attributes + using RFC4478 repeated authentication and acts upon RADIUS Dynamic + Authorization extensions, RFC 5176. Currently supported are disconnect + requests and CoA messages containing a Session-Timeout. + +- The eap-radius plugin can forward arbitrary RADIUS attributes from and to + clients using custom IKEv2 notify payloads. The new radattr plugin reads + attributes to include from files and prints received attributes to the + console. + +- Added support for untruncated MD5 and SHA1 HMACs in ESP as used in + RFC 4595. + +- The cmac plugin implements the AES-CMAC-96 and AES-CMAC-PRF-128 algorithms + as defined in RFC 4494 and RFC 4615, respectively. + +- The resolve plugin automatically installs nameservers via resolvconf(8), + if it is installed, instead of modifying /etc/resolv.conf directly. + +- The IKEv2 charon daemon supports now raw RSA public keys in RFC 3110 + DNSKEY and PKCS#1 file format. + + +strongswan-4.6.2 +---------------- + +- Upgraded the TCG IF-IMC and IF-IMV C API to the upcoming version 1.3 + which supports IF-TNCCS 2.0 long message types, the exclusive flags + and multiple IMC/IMV IDs. Both the TNC Client and Server as well as + the "Test", "Scanner", and "Attestation" IMC/IMV pairs were updated. + +- Fully implemented the "TCG Attestation PTS Protocol: Binding to IF-M" + standard (TLV-based messages only). TPM-based remote attestation of + Linux IMA (Integrity Measurement Architecture) possible. Measurement + reference values are automatically stored in an SQLite database. + +- The EAP-RADIUS authentication backend supports RADIUS accounting. It sends + start/stop messages containing Username, Framed-IP and Input/Output-Octets + attributes and has been tested against FreeRADIUS and Microsoft NPS. + +- Added support for PKCS#8 encoded private keys via the libstrongswan + pkcs8 plugin. This is the default format used by some OpenSSL tools since + version 1.0.0 (e.g. openssl req with -keyout). + +- Added session resumption support to the strongSwan TLS stack. + + +strongswan-4.6.1 +---------------- + +- Because of changing checksums before and after installation which caused + the integrity tests to fail we avoided directly linking libsimaka, libtls and + libtnccs to those libcharon plugins which make use of these dynamic libraries. + Instead we linked the libraries to the charon daemon. Unfortunately Ubuntu + 11.10 activated the --as-needed ld option which discards explicit links + to dynamic libraries that are not actually used by the charon daemon itself, + thus causing failures during the loading of the plugins which depend on these + libraries for resolving external symbols. + +- Therefore our approach of computing integrity checksums for plugins had to be + changed radically by moving the hash generation from the compilation to the + post-installation phase. + + +strongswan-4.6.0 +---------------- + +- The new libstrongswan certexpire plugin collects expiration information of + all used certificates and exports them to CSV files. It either directly + exports them or uses cron style scheduling for batch exports. + +- starter passes unresolved hostnames to charon, allowing it to do name + resolution not before the connection attempt. This is especially useful with + connections between hosts using dynamic IP addresses. Thanks to Mirko Parthey + for the initial patch. + +- The android plugin can now be used without the Android frontend patch and + provides DNS server registration and logging to logcat. + +- Pluto and starter (plus stroke and whack) have been ported to Android. + +- Support for ECDSA private and public key operations has been added to the + pkcs11 plugin. The plugin now also provides DH and ECDH via PKCS#11 and can + use tokens as random number generators (RNG). By default only private key + operations are enabled, more advanced features have to be enabled by their + option in strongswan.conf. This also applies to public key operations (even + for keys not stored on the token) which were enabled by default before. + +- The libstrongswan plugin system now supports detailed plugin dependencies. + Many plugins have been extended to export its capabilities and requirements. + This allows the plugin loader to resolve plugin loading order automatically, + and in future releases, to dynamically load the required features on demand. + Existing third party plugins are source (but not binary) compatible if they + properly initialize the new get_features() plugin function to NULL. + +- The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can deliver + metadata about IKE_SAs via a SOAP interface to a MAP server. The tnc-ifmap + plugin requires the Apache Axis2/C library. + + +strongswan-4.5.3 +---------------- + +- Our private libraries (e.g. libstrongswan) are not installed directly in + prefix/lib anymore. Instead a subdirectory is used (prefix/lib/ipsec/ by + default). The plugins directory is also moved from libexec/ipsec/ to that + directory. + +- The dynamic IMC/IMV libraries were moved from the plugins directory to + a new imcvs directory in the prefix/lib/ipsec/ subdirectory. + +- Job priorities were introduced to prevent thread starvation caused by too + many threads handling blocking operations (such as CRL fetching). Refer to + strongswan.conf(5) for details. + +- Two new strongswan.conf options allow to fine-tune performance on IKEv2 + gateways by dropping IKE_SA_INIT requests on high load. + +- IKEv2 charon daemon supports start PASS and DROP shunt policies + preventing traffic to go through IPsec connections. Installation of the + shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel + interfaces. + +- The history of policies installed in the kernel is now tracked so that e.g. + trap policies are correctly updated when reauthenticated SAs are terminated. + +- IMC/IMV Scanner pair implementing the RFC 5792 PA-TNC (IF-M) protocol. + Using "netstat -l" the IMC scans open listening ports on the TNC client + and sends a port list to the IMV which based on a port policy decides if + the client is admitted to the network. + (--enable-imc-scanner/--enable-imv-scanner). + +- IMC/IMV Test pair implementing the RFC 5792 PA-TNC (IF-M) protocol. + (--enable-imc-test/--enable-imv-test). + +- The IKEv2 close action does not use the same value as the ipsec.conf dpdaction + setting, but the value defined by its own closeaction keyword. The action + is triggered if the remote peer closes a CHILD_SA unexpectedly. + + strongswan-4.5.2 ---------------- @@ -489,7 +645,7 @@ strongswan-4.3.1 CREATE_CHILD_SA request was sent. 2) Sending an IKE_AUTH request with either a missing TSi or TSr payload caused a null pointer derefence because the checks for TSi and TSr were interchanged. The IKEv2 fuzzer used was - developped by the Orange Labs vulnerability research team. The tool was + developed by the Orange Labs vulnerability research team. The tool was initially written by Gabriel Campana and is now maintained by Laurent Butti. - Added support for AES counter mode in ESP in IKEv2 using the proposal @@ -529,7 +685,7 @@ strongswan-4.2.14 ----------------- - The new server-side EAP RADIUS plugin (--enable-eap-radius) - relays EAP messages to and from a RADIUS server. Succesfully + relays EAP messages to and from a RADIUS server. Successfully tested with with a freeradius server using EAP-MD5 and EAP-SIM. - A vulnerability in the Dead Peer Detection (RFC 3706) code was found by @@ -557,7 +713,7 @@ strongswan-4.2.13 - Fixed a use-after-free bug in the DPD timeout section of the IKEv1 pluto daemon which sporadically caused a segfault. -- Fixed a crash in the IKEv2 charon daemon occuring with +- Fixed a crash in the IKEv2 charon daemon occurring with mixed RAM-based and SQL-based virtual IP address pools. - Fixed ASN.1 parsing of algorithmIdentifier objects where the @@ -647,7 +803,7 @@ strongswan-4.2.9 The installpolicy=no option allows peaceful cooperation with a dominant mip6d daemon and the new type=transport_proxy implements the special MIPv6 IPsec transport proxy mode where the IKEv2 daemon uses the Care-of-Address - but the IPsec SA is set up for the Home Adress. + but the IPsec SA is set up for the Home Address. - Implemented migration of Mobile IPv6 connections using the KMADDRESS field contained in XFRM_MSG_MIGRATE messages sent by the mip6d daemon @@ -810,7 +966,7 @@ strongswan-4.2.1 connection setups over new ones, where the value "replace" replaces existing connections. -- The crypto factory in libstrongswan additionaly supports random number +- The crypto factory in libstrongswan additionally supports random number generators, plugins may provide other sources of randomness. The default plugin reads raw random data from /dev/(u)random. @@ -1084,7 +1240,7 @@ strongswan-4.1.3 is provided and more advanced backends (using e.g. a database) are trivial to implement. - - Fixed a compilation failure in libfreeswan occuring with Linux kernel + - Fixed a compilation failure in libfreeswan occurring with Linux kernel headers > 2.6.17. @@ -1395,7 +1551,7 @@ strongswan-2.7.0 the successful setup and teardown of an IPsec SA, respectively. left|rightfirwall can be used with KLIPS under any Linux 2.4 kernel or with NETKEY under a Linux kernel version >= 2.6.16 - in conjuction with iptables >= 1.3.5. For NETKEY under a Linux + in conjunction with iptables >= 1.3.5. For NETKEY under a Linux kernel version < 2.6.16 which does not support IPsec policy matching yet, please continue to use a copy of the _updown_espmark template loaded via the left|rightupdown keyword. @@ -1901,7 +2057,7 @@ strongswan-2.2.2 and reduces the well-known four tunnel case on VPN gateways to a single tunnel definition (see README section 2.4). -- Fixed a bug occuring with NAT-Traversal enabled when the responder +- Fixed a bug occurring with NAT-Traversal enabled when the responder suddenly turns initiator and the initiator cannot find a matching connection because of the floated IKE port 4500. @@ -1917,11 +2073,11 @@ strongswan-2.2.1 - Introduced the ipsec auto --listalgs monitoring command which lists all currently registered IKE and ESP algorithms. -- Fixed a bug in the ESP algorithm selection occuring when the strict flag +- Fixed a bug in the ESP algorithm selection occurring when the strict flag is set and the first proposed transform does not match. - Fixed another deadlock in the use of the lock_certs_and_keys() mutex, - occuring when a smartcard is present. + occurring when a smartcard is present. - Prevented that a superseded Phase1 state can trigger a DPD_TIMEOUT event. diff --git a/README b/README index 1d186afd9..58f865d30 100644 --- a/README +++ b/README @@ -138,7 +138,7 @@ interoperability with the Check Point VPN-1 NG gateway. In the following examples we assume for reasons of clarity that left designates the local host and that right is the remote host. Certificates for users, hosts -and gateways are issued by a ficticious strongSwan CA. How to generate private keys +and gateways are issued by a fictitious strongSwan CA. How to generate private keys and certificates using OpenSSL will be explained in section 3. The CA certificate "strongswanCert.pem" must be present on all VPN end points in order to be able to authenticate the peers. @@ -1959,7 +1959,7 @@ and the returned result might be a decrypted 128 bit AES key 000 8836362e030e6707c32ffaa0bdad5540 The leading three characters represent the return code of the whack channel -with 000 signifying that no error has occured. Here is another example showing +with 000 signifying that no error has occurred. Here is another example showing the use of the inbase and outbase attributes ipsec scdecrypt m/ewDnTs0k...woE= --inbase base64 --outbase text @@ -2195,7 +2195,7 @@ The command ipsec listpubkeys [--utc] lists all public keys currently installed in the chained list of public -keys. These keys were statically loaded from ipsec.conf or aquired either +keys. These keys were statically loaded from ipsec.conf or acquired either from received certificates or retrieved from secure DNS servers using opportunistic mode. diff --git a/TODO b/TODO index 6b626e9ff..458384a8d 100644 --- a/TODO +++ b/TODO @@ -21,7 +21,6 @@ Stroke interface Misc ---- - Address pool/backend for virtual IP assignement -- replace iterator by enumerator libstrongswan stuff ------------------- diff --git a/configure b/configure index 61c23e78a..5151f9759 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.67 for strongSwan 4.5.2. +# Generated by GNU Autoconf 2.67 for strongSwan 4.6.4. # # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -698,8 +698,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='strongSwan' PACKAGE_TARNAME='strongswan' -PACKAGE_VERSION='4.5.2' -PACKAGE_STRING='strongSwan 4.5.2' +PACKAGE_VERSION='4.6.4' +PACKAGE_STRING='strongSwan 4.6.4' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -745,6 +745,12 @@ LTLIBOBJS LIBOBJS MONOLITHIC_FALSE MONOLITHIC_TRUE +USE_PTS_FALSE +USE_PTS_TRUE +USE_IMCV_FALSE +USE_IMCV_TRUE +USE_RADIUS_FALSE +USE_RADIUS_TRUE USE_TLS_FALSE USE_TLS_TRUE USE_SIMAKA_FALSE @@ -757,6 +763,10 @@ USE_IPSEC_SCRIPT_FALSE USE_IPSEC_SCRIPT_TRUE USE_FILE_CONFIG_FALSE USE_FILE_CONFIG_TRUE +USE_LIBTNCCS_FALSE +USE_LIBTNCCS_TRUE +USE_LIBTNCIF_FALSE +USE_LIBTNCIF_TRUE USE_LIBCHARON_FALSE USE_LIBCHARON_TRUE USE_LIBHYDRA_FALSE @@ -771,6 +781,8 @@ USE_TOOLS_FALSE USE_TOOLS_TRUE USE_CHARON_FALSE USE_CHARON_TRUE +USE_ADNS_FALSE +USE_ADNS_TRUE USE_THREADS_FALSE USE_THREADS_TRUE USE_PLUTO_FALSE @@ -827,16 +839,34 @@ USE_SOCKET_RAW_FALSE USE_SOCKET_RAW_TRUE USE_SOCKET_DEFAULT_FALSE USE_SOCKET_DEFAULT_TRUE +USE_IMV_ATTESTATION_FALSE +USE_IMV_ATTESTATION_TRUE +USE_IMC_ATTESTATION_FALSE +USE_IMC_ATTESTATION_TRUE +USE_IMV_SCANNER_FALSE +USE_IMV_SCANNER_TRUE +USE_IMC_SCANNER_FALSE +USE_IMC_SCANNER_TRUE +USE_IMV_TEST_FALSE +USE_IMV_TEST_TRUE +USE_IMC_TEST_FALSE +USE_IMC_TEST_TRUE USE_TNCCS_DYNAMIC_FALSE USE_TNCCS_DYNAMIC_TRUE USE_TNCCS_20_FALSE USE_TNCCS_20_TRUE USE_TNCCS_11_FALSE USE_TNCCS_11_TRUE +USE_TNC_TNCCS_FALSE +USE_TNC_TNCCS_TRUE USE_TNC_IMV_FALSE USE_TNC_IMV_TRUE USE_TNC_IMC_FALSE USE_TNC_IMC_TRUE +USE_TNC_PDP_FALSE +USE_TNC_PDP_TRUE +USE_TNC_IFMAP_FALSE +USE_TNC_IFMAP_TRUE USE_EAP_RADIUS_FALSE USE_EAP_RADIUS_TRUE USE_EAP_TNC_FALSE @@ -871,12 +901,16 @@ USE_EAP_SIM_FILE_FALSE USE_EAP_SIM_FILE_TRUE USE_EAP_SIM_FALSE USE_EAP_SIM_TRUE +USE_RADATTR_FALSE +USE_RADATTR_TRUE USE_COUPLING_FALSE USE_COUPLING_TRUE USE_DUPLICHECK_FALSE USE_DUPLICHECK_TRUE USE_LED_FALSE USE_LED_TRUE +USE_CERTEXPIRE_FALSE +USE_CERTEXPIRE_TRUE USE_WHITELIST_FALSE USE_WHITELIST_TRUE USE_HA_FALSE @@ -931,6 +965,8 @@ USE_MYSQL_FALSE USE_MYSQL_TRUE USE_XCBC_FALSE USE_XCBC_TRUE +USE_CMAC_FALSE +USE_CMAC_TRUE USE_HMAC_FALSE USE_HMAC_TRUE USE_PEM_FALSE @@ -939,6 +975,8 @@ USE_DNSKEY_FALSE USE_DNSKEY_TRUE USE_PGP_FALSE USE_PGP_TRUE +USE_PKCS8_FALSE +USE_PKCS8_TRUE USE_PKCS1_FALSE USE_PKCS1_TRUE USE_PUBKEY_FALSE @@ -987,7 +1025,9 @@ scripts_plugins pki_plugins scepclient_plugins openac_plugins +attest_plugins pool_plugins +starter_plugins pluto_plugins libcharon_plugins nm_LIBS @@ -1000,10 +1040,13 @@ maemo_CFLAGS MYSQLCFLAG MYSQLLIB MYSQLCONFIG +clearsilver_LIBS RUBYINCLUDE RUBY gtk_LIBS gtk_CFLAGS +axis2c_LIBS +axis2c_CFLAGS xml_LIBS xml_CFLAGS soup_LIBS @@ -1074,7 +1117,9 @@ routing_table_prio routing_table linux_headers nm_ca_dir +imcvdir plugindir +ipseclibdir ipsecdir piddir resolv_conf @@ -1156,7 +1201,9 @@ with_strongswan_conf with_resolv_conf with_piddir with_ipsecdir +with_ipseclibdir with_plugindir +with_imcvdir with_nm_ca_dir with_linux_headers with_routing_table @@ -1185,10 +1232,12 @@ enable_revocation enable_constraints enable_pubkey enable_pkcs1 +enable_pkcs8 enable_pgp enable_dnskey enable_pem enable_hmac +enable_cmac enable_xcbc enable_af_alg enable_test_vectors @@ -1203,30 +1252,38 @@ enable_smartcard enable_cisco_quirks enable_leak_detective enable_lock_profiler -enable_unit_tests +enable_unit_tester enable_load_tester enable_eap_sim enable_eap_sim_file enable_eap_sim_pcsc +enable_eap_aka +enable_eap_aka_3gpp2 enable_eap_simaka_sql enable_eap_simaka_pseudonym enable_eap_simaka_reauth enable_eap_identity enable_eap_md5 enable_eap_gtc -enable_eap_aka -enable_eap_aka_3gpp2 enable_eap_mschapv2 enable_eap_tls enable_eap_ttls enable_eap_peap enable_eap_tnc enable_eap_radius +enable_tnc_ifmap +enable_tnc_pdp enable_tnc_imc enable_tnc_imv enable_tnccs_11 enable_tnccs_20 enable_tnccs_dynamic +enable_imc_test +enable_imv_test +enable_imc_scanner +enable_imv_scanner +enable_imc_attestation +enable_imv_attestation enable_kernel_netlink enable_kernel_pfkey enable_kernel_pfroute @@ -1247,6 +1304,7 @@ enable_load_warning enable_pluto enable_xauth enable_threads +enable_adns enable_charon enable_tools enable_scripts @@ -1271,9 +1329,11 @@ enable_maemo enable_nm enable_ha enable_whitelist +enable_certexpire enable_led enable_duplicheck enable_coupling +enable_radattr enable_vstr enable_monolithic enable_dependency_tracking @@ -1303,6 +1363,8 @@ soup_CFLAGS soup_LIBS xml_CFLAGS xml_LIBS +axis2c_CFLAGS +axis2c_LIBS gtk_CFLAGS gtk_LIBS maemo_CFLAGS @@ -1853,7 +1915,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures strongSwan 4.5.2 to adapt to many kinds of systems. +\`configure' configures strongSwan 4.6.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1923,7 +1985,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of strongSwan 4.5.2:";; + short | recursive ) echo "Configuration of strongSwan 4.6.4:";; esac cat <<\_ACEOF @@ -1954,10 +2016,12 @@ Optional Features: --disable-constraints disable advanced X509 constraint checking plugin. --disable-pubkey disable RAW public key support plugin. --disable-pkcs1 disable PKCS1 key decoding plugin. + --disable-pkcs8 disable PKCS8 private key decoding plugin. --disable-pgp disable PGP key decoding plugin. --disable-dnskey disable DNS RR key decoding plugin. --disable-pem disable PEM decoding plugin. --disable-hmac disable HMAC crypto implementation plugin. + --disable-cmac disable CMAC crypto implementation plugin. --disable-xcbc disable xcbc crypto implementation plugin. --enable-af-alg enable AF_ALG crypto interface to Linux Crypto API. --enable-test-vectors enable plugin providing crypto test vectors. @@ -1977,12 +2041,15 @@ Optional Features: --enable-cisco-quirks enable support of Cisco VPN client. --enable-leak-detective enable malloc hooks to find memory leaks. --enable-lock-profiler enable lock/mutex profiling code. - --enable-unit-tests enable unit tests on IKEv2 daemon startup. + --enable-unit-tester enable unit tests on IKEv2 daemon startup. --enable-load-tester enable load testing plugin for IKEv2 daemon. --enable-eap-sim enable SIM authentication module for EAP. --enable-eap-sim-file enable EAP-SIM backend based on a triplet file. --enable-eap-sim-pcsc enable EAP-SIM backend based on a smartcard reader. Requires libpcsclite. + --enable-eap-aka enable EAP AKA authentication module. + --enable-eap-aka-3gpp2 enable EAP AKA backend implementing 3GPP2 algorithms + in software. Requires libgmp. --enable-eap-simaka-sql enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database. --enable-eap-simaka-pseudonym @@ -1993,20 +2060,27 @@ Optional Features: --enable-eap-identity enable EAP module providing EAP-Identity helper. --enable-eap-md5 enable EAP MD5 (CHAP) authentication module. --enable-eap-gtc enable PAM based EAP GTC authentication module. - --enable-eap-aka enable EAP AKA authentication module. - --enable-eap-aka-3gpp2 enable EAP AKA backend implementing 3GPP2 algorithms - in software. Requires libgmp. --enable-eap-mschapv2 enable EAP MS-CHAPv2 authentication module. --enable-eap-tls enable EAP TLS authentication module. --enable-eap-ttls enable EAP TTLS authentication module. --enable-eap-peap enable EAP PEAP authentication module. --enable-eap-tnc enable EAP TNC trusted network connect module. --enable-eap-radius enable RADIUS proxy authentication module. + --enable-tnc-ifmap enable TNC IF-MAP module. + --enable-tnc-pdp enable TNC policy decision point module. --enable-tnc-imc enable TNC IMC module. --enable-tnc-imv enable TNC IMV module. --enable-tnccs-11 enable TNCCS 1.1 protocol module. --enable-tnccs-20 enable TNCCS 2.0 protocol module. --enable-tnccs-dynamic enable dynamic TNCCS protocol discovery module. + --enable-imc-test enable IMC test module. + --enable-imv-test enable IMV test module. + --enable-imc-scanner enable IMC port scanner module. + --enable-imv-scanner enable IMV port scanner module. + --enable-imc-attestation + enable IMC attestation module. + --enable-imv-attestation + enable IMV attestation module. --disable-kernel-netlink disable the netlink kernel interface. --enable-kernel-pfkey enable the PF_KEY kernel interface. @@ -2037,6 +2111,8 @@ Optional Features: --disable-xauth disable xauth plugin. --disable-threads disable the use of threads in pluto. Charon always uses threads. + --disable-adns disable the use of adns in pluto (disables + opportunistic encryption). --disable-charon disable the IKEv2 keying daemon charon. --disable-tools disable additional utilities (openac, scepclient and pki). @@ -2064,12 +2140,16 @@ Optional Features: --enable-nm enable NetworkManager plugin. --enable-ha enable high availability cluster plugin. --enable-whitelist enable peer identity whitelisting plugin. + --enable-certexpire enable CSV export of expiration dates of used + certificates. --enable-led enable plugin to control LEDs on IKEv2 activity using the Linux kernel LED subsystem. --enable-duplicheck advanced duplicate checking plugin using liveness checks. --enable-coupling enable IKEv2 plugin to couple peer certificates permanently to authentication. + --enable-radattr enable plugin to inject and process custom RADIUS + attributes as IKEv2 client. --enable-vstr enforce using the Vstr string library to replace glibc-like printf hooks. --enable-monolithic build monolithic version of libstrongswan that @@ -2104,8 +2184,12 @@ Optional Packages: /var/run). --with-ipsecdir=arg set installation path for ipsec tools (default: ${libexecdir%/}/ipsec). + --with-ipseclibdir=arg set installation path for ipsec libraries (default: + ${libdir%/}/ipsec). --with-plugindir=arg set the installation path of plugins (default: - ${ipsecdir%/}/plugins). + ${ipseclibdir%/}/plugins). + --with-imcvdir=arg set the installation path of IMC and IMV dynamic + librariers (default: ${ipseclibdir%/}/imcvs). --with-nm-ca-dir=arg directory the NM plugin uses to look up trusted root certificates (default: /usr/share/ca-certificates). --with-linux-headers=arg @@ -2157,6 +2241,9 @@ Some influential environment variables: soup_LIBS linker flags for soup, overriding pkg-config xml_CFLAGS C compiler flags for xml, overriding pkg-config xml_LIBS linker flags for xml, overriding pkg-config + axis2c_CFLAGS + C compiler flags for axis2c, overriding pkg-config + axis2c_LIBS linker flags for axis2c, overriding pkg-config gtk_CFLAGS C compiler flags for gtk, overriding pkg-config gtk_LIBS linker flags for gtk, overriding pkg-config maemo_CFLAGS @@ -2235,7 +2322,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -strongSwan configure 4.5.2 +strongSwan configure 4.6.4 generated by GNU Autoconf 2.67 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2711,7 +2798,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by strongSwan $as_me 4.5.2, which was +It was created by strongSwan $as_me 4.6.4, which was generated by GNU Autoconf 2.67. Invocation command line was $ $0 $@ @@ -3526,7 +3613,7 @@ fi # Define the identity of the package. PACKAGE='strongswan' - VERSION='4.5.2' + VERSION='4.6.4' cat >>confdefs.h <<_ACEOF @@ -3866,12 +3953,36 @@ fi +# Check whether --with-ipseclibdir was given. +if test "${with_ipseclibdir+set}" = set; then : + withval=$with_ipseclibdir; ipseclibdir="$withval" + +else + ipseclibdir="${libdir%/}/ipsec" + + +fi + + + # Check whether --with-plugindir was given. if test "${with_plugindir+set}" = set; then : withval=$with_plugindir; plugindir="$withval" else - plugindir="${ipsecdir%/}/plugins" + plugindir="${ipseclibdir%/}/plugins" + + +fi + + + +# Check whether --with-imcvdir was given. +if test "${with_imcvdir+set}" = set; then : + withval=$with_imcvdir; imcvdir="$withval" + +else + imcvdir="${ipseclibdir%/}/imcvs" fi @@ -4292,6 +4403,21 @@ else fi +# Check whether --enable-pkcs8 was given. +if test "${enable_pkcs8+set}" = set; then : + enableval=$enable_pkcs8; pkcs8_given=true + if test x$enableval = xyes; then + pkcs8=true + else + pkcs8=false + fi +else + pkcs8=true + pkcs8_given=false + +fi + + # Check whether --enable-pgp was given. if test "${enable_pgp+set}" = set; then : enableval=$enable_pgp; pgp_given=true @@ -4352,6 +4478,21 @@ else fi +# Check whether --enable-cmac was given. +if test "${enable_cmac+set}" = set; then : + enableval=$enable_cmac; cmac_given=true + if test x$enableval = xyes; then + cmac=true + else + cmac=false + fi +else + cmac=true + cmac_given=false + +fi + + # Check whether --enable-xcbc was given. if test "${enable_xcbc+set}" = set; then : enableval=$enable_xcbc; xcbc_given=true @@ -4562,17 +4703,17 @@ else fi -# Check whether --enable-unit-tests was given. -if test "${enable_unit_tests+set}" = set; then : - enableval=$enable_unit_tests; unit_tests_given=true +# Check whether --enable-unit-tester was given. +if test "${enable_unit_tester+set}" = set; then : + enableval=$enable_unit_tester; unit_tester_given=true if test x$enableval = xyes; then - unit_tests=true + unit_tester=true else - unit_tests=false + unit_tester=false fi else - unit_tests=false - unit_tests_given=false + unit_tester=false + unit_tester_given=false fi @@ -4637,6 +4778,36 @@ else fi +# Check whether --enable-eap-aka was given. +if test "${enable_eap_aka+set}" = set; then : + enableval=$enable_eap_aka; eap_aka_given=true + if test x$enableval = xyes; then + eap_aka=true + else + eap_aka=false + fi +else + eap_aka=false + eap_aka_given=false + +fi + + +# Check whether --enable-eap-aka-3gpp2 was given. +if test "${enable_eap_aka_3gpp2+set}" = set; then : + enableval=$enable_eap_aka_3gpp2; eap_aka_3gpp2_given=true + if test x$enableval = xyes; then + eap_aka_3gpp2=true + else + eap_aka_3gpp2=false + fi +else + eap_aka_3gpp2=false + eap_aka_3gpp2_given=false + +fi + + # Check whether --enable-eap-simaka-sql was given. if test "${enable_eap_simaka_sql+set}" = set; then : enableval=$enable_eap_simaka_sql; eap_simaka_sql_given=true @@ -4727,36 +4898,6 @@ else fi -# Check whether --enable-eap-aka was given. -if test "${enable_eap_aka+set}" = set; then : - enableval=$enable_eap_aka; eap_aka_given=true - if test x$enableval = xyes; then - eap_aka=true - else - eap_aka=false - fi -else - eap_aka=false - eap_aka_given=false - -fi - - -# Check whether --enable-eap-aka-3gpp2 was given. -if test "${enable_eap_aka_3gpp2+set}" = set; then : - enableval=$enable_eap_aka_3gpp2; eap_aka_3gpp2_given=true - if test x$enableval = xyes; then - eap_aka_3gpp2=true - else - eap_aka_3gpp2=false - fi -else - eap_aka_3gpp2=false - eap_aka_3gpp2_given=false - -fi - - # Check whether --enable-eap-mschapv2 was given. if test "${enable_eap_mschapv2+set}" = set; then : enableval=$enable_eap_mschapv2; eap_mschapv2_given=true @@ -4847,6 +4988,36 @@ else fi +# Check whether --enable-tnc-ifmap was given. +if test "${enable_tnc_ifmap+set}" = set; then : + enableval=$enable_tnc_ifmap; tnc_ifmap_given=true + if test x$enableval = xyes; then + tnc_ifmap=true + else + tnc_ifmap=false + fi +else + tnc_ifmap=false + tnc_ifmap_given=false + +fi + + +# Check whether --enable-tnc-pdp was given. +if test "${enable_tnc_pdp+set}" = set; then : + enableval=$enable_tnc_pdp; tnc_pdp_given=true + if test x$enableval = xyes; then + tnc_pdp=true + else + tnc_pdp=false + fi +else + tnc_pdp=false + tnc_pdp_given=false + +fi + + # Check whether --enable-tnc-imc was given. if test "${enable_tnc_imc+set}" = set; then : enableval=$enable_tnc_imc; tnc_imc_given=true @@ -4922,6 +5093,96 @@ else fi +# Check whether --enable-imc-test was given. +if test "${enable_imc_test+set}" = set; then : + enableval=$enable_imc_test; imc_test_given=true + if test x$enableval = xyes; then + imc_test=true + else + imc_test=false + fi +else + imc_test=false + imc_test_given=false + +fi + + +# Check whether --enable-imv-test was given. +if test "${enable_imv_test+set}" = set; then : + enableval=$enable_imv_test; imv_test_given=true + if test x$enableval = xyes; then + imv_test=true + else + imv_test=false + fi +else + imv_test=false + imv_test_given=false + +fi + + +# Check whether --enable-imc-scanner was given. +if test "${enable_imc_scanner+set}" = set; then : + enableval=$enable_imc_scanner; imc_scanner_given=true + if test x$enableval = xyes; then + imc_scanner=true + else + imc_scanner=false + fi +else + imc_scanner=false + imc_scanner_given=false + +fi + + +# Check whether --enable-imv-scanner was given. +if test "${enable_imv_scanner+set}" = set; then : + enableval=$enable_imv_scanner; imv_scanner_given=true + if test x$enableval = xyes; then + imv_scanner=true + else + imv_scanner=false + fi +else + imv_scanner=false + imv_scanner_given=false + +fi + + +# Check whether --enable-imc-attestation was given. +if test "${enable_imc_attestation+set}" = set; then : + enableval=$enable_imc_attestation; imc_attestation_given=true + if test x$enableval = xyes; then + imc_attestation=true + else + imc_attestation=false + fi +else + imc_attestation=false + imc_attestation_given=false + +fi + + +# Check whether --enable-imv-attestation was given. +if test "${enable_imv_attestation+set}" = set; then : + enableval=$enable_imv_attestation; imv_attestation_given=true + if test x$enableval = xyes; then + imv_attestation=true + else + imv_attestation=false + fi +else + imv_attestation=false + imv_attestation_given=false + +fi + + # Check whether --enable-kernel-netlink was given. if test "${enable_kernel_netlink+set}" = set; then : enableval=$enable_kernel_netlink; kernel_netlink_given=true @@ -5222,6 +5483,21 @@ else fi +# Check whether --enable-adns was given. +if test "${enable_adns+set}" = set; then : + enableval=$enable_adns; adns_given=true + if test x$enableval = xyes; then + adns=true + else + adns=false + fi +else + adns=true + adns_given=false + +fi + + # Check whether --enable-charon was given. if test "${enable_charon+set}" = set; then : enableval=$enable_charon; charon_given=true @@ -5582,6 +5858,21 @@ else fi +# Check whether --enable-certexpire was given. +if test "${enable_certexpire+set}" = set; then : + enableval=$enable_certexpire; certexpire_given=true + if test x$enableval = xyes; then + certexpire=true + else + certexpire=false + fi +else + certexpire=false + certexpire_given=false + +fi + + # Check whether --enable-led was given. if test "${enable_led+set}" = set; then : enableval=$enable_led; led_given=true @@ -5627,6 +5918,21 @@ else fi +# Check whether --enable-radattr was given. +if test "${enable_radattr+set}" = set; then : + enableval=$enable_radattr; radattr_given=true + if test x$enableval = xyes; then + radattr=true + else + radattr=false + fi +else + radattr=false + radattr_given=false + +fi + + # Check whether --enable-vstr was given. if test "${enable_vstr+set}" = set; then : enableval=$enable_vstr; vstr_given=true @@ -5660,7 +5966,7 @@ fi if test -z "$CFLAGS"; then - CFLAGS="-g -O2 -Wall -Wno-format -Wno-pointer-sign -Wno-strict-aliasing" + CFLAGS="-g -O2 -Wall -Wno-format -Wno-pointer-sign" fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -8009,13 +8315,13 @@ if test "${lt_cv_nm_interface+set}" = set; then : else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:8012: $ac_compile\"" >&5) + (eval echo "\"\$as_me:8318: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 - (eval echo "\"\$as_me:8015: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval echo "\"\$as_me:8321: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 - (eval echo "\"\$as_me:8018: output\"" >&5) + (eval echo "\"\$as_me:8324: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" @@ -9220,7 +9526,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 9223 "configure"' > conftest.$ac_ext + echo '#line 9529 "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -10482,11 +10788,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:10485: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10791: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:10489: \$? = $ac_status" >&5 + echo "$as_me:10795: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -10821,11 +11127,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:10824: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11130: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:10828: \$? = $ac_status" >&5 + echo "$as_me:11134: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -10926,11 +11232,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:10929: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11235: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:10933: \$? = $ac_status" >&5 + echo "$as_me:11239: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10981,11 +11287,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:10984: $lt_compile\"" >&5) + (eval echo "\"\$as_me:11290: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:10988: \$? = $ac_status" >&5 + echo "$as_me:11294: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -13365,7 +13671,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 13368 "configure" +#line 13674 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -13461,7 +13767,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 13464 "configure" +#line 13770 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -14114,6 +14420,22 @@ if test x$eap_tls = xtrue -o x$eap_ttls = xtrue -o x$eap_peap = xtrue; then tls=true; fi +if test x$eap_radius = xtrue -o x$radattr = xtrue -o x$tnc_pdp = xtrue; then + radius=true; +fi + +if test x$tnc_imc = xtrue -o x$tnc_imv = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_dynamic = xtrue -o x$eap_tnc = xtrue; then + tnc_tnccs=true; +fi + +if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue; then + imcv=true; +fi + +if test x$imc_attestation = xtrue -o x$imv_attestation = xtrue; then + pts=true; +fi + if test x$fips_prf = xtrue; then if test x$openssl = xfalse; then sha1=true; @@ -14124,6 +14446,10 @@ if test x$smp = xtrue -o x$tnccs_11 = xtrue; then xml=true fi +if test x$tnc_ifmap = xtrue; then + axis2c=true +fi + if test x$manager = xtrue; then fast=true fi @@ -14925,24 +15251,50 @@ done LIBS=$saved_LIBS -for ac_func in prctl -do : - ac_fn_c_check_func "$LINENO" "prctl" "ac_cv_func_prctl" -if test "x$ac_cv_func_prctl" = x""yes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PRCTL 1 +ac_fn_c_check_func "$LINENO" "gettid" "ac_cv_func_gettid" +if test "x$ac_cv_func_gettid" = x""yes; then : + $as_echo "#define HAVE_GETTID 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYS_gettid" >&5 +$as_echo_n "checking for SYS_gettid... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _GNU_SOURCE + #include + #include +int +main () +{ +int main() { + return syscall(SYS_gettid);} + ; + return 0; +} _ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; $as_echo "#define HAVE_GETTID 1" >>confdefs.h + + $as_echo "#define HAVE_SYS_GETTID 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -done -for ac_func in mallinfo +for ac_func in prctl mallinfo getpass closefrom do : - ac_fn_c_check_func "$LINENO" "mallinfo" "ac_cv_func_mallinfo" -if test "x$ac_cv_func_mallinfo" = x""yes; then : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF -#define HAVE_MALLINFO 1 +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi @@ -15135,6 +15487,33 @@ $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RTA_TABLE" >&5 +$as_echo_n "checking for RTA_TABLE... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + #include +int +main () +{ +int rta_type = RTA_TABLE; + return rta_type; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; $as_echo "#define HAVE_RTA_TABLE 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcc atomic operations" >&5 $as_echo_n "checking for gcc atomic operations... " >&6; } if test "$cross_compiling" = yes; then : @@ -15655,33 +16034,175 @@ fi fi -if test x$dumm = xtrue; then +if test x$axis2c = xtrue; then pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gtk" >&5 -$as_echo_n "checking for gtk... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for axis2c" >&5 +$as_echo_n "checking for axis2c... " >&6; } -if test -n "$gtk_CFLAGS"; then - pkg_cv_gtk_CFLAGS="$gtk_CFLAGS" +if test -n "$axis2c_CFLAGS"; then + pkg_cv_axis2c_CFLAGS="$axis2c_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5 - ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"axis2c\""; } >&5 + ($PKG_CONFIG --exists --print-errors "axis2c") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then - pkg_cv_gtk_CFLAGS=`$PKG_CONFIG --cflags "gtk+-2.0 vte" 2>/dev/null` + pkg_cv_axis2c_CFLAGS=`$PKG_CONFIG --cflags "axis2c" 2>/dev/null` else pkg_failed=yes fi else pkg_failed=untried fi -if test -n "$gtk_LIBS"; then - pkg_cv_gtk_LIBS="$gtk_LIBS" +if test -n "$axis2c_LIBS"; then + pkg_cv_axis2c_LIBS="$axis2c_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"axis2c\""; } >&5 + ($PKG_CONFIG --exists --print-errors "axis2c") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_axis2c_LIBS=`$PKG_CONFIG --libs "axis2c" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + axis2c_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "axis2c" 2>&1` + else + axis2c_PKG_ERRORS=`$PKG_CONFIG --print-errors "axis2c" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$axis2c_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (axis2c) were not met: + +$axis2c_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables axis2c_CFLAGS +and axis2c_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables axis2c_CFLAGS +and axis2c_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5 ; } +else + axis2c_CFLAGS=$pkg_cv_axis2c_CFLAGS + axis2c_LIBS=$pkg_cv_axis2c_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + + +fi + +if test x$imc_attestation = xtrue -o x$imv_attestation = xtrue; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -ltspi" >&5 +$as_echo_n "checking for main in -ltspi... " >&6; } +if test "${ac_cv_lib_tspi_main+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ltspi $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_tspi_main=yes +else + ac_cv_lib_tspi_main=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_tspi_main" >&5 +$as_echo "$ac_cv_lib_tspi_main" >&6; } +if test "x$ac_cv_lib_tspi_main" = x""yes; then : + LIBS="$LIBS" +else + as_fn_error $? "TrouSerS library libtspi not found" "$LINENO" 5 +fi +ac_cv_lib_tspi=ac_cv_lib_tspi_main + + ac_fn_c_check_header_mongrel "$LINENO" "trousers/tss.h" "ac_cv_header_trousers_tss_h" "$ac_includes_default" +if test "x$ac_cv_header_trousers_tss_h" = x""yes; then : + +else + as_fn_error $? "TrouSerS header trousers/tss.h not found!" "$LINENO" 5 +fi + + +fi + +if test x$dumm = xtrue; then + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gtk" >&5 +$as_echo_n "checking for gtk... " >&6; } + +if test -n "$gtk_CFLAGS"; then + pkg_cv_gtk_CFLAGS="$gtk_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5 + ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_gtk_CFLAGS=`$PKG_CONFIG --cflags "gtk+-2.0 vte" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$gtk_LIBS"; then + pkg_cv_gtk_LIBS="$gtk_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5 ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 @@ -15891,43 +16412,38 @@ else fi ac_cv_lib_neo_utl=ac_cv_lib_neo_utl_main - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lz" >&5 -$as_echo_n "checking for main in -lz... " >&6; } -if test "${ac_cv_lib_z_main+set}" = set; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lz $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking ClearSilver requires zlib" >&5 +$as_echo_n "checking ClearSilver requires zlib... " >&6; } + saved_CFLAGS=$CFLAGS + saved_LIBS=$LIBS + LIBS="-lneo_cgi -lneo_cs -lneo_utl" + CFLAGS="-I/usr/include/ClearSilver" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ - - +#include int main () { -return main (); + + NEOERR *err = cgi_display(NULL, NULL); + ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_z_main=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; clearsilver_LIBS="$LIBS" else - ac_cv_lib_z_main=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; clearsilver_LIBS="$LIBS -lz" + fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_main" >&5 -$as_echo "$ac_cv_lib_z_main" >&6; } -if test "x$ac_cv_lib_z_main" = x""yes; then : - LIBS="$LIBS" -else - as_fn_error $? "ClearSilver dependency zlib not found!" "$LINENO" 5 -fi -ac_cv_lib_z=ac_cv_lib_z_main + LIBS=$saved_LIBS + CFLAGS=$saved_CFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lfcgi" >&5 $as_echo_n "checking for main in -lfcgi... " >&6; } @@ -16911,7 +17427,9 @@ fi # plugin lists for all components libcharon_plugins= pluto_plugins= +starter_plugins= pool_plugins= +attest_plugins= openac_plugins= scepclient_plugins= pki_plugins= @@ -16969,6 +17487,7 @@ if test x$mysql = xtrue; then pool_plugins=${pool_plugins}" mysql" manager_plugins=${manager_plugins}" mysql" medsrv_plugins=${medsrv_plugins}" mysql" + attest_plugins=${attest_plugins}" mysql" fi @@ -16979,6 +17498,14 @@ if test x$sqlite = xtrue; then pool_plugins=${pool_plugins}" sqlite" manager_plugins=${manager_plugins}" sqlite" medsrv_plugins=${medsrv_plugins}" sqlite" + attest_plugins=${attest_plugins}" sqlite" + + fi + +if test x$pkcs11 = xtrue; then + s_plugins=${s_plugins}" pkcs11" + libcharon_plugins=${libcharon_plugins}" pkcs11" + pki_plugins=${pki_plugins}" pkcs11" fi @@ -17024,6 +17551,7 @@ if test x$sha1 = xtrue; then pki_plugins=${pki_plugins}" sha1" scripts_plugins=${scripts_plugins}" sha1" medsrv_plugins=${medsrv_plugins}" sha1" + attest_plugins=${attest_plugins}" sha1" fi @@ -17036,6 +17564,7 @@ if test x$sha2 = xtrue; then pki_plugins=${pki_plugins}" sha2" scripts_plugins=${scripts_plugins}" sha2" medsrv_plugins=${medsrv_plugins}" sha2" + attest_plugins=${attest_plugins}" sha2" fi @@ -17056,6 +17585,8 @@ if test x$md5 = xtrue; then openac_plugins=${openac_plugins}" md5" scepclient_plugins=${scepclient_plugins}" md5" pki_plugins=${pki_plugins}" md5" + scripts_plugins=${scripts_plugins}" md5" + attest_plugins=${attest_plugins}" md5" fi @@ -17068,6 +17599,7 @@ if test x$random = xtrue; then pki_plugins=${pki_plugins}" random" scripts_plugins=${scripts_plugins}" random" medsrv_plugins=${medsrv_plugins}" random" + attest_plugins=${attest_plugins}" random" fi @@ -17079,6 +17611,7 @@ if test x$x509 = xtrue; then scepclient_plugins=${scepclient_plugins}" x509" pki_plugins=${pki_plugins}" x509" scripts_plugins=${scripts_plugins}" x509" + attest_plugins=${attest_plugins}" x509" fi @@ -17110,6 +17643,21 @@ if test x$pkcs1 = xtrue; then scripts_plugins=${scripts_plugins}" pkcs1" manager_plugins=${manager_plugins}" pkcs1" medsrv_plugins=${medsrv_plugins}" pkcs1" + attest_plugins=${attest_plugins}" pkcs1" + + fi + +if test x$pkcs8 = xtrue; then + s_plugins=${s_plugins}" pkcs8" + libcharon_plugins=${libcharon_plugins}" pkcs8" + pluto_plugins=${pluto_plugins}" pkcs8" + openac_plugins=${openac_plugins}" pkcs8" + scepclient_plugins=${scepclient_plugins}" pkcs8" + pki_plugins=${pki_plugins}" pkcs8" + scripts_plugins=${scripts_plugins}" pkcs8" + manager_plugins=${manager_plugins}" pkcs8" + medsrv_plugins=${medsrv_plugins}" pkcs8" + attest_plugins=${attest_plugins}" pkcs8" fi @@ -17136,6 +17684,7 @@ if test x$pem = xtrue; then scripts_plugins=${scripts_plugins}" pem" manager_plugins=${manager_plugins}" pem" medsrv_plugins=${medsrv_plugins}" pem" + attest_plugins=${attest_plugins}" pem" fi @@ -17155,6 +17704,7 @@ if test x$openssl = xtrue; then scripts_plugins=${scripts_plugins}" openssl" manager_plugins=${manager_plugins}" openssl" medsrv_plugins=${medsrv_plugins}" openssl" + attest_plugins=${attest_plugins}" openssl" fi @@ -17168,6 +17718,20 @@ if test x$gcrypt = xtrue; then scripts_plugins=${scripts_plugins}" gcrypt" manager_plugins=${manager_plugins}" gcrypt" medsrv_plugins=${medsrv_plugins}" gcrypt" + attest_plugins=${attest_plugins}" gcrypt" + + fi + +if test x$af_alg = xtrue; then + s_plugins=${s_plugins}" af-alg" + libcharon_plugins=${libcharon_plugins}" af-alg" + pluto_plugins=${pluto_plugins}" af-alg" + openac_plugins=${openac_plugins}" af-alg" + scepclient_plugins=${scepclient_plugins}" af-alg" + pki_plugins=${pki_plugins}" af-alg" + scripts_plugins=${scripts_plugins}" af-alg" + medsrv_plugins=${medsrv_plugins}" af-alg" + attest_plugins=${attest_plugins}" af-alg" fi @@ -17187,6 +17751,7 @@ if test x$gmp = xtrue; then scripts_plugins=${scripts_plugins}" gmp" manager_plugins=${manager_plugins}" gmp" medsrv_plugins=${medsrv_plugins}" gmp" + attest_plugins=${attest_plugins}" gmp" fi @@ -17196,19 +17761,18 @@ if test x$agent = xtrue; then fi -if test x$pkcs11 = xtrue; then - s_plugins=${s_plugins}" pkcs11" - libcharon_plugins=${libcharon_plugins}" pkcs11" - pki_plugins=${pki_plugins}" pkcs11" - - fi - if test x$xcbc = xtrue; then s_plugins=${s_plugins}" xcbc" libcharon_plugins=${libcharon_plugins}" xcbc" fi +if test x$cmac = xtrue; then + s_plugins=${s_plugins}" cmac" + libcharon_plugins=${libcharon_plugins}" cmac" + + fi + if test x$hmac = xtrue; then s_plugins=${s_plugins}" hmac" libcharon_plugins=${libcharon_plugins}" hmac" @@ -17238,18 +17802,6 @@ if test x$gcm = xtrue; then fi -if test x$af_alg = xtrue; then - s_plugins=${s_plugins}" af-alg" - libcharon_plugins=${libcharon_plugins}" af-alg" - pluto_plugins=${pluto_plugins}" af-alg" - openac_plugins=${openac_plugins}" af-alg" - scepclient_plugins=${scepclient_plugins}" af-alg" - pki_plugins=${pki_plugins}" af-alg" - scripts_plugins=${scripts_plugins}" af-alg" - medsrv_plugins=${medsrv_plugins}" af-alg" - - fi - if test x$xauth = xtrue; then p_plugins=${p_plugins}" xauth" pluto_plugins=${pluto_plugins}" xauth" @@ -17280,6 +17832,7 @@ if test x$kernel_pfkey = xtrue; then h_plugins=${h_plugins}" kernel-pfkey" libcharon_plugins=${libcharon_plugins}" kernel-pfkey" pluto_plugins=${pluto_plugins}" kernel-pfkey" + starter_plugins=${starter_plugins}" kernel-pfkey" fi @@ -17287,6 +17840,7 @@ if test x$kernel_pfroute = xtrue; then h_plugins=${h_plugins}" kernel-pfroute" libcharon_plugins=${libcharon_plugins}" kernel-pfroute" pluto_plugins=${pluto_plugins}" kernel-pfroute" + starter_plugins=${starter_plugins}" kernel-pfroute" fi @@ -17294,6 +17848,7 @@ if test x$kernel_klips = xtrue; then h_plugins=${h_plugins}" kernel-klips" libcharon_plugins=${libcharon_plugins}" kernel-klips" pluto_plugins=${pluto_plugins}" kernel-klips" + starter_plugins=${starter_plugins}" kernel-klips" fi @@ -17301,6 +17856,7 @@ if test x$kernel_netlink = xtrue; then h_plugins=${h_plugins}" kernel-netlink" libcharon_plugins=${libcharon_plugins}" kernel-netlink" pluto_plugins=${pluto_plugins}" kernel-netlink" + starter_plugins=${starter_plugins}" kernel-netlink" fi @@ -17383,6 +17939,18 @@ if test x$eap_sim_pcsc = xtrue; then fi +if test x$eap_aka = xtrue; then + c_plugins=${c_plugins}" eap-aka" + libcharon_plugins=${libcharon_plugins}" eap-aka" + + fi + +if test x$eap_aka_3gpp2 = xtrue; then + c_plugins=${c_plugins}" eap-aka-3gpp2" + libcharon_plugins=${libcharon_plugins}" eap-aka-3gpp2" + + fi + if test x$eap_simaka_sql = xtrue; then c_plugins=${c_plugins}" eap-simaka-sql" libcharon_plugins=${libcharon_plugins}" eap-simaka-sql" @@ -17401,18 +17969,6 @@ if test x$eap_simaka_reauth = xtrue; then fi -if test x$eap_aka = xtrue; then - c_plugins=${c_plugins}" eap-aka" - libcharon_plugins=${libcharon_plugins}" eap-aka" - - fi - -if test x$eap_aka_3gpp2 = xtrue; then - c_plugins=${c_plugins}" eap-aka-3gpp2" - libcharon_plugins=${libcharon_plugins}" eap-aka-3gpp2" - - fi - if test x$eap_md5 = xtrue; then c_plugins=${c_plugins}" eap-md5" libcharon_plugins=${libcharon_plugins}" eap-md5" @@ -17461,21 +18017,15 @@ if test x$eap_tnc = xtrue; then fi -if test x$tnccs_20 = xtrue; then - c_plugins=${c_plugins}" tnccs-20" - libcharon_plugins=${libcharon_plugins}" tnccs-20" +if test x$tnc_ifmap = xtrue; then + c_plugins=${c_plugins}" tnc-ifmap" + libcharon_plugins=${libcharon_plugins}" tnc-ifmap" fi -if test x$tnccs_11 = xtrue; then - c_plugins=${c_plugins}" tnccs-11" - libcharon_plugins=${libcharon_plugins}" tnccs-11" - - fi - -if test x$tnccs_dynamic = xtrue; then - c_plugins=${c_plugins}" tnccs-dynamic" - libcharon_plugins=${libcharon_plugins}" tnccs-dynamic" +if test x$tnc_pdp = xtrue; then + c_plugins=${c_plugins}" tnc-pdp" + libcharon_plugins=${libcharon_plugins}" tnc-pdp" fi @@ -17491,6 +18041,30 @@ if test x$tnc_imv = xtrue; then fi +if test x$tnc_tnccs = xtrue; then + c_plugins=${c_plugins}" tnc-tnccs" + libcharon_plugins=${libcharon_plugins}" tnc-tnccs" + + fi + +if test x$tnccs_20 = xtrue; then + c_plugins=${c_plugins}" tnccs-20" + libcharon_plugins=${libcharon_plugins}" tnccs-20" + + fi + +if test x$tnccs_11 = xtrue; then + c_plugins=${c_plugins}" tnccs-11" + libcharon_plugins=${libcharon_plugins}" tnccs-11" + + fi + +if test x$tnccs_dynamic = xtrue; then + c_plugins=${c_plugins}" tnccs-dynamic" + libcharon_plugins=${libcharon_plugins}" tnccs-dynamic" + + fi + if test x$medsrv = xtrue; then c_plugins=${c_plugins}" medsrv" libcharon_plugins=${libcharon_plugins}" medsrv" @@ -17533,6 +18107,12 @@ if test x$whitelist = xtrue; then fi +if test x$certexpire = xtrue; then + c_plugins=${c_plugins}" certexpire" + libcharon_plugins=${libcharon_plugins}" certexpire" + + fi + if test x$led = xtrue; then c_plugins=${c_plugins}" led" libcharon_plugins=${libcharon_plugins}" led" @@ -17551,6 +18131,12 @@ if test x$coupling = xtrue; then fi +if test x$radattr = xtrue; then + c_plugins=${c_plugins}" radattr" + libcharon_plugins=${libcharon_plugins}" radattr" + + fi + if test x$maemo = xtrue; then c_plugins=${c_plugins}" maemo" libcharon_plugins=${libcharon_plugins}" maemo" @@ -17592,6 +18178,8 @@ if test x$unit_tester = xtrue; then + + if test x$test_vectors = xtrue; then USE_TEST_VECTORS_TRUE= USE_TEST_VECTORS_FALSE='#' @@ -17744,6 +18332,14 @@ else USE_PKCS1_FALSE= fi + if test x$pkcs8 = xtrue; then + USE_PKCS8_TRUE= + USE_PKCS8_FALSE='#' +else + USE_PKCS8_TRUE='#' + USE_PKCS8_FALSE= +fi + if test x$pgp = xtrue; then USE_PGP_TRUE= USE_PGP_FALSE='#' @@ -17776,6 +18372,14 @@ else USE_HMAC_FALSE= fi + if test x$cmac = xtrue; then + USE_CMAC_TRUE= + USE_CMAC_FALSE='#' +else + USE_CMAC_TRUE='#' + USE_CMAC_FALSE= +fi + if test x$xcbc = xtrue; then USE_XCBC_TRUE= USE_XCBC_FALSE='#' @@ -17961,7 +18565,7 @@ else USE_DHCP_FALSE= fi - if test x$unit_tests = xtrue; then + if test x$unit_tester = xtrue; then USE_UNIT_TESTS_TRUE= USE_UNIT_TESTS_FALSE='#' else @@ -17993,6 +18597,14 @@ else USE_WHITELIST_FALSE= fi + if test x$certexpire = xtrue; then + USE_CERTEXPIRE_TRUE= + USE_CERTEXPIRE_FALSE='#' +else + USE_CERTEXPIRE_TRUE='#' + USE_CERTEXPIRE_FALSE= +fi + if test x$led = xtrue; then USE_LED_TRUE= USE_LED_FALSE='#' @@ -18017,6 +18629,14 @@ else USE_COUPLING_FALSE= fi + if test x$radattr = xtrue; then + USE_RADATTR_TRUE= + USE_RADATTR_FALSE='#' +else + USE_RADATTR_TRUE='#' + USE_RADATTR_FALSE= +fi + if test x$eap_sim = xtrue; then USE_EAP_SIM_TRUE= USE_EAP_SIM_FALSE='#' @@ -18153,6 +18773,22 @@ else USE_EAP_RADIUS_FALSE= fi + if test x$tnc_ifmap = xtrue; then + USE_TNC_IFMAP_TRUE= + USE_TNC_IFMAP_FALSE='#' +else + USE_TNC_IFMAP_TRUE='#' + USE_TNC_IFMAP_FALSE= +fi + + if test x$tnc_pdp = xtrue; then + USE_TNC_PDP_TRUE= + USE_TNC_PDP_FALSE='#' +else + USE_TNC_PDP_TRUE='#' + USE_TNC_PDP_FALSE= +fi + if test x$tnc_imc = xtrue; then USE_TNC_IMC_TRUE= USE_TNC_IMC_FALSE='#' @@ -18169,6 +18805,14 @@ else USE_TNC_IMV_FALSE= fi + if test x$tnc_tnccs = xtrue; then + USE_TNC_TNCCS_TRUE= + USE_TNC_TNCCS_FALSE='#' +else + USE_TNC_TNCCS_TRUE='#' + USE_TNC_TNCCS_FALSE= +fi + if test x$tnccs_11 = xtrue; then USE_TNCCS_11_TRUE= USE_TNCCS_11_FALSE='#' @@ -18193,6 +18837,54 @@ else USE_TNCCS_DYNAMIC_FALSE= fi + if test x$imc_test = xtrue; then + USE_IMC_TEST_TRUE= + USE_IMC_TEST_FALSE='#' +else + USE_IMC_TEST_TRUE='#' + USE_IMC_TEST_FALSE= +fi + + if test x$imv_test = xtrue; then + USE_IMV_TEST_TRUE= + USE_IMV_TEST_FALSE='#' +else + USE_IMV_TEST_TRUE='#' + USE_IMV_TEST_FALSE= +fi + + if test x$imc_scanner = xtrue; then + USE_IMC_SCANNER_TRUE= + USE_IMC_SCANNER_FALSE='#' +else + USE_IMC_SCANNER_TRUE='#' + USE_IMC_SCANNER_FALSE= +fi + + if test x$imv_scanner = xtrue; then + USE_IMV_SCANNER_TRUE= + USE_IMV_SCANNER_FALSE='#' +else + USE_IMV_SCANNER_TRUE='#' + USE_IMV_SCANNER_FALSE= +fi + + if test x$imc_attestation = xtrue; then + USE_IMC_ATTESTATION_TRUE= + USE_IMC_ATTESTATION_FALSE='#' +else + USE_IMC_ATTESTATION_TRUE='#' + USE_IMC_ATTESTATION_FALSE= +fi + + if test x$imv_attestation = xtrue; then + USE_IMV_ATTESTATION_TRUE= + USE_IMV_ATTESTATION_FALSE='#' +else + USE_IMV_ATTESTATION_TRUE='#' + USE_IMV_ATTESTATION_FALSE= +fi + if test x$socket_default = xtrue; then USE_SOCKET_DEFAULT_TRUE= USE_SOCKET_DEFAULT_FALSE='#' @@ -18420,6 +19112,14 @@ else USE_THREADS_FALSE= fi + if test x$adns = xtrue; then + USE_ADNS_TRUE= + USE_ADNS_FALSE='#' +else + USE_ADNS_TRUE='#' + USE_ADNS_FALSE= +fi + if test x$charon = xtrue; then USE_CHARON_TRUE= USE_CHARON_FALSE='#' @@ -18452,7 +19152,7 @@ else USE_CONFTEST_FALSE= fi - if test x$charon = xtrue -o x$pluto = xtrue -o x$tools = xtrue -o x$conftest = xtrue; then + if test x$charon = xtrue -o x$pluto = xtrue -o x$tools = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue; then USE_LIBSTRONGSWAN_TRUE= USE_LIBSTRONGSWAN_FALSE='#' else @@ -18476,6 +19176,22 @@ else USE_LIBCHARON_FALSE= fi + if test x$tnc_tnccs = xtrue -o x$imcv = xtrue; then + USE_LIBTNCIF_TRUE= + USE_LIBTNCIF_FALSE='#' +else + USE_LIBTNCIF_TRUE='#' + USE_LIBTNCIF_FALSE= +fi + + if test x$tnc_tnccs = xtrue; then + USE_LIBTNCCS_TRUE= + USE_LIBTNCCS_FALSE='#' +else + USE_LIBTNCCS_TRUE='#' + USE_LIBTNCCS_FALSE= +fi + if test x$pluto = xtrue -o x$stroke = xtrue; then USE_FILE_CONFIG_TRUE= USE_FILE_CONFIG_FALSE='#' @@ -18524,6 +19240,30 @@ else USE_TLS_FALSE= fi + if test x$radius = xtrue; then + USE_RADIUS_TRUE= + USE_RADIUS_FALSE='#' +else + USE_RADIUS_TRUE='#' + USE_RADIUS_FALSE= +fi + + if test x$imcv = xtrue; then + USE_IMCV_TRUE= + USE_IMCV_FALSE='#' +else + USE_IMCV_TRUE='#' + USE_IMCV_FALSE= +fi + + if test x$pts = xtrue; then + USE_PTS_TRUE= + USE_PTS_FALSE='#' +else + USE_PTS_TRUE='#' + USE_PTS_FALSE= +fi + if test x$monolithic = xtrue; then MONOLITHIC_TRUE= MONOLITHIC_FALSE='#' @@ -18549,7 +19289,7 @@ fi -ac_config_files="$ac_config_files Makefile man/Makefile init/Makefile init/systemd/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libhydra/Makefile src/libhydra/plugins/attr/Makefile src/libhydra/plugins/attr_sql/Makefile src/libhydra/plugins/kernel_klips/Makefile src/libhydra/plugins/kernel_netlink/Makefile src/libhydra/plugins/kernel_pfkey/Makefile src/libhydra/plugins/kernel_pfroute/Makefile src/libhydra/plugins/resolve/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile src/libtls/Makefile src/pluto/Makefile src/pluto/plugins/xauth/Makefile src/whack/Makefile src/charon/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/tnc_imc/Makefile src/libcharon/plugins/tnc_imv/Makefile src/libcharon/plugins/tnccs_11/Makefile src/libcharon/plugins/tnccs_20/Makefile src/libcharon/plugins/tnccs_dynamic/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_raw/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/nm/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/android/Makefile src/libcharon/plugins/maemo/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/unit_tester/Makefile src/libcharon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/pki/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile scripts/Makefile testing/Makefile" +ac_config_files="$ac_config_files Makefile man/Makefile init/Makefile init/systemd/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libhydra/Makefile src/libhydra/plugins/attr/Makefile src/libhydra/plugins/attr_sql/Makefile src/libhydra/plugins/kernel_klips/Makefile src/libhydra/plugins/kernel_netlink/Makefile src/libhydra/plugins/kernel_pfkey/Makefile src/libhydra/plugins/kernel_pfroute/Makefile src/libhydra/plugins/resolve/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libpts/Makefile src/libpts/plugins/imc_attestation/Makefile src/libpts/plugins/imv_attestation/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/pluto/Makefile src/pluto/plugins/xauth/Makefile src/whack/Makefile src/charon/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/tnc_imc/Makefile src/libcharon/plugins/tnc_imv/Makefile src/libcharon/plugins/tnc_tnccs/Makefile src/libcharon/plugins/tnccs_11/Makefile src/libcharon/plugins/tnccs_20/Makefile src/libcharon/plugins/tnccs_dynamic/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_raw/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/nm/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/android/Makefile src/libcharon/plugins/maemo/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/unit_tester/Makefile src/libcharon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/pki/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile scripts/Makefile testing/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -18782,6 +19522,10 @@ if test -z "${USE_PKCS1_TRUE}" && test -z "${USE_PKCS1_FALSE}"; then as_fn_error $? "conditional \"USE_PKCS1\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_PKCS8_TRUE}" && test -z "${USE_PKCS8_FALSE}"; then + as_fn_error $? "conditional \"USE_PKCS8\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_PGP_TRUE}" && test -z "${USE_PGP_FALSE}"; then as_fn_error $? "conditional \"USE_PGP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -18798,6 +19542,10 @@ if test -z "${USE_HMAC_TRUE}" && test -z "${USE_HMAC_FALSE}"; then as_fn_error $? "conditional \"USE_HMAC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_CMAC_TRUE}" && test -z "${USE_CMAC_FALSE}"; then + as_fn_error $? "conditional \"USE_CMAC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_XCBC_TRUE}" && test -z "${USE_XCBC_FALSE}"; then as_fn_error $? "conditional \"USE_XCBC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -18906,6 +19654,10 @@ if test -z "${USE_WHITELIST_TRUE}" && test -z "${USE_WHITELIST_FALSE}"; then as_fn_error $? "conditional \"USE_WHITELIST\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_CERTEXPIRE_TRUE}" && test -z "${USE_CERTEXPIRE_FALSE}"; then + as_fn_error $? "conditional \"USE_CERTEXPIRE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_LED_TRUE}" && test -z "${USE_LED_FALSE}"; then as_fn_error $? "conditional \"USE_LED\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -18918,6 +19670,10 @@ if test -z "${USE_COUPLING_TRUE}" && test -z "${USE_COUPLING_FALSE}"; then as_fn_error $? "conditional \"USE_COUPLING\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_RADATTR_TRUE}" && test -z "${USE_RADATTR_FALSE}"; then + as_fn_error $? "conditional \"USE_RADATTR\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_EAP_SIM_TRUE}" && test -z "${USE_EAP_SIM_FALSE}"; then as_fn_error $? "conditional \"USE_EAP_SIM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -18986,6 +19742,14 @@ if test -z "${USE_EAP_RADIUS_TRUE}" && test -z "${USE_EAP_RADIUS_FALSE}"; then as_fn_error $? "conditional \"USE_EAP_RADIUS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_TNC_IFMAP_TRUE}" && test -z "${USE_TNC_IFMAP_FALSE}"; then + as_fn_error $? "conditional \"USE_TNC_IFMAP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_TNC_PDP_TRUE}" && test -z "${USE_TNC_PDP_FALSE}"; then + as_fn_error $? "conditional \"USE_TNC_PDP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_TNC_IMC_TRUE}" && test -z "${USE_TNC_IMC_FALSE}"; then as_fn_error $? "conditional \"USE_TNC_IMC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -18994,6 +19758,10 @@ if test -z "${USE_TNC_IMV_TRUE}" && test -z "${USE_TNC_IMV_FALSE}"; then as_fn_error $? "conditional \"USE_TNC_IMV\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_TNC_TNCCS_TRUE}" && test -z "${USE_TNC_TNCCS_FALSE}"; then + as_fn_error $? "conditional \"USE_TNC_TNCCS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_TNCCS_11_TRUE}" && test -z "${USE_TNCCS_11_FALSE}"; then as_fn_error $? "conditional \"USE_TNCCS_11\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -19006,6 +19774,30 @@ if test -z "${USE_TNCCS_DYNAMIC_TRUE}" && test -z "${USE_TNCCS_DYNAMIC_FALSE}"; as_fn_error $? "conditional \"USE_TNCCS_DYNAMIC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_IMC_TEST_TRUE}" && test -z "${USE_IMC_TEST_FALSE}"; then + as_fn_error $? "conditional \"USE_IMC_TEST\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_IMV_TEST_TRUE}" && test -z "${USE_IMV_TEST_FALSE}"; then + as_fn_error $? "conditional \"USE_IMV_TEST\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_IMC_SCANNER_TRUE}" && test -z "${USE_IMC_SCANNER_FALSE}"; then + as_fn_error $? "conditional \"USE_IMC_SCANNER\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_IMV_SCANNER_TRUE}" && test -z "${USE_IMV_SCANNER_FALSE}"; then + as_fn_error $? "conditional \"USE_IMV_SCANNER\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_IMC_ATTESTATION_TRUE}" && test -z "${USE_IMC_ATTESTATION_FALSE}"; then + as_fn_error $? "conditional \"USE_IMC_ATTESTATION\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_IMV_ATTESTATION_TRUE}" && test -z "${USE_IMV_ATTESTATION_FALSE}"; then + as_fn_error $? "conditional \"USE_IMV_ATTESTATION\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_SOCKET_DEFAULT_TRUE}" && test -z "${USE_SOCKET_DEFAULT_FALSE}"; then as_fn_error $? "conditional \"USE_SOCKET_DEFAULT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -19118,6 +19910,10 @@ if test -z "${USE_THREADS_TRUE}" && test -z "${USE_THREADS_FALSE}"; then as_fn_error $? "conditional \"USE_THREADS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_ADNS_TRUE}" && test -z "${USE_ADNS_FALSE}"; then + as_fn_error $? "conditional \"USE_ADNS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_CHARON_TRUE}" && test -z "${USE_CHARON_FALSE}"; then as_fn_error $? "conditional \"USE_CHARON\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -19146,6 +19942,14 @@ if test -z "${USE_LIBCHARON_TRUE}" && test -z "${USE_LIBCHARON_FALSE}"; then as_fn_error $? "conditional \"USE_LIBCHARON\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_LIBTNCIF_TRUE}" && test -z "${USE_LIBTNCIF_FALSE}"; then + as_fn_error $? "conditional \"USE_LIBTNCIF\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_LIBTNCCS_TRUE}" && test -z "${USE_LIBTNCCS_FALSE}"; then + as_fn_error $? "conditional \"USE_LIBTNCCS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_FILE_CONFIG_TRUE}" && test -z "${USE_FILE_CONFIG_FALSE}"; then as_fn_error $? "conditional \"USE_FILE_CONFIG\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -19170,6 +19974,18 @@ if test -z "${USE_TLS_TRUE}" && test -z "${USE_TLS_FALSE}"; then as_fn_error $? "conditional \"USE_TLS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_RADIUS_TRUE}" && test -z "${USE_RADIUS_FALSE}"; then + as_fn_error $? "conditional \"USE_RADIUS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_IMCV_TRUE}" && test -z "${USE_IMCV_FALSE}"; then + as_fn_error $? "conditional \"USE_IMCV\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_PTS_TRUE}" && test -z "${USE_PTS_FALSE}"; then + as_fn_error $? "conditional \"USE_PTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${MONOLITHIC_TRUE}" && test -z "${MONOLITHIC_FALSE}"; then as_fn_error $? "conditional \"MONOLITHIC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -19582,7 +20398,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by strongSwan $as_me 4.5.2, which was +This file was extended by strongSwan $as_me 4.6.4, which was generated by GNU Autoconf 2.67. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19639,7 +20455,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -strongSwan config.status 4.5.2 +strongSwan config.status 4.6.4 configured by $0, generated by GNU Autoconf 2.67, with options \\"\$ac_cs_config\\" @@ -20022,6 +20838,7 @@ do "src/include/Makefile") CONFIG_FILES="$CONFIG_FILES src/include/Makefile" ;; "src/libstrongswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/Makefile" ;; "src/libstrongswan/plugins/aes/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/aes/Makefile" ;; + "src/libstrongswan/plugins/cmac/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/cmac/Makefile" ;; "src/libstrongswan/plugins/des/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/des/Makefile" ;; "src/libstrongswan/plugins/blowfish/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/blowfish/Makefile" ;; "src/libstrongswan/plugins/md4/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/md4/Makefile" ;; @@ -20038,6 +20855,7 @@ do "src/libstrongswan/plugins/constraints/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/constraints/Makefile" ;; "src/libstrongswan/plugins/pubkey/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/pubkey/Makefile" ;; "src/libstrongswan/plugins/pkcs1/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/pkcs1/Makefile" ;; + "src/libstrongswan/plugins/pkcs8/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/pkcs8/Makefile" ;; "src/libstrongswan/plugins/pgp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/pgp/Makefile" ;; "src/libstrongswan/plugins/dnskey/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/dnskey/Makefile" ;; "src/libstrongswan/plugins/pem/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/pem/Makefile" ;; @@ -20067,6 +20885,17 @@ do "src/libfreeswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libfreeswan/Makefile" ;; "src/libsimaka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libsimaka/Makefile" ;; "src/libtls/Makefile") CONFIG_FILES="$CONFIG_FILES src/libtls/Makefile" ;; + "src/libradius/Makefile") CONFIG_FILES="$CONFIG_FILES src/libradius/Makefile" ;; + "src/libtncif/Makefile") CONFIG_FILES="$CONFIG_FILES src/libtncif/Makefile" ;; + "src/libtnccs/Makefile") CONFIG_FILES="$CONFIG_FILES src/libtnccs/Makefile" ;; + "src/libpts/Makefile") CONFIG_FILES="$CONFIG_FILES src/libpts/Makefile" ;; + "src/libpts/plugins/imc_attestation/Makefile") CONFIG_FILES="$CONFIG_FILES src/libpts/plugins/imc_attestation/Makefile" ;; + "src/libpts/plugins/imv_attestation/Makefile") CONFIG_FILES="$CONFIG_FILES src/libpts/plugins/imv_attestation/Makefile" ;; + "src/libimcv/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/Makefile" ;; + "src/libimcv/plugins/imc_test/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_test/Makefile" ;; + "src/libimcv/plugins/imv_test/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_test/Makefile" ;; + "src/libimcv/plugins/imc_scanner/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_scanner/Makefile" ;; + "src/libimcv/plugins/imv_scanner/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_scanner/Makefile" ;; "src/pluto/Makefile") CONFIG_FILES="$CONFIG_FILES src/pluto/Makefile" ;; "src/pluto/plugins/xauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/pluto/plugins/xauth/Makefile" ;; "src/whack/Makefile") CONFIG_FILES="$CONFIG_FILES src/whack/Makefile" ;; @@ -20089,8 +20918,11 @@ do "src/libcharon/plugins/eap_peap/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_peap/Makefile" ;; "src/libcharon/plugins/eap_tnc/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_tnc/Makefile" ;; "src/libcharon/plugins/eap_radius/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_radius/Makefile" ;; + "src/libcharon/plugins/tnc_ifmap/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnc_ifmap/Makefile" ;; + "src/libcharon/plugins/tnc_pdp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnc_pdp/Makefile" ;; "src/libcharon/plugins/tnc_imc/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnc_imc/Makefile" ;; "src/libcharon/plugins/tnc_imv/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnc_imv/Makefile" ;; + "src/libcharon/plugins/tnc_tnccs/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnc_tnccs/Makefile" ;; "src/libcharon/plugins/tnccs_11/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnccs_11/Makefile" ;; "src/libcharon/plugins/tnccs_20/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnccs_20/Makefile" ;; "src/libcharon/plugins/tnccs_dynamic/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/tnccs_dynamic/Makefile" ;; @@ -20107,9 +20939,11 @@ do "src/libcharon/plugins/uci/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/uci/Makefile" ;; "src/libcharon/plugins/ha/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/ha/Makefile" ;; "src/libcharon/plugins/whitelist/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/whitelist/Makefile" ;; + "src/libcharon/plugins/certexpire/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/certexpire/Makefile" ;; "src/libcharon/plugins/led/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/led/Makefile" ;; "src/libcharon/plugins/duplicheck/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/duplicheck/Makefile" ;; "src/libcharon/plugins/coupling/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/coupling/Makefile" ;; + "src/libcharon/plugins/radattr/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/radattr/Makefile" ;; "src/libcharon/plugins/android/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/android/Makefile" ;; "src/libcharon/plugins/maemo/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/maemo/Makefile" ;; "src/libcharon/plugins/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/stroke/Makefile" ;; diff --git a/configure.in b/configure.in index 0bfb8287b..9a9796e81 100644 --- a/configure.in +++ b/configure.in @@ -16,7 +16,7 @@ dnl =========================== dnl initialize & set some vars dnl =========================== -AC_INIT(strongSwan,4.5.2) +AC_INIT(strongSwan,4.6.4) AM_INIT_AUTOMAKE(tar-ustar) AC_CONFIG_MACRO_DIR([m4/config]) PKG_PROG_PKG_CONFIG @@ -34,7 +34,9 @@ ARG_WITH_SUBST([strongswan-conf], [${sysconfdir}/strongswan.conf], [set the s ARG_WITH_SUBST([resolv-conf], [${sysconfdir}/resolv.conf], [set the file to use in DNS handler plugin]) ARG_WITH_SUBST([piddir], [/var/run], [set path for PID and UNIX socket files]) ARG_WITH_SUBST([ipsecdir], [${libexecdir%/}/ipsec], [set installation path for ipsec tools]) -ARG_WITH_SUBST([plugindir], [${ipsecdir%/}/plugins], [set the installation path of plugins]) +ARG_WITH_SUBST([ipseclibdir], [${libdir%/}/ipsec], [set installation path for ipsec libraries]) +ARG_WITH_SUBST([plugindir], [${ipseclibdir%/}/plugins], [set the installation path of plugins]) +ARG_WITH_SUBST([imcvdir], [${ipseclibdir%/}/imcvs], [set the installation path of IMC and IMV dynamic librariers]) ARG_WITH_SUBST([nm-ca-dir], [/usr/share/ca-certificates], [directory the NM plugin uses to look up trusted root certificates]) ARG_WITH_SUBST([linux-headers], [\${top_srcdir}/src/include], [set directory of linux header files to use]) ARG_WITH_SUBST([routing-table], [220], [set routing table to use for IPsec routes]) @@ -90,10 +92,12 @@ ARG_DISBL_SET([revocation], [disable X509 CRL/OCSP revocation check plugin.] ARG_DISBL_SET([constraints], [disable advanced X509 constraint checking plugin.]) ARG_DISBL_SET([pubkey], [disable RAW public key support plugin.]) ARG_DISBL_SET([pkcs1], [disable PKCS1 key decoding plugin.]) +ARG_DISBL_SET([pkcs8], [disable PKCS8 private key decoding plugin.]) ARG_DISBL_SET([pgp], [disable PGP key decoding plugin.]) ARG_DISBL_SET([dnskey], [disable DNS RR key decoding plugin.]) ARG_DISBL_SET([pem], [disable PEM decoding plugin.]) ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.]) +ARG_DISBL_SET([cmac], [disable CMAC crypto implementation plugin.]) ARG_DISBL_SET([xcbc], [disable xcbc crypto implementation plugin.]) ARG_ENABL_SET([af-alg], [enable AF_ALG crypto interface to Linux Crypto API.]) ARG_ENABL_SET([test-vectors], [enable plugin providing crypto test vectors.]) @@ -108,30 +112,38 @@ ARG_ENABL_SET([smartcard], [enable smartcard support.]) ARG_ENABL_SET([cisco-quirks], [enable support of Cisco VPN client.]) ARG_ENABL_SET([leak-detective], [enable malloc hooks to find memory leaks.]) ARG_ENABL_SET([lock-profiler], [enable lock/mutex profiling code.]) -ARG_ENABL_SET([unit-tests], [enable unit tests on IKEv2 daemon startup.]) +ARG_ENABL_SET([unit-tester], [enable unit tests on IKEv2 daemon startup.]) ARG_ENABL_SET([load-tester], [enable load testing plugin for IKEv2 daemon.]) ARG_ENABL_SET([eap-sim], [enable SIM authentication module for EAP.]) ARG_ENABL_SET([eap-sim-file], [enable EAP-SIM backend based on a triplet file.]) ARG_ENABL_SET([eap-sim-pcsc], [enable EAP-SIM backend based on a smartcard reader. Requires libpcsclite.]) +ARG_ENABL_SET([eap-aka], [enable EAP AKA authentication module.]) +ARG_ENABL_SET([eap-aka-3gpp2], [enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp.]) ARG_ENABL_SET([eap-simaka-sql], [enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database.]) ARG_ENABL_SET([eap-simaka-pseudonym], [enable EAP-SIM/AKA pseudonym storage plugin.]) ARG_ENABL_SET([eap-simaka-reauth], [enable EAP-SIM/AKA reauthentication data storage plugin.]) ARG_ENABL_SET([eap-identity], [enable EAP module providing EAP-Identity helper.]) ARG_ENABL_SET([eap-md5], [enable EAP MD5 (CHAP) authentication module.]) ARG_ENABL_SET([eap-gtc], [enable PAM based EAP GTC authentication module.]) -ARG_ENABL_SET([eap-aka], [enable EAP AKA authentication module.]) -ARG_ENABL_SET([eap-aka-3gpp2], [enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp.]) ARG_ENABL_SET([eap-mschapv2], [enable EAP MS-CHAPv2 authentication module.]) ARG_ENABL_SET([eap-tls], [enable EAP TLS authentication module.]) ARG_ENABL_SET([eap-ttls], [enable EAP TTLS authentication module.]) ARG_ENABL_SET([eap-peap], [enable EAP PEAP authentication module.]) ARG_ENABL_SET([eap-tnc], [enable EAP TNC trusted network connect module.]) ARG_ENABL_SET([eap-radius], [enable RADIUS proxy authentication module.]) +ARG_ENABL_SET([tnc-ifmap], [enable TNC IF-MAP module.]) +ARG_ENABL_SET([tnc-pdp], [enable TNC policy decision point module.]) ARG_ENABL_SET([tnc-imc], [enable TNC IMC module.]) ARG_ENABL_SET([tnc-imv], [enable TNC IMV module.]) ARG_ENABL_SET([tnccs-11], [enable TNCCS 1.1 protocol module.]) ARG_ENABL_SET([tnccs-20], [enable TNCCS 2.0 protocol module.]) ARG_ENABL_SET([tnccs-dynamic], [enable dynamic TNCCS protocol discovery module.]) +ARG_ENABL_SET([imc-test], [enable IMC test module.]) +ARG_ENABL_SET([imv-test], [enable IMV test module.]) +ARG_ENABL_SET([imc-scanner], [enable IMC port scanner module.]) +ARG_ENABL_SET([imv-scanner], [enable IMV port scanner module.]) +ARG_ENABL_SET([imc-attestation],[enable IMC attestation module.]) +ARG_ENABL_SET([imv-attestation],[enable IMV attestation module.]) ARG_DISBL_SET([kernel-netlink], [disable the netlink kernel interface.]) ARG_ENABL_SET([kernel-pfkey], [enable the PF_KEY kernel interface.]) ARG_ENABL_SET([kernel-pfroute], [enable the PF_ROUTE kernel interface.]) @@ -152,6 +164,7 @@ ARG_DISBL_SET([load-warning], [disable the charon/pluto plugin load option war ARG_DISBL_SET([pluto], [disable the IKEv1 keying daemon pluto.]) ARG_DISBL_SET([xauth], [disable xauth plugin.]) ARG_DISBL_SET([threads], [disable the use of threads in pluto. Charon always uses threads.]) +ARG_DISBL_SET([adns], [disable the use of adns in pluto (disables opportunistic encryption).]) ARG_DISBL_SET([charon], [disable the IKEv2 keying daemon charon.]) ARG_DISBL_SET([tools], [disable additional utilities (openac, scepclient and pki).]) ARG_DISBL_SET([scripts], [disable additional utilities (found in directory scripts).]) @@ -176,9 +189,11 @@ ARG_ENABL_SET([maemo], [enable Maemo specific plugin.]) ARG_ENABL_SET([nm], [enable NetworkManager plugin.]) ARG_ENABL_SET([ha], [enable high availability cluster plugin.]) ARG_ENABL_SET([whitelist], [enable peer identity whitelisting plugin.]) +ARG_ENABL_SET([certexpire], [enable CSV export of expiration dates of used certificates.]) ARG_ENABL_SET([led], [enable plugin to control LEDs on IKEv2 activity using the Linux kernel LED subsystem.]) ARG_ENABL_SET([duplicheck], [advanced duplicate checking plugin using liveness checks.]) ARG_ENABL_SET([coupling], [enable IKEv2 plugin to couple peer certificates permanently to authentication.]) +ARG_ENABL_SET([radattr], [enable plugin to inject and process custom RADIUS attributes as IKEv2 client.]) ARG_ENABL_SET([vstr], [enforce using the Vstr string library to replace glibc-like printf hooks.]) ARG_ENABL_SET([monolithic], [build monolithic version of libstrongswan that includes all enabled plugins. Similarly, the plugins of charon are assembled in libcharon.]) @@ -187,7 +202,7 @@ dnl set up compiler and flags dnl ========================= if test -z "$CFLAGS"; then - CFLAGS="-g -O2 -Wall -Wno-format -Wno-pointer-sign -Wno-strict-aliasing" + CFLAGS="-g -O2 -Wall -Wno-format -Wno-pointer-sign" fi AC_PROG_CC AC_LIB_PREFIX @@ -240,6 +255,22 @@ if test x$eap_tls = xtrue -o x$eap_ttls = xtrue -o x$eap_peap = xtrue; then tls=true; fi +if test x$eap_radius = xtrue -o x$radattr = xtrue -o x$tnc_pdp = xtrue; then + radius=true; +fi + +if test x$tnc_imc = xtrue -o x$tnc_imv = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_dynamic = xtrue -o x$eap_tnc = xtrue; then + tnc_tnccs=true; +fi + +if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue; then + imcv=true; +fi + +if test x$imc_attestation = xtrue -o x$imv_attestation = xtrue; then + pts=true; +fi + if test x$fips_prf = xtrue; then if test x$openssl = xfalse; then sha1=true; @@ -250,6 +281,10 @@ if test x$smp = xtrue -o x$tnccs_11 = xtrue; then xml=true fi +if test x$tnc_ifmap = xtrue; then + axis2c=true +fi + if test x$manager = xtrue; then fast=true fi @@ -353,9 +388,23 @@ dnl check if native rwlocks are available AC_CHECK_FUNCS(pthread_rwlock_init) LIBS=$saved_LIBS -AC_CHECK_FUNCS(prctl) +AC_CHECK_FUNC( + [gettid], + [AC_DEFINE(HAVE_GETTID)], + [AC_MSG_CHECKING([for SYS_gettid]) + AC_TRY_COMPILE( + [#define _GNU_SOURCE + #include + #include ], + [int main() { + return syscall(SYS_gettid);}], + [AC_MSG_RESULT([yes]); AC_DEFINE([HAVE_GETTID]) + AC_DEFINE([HAVE_SYS_GETTID])], + [AC_MSG_RESULT([no])] + )] +) -AC_CHECK_FUNCS(mallinfo) +AC_CHECK_FUNCS(prctl mallinfo getpass closefrom) AC_CHECK_HEADERS(sys/sockio.h glob.h) AC_CHECK_HEADERS(net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h) @@ -437,6 +486,17 @@ AC_TRY_COMPILE( [AC_MSG_RESULT([no])] ) +AC_MSG_CHECKING([for RTA_TABLE]) +AC_TRY_COMPILE( + [#include + #include + #include ], + [int rta_type = RTA_TABLE; + return rta_type;], + [AC_MSG_RESULT([yes]); AC_DEFINE([HAVE_RTA_TABLE])], + [AC_MSG_RESULT([no])] +) + AC_MSG_CHECKING([for gcc atomic operations]) AC_TRY_RUN( [ @@ -524,6 +584,17 @@ if test x$xml = xtrue; then AC_SUBST(xml_LIBS) fi +if test x$axis2c = xtrue; then + PKG_CHECK_MODULES(axis2c, [axis2c]) + AC_SUBST(axis2c_CFLAGS) + AC_SUBST(axis2c_LIBS) +fi + +if test x$imc_attestation = xtrue -o x$imv_attestation = xtrue; then + AC_HAVE_LIBRARY([tspi],[LIBS="$LIBS"],[AC_MSG_ERROR([TrouSerS library libtspi not found])]) + AC_CHECK_HEADER([trousers/tss.h],,[AC_MSG_ERROR([TrouSerS header trousers/tss.h not found!])]) +fi + if test x$dumm = xtrue; then PKG_CHECK_MODULES(gtk, [gtk+-2.0 vte]) AC_SUBST(gtk_CFLAGS) @@ -557,7 +628,22 @@ fi if test x$fast = xtrue; then AC_HAVE_LIBRARY([neo_cgi],[LIBS="$LIBS"],[AC_MSG_ERROR([ClearSilver library neo_cgi not found!])]) AC_HAVE_LIBRARY([neo_utl],[LIBS="$LIBS"],[AC_MSG_ERROR([ClearSilver library neo_utl not found!])]) - AC_HAVE_LIBRARY([z],[LIBS="$LIBS"],[AC_MSG_ERROR([ClearSilver dependency zlib not found!])]) + AC_MSG_CHECKING([ClearSilver requires zlib]) + saved_CFLAGS=$CFLAGS + saved_LIBS=$LIBS + LIBS="-lneo_cgi -lneo_cs -lneo_utl" + CFLAGS="-I/usr/include/ClearSilver" + AC_TRY_LINK( + [#include ], + [ + NEOERR *err = cgi_display(NULL, NULL); + ], + [AC_MSG_RESULT([no]); clearsilver_LIBS="$LIBS"], + [AC_MSG_RESULT([yes]); clearsilver_LIBS="$LIBS -lz"] + ) + AC_SUBST(clearsilver_LIBS) + LIBS=$saved_LIBS + CFLAGS=$saved_CFLAGS dnl autoconf does not like CamelCase!? How to fix this? dnl AC_CHECK_HEADER([ClearSilver/ClearSilver.h],,[AC_MSG_ERROR([ClearSilver header file ClearSilver/ClearSilver.h not found!])]) @@ -699,7 +785,9 @@ m4_include(m4/macros/add-plugin.m4) # plugin lists for all components libcharon_plugins= pluto_plugins= +starter_plugins= pool_plugins= +attest_plugins= openac_plugins= scepclient_plugins= pki_plugins= @@ -718,45 +806,47 @@ ADD_PLUGIN([test-vectors], [s libcharon pluto openac scepclient pki]) ADD_PLUGIN([curl], [s libcharon pluto scepclient scripts]) ADD_PLUGIN([soup], [s libcharon pluto scripts]) ADD_PLUGIN([ldap], [s libcharon pluto scepclient scripts]) -ADD_PLUGIN([mysql], [s libcharon pluto pool manager medsrv]) -ADD_PLUGIN([sqlite], [s libcharon pluto pool manager medsrv]) +ADD_PLUGIN([mysql], [s libcharon pluto pool manager medsrv attest]) +ADD_PLUGIN([sqlite], [s libcharon pluto pool manager medsrv attest]) +ADD_PLUGIN([pkcs11], [s libcharon pki]) ADD_PLUGIN([aes], [s libcharon pluto openac scepclient pki scripts]) ADD_PLUGIN([des], [s libcharon pluto openac scepclient pki scripts]) ADD_PLUGIN([blowfish], [s libcharon pluto openac scepclient pki scripts]) -ADD_PLUGIN([sha1], [s libcharon pluto openac scepclient pki scripts medsrv]) -ADD_PLUGIN([sha2], [s libcharon pluto openac scepclient pki scripts medsrv]) +ADD_PLUGIN([sha1], [s libcharon pluto openac scepclient pki scripts medsrv attest]) +ADD_PLUGIN([sha2], [s libcharon pluto openac scepclient pki scripts medsrv attest]) ADD_PLUGIN([md4], [s libcharon openac manager scepclient pki]) -ADD_PLUGIN([md5], [s libcharon pluto openac scepclient pki]) -ADD_PLUGIN([random], [s libcharon pluto openac scepclient pki scripts medsrv]) -ADD_PLUGIN([x509], [s libcharon pluto openac scepclient pki scripts]) +ADD_PLUGIN([md5], [s libcharon pluto openac scepclient pki scripts attest]) +ADD_PLUGIN([random], [s libcharon pluto openac scepclient pki scripts medsrv attest]) +ADD_PLUGIN([x509], [s libcharon pluto openac scepclient pki scripts attest]) ADD_PLUGIN([revocation], [s libcharon]) ADD_PLUGIN([constraints], [s libcharon]) ADD_PLUGIN([pubkey], [s libcharon]) -ADD_PLUGIN([pkcs1], [s libcharon pluto openac scepclient pki scripts manager medsrv]) +ADD_PLUGIN([pkcs1], [s libcharon pluto openac scepclient pki scripts manager medsrv attest]) +ADD_PLUGIN([pkcs8], [s libcharon pluto openac scepclient pki scripts manager medsrv attest]) ADD_PLUGIN([pgp], [s libcharon pluto]) ADD_PLUGIN([dnskey], [s pluto]) -ADD_PLUGIN([pem], [s libcharon pluto openac scepclient pki scripts manager medsrv]) +ADD_PLUGIN([pem], [s libcharon pluto openac scepclient pki scripts manager medsrv attest]) ADD_PLUGIN([padlock], [s libcharon]) -ADD_PLUGIN([openssl], [s libcharon pluto openac scepclient pki scripts manager medsrv]) -ADD_PLUGIN([gcrypt], [s libcharon pluto openac scepclient pki scripts manager medsrv]) +ADD_PLUGIN([openssl], [s libcharon pluto openac scepclient pki scripts manager medsrv attest]) +ADD_PLUGIN([gcrypt], [s libcharon pluto openac scepclient pki scripts manager medsrv attest]) +ADD_PLUGIN([af-alg], [s libcharon pluto openac scepclient pki scripts medsrv attest]) ADD_PLUGIN([fips-prf], [s libcharon]) -ADD_PLUGIN([gmp], [s libcharon pluto openac scepclient pki scripts manager medsrv]) +ADD_PLUGIN([gmp], [s libcharon pluto openac scepclient pki scripts manager medsrv attest]) ADD_PLUGIN([agent], [s libcharon]) -ADD_PLUGIN([pkcs11], [s libcharon pki]) ADD_PLUGIN([xcbc], [s libcharon]) +ADD_PLUGIN([cmac], [s libcharon]) ADD_PLUGIN([hmac], [s libcharon pluto scripts]) ADD_PLUGIN([ctr], [s libcharon scripts]) ADD_PLUGIN([ccm], [s libcharon scripts]) ADD_PLUGIN([gcm], [s libcharon scripts]) -ADD_PLUGIN([af-alg], [s libcharon pluto openac scepclient pki scripts medsrv]) ADD_PLUGIN([xauth], [p pluto]) ADD_PLUGIN([attr], [h libcharon pluto]) ADD_PLUGIN([attr-sql], [h libcharon pluto]) ADD_PLUGIN([load-tester], [c libcharon]) -ADD_PLUGIN([kernel-pfkey], [h libcharon pluto]) -ADD_PLUGIN([kernel-pfroute], [h libcharon pluto]) -ADD_PLUGIN([kernel-klips], [h libcharon pluto]) -ADD_PLUGIN([kernel-netlink], [h libcharon pluto]) +ADD_PLUGIN([kernel-pfkey], [h libcharon pluto starter]) +ADD_PLUGIN([kernel-pfroute], [h libcharon pluto starter]) +ADD_PLUGIN([kernel-klips], [h libcharon pluto starter]) +ADD_PLUGIN([kernel-netlink], [h libcharon pluto starter]) ADD_PLUGIN([resolve], [h libcharon pluto]) ADD_PLUGIN([socket-default], [c libcharon]) ADD_PLUGIN([socket-raw], [c libcharon]) @@ -770,11 +860,11 @@ ADD_PLUGIN([eap-identity], [c libcharon]) ADD_PLUGIN([eap-sim], [c libcharon]) ADD_PLUGIN([eap-sim-file], [c libcharon]) ADD_PLUGIN([eap-sim-pcsc], [c libcharon]) +ADD_PLUGIN([eap-aka], [c libcharon]) +ADD_PLUGIN([eap-aka-3gpp2], [c libcharon]) ADD_PLUGIN([eap-simaka-sql], [c libcharon]) ADD_PLUGIN([eap-simaka-pseudonym], [c libcharon]) ADD_PLUGIN([eap-simaka-reauth], [c libcharon]) -ADD_PLUGIN([eap-aka], [c libcharon]) -ADD_PLUGIN([eap-aka-3gpp2], [c libcharon]) ADD_PLUGIN([eap-md5], [c libcharon]) ADD_PLUGIN([eap-gtc], [c libcharon]) ADD_PLUGIN([eap-mschapv2], [c libcharon]) @@ -783,11 +873,14 @@ ADD_PLUGIN([eap-tls], [c libcharon]) ADD_PLUGIN([eap-ttls], [c libcharon]) ADD_PLUGIN([eap-peap], [c libcharon]) ADD_PLUGIN([eap-tnc], [c libcharon]) +ADD_PLUGIN([tnc-ifmap], [c libcharon]) +ADD_PLUGIN([tnc-pdp], [c libcharon]) +ADD_PLUGIN([tnc-imc], [c libcharon]) +ADD_PLUGIN([tnc-imv], [c libcharon]) +ADD_PLUGIN([tnc-tnccs], [c libcharon]) ADD_PLUGIN([tnccs-20], [c libcharon]) ADD_PLUGIN([tnccs-11], [c libcharon]) ADD_PLUGIN([tnccs-dynamic], [c libcharon]) -ADD_PLUGIN([tnc-imc], [c libcharon]) -ADD_PLUGIN([tnc-imv], [c libcharon]) ADD_PLUGIN([medsrv], [c libcharon]) ADD_PLUGIN([medcli], [c libcharon]) ADD_PLUGIN([nm], [c libcharon]) @@ -795,9 +888,11 @@ ADD_PLUGIN([dhcp], [c libcharon]) ADD_PLUGIN([android], [c libcharon]) ADD_PLUGIN([ha], [c libcharon]) ADD_PLUGIN([whitelist], [c libcharon]) +ADD_PLUGIN([certexpire], [c libcharon]) ADD_PLUGIN([led], [c libcharon]) ADD_PLUGIN([duplicheck], [c libcharon]) ADD_PLUGIN([coupling], [c libcharon]) +ADD_PLUGIN([radattr], [c libcharon]) ADD_PLUGIN([maemo], [c libcharon]) ADD_PLUGIN([uci], [c libcharon]) ADD_PLUGIN([addrblock], [c libcharon]) @@ -805,7 +900,9 @@ ADD_PLUGIN([unit-tester], [c libcharon]) AC_SUBST(libcharon_plugins) AC_SUBST(pluto_plugins) +AC_SUBST(starter_plugins) AC_SUBST(pool_plugins) +AC_SUBST(attest_plugins) AC_SUBST(openac_plugins) AC_SUBST(scepclient_plugins) AC_SUBST(pki_plugins) @@ -843,10 +940,12 @@ AM_CONDITIONAL(USE_REVOCATION, test x$revocation = xtrue) AM_CONDITIONAL(USE_CONSTRAINTS, test x$constraints = xtrue) AM_CONDITIONAL(USE_PUBKEY, test x$pubkey = xtrue) AM_CONDITIONAL(USE_PKCS1, test x$pkcs1 = xtrue) +AM_CONDITIONAL(USE_PKCS8, test x$pkcs8 = xtrue) AM_CONDITIONAL(USE_PGP, test x$pgp = xtrue) AM_CONDITIONAL(USE_DNSKEY, test x$dnskey = xtrue) AM_CONDITIONAL(USE_PEM, test x$pem = xtrue) AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue) +AM_CONDITIONAL(USE_CMAC, test x$cmac = xtrue) AM_CONDITIONAL(USE_XCBC, test x$xcbc = xtrue) AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue) AM_CONDITIONAL(USE_SQLITE, test x$sqlite = xtrue) @@ -873,13 +972,15 @@ AM_CONDITIONAL(USE_SMP, test x$smp = xtrue) AM_CONDITIONAL(USE_SQL, test x$sql = xtrue) AM_CONDITIONAL(USE_UPDOWN, test x$updown = xtrue) AM_CONDITIONAL(USE_DHCP, test x$dhcp = xtrue) -AM_CONDITIONAL(USE_UNIT_TESTS, test x$unit_tests = xtrue) +AM_CONDITIONAL(USE_UNIT_TESTS, test x$unit_tester = xtrue) AM_CONDITIONAL(USE_LOAD_TESTER, test x$load_tester = xtrue) AM_CONDITIONAL(USE_HA, test x$ha = xtrue) AM_CONDITIONAL(USE_WHITELIST, test x$whitelist = xtrue) +AM_CONDITIONAL(USE_CERTEXPIRE, test x$certexpire = xtrue) AM_CONDITIONAL(USE_LED, test x$led = xtrue) AM_CONDITIONAL(USE_DUPLICHECK, test x$duplicheck = xtrue) AM_CONDITIONAL(USE_COUPLING, test x$coupling = xtrue) +AM_CONDITIONAL(USE_RADATTR, test x$radattr = xtrue) AM_CONDITIONAL(USE_EAP_SIM, test x$eap_sim = xtrue) AM_CONDITIONAL(USE_EAP_SIM_FILE, test x$eap_sim_file = xtrue) AM_CONDITIONAL(USE_EAP_SIM_PCSC, test x$eap_sim_pcsc = xtrue) @@ -897,11 +998,20 @@ AM_CONDITIONAL(USE_EAP_TTLS, test x$eap_ttls = xtrue) AM_CONDITIONAL(USE_EAP_PEAP, test x$eap_peap = xtrue) AM_CONDITIONAL(USE_EAP_TNC, test x$eap_tnc = xtrue) AM_CONDITIONAL(USE_EAP_RADIUS, test x$eap_radius = xtrue) +AM_CONDITIONAL(USE_TNC_IFMAP, test x$tnc_ifmap = xtrue) +AM_CONDITIONAL(USE_TNC_PDP, test x$tnc_pdp = xtrue) AM_CONDITIONAL(USE_TNC_IMC, test x$tnc_imc = xtrue) AM_CONDITIONAL(USE_TNC_IMV, test x$tnc_imv = xtrue) +AM_CONDITIONAL(USE_TNC_TNCCS, test x$tnc_tnccs = xtrue) AM_CONDITIONAL(USE_TNCCS_11, test x$tnccs_11 = xtrue) AM_CONDITIONAL(USE_TNCCS_20, test x$tnccs_20 = xtrue) AM_CONDITIONAL(USE_TNCCS_DYNAMIC, test x$tnccs_dynamic = xtrue) +AM_CONDITIONAL(USE_IMC_TEST, test x$imc_test = xtrue) +AM_CONDITIONAL(USE_IMV_TEST, test x$imv_test = xtrue) +AM_CONDITIONAL(USE_IMC_SCANNER, test x$imc_scanner = xtrue) +AM_CONDITIONAL(USE_IMV_SCANNER, test x$imv_scanner = xtrue) +AM_CONDITIONAL(USE_IMC_ATTESTATION, test x$imc_attestation = xtrue) +AM_CONDITIONAL(USE_IMV_ATTESTATION, test x$imv_attestation = xtrue) AM_CONDITIONAL(USE_SOCKET_DEFAULT, test x$socket_default = xtrue) AM_CONDITIONAL(USE_SOCKET_RAW, test x$socket_raw = xtrue) AM_CONDITIONAL(USE_SOCKET_DYNAMIC, test x$socket_dynamic = xtrue) @@ -939,19 +1049,25 @@ AM_CONDITIONAL(USE_INTEGRITY_TEST, test x$integrity_test = xtrue) AM_CONDITIONAL(USE_LOAD_WARNING, test x$load_warning = xtrue) AM_CONDITIONAL(USE_PLUTO, test x$pluto = xtrue) AM_CONDITIONAL(USE_THREADS, test x$threads = xtrue) +AM_CONDITIONAL(USE_ADNS, test x$adns = xtrue) AM_CONDITIONAL(USE_CHARON, test x$charon = xtrue) AM_CONDITIONAL(USE_TOOLS, test x$tools = xtrue) AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue) AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue) -AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pluto = xtrue -o x$tools = xtrue -o x$conftest = xtrue) +AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pluto = xtrue -o x$tools = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue) AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$pluto = xtrue) AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue) +AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue) +AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue) AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue) AM_CONDITIONAL(USE_IPSEC_SCRIPT, test x$pluto = xtrue -o x$stroke = xtrue -o x$tools = xtrue -o x$conftest = xtrue) AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap) AM_CONDITIONAL(USE_VSTR, test x$vstr = xtrue) AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue) AM_CONDITIONAL(USE_TLS, test x$tls = xtrue) +AM_CONDITIONAL(USE_RADIUS, test x$radius = xtrue) +AM_CONDITIONAL(USE_IMCV, test x$imcv = xtrue) +AM_CONDITIONAL(USE_PTS, test x$pts = xtrue) AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue) dnl ============================== @@ -982,6 +1098,7 @@ AC_OUTPUT( src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile + src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile @@ -998,6 +1115,7 @@ AC_OUTPUT( src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile + src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/pem/Makefile @@ -1027,6 +1145,17 @@ AC_OUTPUT( src/libfreeswan/Makefile src/libsimaka/Makefile src/libtls/Makefile + src/libradius/Makefile + src/libtncif/Makefile + src/libtnccs/Makefile + src/libpts/Makefile + src/libpts/plugins/imc_attestation/Makefile + src/libpts/plugins/imv_attestation/Makefile + src/libimcv/Makefile + src/libimcv/plugins/imc_test/Makefile + src/libimcv/plugins/imv_test/Makefile + src/libimcv/plugins/imc_scanner/Makefile + src/libimcv/plugins/imv_scanner/Makefile src/pluto/Makefile src/pluto/plugins/xauth/Makefile src/whack/Makefile @@ -1049,8 +1178,11 @@ AC_OUTPUT( src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile + src/libcharon/plugins/tnc_ifmap/Makefile + src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/tnc_imc/Makefile src/libcharon/plugins/tnc_imv/Makefile + src/libcharon/plugins/tnc_tnccs/Makefile src/libcharon/plugins/tnccs_11/Makefile src/libcharon/plugins/tnccs_20/Makefile src/libcharon/plugins/tnccs_dynamic/Makefile @@ -1067,9 +1199,11 @@ AC_OUTPUT( src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/whitelist/Makefile + src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile + src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/android/Makefile src/libcharon/plugins/maemo/Makefile src/libcharon/plugins/stroke/Makefile diff --git a/init/Makefile.in b/init/Makefile.in index 19896b49b..141169af8 100644 --- a/init/Makefile.in +++ b/init/Makefile.in @@ -185,6 +185,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -193,6 +196,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -209,11 +213,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -257,6 +263,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/init/systemd/Makefile.in b/init/systemd/Makefile.in index ebd41134e..a1dbe39eb 100644 --- a/init/systemd/Makefile.in +++ b/init/systemd/Makefile.in @@ -168,6 +168,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -176,6 +179,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -192,11 +196,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -240,6 +246,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/man/Makefile.in b/man/Makefile.in index 679e3464b..a38cf70ba 100644 --- a/man/Makefile.in +++ b/man/Makefile.in @@ -170,6 +170,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -178,6 +181,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -194,11 +198,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -242,6 +248,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/man/ipsec.conf.5 b/man/ipsec.conf.5 index b36a7ece7..0a7f8bfe5 100644 --- a/man/ipsec.conf.5 +++ b/man/ipsec.conf.5 @@ -1,4 +1,4 @@ -.TH IPSEC.CONF 5 "2010-10-19" "4.5.2" "strongSwan" +.TH IPSEC.CONF 5 "2011-12-14" "4.6.4" "strongSwan" .SH NAME ipsec.conf \- IPsec configuration and connections .SH DESCRIPTION @@ -268,7 +268,7 @@ IKEv1 additionally supports the values .B xauthpsk and .B xauthrsasig -that will enable eXtended AUTHentication (XAUTH) in addition to IKEv1 main mode +that will enable eXtended Authentication (XAuth) in addition to IKEv1 main mode based on shared secrets or digital RSA signatures, respectively. IKEv2 additionally supports the value .BR eap , @@ -298,7 +298,7 @@ and .B rightsubnet , a connection is established. .B start -loads a connection and brings it up immediatly. +loads a connection and brings it up immediately. .B ignore ignores the connection. This is equal to delete a connection from the config file. @@ -367,11 +367,17 @@ See .IR strongswan.conf (5) for a description of the IKEv2 retransmission timeout. .TP +.BR closeaction " = " none " | clear | hold | restart" +defines the action to take if the remote peer unexpectedly closes a CHILD_SA +(IKEv2 only, see dpdaction for meaning of values). A closeaction should not be +used if the peer uses reauthentication or uniquids checking, as these events +might trigger a closeaction when not desired. +.TP .BR inactivity " =