#
-# Copyright (C) 2007-2015 Tobias Brunner
-# Copyright (C) 2006-2016 Andreas Steffen
+# Copyright (C) 2007-2017 Tobias Brunner
+# Copyright (C) 2006-2017 Andreas Steffen
# Copyright (C) 2006-2014 Martin Willi
# HSR Hochschule fuer Technik Rapperswil
#
# initialize & set some vars
# ============================
-AC_INIT([strongSwan],[5.5.2dr4])
+AC_INIT([strongSwan],[5.6.2])
AM_INIT_AUTOMAKE(m4_esyscmd([
echo tar-ustar
echo subdir-objects
AC_CONFIG_MACRO_DIR([m4/config])
AC_CONFIG_HEADERS([config.h])
AC_DEFINE([CONFIG_H_INCLUDED], [], [defined if config.h included])
+AC_DISABLE_STATIC
PKG_PROG_PKG_CONFIG
m4_include(m4/macros/split-package-version.m4)
ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table])
ARG_WITH_SUBST([ipsec-script], [ipsec], [change the name of the ipsec script])
ARG_WITH_SUBST([fips-mode], [0], [set openssl FIPS mode: disabled(0), enabled(1), Suite B enabled(2)])
+ARG_WITH_SUBST([libfuzzer], [], [path to libFuzzer.a])
ARG_WITH_SET([capabilities], [no], [set capability dropping library. Currently supported values are "libcap" and "native"])
ARG_WITH_SET([mpz_powm_sec], [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available])
ARG_WITH_SET([dev-headers], [no], [install strongSwan development headers to directory.])
ARG_ENABL_SET([eap-sim-file], [enable EAP-SIM backend based on a triplet file.])
ARG_ENABL_SET([eap-sim-pcsc], [enable EAP-SIM backend based on a smartcard reader. Requires libpcsclite.])
ARG_ENABL_SET([eap-aka], [enable EAP AKA authentication module.])
+ARG_ENABL_SET([eap-aka-3gpp], [enable EAP AKA backend implementing 3GPP MILENAGE algorithms in software.])
ARG_ENABL_SET([eap-aka-3gpp2], [enable EAP AKA backend implementing 3GPP2 algorithms in software. Requires libgmp.])
ARG_ENABL_SET([eap-simaka-sql], [enable EAP-SIM/AKA backend based on a triplet/quintuplet SQL database.])
ARG_ENABL_SET([eap-simaka-pseudonym], [enable EAP-SIM/AKA pseudonym storage plugin.])
ARG_ENABL_SET([ipseckey], [enable IPSECKEY authentication plugin.])
ARG_ENABL_SET([keychain], [enables OS X Keychain Services credential set.])
ARG_ENABL_SET([pkcs11], [enables the PKCS11 token support plugin.])
+ARG_ENABL_SET([tpm], [enables the TPM plugin.])
ARG_DISBL_SET([revocation], [disable X509 CRL/OCSP revocation check plugin.])
ARG_ENABL_SET([whitelist], [enable peer identity whitelisting plugin.])
ARG_DISBL_SET([xauth-generic], [disable generic XAuth backend.])
ARG_ENABL_SET([imv-attestation],[enable IMV attestation module.])
ARG_ENABL_SET([imc-swid], [enable IMC swid module.])
ARG_ENABL_SET([imv-swid], [enable IMV swid module.])
+ARG_ENABL_SET([imc-swima], [enable IMC swima module.])
+ARG_ENABL_SET([imv-swima], [enable IMV swima module.])
ARG_ENABL_SET([imc-hcd], [enable IMC hcd module.])
ARG_ENABL_SET([imv-hcd], [enable IMV hcd module.])
ARG_ENABL_SET([tnc-ifmap], [enable TNC IF-MAP module. Requires libxml])
ARG_ENABL_SET([tnccs-dynamic], [enable dynamic TNCCS protocol discovery module.])
# misc plugins
ARG_ENABL_SET([android-log], [enable Android specific logger plugin.])
+ARG_ENABL_SET([bypass-lan], [enable plugin to install bypass policies for local subnets.])
ARG_ENABL_SET([certexpire], [enable CSV export of expiration dates of used certificates.])
ARG_ENABL_SET([connmark], [enable connmark plugin using conntrack based marks to select return path SA.])
+ARG_ENABL_SET([counters], [enable plugin that collects several performance counters.])
ARG_ENABL_SET([forecast], [enable forecast plugin forwarding broadcast/multicast messages.])
ARG_ENABL_SET([duplicheck], [advanced duplicate checking plugin using liveness checks.])
ARG_ENABL_SET([error-notify], [enable error notification plugin.])
ARG_ENABL_SET([load-tester], [enable load testing plugin for IKEv2 daemon.])
ARG_ENABL_SET([lookip], [enable fast virtual IP lookup and notification plugin.])
ARG_ENABL_SET([radattr], [enable plugin to inject and process custom RADIUS attributes as IKEv2 client.])
+ARG_ENABL_SET([save-keys], [enable development/debugging plugin that saves IKE and ESP keys in Wireshark format.])
ARG_ENABL_SET([systime-fix], [enable plugin to handle cert lifetimes with invalid system time gracefully.])
ARG_ENABL_SET([test-vectors], [enable plugin providing crypto test vectors.])
ARG_DISBL_SET([updown], [disable updown firewall script plugin.])
# programs/components
ARG_ENABL_SET([aikgen], [enable AIK generator for TPM 1.2.])
-ARG_ENABL_SET([aikpub2], [enable AIK extractor for TPM 2.0.])
ARG_DISBL_SET([charon], [disable the IKEv1/IKEv2 keying daemon charon.])
ARG_ENABL_SET([cmd], [enable the command line IKE client charon-cmd.])
ARG_ENABL_SET([conftest], [enforce Suite B conformance test framework.])
ARG_ENABL_SET([dumm], [enable the DUMM UML test framework.])
ARG_ENABL_SET([fast], [enable libfast (FastCGI Application Server w/ templates.])
+ARG_ENABL_SET([fuzzing], [enable fuzzing scripts (found in directory fuzz).])
ARG_ENABL_SET([libipsec], [enable user space IPsec implementation.])
ARG_ENABL_SET([manager], [enable web management console (proof of concept).])
ARG_ENABL_SET([medcli], [enable mediation client configuration database plugin.])
if test -z "$CFLAGS"; then
CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign"
fi
+AC_SUBST(PLUGIN_CFLAGS)
AC_PROG_CC
AM_PROG_CC_C_O
AC_MSG_CHECKING([gperf version >= 3.0.0])
if test -x "$GPERF"; then
if test "`$GPERF --version | $AWK -F' ' '/^GNU gperf/ { print $3 }' | $AWK -F. '{ print $1 }'`" -ge "3"; then
+ GPERF_OUTPUT="`echo foo | ${GPERF}`"
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <string.h>
+ const char *in_word_set(const char*, size_t); $GPERF_OUTPUT]])],
+ [GPERF_LEN_TYPE=size_t],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <string.h>
+ const char *in_word_set(const char*, unsigned); $GPERF_OUTPUT]])],
+ [GPERF_LEN_TYPE=unsigned],
+ [AC_MSG_ERROR([unable to determine gperf len type])]
+ )]
+ )
+ AC_SUBST(GPERF_LEN_TYPE)
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
tls=true;
fi
-if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then
+if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue -o x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then
imcv=true;
fi
tss_trousers=true
fi
-if test x$aikpub2 = xtrue; then
- tss_tss2=true
+if test x$gmp = xtrue -o x$ntru = xtrue -o x$bliss = xtrue; then
+ mgf1=true
fi
-if test x$ntru = xtrue -o x$bliss = xtrue; then
- mgf1=true
+if test x$stroke = xtrue; then
+ counters=true
fi
# ===========================================
[
AC_MSG_RESULT([yes])
windows=true
- openssl_lib=eay32
+
AC_SUBST(PTHREADLIB, "")
# explicitly disable ms-bitfields, as it breaks __attribute__((packed))
case "$CFLAGS" in
],
[
AC_MSG_RESULT([no])
- openssl_lib=crypto
# check for clock_gettime() on non-Windows only. Otherwise this
# check might find clock_gettime() in libwinpthread, but we don't want
LIBS=$saved_LIBS
]
)
-AC_SUBST(OPENSSL_LIB, [-l$openssl_lib])
AM_CONDITIONAL(USE_WINDOWS, [test "x$windows" = xtrue])
AC_MSG_CHECKING([for working __attribute__((packed))])
AC_MSG_RESULT([no])
# GCC, but not MinGW requires -rdynamic for plugins
if test x$windows != xtrue; then
- AC_SUBST(PLUGIN_CFLAGS, [-rdynamic])
+ PLUGIN_CFLAGS="$PLUGIN_CFLAGS -rdynamic"
fi
]
)
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include "gmp.h"]],
- [[void *x = mpz_powm_sec;]])],
+ [[void *x __attribute__((unused)); x = mpz_powm_sec;]])],
[AC_MSG_RESULT([yes]);
- AC_DEFINE([HAVE_MPZ_POWM_SEC], [], [have mpz_mown_sec()])],
+ AC_DEFINE([HAVE_MPZ_POWM_SEC], [], [have mpz_powm_sec()])],
[AC_MSG_RESULT([no])]
)
else
AC_SUBST(systemd_journal_CFLAGS)
AC_SUBST(systemd_journal_LIBS)]
)
+ saved_LIBS=$LIBS
+ LIBS="$systemd_LIBS $systemd_daemon_LIBS"
+ AC_CHECK_FUNCS(sd_listen_fds_with_names)
+ LIBS=$saved_LIBS
fi
if test x$tss_trousers = xtrue; then
fi
if test x$tss_tss2 = xtrue; then
- PKG_CHECK_MODULES(tss2, [tcti-socket], [AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 libraries])])
- AC_SUBST(tss2_CFLAGS)
- AC_SUBST(tss2_LIBS)
+ PKG_CHECK_MODULES(tss2_tabrmd, [tcti-tabrmd],
+ [tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Mamager])],
+ [tss2_tabrmd=false])
+ PKG_CHECK_MODULES(tss2_socket, [tcti-socket],
+ [tss2_socket=true; AC_DEFINE([TSS2_TCTI_SOCKET], [], [use TCTI Sockets])],
+ [tss2_socket=false])
+ if test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then
+ AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 libraries])
+ AC_SUBST(tss2_CFLAGS, "$tss2_tabrmd_CFLAGS $tss2_socket_CFLAGS")
+ AC_SUBST(tss2_LIBS, "$tss2_tabrmd_LIBS $tss2_socket_LIBS")
+ else
+ AC_MSG_FAILURE([no TSS2 TCTI library detected])
+ fi
fi
-if test x$imv_swid = xtrue; then
+if test x$imc_swima = xtrue -o $imv_swima = xtrue -o x$imv_swid = xtrue; then
PKG_CHECK_MODULES(json, [json-c], [],
[PKG_CHECK_MODULES(json, [json])])
AC_SUBST(json_CFLAGS)
AC_SUBST(gtk_CFLAGS)
AC_SUBST(gtk_LIBS)
AC_CHECK_PROGS(RUBY, ruby)
- AC_MSG_CHECKING([for Ruby header files])
- if test -n "$RUBY"; then
- RUBYINCLUDE=
- RUBYDIR=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG[["rubyhdrdir"]] || ""') 2>/dev/null`
- if test -n "$RUBYDIR" -a -r "$RUBYDIR/ruby.h"; then
- RUBYARCH=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG[["arch"]] || ""') 2>/dev/null`
- if test -n "$RUBYARCH"; then
- AC_MSG_RESULT([$RUBYDIR])
- RUBYINCLUDE="-I$RUBYDIR -I$RUBYDIR/$RUBYARCH"
- fi
- else
- RUBYDIR=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG[["archdir"]] || ""') 2>/dev/null`
- if test -n "$RUBYDIR" -a -r "$RUBYDIR/ruby.h"; then
- AC_MSG_RESULT([$RUBYDIR])
- RUBYINCLUDE="-I$RUBYDIR"
- fi
- fi
- if test -z "$RUBYINCLUDE"; then
- AC_MSG_ERROR([ruby.h not found])
- fi
- AC_SUBST(RUBYINCLUDE)
- else
- AC_MSG_ERROR([don't know how to run ruby])
- fi
- AC_MSG_CHECKING([for libruby])
+ PKG_CHECK_MODULES(ruby, [ruby])
saved_LIBS=$LIBS
- LIBS=`($RUBY -r rbconfig -e 'print RbConfig::CONFIG[["LIBRUBYARG_SHARED"]] || ""') 2>/dev/null`
- AC_TRY_LINK_FUNC(ruby_init,
- [AC_MSG_RESULT([$LIBS]); RUBYLIB=$LIBS],
- [AC_MSG_ERROR([not found])])
- AC_SUBST(RUBYLIB)
+ LIBS=$ruby_LIBS
AC_CHECK_FUNCS(rb_errinfo)
LIBS=$saved_LIBS
fi
fi
if test x$openssl = xtrue; then
- AC_CHECK_LIB([$openssl_lib],[EVP_CIPHER_CTX_new],[LIBS="$LIBS"],
- [AC_MSG_ERROR([OpenSSL lib$openssl_lib not found])],[$DLLIB])
+ if test "x$windows" = xtrue; then
+ openssl_lib=eay32
+ AC_CHECK_LIB([$openssl_lib],[EVP_CIPHER_CTX_new],[LIBS="$LIBS"],
+ [AC_MSG_RESULT([no]);openssl_lib=""],[$DLLIB])
+ fi
+ if test -z "$openssl_lib"; then
+ openssl_lib=crypto
+ AC_CHECK_LIB([$openssl_lib],[EVP_CIPHER_CTX_new],[LIBS="$LIBS"],
+ [AC_MSG_ERROR([OpenSSL lib$openssl_lib not found])],[$DLLIB])
+ fi
+ AC_SUBST(OPENSSL_LIB, [-l$openssl_lib])
AC_CHECK_HEADER([openssl/evp.h],,[AC_MSG_ERROR([OpenSSL header openssl/evp.h not found!])])
fi
fi
if test x$nm = xtrue; then
- PKG_CHECK_EXISTS([libnm-glib],
- [PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm-util libnm-glib libnm-glib-vpn])],
- [PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm_util libnm_glib libnm_glib_vpn])]
- )
+ PKG_CHECK_MODULES(nm, [gthread-2.0 libnm])
AC_SUBST(nm_CFLAGS)
AC_SUBST(nm_LIBS)
fi
fi
if test x$unwind_backtraces = xtrue; then
- AC_CHECK_LIB([unwind],[unw_getcontext],[LIBS="$LIBS"],[AC_MSG_ERROR([libunwind not found!])],[])
+ AC_CHECK_LIB([unwind],[unw_backtrace],[LIBS="$LIBS"],[AC_MSG_ERROR([libunwind not found!])],[])
AC_CHECK_HEADER([libunwind.h],[AC_DEFINE([HAVE_LIBUNWIND_H],,[have libunwind.h])],
[AC_MSG_ERROR([libunwind.h header not found!])])
UNWINDLIB="-lunwind"
COVERAGE_LDFLAGS="-fprofile-arcs"
AC_SUBST(COVERAGE_CFLAGS)
AC_SUBST(COVERAGE_LDFLAGS)
+ PLUGIN_CFLAGS="$PLUGIN_CFLAGS $COVERAGE_CFLAGS"
AC_MSG_NOTICE([coverage enabled, adding "-g -O0" to CFLAGS])
CFLAGS="${CFLAGS} -g -O0"
fi
+if test x$fuzzing = xtrue; then
+ if test x$libfuzzer = x; then
+ AC_MSG_NOTICE([fuzz targets enabled without libFuzzer, using local driver])
+ CFLAGS="${CFLAGS} -fsanitize=address"
+ libfuzzer="libFuzzerLocal.a"
+ else
+ # required for libFuzzer
+ FUZZING_LDFLAGS="-stdlib=libc++ -lstdc++"
+ AC_SUBST(FUZZING_LDFLAGS)
+ fi
+fi
+
if test x$ruby_gems = xtrue; then
AC_PATH_PROG([GEM], [gem], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
if test x$GEM = x; then
AM_CONDITIONAL(PERL_CPAN_INSTALL, [test "x$perl_cpan_install" = xtrue])
+AC_CACHE_CHECK(
+ [if plugin constructors should be resolved statically],
+ [ss_cv_static_plugin_constructors],
+ [if test x$monolithic = xtrue -a x$enable_static = xyes; then
+ ss_cv_static_plugin_constructors=yes
+ else
+ ss_cv_static_plugin_constructors="no (enabled for static, monolithic builds)"
+ fi]
+)
+if test "x$ss_cv_static_plugin_constructors" = xyes; then
+ static_plugin_constructors=true
+fi
+
# ===============================================
# collect plugin list for strongSwan components
# ===============================================
scepclient_plugins=
pki_plugins=
scripts_plugins=
+fuzz_plugins=
manager_plugins=
medsrv_plugins=
nm_plugins=
aikgen_plugins=
# location specific lists for checksumming,
-# for src/libcharon, src/libstrongswan and src/libtnccs
+# for src/libcharon, src/libstrongswan, src/libtnccs and src/libtpmtss
c_plugins=
s_plugins=
t_plugins=
+p_plugins=
ADD_PLUGIN([test-vectors], [s charon scepclient pki])
ADD_PLUGIN([unbound], [s charon scripts])
ADD_PLUGIN([ldap], [s charon scepclient scripts nm cmd])
ADD_PLUGIN([pkcs11], [s charon pki nm cmd])
+ADD_PLUGIN([tpm], [p charon pki nm cmd])
ADD_PLUGIN([aesni], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([aes], [s charon scepclient pki scripts nm cmd])
ADD_PLUGIN([des], [s charon scepclient pki scripts nm cmd])
ADD_PLUGIN([blowfish], [s charon scepclient pki scripts nm cmd])
ADD_PLUGIN([rc2], [s charon scepclient pki scripts nm cmd])
-ADD_PLUGIN([sha2], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
-ADD_PLUGIN([sha3], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
-ADD_PLUGIN([sha1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
+ADD_PLUGIN([sha2], [s charon scepclient pki scripts medsrv attest nm cmd aikgen fuzz])
+ADD_PLUGIN([sha3], [s charon scepclient pki scripts medsrv attest nm cmd aikgen fuzz])
+ADD_PLUGIN([sha1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
ADD_PLUGIN([md4], [s charon scepclient pki nm cmd])
ADD_PLUGIN([md5], [s charon scepclient pki scripts attest nm cmd aikgen])
ADD_PLUGIN([mgf1], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([rdrand], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([random], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([nonce], [s charon nm cmd aikgen])
-ADD_PLUGIN([x509], [s charon scepclient pki scripts attest nm cmd aikgen])
+ADD_PLUGIN([x509], [s charon scepclient pki scripts attest nm cmd aikgen fuzz])
ADD_PLUGIN([revocation], [s charon pki nm cmd])
ADD_PLUGIN([constraints], [s charon nm cmd])
ADD_PLUGIN([acert], [s charon])
-ADD_PLUGIN([pubkey], [s charon cmd aikgen])
-ADD_PLUGIN([pkcs1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
+ADD_PLUGIN([pubkey], [s charon pki cmd aikgen])
+ADD_PLUGIN([pkcs1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
ADD_PLUGIN([pkcs7], [s charon scepclient pki scripts nm cmd])
ADD_PLUGIN([pkcs8], [s charon scepclient pki scripts manager medsrv attest nm cmd])
ADD_PLUGIN([pkcs12], [s charon scepclient pki scripts cmd])
ADD_PLUGIN([sshkey], [s charon pki nm cmd])
ADD_PLUGIN([dnscert], [c charon])
ADD_PLUGIN([ipseckey], [c charon])
-ADD_PLUGIN([pem], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
+ADD_PLUGIN([pem], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
ADD_PLUGIN([padlock], [s charon])
ADD_PLUGIN([openssl], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([gcrypt], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([af-alg], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([fips-prf], [s charon nm cmd])
-ADD_PLUGIN([gmp], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
-ADD_PLUGIN([curve25519], [s charon scripts nm cmd])
+ADD_PLUGIN([gmp], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
+ADD_PLUGIN([curve25519], [s charon pki scripts nm cmd])
ADD_PLUGIN([agent], [s charon nm cmd])
ADD_PLUGIN([keychain], [s charon cmd])
ADD_PLUGIN([chapoly], [s charon scripts nm cmd])
ADD_PLUGIN([kernel-pfroute], [c charon starter nm cmd])
ADD_PLUGIN([kernel-netlink], [c charon starter nm cmd])
ADD_PLUGIN([resolve], [c charon cmd])
+ADD_PLUGIN([save-keys], [c])
ADD_PLUGIN([socket-default], [c charon nm cmd])
ADD_PLUGIN([socket-dynamic], [c charon cmd])
ADD_PLUGIN([socket-win], [c charon])
+ADD_PLUGIN([bypass-lan], [c charon nm cmd])
ADD_PLUGIN([connmark], [c charon])
ADD_PLUGIN([forecast], [c charon])
ADD_PLUGIN([farp], [c charon])
ADD_PLUGIN([eap-sim-file], [c charon])
ADD_PLUGIN([eap-sim-pcsc], [c charon])
ADD_PLUGIN([eap-aka], [c charon])
+ADD_PLUGIN([eap-aka-3gpp], [c charon])
ADD_PLUGIN([eap-aka-3gpp2], [c charon])
ADD_PLUGIN([eap-simaka-sql], [c charon])
ADD_PLUGIN([eap-simaka-pseudonym], [c charon])
ADD_PLUGIN([uci], [c charon])
ADD_PLUGIN([addrblock], [c charon])
ADD_PLUGIN([unity], [c charon])
+ADD_PLUGIN([counters], [c charon])
AC_SUBST(charon_plugins)
AC_SUBST(starter_plugins)
AC_SUBST(scepclient_plugins)
AC_SUBST(pki_plugins)
AC_SUBST(scripts_plugins)
+AC_SUBST(fuzz_plugins)
AC_SUBST(manager_plugins)
AC_SUBST(medsrv_plugins)
AC_SUBST(nm_plugins)
AC_SUBST(aikgen_plugins)
AC_SUBST(c_plugins)
-AC_SUBST(h_plugins)
+AC_SUBST(p_plugins)
AC_SUBST(s_plugins)
AC_SUBST(t_plugins)
AM_CONDITIONAL(USE_AGENT, test x$agent = xtrue)
AM_CONDITIONAL(USE_KEYCHAIN, test x$keychain = xtrue)
AM_CONDITIONAL(USE_PKCS11, test x$pkcs11 = xtrue)
+AM_CONDITIONAL(USE_TPM, test x$tpm = xtrue)
AM_CONDITIONAL(USE_CHAPOLY, test x$chapoly = xtrue)
AM_CONDITIONAL(USE_CTR, test x$ctr = xtrue)
AM_CONDITIONAL(USE_CCM, test x$ccm = xtrue)
AM_CONDITIONAL(USE_EAP_MD5, test x$eap_md5 = xtrue)
AM_CONDITIONAL(USE_EAP_GTC, test x$eap_gtc = xtrue)
AM_CONDITIONAL(USE_EAP_AKA, test x$eap_aka = xtrue)
+AM_CONDITIONAL(USE_EAP_AKA_3GPP, test x$eap_aka_3gpp = xtrue)
AM_CONDITIONAL(USE_EAP_AKA_3GPP2, test x$eap_aka_3gpp2 = xtrue)
AM_CONDITIONAL(USE_EAP_MSCHAPV2, test x$eap_mschapv2 = xtrue)
AM_CONDITIONAL(USE_EAP_TLS, test x$eap_tls = xtrue)
AM_CONDITIONAL(USE_IMV_ATTESTATION, test x$imv_attestation = xtrue)
AM_CONDITIONAL(USE_IMC_SWID, test x$imc_swid = xtrue)
AM_CONDITIONAL(USE_IMV_SWID, test x$imv_swid = xtrue)
+AM_CONDITIONAL(USE_IMC_SWIMA, test x$imc_swima = xtrue)
+AM_CONDITIONAL(USE_IMV_SWIMA, test x$imv_swima = xtrue)
AM_CONDITIONAL(USE_IMC_HCD, test x$imc_hcd = xtrue)
AM_CONDITIONAL(USE_IMV_HCD, test x$imv_hcd = xtrue)
+AM_CONDITIONAL(USE_SAVE_KEYS, test x$save_keys = xtrue)
AM_CONDITIONAL(USE_SOCKET_DEFAULT, test x$socket_default = xtrue)
AM_CONDITIONAL(USE_SOCKET_DYNAMIC, test x$socket_dynamic = xtrue)
AM_CONDITIONAL(USE_SOCKET_WIN, test x$socket_win = xtrue)
+AM_CONDITIONAL(USE_BYPASS_LAN, test x$bypass_lan = xtrue)
AM_CONDITIONAL(USE_CONNMARK, test x$connmark = xtrue)
AM_CONDITIONAL(USE_FORECAST, test x$forecast = xtrue)
AM_CONDITIONAL(USE_FARP, test x$farp = xtrue)
AM_CONDITIONAL(USE_RESOLVE, test x$resolve = xtrue)
AM_CONDITIONAL(USE_ATTR, test x$attr = xtrue)
AM_CONDITIONAL(USE_ATTR_SQL, test x$attr_sql = xtrue)
+AM_CONDITIONAL(USE_COUNTERS, test x$counters = xtrue)
# other options
# ---------------
AM_CONDITIONAL(USE_PKI, test x$pki = xtrue)
AM_CONDITIONAL(USE_SCEPCLIENT, test x$scepclient = xtrue)
AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue)
+AM_CONDITIONAL(USE_FUZZING, test x$fuzzing = xtrue)
AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue)
-AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$aikpub2 = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
+AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
AM_CONDITIONAL(USE_LIBIPSEC, test x$libipsec = xtrue)
AM_CONDITIONAL(USE_LIBNTTFFT, test x$bliss = xtrue -o x$newhope = xtrue)
AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue)
AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue)
AM_CONDITIONAL(USE_LIBPTTLS, test x$tnc_tnccs = xtrue)
-AM_CONDITIONAL(USE_LIBTPMTSS, test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$aikgen = xtrue -o x$aikpub2 = xtrue -o x$imcv = xtrue)
+AM_CONDITIONAL(USE_LIBTPMTSS, test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$tpm = xtrue -o x$aikgen = xtrue -o x$imcv = xtrue)
AM_CONDITIONAL(USE_FILE_CONFIG, test x$stroke = xtrue)
AM_CONDITIONAL(USE_IPSEC_SCRIPT, test x$stroke = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue)
AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap)
AM_CONDITIONAL(USE_TROUSERS, test x$tss_trousers = xtrue)
AM_CONDITIONAL(USE_TSS2, test x$tss_tss2 = xtrue)
AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue)
+AM_CONDITIONAL(STATIC_PLUGIN_CONSTRUCTORS, test x$static_plugin_constructors = xtrue)
AM_CONDITIONAL(USE_SILENT_RULES, test x$enable_silent_rules = xyes)
AM_CONDITIONAL(COVERAGE, test x$coverage = xtrue)
AM_CONDITIONAL(USE_DBGHELP, test x$dbghelp_backtraces = xtrue)
AM_CONDITIONAL(USE_TKM, test x$tkm = xtrue)
AM_CONDITIONAL(USE_CMD, test x$cmd = xtrue)
AM_CONDITIONAL(USE_AIKGEN, test x$aikgen = xtrue)
-AM_CONDITIONAL(USE_AIKPUB2, test x$aikpub2 = xtrue)
AM_CONDITIONAL(USE_SWANCTL, test x$swanctl = xtrue)
AM_CONDITIONAL(USE_SVC, test x$svc = xtrue)
AM_CONDITIONAL(USE_SYSTEMD, test x$systemd = xtrue)
if test x$monolithic = xtrue; then
AC_DEFINE([MONOLITHIC], [], [monolithic build embedding plugins])
fi
+if test x$static_plugin_constructors = xtrue; then
+ AC_DEFINE([STATIC_PLUGIN_CONSTRUCTORS], [], [static plugin constructors])
+fi
if test x$ikev1 = xtrue; then
AC_DEFINE([USE_IKEV1], [], [support for IKEv1 protocol])
fi
if test x$ikev2 = xtrue; then
AC_DEFINE([USE_IKEV2], [], [support for IKEv2 protocol])
fi
+if test x$fuzzing = xtrue; then
+ AC_DEFINE([USE_FUZZING], [], [build code for fuzzing])
+fi
+if test x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imv_swid = xtrue ; then
+ AC_DEFINE([USE_JSON], [], [build code for JSON])
+fi
# ====================================================
# options for enabled modules (see conf/Makefile.am)
strongswan_options=
AM_COND_IF([USE_AIKGEN], [strongswan_options=${strongswan_options}" aikgen"])
-AM_COND_IF([USE_AIKPUB2], [strongswan_options=${strongswan_options}" aikpub2"])
AM_COND_IF([USE_ATTR_SQL], [strongswan_options=${strongswan_options}" pool"])
AM_COND_IF([USE_CHARON], [strongswan_options=${strongswan_options}" charon charon-logging"])
AM_COND_IF([USE_FILE_CONFIG], [strongswan_options=${strongswan_options}" starter"])
AM_COND_IF([USE_IMV_ATTESTATION], [strongswan_options=${strongswan_options}" attest"])
AM_COND_IF([USE_IMCV], [strongswan_options=${strongswan_options}" imcv"])
-AM_COND_IF([USE_IMV_OS], [strongswan_options=${strongswan_options}" pacman"])
+AM_COND_IF([USE_IMV_SWIMA], [strongswan_options=${strongswan_options}" sec-updater"])
AM_COND_IF([USE_LIBTNCCS], [strongswan_options=${strongswan_options}" tnc"])
AM_COND_IF([USE_MANAGER], [strongswan_options=${strongswan_options}" manager"])
AM_COND_IF([USE_MEDSRV], [strongswan_options=${strongswan_options}" medsrv"])
AM_COND_IF([USE_SCEPCLIENT], [strongswan_options=${strongswan_options}" scepclient"])
AM_COND_IF([USE_PKI], [strongswan_options=${strongswan_options}" pki"])
AM_COND_IF([USE_SWANCTL], [strongswan_options=${strongswan_options}" swanctl"])
+AM_COND_IF([USE_SYSTEMD], [strongswan_options=${strongswan_options}" charon-systemd"])
AC_SUBST(strongswan_options)
AC_CONFIG_FILES([
Makefile
conf/Makefile
+ fuzz/Makefile
man/Makefile
init/Makefile
init/systemd/Makefile
src/libimcv/plugins/imv_attestation/Makefile
src/libimcv/plugins/imc_swid/Makefile
src/libimcv/plugins/imv_swid/Makefile
+ src/libimcv/plugins/imc_swima/Makefile
+ src/libimcv/plugins/imv_swima/Makefile
src/libimcv/plugins/imc_hcd/Makefile
src/libimcv/plugins/imv_hcd/Makefile
src/charon/Makefile
src/charon-systemd/Makefile
src/libcharon/Makefile
src/libcharon/plugins/eap_aka/Makefile
+ src/libcharon/plugins/eap_aka_3gpp/Makefile
src/libcharon/plugins/eap_aka_3gpp2/Makefile
src/libcharon/plugins/eap_dynamic/Makefile
src/libcharon/plugins/eap_identity/Makefile
src/libcharon/plugins/xauth_noauth/Makefile
src/libcharon/plugins/tnc_ifmap/Makefile
src/libcharon/plugins/tnc_pdp/Makefile
+ src/libcharon/plugins/save_keys/Makefile
src/libcharon/plugins/socket_default/Makefile
src/libcharon/plugins/socket_dynamic/Makefile
src/libcharon/plugins/socket_win/Makefile
+ src/libcharon/plugins/bypass_lan/Makefile
src/libcharon/plugins/connmark/Makefile
+ src/libcharon/plugins/counters/Makefile
src/libcharon/plugins/forecast/Makefile
src/libcharon/plugins/farp/Makefile
src/libcharon/plugins/smp/Makefile
src/libcharon/plugins/attr_sql/Makefile
src/libcharon/tests/Makefile
src/libtpmtss/Makefile
+ src/libtpmtss/plugins/tpm/Makefile
src/stroke/Makefile
src/ipsec/Makefile
src/starter/Makefile
src/_copyright/Makefile
src/scepclient/Makefile
src/aikgen/Makefile
- src/aikpub2/Makefile
+ src/tpm_extendpcr/Makefile
src/pki/Makefile
src/pki/man/Makefile
src/pool/Makefile
src/checksum/Makefile
src/conftest/Makefile
src/pt-tls-client/Makefile
+ src/sw-collector/Makefile
+ src/sec-updater/Makefile
src/swanctl/Makefile
scripts/Makefile
testing/Makefile
src/swanctl/swanctl.8
src/swanctl/swanctl.conf.5.head
src/swanctl/swanctl.conf.5.tail
+ src/pt-tls-client/pt-tls-client.1
+ src/sw-collector/sw-collector.8
+ src/sec-updater/sec-updater.8
])
AC_OUTPUT
AC_MSG_RESULT([libstrongswan:$s_plugins])
AC_MSG_RESULT([libcharon: $c_plugins])
AC_MSG_RESULT([libtnccs: $t_plugins])
+AC_MSG_RESULT([libtpmtss: $p_plugins])
AC_MSG_RESULT([])