#
-# Copyright (C) 2007-2017 Tobias Brunner
-# Copyright (C) 2006-2019 Andreas Steffen
+# Copyright (C) 2007-2022 Tobias Brunner
+# Copyright (C) 2006-2022 Andreas Steffen
# Copyright (C) 2006-2014 Martin Willi
#
# Copyright (C) secunet Security Networks AG
# initialize & set some vars
# ============================
-AC_INIT([strongSwan],[5.9.7])
+AC_INIT([strongSwan],[5.9.14])
AM_INIT_AUTOMAKE(m4_esyscmd([
echo tar-ustar
echo subdir-objects
ARG_DISBL_SET([des], [disable DES/3DES software implementation plugin.])
ARG_DISBL_SET([drbg], [disable the NIST Deterministic Random Bit Generator plugin.])
ARG_DISBL_SET([fips-prf], [disable FIPS PRF software implementation plugin.])
-ARG_ENABL_SET([gcm], [enables the GCM AEAD wrapper crypto plugin.])
+ARG_DISBL_SET([gcm], [disable the GCM AEAD wrapper crypto plugin.])
ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.])
ARG_DISBL_SET([gmp], [disable GNU MP (libgmp) based crypto implementation plugin.])
ARG_DISBL_SET([curve25519], [disable Curve25519 Diffie-Hellman plugin.])
ARG_DISBL_SET([pubkey], [disable RAW public key support plugin.])
ARG_DISBL_SET([sshkey], [disable SSH key decoding plugin.])
ARG_DISBL_SET([x509], [disable X509 certificate implementation plugin.])
+ARG_ENABL_SET([openxpki], [enable OCSP responder accessing OpenXPKI certificate database.])
# fetcher/resolver plugins
ARG_ENABL_SET([curl], [enable CURL fetcher plugin to fetch files via libcurl. Requires libcurl.])
ARG_ENABL_SET([files], [enable simple file:// URI fetcher.])
ARG_ENABL_SET([medsrv], [enable mediation server web frontend and daemon plugin.])
ARG_ENABL_SET([nm], [enable NetworkManager backend.])
ARG_DISBL_SET([pki], [disable pki certificate utility.])
-ARG_DISBL_SET([scepclient], [disable SCEP client tool.])
ARG_DISBL_SET([scripts], [disable additional utilities (found in directory scripts).])
ARG_ENABL_SET([svc], [enable charon Windows service.])
ARG_ENABL_SET([systemd], [enable systemd specific IKE daemon charon-systemd.])
ARG_DISBL_SET([swanctl], [disable swanctl configuration and control tool.])
ARG_ENABL_SET([tkm], [enable Trusted Key Manager support.])
+ARG_ENABL_SET([cert-enroll], [enable automatic certificate enrollment via EST or SCEP.])
# optional features
ARG_ENABL_SET([bfd-backtraces], [use binutils libbfd to resolve backtraces for memory leaks and segfaults.])
ARG_ENABL_SET([dbghelp-backtraces],[use dbghlp.dll on Windows to create and print backtraces for memory leaks and segfaults.])
ARG_ENABL_SET([selinux], [enable SELinux support for labeled IPsec.])
ARG_ENABL_SET([tss-trousers], [enable the use of the TrouSerS Trusted Software Stack])
ARG_ENABL_SET([tss-tss2], [enable the use of the TSS 2.0 Trusted Software Stack])
+ARG_ENABL_SET([cert-enroll-timer],[enable installation of cert-enroll as a systemd timer.])
# compile options
+ARG_ENABL_SET([asan], [enable build with AddressSanitizer (ASan).])
ARG_ENABL_SET([coverage], [enable lcov coverage report generation.])
ARG_ENABL_SET([git-version], [use output of 'git describe' as version information in executables.])
ARG_ENABL_SET([leak-detective], [enable malloc hooks to find memory leaks.])
tnc_tnccs=true;
fi
-if test x$eap_tls = xtrue -o x$eap_ttls = xtrue -o x$eap_peap = xtrue -o x$tnc_tnccs = xtrue; then
+if test x$eap_tls = xtrue -o x$eap_ttls = xtrue -o x$eap_peap = xtrue -o x$tnc_tnccs = xtrue -o x$pki = xtrue; then
tls=true;
fi
mgf1=true
fi
-if test x$stroke = xtrue; then
+if test x$stroke = xtrue -o x$vici = xtrue; then
counters=true
fi
+if test x$cert_enroll = xtrue; then
+ pki=true
+fi
+
if test x$kdf = xfalse; then
if test x$aesni = xtrue -o x$cmac = xtrue -o x$xcbc = xtrue; then
AC_MSG_WARN(m4_normalize([
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>]],
- [[struct in6_pktinfo pi;
+ [[struct in6_pktinfo pi = {};
if (pi.ipi6_ifindex)
{
return 0;
AC_SUBST(xml_LIBS)
fi
-if test x$systemd = xtrue; then
+if test x$systemd = xtrue -o x$cert_enroll_timer = xtrue; then
AC_MSG_CHECKING([for systemd system unit directory])
if test -n "$systemdsystemunitdir" -a "x$systemdsystemunitdir" != xno; then
AC_MSG_RESULT([$systemdsystemunitdir])
else
AC_MSG_ERROR([not found (try --with-systemdsystemunitdir)])
fi
+fi
+if test x$systemd = xtrue; then
PKG_CHECK_MODULES(systemd, [libsystemd >= 209],
[AC_SUBST(systemd_CFLAGS)
AC_SUBST(systemd_LIBS)],
if test "x$windows" = xtrue; then
openssl_lib=eay32
AC_CHECK_LIB([$openssl_lib],[EVP_CIPHER_CTX_new],[LIBS="$LIBS"],
- [AC_MSG_RESULT([no]);openssl_lib=""],[$DLLIB])
+ [openssl_lib=""],[$DLLIB])
fi
if test -z "$openssl_lib"; then
openssl_lib=crypto
AC_SUBST(botan_LIBS)
saved_LIBS=$LIBS
LIBS="$botan_LIBS"
- AC_CHECK_FUNCS(botan_rng_init_custom)
+ AC_CHECK_FUNCS(botan_rng_init_custom botan_pubkey_ecc_key_used_explicit_encoding)
LIBS=$saved_LIBS
fi
esac
fi
+if test x$asan = xtrue; then
+ # adding this here and not earlier or passed to the script avoids issues
+ # e.g. with libpthread (libasan provides stubs for its functions but no full
+ # implementation so configure does not detect that -lpthread is required
+ # when GCC is used, clang always adds -lpthread)
+ CFLAGS="$CFLAGS -fsanitize=address -fno-omit-frame-pointer"
+ # this is necessary so AddressSanitizer can resolve symbols e.g. for
+ # C++ exceptions that are used in libbotan
+ if test x$botan = xtrue; then
+ LDFLAGS="$LDFLAGS -lstdc++"
+ fi
+ if test x$openssl = xtrue; then
+ # we need to suppress some leaks with OpenSSL 3 as we don't deinitialze
+ # it properly
+ AC_SUBST(LSAN_OPTIONS, [suppressions=\${abs_top_srcdir}/.lsan.suppressions])
+ # use this instead of AM_TESTS_ENVIRONMENT as we don't use the parallel
+ # test harness
+ AC_SUBST(TESTS_ENVIRONMENT, ['export LSAN_OPTIONS="$(LSAN_OPTIONS)";'])
+ fi
+fi
+
if test x$ruby_gems = xtrue; then
AC_PATH_PROG([GEM], [gem], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
if test x$GEM = x; then
# modify CFLAGS as needed, do this late so we don't affect configure checks
CFLAGS="$CFLAGS -include $(pwd)/config.h"
+AC_MSG_CHECKING([for use of -Werror and additional warnings])
WARN_CFLAGS=
if test x$warnings = xtrue; then
WARN_CFLAGS="-Werror -Wall -Wextra"
+ AC_MSG_RESULT([yes])
+else
+ AC_MSG_RESULT([no])
fi
# disable some warnings, whether explicitly enabled above or by default
# these are not compatible with our custom printf specifiers
# plugin lists for all components
charon_plugins=
-starter_plugins=
pool_plugins=
attest_plugins=
-scepclient_plugins=
pki_plugins=
scripts_plugins=
fuzz_plugins=
t_plugins=
p_plugins=
-ADD_PLUGIN([test-vectors], [s charon scepclient pki])
+ADD_PLUGIN([test-vectors], [s charon pki])
ADD_PLUGIN([unbound], [s charon scripts])
-ADD_PLUGIN([ldap], [s charon scepclient scripts nm cmd])
+ADD_PLUGIN([ldap], [s charon scripts nm cmd])
ADD_PLUGIN([pkcs11], [s charon pki nm cmd])
ADD_PLUGIN([tpm], [p charon pki nm cmd])
-ADD_PLUGIN([aesni], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
-ADD_PLUGIN([aes], [s charon scepclient pki scripts nm cmd])
-ADD_PLUGIN([des], [s charon scepclient pki scripts nm cmd])
-ADD_PLUGIN([blowfish], [s charon scepclient pki scripts nm cmd])
-ADD_PLUGIN([rc2], [s charon scepclient pki scripts nm cmd])
-ADD_PLUGIN([sha2], [s charon scepclient pki scripts medsrv attest nm cmd aikgen fuzz])
-ADD_PLUGIN([sha3], [s charon scepclient pki scripts medsrv attest nm cmd aikgen fuzz])
-ADD_PLUGIN([sha1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
-ADD_PLUGIN([md4], [s charon scepclient pki nm cmd])
-ADD_PLUGIN([md5], [s charon scepclient pki scripts attest nm cmd aikgen])
-ADD_PLUGIN([mgf1], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
-ADD_PLUGIN([rdrand], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
-ADD_PLUGIN([random], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
+ADD_PLUGIN([aesni], [s charon pki scripts medsrv attest nm cmd aikgen])
+ADD_PLUGIN([aes], [s charon pki scripts nm cmd])
+ADD_PLUGIN([des], [s charon pki scripts nm cmd])
+ADD_PLUGIN([blowfish], [s charon pki scripts nm cmd])
+ADD_PLUGIN([rc2], [s charon pki scripts nm cmd])
+ADD_PLUGIN([sha2], [s charon pki scripts medsrv attest nm cmd aikgen fuzz])
+ADD_PLUGIN([sha3], [s charon pki scripts medsrv attest nm cmd aikgen fuzz])
+ADD_PLUGIN([sha1], [s charon pki scripts manager medsrv attest nm cmd aikgen fuzz])
+ADD_PLUGIN([md4], [s charon pki nm cmd])
+ADD_PLUGIN([md5], [s charon pki scripts attest nm cmd aikgen])
+ADD_PLUGIN([mgf1], [s charon pki scripts medsrv attest nm cmd aikgen])
+ADD_PLUGIN([rdrand], [s charon pki scripts medsrv attest nm cmd aikgen])
+ADD_PLUGIN([random], [s charon pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([nonce], [s charon nm cmd aikgen])
-ADD_PLUGIN([x509], [s charon scepclient pki scripts attest nm cmd aikgen fuzz])
+ADD_PLUGIN([x509], [s charon pki scripts attest nm cmd aikgen fuzz])
ADD_PLUGIN([revocation], [s charon pki nm cmd])
-ADD_PLUGIN([constraints], [s charon nm cmd])
+ADD_PLUGIN([constraints], [s charon pki nm cmd])
ADD_PLUGIN([acert], [s charon])
ADD_PLUGIN([pubkey], [s charon pki cmd aikgen])
-ADD_PLUGIN([pkcs1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
-ADD_PLUGIN([pkcs7], [s charon scepclient pki scripts nm cmd])
-ADD_PLUGIN([pkcs12], [s charon scepclient pki scripts cmd])
+ADD_PLUGIN([pkcs1], [s charon pki scripts manager medsrv attest nm cmd aikgen fuzz])
+ADD_PLUGIN([pkcs7], [s charon pki scripts nm cmd])
+ADD_PLUGIN([pkcs12], [s charon pki scripts cmd])
ADD_PLUGIN([pgp], [s charon])
ADD_PLUGIN([dnskey], [s charon pki])
ADD_PLUGIN([sshkey], [s charon pki nm cmd])
ADD_PLUGIN([dnscert], [c charon])
ADD_PLUGIN([ipseckey], [c charon])
-ADD_PLUGIN([pem], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
+ADD_PLUGIN([pem], [s charon pki scripts manager medsrv attest nm cmd aikgen fuzz])
ADD_PLUGIN([padlock], [s charon])
-ADD_PLUGIN([openssl], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
-ADD_PLUGIN([wolfssl], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
-ADD_PLUGIN([gcrypt], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
-ADD_PLUGIN([botan], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
-ADD_PLUGIN([pkcs8], [s charon scepclient pki scripts manager medsrv attest nm cmd])
-ADD_PLUGIN([af-alg], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
+ADD_PLUGIN([openssl], [s charon pki scripts manager medsrv attest nm cmd aikgen])
+ADD_PLUGIN([wolfssl], [s charon pki scripts manager medsrv attest nm cmd aikgen])
+ADD_PLUGIN([gcrypt], [s charon pki scripts manager medsrv attest nm cmd aikgen])
+ADD_PLUGIN([botan], [s charon pki scripts manager medsrv attest nm cmd aikgen])
+ADD_PLUGIN([pkcs8], [s charon pki scripts manager medsrv attest nm cmd])
+ADD_PLUGIN([af-alg], [s charon pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([fips-prf], [s charon nm cmd])
-ADD_PLUGIN([gmp], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
+ADD_PLUGIN([gmp], [s charon pki scripts manager medsrv attest nm cmd aikgen fuzz])
ADD_PLUGIN([curve25519], [s charon pki scripts nm cmd])
ADD_PLUGIN([agent], [s charon nm cmd])
ADD_PLUGIN([keychain], [s charon cmd])
ADD_PLUGIN([drbg], [s charon pki scripts nm cmd])
ADD_PLUGIN([newhope], [s charon scripts nm cmd])
ADD_PLUGIN([bliss], [s charon pki scripts nm cmd])
-ADD_PLUGIN([curl], [s charon scepclient pki scripts nm cmd])
-ADD_PLUGIN([files], [s charon scepclient pki scripts nm cmd])
+ADD_PLUGIN([curl], [s charon pki scripts nm cmd])
+ADD_PLUGIN([files], [s charon pki scripts nm cmd])
ADD_PLUGIN([winhttp], [s charon pki scripts])
ADD_PLUGIN([soup], [s charon pki scripts nm cmd])
-ADD_PLUGIN([mysql], [s charon pool manager medsrv attest])
-ADD_PLUGIN([sqlite], [s charon pool manager medsrv attest])
+ADD_PLUGIN([mysql], [s charon pki pool manager medsrv attest])
+ADD_PLUGIN([sqlite], [s charon pki pool manager medsrv attest])
+ADD_PLUGIN([openxpki], [s pki])
ADD_PLUGIN([attr], [c charon])
ADD_PLUGIN([attr-sql], [c charon])
ADD_PLUGIN([load-tester], [c charon])
ADD_PLUGIN([kernel-libipsec], [c charon cmd])
ADD_PLUGIN([kernel-wfp], [c charon])
ADD_PLUGIN([kernel-iph], [c charon])
-ADD_PLUGIN([kernel-pfkey], [c charon starter nm cmd])
-ADD_PLUGIN([kernel-pfroute], [c charon starter nm cmd])
-ADD_PLUGIN([kernel-netlink], [c charon starter nm cmd])
-ADD_PLUGIN([selinux], [c charon starter nm cmd])
+ADD_PLUGIN([kernel-pfkey], [c charon nm cmd])
+ADD_PLUGIN([kernel-pfroute], [c charon nm cmd])
+ADD_PLUGIN([kernel-netlink], [c charon nm cmd])
+ADD_PLUGIN([selinux], [c charon nm cmd])
ADD_PLUGIN([resolve], [c charon cmd])
ADD_PLUGIN([save-keys], [c])
ADD_PLUGIN([socket-default], [c charon nm cmd])
ADD_PLUGIN([counters], [c charon])
AC_SUBST(charon_plugins)
-AC_SUBST(starter_plugins)
AC_SUBST(pool_plugins)
AC_SUBST(attest_plugins)
-AC_SUBST(scepclient_plugins)
AC_SUBST(pki_plugins)
AC_SUBST(scripts_plugins)
AC_SUBST(fuzz_plugins)
AM_CONDITIONAL(USE_PKCS7, test x$pkcs7 = xtrue)
AM_CONDITIONAL(USE_PKCS8, test x$pkcs8 = xtrue)
AM_CONDITIONAL(USE_PKCS12, test x$pkcs12 = xtrue)
+AM_CONDITIONAL(USE_OPENXPKI, test x$openxpki = xtrue)
AM_CONDITIONAL(USE_PGP, test x$pgp = xtrue)
AM_CONDITIONAL(USE_DNSKEY, test x$dnskey = xtrue)
AM_CONDITIONAL(USE_SSHKEY, test x$sshkey = xtrue)
AM_CONDITIONAL(USE_ATTR_SQL, test x$attr_sql = xtrue)
AM_CONDITIONAL(USE_COUNTERS, test x$counters = xtrue)
AM_CONDITIONAL(USE_SELINUX, test x$selinux = xtrue)
+AM_CONDITIONAL(USE_PF_HANDLER, test x$dhcp = xtrue -o x$farp = xtrue)
# other options
# ---------------
AM_CONDITIONAL(USE_CHARON, test x$charon = xtrue)
AM_CONDITIONAL(USE_NM, test x$nm = xtrue)
AM_CONDITIONAL(USE_PKI, test x$pki = xtrue)
-AM_CONDITIONAL(USE_SCEPCLIENT, test x$scepclient = xtrue)
AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue)
AM_CONDITIONAL(USE_FUZZING, test x$fuzzing = xtrue)
AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue)
-AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
+AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
AM_CONDITIONAL(USE_LIBIPSEC, test x$libipsec = xtrue)
AM_CONDITIONAL(USE_LIBNTTFFT, test x$bliss = xtrue -o x$newhope = xtrue)
AM_CONDITIONAL(USE_LIBPTTLS, test x$tnc_tnccs = xtrue)
AM_CONDITIONAL(USE_LIBTPMTSS, test x$tss_trousers = xtrue -o x$tss_tss2 = xtrue -o x$tpm = xtrue -o x$aikgen = xtrue -o x$imcv = xtrue)
AM_CONDITIONAL(USE_FILE_CONFIG, test x$stroke = xtrue)
-AM_CONDITIONAL(USE_IPSEC_SCRIPT, test x$stroke = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue)
+AM_CONDITIONAL(USE_IPSEC_SCRIPT, test x$stroke = xtrue -o x$conftest = xtrue)
AM_CONDITIONAL(USE_LIBCAP, test x$capabilities = xlibcap)
AM_CONDITIONAL(USE_VSTR, test x$printf_hooks = xvstr)
AM_CONDITIONAL(USE_BUILTIN_PRINTF, test x$printf_hooks = xbuiltin)
AM_CONDITIONAL(USE_SVC, test x$svc = xtrue)
AM_CONDITIONAL(USE_SYSTEMD, test x$systemd = xtrue)
AM_CONDITIONAL(USE_LEGACY_SYSTEMD, test -n "$systemdsystemunitdir" -a "x$systemdsystemunitdir" != xno)
+AM_CONDITIONAL(USE_CERT_ENROLL, test x$cert_enroll = xtrue)
+AM_CONDITIONAL(USE_CERT_ENROLL_TIMER, test x$cert_enroll_timer = xtrue)
AM_CONDITIONAL(USE_RUBY_GEMS, test x$ruby_gems = xtrue)
AM_CONDITIONAL(USE_PYTHON_EGGS, test x$python_eggs = xtrue)
AM_CONDITIONAL(USE_PERL_CPAN, test x$perl_cpan = xtrue)
AM_COND_IF([USE_LIBTNCCS], [strongswan_options=${strongswan_options}" tnc"])
AM_COND_IF([USE_MANAGER], [strongswan_options=${strongswan_options}" manager"])
AM_COND_IF([USE_MEDSRV], [strongswan_options=${strongswan_options}" medsrv"])
-AM_COND_IF([USE_SCEPCLIENT], [strongswan_options=${strongswan_options}" scepclient"])
AM_COND_IF([USE_PKI], [strongswan_options=${strongswan_options}" pki"])
AM_COND_IF([USE_SWANCTL], [strongswan_options=${strongswan_options}" swanctl"])
AM_COND_IF([USE_SYSTEMD], [strongswan_options=${strongswan_options}" charon-systemd"])
src/libstrongswan/plugins/pkcs7/Makefile
src/libstrongswan/plugins/pkcs8/Makefile
src/libstrongswan/plugins/pkcs12/Makefile
+ src/libstrongswan/plugins/openxpki/Makefile
src/libstrongswan/plugins/pgp/Makefile
src/libstrongswan/plugins/dnskey/Makefile
src/libstrongswan/plugins/sshkey/Makefile
src/starter/Makefile
src/starter/tests/Makefile
src/_updown/Makefile
- src/scepclient/Makefile
src/aikgen/Makefile
src/tpm_extendpcr/Makefile
src/pki/Makefile
src/sw-collector/Makefile
src/sec-updater/Makefile
src/swanctl/Makefile
+ src/cert-enroll/Makefile
src/xfrmi/Makefile
scripts/Makefile
testing/Makefile
src/pki/man/pki.1
src/pki/man/pki---acert.1
src/pki/man/pki---dn.1
+ src/pki/man/pki---est.1
+ src/pki/man/pki---estca.1
src/pki/man/pki---gen.1
src/pki/man/pki---issue.1
src/pki/man/pki---keyid.1
+ src/pki/man/pki---ocsp.1
src/pki/man/pki---pkcs12.1
src/pki/man/pki---pkcs7.1
src/pki/man/pki---print.1
src/pt-tls-client/pt-tls-client.1
src/sw-collector/sw-collector.8
src/sec-updater/sec-updater.8
+ src/cert-enroll/cert-enroll.8
])
AC_OUTPUT