From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from mail.kamstrup.com ([93.167.225.188])
	by metis.ext.pengutronix.de with esmtp (Exim 4.72)
	(envelope-from <bth@kamstrup.dk>) id 1XzPDl-0001ew-Ix
	for ptxdist@pengutronix.de; Fri, 12 Dec 2014 13:21:22 +0100
From: Bruno Thomsen <bth@kamstrup.dk>
Date: Fri, 12 Dec 2014 13:21:03 +0100
Message-ID: <1418386864-13667-1-git-send-email-bth@kamstrup.dk>
MIME-Version: 1.0
Subject: [ptxdist] [PATCH 1/2] strongswan: added openssl plugin option
Reply-To: ptxdist@pengutronix.de
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/pipermail/ptxdist>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ptxdist-bounces@pengutronix.de
Errors-To: ptxdist-bounces@pengutronix.de
To: ptxdist@pengutronix.de
Cc: bth@kamstrup.dk

OpenSSL adds Elliptic Curve support in IKE Diffie-Hellman key exchange.

Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
---
 rules/strongswan.in   | 8 ++++++++
 rules/strongswan.make | 5 ++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/rules/strongswan.in b/rules/strongswan.in
index 5402ffb..d50ea8d 100644
--- a/rules/strongswan.in
+++ b/rules/strongswan.in
@@ -5,6 +5,7 @@ menuconfig STRONGSWAN
 	prompt "strongswan                    "
 	select LIBGMP
 	select LIBCURL if STRONGSWAN_LIBCURL
+	select OPENSSL if STRONGSWAN_OPENSSL
 	help
 	  strongSwan is a complete IPsec implementation.
 	  Please keep in mind to configure the kernel accordingly to fulfill
@@ -22,6 +23,13 @@ config STRONGSWAN_LIBCURL
 	  (CRLs) from an HTTP server or as an alternative want to use
 	  the Online Certificate Status Protocol (OCSP) say yes.
 
+config STRONGSWAN_OPENSSL
+	bool
+	default n
+	prompt "OpenSSL crypto library for IKE"
+	help
+	  This will add Elliptic Curve support in IKE Diffie-Hellman key exchange.
+
 config STRONGSWAN_AFALG
 	bool
 	default y
diff --git a/rules/strongswan.make b/rules/strongswan.make
index 57fc7da..df4f9c8 100644
--- a/rules/strongswan.make
+++ b/rules/strongswan.make
@@ -34,6 +34,7 @@ STRONGSWAN_CONF_TOOL	:= autoconf
 STRONGSWAN_CONF_OPT	:= \
 	$(CROSS_AUTOCONF_USR) \
 	--$(call ptx/endis, PTXCONF_STRONGSWAN_LIBCURL)-curl \
+	--$(call ptx/endis, PTXCONF_STRONGSWAN_OPENSSL)-openssl \
 	--disable-unbound \
 	--disable-soup \
 	--disable-ldap \
@@ -150,7 +151,6 @@ STRONGSWAN_CONF_OPT	:= \
 	--disable-osx-attr \
 	--enable-resolve \
 	--disable-padlock \
-	--disable-openssl \
 	--disable-gcrypt \
 	--disable-agent \
 	--disable-pkcs11 \
@@ -228,6 +228,9 @@ STRONGSWAN_PLUGINS := \
 ifdef PTXCONF_STRONGSWAN_LIBCURL
 	STRONGSWAN_PLUGINS += libstrongswan-curl.so
 endif
+ifdef PTXCONF_STRONGSWAN_OPENSSL
+	STRONGSWAN_PLUGINS += libstrongswan-openssl.so
+endif
 ifdef PTXCONF_STRONGSWAN_AFALG
 	STRONGSWAN_PLUGINS += libstrongswan-af-alg.so
 endif
-- 
1.9.1


-- 
ptxdist mailing list
ptxdist@pengutronix.de