From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail.kamstrup.com ([93.167.225.188]) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1XzPDl-0001ew-Ix for ptxdist@pengutronix.de; Fri, 12 Dec 2014 13:21:22 +0100 From: Bruno Thomsen Date: Fri, 12 Dec 2014 13:21:03 +0100 Message-ID: <1418386864-13667-1-git-send-email-bth@kamstrup.dk> MIME-Version: 1.0 Subject: [ptxdist] [PATCH 1/2] strongswan: added openssl plugin option Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de Cc: bth@kamstrup.dk OpenSSL adds Elliptic Curve support in IKE Diffie-Hellman key exchange. Signed-off-by: Bruno Thomsen --- rules/strongswan.in | 8 ++++++++ rules/strongswan.make | 5 ++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/rules/strongswan.in b/rules/strongswan.in index 5402ffb..d50ea8d 100644 --- a/rules/strongswan.in +++ b/rules/strongswan.in @@ -5,6 +5,7 @@ menuconfig STRONGSWAN prompt "strongswan " select LIBGMP select LIBCURL if STRONGSWAN_LIBCURL + select OPENSSL if STRONGSWAN_OPENSSL help strongSwan is a complete IPsec implementation. Please keep in mind to configure the kernel accordingly to fulfill @@ -22,6 +23,13 @@ config STRONGSWAN_LIBCURL (CRLs) from an HTTP server or as an alternative want to use the Online Certificate Status Protocol (OCSP) say yes. +config STRONGSWAN_OPENSSL + bool + default n + prompt "OpenSSL crypto library for IKE" + help + This will add Elliptic Curve support in IKE Diffie-Hellman key exchange. + config STRONGSWAN_AFALG bool default y diff --git a/rules/strongswan.make b/rules/strongswan.make index 57fc7da..df4f9c8 100644 --- a/rules/strongswan.make +++ b/rules/strongswan.make @@ -34,6 +34,7 @@ STRONGSWAN_CONF_TOOL := autoconf STRONGSWAN_CONF_OPT := \ $(CROSS_AUTOCONF_USR) \ --$(call ptx/endis, PTXCONF_STRONGSWAN_LIBCURL)-curl \ + --$(call ptx/endis, PTXCONF_STRONGSWAN_OPENSSL)-openssl \ --disable-unbound \ --disable-soup \ --disable-ldap \ @@ -150,7 +151,6 @@ STRONGSWAN_CONF_OPT := \ --disable-osx-attr \ --enable-resolve \ --disable-padlock \ - --disable-openssl \ --disable-gcrypt \ --disable-agent \ --disable-pkcs11 \ @@ -228,6 +228,9 @@ STRONGSWAN_PLUGINS := \ ifdef PTXCONF_STRONGSWAN_LIBCURL STRONGSWAN_PLUGINS += libstrongswan-curl.so endif +ifdef PTXCONF_STRONGSWAN_OPENSSL + STRONGSWAN_PLUGINS += libstrongswan-openssl.so +endif ifdef PTXCONF_STRONGSWAN_AFALG STRONGSWAN_PLUGINS += libstrongswan-af-alg.so endif -- 1.9.1 -- ptxdist mailing list ptxdist@pengutronix.de