From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0] ident=Debian-exim) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1YAh0v-0005q6-5h for ptxdist@pengutronix.de; Mon, 12 Jan 2015 16:34:45 +0100 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.80) (envelope-from ) id 1YAh0v-0004fU-4F for ptxdist@pengutronix.de; Mon, 12 Jan 2015 16:34:45 +0100 Date: Mon, 12 Jan 2015 16:34:45 +0100 From: Michael Olbrich Message-ID: <20150112153445.GH26436@pengutronix.de> References: <1418386864-13667-1-git-send-email-bth@kamstrup.dk> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1418386864-13667-1-git-send-email-bth@kamstrup.dk> Subject: Re: [ptxdist] [PATCH 1/2] strongswan: added openssl plugin option Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de On Fri, Dec 12, 2014 at 01:21:03PM +0100, Bruno Thomsen wrote: > OpenSSL adds Elliptic Curve support in IKE Diffie-Hellman key exchange. Thanks, both applied. Michael > > Signed-off-by: Bruno Thomsen > --- > rules/strongswan.in | 8 ++++++++ > rules/strongswan.make | 5 ++++- > 2 files changed, 12 insertions(+), 1 deletion(-) > > diff --git a/rules/strongswan.in b/rules/strongswan.in > index 5402ffb..d50ea8d 100644 > --- a/rules/strongswan.in > +++ b/rules/strongswan.in > @@ -5,6 +5,7 @@ menuconfig STRONGSWAN > prompt "strongswan " > select LIBGMP > select LIBCURL if STRONGSWAN_LIBCURL > + select OPENSSL if STRONGSWAN_OPENSSL > help > strongSwan is a complete IPsec implementation. > Please keep in mind to configure the kernel accordingly to fulfill > @@ -22,6 +23,13 @@ config STRONGSWAN_LIBCURL > (CRLs) from an HTTP server or as an alternative want to use > the Online Certificate Status Protocol (OCSP) say yes. > > +config STRONGSWAN_OPENSSL > + bool > + default n > + prompt "OpenSSL crypto library for IKE" > + help > + This will add Elliptic Curve support in IKE Diffie-Hellman key exchange. > + > config STRONGSWAN_AFALG > bool > default y > diff --git a/rules/strongswan.make b/rules/strongswan.make > index 57fc7da..df4f9c8 100644 > --- a/rules/strongswan.make > +++ b/rules/strongswan.make > @@ -34,6 +34,7 @@ STRONGSWAN_CONF_TOOL := autoconf > STRONGSWAN_CONF_OPT := \ > $(CROSS_AUTOCONF_USR) \ > --$(call ptx/endis, PTXCONF_STRONGSWAN_LIBCURL)-curl \ > + --$(call ptx/endis, PTXCONF_STRONGSWAN_OPENSSL)-openssl \ > --disable-unbound \ > --disable-soup \ > --disable-ldap \ > @@ -150,7 +151,6 @@ STRONGSWAN_CONF_OPT := \ > --disable-osx-attr \ > --enable-resolve \ > --disable-padlock \ > - --disable-openssl \ > --disable-gcrypt \ > --disable-agent \ > --disable-pkcs11 \ > @@ -228,6 +228,9 @@ STRONGSWAN_PLUGINS := \ > ifdef PTXCONF_STRONGSWAN_LIBCURL > STRONGSWAN_PLUGINS += libstrongswan-curl.so > endif > +ifdef PTXCONF_STRONGSWAN_OPENSSL > + STRONGSWAN_PLUGINS += libstrongswan-openssl.so > +endif > ifdef PTXCONF_STRONGSWAN_AFALG > STRONGSWAN_PLUGINS += libstrongswan-af-alg.so > endif > -- > 1.9.1 > > > -- > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- ptxdist mailing list ptxdist@pengutronix.de