With OpenSSL 1.1.0 the library is now named libcrypto too on Windows.
Check for libeay32 first so we don't link against the build environment's
version of OpenSSL instead of the native one that might be available.
gperf is not actually a build dependency as the generated files are
shipped in the tarball. So the type depends on the gperf version on
the host that ran gperf and created the tarball, which might not be
the same as that on the actual build host, and gperf might not even
be installed there, leaving the type undetermined.
Fixes: e0e4322973 ("configure: Detect type of length parameter for gperf generated function")
sec-updater checks for security updates and backports in Debian/
Ubuntu repositories and sets the security flags in the strongTNC
policy database accordingly.
This major version includes the new SWIMA IMC/IMV pair which
implements the "draft-ietf-sacm-nea-swima-patnc" Internet Draft.
Full compliance to the ISO 19770-2:2015 SWID tag standard has
been achieved.
Since 3317d0e77b the public keys are printed via certificate printer,
but that only works if the public key is actually wrapped, which
requires the pubkey plugin.
Fixes: 3317d0e77b ("Standardized printing of certificate information")
This is similar to the eap-aka-3gpp2 plugin. K (optionally concatenated
with OPc) may be configured as binary EAP secret in ipsec.secrets or
swanctl.conf.
Based on a patch by Thomas Strangert.
Fixes#2326.
Enabled when building monolithically and statically.
This should allow us to work around the -whole-archive issue with
libtool. If the libraries register the plugin constructors they provide
they reference the constructors and will therefore prevent the linker from
removing these seemingly unused symbols from the final executable.
For use cases where dlsym() can be used, e.g. because the static libraries
are manually linked with -whole-archive (Linux) or -force-load (Apple),
this can be disabled by passing ss_cv_static_plugin_constructors=no to
the configure script.
Most functions in libunwind.h are actually mapped via macros to obscure
function names, so checking for these would require some elaborate test
via AC_LINK_IFELSE(). However, unw_backtrace() seems to be one of the few
actual functions so lets use this for now, even though we don't call it
ourselves later.
Fixes: 016228c158 ("configure: Check for actual functions in libraries
with AC_CHECK_LIB")
The aikpub2 tool has been replaced by pki --pub|--req --keyid hex ..
where keyid indicates the TPM 2.0 private key object handle. Thus
either the public key in PKCS#1 format can be extracted or a PKCS#10
certificate request signed by the TPM private key can be generated.
Checking for `main` produces code like this in the test program:
int
main ()
{
return main ();
;
return 0;
}
This recursive call results in a warning message with some compilers (e.g.
Clang in newer Xcode versions: "all paths through this function will call
itself [-Winfinite-recursion]"), which lets the tests fail when compiling
with -Werror.
With AC_SEARCH_LIBS() we don't succeed if the searched function is a
built-in as the check uses the wrong signature so the built-in will not
be applied (the warning issued by GCC is "conflicting types for built-in
function '...'"). So even if not required, libatomic will be linked if
it is found, which could be problematic if compiling on a separate host
and the target host does not have libatomic installed.
Also, some tests showed that it's more likely that __atomic_and_fetch()
requires linking libatomic than __atomic_load_n() does.
References #1533.
Even if not using caching when running the configure script (-C) this
allows pre-defining the result by setting the environment variable
ss_cv_func_pthread_condattr_setclock_monotonic=yes|no|unknown
before/while running the script.
As the check requires running a test program this might be helpful
when cross-compiling to disable using monotonic time if
pthread_condattr_setclock() is defined but not actually usable with
CLOCK_MONOTONIC.
References #1502.
The versioning scheme used by Python (PEP 440) supports the rcN suffix
but development releases have to be named devN, not drN, which are
not supported and considered legacy versions.
libsystemd-journal and libsystemd-daemon are now just
part of libsystemd.
Keep original systemd checks as a fallback.
Updates charon-systemd/Makefile.am accordingly.
Tested on:
- debian wheezy (systemd v44)
- ubuntu 15.10 (systemd v255).
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Closesstrongswan/strongswan#24.
If the openssl plugin is not enabled we need these to generate session
IDs and to authenticate the users.
The md4 plugin is not needed in the manager.
Fixes#1168.
When compiling with -Wextra (and without disabling these warnings
globally) the tests would otherwise fail due to the unused arguments in
the cmp() functions.
Fixes#1053.
Installing them might not work well when building distro packages (e.g.
with DESTDIR installs). It might be easier to install them later with a
script in the distro package.
When building from source on the local system it could still be useful to
install the packages directly, which can be enabled with separate configure
options.
The main problem with DESTDIR installations of the Python Egg is that
easy_install creates or modifies a file called easy-install.pth in the
installation directory. So it's not actually possible to simply copy
the results in DESTDIR over to the actual system as that file would have
to be merged with any existing one.
Fixes#914.