This solves a problem with GNAT when compiling charon-tkm as __atomic*
built-ins are only provided in GCC 4.7 and newer.
Currently GNAT 4.6 and GCC 4.7.2 is shipped with Debian wheezy (stable),
as used in the testing environment. So while the configure script correctly
detected the __atomic* built-ins, and defined HAVE_GCC_ATOMIC_OPERATIONS,
this define turned out to be incorrect when charon-tkm was later built
with GNAT.
aikgen outputs a binary AIK private key blob and the AIK public key.
Optionally the Identity Request encrypted with the public key of
the Privacy CA can be output.
These are available since GCC 4.7 and will eventually replace the __sync
operations. They support the memory model defined by C++11. For instance,
by using __ATOMIC_RELAXED for some operations on the reference counters we
can avoid memory barriers, which are required by __sync operations (whose
memory model essentially is __ATOMIC_SEQ_CST).
This validator checks for any attribute certificate it can find for validated
end entity certificates and tries to extract group membership information
used for connection authorization rules.
Older autoconf versions (e.g. on CentOS 6.5) produce an empty else block
for the removed empty argument, which the shell then trips over when
executing ./configure.
Fixes#536.
Either due to a change in Ubuntu 13.10 or GCC 4.8 -Wno-format has no
effect if -Wformat-security is enabled (which it is on Ubuntu) so we
also disable the latter by default.
Add DNSSEC protected CERT RR delivered certificate authentication.
The new dnscert plugin is based on the ipseckey plugin and relies on the
existing PEM decoder as well as x509 and PGP parsers. As such the plugin
expects PEM encoded PKIX(x509) or PGP(GPG) certificate payloads.
The plugin is targeted to improve interoperability with Racoon, which
supports this type of authentication, ignoring in-stream certificates
and using only DNS provided certificates for FQDN IDs.
Andreas Steffen