diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/libfreeswan/Makefile.am | 6 | ||||
| -rw-r--r-- | src/libfreeswan/freeswan.h | 10 | ||||
| -rw-r--r-- | src/libfreeswan/ipsec_policy.h | 231 | ||||
| -rw-r--r-- | src/libstrongswan/utils/identification.h | 8 | ||||
| -rw-r--r-- | src/pluto/alg_info.c | 1 | ||||
| -rw-r--r-- | src/pluto/ca.c | 1 | ||||
| -rw-r--r-- | src/pluto/certs.c | 1 | ||||
| -rw-r--r-- | src/pluto/connections.c | 11 | ||||
| -rw-r--r-- | src/pluto/constants.c | 1 | ||||
| -rw-r--r-- | src/pluto/constants.h | 258 | ||||
| -rw-r--r-- | src/pluto/crl.c | 1 | ||||
| -rw-r--r-- | src/pluto/crypto.c | 1 | ||||
| -rw-r--r-- | src/pluto/dnskey.c | 1 | ||||
| -rw-r--r-- | src/pluto/id.c | 21 | ||||
| -rw-r--r-- | src/pluto/ike_alg.c | 1 | ||||
| -rw-r--r-- | src/pluto/ipsec_doi.c | 3 | ||||
| -rw-r--r-- | src/pluto/kernel.c | 1 | ||||
| -rw-r--r-- | src/pluto/kernel_alg.c | 1 | ||||
| -rw-r--r-- | src/pluto/keys.c | 5 | ||||
| -rw-r--r-- | src/pluto/nat_traversal.c | 1 | ||||
| -rw-r--r-- | src/pluto/ocsp.c | 1 | ||||
| -rw-r--r-- | src/pluto/pgp.c | 1 | ||||
| -rw-r--r-- | src/pluto/smartcard.c | 1 | ||||
| -rw-r--r-- | src/pluto/spdb.c | 1 | ||||
| -rw-r--r-- | src/pluto/x509.c | 7 | ||||
| -rw-r--r-- | src/starter/Makefile.am | 9 | ||||
| -rw-r--r-- | src/whack/Makefile.am | 4 |
27 files changed, 131 insertions, 457 deletions
diff --git a/src/libfreeswan/Makefile.am b/src/libfreeswan/Makefile.am index d2617cb00..f7a1b8a7d 100644 --- a/src/libfreeswan/Makefile.am +++ b/src/libfreeswan/Makefile.am @@ -1,8 +1,7 @@ noinst_LIBRARIES = libfreeswan.a libfreeswan_a_SOURCES = addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \ atosa.c atosubnet.c atoul.c copyright.c datatot.c freeswan.h \ - goodmask.c initaddr.c initsaid.c initsubnet.c internal.h \ - ipsec_param.h ipsec_policy.h \ + goodmask.c initaddr.c initsaid.c initsubnet.c internal.h \ ipsec_param.h \ keyblobtoid.c pfkey_v2_build.c pfkey_v2_debug.c \ pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c prng.c rangetoa.c \ pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c satoa.c \ @@ -14,6 +13,9 @@ INCLUDES = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/pluto +AM_CFLAGS = \ +-DNO_CREDENTIAL_FACTORY + dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \ keyblobtoid.3 portof.3 prng.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 version.3 diff --git a/src/libfreeswan/freeswan.h b/src/libfreeswan/freeswan.h index bcae76aec..d671e7fd2 100644 --- a/src/libfreeswan/freeswan.h +++ b/src/libfreeswan/freeswan.h @@ -385,16 +385,6 @@ bitstomask( int n ); - - -/* - * general utilities - */ - -/* option pickup from files */ -const char *optionsfrom(const char *filename, int *argcp, char ***argvp, - int optind, FILE *errorreport); - /* * Debugging levels for pfkey_lib_debug */ diff --git a/src/libfreeswan/ipsec_policy.h b/src/libfreeswan/ipsec_policy.h deleted file mode 100644 index 966ba79a0..000000000 --- a/src/libfreeswan/ipsec_policy.h +++ /dev/null @@ -1,231 +0,0 @@ -#ifndef _IPSEC_POLICY_H -/* - * policy interface file between pluto and applications - * Copyright (C) 2003 Michael Richardson <mcr@freeswan.org> - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - */ -#define _IPSEC_POLICY_H /* seen it, no need to see it again */ - - -/* - * this file defines an interface between an application (or rather an - * application library) and a key/policy daemon. It provides for inquiries - * as to the current state of a connected socket, as well as for general - * questions. - * - * In general, the interface is defined as a series of functional interfaces, - * and the policy messages should be internal. However, because this is in - * fact an ABI between pieces of the system that may get compiled and revised - * seperately, this ABI must be public and revision controlled. - * - * It is expected that the daemon will always support previous versions. - */ - -#define IPSEC_POLICY_MSG_REVISION (unsigned)200305061 - -enum ipsec_policy_command { - IPSEC_CMD_QUERY_FD = 1, - IPSEC_CMD_QUERY_HOSTPAIR = 2, - IPSEC_CMD_QUERY_DSTONLY = 3, -}; - -struct ipsec_policy_msg_head { - u_int32_t ipm_version; - u_int32_t ipm_msg_len; - u_int32_t ipm_msg_type; - u_int32_t ipm_msg_seq; -}; - -enum ipsec_privacy_quality { - IPSEC_PRIVACY_NONE = 0, - IPSEC_PRIVACY_INTEGRAL = 4, /* not private at all. AH-like */ - IPSEC_PRIVACY_UNKNOWN = 8, /* something is claimed, but details unavail */ - IPSEC_PRIVACY_ROT13 = 12, /* trivially breakable, i.e. 1DES */ - IPSEC_PRIVACY_GAK = 16, /* known eavesdroppers */ - IPSEC_PRIVACY_PRIVATE = 32, /* secure for at least a decade */ - IPSEC_PRIVACY_STRONG = 64, /* ridiculously secure */ - IPSEC_PRIVACY_TORTOISE = 192, /* even stronger, but very slow */ - IPSEC_PRIVACY_OTP = 224, /* some kind of *true* one time pad */ -}; - -enum ipsec_bandwidth_quality { - IPSEC_QOS_UNKNOWN = 0, /* unknown bandwidth */ - IPSEC_QOS_INTERACTIVE = 16, /* reasonably moderate jitter, moderate fast. - Good enough for telnet/ssh. */ - IPSEC_QOS_VOIP = 32, /* faster crypto, predicable jitter */ - IPSEC_QOS_FTP = 64, /* higher throughput crypto, perhaps hardware - offloaded, but latency/jitter may be bad */ - IPSEC_QOS_WIRESPEED = 128, /* expect to be able to fill your pipe */ -}; - -/* moved from programs/pluto/constants.h */ -/* IPsec AH transform values - * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.3 - * and in http://www.iana.org/assignments/isakmp-registry - */ -enum ipsec_authentication_algo { - AH_NONE = 0, - AH_MD5 = 2, - AH_SHA = 3, - AH_DES = 4, - AH_SHA2_256 = 5, - AH_SHA2_384 = 6, - AH_SHA2_512 = 7, - AH_RIPEMD = 8, - AH_AES_XCBC_MAC = 9, - AH_RSA = 10 -}; - -/* IPsec ESP transform values - * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.4 - * and from http://www.iana.org/assignments/isakmp-registry - */ - -enum ipsec_cipher_algo { - ESP_NONE = 0, - ESP_DES_IV64 = 1, - ESP_DES = 2, - ESP_3DES = 3, - ESP_RC5 = 4, - ESP_IDEA = 5, - ESP_CAST = 6, - ESP_BLOWFISH = 7, - ESP_3IDEA = 8, - ESP_DES_IV32 = 9, - ESP_RC4 = 10, - ESP_NULL = 11, - ESP_AES = 12, - ESP_AES_CTR = 13, - ESP_AES_CCM_8 = 14, - ESP_AES_CCM_12 = 15, - ESP_AES_CCM_16 = 16, - ESP_UNASSIGNED_17 = 17, - ESP_AES_GCM_8 = 18, - ESP_AES_GCM_12 = 19, - ESP_AES_GCM_16 = 20, - ESP_SEED_CBC = 21, - ESP_CAMELLIA = 22, - ESP_SERPENT = 252, - ESP_TWOFISH = 253 -}; - -/* IPCOMP transform values - * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.5 - */ - -enum ipsec_comp_algo { - IPSCOMP_NONE = 0, - IPCOMP_OUI = 1, - IPCOMP_DEFLATE = 2, - IPCOMP_LZS = 3, - IPCOMP_LZJH = 4 -}; - -/* Identification type values - * RFC 2407 The Internet IP security Domain of Interpretation for ISAKMP 4.6.2.1 - */ - -enum ipsec_id_type { - ID_IMPOSSIBLE= (-2), /* private to Pluto */ - ID_MYID= (-1), /* private to Pluto */ - ID_NONE= 0, /* private to Pluto */ - ID_IPV4_ADDR= 1, - ID_FQDN= 2, - ID_USER_FQDN= 3, - ID_IPV4_ADDR_SUBNET= 4, - ID_IPV6_ADDR= 5, - ID_IPV6_ADDR_SUBNET= 6, - ID_IPV4_ADDR_RANGE= 7, - ID_IPV6_ADDR_RANGE= 8, - ID_DER_ASN1_DN= 9, - ID_DER_ASN1_GN= 10, - ID_KEY_ID= 11 -}; - -/* Certificate type values - * RFC 2408 ISAKMP, chapter 3.9 - */ -enum ipsec_cert_type { - CERT_NONE= 0, - CERT_PKCS7_WRAPPED_X509= 1, - CERT_PGP= 2, - CERT_DNS_SIGNED_KEY= 3, - CERT_X509_SIGNATURE= 4, - CERT_X509_KEY_EXCHANGE= 5, - CERT_KERBEROS_TOKENS= 6, - CERT_CRL= 7, - CERT_ARL= 8, - CERT_SPKI= 9, - CERT_X509_ATTRIBUTE= 10, - CERT_RAW_RSA_KEY= 11 -}; - -/* a SIG record in ASCII */ -struct ipsec_dns_sig { - char fqdn[256]; - char dns_sig[768]; /* empty string if not signed */ -}; - -struct ipsec_raw_key { - char id_name[256]; - char fs_keyid[8]; -}; - -struct ipsec_identity { - enum ipsec_id_type ii_type; - enum ipsec_cert_type ii_format; - union { - struct ipsec_dns_sig ipsec_dns_signed; - /* some thing for PGP */ - /* some thing for PKIX */ - struct ipsec_raw_key ipsec_raw_key; - } ii_credential; -}; - -#define IPSEC_MAX_CREDENTIALS 32 - -struct ipsec_policy_cmd_query { - struct ipsec_policy_msg_head head; - - /* Query section */ - ip_address query_local; /* us */ - ip_address query_remote; /* them */ - u_short src_port, dst_port; - - /* Answer section */ - enum ipsec_privacy_quality strength; - enum ipsec_bandwidth_quality bandwidth; - enum ipsec_authentication_algo auth_detail; - enum ipsec_cipher_algo esp_detail; - enum ipsec_comp_algo comp_detail; - - int credential_count; - - struct ipsec_identity credentials[IPSEC_MAX_CREDENTIALS]; -}; - -#define IPSEC_POLICY_SOCKET "/var/run/pluto.info" - -/* prototypes */ -extern err_t ipsec_policy_lookup(int fd, struct ipsec_policy_cmd_query *result); -extern err_t ipsec_policy_init(void); -extern err_t ipsec_policy_final(void); -extern err_t ipsec_policy_readmsg(int policysock, - unsigned char *buf, size_t buflen); -extern err_t ipsec_policy_sendrecv(unsigned char *buf, size_t buflen); -extern err_t ipsec_policy_cgilookup(struct ipsec_policy_cmd_query *result); - - -extern const char *ipsec_policy_version_code(void); -extern const char *ipsec_policy_version_string(void); - -#endif /* _IPSEC_POLICY_H */ diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h index 77791b5c3..dc0aec18e 100644 --- a/src/libstrongswan/utils/identification.h +++ b/src/libstrongswan/utils/identification.h @@ -79,7 +79,8 @@ enum id_type_t { * An example of an ID_RFC822_ADDR is "jsmith@example.com". * The string MUST NOT contain any terminators. */ - ID_RFC822_ADDR = 3, + ID_USER_FQDN = 3, /* IKEv1 only */ + ID_RFC822_ADDR = 3, /* IKEv2 only */ /** * ID data is an IPv4 subnet (IKEv1 only) @@ -147,6 +148,11 @@ enum id_type_t { * IETF Attribute Syntax String (RFC 3281) */ ID_IETF_ATTR_STRING = 205, + + /** + * Private ID used by the pluto daemon for opportunistic encryption + */ + ID_MYID = 206, }; /** diff --git a/src/pluto/alg_info.c b/src/pluto/alg_info.c index 1caa980de..a85a18905 100644 --- a/src/pluto/alg_info.c +++ b/src/pluto/alg_info.c @@ -26,7 +26,6 @@ #include <ctype.h> #include <freeswan.h> -#include <ipsec_policy.h> #include <pfkeyv2.h> #include <utils.h> diff --git a/src/pluto/ca.c b/src/pluto/ca.c index 3fac998a3..363a78b92 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -21,7 +21,6 @@ #include <sys/types.h> #include <freeswan.h> -#include <ipsec_policy.h> #include "constants.h" #include "defs.h" diff --git a/src/pluto/certs.c b/src/pluto/certs.c index b5a5ea9f0..7d78f229a 100644 --- a/src/pluto/certs.c +++ b/src/pluto/certs.c @@ -17,7 +17,6 @@ #include <string.h> #include <freeswan.h> -#include <ipsec_policy.h> #include "asn1/asn1.h" diff --git a/src/pluto/connections.c b/src/pluto/connections.c index d2c7a519e..960884e84 100644 --- a/src/pluto/connections.c +++ b/src/pluto/connections.c @@ -27,7 +27,6 @@ #include <sys/queue.h> #include <freeswan.h> -#include <ipsec_policy.h> #include "kameipsec.h" #include "constants.h" @@ -499,7 +498,7 @@ default_end(struct end *e, ip_address *dflt_nexthop) return "unknown address family in default_end"; /* default ID to IP (but only if not NO_IP -- WildCard) */ - if (e->id.kind == ID_NONE && !isanyaddr(&e->host_addr)) + if (e->id.kind == ID_ANY && !isanyaddr(&e->host_addr)) { e->id.kind = afi->id_addr; e->id.ip_addr = e->host_addr; @@ -628,7 +627,7 @@ format_end(char *buf { strcpy(host_id, "[%myid]"); } - else if (!(this->id.kind == ID_NONE + else if (!(this->id.kind == ID_ANY || (id_is_ipaddr(&this->id) && sameaddr(&this->id.ip_addr, &this->host_addr)))) { int len = idtoa(&this->id, host_id+1, sizeof(host_id)-2); @@ -802,7 +801,7 @@ extract_end(struct end *dst, const whack_end_t *src, const char *which) /* decode id, if any */ if (src->id == NULL) { - dst->id.kind = ID_NONE; + dst->id.kind = ID_ANY; } else { @@ -1246,7 +1245,7 @@ remove_group_instance(const struct connection *group USED_BY_DEBUG * his_id can be used to carry over an ID discovered in Phase 1. * It must not disagree with the one in c, but if that is unspecified, * the new connection will use his_id. - * If his_id is NULL, and c.that.id is uninstantiated (ID_NONE), the + * If his_id is NULL, and c.that.id is uninstantiated (ID_ANY), the * new connection will continue to have an uninstantiated that.id. * Note: instantiation does not affect port numbers. * @@ -2076,7 +2075,7 @@ continue_oppo(struct adns_continuation *acr, err_t ugh) bool was_held = cr->b.held; int whackfd = cr->b.whackfd; - /* note: cr->id has no resources; cr->sgw_id is id_none: + /* note: cr->id has no resources; cr->sgw_id is ID_ANY: * neither need freeing. */ whack_log_fd = whackfd; diff --git a/src/pluto/constants.c b/src/pluto/constants.c index 289787c11..ae58d907f 100644 --- a/src/pluto/constants.c +++ b/src/pluto/constants.c @@ -24,7 +24,6 @@ #include <netinet/in.h> #include <freeswan.h> -#include <ipsec_policy.h> #include "constants.h" #include "defs.h" diff --git a/src/pluto/constants.h b/src/pluto/constants.h index 60b14f8e1..25764a84d 100644 --- a/src/pluto/constants.h +++ b/src/pluto/constants.h @@ -1,4 +1,3 @@ - /* manifest constants * Copyright (C) 1997 Angelos D. Keromytis. * Copyright (C) 1998-2002 D. Hugh Redelmeier. @@ -18,6 +17,7 @@ #define _CONSTANTS_H #include <utils.h> +#include <utils/identification.h> #include <crypto/hashers/hasher.h> extern const char compile_time_interop_options[]; @@ -109,168 +109,6 @@ extern const char sparse_end[]; #define FULL_INET_ADDRESS_SIZE 6 -/* Group parameters from draft-ietf-ike-01.txt section 6 */ - -#define MODP_GENERATOR "2" - -#define MODP768_MODULUS \ - "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 " \ - "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD " \ - "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 " \ - "E485B576 625E7EC6 F44C42E9 A63A3620 FFFFFFFF FFFFFFFF" - -#define MODP1024_MODULUS \ - "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 " \ - "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD " \ - "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 " \ - "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED " \ - "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 " \ - "FFFFFFFF FFFFFFFF" - -#define MODP1536_MODULUS \ - "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 " \ - "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD " \ - "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 " \ - "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED " \ - "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D " \ - "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F " \ - "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D " \ - "670C354E 4ABC9804 F1746C08 CA237327 FFFFFFFF FFFFFFFF " - -/* draft-ietf-ipsec-ike-modp-groups-03.txt */ -#define MODP2048_MODULUS \ - "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1" \ - "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD" \ - "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245" \ - "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED" \ - "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D" \ - "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F" \ - "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \ - "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B" \ - "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9" \ - "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510" \ - "15728E5A 8AACAA68 FFFFFFFF FFFFFFFF" - -#define MODP3072_MODULUS \ - "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1" \ - "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD" \ - "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245" \ - "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED" \ - "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D" \ - "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F" \ - "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \ - "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B" \ - "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9" \ - "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510" \ - "15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64" \ - "ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7" \ - "ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B" \ - "F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C" \ - "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31" \ - "43DB5BFC E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF" - -#define MODP4096_MODULUS \ - "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1" \ - "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD" \ - "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245" \ - "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED" \ - "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D" \ - "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F" \ - "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \ - "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B" \ - "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9" \ - "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510" \ - "15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64" \ - "ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7" \ - "ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B" \ - "F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C" \ - "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31" \ - "43DB5BFC E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7" \ - "88719A10 BDBA5B26 99C32718 6AF4E23C 1A946834 B6150BDA" \ - "2583E9CA 2AD44CE8 DBBBC2DB 04DE8EF9 2E8EFC14 1FBECAA6" \ - "287C5947 4E6BC05D 99B2964F A090C3A2 233BA186 515BE7ED" \ - "1F612970 CEE2D7AF B81BDD76 2170481C D0069127 D5B05AA9" \ - "93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34063199" \ - "FFFFFFFF FFFFFFFF" - -/* copy&pasted from rfc3526: */ -#define MODP6144_MODULUS \ - "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08" \ - "8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B" \ - "302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9" \ - "A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6" \ - "49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8" \ - "FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \ - "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B E39E772C" \ - "180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 DE2BCBF6 95581718" \ - "3995497C EA956AE5 15D22618 98FA0510 15728E5A 8AAAC42D AD33170D" \ - "04507A33 A85521AB DF1CBA64 ECFB8504 58DBEF0A 8AEA7157 5D060C7D" \ - "B3970F85 A6E1E4C7 ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226" \ - "1AD2EE6B F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C" \ - "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC" \ - "E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7 88719A10 BDBA5B26" \ - "99C32718 6AF4E23C 1A946834 B6150BDA 2583E9CA 2AD44CE8 DBBBC2DB" \ - "04DE8EF9 2E8EFC14 1FBECAA6 287C5947 4E6BC05D 99B2964F A090C3A2" \ - "233BA186 515BE7ED 1F612970 CEE2D7AF B81BDD76 2170481C D0069127" \ - "D5B05AA9 93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34028492" \ - "36C3FAB4 D27C7026 C1D4DCB2 602646DE C9751E76 3DBA37BD F8FF9406" \ - "AD9E530E E5DB382F 413001AE B06A53ED 9027D831 179727B0 865A8918" \ - "DA3EDBEB CF9B14ED 44CE6CBA CED4BB1B DB7F1447 E6CC254B 33205151" \ - "2BD7AF42 6FB8F401 378CD2BF 5983CA01 C64B92EC F032EA15 D1721D03" \ - "F482D7CE 6E74FEF6 D55E702F 46980C82 B5A84031 900B1C9E 59E7C97F" \ - "BEC7E8F3 23A97A7E 36CC88BE 0F1D45B7 FF585AC5 4BD407B2 2B4154AA" \ - "CC8F6D7E BF48E1D8 14CC5ED2 0F8037E0 A79715EE F29BE328 06A1D58B" \ - "B7C5DA76 F550AA3D 8A1FBFF0 EB19CCB1 A313D55C DA56C9EC 2EF29632" \ - "387FE8D7 6E3C0468 043E8F66 3F4860EE 12BF2D5B 0B7474D6 E694F91E" \ - "6DCC4024 FFFFFFFF FFFFFFFF" - -/* copy&pasted from rfc3526: */ -#define MODP8192_MODULUS \ - "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1" \ - "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD" \ - "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245" \ - "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED" \ - "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D" \ - "C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F" \ - "83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" \ - "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B" \ - "E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9" \ - "DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510" \ - "15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64" \ - "ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7" \ - "ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B" \ - "F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C" \ - "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31" \ - "43DB5BFC E0FD108E 4B82D120 A9210801 1A723C12 A787E6D7" \ - "88719A10 BDBA5B26 99C32718 6AF4E23C 1A946834 B6150BDA" \ - "2583E9CA 2AD44CE8 DBBBC2DB 04DE8EF9 2E8EFC14 1FBECAA6" \ - "287C5947 4E6BC05D 99B2964F A090C3A2 233BA186 515BE7ED" \ - "1F612970 CEE2D7AF B81BDD76 2170481C D0069127 D5B05AA9" \ - "93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34028492" \ - "36C3FAB4 D27C7026 C1D4DCB2 602646DE C9751E76 3DBA37BD" \ - "F8FF9406 AD9E530E E5DB382F 413001AE B06A53ED 9027D831" \ - "179727B0 865A8918 DA3EDBEB CF9B14ED 44CE6CBA CED4BB1B" \ - "DB7F1447 E6CC254B 33205151 2BD7AF42 6FB8F401 378CD2BF" \ - "5983CA01 C64B92EC F032EA15 D1721D03 F482D7CE 6E74FEF6" \ - "D55E702F 46980C82 B5A84031 900B1C9E 59E7C97F BEC7E8F3" \ - "23A97A7E 36CC88BE 0F1D45B7 FF585AC5 4BD407B2 2B4154AA" \ - "CC8F6D7E BF48E1D8 14CC5ED2 0F8037E0 A79715EE F29BE328" \ - "06A1D58B B7C5DA76 F550AA3D 8A1FBFF0 EB19CCB1 A313D55C" \ - "DA56C9EC 2EF29632 387FE8D7 6E3C0468 043E8F66 3F4860EE" \ - "12BF2D5B 0B7474D6 E694F91E 6DBE1159 74A3926F 12FEE5E4" \ - "38777CB6 A932DF8C D8BEC4D0 73B931BA 3BC832B6 8D9DD300" \ - "741FA7BF 8AFC47ED 2576F693 6BA42466 3AAB639C 5AE4F568" \ - "3423B474 2BF1C978 238F16CB E39D652D E3FDB8BE FC848AD9" \ - "22222E04 A4037C07 13EB57A8 1A23F0C7 3473FC64 6CEA306B" \ - "4BCBC886 2F8385DD FA9D4B7F A2C087E8 79683303 ED5BDD3A" \ - "062B3CF5 B3A278A6 6D2A13F8 3F44F82D DF310EE0 74AB6A36" \ - "4597E899 A0255DC1 64F31CC5 0846851D F9AB4819 5DED7EA1" \ - "B1D510BD 7EE74D73 FAF36BC3 1ECFA268 359046F4 EB879F92" \ - "4009438B 481C6CD7 889A002E D5EE382B C9190DA6 FC026E47" \ - "9558E447 5677E9AA 9E3050E2 765694DF C81F56E8 80B96E71" \ - "60C980DD 98EDD3DF FFFFFFFF FFFFFFFF" -#define LOCALSECRETSIZE (512 / BITS_PER_BYTE) - /* limits on nonce sizes. See RFC2409 "The internet key exchange (IKE)" 5 */ #define MINIMUM_NONCE_SIZE 8 /* bytes */ #define DEFAULT_NONCE_SIZE 16 /* bytes */ @@ -292,6 +130,92 @@ extern const char sparse_end[]; #define IKE_UDP_PORT 500 +/* IPsec AH transform values + * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.3 + * and in http://www.iana.org/assignments/isakmp-registry + */ +enum ipsec_authentication_algo { + AH_NONE = 0, + AH_MD5 = 2, + AH_SHA = 3, + AH_DES = 4, + AH_SHA2_256 = 5, + AH_SHA2_384 = 6, + AH_SHA2_512 = 7, + AH_RIPEMD = 8, + AH_AES_XCBC_MAC = 9, + AH_RSA = 10 +}; + +extern enum_names ah_transformid_names; + +/* IPsec ESP transform values + * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.4 + * and from http://www.iana.org/assignments/isakmp-registry + */ + +enum ipsec_cipher_algo { + ESP_NONE = 0, + ESP_DES_IV64 = 1, + ESP_DES = 2, + ESP_3DES = 3, + ESP_RC5 = 4, + ESP_IDEA = 5, + ESP_CAST = 6, + ESP_BLOWFISH = 7, + ESP_3IDEA = 8, + ESP_DES_IV32 = 9, + ESP_RC4 = 10, + ESP_NULL = 11, + ESP_AES = 12, + ESP_AES_CTR = 13, + ESP_AES_CCM_8 = 14, + ESP_AES_CCM_12 = 15, + ESP_AES_CCM_16 = 16, + ESP_UNASSIGNED_17 = 17, + ESP_AES_GCM_8 = 18, + ESP_AES_GCM_12 = 19, + ESP_AES_GCM_16 = 20, + ESP_SEED_CBC = 21, + ESP_CAMELLIA = 22, + ESP_SERPENT = 252, + ESP_TWOFISH = 253 +}; + +extern enum_names esp_transformid_names; + +/* IPCOMP transform values + * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.5 + */ + +enum ipsec_comp_algo { + IPSCOMP_NONE = 0, + IPCOMP_OUI = 1, + IPCOMP_DEFLATE = 2, + IPCOMP_LZS = 3, + IPCOMP_LZJH = 4 +}; + +extern enum_names ipcomp_transformid_names; + +/* Certificate type values + * RFC 2408 ISAKMP, chapter 3.9 + */ +enum ipsec_cert_type { + CERT_NONE= 0, + CERT_PKCS7_WRAPPED_X509= 1, + CERT_PGP= 2, + CERT_DNS_SIGNED_KEY= 3, + CERT_X509_SIGNATURE= 4, + CERT_X509_KEY_EXCHANGE= 5, + CERT_KERBEROS_TOKENS= 6, + CERT_CRL= 7, + CERT_ARL= 8, + CERT_SPKI= 9, + CERT_X509_ATTRIBUTE= 10, + CERT_RAW_RSA_KEY= 11 +}; + /* RFC 2560 OCSP - certificate status */ typedef enum { @@ -759,15 +683,9 @@ extern enum_names protocol_names; : (p)==PROTO_IPCOMP ? enum_show(&ipcomp_transformid_names, (t)) \ : "??") -/* many transform values are moved to freeswan/ipsec_policy.h */ - -extern enum_names isakmp_transformid_names; - #define KEY_IKE 1 -extern enum_names ah_transformid_names; -extern enum_names esp_transformid_names; -extern enum_names ipcomp_transformid_names; +extern enum_names isakmp_transformid_names; /* the following are from RFC 2393/draft-shacham-ippcp-rfc2393bis-05.txt 3.3 */ typedef u_int16_t cpi_t; diff --git a/src/pluto/crl.c b/src/pluto/crl.c index b8cdb435b..1d9b5445e 100644 --- a/src/pluto/crl.c +++ b/src/pluto/crl.c @@ -23,7 +23,6 @@ #include <sys/types.h> #include <freeswan.h> -#include <ipsec_policy.h> #include <asn1/asn1.h> #include <asn1/asn1_parser.h> diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c index 8ea6d87f6..e02dc25eb 100644 --- a/src/pluto/crypto.c +++ b/src/pluto/crypto.c @@ -14,7 +14,6 @@ */ #include <freeswan.h> -#include <ipsec_policy.h> #include "constants.h" #include "defs.h" diff --git a/src/pluto/dnskey.c b/src/pluto/dnskey.c index b59b172ed..bd190530c 100644 --- a/src/pluto/dnskey.c +++ b/src/pluto/dnskey.c @@ -28,7 +28,6 @@ #include <sys/queue.h> #include <freeswan.h> -#include <ipsec_policy.h> #include "constants.h" #include "adns.h" /* needs <resolv.h> */ diff --git a/src/pluto/id.c b/src/pluto/id.c index bca483e1c..f34775e68 100644 --- a/src/pluto/id.c +++ b/src/pluto/id.c @@ -26,7 +26,6 @@ #include <sys/queue.h> #include <freeswan.h> -#include <ipsec_policy.h> #include "constants.h" #include "defs.h" @@ -36,7 +35,7 @@ #include "packet.h" #include "whack.h" -const struct id empty_id; /* ID_NONE */ +const struct id empty_id; /* ID_ANY */ enum myid_state myid_state = MYID_UNKNOWN; struct id myids[MYID_SPECIFIED+1]; /* %myid */ @@ -48,7 +47,7 @@ char *myid_str[MYID_SPECIFIED+1]; /* string form of IDs */ void init_id(void) { - passert(empty_id.kind == ID_NONE); + passert(empty_id.kind == ID_ANY); myid_state = MYID_UNKNOWN; { enum myid_state s; @@ -191,7 +190,7 @@ atoid(char *src, struct id *id, bool myid_ok) if (streq(src, "%any") || streq(src, "0.0.0.0")) { /* any ID will be accepted */ - id->kind = ID_NONE; + id->kind = ID_ANY; } else { @@ -287,7 +286,7 @@ idtoa(const struct id *id, char *dst, size_t dstlen) id = resolve_myid(id); switch (id->kind) { - case ID_NONE: + case ID_ANY: n = snprintf(dst, dstlen, "(none)"); break; case ID_IPV4_ADDR: @@ -368,7 +367,7 @@ unshare_id_content(struct id *id) id->name = chunk_clone(id->name); break; case ID_MYID: - case ID_NONE: + case ID_ANY: case ID_IPV4_ADDR: case ID_IPV6_ADDR: break; @@ -389,7 +388,7 @@ free_id_content(struct id *id) free(id->name.ptr); break; case ID_MYID: - case ID_NONE: + case ID_ANY: case ID_IPV4_ADDR: case ID_IPV6_ADDR: break; @@ -408,7 +407,7 @@ same_id(const struct id *a, const struct id *b) return FALSE; switch (a->kind) { - case ID_NONE: + case ID_ANY: return TRUE; /* kind of vacuous */ case ID_IPV4_ADDR: @@ -450,7 +449,7 @@ same_id(const struct id *a, const struct id *b) bool match_id(const struct id *a, const struct id *b, int *wildcards) { - if (b->kind == ID_NONE) + if (b->kind == ID_ANY) { *wildcards = MAX_WILDCARDS; return TRUE; @@ -472,7 +471,7 @@ id_count_wildcards(const struct id *id) { switch (id->kind) { - case ID_NONE: + case ID_ANY: return MAX_WILDCARDS; case ID_DER_ASN1_DN: return dn_count_wildcards(id->name); @@ -495,7 +494,7 @@ build_id_payload(struct isakmp_ipsec_id *hd, chunk_t *tl, struct end *end) hd->isaiid_idtype = id->kind; switch (id->kind) { - case ID_NONE: + case ID_ANY: hd->isaiid_idtype = aftoinfo(addrtypeof(&end->host_addr))->id_addr; tl->len = addrbytesptr(&end->host_addr , (const unsigned char **)&tl->ptr); /* sets tl->ptr too */ diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c index 42c71e953..92d9e854b 100644 --- a/src/pluto/ike_alg.c +++ b/src/pluto/ike_alg.c @@ -20,7 +20,6 @@ #include <sys/queue.h> #include <freeswan.h> -#include <ipsec_policy.h> #include <library.h> #include <debug.h> diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 0a30c542f..52f5553f0 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -28,7 +28,6 @@ #include <sys/time.h> /* for gettimeofday */ #include <freeswan.h> -#include <ipsec_policy.h> #include <library.h> #include <asn1/asn1.h> @@ -4379,7 +4378,7 @@ static stf_status quick_inI1_outR1_start_query(struct verify_oppo_bundle *b, * legal). */ our_id = resolve_myid(&c->spd.this.id); - if (our_id->kind == ID_NONE) + if (our_id->kind == ID_ANY) { iptoid(&c->spd.this.host_addr, &our_id_space); our_id = &our_id_space; diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c index 395dde7c0..fdc2c4c3c 100644 --- a/src/pluto/kernel.c +++ b/src/pluto/kernel.c @@ -29,7 +29,6 @@ #include <arpa/inet.h> #include <freeswan.h> -#include <ipsec_policy.h> #include <library.h> #include <crypto/rngs/rng.h> diff --git a/src/pluto/kernel_alg.c b/src/pluto/kernel_alg.c index dfa9ac293..98ea62830 100644 --- a/src/pluto/kernel_alg.c +++ b/src/pluto/kernel_alg.c @@ -26,7 +26,6 @@ #include <pfkey.h> #include <freeswan.h> -#include <ipsec_policy.h> #include "constants.h" #include "defs.h" diff --git a/src/pluto/keys.c b/src/pluto/keys.c index e75cd8fd6..031d00a46 100644 --- a/src/pluto/keys.c +++ b/src/pluto/keys.c @@ -32,7 +32,6 @@ #endif #include <freeswan.h> -#include <ipsec_policy.h> #include "constants.h" #include "defs.h" @@ -183,7 +182,7 @@ get_secret(const struct connection *c, enum PrivateKeyKind kind, bool asym) } else if (kind == PPK_PSK && (c->policy & (POLICY_PSK | POLICY_XAUTH_PSK)) - && ((c->kind == CK_TEMPLATE && c->spd.that.id.kind == ID_NONE) || + && ((c->kind == CK_TEMPLATE && c->spd.that.id.kind == ID_ANY) || (c->kind == CK_INSTANCE && id_is_ipaddr(&c->spd.that.id)))) { /* roadwarrior: replace him with 0.0.0.0 */ @@ -1428,7 +1427,7 @@ add_x509_public_key(x509cert_t *cert , time_t until struct id id = empty_id; gntoid(&id, gn); - if (id.kind != ID_NONE) + if (id.kind != ID_ANY) { pk = allocate_RSA_public_key(c); pk->id = id; diff --git a/src/pluto/nat_traversal.c b/src/pluto/nat_traversal.c index 5f27bf0da..de3972fe2 100644 --- a/src/pluto/nat_traversal.c +++ b/src/pluto/nat_traversal.c @@ -25,7 +25,6 @@ #include <sys/queue.h> #include <freeswan.h> -#include <ipsec_policy.h> #include <pfkeyv2.h> #include <pfkey.h> diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c index 6613ef119..1445f4b8e 100644 --- a/src/pluto/ocsp.c +++ b/src/pluto/ocsp.c @@ -22,7 +22,6 @@ #include <fcntl.h> #include <freeswan.h> -#include <ipsec_policy.h> #include <library.h> #include <asn1/asn1.h> diff --git a/src/pluto/pgp.c b/src/pluto/pgp.c index 999a771a4..e80b2cc5b 100644 --- a/src/pluto/pgp.c +++ b/src/pluto/pgp.c @@ -17,7 +17,6 @@ #include <time.h> #include <freeswan.h> -#include <ipsec_policy.h> #include <library.h> #include <crypto/hashers/hasher.h> diff --git a/src/pluto/smartcard.c b/src/pluto/smartcard.c index 9ca92814c..855a8a12b 100644 --- a/src/pluto/smartcard.c +++ b/src/pluto/smartcard.c @@ -28,7 +28,6 @@ #include <dlfcn.h> #include <freeswan.h> -#include <ipsec_policy.h> #include "constants.h" diff --git a/src/pluto/spdb.c b/src/pluto/spdb.c index 5ab6916a0..723124d0a 100644 --- a/src/pluto/spdb.c +++ b/src/pluto/spdb.c @@ -21,7 +21,6 @@ #include <sys/queue.h> #include <freeswan.h> -#include <ipsec_policy.h> #include "constants.h" #include "defs.h" diff --git a/src/pluto/x509.c b/src/pluto/x509.c index fe2b049c8..9a5714bc9 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -24,7 +24,6 @@ #include <sys/types.h> #include <freeswan.h> -#include <ipsec_policy.h> #include <asn1/asn1.h> #include <asn1/asn1_parser.h> @@ -1027,7 +1026,7 @@ void select_x509cert_id(x509cert_t *cert, struct id *end_id) { bool copy_subject_dn = TRUE; /* ID is subject DN */ - if (end_id->kind != ID_NONE) /* check for matching subjectAltName */ + if (end_id->kind != ID_ANY) /* check for matching subjectAltName */ { generalName_t *gn = cert->subjectAltName; @@ -1047,7 +1046,7 @@ void select_x509cert_id(x509cert_t *cert, struct id *end_id) if (copy_subject_dn) { - if (end_id->kind != ID_NONE && end_id->kind != ID_DER_ASN1_DN) + if (end_id->kind != ID_ANY && end_id->kind != ID_DER_ASN1_DN) { char buf[BUF_LEN]; @@ -1479,7 +1478,7 @@ void gntoid(struct id *id, const generalName_t *gn) id->name = gn->name; break; default: - id->kind = ID_NONE; + id->kind = ID_ANY; id->name = chunk_empty; } } diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index a859c33b6..336cc759a 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -13,7 +13,14 @@ INCLUDES = \ -I$(top_srcdir)/src/whack \ -I$(top_srcdir)/src/stroke -AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_CONFDIR=\"${confdir}\" -DIPSEC_PIDDIR=\"${piddir}\" -DIPSEC_EAPDIR=\"${eapdir}\" -DDEBUG +AM_CFLAGS = \ +-DIPSEC_DIR=\"${ipsecdir}\" \ +-DIPSEC_CONFDIR=\"${confdir}\" \ +-DIPSEC_PIDDIR=\"${piddir}\" \ +-DIPSEC_EAPDIR=\"${eapdir}\" \ +-DNO_CREDENTIAL_FACTORY \ +-DDEBUG + starter_LDADD = defs.o $(top_builddir)/src/libfreeswan/libfreeswan.a $(top_builddir)/src/libstrongswan/libstrongswan.la EXTRA_DIST = parser.l parser.y keywords.txt ipsec.conf dist_man_MANS = ipsec.conf.5 starter.8 diff --git a/src/whack/Makefile.am b/src/whack/Makefile.am index 27f856231..be74e22f7 100644 --- a/src/whack/Makefile.am +++ b/src/whack/Makefile.am @@ -11,5 +11,7 @@ whack_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libfreeswan/libfreeswan.a -AM_CFLAGS = -DDEBUG +AM_CFLAGS = \ +-DNO_CREDENTIAL_FACTORY \ +-DDEBUG |