L.S., after Martin Willi's comments on bug #110 (http://wiki.strongswan.org/issues/110) I'd thought I'd ask here what the dependencies actually are.
The reason I ask is because I'm integrating strongswan on an openwrt device and thus requiring a small footprint. While I'm at it I also intend to adapt strongSwan to perform authorization using the PERMIS reasoning engine, using a WebDAV repository for the certificates. As I am interested in ikev2 with elliptic curve cryptography I enable openssl. 1. Using --enable-openssl obsoletes (to my knowledge) gmp, thus I can --disable-gmp without any problems, right? 2. strongSwan depends on several kernel crypto modules. some of which are selected by a 2.6 kernel in combination with ipsec (core, des, hmac, md5, sha-1) others are selected by kmod-mac80211 (core, aes, arc4). So these will get installed on my target device. But does strongSwan itself rely on / need these? 3. what about kmod-crypto-authenc? does strongSwan need this? 4. In light of previous questions: there are several configure options disabling 'own' crypto plugin. What is meant by 'own' and which can I disable if I enable openssl (or gmp for that matter)? 5. "ipsec is a wrapper script for controlling starter, whack and stroke" So if I wish to use the charon daemon, what is the preferred starting method? the up-down scripts? yours sincerely Jan Willem Beusink _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
