On Wed, 13 Sep 2017, Antony Antony wrote:
may be you can do it using smart #ifndef in dnssec.h, I am not sure, test it:)
I'll look at doing that.
If the feature is disabled at compile time ipsec status output with "<unset>" is confuses me. It gives the wrong that idea it can be set while it is disabled. However looking further I notice there is "secctx-attr-type=<unsupported>" when it is disabled at compile time. That would be better if we really want it.
We can use <unsupported> instead of <unset>
If DNSSEC is enabled it will be at the start of the pluto log. In every "ipsec status output" "unsupported" seems a bit overdoing for me.
People often only give partial logs. Asking them for "ipsec status" is easier and gets us a complete picture.
Is there a command to get this output via whack?
Yes, "ipsec status" :) Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
