On Fri, 1 May 2015, Reuben Farrelly wrote:
I've nailed this down somewhat, it's a problem with 'curl'. If I specify in
the ebuild that I don't want to build in curl support the build fails.
Attached is a fix. I have not commited this because this code I think is
all going to go away with the nss_pkix branch merged in and I don't want
to cause a merge conflict. Or if I'm wrong, Matt can apply this patch :)
Paul
diff --git a/lib/libswan/secrets.c b/lib/libswan/secrets.c
index 3512ebb..6ae9cec 100644
--- a/lib/libswan/secrets.c
+++ b/lib/libswan/secrets.c
@@ -880,7 +880,9 @@ static err_t lsw_process_rsa_secret(struct RSA_private_key
*rsak)
static pthread_mutex_t certs_and_keys_mutex = PTHREAD_MUTEX_INITIALIZER;
+#if defined(LIBCURL) || defined(LDAP_VER)
static pthread_mutex_t authcert_list_mutex = PTHREAD_MUTEX_INITIALIZER;
+#endif
/*
* lock access to my certs and keys
diff --git a/mk/config.mk b/mk/config.mk
index 6132bd3..b6799e4 100644
--- a/mk/config.mk
+++ b/mk/config.mk
@@ -365,7 +365,7 @@ endif
USE_LDAP?=false
# Include libcurl support (currently used for fetching CRLs)
-USE_LIBCURL?=true
+USE_LIBCURL?=false
# should we include additional (strong) algorithms? It adds a measureable
# amount of code space to pluto, and many of the algorithms have not had
diff --git a/programs/pluto/fetch.c b/programs/pluto/fetch.c
index b1321c8..cfb0c88 100644
--- a/programs/pluto/fetch.c
+++ b/programs/pluto/fetch.c
@@ -702,5 +702,5 @@ void list_crl_fetch_requests(bool utc)
}
#else
-#warning no LIBCURL or LDAP defined, file should not be used
+/* we'll just ignore for now - this is all going away anyway */
#endif
diff --git a/programs/pluto/rcv_whack.c b/programs/pluto/rcv_whack.c
index 2d93663..1289d98 100644
--- a/programs/pluto/rcv_whack.c
+++ b/programs/pluto/rcv_whack.c
@@ -460,8 +460,10 @@ void whack_process(int whackfd, const struct whack_message
msg)
}
#endif
+#if defined(LIBCURL) || defined(LDAP_VER)
if (msg.whack_purgeocsp)
clear_ocsp_cache();
+#endif
if (msg.whack_reread & REREAD_CRLS)
load_crls();
@@ -475,12 +477,12 @@ void whack_process(int whackfd, const struct
whack_message msg)
if (msg.whack_list & LIST_CACERTS)
list_authcerts();
+#if defined(LIBCURL) || defined(LDAP_VER)
if (msg.whack_list & LIST_CRLS) {
list_crls();
-#if defined(LIBCURL) || defined(LDAP_VER)
list_crl_fetch_requests(msg.whack_utc);
-#endif
}
+#endif
if (msg.whack_list & LIST_EVENTS)
timer_list();
diff --git a/programs/pluto/x509.c b/programs/pluto/x509.c
index d610da7..73755a7 100644
--- a/programs/pluto/x509.c
+++ b/programs/pluto/x509.c
@@ -872,8 +872,11 @@ static bool pluto_process_certs(struct state *st,
{
struct connection *c = st->st_connection;
CERTCertificate *end_cert = NULL;
- bool status = FALSE, fetch = FALSE;
+ bool status = FALSE;
int ret;
+#if defined(LIBCURL) || defined(LDAP_VER)
+ bool fetch = FALSE;
+#endif
ret = verify_and_cache_chain(certs, num_certs, &end_cert,
strict_crl_policy);
@@ -881,8 +884,10 @@ static bool pluto_process_certs(struct state *st,
if (ret == -1) {
libreswan_log("Verification failed with import error");
} else {
+#if defined(LIBCURL) || defined(LDAP_VER)
if (ret & VERIFY_RET_CRL_NEED)
fetch = TRUE;
+#endif
if ((ret & VERIFY_RET_OK) && end_cert != NULL) {
libreswan_log("certificate %s OK",
@@ -898,6 +903,7 @@ static bool pluto_process_certs(struct state *st,
}
}
+#if defined(LIBCURL) || defined(LDAP_VER)
if (fetch && (deltasecs(crl_check_interval) > 0)) {
/*
* TODO:
@@ -927,6 +933,7 @@ static bool pluto_process_certs(struct state *st,
add_crl_fetch_request_nss(&fdn);
}
+#endif
return status;
}
@@ -1514,6 +1521,7 @@ static bool cert_time_to_str(char *buf, size_t buflen,
return TRUE;
}
+#if defined(LIBCURL) || defined(LDAP_VER)
static bool crl_time_to_str(char *buf, size_t buflen, SECItem *t)
{
PRExplodedTime printtime;
@@ -1529,6 +1537,7 @@ static bool crl_time_to_str(char *buf, size_t buflen,
SECItem *t)
return TRUE;
}
+#endif
static bool cert_detail_notbefore_to_str(char *buf, size_t buflen,
CERTCertificate *cert)
@@ -1614,6 +1623,7 @@ static bool show_cert_of_type(CERTCertificate *cert,
show_cert_t type)
return FALSE;
}
+#if defined(LIBCURL) || defined(LDAP_VER)
static void crl_detail_to_whacklog(CERTCrl *crl)
{
char *issuer = CERT_NameToAscii(&crl->name);
@@ -1669,6 +1679,7 @@ static void crl_detail_list(void)
crl_node = crl_node->next;
}
}
+#endif
static void cert_detail_list(show_cert_t type)
{
@@ -1715,28 +1726,31 @@ static void cert_detail_list(show_cert_t type)
CERT_DestroyCertList(certs);
}
+#if defined(LIBCURL) || defined(LDAP_VER)
void check_crls(void)
{
return;
}
-void list_certs(void)
+void list_crls(void)
{
- cert_detail_list(CERT_TYPE_END);
+ crl_detail_list();
}
-void list_crls(void)
+void clear_ocsp_cache(void)
{
- crl_detail_list();
+ DBG(DBG_X509, DBG_log("calling NSS to clear OCSP cache"));
+ (void)CERT_ClearOCSPCache();
}
+#endif
-void list_authcerts(void)
+void list_certs(void)
{
- cert_detail_list(CERT_TYPE_CA);
+ cert_detail_list(CERT_TYPE_END);
}
-void clear_ocsp_cache(void)
+void list_authcerts(void)
{
- DBG(DBG_X509, DBG_log("calling NSS to clear OCSP cache"));
- (void)CERT_ClearOCSPCache();
+ cert_detail_list(CERT_TYPE_CA);
}
+
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
