[Swan] Compile problems with -git as of today

Paul Wouters paul at nohats.ca
Fri May 1 16:30:42 EEST 2015 

On Fri, 1 May 2015, Reuben Farrelly wrote:

> I've nailed this down somewhat, it's a problem with 'curl'.  If I specify in 
> the ebuild that I don't want to build in curl support the build fails.

Attached is a fix. I have not commited this because this code I think is
all going to go away with the nss_pkix branch merged in and I don't want
to cause a merge conflict. Or if I'm wrong, Matt can apply this patch :)

Paul
-------------- next part --------------
diff --git a/lib/libswan/secrets.c b/lib/libswan/secrets.c
index 3512ebb..6ae9cec 100644
--- a/lib/libswan/secrets.c
+++ b/lib/libswan/secrets.c
@@ -880,7 +880,9 @@ static err_t lsw_process_rsa_secret(struct RSA_private_key *rsak)
 
 static pthread_mutex_t certs_and_keys_mutex = PTHREAD_MUTEX_INITIALIZER;
 
+#if defined(LIBCURL) || defined(LDAP_VER)
 static pthread_mutex_t authcert_list_mutex = PTHREAD_MUTEX_INITIALIZER;
+#endif
 
 /*
  * lock access to my certs and keys
diff --git a/mk/config.mk b/mk/config.mk
index 6132bd3..b6799e4 100644
--- a/mk/config.mk
+++ b/mk/config.mk
@@ -365,7 +365,7 @@ endif
 USE_LDAP?=false
 
 # Include libcurl support (currently used for fetching CRLs)
-USE_LIBCURL?=true
+USE_LIBCURL?=false
 
 # should we include additional (strong) algorithms?  It adds a measureable
 # amount of code space to pluto, and many of the algorithms have not had
diff --git a/programs/pluto/fetch.c b/programs/pluto/fetch.c
index b1321c8..cfb0c88 100644
--- a/programs/pluto/fetch.c
+++ b/programs/pluto/fetch.c
@@ -702,5 +702,5 @@ void list_crl_fetch_requests(bool utc)
 }
 
 #else
-#warning no LIBCURL or LDAP defined, file should not be used
+/* we'll just ignore for now - this is all going away anyway */
 #endif
diff --git a/programs/pluto/rcv_whack.c b/programs/pluto/rcv_whack.c
index 2d93663..1289d98 100644
--- a/programs/pluto/rcv_whack.c
+++ b/programs/pluto/rcv_whack.c
@@ -460,8 +460,10 @@ void whack_process(int whackfd, const struct whack_message msg)
 	}
 #endif
 
+#if defined(LIBCURL) || defined(LDAP_VER)
 	if (msg.whack_purgeocsp)
 		clear_ocsp_cache();
+#endif
 
 	if (msg.whack_reread & REREAD_CRLS)
 		load_crls();
@@ -475,12 +477,12 @@ void whack_process(int whackfd, const struct whack_message msg)
 	if (msg.whack_list & LIST_CACERTS)
 		list_authcerts();
 
+#if defined(LIBCURL) || defined(LDAP_VER)
 	if (msg.whack_list & LIST_CRLS) {
 		list_crls();
-#if defined(LIBCURL) || defined(LDAP_VER)
 		list_crl_fetch_requests(msg.whack_utc);
-#endif
 	}
+#endif
 
 	if (msg.whack_list & LIST_EVENTS)
 		timer_list();
diff --git a/programs/pluto/x509.c b/programs/pluto/x509.c
index d610da7..73755a7 100644
--- a/programs/pluto/x509.c
+++ b/programs/pluto/x509.c
@@ -872,8 +872,11 @@ static bool pluto_process_certs(struct state *st,
 {
 	struct connection *c = st->st_connection;
 	CERTCertificate *end_cert = NULL;
-	bool status = FALSE, fetch = FALSE;
+	bool status = FALSE;
 	int ret;
+#if defined(LIBCURL) || defined(LDAP_VER)
+	bool fetch = FALSE;
+#endif
 
 	ret = verify_and_cache_chain(certs, num_certs, &end_cert,
 						       strict_crl_policy);
@@ -881,8 +884,10 @@ static bool pluto_process_certs(struct state *st,
 	if (ret == -1) {
 		libreswan_log("Verification failed with import error");
 	} else {
+#if defined(LIBCURL) || defined(LDAP_VER)
 		if (ret & VERIFY_RET_CRL_NEED)
 			fetch = TRUE;
+#endif
 
 		if ((ret & VERIFY_RET_OK) && end_cert != NULL) {
 			libreswan_log("certificate %s OK",
@@ -898,6 +903,7 @@ static bool pluto_process_certs(struct state *st,
 		}
 	}
 
+#if defined(LIBCURL) || defined(LDAP_VER)
 	if (fetch && (deltasecs(crl_check_interval) > 0)) {
 		/*
 		 * TODO:
@@ -927,6 +933,7 @@ static bool pluto_process_certs(struct state *st,
 		add_crl_fetch_request_nss(&fdn);
 
 	}
+#endif
 	return status;
 
 }
@@ -1514,6 +1521,7 @@ static bool cert_time_to_str(char *buf, size_t buflen,
 	return TRUE;
 }
 
+#if defined(LIBCURL) || defined(LDAP_VER)
 static bool crl_time_to_str(char *buf, size_t buflen, SECItem *t)
 {
 	PRExplodedTime printtime;
@@ -1529,6 +1537,7 @@ static bool crl_time_to_str(char *buf, size_t buflen, SECItem *t)
 
 	return TRUE;
 }
+#endif
 
 static bool cert_detail_notbefore_to_str(char *buf, size_t buflen,
 					CERTCertificate *cert)
@@ -1614,6 +1623,7 @@ static bool show_cert_of_type(CERTCertificate *cert, show_cert_t type)
 	return FALSE;
 }
 
+#if defined(LIBCURL) || defined(LDAP_VER)
 static void crl_detail_to_whacklog(CERTCrl *crl)
 {
 	char *issuer = CERT_NameToAscii(&crl->name);
@@ -1669,6 +1679,7 @@ static void crl_detail_list(void)
 		crl_node = crl_node->next;
 	}
 }
+#endif
 
 static void cert_detail_list(show_cert_t type)
 {
@@ -1715,28 +1726,31 @@ static void cert_detail_list(show_cert_t type)
 		CERT_DestroyCertList(certs);
 }
 
+#if defined(LIBCURL) || defined(LDAP_VER)
 void check_crls(void)
 {
 	return;
 }
 
-void list_certs(void)
+void list_crls(void)
 {
-	cert_detail_list(CERT_TYPE_END);
+	crl_detail_list();
 }
 
-void list_crls(void)
+void clear_ocsp_cache(void)
 {
-	crl_detail_list();
+	DBG(DBG_X509, DBG_log("calling NSS to clear OCSP cache"));
+	(void)CERT_ClearOCSPCache();
 }
+#endif
 
-void list_authcerts(void)
+void list_certs(void)
 {
-	cert_detail_list(CERT_TYPE_CA);
+	cert_detail_list(CERT_TYPE_END);
 }
 
-void clear_ocsp_cache(void)
+void list_authcerts(void)
 {
-	DBG(DBG_X509, DBG_log("calling NSS to clear OCSP cache"));
-	(void)CERT_ClearOCSPCache();
+	cert_detail_list(CERT_TYPE_CA);
 }
+

More information about the Swan mailing list