Permalink
Browse files

make it possible to build without cert support (footprint issue)

  • Loading branch information...
1 parent 7d5ef4e commit 71c1fda48625178cd4163c63d0723e2d864f9cd6 itojun committed Oct 3, 2000
@@ -1,4 +1,4 @@
-/* $KAME: ipsec_doi.c,v 1.113 2000/09/29 18:45:10 itojun Exp $ */
+/* $KAME: ipsec_doi.c,v 1.114 2000/10/03 23:44:41 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -28,7 +28,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-/* YIPS @(#)$Id: ipsec_doi.c,v 1.113 2000/09/29 18:45:10 itojun Exp $ */
+/* YIPS @(#)$Id: ipsec_doi.c,v 1.114 2000/10/03 23:44:41 itojun Exp $ */
#include <sys/types.h>
#include <sys/param.h>
@@ -2984,12 +2984,14 @@ ipsecdoi_setid1(iph1)
id_b.type = idtype2doi(iph1->rmconf->identtype);
ident = lcconf->ident[iph1->rmconf->identtype];
break;
+#ifdef HAVE_SIGNING_C
case LC_IDENTTYPE_CERTNAME:
id_b.type = IPSECDOI_ID_DER_ASN1_DN;
if (oakley_getmycert(iph1) < 0)
goto err;
ident = eay_get_x509asn1subjectname(&iph1->cert->cert);
break;
+#endif
case LC_IDENTTYPE_ADDRESS:
default:
/* use IP address */
@@ -1,4 +1,4 @@
-/* $KAME: isakmp_agg.c,v 1.42 2000/09/22 18:03:09 sakane Exp $ */
+/* $KAME: isakmp_agg.c,v 1.43 2000/10/03 23:44:42 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -28,7 +28,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-/* YIPS @(#)$Id: isakmp_agg.c,v 1.42 2000/09/22 18:03:09 sakane Exp $ */
+/* YIPS @(#)$Id: isakmp_agg.c,v 1.43 2000/10/03 23:44:42 itojun Exp $ */
/* Aggressive Exchange (Aggressive Mode) */
@@ -133,6 +133,7 @@ agg_i1send(iph1, msg)
if (iph1->nonce == NULL)
goto end;
+#ifdef HAVE_SIGNING_C
/* create CR if need */
if (iph1->rmconf->send_cr
&& oakley_needcr(iph1->rmconf->proposal->authmethod)
@@ -145,6 +146,7 @@ agg_i1send(iph1, msg)
goto end;
}
}
+#endif
/* create buffer to send isakmp payload */
tlen = sizeof(struct isakmp)
@@ -278,6 +280,7 @@ agg_i2recv(iph1, msg)
case ISAKMP_NPTYPE_HASH:
iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
break;
+#ifdef HAVE_SIGNING_C
case ISAKMP_NPTYPE_CR:
if (oakley_savecr(iph1, pa->ptr) < 0)
goto end;
@@ -290,6 +293,7 @@ agg_i2recv(iph1, msg)
if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
goto end;
break;
+#endif
case ISAKMP_NPTYPE_VID:
YIPSDEBUG(DEBUG_NOTIFY,
plog(logp, LOCATION, iph1->remote,
@@ -360,10 +364,12 @@ agg_i2recv(iph1, msg)
}
}
+#ifdef HAVE_SIGNING_C
if (oakley_checkcr(iph1) < 0) {
/* Ignore this error in order to be interoperability. */
;
}
+#endif
/* change status of isakmp status entry */
iph1->status = PHASE1ST_MSG2RECEIVED;
@@ -581,10 +587,12 @@ agg_r1recv(iph1, msg)
"peer transmitted Vendor ID.\n"));
(void)check_vendorid(pa->ptr);
break;
+#ifdef HAVE_SIGNING_C
case ISAKMP_NPTYPE_CR:
if (oakley_savecr(iph1, pa->ptr) < 0)
goto end;
break;
+#endif
default:
/* don't send information, see isakmp_ident_r1() */
plog(logp, LOCATION, iph1->remote,
@@ -606,10 +614,12 @@ agg_r1recv(iph1, msg)
goto end;
}
+#ifdef HAVE_SIGNING_C
if (oakley_checkcr(iph1) < 0) {
/* Ignore this error in order to be interoperability. */
;
}
+#endif
iph1->status = PHASE1ST_MSG1RECEIVED;
@@ -697,6 +707,7 @@ agg_r1send(iph1, msg)
if (iph1->hash == NULL)
goto end;
+#ifdef HAVE_SIGNING_C
/* create CR if need */
if (iph1->rmconf->send_cr
&& oakley_needcr(iph1->approval->authmethod)
@@ -709,6 +720,7 @@ agg_r1send(iph1, msg)
goto end;
}
}
+#endif
tlen = sizeof(struct isakmp);
@@ -924,6 +936,7 @@ agg_r2recv(iph1, msg0)
"peer transmitted Vendor ID.\n"));
(void)check_vendorid(pa->ptr);
break;
+#ifdef HAVE_SIGNING_C
case ISAKMP_NPTYPE_CERT:
if (oakley_savecert(iph1, pa->ptr) < 0)
goto end;
@@ -932,6 +945,7 @@ agg_r2recv(iph1, msg0)
if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
goto end;
break;
+#endif
case ISAKMP_NPTYPE_N:
YIPSDEBUG(DEBUG_NOTIFY,
plog(logp, LOCATION, iph1->remote,
@@ -1,4 +1,4 @@
-/* $KAME: isakmp_base.c,v 1.34 2000/09/21 15:18:25 sakane Exp $ */
+/* $KAME: isakmp_base.c,v 1.35 2000/10/03 23:44:42 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -28,7 +28,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-/* YIPS @(#)$Id: isakmp_base.c,v 1.34 2000/09/21 15:18:25 sakane Exp $ */
+/* YIPS @(#)$Id: isakmp_base.c,v 1.35 2000/10/03 23:44:42 itojun Exp $ */
/* Base Exchange (Base Mode) */
@@ -474,6 +474,7 @@ base_i3recv(iph1, msg)
case ISAKMP_NPTYPE_HASH:
iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
break;
+#ifdef HAVE_SIGNING_C
case ISAKMP_NPTYPE_CERT:
if (oakley_savecert(iph1, pa->ptr) < 0)
goto end;
@@ -482,6 +483,7 @@ base_i3recv(iph1, msg)
if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
goto end;
break;
+#endif
case ISAKMP_NPTYPE_VID:
YIPSDEBUG(DEBUG_NOTIFY,
plog(logp, LOCATION, iph1->remote,
@@ -831,6 +833,7 @@ base_r2recv(iph1, msg)
case ISAKMP_NPTYPE_HASH:
iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
break;
+#ifdef HAVE_SIGNING_C
case ISAKMP_NPTYPE_CERT:
if (oakley_savecert(iph1, pa->ptr) < 0)
goto end;
@@ -839,6 +842,7 @@ base_r2recv(iph1, msg)
if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
goto end;
break;
+#endif
case ISAKMP_NPTYPE_VID:
YIPSDEBUG(DEBUG_NOTIFY,
plog(logp, LOCATION, iph1->remote,
@@ -1,4 +1,4 @@
-/* $KAME: isakmp_ident.c,v 1.43 2000/09/22 18:03:09 sakane Exp $ */
+/* $KAME: isakmp_ident.c,v 1.44 2000/10/03 23:44:42 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -28,7 +28,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-/* YIPS @(#)$Id: isakmp_ident.c,v 1.43 2000/09/22 18:03:09 sakane Exp $ */
+/* YIPS @(#)$Id: isakmp_ident.c,v 1.44 2000/10/03 23:44:42 itojun Exp $ */
/* Identity Protecion Exchange (Main Mode) */
@@ -355,10 +355,12 @@ ident_i3recv(iph1, msg)
"peer transmitted Vendor ID.\n"));
(void)check_vendorid(pa->ptr);
break;
+#ifdef HAVE_SIGNING_C
case ISAKMP_NPTYPE_CR:
if (oakley_savecr(iph1, pa->ptr) < 0)
goto end;
break;
+#endif
default:
/* don't send information, see ident_r1recv() */
plog(logp, LOCATION, iph1->remote,
@@ -376,10 +378,12 @@ ident_i3recv(iph1, msg)
goto end;
}
+#ifdef HAVE_SIGNING_C
if (oakley_checkcr(iph1) < 0) {
/* Ignore this error in order to be interoperability. */
;
}
+#endif
iph1->status = PHASE1ST_MSG3RECEIVED;
@@ -527,6 +531,7 @@ ident_i4recv(iph1, msg0)
case ISAKMP_NPTYPE_HASH:
iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
break;
+#ifdef HAVE_SIGNING_C
case ISAKMP_NPTYPE_CERT:
if (oakley_savecert(iph1, pa->ptr) < 0)
goto end;
@@ -535,6 +540,7 @@ ident_i4recv(iph1, msg0)
if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
goto end;
break;
+#endif
case ISAKMP_NPTYPE_VID:
YIPSDEBUG(DEBUG_NOTIFY,
plog(logp, LOCATION, iph1->remote,
@@ -1015,6 +1021,7 @@ ident_r3recv(iph1, msg0)
case ISAKMP_NPTYPE_HASH:
iph1->pl_hash = (struct isakmp_pl_hash *)pa->ptr;
break;
+#ifdef HAVE_SIGNING_C
case ISAKMP_NPTYPE_CR:
if (oakley_savecr(iph1, pa->ptr) < 0)
goto end;
@@ -1027,6 +1034,7 @@ ident_r3recv(iph1, msg0)
if (isakmp_p2ph(&iph1->sig_p, pa->ptr) < 0)
goto end;
break;
+#endif
case ISAKMP_NPTYPE_VID:
YIPSDEBUG(DEBUG_NOTIFY,
plog(logp, LOCATION, iph1->remote,
@@ -1099,10 +1107,12 @@ ident_r3recv(iph1, msg0)
}
}
+#ifdef HAVE_SIGNING_C
if (oakley_checkcr(iph1) < 0) {
/* Ignore this error in order to be interoperability. */
;
}
+#endif
/*
* XXX: Should we do compare two addresses, ph1handle's and ID
@@ -1216,6 +1226,7 @@ ident_ir2sendmx(iph1)
vchar_t *cr = NULL;
int error = -1;
+#ifdef HAVE_SIGNING_C
/* create CR if need */
if (iph1->side == RESPONDER
&& iph1->rmconf->send_cr
@@ -1229,6 +1240,7 @@ ident_ir2sendmx(iph1)
goto end;
}
}
+#endif
/* create buffer */
tlen = sizeof(struct isakmp)
@@ -1,4 +1,4 @@
-/* $KAME: oakley.c,v 1.65 2000/09/29 18:28:53 itojun Exp $ */
+/* $KAME: oakley.c,v 1.66 2000/10/03 23:44:42 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -28,7 +28,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-/* YIPS @(#)$Id: oakley.c,v 1.65 2000/09/29 18:28:53 itojun Exp $ */
+/* YIPS @(#)$Id: oakley.c,v 1.66 2000/10/03 23:44:42 itojun Exp $ */
#include <sys/types.h>
#include <sys/param.h>
@@ -111,10 +111,12 @@ static struct cipher_algorithm cipher[] = {
};
static int oakley_compute_keymat_x __P((struct ph2handle *, int, int));
+#ifdef HAVE_SIGNING_C
static int get_cert_fromlocal __P((struct ph1handle *, int));
static int oakley_check_certid __P((struct ph1handle *iph1));
static int check_typeofcertname __P((int, int));
static cert_t *save_certbuf __P((struct isakmp_gen *));
+#endif
int
oakley_get_defaultlifetime()
@@ -1562,8 +1564,6 @@ oakley_check_certid(iph1)
}
/*NOTREACHED*/
}
-
-#endif
static int
check_typeofcertname(doi, genid)
@@ -1831,6 +1831,7 @@ oakley_needcr(type)
}
/*NOTREACHED*/
}
+#endif /*HAVE_SIGNING_C*/
/*
* compute SKEYID

0 comments on commit 71c1fda

Please sign in to comment.