Bugfixes and Certificate handling improvements
* Sign_hash was not being compiled when libnss was unset [MCR]
* Modifications to sign_hash_nss [MCR]
* Change order of functions to avoid forward declaration [MCR]
* Silence some warnings when building with LIBNSS [MCR]
* Modifications to decrypt_sig to help with nsscert test case [MCR]
* Added dhr-style shortcuts to constants.h [MCR]
* Added IOD for SHA224_WITH_RSA, renegerated oid.h and oid.c [MCR]
* Be more careful about examining dsig when digest is not successfully extracted [MCR]
* Tweaks to get LIBNSS defines into the right place [MCR]
* Allow unit tests to set a fake time [MCR]
* Added V=1 flag to turn off concise builds [MCR]
* Move ocsp.c into liboswkeys [MCR]
* Move rnd.h header so that ocsp.c will compile [MCR]
* Move list_ocsp routines to x509.c, as those routines are tied too closely to pluto [MCR]
* Fix GCC->CC macro so that make depend works [MCR]
* Whitespace changes in Makefiles [MCR]
* Create new liboswkeys and move liboswlog to separate directory [MCR]
* Rename FOOLIB variables -> LIBFOO [MCR]
* Be less verbose when building; especially do not emit paths that would screw up regression builds. [MCR]
* Added NULL argument for labelled IPsec support [MCR]
* Remove build dependancy upon bind-devel, as USE_LWRES= is not true anymore [MCR]
* RHEL7 spec file [MCR]
* Tweak IP_SELECT_IDENT_NEW for kernel 3.2: must have gotten lost [MCR]
* Ubuntu has backported some code to 3.13, so use correct select code [MCR]
* KLIPS patches for kernel 3.18 [MCR]
* Use a more KLIPS-y way to detect if KLIPS is loaded; not ancient pfkey interface [MCR]
* While the uid and pid types changes for namespace support since 3.12,
rather than fix that, KLIPS really does not need to know the PID at all. [MCR]
* Compile out the pfkey /proc interfaces; they provide no value [MCR]
* Use IP_SELECT_IDENT_NEW for kernel 3.12 series [MCR]
* Replace the ipsec_proc interface with seq based interfaces [MCR]
* Patch to work with Linux 3.11,3.15 [MCR]
* Ripped out --show and --showonly, and awk processing of ipsec auto --up [MCR]
* Cleaned up much ugliness (ifdefed argument lists) due to HAVE_LABELED_IPSEC [MCR]
* When a connection is deleted, log if the whack is open for the state [MCR]
* Get rid of compiler/printf warning on size of pointer [MCR]
* Append .ctl to socket name as whack does [MCR]
* Tweaks to whack message format: make it more resistant to 32/64-bit differences [MCR]
* Make whack magic values more clearly 32-bit [MCR]
* Removed kernel 24 build code [MCR]
* Clarify whack magic to be dependant upon size of pointer [MCR]
* Flush whackrecord on each write [MCR]
* Whackstoprecord option should not require an argument [MCR]
* When whack record is on, output debugging [MCR]
* Tweaks to whack message format: make it more resistant to 32/64-bit differences [MCR]
* Do not make whack message depend upon an ifdef [MCR]
* Move resolv_myid from pluto into libopenswan, but remove it from liboswlog, which is for non-pluto pieces only [MCR]
* If nexthop is not set, then it ddefaults to %defaultroute, otherwise left=%defaultroute does not work [MCR]
* Add check for bison/flex [MCR]
* Some minor enhancements to newhostkey to use /dev/urandom by default, and fill in the
debian place for ipsec.secrets.inc if it exists, but is zero [MCR]
* Do not install development man pages on target system by default [MCR]
* Re-organize, and enable obsolete keywords to be processed [MCR]
* Change USER* for USER*EXTRA [MCR]
* Removed unused tsc variable [MCR]
* Change //-comments that change code flow into #if 0 instead [MCR]
* More changes to addrbytesptr() rework [MCR]
* Removed dead function: ikev2_narrow_instantiate [MCR]
* 32-bit,64-bit issues with printf [MCR]
* Try to deal with -Wqual-cast/-Werror issues: addrbytesptr() should perhaps not be promising const-ness on ptr [MCR]
* NAT-T: new style uses setsockopt and old (KLIPS-only) uses ioctl [Simon Deziel]
* Use pidof instead of ps -C in _realsetup as the former is guarantied to
be available even on minimal installs. Closes Debian bug #719126. [Simon Deziel]
* Update README to include dependencies for RH-based distros [Simon Deziel]
* Added SSL roadwarrior configuration [Renzo Dani]
