[strongSwan-dev] strongswan dependencies

Martin Willi martin at strongswan.org
Tue Mar 9 14:05:23 CET 2010


> Not sure what you mean by all.
> --disable-aes
> --disable-des
> --disable-fips-prf
> --disable-gmp
> --disable-md5
> --disable-sha1
> --disable-sha2

Yes, these I meant by "all" :-).

> --disable-hmac
> --disable-x509
> --disable-xcbc

The x509 plugin is required if you want to use certificates. Certificate
functionality is not yet provided by openssl.

The HMAC/XCBC wrappers are also required for these mode of operations,
the openssl plugin currently provides raw hasher/ciphers only.

> --disable-pem
> --disable-pgp

To load PEM encoded keys/certificates, pem is required. Same for pgp
encoded keys.

> --disable-pkcs1

The openssl plugin uses the OpenSSL ASN1 parser functionality, no need
for pkcs1.

> --disable-pubkey

The pubkey plugin can be used for authentication with raw RSA keys, but
is usually not needed.

> I assume that by starter you mean 'ipsec start', I'm confused as to
> which option(s) would disable starter. Please enlighten me.

If you --disable-pluto and --disable-stroke, starter and ipsec.conf
based configuration is disabled, too.


More information about the Dev mailing list