[strongSwan-dev] Building strongSwan for Windows on Linux

Kevin Lussier Kevin.Lussier at Sophos.com
Wed Aug 23 23:21:38 CEST 2017

Hi Tobias.

Thanks for your response. Using your suggestion I was finally able to get it building. However, there were a couple of caveats along the way.

First, in my OpenSSL build I had set the ‘no-deprecated’ flag during configure, but apparently strongSwan is still using some deprecated functions. Once I rebuilt openSSL that got rid of most of the warnings during the build. However, that’s when I hit the second problem.

Since NOCRYPT is now specified as one of my CFLAGS, when it came time to build kernel_iph_net.c, it failed because apparently the crypto API is needed for that to compile. So I added

#ifdef NOCRYPT
#undef NOCRYPT

to the top of that file. After that change the build was able to complete and I can successfully run charon-svc.exe.

But I’m still confused as to why I am seeing this problem when apparently no one else is. Could it simply be that no one else has built Windows strongSwan with the latest openSSL? That seems unlikely, though I guess possible.

Also, I’m new to open source development so I’m not sure what the procedure here is, but I’d like to get the changes I’ve made to configure.ac and kernel_iph_net.c back into the main repository so other people don’t have the same issue. I guess that assumes that the changes I’ve made are correct, which other people may or may not agree with :-)


> On Aug 23, 2017, at 12:47 AM, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Kevin,
>> In file included from /usr/share/mingw-w64/include/windows.h:95:0,
>>                 from /usr/share/mingw-w64/include/winsock2.h:23,
>>                 from
>> ../../../../src/libstrongswan/utils/compat/windows.h:24,
>>                 from ../../../../src/libstrongswan/utils/utils.h:38,
>>                 from ../../../../src/libstrongswan/library.h:101,
>>                 from
>> ../../../../src/libstrongswan/credentials/builder.h:41,
>>                 from openssl_rsa_private_key.h:26,
>>                 from openssl_rsa_private_key.c:25:
>> /home/kevin/openssl-master/build/include/openssl/x509.h:84:34: error:
>> expected ')' before numeric constant
>>                                  ^
> That output looks a bit odd (as if windows.h included x509.h, check if
> that's actually the case).  But windows.h does include wincrypt.h, if
> NOCRYPT is not defined, which has a conflicting definition for
> X509_EXTENSIONS (see [1]).  You could try to add -DNOCRYPT to your CFLAGS.
> Interesting that this issue doesn't occur in our AppVeyor build [2].
> However, we do link against libeay32 there and not libcrypto, so there
> might be some compatibility fixes applied - not sure why this is
> different in your build (what's the result of the "checking for Windows
> target" configure check? check config.log for details).
> Regards,
> Tobias
> [1]
> https://sourceforge.net/p/mingw-w64/mingw-w64/ci/master/tree/mingw-w64-headers/include/wincrypt.h
> [2] https://ci.appveyor.com/project/tobiasbrunner/strongswan-52lo9

More information about the Dev mailing list