diff options
author | Chad Loder <cloder@cvs.openbsd.org> | 2005-04-05 20:46:21 +0000 |
---|---|---|
committer | Chad Loder <cloder@cvs.openbsd.org> | 2005-04-05 20:46:21 +0000 |
commit | 78ffac09c80ac319aff487261743d3e5f2854966 (patch) | |
tree | a39780156cc877bfdb3943f085232667890bfc6c /sbin | |
parent | 1c426f1f218090a86478e6a9ab2db1bef88b1db7 (diff) |
Always compile X509 support. Almost everyone uses it. Makes the code
much easier to read and to maintain.
OK and testing by hshoexer@, more testing by me
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/isakmpd/GNUmakefile | 7 | ||||
-rw-r--r-- | sbin/isakmpd/Makefile | 10 | ||||
-rw-r--r-- | sbin/isakmpd/cert.c | 7 | ||||
-rw-r--r-- | sbin/isakmpd/conf.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/ike_auth.c | 22 | ||||
-rw-r--r-- | sbin/isakmpd/ike_quick_mode.c | 11 | ||||
-rw-r--r-- | sbin/isakmpd/ipsec.c | 8 | ||||
-rw-r--r-- | sbin/isakmpd/key.c | 20 | ||||
-rw-r--r-- | sbin/isakmpd/libcrypto.c | 6 | ||||
-rw-r--r-- | sbin/isakmpd/libcrypto.h | 6 | ||||
-rw-r--r-- | sbin/isakmpd/pf_key_v2.c | 6 | ||||
-rw-r--r-- | sbin/isakmpd/x509.c | 5 |
12 files changed, 23 insertions, 89 deletions
diff --git a/sbin/isakmpd/GNUmakefile b/sbin/isakmpd/GNUmakefile index ca2e831d454..0a31501265b 100644 --- a/sbin/isakmpd/GNUmakefile +++ b/sbin/isakmpd/GNUmakefile @@ -1,4 +1,4 @@ -# $OpenBSD: GNUmakefile,v 1.11 2005/02/10 15:00:36 ho Exp $ +# $OpenBSD: GNUmakefile,v 1.12 2005/04/05 20:46:20 cloder Exp $ # # Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. @@ -66,7 +66,7 @@ SRCS= app.c attribute.c cert.c connection.c \ ipsec.c ipsec_fld.c ipsec_num.c isakmpd.c isakmp_doi.c \ isakmp_fld.c isakmp_num.c key.c libcrypto.c log.c message.c \ math_2n.c math_group.c prf.c sa.c sysdep.c timer.c \ - transport.c udp.c ui.c util.c virtual.c + transport.c udp.c ui.c util.c virtual.c x509.c GENERATED= exchange_num.h ipsec_fld.h ipsec_num.h isakmp_fld.h \ isakmp_num.h @@ -161,7 +161,6 @@ CFLAGS+= -DUSE_KEYNOTE endif ifdef USE_LIBCRYPTO -X509= x509.c CFLAGS+= -DUSE_LIBCRYPTO LDADD+= -lcrypto DPADD+= ${LIBCRYPTO} @@ -172,7 +171,7 @@ USE_LIBCRYPTO= yes CFLAGS+= -DUSE_RAWKEY endif -SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \ +SRCS+= ${IPSEC_SRCS} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \ ${ISAKMP_CFG} ${NAT_TRAVERSAL} ${DPD} CFLAGS+= ${IPSEC_CFLAGS} LDADD+= ${DESLIB} diff --git a/sbin/isakmpd/Makefile b/sbin/isakmpd/Makefile index 9f38893b61c..53f40bbe556 100644 --- a/sbin/isakmpd/Makefile +++ b/sbin/isakmpd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.58 2004/11/10 22:07:46 drahn Exp $ +# $OpenBSD: Makefile,v 1.59 2005/04/05 20:46:20 cloder Exp $ # $EOM: Makefile,v 1.78 2000/10/15 21:33:42 niklas Exp $ # @@ -46,10 +46,10 @@ OS= openbsd # Compile-time configuration of otherwise optional features #FEATURES= tripledes des blowfish cast aes -#FEATURES+= policy x509 ec aggressive debug gmp +#FEATURES+= policy ec aggressive debug gmp #FEATURES+= rawkey isakmp_cfg dnssec privsep nat_traversal dpd FEATURES= tripledes des blowfish cast aes -FEATURES+= policy x509 ec aggressive debug +FEATURES+= policy ec aggressive debug FEATURES+= rawkey isakmp_cfg privsep nat_traversal dpd .PATH: ${.CURDIR}/sysdep/${OS} @@ -64,7 +64,7 @@ SRCS= app.c attribute.c cert.c connection.c constants.c conf.c \ ipsec_num.c isakmpd.c isakmp_doi.c isakmp_fld.c isakmp_num.c \ key.c libcrypto.c log.c message.c math_2n.c math_group.c \ prf.c sa.c sysdep.c timer.c transport.c virtual.c udp.c \ - ui.c util.c + ui.c util.c x509.c GENERATED= exchange_num.h ipsec_fld.h ipsec_num.h isakmp_fld.h \ isakmp_num.h @@ -156,7 +156,7 @@ LDADD+= -ldes DPADD+= ${LIBDES} .endif -SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \ +SRCS+= ${IPSEC_SRCS} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \ ${ISAKMP_CFG} ${PRIVSEP} ${DPD} ${NAT_TRAVERSAL} CFLAGS+= ${IPSEC_CFLAGS} ${DNSSEC_CFLAGS} diff --git a/sbin/isakmpd/cert.c b/sbin/isakmpd/cert.c index d04b9648d7f..28cd848605f 100644 --- a/sbin/isakmpd/cert.c +++ b/sbin/isakmpd/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.28 2004/06/14 09:55:41 ho Exp $ */ +/* $OpenBSD: cert.c,v 1.29 2005/04/05 20:46:20 cloder Exp $ */ /* $EOM: cert.c,v 1.18 2000/09/28 12:53:27 niklas Exp $ */ /* @@ -40,17 +40,13 @@ #include "isakmp_num.h" #include "log.h" #include "cert.h" - -#ifdef USE_X509 #include "x509.h" -#endif #ifdef USE_KEYNOTE #include "policy.h" #endif struct cert_handler cert_handler[] = { -#ifdef USE_X509 { ISAKMP_CERTENC_X509_SIG, x509_cert_init, x509_crl_init, x509_cert_get, x509_cert_validate, @@ -59,7 +55,6 @@ struct cert_handler cert_handler[] = { x509_cert_obtain, x509_cert_get_key, x509_cert_get_subjects, x509_cert_dup, x509_serialize, x509_printable, x509_from_printable }, -#endif #ifdef USE_KEYNOTE { ISAKMP_CERTENC_KEYNOTE, diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c index 93f4f2278a8..ecde75a2773 100644 --- a/sbin/isakmpd/conf.c +++ b/sbin/isakmpd/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.77 2005/04/04 19:31:11 deraadt Exp $ */ +/* $OpenBSD: conf.c,v 1.78 2005/04/05 20:46:20 cloder Exp $ */ /* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */ /* @@ -475,7 +475,6 @@ conf_load_defaults(int tr) conf_set(tr, "General", "Pubkey-directory", CONF_DFLT_PUBKEY_DIR, 0, 1); -#ifdef USE_X509 conf_set(tr, "X509-certificates", "CA-directory", CONF_DFLT_X509_CA_DIR, 0, 1); conf_set(tr, "X509-certificates", "Cert-directory", @@ -484,7 +483,6 @@ conf_load_defaults(int tr) CONF_DFLT_X509_PRIVATE_KEY, 0, 1); conf_set(tr, "X509-certificates", "CRL-directory", CONF_DFLT_X509_CRL_DIR, 0, 1); -#endif #ifdef USE_KEYNOTE conf_set(tr, "KeyNote", "Credential-directory", diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c index 494ca5f0092..19fe75e710d 100644 --- a/sbin/isakmpd/ike_auth.c +++ b/sbin/isakmpd/ike_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_auth.c,v 1.97 2005/02/22 16:57:48 hshoexer Exp $ */ +/* $OpenBSD: ike_auth.c,v 1.98 2005/04/05 20:46:20 cloder Exp $ */ /* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */ /* @@ -70,9 +70,7 @@ #include "transport.h" #include "util.h" #include "key.h" -#if defined (USE_X509) #include "x509.h" -#endif #ifdef notyet static u_int8_t *enc_gen_skeyid(struct exchange *, size_t *); @@ -82,11 +80,9 @@ static u_int8_t *pre_shared_gen_skeyid(struct exchange *, size_t *); static int pre_shared_decode_hash(struct message *); static int pre_shared_encode_hash(struct message *); -#if defined (USE_X509) || defined (USE_KEYNOTE) static u_int8_t *sig_gen_skeyid(struct exchange *, size_t *); static int rsa_sig_decode_hash(struct message *); static int rsa_sig_encode_hash(struct message *); -#endif #if defined (USE_RAWKEY) static int get_raw_key_from_file(int, u_int8_t *, size_t, RSA **); @@ -107,13 +103,11 @@ static struct ike_auth ike_auth[] = { pre_shared_encode_hash }, #endif -#if defined (USE_X509) || defined (USE_KEYNOTE) { IKE_AUTH_RSA_SIG, sig_gen_skeyid, rsa_sig_decode_hash, rsa_sig_encode_hash }, -#endif #ifdef notdef { IKE_AUTH_RSA_ENC, enc_gen_skeyid, @@ -147,15 +141,11 @@ static void * ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen) { char *key, *buf; -#if defined (USE_X509) || defined (USE_KEYNOTE) int fd; char *keyfile; -#if defined (USE_X509) FILE *keyfp; RSA *rsakey; size_t fsize; -#endif -#endif switch (type) { case IKE_AUTH_PRE_SHARED: @@ -198,7 +188,6 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen) break; case IKE_AUTH_RSA_SIG: -#if defined (USE_X509) || defined (USE_KEYNOTE) #if defined (USE_KEYNOTE) if (local_id && (keyfile = conf_get_str("KeyNote", "Credential-directory")) != 0) { @@ -281,7 +270,6 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen) } ignorekeynote: #endif /* USE_KEYNOTE */ -#ifdef USE_X509 /* Otherwise, try X.509 */ keyfile = conf_get_str("X509-certificates", "Private-key"); @@ -315,8 +303,6 @@ ignorekeynote: return 0; } return rsakey; -#endif /* USE_X509 */ -#endif /* USE_X509 || USE_KEYNOTE */ default: log_print("ike_auth_get_key: unknown key type %d", type); @@ -423,7 +409,6 @@ pre_shared_gen_skeyid(struct exchange *exchange, size_t *sz) return skeyid; } -#if defined (USE_X509) || defined (USE_KEYNOTE) /* Both DSS & RSA signature authentication use this algorithm. */ static u_int8_t * sig_gen_skeyid(struct exchange *exchange, size_t *sz) @@ -471,7 +456,6 @@ sig_gen_skeyid(struct exchange *exchange, size_t *sz) prf_free(prf); return skeyid; } -#endif /* USE_X509 || USE_KEYNOTE */ #ifdef notdef /* @@ -548,7 +532,6 @@ pre_shared_decode_hash(struct message *msg) return 0; } -#if defined (USE_X509) || defined (USE_KEYNOTE) /* Decrypt the HASH in SIG, we already need a parsed ID payload. */ static int rsa_sig_decode_hash(struct message *msg) @@ -824,7 +807,6 @@ rsa_sig_decode_hash(struct message *msg) p->flags |= PL_MARK; return 0; } -#endif /* USE_X509 || USE_KEYNOTE */ static int pre_shared_encode_hash(struct message *msg) @@ -850,7 +832,6 @@ pre_shared_encode_hash(struct message *msg) return 0; } -#if defined (USE_X509) || defined (USE_KEYNOTE) /* Encrypt the HASH into a SIG type. */ static int rsa_sig_encode_hash(struct message *msg) @@ -1080,7 +1061,6 @@ skipcert: } return 0; } -#endif /* USE_X509 || USE_KEYNOTE */ int ike_auth_hash(struct exchange *exchange, u_int8_t *buf) diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c index a40a54cb949..caf26fe81a6 100644 --- a/sbin/isakmpd/ike_quick_mode.c +++ b/sbin/isakmpd/ike_quick_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_quick_mode.c,v 1.91 2005/04/04 19:31:11 deraadt Exp $ */ +/* $OpenBSD: ike_quick_mode.c,v 1.92 2005/04/05 20:46:20 cloder Exp $ */ /* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */ /* @@ -60,10 +60,7 @@ #include "transport.h" #include "util.h" #include "key.h" - -#ifdef USE_X509 #include "x509.h" -#endif static void gen_g_xy(struct message *); static int initiator_send_HASH_SA_NONCE(struct message *); @@ -107,10 +104,8 @@ check_policy(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) int i, len, result = 0, nprinc = 0; int *x509_ids = 0, *keynote_ids = 0; unsigned char hashbuf[20]; /* Set to the largest digest result */ -#ifdef USE_X509 struct keynote_deckey dc; X509_NAME *subject; -#endif /* Do we want to use keynote policies? */ if (ignore_policy || @@ -243,7 +238,6 @@ check_policy(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) break; case ISAKMP_CERTENC_X509_SIG: -#ifdef USE_X509 principal = calloc(2, sizeof *principal); if (!principal) { log_error("check_policy: calloc (2, %lu) failed", @@ -301,7 +295,6 @@ check_policy(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) nprinc = 1; } break; -#endif /* XXX Eventually handle these. */ case ISAKMP_CERTENC_PKCS: @@ -1739,9 +1732,7 @@ next_sa: goto cleanup; } } else if ( -#if defined (USE_X509) && defined (USE_POLICY) ignore_policy || -#endif strncmp("yes", conf_get_str("General", "Use-Keynote"), 3)) { log_print("responder_recv_HASH_SA_NONCE: peer proposed " "invalid phase 2 IDs: %s", diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c index 1475fba5f70..a5a9c2b1f14 100644 --- a/sbin/isakmpd/ipsec.c +++ b/sbin/isakmpd/ipsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.c,v 1.110 2005/04/04 19:31:11 deraadt Exp $ */ +/* $OpenBSD: ipsec.c,v 1.111 2005/04/05 20:46:20 cloder Exp $ */ /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ /* @@ -73,9 +73,7 @@ #include "timer.h" #include "transport.h" #include "util.h" -#ifdef USE_X509 #include "x509.h" -#endif extern int acquire_only; @@ -2013,7 +2011,6 @@ ipsec_decode_id(char *buf, size_t size, u_int8_t *id, size_t id_len, buf[id_len] = '\0'; break; -#ifdef USE_X509 case IPSEC_ID_DER_ASN1_DN: addr = x509_DN_string(id + ISAKMP_ID_DATA_OFF, id_len - ISAKMP_ID_DATA_OFF); @@ -2023,7 +2020,6 @@ ipsec_decode_id(char *buf, size_t size, u_int8_t *id, size_t id_len, } strlcpy(buf, addr, size); break; -#endif default: snprintf(buf, size, "<id type unknown: %x>", id_type); @@ -2450,7 +2446,6 @@ ipsec_id_string(u_int8_t *id, size_t id_len) *(buf + len + id_len) = '\0'; break; -#ifdef USE_X509 case IPSEC_ID_DER_ASN1_DN: strlcpy(buf, "asn1_dn/", size); len = strlen(buf); @@ -2462,7 +2457,6 @@ ipsec_id_string(u_int8_t *id, size_t id_len) goto fail; strlcpy(buf + len, addrstr, size - len); break; -#endif default: /* Unknown type. */ diff --git a/sbin/isakmpd/key.c b/sbin/isakmpd/key.c index 57e40db70fa..71ea551bd99 100644 --- a/sbin/isakmpd/key.c +++ b/sbin/isakmpd/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.20 2004/12/28 11:19:47 hshoexer Exp $ */ +/* $OpenBSD: key.c,v 1.21 2005/04/05 20:46:20 cloder Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -29,9 +29,7 @@ #include "libcrypto.h" #include "log.h" #include "util.h" -#ifdef USE_X509 #include "x509.h" -#endif void key_free(int type, int private, void *key) @@ -41,10 +39,8 @@ key_free(int type, int private, void *key) free(key); break; case ISAKMP_KEY_RSA: -#ifdef USE_X509 RSA_free(key); break; -#endif case ISAKMP_KEY_NONE: default: log_error("key_free: unknown/unsupportedkey type %d", type); @@ -57,10 +53,8 @@ void key_serialize(int type, int private, void *key, u_int8_t **data, size_t *datalenp) { -#ifdef USE_X509 u_int8_t *p; size_t datalen; -#endif switch (type) { case ISAKMP_KEY_PASSPHRASE: @@ -68,7 +62,6 @@ key_serialize(int type, int private, void *key, u_int8_t **data, *data = (u_int8_t *)strdup((char *)key); break; case ISAKMP_KEY_RSA: -#ifdef USE_X509 switch (private) { case ISAKMP_KEYTYPE_PUBLIC: datalen = i2d_RSAPublicKey((RSA *)key, NULL); @@ -92,7 +85,6 @@ key_serialize(int type, int private, void *key, u_int8_t **data, *datalenp = i2d_RSAPrivateKey((RSA *)key, &p); break; } -#endif break; default: log_error("key_serialize: unknown/unsupported key type %d", @@ -105,17 +97,14 @@ key_serialize(int type, int private, void *key, u_int8_t **data, char * key_printable(int type, int private, u_int8_t *data, int datalen) { -#ifdef USE_X509 char *s; int i; -#endif switch (type) { case ISAKMP_KEY_PASSPHRASE: return strdup((char *)data); case ISAKMP_KEY_RSA: -#ifdef USE_X509 s = malloc(datalen * 2 + 1); if (!s) { log_error("key_printable: malloc (%d) failed", @@ -126,7 +115,6 @@ key_printable(int type, int private, u_int8_t *data, int datalen) snprintf(s + (2 * i), 2 * (datalen - i) + 1, "%02x", data[i]); return s; -#endif default: log_error("key_printable: unknown/unsupported key type %d", @@ -143,7 +131,6 @@ key_internalize(int type, int private, u_int8_t *data, int datalen) case ISAKMP_KEY_PASSPHRASE: return strdup((char *)data); case ISAKMP_KEY_RSA: -#ifdef USE_X509 switch (private) { #if OPENSSL_VERSION_NUMBER >= 0x00907000L case ISAKMP_KEYTYPE_PUBLIC: @@ -164,7 +151,6 @@ key_internalize(int type, int private, u_int8_t *data, int datalen) return 0; } break; -#endif /* USE_X509 */ default: log_error("key_internalize: unknown/unsupported key type %d", type); @@ -179,9 +165,7 @@ void key_from_printable(int type, int private, char *key, u_int8_t **data, u_int32_t *datalenp) { -#ifdef USE_X509 u_int32_t datalen; -#endif switch (type) { case ISAKMP_KEY_PASSPHRASE: @@ -190,7 +174,6 @@ key_from_printable(int type, int private, char *key, u_int8_t **data, break; case ISAKMP_KEY_RSA: -#ifdef USE_X509 datalen = (strlen(key) + 1) / 2; /* Round up, just in case */ *data = malloc(datalen); if (!*data) { @@ -207,7 +190,6 @@ key_from_printable(int type, int private, char *key, u_int8_t **data, } *datalenp = datalen; break; -#endif default: log_error("key_from_printable: " diff --git a/sbin/isakmpd/libcrypto.c b/sbin/isakmpd/libcrypto.c index d66c58a47ca..00d4345ef3b 100644 --- a/sbin/isakmpd/libcrypto.c +++ b/sbin/isakmpd/libcrypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: libcrypto.c,v 1.16 2004/04/15 18:39:26 deraadt Exp $ */ +/* $OpenBSD: libcrypto.c,v 1.17 2005/04/05 20:46:20 cloder Exp $ */ /* $EOM: libcrypto.c,v 1.14 2000/09/28 12:53:27 niklas Exp $ */ /* @@ -36,7 +36,7 @@ void libcrypto_init(void) { -#if defined (USE_X509) && defined (USE_LIBCRYPTO) +#if defined (USE_LIBCRYPTO) /* Add all algorithms known by SSL */ #if OPENSSL_VERSION_NUMBER >= 0x00905100L @@ -45,5 +45,5 @@ libcrypto_init(void) SSLeay_add_all_algorithms(); #endif -#endif /* USE_X509 && USE_LIBCRYPTO */ +#endif /* USE_LIBCRYPTO */ } diff --git a/sbin/isakmpd/libcrypto.h b/sbin/isakmpd/libcrypto.h index e9581bfc1dd..03c9eb5b9c1 100644 --- a/sbin/isakmpd/libcrypto.h +++ b/sbin/isakmpd/libcrypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: libcrypto.h,v 1.16 2004/04/15 18:39:26 deraadt Exp $ */ +/* $OpenBSD: libcrypto.h,v 1.17 2005/04/05 20:46:20 cloder Exp $ */ /* $EOM: libcrypto.h,v 1.16 2000/09/28 12:53:27 niklas Exp $ */ /* @@ -33,8 +33,6 @@ #ifndef _LIBCRYPTO_H_ #define _LIBCRYPTO_H_ -#ifdef USE_X509 - #include <stdio.h> /* XXX I want #include <ssl/cryptall.h> but we appear to not install meth.h */ @@ -45,8 +43,6 @@ #include <openssl/x509_vfy.h> #include <openssl/x509.h> -#endif /* USE_X509 */ - extern void libcrypto_init(void); #endif /* _LIBCRYPTO_H_ */ diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c index 9dc78bce4ed..a2851817f9e 100644 --- a/sbin/isakmpd/pf_key_v2.c +++ b/sbin/isakmpd/pf_key_v2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.c,v 1.156 2005/04/04 19:31:11 deraadt Exp $ */ +/* $OpenBSD: pf_key_v2.c,v 1.157 2005/04/05 20:46:20 cloder Exp $ */ /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */ /* @@ -1627,7 +1627,7 @@ nodid: break; #endif /* USE_KEYNOTE */ -#if defined (USE_X509) && defined (SADB_X_EXT_REMOTE_CREDENTIALS) +#if defined (SADB_X_EXT_REMOTE_CREDENTIALS) case ISAKMP_CERTENC_X509_SIG: { u_int8_t *data; @@ -1666,7 +1666,7 @@ nodid: goto cleanup; } break; -#endif /* USE_X509 */ +#endif } } #endif /* SADB_X_CREDTYPE_NONE */ diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c index 3b3d5d17c0b..3f567a62304 100644 --- a/sbin/isakmpd/x509.c +++ b/sbin/isakmpd/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.97 2005/03/15 16:49:05 mpf Exp $ */ +/* $OpenBSD: x509.c,v 1.98 2005/04/05 20:46:20 cloder Exp $ */ /* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */ /* @@ -31,7 +31,6 @@ * This code was written under funding by Ericsson Radio Systems. */ -#ifdef USE_X509 #include <sys/param.h> #include <sys/types.h> @@ -1432,4 +1431,4 @@ x509_DN_string(u_int8_t *asn1, size_t sz) buf[sizeof buf - 1] = '\0'; return strdup(buf); } -#endif /* USE_X509 */ + |