Paul, Avesh,<br><br>Regarding the compile error I had the same problem and know the cause, see below<br><br><div class="gmail_quote">2009/12/27 Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
Hi Avesh,<br>
<br>
I was looking at a bug reported that we do not compile with<br>
USE_VENDORID=false. I disentangled some ifdef's around a<br>
check with Pluto_IsFIPS() to resolve this issue.<br>
<br>
It looks like you had wanted to log (or do?) something different when<br>
running in fips mode, but actually did not log the fips mode. This got<br>
interweaved with PLUTO_SENDS_VENDORID.<br>
<br>
Can you verify that I am not missing some hidden assumption. For<br>
instance, it might be possible you actualy do not want to initiate the<br>
sending vendorid code on purpose in fips mode, but if so, it was not<br>
clear to me if this was done by accident or on purpose. I repaired it<br>
to honour PLUTO_SENDS_VENDORID regardless of the HAVE_LIBNSS setting.<br>
<br>
If you actually wanted to not send the vendorid in fips mode, I'd rather<br>
set PLUTO_SENDS_VENDORID based on USE_FIPSCHECK, instead of through some<br>
undocumented/uncommented nested ifdef clause.<br>
<br>
While testing this code and enabling HAVE_LIBNSS. with or without<br>
USE_FIPSCHECK, I get the following warning/error:<br>
<br>
cc -c -DHAVE_LIBNSS -g -Werror -DKLIPS -DSCANDIR_HAS_CONST -I/vol/git/openswan.git/ports/linux/include -I/vol/git/openswan.git/ports/linux/include -I/vol/git/openswan.git/ports/linux/include -I/vol/git/openswan.git/ports/linux/include -I/usr/include/nspr4 -I/usr/include/nss3 -I/vol/git/openswan.git -I/vol/git/openswan.git/linux/include -I/vol/git/openswan.git/include -Wall -Wpointer-arith -Wcast-qual -Wstrict-prototypes -Wbad-function-cast -DKLIPS -DNAT_TRAVERSAL -DNAT_TRAVERSAL -DKERNEL_ALG -DIKE_ALG -DFINALCONFDIR=\"/etc\" -DFINALCONFDDIR=\"/etc/ipsec.d\" -DFINALCONFFILE=\"/etc/ipsec.conf\" -DFINALVARDIR=\"/var\" -Werror /vol/git/openswan.git/programs/showhostkey/showhostkey.c<br>
cc1: warnings being treated as errors<br>
In file included from /usr/include/nss3/secport.h:48,<br>
from /usr/include/nss3/seccomon.h:63,<br>
from /usr/include/nss3/nss.h:78,<br>
from /vol/git/openswan.git/include/oswconf.h:25,<br>
from /vol/git/openswan.git/programs/showhostkey/showhostkey.c:43:<br>
/usr/include/nspr4/prlink.h:52: error: function declaration isn’t a prototype<br>
In file included from /usr/include/nss3/secport.h:48,<br>
from /usr/include/nss3/seccomon.h:63,<br>
from /usr/include/nss3/nss.h:78,<br>
from /vol/git/openswan.git/include/oswconf.h:25,<br>
from /vol/git/openswan.git/programs/showhostkey/showhostkey.c:43:<br>
<br>
This happens in showhostkey and newrsakey. Do you not have this problem?<br>
This is on Fedora 12 with nspr-4.8.2-1.fc12.x86_64 and<br>
nss-3.12.4-14.fc12.x86_64<br></blockquote><div> <br>The problem is with the NSPR header not with openswan.<br>Openswan uses the -Wstrict-prototypes flag (and -Werror) but the header faulty. <br><br>In prlink.h the offending lines are line 52 <br>
void (*fp)(); -----------------> should use (void)<br>and line 221<br>typedef void (*PRFuncPtr)(); -----------------> should use (void)<br><br>In the meantime the attached works around it by patch relaxing prototype enforcement in the makefiles for rsasignkey and shhowhostkey.<br>
I made in 2.6.23 but should work on 2.6.24 as the files haven't changed. I'll submit this work-around for fedora openswan<br>and log a bug and send a patch for nspr.<br><br>Elio<br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
Paul<br>
_______________________________________________<br>
Dev mailing list<br>
<a href="mailto:Dev@openswan.org">Dev@openswan.org</a><br>
<a href="http://lists.openswan.org/mailman/listinfo/dev" target="_blank">http://lists.openswan.org/mailman/listinfo/dev</a><br>
</blockquote></div><br>