Add a new option to enable PKCS11 plugin

PR:		240684
Approved by:	strongswan@Nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications, LLC (Netgate)

2 files changed, 20 insertions, 13 deletions

diff --git a/security/strongswan/Makefile b/security/strongswan/Makefile
index 6a2bb21269bd..990d9f395fd8 100644
--- a/security/strongswan/Makefile
+++ b/security/strongswan/Makefile
@@ -41,8 +41,9 @@ CONFIGURE_ARGS=	--enable-kernel-pfkey \
 		--with-lib-prefix=${PREFIX}
 
 OPTIONS_DEFINE=	CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE GCM IKEV1 \
-		IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MEDIATION MYSQL PKI SCEP SMP \
-		SQLITE SWANCTL TESTVECTOR TPM UNBOUND UNITY VICI XAUTH
+		IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MEDIATION MYSQL PKI \
+		PKCS11 SCEP SMP SQLITE SWANCTL TESTVECTOR TPM UNBOUND UNITY \
+		VICI XAUTH
 OPTIONS_DEFINE_i386=	VIA
 OPTIONS_DEFAULT=	BUILTIN CURL IKEV1 PKI SWANCTL VICI
 OPTIONS_SINGLE=	PRINTF_HOOKS
@@ -50,6 +51,7 @@ OPTIONS_SINGLE_PRINTF_HOOKS=	BUILTIN LIBC VSTR
 OPTIONS_SUB=	yes
 
 # Description of options
+BUILTIN_DESC=	Use builtin printf hooks
 CURL_DESC=	Enable CURL to fetch CRL/OCSP
 EAPAKA3GPP2_DESC=	Enable EAP AKA with 3gpp2 backend
 EAPDYNAMIC_DESC=	Enable EAP dynamic proxy module
@@ -59,8 +61,10 @@ GCM_DESC=		Enable GCM AEAD wrapper crypto plugin
 IKEV1_DESC=	Enable IKEv1 support
 IPSECKEY_DESC=	Enable authentication with IPSECKEY resource records with DNSSEC
 KERNELLIBIPSEC_DESC=	Enable IPSec userland backend
+LIBC_DESC=	Use libc printf hooks
 LOADTESTER_DESC=	Enable load testing plugin
 MEDIATION_DESC=		Enable IKEv2 Mediation Extension
+PKCS11_DESC=	Enable PKCS11 token support
 PKI_DESC=	Enable PKI tools
 SCEP_DESC=	Enable Simple Certificate Enrollment Protocol
 SMP_DESC=	Enable XML-based management protocol (DEPRECATED)
@@ -69,14 +73,13 @@ TESTVECTOR_DESC=	Enable crypto test vectors
 TPM_DESC=	Enable TPM plugin
 UNBOUND_DESC=	Enable DNSSEC-enabled resolver
 UNITY_DESC=	Enable Cisco Unity extension plugin
+VIA_DESC=	Enable VIA Padlock support
 VICI_DESC=	Enable VICI management protocol
-XAUTH_DESC=	Enable XAuth password verification
-BUILTIN_DESC=	Use builtin printf hooks
-LIBC_DESC=	Use libc printf hooks
 VSTR_DESC=	Use devel/vstr printf hooks
-VIA_DESC=	Enable VIA Padlock support
+XAUTH_DESC=	Enable XAuth password verification
 
 # Extra options
+BUILTIN_CONFIGURE_ON=	--with-printf-hooks=builtin
 CURL_CONFIGURE_ON=	--enable-curl
 CURL_LIB_DEPENDS=	libcurl.so:ftp/curl
 EAPAKA3GPP2_CONFIGURE_ON=	--enable-eap-aka --enable-eap-aka-3gpp2
@@ -88,16 +91,18 @@ GCM_CONFIGURE_ON=	--enable-gcm
 IKEV1_CONFIGURE_OFF=	--disable-ikev1
 IPSECKEY_CONFIGURE_ON=	--enable-ipseckey
 KERNELLIBIPSEC_CONFIGURE_ON=	--enable-kernel-libipsec
-LOADTESTER_CONFIGURE_ON=--enable-load-tester
 LDAP_CONFIGURE_ON=	--enable-ldap
 LDAP_USE=		OPENLDAP=yes
+LIBC_CONFIGURE_ON=	--with-printf-hooks=glibc
+LOADTESTER_CONFIGURE_ON=--enable-load-tester
 MEDIATION_CONFIGURE_ON=	--enable-mediation
 MYSQL_CONFIGURE_ON=	--enable-mysql
 MYSQL_USES=		mysql
+PKCS11_CONFIGURE_ON=	--enable-pkcs11
 PKI_CONFIGURE_OFF=	--disable-pki
 SCEP_CONFIGURE_OFF=	--disable-scepclient
-SMP_LIB_DEPENDS=	libxml2.so:textproc/libxml2
 SMP_CONFIGURE_ON=	--enable-smp
+SMP_LIB_DEPENDS=	libxml2.so:textproc/libxml2
 SQLITE_CONFIGURE_ON=	--enable-sqlite
 SQLITE_LIB_DEPENDS=	libsqlite3.so:databases/sqlite3
 SWANCTL_CONFIGURE_ON=	--enable-swanctl
@@ -108,15 +113,13 @@ UNBOUND_CONFIGURE_ON=	--enable-unbound
 UNBOUND_LIB_DEPENDS=	libunbound.so:dns/unbound \
 			libldns.so:dns/ldns
 UNITY_CONFIGURE_ON=	--enable-unity
+VIA_CONFIGURE_ON=	--enable-padlock
 VICI_CONFIGURE_ON=	--enable-vici
+VSTR_CONFIGURE_ON=	--with-printf-hooks=vstr
+VSTR_LIB_DEPENDS=	libvstr.so:devel/vstr
 XAUTH_CONFIGURE_ON=	--enable-xauth-eap \
 			--enable-xauth-generic \
 			--enable-xauth-pam
-BUILTIN_CONFIGURE_ON=	--with-printf-hooks=builtin
-LIBC_CONFIGURE_ON=	--with-printf-hooks=glibc
-VSTR_CONFIGURE_ON=	--with-printf-hooks=vstr
-VSTR_LIB_DEPENDS=	libvstr.so:devel/vstr
-VIA_CONFIGURE_ON=	--enable-padlock
 
 .include <bsd.port.options.mk>
 
diff --git a/security/strongswan/pkg-plist b/security/strongswan/pkg-plist
index b1efdddfae18..528fe04054d9 100644
--- a/security/strongswan/pkg-plist
+++ b/security/strongswan/pkg-plist
@@ -48,6 +48,7 @@
 @sample %%ETCDIR%%.d/charon/pem.conf.sample
 @sample %%ETCDIR%%.d/charon/pgp.conf.sample
 @sample %%ETCDIR%%.d/charon/pkcs1.conf.sample
+%%PKCS11%%@sample %%ETCDIR%%.d/charon/pkcs11.conf.sample
 @sample %%ETCDIR%%.d/charon/pkcs12.conf.sample
 @sample %%ETCDIR%%.d/charon/pkcs7.conf.sample
 @sample %%ETCDIR%%.d/charon/pkcs8.conf.sample
@@ -201,6 +202,8 @@ lib/ipsec/plugins/libstrongswan-pgp.la
 lib/ipsec/plugins/libstrongswan-pgp.so
 lib/ipsec/plugins/libstrongswan-pkcs1.la
 lib/ipsec/plugins/libstrongswan-pkcs1.so
+%%PKCS11%%lib/ipsec/plugins/libstrongswan-pkcs11.la
+%%PKCS11%%lib/ipsec/plugins/libstrongswan-pkcs11.so
 lib/ipsec/plugins/libstrongswan-pkcs12.la
 lib/ipsec/plugins/libstrongswan-pkcs12.so
 lib/ipsec/plugins/libstrongswan-pkcs7.la
@@ -333,6 +336,7 @@ sbin/ipsec
 %%DATADIR%%/templates/config/plugins/pem.conf
 %%DATADIR%%/templates/config/plugins/pgp.conf
 %%DATADIR%%/templates/config/plugins/pkcs1.conf
+%%PKCS11%%%%DATADIR%%/templates/config/plugins/pkcs11.conf
 %%DATADIR%%/templates/config/plugins/pkcs12.conf
 %%DATADIR%%/templates/config/plugins/pkcs7.conf
 %%DATADIR%%/templates/config/plugins/pkcs8.conf