comment "strongswan needs a toolchain w/ threads"
	depends on BR2_USE_MMU
	depends on !BR2_TOOLCHAIN_HAS_THREADS

menuconfig BR2_PACKAGE_STRONGSWAN
	bool "strongswan"
	depends on BR2_USE_MMU # fork()
	depends on BR2_TOOLCHAIN_HAS_THREADS
	help
	  strongSwan is an OpenSource IPsec implementation for the
	  Linux operating system. It is based on the discontinued
	  FreeS/WAN project and the X.509 patch.

	  The focus is on:
	     - simplicity of configuration
	     - strong encryption and authentication methods
	     - powerful IPsec policies supporting large and complex VPN networks

	  strongSwan provide many plugins. Only a few are presented here.

	  http://www.strongswan.org/

if BR2_PACKAGE_STRONGSWAN

comment "kernel-netlink and socket-default options need a toolchain w/ IPv6"
	depends on !BR2_INET_IPV6

choice
	prompt "Cryptographic backend"
	default BR2_PACKAGE_STRONGSWAN_GMP

config BR2_PACKAGE_STRONGSWAN_OPENSSL
	bool "OpenSSL"
	select BR2_PACKAGE_OPENSSL

config BR2_PACKAGE_STRONGSWAN_GCRYPT
	bool "libgcrypt"
	select BR2_PACKAGE_LIBGCRYPT

config BR2_PACKAGE_STRONGSWAN_GMP
	bool "GNU MP (libgmp)"
	select BR2_PACKAGE_GMP

endchoice

config BR2_PACKAGE_STRONGSWAN_AF_ALG
	bool "Enable AF_ALG crypto interface to Linux Crypto API"

config BR2_PACKAGE_STRONGSWAN_CURL
	bool "Enable CURL fetcher plugin to fetch files via libcurl"
	select BR2_PACKAGE_LIBCURL

config BR2_PACKAGE_STRONGSWAN_CHARON
	bool "Enable the IKEv1/IKEv2 keying daemon charon"
	default y

if BR2_PACKAGE_STRONGSWAN_CHARON

config BR2_PACKAGE_STRONGSWAN_TNCCS_11
	bool "Enable TNCCS 1.1 protocol module"
	select BR2_PACKAGE_LIBXML2

config BR2_PACKAGE_STRONGSWAN_TNCCS_20
	bool "Enable TNCCS 2.0 protocol module"

config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
	bool "Enable dynamic TNCCS protocol discovery module"

config BR2_PACKAGE_STRONGSWAN_EAP
	bool "Enable EAP protocols"
	help
	  Enable various EAP protocols:
	    - mschapv2
	    - tls
	    - ttls
	    - peap
	    - sim
	    - sim-file
	    - aka
	    - aka-3gpp2
	    - simaka-sql
	    - simaka-pseudonym
	    - simaka-reauth
	    - identity
	    - md5
	    - gtc
	    - tnc
	    - dynamic
	    - radius

if BR2_PACKAGE_STRONGSWAN_EAP

config BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC
	bool "Enable EAP-SIM smart card backend"
	depends on !BR2_STATIC_LIBS # pcsc-lite
	select BR2_PACKAGE_PCSC_LITE

endif

config BR2_PACKAGE_STRONGSWAN_UNITY
	bool "Enables Cisco Unity extension plugin"

config BR2_PACKAGE_STRONGSWAN_STROKE
	bool "Enable charons stroke configuration backend"
	default y

config BR2_PACKAGE_STRONGSWAN_SQL
	bool "Enable SQL database configuration backend"
	depends on BR2_PACKAGE_SQLITE || BR2_PACKAGE_MYSQL

endif

config BR2_PACKAGE_STRONGSWAN_PKI
	bool "Enable pki certificate utility"
	default y

config BR2_PACKAGE_STRONGSWAN_SCEP
	bool "Enable SCEP client tool"

config BR2_PACKAGE_STRONGSWAN_SCRIPTS
	bool "Enable additional utilities (found in scripts directory)"
	depends on BR2_PACKAGE_STRONGSWAN_CHARON
	default y

config BR2_PACKAGE_STRONGSWAN_VICI
	bool "Enable vici/swanctl"
	depends on BR2_PACKAGE_STRONGSWAN_CHARON
	default y

endif