new file mode 100644
@@ -0,0 +1,8491 @@
+From c8c36d7bd8aad1dae6a1e6eb8dd8429b837ea035 Mon Sep 17 00:00:00 2001
+From: Libo Chen <libo.chen.cn@windriver.com>
+Date: Fri, 24 Oct 2025 12:12:10 +0800
+Subject: [PATCH] freeradius: Remove files which have license issues
+
+remove the following files which have the following license:
+
+Copyright (C) 2023 Network RADIUS SARL (legal@networkradius.com)
+
+This software may not be redistributed in any form without the prior
+written consent of Network RADIUS.
+
+src/modules/rlm_dpsk/rlm_dpsk.c
+src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
+src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
+src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
+src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
+src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
+
+Upstream-Status: Pending
+
+Signed-off-by: Libo Chen <libo.chen.cn@windriver.com>
+---
+ src/modules/rlm_dpsk/all.mk | 10 -
+ src/modules/rlm_dpsk/rlm_dpsk.c | 955 ----
+ .../rlm_eap/types/rlm_eap_teap/.gitignore | 1 -
+ .../rlm_eap/types/rlm_eap_teap/all.mk.in | 12 -
+ .../rlm_eap/types/rlm_eap_teap/configure | 4512 -----------------
+ .../rlm_eap/types/rlm_eap_teap/configure.ac | 86 -
+ .../rlm_eap/types/rlm_eap_teap/eap_teap.c | 1817 -------
+ .../rlm_eap/types/rlm_eap_teap/eap_teap.h | 176 -
+ .../types/rlm_eap_teap/eap_teap_crypto.c | 198 -
+ .../types/rlm_eap_teap/eap_teap_crypto.h | 39 -
+ .../rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c | 569 ---
+ 11 files changed, 8375 deletions(-)
+ delete mode 100644 src/modules/rlm_dpsk/all.mk
+ delete mode 100644 src/modules/rlm_dpsk/rlm_dpsk.c
+ delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/.gitignore
+ delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in
+ delete mode 100755 src/modules/rlm_eap/types/rlm_eap_teap/configure
+ delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/configure.ac
+ delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
+ delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
+ delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
+ delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
+ delete mode 100644 src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
+
+diff --git a/src/modules/rlm_dpsk/all.mk b/src/modules/rlm_dpsk/all.mk
+deleted file mode 100644
+index 8da247565b..0000000000
+--- a/src/modules/rlm_dpsk/all.mk
++++ /dev/null
+@@ -1,10 +0,0 @@
+-TARGETNAME := rlm_dpsk
+-
+-ifneq "$(OPENSSL_LIBS)" ""
+-TARGET := $(TARGETNAME).a
+-endif
+-
+-SOURCES := $(TARGETNAME).c
+-
+-SRC_CFLAGS :=
+-TGT_LDLIBS :=
+diff --git a/src/modules/rlm_dpsk/rlm_dpsk.c b/src/modules/rlm_dpsk/rlm_dpsk.c
+deleted file mode 100644
+index 35773056b3..0000000000
+--- a/src/modules/rlm_dpsk/rlm_dpsk.c
++++ /dev/null
+@@ -1,955 +0,0 @@
+-/*
+- * Copyright (C) 2023 Network RADIUS SARL (legal@networkradius.com)
+- *
+- * This software may not be redistributed in any form without the prior
+- * written consent of Network RADIUS.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- */
+-
+-/**
+- * $Id$
+- * @file rlm_dpsk.c
+- * @brief Dynamic PSK for WiFi
+- *
+- * @copyright 2023 Network RADIUS SAS (legal@networkradius.com)
+- */
+-RCSID("$Id$")
+-
+-#include <freeradius-devel/radiusd.h>
+-#include <freeradius-devel/modules.h>
+-#include <freeradius-devel/dlist.h>
+-#include <freeradius-devel/rad_assert.h>
+-
+-#include <openssl/ssl.h>
+-#include <openssl/evp.h>
+-#include <openssl/hmac.h>
+-
+-#include <ctype.h>
+-
+-#define PW_FREERADIUS_8021X_ANONCE (1)
+-#define PW_FREERADIUS_8021X_EAPOL_KEY_MSG (2)
+-
+-#define VENDORPEC_FREERADIUS_EVS5 ((((uint32_t) 245) << 24) | VENDORPEC_FREERADIUS)
+-
+-#define VENDORPEC_RUCKUS (25053)
+-#define PW_RUCKUS_BSSID (14)
+-#define PW_RUCKUS_DPSK_PARAMS (152)
+-
+-//#define PW_RUCKUS_DPSK_CIPHER (PW_RUCKUS_DPSK_PARAMS | (2 << 8))
+-#define PW_RUCKUS_DPSK_ANONCE (PW_RUCKUS_DPSK_PARAMS | (3 << 8))
+-#define PW_RUCKUS_DPSK_EAPOL_KEY_FRAME (PW_RUCKUS_DPSK_PARAMS | (4 << 8))
+-
+-
+-/*
+- Header: 02030075
+-
+- descriptor 02
+- information 010a
+- length 0010
+- replay counter 000000000000001
+- snonce c3bb319516614aacfb44e933bf1671131fb1856e5b2721952d414ce3f5aa312b
+- IV 0000000000000000000000000000000
+- rsc 0000000000000000
+- reserved 0000000000000000
+- mic 35cddcedad0dfb6a12a2eca55c17c323
+- data length 0016
+- data 30140100000fac040100000fac040100000fac028c00
+-
+- 30
+- 14 length of data
+- 01 ...
+-*/
+-
+-typedef struct eapol_key_frame_t {
+- uint8_t descriptor; // message number 2
+- uint16_t information; //
+- uint16_t length; // always 0010, for 16 octers
+- uint8_t replay_counter[8]; // usually "1"
+- uint8_t nonce[32]; // random token
+- uint8_t iv[16]; // zeroes
+- uint8_t rsc[8]; // zeros
+- uint8_t reserved[8]; // zeroes
+- uint8_t mic[16]; // calculated data
+- uint16_t data_len; // various other things we don't need.
+-// uint8_t data[];
+-} CC_HINT(__packed__) eapol_key_frame_t;
+-
+-typedef struct eapol_attr_t {
+- uint8_t header[4]; // 02030075
+- eapol_key_frame_t frame;
+-} CC_HINT(__packed__) eapol_attr_t;
+-
+-#ifdef HAVE_PTHREAD_H
+-#define PTHREAD_MUTEX_LOCK pthread_mutex_lock
+-#define PTHREAD_MUTEX_UNLOCK pthread_mutex_unlock
+-#else
+-#define PTHREAD_MUTEX_LOCK(_x)
+-#define PTHREAD_MUTEX_UNLOCK(_x)
+-#endif
+-
+-typedef struct rlm_dpsk_s rlm_dpsk_t;
+-
+-typedef struct {
+- uint8_t mac[6];
+- uint8_t pmk[32];
+-
+- uint8_t *ssid;
+- size_t ssid_len;
+-
+- char *identity;
+- size_t identity_len;
+-
+- uint8_t *psk;
+- size_t psk_len;
+- time_t expires;
+-
+- fr_dlist_t dlist;
+- rlm_dpsk_t *inst;
+-} rlm_dpsk_cache_t;
+-
+-struct rlm_dpsk_s {
+- char const *xlat_name;
+- bool ruckus;
+- bool dynamic;
+-
+- rbtree_t *cache;
+-
+- uint32_t cache_size;
+- uint32_t cache_lifetime;
+-
+- char const *filename;
+-
+-#ifdef HAVE_PTHREAD_H
+- pthread_mutex_t mutex;
+-#endif
+- fr_dlist_t head;
+-
+- DICT_ATTR const *ssid;
+- DICT_ATTR const *anonce;
+- DICT_ATTR const *frame;
+-};
+-
+-static const CONF_PARSER module_config[] = {
+- { "ruckus", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_dpsk_t, ruckus), "no" },
+-
+- { "cache_size", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_dpsk_t, cache_size), "0" },
+- { "cache_lifetime", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_dpsk_t, cache_lifetime), "0" },
+-
+- { "filename", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT, rlm_dpsk_t, filename), NULL },
+-
+- CONF_PARSER_TERMINATOR
+-};
+-
+-
+-static inline CC_HINT(nonnull) rlm_dpsk_cache_t *fr_dlist_head(fr_dlist_t const *head)
+-{
+- if (head->prev == head) return NULL;
+-
+- return (rlm_dpsk_cache_t *) (((uintptr_t) head->next) - offsetof(rlm_dpsk_cache_t, dlist));
+-}
+-
+-static void rdebug_hex(REQUEST *request, char const *prefix, uint8_t const *data, int len)
+-{
+- int i;
+- char buffer[2048]; /* large enough for largest len */
+-
+- /*
+- * Leave a trailing space, we don't really care about that.
+- */
+- for (i = 0; i < len; i++) {
+- snprintf(buffer + i * 2, sizeof(buffer) - i * 2, "%02x", data[i]);
+- }
+-
+- RDEBUG("%s %s", prefix, buffer);
+-}
+-#define RDEBUG_HEX if (rad_debug_lvl >= 3) rdebug_hex
+-
+-#if 0
+-/*
+- * Find the Ruckus attributes, and convert to FreeRADIUS ones.
+- *
+- * Also check the WPA2 cipher. We need AES + HMAC-SHA1.
+- */
+-static bool normalize(rlm_dpsk_t *inst, REQUEST *request)
+-{
+- VALUE_PAIR *bssid, *cipher, *anonce, *key_msg, *vp;
+-
+- if (!inst->ruckus) return false;
+-
+- bssid = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_BSSID, VENDORPEC_RUCKUS, TAG_ANY);
+- if (!bssid) return false;
+-
+- cipher = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_DPSK_CIPHER, VENDORPEC_RUCKUS, TAG_ANY);
+- if (!cipher) return false;
+-
+- if (cipher->vp_byte != 4) {
+- RDEBUG("Found Ruckus-DPSK-Cipher != 4, which means that we cannot do DPSK");
+- return false;
+- }
+-
+- anonce = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_DPSK_ANONCE, VENDORPEC_RUCKUS, TAG_ANY);
+- if (!anonce) return false;
+-
+- key_msg = fr_pair_find_by_num(request->packet->vps, PW_RUCKUS_DPSK_EAPOL_KEY_FRAME, VENDORPEC_RUCKUS, TAG_ANY);
+- if (!key_msg) return false;
+-
+- MEM(vp = fr_pair_afrom_da(request->packet, anonce->da));
+- fr_pair_value_memcpy(vp, anonce->vp_octets, anonce->vp_length);
+- fr_pair_add(&request->packet->vps, vp);
+-
+- MEM(vp = fr_pair_afrom_da(request->packet, key_msg->da));
+- fr_pair_value_memcpy(vp, key_msg->vp_octets, key_msg->vp_length);
+- fr_pair_add(&request->packet->vps, vp);
+-
+- return false;
+-}
+-#endif
+-
+-/*
+- * mod_authorize() - authorize user if we can authenticate
+- * it later. Add Auth-Type attribute if present in module
+- * configuration (usually Auth-Type must be "DPSK")
+- */
+-static rlm_rcode_t CC_HINT(nonnull) mod_authorize(void * instance, REQUEST *request)
+-{
+- rlm_dpsk_t *inst = instance;
+-
+- if (!fr_pair_find_by_da(request->packet->vps, inst->anonce, TAG_ANY) &&
+- !fr_pair_find_by_da(request->packet->vps, inst->frame, TAG_ANY)) {
+- return RLM_MODULE_NOOP;
+- }
+-
+- if (fr_pair_find_by_num(request->config, PW_AUTH_TYPE, 0, TAG_ANY)) {
+- RWDEBUG2("Auth-Type already set. Not setting to %s", inst->xlat_name);
+- return RLM_MODULE_NOOP;
+- }
+-
+- RDEBUG2("Found %s. Setting 'Auth-Type = %s'", inst->frame->name, inst->xlat_name);
+-
+- /*
+- * Set Auth-Type to MS-CHAP. The authentication code
+- * will take care of turning cleartext passwords into
+- * NT/LM passwords.
+- */
+- if (!pair_make_config("Auth-Type", inst->xlat_name, T_OP_EQ)) {
+- return RLM_MODULE_FAIL;
+- }
+-
+- return RLM_MODULE_OK;
+-}
+-
+-static rlm_dpsk_cache_t *dpsk_cache_find(REQUEST *request, rlm_dpsk_t const *inst, uint8_t *buffer, size_t buflen, VALUE_PAIR *ssid, uint8_t const *mac)
+-{
+- rlm_dpsk_cache_t *entry, my_entry;
+-
+- memcpy(my_entry.mac, mac, sizeof(my_entry.mac));
+- memcpy(&my_entry.ssid, &ssid->vp_octets, sizeof(my_entry.ssid)); /* const issues */
+- my_entry.ssid_len = ssid->vp_length;
+-
+- entry = rbtree_finddata(inst->cache, &my_entry);
+- if (entry) {
+- if (entry->expires > request->timestamp) {
+- RDEBUG3("Cache entry found");
+- memcpy(buffer, entry->pmk, buflen);
+- return entry;
+- }
+-
+- RDEBUG3("Cache entry has expired");
+- rbtree_deletebydata(inst->cache, entry);
+- }
+-
+- return NULL;
+-}
+-
+-
+-static int generate_pmk(REQUEST *request, rlm_dpsk_t const *inst, uint8_t *buffer, size_t buflen, VALUE_PAIR *ssid, uint8_t const *mac, char const *psk, size_t psk_len)
+-{
+- VALUE_PAIR *vp;
+-
+- fr_assert(buflen == 32);
+-
+- if (!ssid) {
+- ssid = fr_pair_find_by_da(request->packet->vps, inst->ssid, TAG_ANY);
+- if (!ssid) {
+- RDEBUG("No %s in the request", inst->ssid->name);
+- return 0;
+- }
+- }
+-
+- /*
+- * No provided PSK. Try to look it up in the cache. If
+- * it isn't there, find it in the config items.
+- */
+- if (!psk) {
+- if (inst->cache && mac) {
+- rlm_dpsk_cache_t *entry;
+-
+- entry = dpsk_cache_find(request, inst, buffer, buflen, ssid, mac);
+- if (entry) {
+- memcpy(buffer, entry->pmk, buflen);
+- return 1;
+- }
+- RDEBUG3("Cache entry not found");
+- } /* else no caching */
+-
+- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY);
+- if (!vp) {
+- RDEBUG("No &config:Pre-Shared-Key");
+- return 0;
+- }
+-
+- psk = vp->vp_strvalue;
+- psk_len = vp->vp_length;
+- }
+-
+- if (PKCS5_PBKDF2_HMAC_SHA1((const char *) psk, psk_len, (const unsigned char *) ssid->vp_strvalue, ssid->vp_length, 4096, buflen, buffer) == 0) {
+- RDEBUG("Failed calling OpenSSL to calculate the PMK");
+- return 0;
+- }
+-
+- return 1;
+-}
+-
+-/*
+- * Verify the DPSK information.
+- */
+-static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *request)
+-{
+- rlm_dpsk_t *inst = instance;
+- VALUE_PAIR *anonce, *key_msg, *ssid, *vp;
+- rlm_dpsk_cache_t *entry;
+- int lineno = 0;
+- size_t len, psk_len;
+- unsigned int digest_len, mic_len;
+- eapol_attr_t const *eapol;
+- eapol_attr_t *zeroed;
+- FILE *fp = NULL;
+- char const *psk_identity = NULL, *psk;
+- uint8_t *p;
+- uint8_t const *snonce, *ap_mac;
+- uint8_t const *min_mac, *max_mac;
+- uint8_t const *min_nonce, *max_nonce;
+- uint8_t pmk[32];
+- uint8_t s_mac[6], message[sizeof("Pairwise key expansion") + 6 + 6 + 32 + 32 + 1], frame[128];
+- uint8_t digest[EVP_MAX_MD_SIZE], mic[EVP_MAX_MD_SIZE];
+- char token_identity[256];
+-
+- /*
+- * Search for the information in a bunch of attributes.
+- */
+- anonce = fr_pair_find_by_da(request->packet->vps, inst->anonce, TAG_ANY);
+- if (!anonce) {
+- RDEBUG("No FreeRADIUS-802.1X-Anonce in the request");
+- return RLM_MODULE_NOOP;
+- }
+-
+- if (anonce->vp_length != 32) {
+- RDEBUG("%s has incorrect length (%zu, not 32)", inst->anonce->name, anonce->vp_length);
+- return RLM_MODULE_NOOP;
+- }
+-
+- key_msg = fr_pair_find_by_da(request->packet->vps, inst->frame, TAG_ANY);
+- if (!key_msg) {
+- RDEBUG("No %s in the request", inst->frame->name);
+- return RLM_MODULE_NOOP;
+- }
+-
+- if (key_msg->vp_length < sizeof(*eapol)) {
+- RDEBUG("%s has incorrect length (%zu < %zu)", inst->frame->name, key_msg->vp_length, sizeof(*eapol));
+- return RLM_MODULE_NOOP;
+- }
+-
+- if (key_msg->vp_length > sizeof(frame)) {
+- RDEBUG("%s has incorrect length (%zu > %zu)", inst->frame->name, key_msg->vp_length, sizeof(frame));
+- return RLM_MODULE_NOOP;
+- }
+-
+- ssid = fr_pair_find_by_da(request->packet->vps, inst->ssid, TAG_ANY);
+- if (!ssid) {
+- RDEBUG("No %s in the request", inst->ssid->name);
+- return 0;
+- }
+-
+- /*
+- * Get supplicant MAC address.
+- */
+- vp = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
+- if (!vp) {
+- RDEBUG("No &User-Name");
+- return RLM_MODULE_NOOP;
+- }
+-
+- len = fr_hex2bin(s_mac, sizeof(s_mac), vp->vp_strvalue, vp->vp_length);
+- if (len != 6) {
+- RDEBUG("&User-Name is not a recognizable hex MAC address");
+- return RLM_MODULE_NOOP;
+- }
+-
+- /*
+- * In case we're not reading from a file.
+- */
+- vp = fr_pair_find_by_num(request->config, PW_PSK_IDENTITY, 0, TAG_ANY);
+- if (vp) psk_identity = vp->vp_strvalue;
+-
+- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY);
+- if (vp) {
+- psk = vp->vp_strvalue;
+- psk_len = vp->vp_length;
+- } else {
+- psk = NULL;
+- psk_len = 0;
+- }
+-
+- /*
+- * Get the AP MAC address.
+- */
+- vp = fr_pair_find_by_num(request->packet->vps, PW_CALLED_STATION_MAC, 0, TAG_ANY);
+- if (!vp) {
+- RDEBUG("No &Called-Station-MAC");
+- return RLM_MODULE_NOOP;
+- }
+-
+- if (vp->length != 6) {
+- RDEBUG("&Called-Station-MAC is not a recognizable MAC address");
+- return RLM_MODULE_NOOP;
+- }
+-
+- ap_mac = vp->vp_octets;
+-
+- /*
+- * Sort the MACs
+- */
+- if (memcmp(s_mac, ap_mac, 6) <= 0) {
+- min_mac = s_mac;
+- max_mac = ap_mac;
+- } else {
+- min_mac = ap_mac;
+- max_mac = s_mac;
+- }
+-
+- eapol = (eapol_attr_t const *) key_msg->vp_octets;
+-
+- /*
+- * Get supplicant nonce and AP nonce.
+- *
+- * Then sort the nonces.
+- */
+- snonce = key_msg->vp_octets + 17;
+- if (memcmp(snonce, anonce->vp_octets, 32) <= 0) {
+- min_nonce = snonce;
+- max_nonce = anonce->vp_octets;
+- } else {
+- min_nonce = anonce->vp_octets;
+- max_nonce = snonce;
+- }
+-
+- /*
+- * Create the base message which we will hash.
+- */
+- memcpy(message, "Pairwise key expansion", sizeof("Pairwise key expansion")); /* including trailing NUL */
+- p = &message[sizeof("Pairwise key expansion")];
+-
+- memcpy(p, min_mac, 6);
+- memcpy(p + 6, max_mac, 6);
+- p += 12;
+-
+- memcpy(p, min_nonce, 32);
+- memcpy(p + 32, max_nonce, 32);
+- p += 64;
+- *p = '\0';
+- fr_assert(sizeof(message) == (p + 1 - message));
+-
+- if (inst->filename && !psk) {
+- FR_TOKEN token;
+- char const *q, *filename;
+- char token_psk[256];
+- char token_mac[256];
+- char buffer[1024];
+- char filename_buffer[1024];
+-
+- /*
+- * If there's a cached entry, we don't read the file.
+- */
+- entry = dpsk_cache_find(request, inst, pmk, sizeof(pmk), ssid, s_mac);
+- if (entry) {
+- psk_identity = entry->identity;
+- goto make_digest;
+- }
+-
+- if (!inst->dynamic) {
+- filename = inst->filename;
+- } else {
+- if (radius_xlat(filename_buffer, sizeof(filename_buffer),
+- request, inst->filename, NULL, NULL) < 0) {
+- return RLM_MODULE_FAIL;
+- }
+-
+- filename = filename_buffer;
+- }
+-
+- RDEBUG3("Looking for PSK in file %s", filename);
+-
+- fp = fopen(filename, "r");
+- if (!fp) {
+- REDEBUG("Failed opening %s - %s", filename, fr_syserror(errno));
+- return RLM_MODULE_FAIL;
+- }
+-
+-get_next_psk:
+- q = fgets(buffer, sizeof(buffer), fp);
+- if (!q) {
+- RDEBUG("Failed to find matching key in %s", filename);
+- fail:
+- fclose(fp);
+- return RLM_MODULE_FAIL;
+- }
+-
+- /*
+- * Split the line on commas, paying attention to double quotes.
+- */
+- token = getstring(&q, token_identity, sizeof(token_identity), true);
+- if (token == T_INVALID) {
+- RDEBUG("%s[%d] Failed parsing identity", filename, lineno);
+- goto fail;
+- }
+-
+- if (*q != ',') {
+- RDEBUG("%s[%d] Failed to find ',' after identity", filename, lineno);
+- goto fail;
+- }
+- q++;
+-
+- token = getstring(&q, token_psk, sizeof(token_psk), true);
+- if (token == T_INVALID) {
+- RDEBUG("%s[%d] Failed parsing PSK", filename, lineno);
+- goto fail;
+- }
+-
+- if (*q == ',') {
+- q++;
+-
+- token = getstring(&q, token_mac, sizeof(token_mac), true);
+- if (token == T_INVALID) {
+- RDEBUG("%s[%d] Failed parsing MAC", filename, lineno);
+- goto fail;
+- }
+-
+- /*
+- * See if the MAC matches. If not, skip
+- * this entry. That's a basic negative cache.
+- */
+- if ((strlen(token_mac) != 12) ||
+- (fr_hex2bin((uint8_t *) token_mac, 6, token_mac, 12) != 12)) {
+- RDEBUG("%s[%d] Failed parsing MAC", filename, lineno);
+- goto fail;
+- }
+-
+- if (memcmp(s_mac, token_mac, 6) != 0) {
+- psk_identity = NULL;
+- goto get_next_psk;
+- }
+-
+- /*
+- * Close the file so that we don't check any other entries.
+- */
+- MEM(vp = fr_pair_afrom_num(request, PW_PRE_SHARED_KEY, 0));
+- fr_pair_value_bstrncpy(vp, token_psk, strlen(token_psk));
+-
+- fr_pair_add(&request->config, vp);
+- fclose(fp);
+- fp = NULL;
+-
+- RDEBUG3("Found matching MAC");
+- }
+-
+- /*
+- * Generate the PMK using the SSID, this MAC, and the PSK we just read.
+- */
+- RDEBUG3("%s[%d] Trying PSK %s", filename, lineno, token_psk);
+- if (generate_pmk(request, inst, pmk, sizeof(pmk), ssid, s_mac, token_psk, strlen(token_psk)) == 0) {
+- RDEBUG("No &config:Pairwise-Master-Key or &config:Pre-Shared-Key found");
+- return RLM_MODULE_NOOP;
+- }
+-
+- /*
+- * Remember which identity we had
+- */
+- psk_identity = token_identity;
+- goto make_digest;
+- }
+-
+- /*
+- * Use the PMK if it already exists. Otherwise calculate it from the PSK.
+- */
+- vp = fr_pair_find_by_num(request->config, PW_PAIRWISE_MASTER_KEY, 0, TAG_ANY);
+- if (!vp) {
+- if (generate_pmk(request, inst, pmk, sizeof(pmk), ssid, s_mac, psk, psk_len) == 0) {
+- RDEBUG("No &config:Pairwise-Master-Key or &config:Pre-Shared-Key found");
+- fr_assert(!fp);
+- return RLM_MODULE_NOOP;
+- }
+-
+- } else if (vp->vp_length != sizeof(pmk)) {
+- RDEBUG("Pairwise-Master-Key has incorrect length (%zu != %zu)", vp->vp_length, sizeof(pmk));
+- fr_assert(!fp);
+- return RLM_MODULE_NOOP;
+-
+- } else {
+- memcpy(pmk, vp->vp_octets, sizeof(pmk));
+- }
+-
+- /*
+- * HMAC = HMAC_SHA1(pmk, message);
+- *
+- * We need the first 16 octets of this.
+- */
+-make_digest:
+- digest_len = sizeof(digest);
+- HMAC(EVP_sha1(), pmk, sizeof(pmk), message, sizeof(message), digest, &digest_len);
+-
+- RDEBUG_HEX(request, "message:", message, sizeof(message));
+- RDEBUG_HEX(request, "pmk :", pmk, sizeof(pmk));
+- RDEBUG_HEX(request, "kck :", digest, 16);
+-
+- /*
+- * Create the frame with the middle field zero, and hash it with the KCK digest we calculated from the key expansion.
+- */
+- memcpy(frame, key_msg->vp_octets, key_msg->vp_length);
+- zeroed = (eapol_attr_t *) &frame[0];
+- memset(&zeroed->frame.mic[0], 0, 16);
+-
+- RDEBUG_HEX(request, "zeroed:", frame, key_msg->vp_length);
+-
+- mic_len = sizeof(mic);
+- HMAC(EVP_sha1(), digest, 16, frame, key_msg->vp_length, mic, &mic_len);
+-
+- /*
+- * Do the MICs match?
+- */
+- if (memcmp(&eapol->frame.mic[0], mic, 16) != 0) {
+- if (fp) {
+- psk_identity = NULL;
+- goto get_next_psk;
+- }
+-
+- RDEBUG_HEX(request, "calculated mic:", mic, 16);
+- RDEBUG_HEX(request, "packet mic :", &eapol->frame.mic[0], 16);
+- return RLM_MODULE_FAIL;
+- }
+-
+- /*
+- * It matches. Close the input file if necessary.
+- */
+- if (fp) fclose(fp);
+-
+- /*
+- * Extend the lifetime of the cache entry, or add the
+- * cache entry if necessary.
+- */
+- if (inst->cache) {
+- rlm_dpsk_cache_t my_entry;
+-
+- /*
+- * Find the entry (again), and update the expiry time.
+- *
+- * Create the entry if neessary.
+- */
+- memcpy(my_entry.mac, s_mac, sizeof(my_entry.mac));
+-
+- vp = fr_pair_find_by_da(request->packet->vps, inst->ssid, TAG_ANY);
+- if (!vp) goto save_psk; /* should never really happen, but just to be safe */
+-
+- memcpy(&my_entry.ssid, &vp->vp_octets, sizeof(my_entry.ssid)); /* const issues */
+- my_entry.ssid_len = vp->vp_length;
+-
+- entry = rbtree_finddata(inst->cache, &my_entry);
+- if (!entry) {
+- /*
+- * Too many entries in the cache. Delete the oldest one.
+- */
+- if (rbtree_num_elements(inst->cache) > inst->cache_size) {
+- PTHREAD_MUTEX_LOCK(&inst->mutex);
+- entry = fr_dlist_head(&inst->head);
+- PTHREAD_MUTEX_UNLOCK(&inst->mutex);
+-
+- rbtree_deletebydata(inst->cache, entry);
+- }
+-
+- MEM(entry = talloc_zero(NULL, rlm_dpsk_cache_t));
+-
+- memcpy(entry->mac, s_mac, sizeof(entry->mac));
+- memcpy(entry->pmk, pmk, sizeof(entry->pmk));
+-
+- fr_dlist_entry_init(&entry->dlist);
+- entry->inst = inst;
+-
+- /*
+- * Save the variable-length SSID.
+- */
+- MEM(entry->ssid = talloc_memdup(entry, vp->vp_octets, vp->vp_length));
+- entry->ssid_len = vp->vp_length;
+-
+- /*
+- * Save the PSK. If we just have the
+- * PMK, then we can still cache that.
+- */
+- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY);
+- if (vp) {
+- MEM(entry->psk = talloc_memdup(entry, vp->vp_octets, vp->vp_length));
+- entry->psk_len = vp->vp_length;
+- }
+-
+- /*
+- * Save the identity.
+- */
+- if (psk_identity) {
+- MEM(entry->identity = talloc_memdup(entry, psk_identity, strlen(psk_identity)));
+- entry->identity_len = strlen(psk_identity);
+- }
+-
+- /*
+- * Cache it.
+- */
+- if (!rbtree_insert(inst->cache, entry)) {
+- talloc_free(entry);
+- goto save_found_psk;
+- }
+- RDEBUG3("Cache entry saved");
+- }
+- entry->expires = request->timestamp + inst->cache_lifetime;
+-
+- PTHREAD_MUTEX_LOCK(&inst->mutex);
+- fr_dlist_entry_unlink(&entry->dlist);
+- fr_dlist_insert_tail(&inst->head, &entry->dlist);
+- PTHREAD_MUTEX_UNLOCK(&inst->mutex);
+-
+- /*
+- * Add the PSK to the reply items, if it was cached.
+- */
+- if (entry->psk) {
+- MEM(vp = fr_pair_afrom_num(request->reply, PW_PRE_SHARED_KEY, 0));
+- fr_pair_value_bstrncpy(vp, entry->psk, entry->psk_len);
+-
+- fr_pair_add(&request->reply->vps, vp);
+- }
+-
+- goto save_psk_identity;
+- }
+-
+- /*
+- * Save a copy of the found PSK in the reply;
+- */
+-save_psk:
+- vp = fr_pair_find_by_num(request->config, PW_PRE_SHARED_KEY, 0, TAG_ANY);
+-
+-save_found_psk:
+- if (!vp) return RLM_MODULE_OK;
+-
+- fr_pair_add(&request->reply->vps, fr_pair_copy(request->reply, vp));
+-
+-save_psk_identity:
+- /*
+- * Save which identity matched.
+- */
+- if (psk_identity) {
+- MEM(vp = fr_pair_afrom_num(request->reply, PW_PSK_IDENTITY, 0));
+- fr_pair_value_bstrncpy(vp, psk_identity, strlen(psk_identity));
+-
+- fr_pair_add(&request->reply->vps, vp);
+- }
+-
+- return RLM_MODULE_OK;
+-}
+-
+-/*
+- * Generate the PMK from SSID and Pre-Shared-Key
+- */
+-static ssize_t dpsk_xlat(void *instance, REQUEST *request,
+- char const *fmt, char *out, size_t outlen)
+-{
+- rlm_dpsk_t *inst = instance;
+- char const *p, *ssid, *psk;
+- size_t ssid_len, psk_len;
+- uint8_t buffer[32];
+-
+- /*
+- * Prefer xlat arguments. But if they don't exist, use the attributes.
+- */
+- p = fmt;
+- while (isspace((uint8_t) *p)) p++;
+-
+- if (!*p) {
+- if (generate_pmk(request, inst, buffer, sizeof(buffer), NULL, NULL, NULL, 0) == 0) {
+- RDEBUG("No &request:Called-Station-SSID or &config:Pre-Shared-Key found");
+- return 0;
+- }
+- } else {
+- ssid = p;
+-
+- while (*p && !isspace((uint8_t) *p)) p++;
+-
+- ssid_len = p - ssid;
+-
+- if (!*p) {
+- REDEBUG("Found SSID, but no PSK");
+- return 0;
+- }
+-
+- psk = p;
+-
+- while (*p && !isspace((uint8_t) *p)) p++;
+-
+- psk_len = p - psk;
+-
+- if (PKCS5_PBKDF2_HMAC_SHA1(psk, psk_len, (const unsigned char *) ssid, ssid_len, 4096, sizeof(buffer), buffer) == 0) {
+- RDEBUG("Failed calling OpenSSL to calculate the PMK");
+- return 0;
+- }
+- }
+-
+- if (outlen < sizeof(buffer) * 2 + 1) {
+- REDEBUG("Output buffer is too small for PMK");
+- return 0;
+- }
+-
+- return fr_bin2hex(out, buffer, 32);
+-}
+-
+-static int mod_bootstrap(CONF_SECTION *conf, void *instance)
+-{
+- char const *name;
+- rlm_dpsk_t *inst = instance;
+-
+- /*
+- * Create the dynamic translation.
+- */
+- name = cf_section_name2(conf);
+- if (!name) name = cf_section_name1(conf);
+- inst->xlat_name = name;
+- xlat_register(inst->xlat_name, dpsk_xlat, NULL, inst);
+-
+- if (inst->ruckus) {
+- inst->ssid = dict_attrbyvalue(PW_RUCKUS_BSSID, VENDORPEC_RUCKUS);
+- inst->anonce = dict_attrbyvalue(PW_RUCKUS_DPSK_ANONCE, VENDORPEC_RUCKUS);
+- inst->frame = dict_attrbyvalue(PW_RUCKUS_DPSK_EAPOL_KEY_FRAME, VENDORPEC_RUCKUS);
+- } else {
+- inst->ssid = dict_attrbyvalue(PW_CALLED_STATION_SSID, 0);
+- inst->anonce = dict_attrbyvalue(PW_FREERADIUS_8021X_ANONCE, VENDORPEC_FREERADIUS_EVS5);
+- inst->frame = dict_attrbyvalue(PW_FREERADIUS_8021X_EAPOL_KEY_MSG, VENDORPEC_FREERADIUS_EVS5);
+- }
+-
+- if (!inst->ssid || !inst->anonce || !inst->frame) {
+- cf_log_err_cs(conf, "Failed to find attributes in the dictionary. Please do not edit the default dictionaries!");
+- return -1;
+- }
+-
+- inst->dynamic = inst->filename && (strchr(inst->filename, '%') != NULL);
+-
+- return 0;
+-}
+-
+-static int cmp_cache_entry(void const *one, void const *two)
+-{
+- rlm_dpsk_cache_t const *a = (rlm_dpsk_cache_t const *) one;
+- rlm_dpsk_cache_t const *b = (rlm_dpsk_cache_t const *) two;
+- int rcode;
+-
+- rcode = memcmp(a->mac, b->mac, sizeof(a->mac));
+- if (rcode != 0) return rcode;
+-
+- if (a->ssid_len < b->ssid_len) return -1;
+- if (a->ssid_len > b->ssid_len) return +1;
+-
+- return memcmp(a->ssid, b->ssid, a->ssid_len);
+-}
+-
+-static void free_cache_entry(void *data)
+-{
+- rlm_dpsk_cache_t *entry = (rlm_dpsk_cache_t *) data;
+-
+- PTHREAD_MUTEX_LOCK(&entry->inst->mutex);
+- fr_dlist_entry_unlink(&entry->dlist);
+- PTHREAD_MUTEX_UNLOCK(&entry->inst->mutex);
+-
+- talloc_free(entry);
+-}
+-
+-static int mod_instantiate(CONF_SECTION *conf, void *instance)
+-{
+- rlm_dpsk_t *inst = instance;
+-
+- if (!inst->cache_size) return 0;
+-
+- FR_INTEGER_BOUND_CHECK("cache_size", inst->cache_size, <=, ((uint32_t) 1) << 16);
+-
+- if (!inst->cache_size) return 0;
+-
+- FR_INTEGER_BOUND_CHECK("cache_lifetime", inst->cache_lifetime, <=, (7 * 86400));
+- FR_INTEGER_BOUND_CHECK("cache_lifetime", inst->cache_lifetime, >=, 3600);
+-
+- inst->cache = rbtree_create(inst, cmp_cache_entry, free_cache_entry, RBTREE_FLAG_LOCK);
+- if (!inst->cache) {
+- cf_log_err_cs(conf, "Failed creating internal cache");
+- return -1;
+- }
+-
+- fr_dlist_entry_init(&inst->head);
+-#ifdef HAVE_PTHREAD_H
+- if (pthread_mutex_init(&inst->mutex, NULL) < 0) {
+- cf_log_err_cs(conf, "Failed creating mutex");
+- return -1;
+- }
+-#endif
+-
+- return 0;
+-}
+-
+-#ifdef HAVE_PTHREAD_H
+-static int mod_detach(void *instance)
+-{
+- rlm_dpsk_t *inst = instance;
+-
+- if (!inst->cache_size) return 0;
+-
+- pthread_mutex_destroy(&inst->mutex);
+- return 0;
+-}
+-#endif
+-
+-/*
+- * The module name should be the only globally exported symbol.
+- * That is, everything else should be 'static'.
+- *
+- * If the module needs to temporarily modify it's instantiation
+- * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
+- * The server will then take care of ensuring that the module
+- * is single-threaded.
+- */
+-extern module_t rlm_dpsk;
+-module_t rlm_dpsk = {
+- .magic = RLM_MODULE_INIT,
+- .name = "dpsk",
+- .type = RLM_TYPE_THREAD_SAFE,
+- .inst_size = sizeof(rlm_dpsk_t),
+- .config = module_config,
+- .bootstrap = mod_bootstrap,
+- .instantiate = mod_instantiate,
+-#ifdef HAVE_PTHREAD_H
+- .detach = mod_detach,
+-#endif
+- .methods = {
+- [MOD_AUTHORIZE] = mod_authorize,
+- [MOD_AUTHENTICATE] = mod_authenticate,
+- },
+-};
+diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/.gitignore b/src/modules/rlm_eap/types/rlm_eap_teap/.gitignore
+deleted file mode 100644
+index 01a5daa3cc..0000000000
+--- a/src/modules/rlm_eap/types/rlm_eap_teap/.gitignore
++++ /dev/null
+@@ -1 +0,0 @@
+-all.mk
+diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in b/src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in
+deleted file mode 100644
+index dfdcd71fd3..0000000000
+--- a/src/modules/rlm_eap/types/rlm_eap_teap/all.mk.in
++++ /dev/null
+@@ -1,12 +0,0 @@
+-TARGETNAME := @targetname@
+-
+-ifneq "$(OPENSSL_LIBS)" ""
+-ifneq "$(TARGETNAME)" ""
+-TARGET := $(TARGETNAME).a
+-endif
+-endif
+-
+-SOURCES := $(TARGETNAME).c eap_teap.c eap_teap_crypto.c
+-
+-SRC_INCDIRS := ../../ ../../libeap/
+-TGT_PREREQS := libfreeradius-eap.a
+diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/configure b/src/modules/rlm_eap/types/rlm_eap_teap/configure
+deleted file mode 100755
+index e37094d80c..0000000000
+--- a/src/modules/rlm_eap/types/rlm_eap_teap/configure
++++ /dev/null
+@@ -1,4512 +0,0 @@
+-#! /bin/sh
+-# From configure.ac Revision.
+-# Guess values for system-dependent variables and create Makefiles.
+-# Generated by GNU Autoconf 2.69.
+-#
+-#
+-# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+-#
+-#
+-# This configure script is free software; the Free Software Foundation
+-# gives unlimited permission to copy, distribute and modify it.
+-## -------------------- ##
+-## M4sh Initialization. ##
+-## -------------------- ##
+-
+-# Be more Bourne compatible
+-DUALCASE=1; export DUALCASE # for MKS sh
+-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+- emulate sh
+- NULLCMD=:
+- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+- # is contrary to our usage. Disable this feature.
+- alias -g '${1+"$@"}'='"$@"'
+- setopt NO_GLOB_SUBST
+-else
+- case `(set -o) 2>/dev/null` in #(
+- *posix*) :
+- set -o posix ;; #(
+- *) :
+- ;;
+-esac
+-fi
+-
+-
+-as_nl='
+-'
+-export as_nl
+-# Printing a long string crashes Solaris 7 /usr/bin/printf.
+-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+-# Prefer a ksh shell builtin over an external printf program on Solaris,
+-# but without wasting forks for bash or zsh.
+-if test -z "$BASH_VERSION$ZSH_VERSION" \
+- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+- as_echo='print -r --'
+- as_echo_n='print -rn --'
+-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+- as_echo='printf %s\n'
+- as_echo_n='printf %s'
+-else
+- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+- as_echo_n='/usr/ucb/echo -n'
+- else
+- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+- as_echo_n_body='eval
+- arg=$1;
+- case $arg in #(
+- *"$as_nl"*)
+- expr "X$arg" : "X\\(.*\\)$as_nl";
+- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+- esac;
+- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+- '
+- export as_echo_n_body
+- as_echo_n='sh -c $as_echo_n_body as_echo'
+- fi
+- export as_echo_body
+- as_echo='sh -c $as_echo_body as_echo'
+-fi
+-
+-# The user is always right.
+-if test "${PATH_SEPARATOR+set}" != set; then
+- PATH_SEPARATOR=:
+- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+- PATH_SEPARATOR=';'
+- }
+-fi
+-
+-
+-# IFS
+-# We need space, tab and new line, in precisely that order. Quoting is
+-# there to prevent editors from complaining about space-tab.
+-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+-# splitting by setting IFS to empty value.)
+-IFS=" "" $as_nl"
+-
+-# Find who we are. Look in the path if we contain no directory separator.
+-as_myself=
+-case $0 in #((
+- *[\\/]* ) as_myself=$0 ;;
+- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-for as_dir in $PATH
+-do
+- IFS=$as_save_IFS
+- test -z "$as_dir" && as_dir=.
+- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+- done
+-IFS=$as_save_IFS
+-
+- ;;
+-esac
+-# We did not find ourselves, most probably we were run as `sh COMMAND'
+-# in which case we are not to be found in the path.
+-if test "x$as_myself" = x; then
+- as_myself=$0
+-fi
+-if test ! -f "$as_myself"; then
+- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+- exit 1
+-fi
+-
+-# Unset variables that we do not need and which cause bugs (e.g. in
+-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+-# suppresses any "Segmentation fault" message there. '((' could
+-# trigger a bug in pdksh 5.2.14.
+-for as_var in BASH_ENV ENV MAIL MAILPATH
+-do eval test x\${$as_var+set} = xset \
+- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+-done
+-PS1='$ '
+-PS2='> '
+-PS4='+ '
+-
+-# NLS nuisances.
+-LC_ALL=C
+-export LC_ALL
+-LANGUAGE=C
+-export LANGUAGE
+-
+-# CDPATH.
+-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+-
+-# Use a proper internal environment variable to ensure we don't fall
+- # into an infinite loop, continuously re-executing ourselves.
+- if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
+- _as_can_reexec=no; export _as_can_reexec;
+- # We cannot yet assume a decent shell, so we have to provide a
+-# neutralization value for shells without unset; and this also
+-# works around shells that cannot unset nonexistent variables.
+-# Preserve -v and -x to the replacement shell.
+-BASH_ENV=/dev/null
+-ENV=/dev/null
+-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+-case $- in # ((((
+- *v*x* | *x*v* ) as_opts=-vx ;;
+- *v* ) as_opts=-v ;;
+- *x* ) as_opts=-x ;;
+- * ) as_opts= ;;
+-esac
+-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+-# Admittedly, this is quite paranoid, since all the known shells bail
+-# out after a failed `exec'.
+-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+-as_fn_exit 255
+- fi
+- # We don't want this to propagate to other subprocesses.
+- { _as_can_reexec=; unset _as_can_reexec;}
+-if test "x$CONFIG_SHELL" = x; then
+- as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+- emulate sh
+- NULLCMD=:
+- # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+- # is contrary to our usage. Disable this feature.
+- alias -g '\${1+\"\$@\"}'='\"\$@\"'
+- setopt NO_GLOB_SUBST
+-else
+- case \`(set -o) 2>/dev/null\` in #(
+- *posix*) :
+- set -o posix ;; #(
+- *) :
+- ;;
+-esac
+-fi
+-"
+- as_required="as_fn_return () { (exit \$1); }
+-as_fn_success () { as_fn_return 0; }
+-as_fn_failure () { as_fn_return 1; }
+-as_fn_ret_success () { return 0; }
+-as_fn_ret_failure () { return 1; }
+-
+-exitcode=0
+-as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+-as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+-as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+-as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+-if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+-
+-else
+- exitcode=1; echo positional parameters were not saved.
+-fi
+-test x\$exitcode = x0 || exit 1
+-test -x / || exit 1"
+- as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+- as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+- eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+- test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+-test \$(( 1 + 1 )) = 2 || exit 1"
+- if (eval "$as_required") 2>/dev/null; then :
+- as_have_required=yes
+-else
+- as_have_required=no
+-fi
+- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+-
+-else
+- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-as_found=false
+-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+-do
+- IFS=$as_save_IFS
+- test -z "$as_dir" && as_dir=.
+- as_found=:
+- case $as_dir in #(
+- /*)
+- for as_base in sh bash ksh sh5; do
+- # Try only shells that exist, to save several forks.
+- as_shell=$as_dir/$as_base
+- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+- CONFIG_SHELL=$as_shell as_have_required=yes
+- if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+- break 2
+-fi
+-fi
+- done;;
+- esac
+- as_found=false
+-done
+-$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+- CONFIG_SHELL=$SHELL as_have_required=yes
+-fi; }
+-IFS=$as_save_IFS
+-
+-
+- if test "x$CONFIG_SHELL" != x; then :
+- export CONFIG_SHELL
+- # We cannot yet assume a decent shell, so we have to provide a
+-# neutralization value for shells without unset; and this also
+-# works around shells that cannot unset nonexistent variables.
+-# Preserve -v and -x to the replacement shell.
+-BASH_ENV=/dev/null
+-ENV=/dev/null
+-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+-case $- in # ((((
+- *v*x* | *x*v* ) as_opts=-vx ;;
+- *v* ) as_opts=-v ;;
+- *x* ) as_opts=-x ;;
+- * ) as_opts= ;;
+-esac
+-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+-# Admittedly, this is quite paranoid, since all the known shells bail
+-# out after a failed `exec'.
+-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+-exit 255
+-fi
+-
+- if test x$as_have_required = xno; then :
+- $as_echo "$0: This script requires a shell more modern than all"
+- $as_echo "$0: the shells that I found on your system."
+- if test x${ZSH_VERSION+set} = xset ; then
+- $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+- $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+- else
+- $as_echo "$0: Please tell bug-autoconf@gnu.org about your system,
+-$0: including any error possibly output before this
+-$0: message. Then install a modern shell, or manually run
+-$0: the script under such a shell if you do have one."
+- fi
+- exit 1
+-fi
+-fi
+-fi
+-SHELL=${CONFIG_SHELL-/bin/sh}
+-export SHELL
+-# Unset more variables known to interfere with behavior of common tools.
+-CLICOLOR_FORCE= GREP_OPTIONS=
+-unset CLICOLOR_FORCE GREP_OPTIONS
+-
+-## --------------------- ##
+-## M4sh Shell Functions. ##
+-## --------------------- ##
+-# as_fn_unset VAR
+-# ---------------
+-# Portably unset VAR.
+-as_fn_unset ()
+-{
+- { eval $1=; unset $1;}
+-}
+-as_unset=as_fn_unset
+-
+-# as_fn_set_status STATUS
+-# -----------------------
+-# Set $? to STATUS, without forking.
+-as_fn_set_status ()
+-{
+- return $1
+-} # as_fn_set_status
+-
+-# as_fn_exit STATUS
+-# -----------------
+-# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+-as_fn_exit ()
+-{
+- set +e
+- as_fn_set_status $1
+- exit $1
+-} # as_fn_exit
+-
+-# as_fn_mkdir_p
+-# -------------
+-# Create "$as_dir" as a directory, including parents if necessary.
+-as_fn_mkdir_p ()
+-{
+-
+- case $as_dir in #(
+- -*) as_dir=./$as_dir;;
+- esac
+- test -d "$as_dir" || eval $as_mkdir_p || {
+- as_dirs=
+- while :; do
+- case $as_dir in #(
+- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+- *) as_qdir=$as_dir;;
+- esac
+- as_dirs="'$as_qdir' $as_dirs"
+- as_dir=`$as_dirname -- "$as_dir" ||
+-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+- X"$as_dir" : 'X\(//\)[^/]' \| \
+- X"$as_dir" : 'X\(//\)$' \| \
+- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+-$as_echo X"$as_dir" |
+- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+- s//\1/
+- q
+- }
+- /^X\(\/\/\)[^/].*/{
+- s//\1/
+- q
+- }
+- /^X\(\/\/\)$/{
+- s//\1/
+- q
+- }
+- /^X\(\/\).*/{
+- s//\1/
+- q
+- }
+- s/.*/./; q'`
+- test -d "$as_dir" && break
+- done
+- test -z "$as_dirs" || eval "mkdir $as_dirs"
+- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+-
+-
+-} # as_fn_mkdir_p
+-
+-# as_fn_executable_p FILE
+-# -----------------------
+-# Test if FILE is an executable regular file.
+-as_fn_executable_p ()
+-{
+- test -f "$1" && test -x "$1"
+-} # as_fn_executable_p
+-# as_fn_append VAR VALUE
+-# ----------------------
+-# Append the text in VALUE to the end of the definition contained in VAR. Take
+-# advantage of any shell optimizations that allow amortized linear growth over
+-# repeated appends, instead of the typical quadratic growth present in naive
+-# implementations.
+-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+- eval 'as_fn_append ()
+- {
+- eval $1+=\$2
+- }'
+-else
+- as_fn_append ()
+- {
+- eval $1=\$$1\$2
+- }
+-fi # as_fn_append
+-
+-# as_fn_arith ARG...
+-# ------------------
+-# Perform arithmetic evaluation on the ARGs, and store the result in the
+-# global $as_val. Take advantage of shells that can avoid forks. The arguments
+-# must be portable across $(()) and expr.
+-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+- eval 'as_fn_arith ()
+- {
+- as_val=$(( $* ))
+- }'
+-else
+- as_fn_arith ()
+- {
+- as_val=`expr "$@" || test $? -eq 1`
+- }
+-fi # as_fn_arith
+-
+-
+-# as_fn_error STATUS ERROR [LINENO LOG_FD]
+-# ----------------------------------------
+-# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+-# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+-# script with STATUS, using 1 if that was 0.
+-as_fn_error ()
+-{
+- as_status=$1; test $as_status -eq 0 && as_status=1
+- if test "$4"; then
+- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+- fi
+- $as_echo "$as_me: error: $2" >&2
+- as_fn_exit $as_status
+-} # as_fn_error
+-
+-if expr a : '\(a\)' >/dev/null 2>&1 &&
+- test "X`expr 00001 : '.*\(...\)'`" = X001; then
+- as_expr=expr
+-else
+- as_expr=false
+-fi
+-
+-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+- as_basename=basename
+-else
+- as_basename=false
+-fi
+-
+-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+- as_dirname=dirname
+-else
+- as_dirname=false
+-fi
+-
+-as_me=`$as_basename -- "$0" ||
+-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+- X"$0" : 'X\(//\)$' \| \
+- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+-$as_echo X/"$0" |
+- sed '/^.*\/\([^/][^/]*\)\/*$/{
+- s//\1/
+- q
+- }
+- /^X\/\(\/\/\)$/{
+- s//\1/
+- q
+- }
+- /^X\/\(\/\).*/{
+- s//\1/
+- q
+- }
+- s/.*/./; q'`
+-
+-# Avoid depending upon Character Ranges.
+-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+-as_cr_digits='0123456789'
+-as_cr_alnum=$as_cr_Letters$as_cr_digits
+-
+-
+- as_lineno_1=$LINENO as_lineno_1a=$LINENO
+- as_lineno_2=$LINENO as_lineno_2a=$LINENO
+- eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+- test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+- # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
+- sed -n '
+- p
+- /[$]LINENO/=
+- ' <$as_myself |
+- sed '
+- s/[$]LINENO.*/&-/
+- t lineno
+- b
+- :lineno
+- N
+- :loop
+- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+- t loop
+- s/-\n.*//
+- ' >$as_me.lineno &&
+- chmod +x "$as_me.lineno" ||
+- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+-
+- # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
+- # already done that, so ensure we don't try to do so again and fall
+- # in an infinite loop. This has already happened in practice.
+- _as_can_reexec=no; export _as_can_reexec
+- # Don't try to exec as it changes $[0], causing all sort of problems
+- # (the dirname of $[0] is not the place where we might find the
+- # original and so on. Autoconf is especially sensitive to this).
+- . "./$as_me.lineno"
+- # Exit status is that of the last command.
+- exit
+-}
+-
+-ECHO_C= ECHO_N= ECHO_T=
+-case `echo -n x` in #(((((
+--n*)
+- case `echo 'xy\c'` in
+- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+- xy) ECHO_C='\c';;
+- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+- ECHO_T=' ';;
+- esac;;
+-*)
+- ECHO_N='-n';;
+-esac
+-
+-rm -f conf$$ conf$$.exe conf$$.file
+-if test -d conf$$.dir; then
+- rm -f conf$$.dir/conf$$.file
+-else
+- rm -f conf$$.dir
+- mkdir conf$$.dir 2>/dev/null
+-fi
+-if (echo >conf$$.file) 2>/dev/null; then
+- if ln -s conf$$.file conf$$ 2>/dev/null; then
+- as_ln_s='ln -s'
+- # ... but there are two gotchas:
+- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+- # In both cases, we have to default to `cp -pR'.
+- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+- as_ln_s='cp -pR'
+- elif ln conf$$.file conf$$ 2>/dev/null; then
+- as_ln_s=ln
+- else
+- as_ln_s='cp -pR'
+- fi
+-else
+- as_ln_s='cp -pR'
+-fi
+-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+-rmdir conf$$.dir 2>/dev/null
+-
+-if mkdir -p . 2>/dev/null; then
+- as_mkdir_p='mkdir -p "$as_dir"'
+-else
+- test -d ./-p && rmdir ./-p
+- as_mkdir_p=false
+-fi
+-
+-as_test_x='test -x'
+-as_executable_p=as_fn_executable_p
+-
+-# Sed expression to map a string onto a valid CPP name.
+-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+-
+-# Sed expression to map a string onto a valid variable name.
+-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+-
+-
+-test -n "$DJDIR" || exec 7<&0 </dev/null
+-exec 6>&1
+-
+-# Name of the host.
+-# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+-# so uname gets run too.
+-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+-
+-#
+-# Initializations.
+-#
+-ac_default_prefix=/usr/local
+-ac_clean_files=
+-ac_config_libobj_dir=.
+-LIBOBJS=
+-cross_compiling=no
+-subdirs=
+-MFLAGS=
+-MAKEFLAGS=
+-
+-# Identity of this package.
+-PACKAGE_NAME=
+-PACKAGE_TARNAME=
+-PACKAGE_VERSION=
+-PACKAGE_STRING=
+-PACKAGE_BUGREPORT=
+-PACKAGE_URL=
+-
+-ac_unique_file="rlm_eap_teap.c"
+-ac_subst_vars='LTLIBOBJS
+-LIBOBJS
+-mod_cflags
+-mod_ldflags
+-targetname
+-EGREP
+-GREP
+-CPP
+-OBJEXT
+-EXEEXT
+-ac_ct_CC
+-CPPFLAGS
+-LDFLAGS
+-CFLAGS
+-CC
+-target_alias
+-host_alias
+-build_alias
+-LIBS
+-ECHO_T
+-ECHO_N
+-ECHO_C
+-DEFS
+-mandir
+-localedir
+-libdir
+-psdir
+-pdfdir
+-dvidir
+-htmldir
+-infodir
+-docdir
+-oldincludedir
+-includedir
+-runstatedir
+-localstatedir
+-sharedstatedir
+-sysconfdir
+-datadir
+-datarootdir
+-libexecdir
+-sbindir
+-bindir
+-program_transform_name
+-prefix
+-exec_prefix
+-PACKAGE_URL
+-PACKAGE_BUGREPORT
+-PACKAGE_STRING
+-PACKAGE_VERSION
+-PACKAGE_TARNAME
+-PACKAGE_NAME
+-PATH_SEPARATOR
+-SHELL'
+-ac_subst_files=''
+-ac_user_opts='
+-enable_option_checking
+-with_rlm_eap_teap
+-with_openssl_lib_dir
+-with_openssl_include_dir
+-'
+- ac_precious_vars='build_alias
+-host_alias
+-target_alias
+-CC
+-CFLAGS
+-LDFLAGS
+-LIBS
+-CPPFLAGS
+-CPP'
+-
+-
+-# Initialize some variables set by options.
+-ac_init_help=
+-ac_init_version=false
+-ac_unrecognized_opts=
+-ac_unrecognized_sep=
+-# The variables have the same names as the options, with
+-# dashes changed to underlines.
+-cache_file=/dev/null
+-exec_prefix=NONE
+-no_create=
+-no_recursion=
+-prefix=NONE
+-program_prefix=NONE
+-program_suffix=NONE
+-program_transform_name=s,x,x,
+-silent=
+-site=
+-srcdir=
+-verbose=
+-x_includes=NONE
+-x_libraries=NONE
+-
+-# Installation directory options.
+-# These are left unexpanded so users can "make install exec_prefix=/foo"
+-# and all the variables that are supposed to be based on exec_prefix
+-# by default will actually change.
+-# Use braces instead of parens because sh, perl, etc. also accept them.
+-# (The list follows the same order as the GNU Coding Standards.)
+-bindir='${exec_prefix}/bin'
+-sbindir='${exec_prefix}/sbin'
+-libexecdir='${exec_prefix}/libexec'
+-datarootdir='${prefix}/share'
+-datadir='${datarootdir}'
+-sysconfdir='${prefix}/etc'
+-sharedstatedir='${prefix}/com'
+-localstatedir='${prefix}/var'
+-runstatedir='${localstatedir}/run'
+-includedir='${prefix}/include'
+-oldincludedir='/usr/include'
+-docdir='${datarootdir}/doc/${PACKAGE}'
+-infodir='${datarootdir}/info'
+-htmldir='${docdir}'
+-dvidir='${docdir}'
+-pdfdir='${docdir}'
+-psdir='${docdir}'
+-libdir='${exec_prefix}/lib'
+-localedir='${datarootdir}/locale'
+-mandir='${datarootdir}/man'
+-
+-ac_prev=
+-ac_dashdash=
+-for ac_option
+-do
+- # If the previous option needs an argument, assign it.
+- if test -n "$ac_prev"; then
+- eval $ac_prev=\$ac_option
+- ac_prev=
+- continue
+- fi
+-
+- case $ac_option in
+- *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+- *=) ac_optarg= ;;
+- *) ac_optarg=yes ;;
+- esac
+-
+- # Accept the important Cygnus configure options, so we can diagnose typos.
+-
+- case $ac_dashdash$ac_option in
+- --)
+- ac_dashdash=yes ;;
+-
+- -bindir | --bindir | --bindi | --bind | --bin | --bi)
+- ac_prev=bindir ;;
+- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+- bindir=$ac_optarg ;;
+-
+- -build | --build | --buil | --bui | --bu)
+- ac_prev=build_alias ;;
+- -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+- build_alias=$ac_optarg ;;
+-
+- -cache-file | --cache-file | --cache-fil | --cache-fi \
+- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+- ac_prev=cache_file ;;
+- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+- cache_file=$ac_optarg ;;
+-
+- --config-cache | -C)
+- cache_file=config.cache ;;
+-
+- -datadir | --datadir | --datadi | --datad)
+- ac_prev=datadir ;;
+- -datadir=* | --datadir=* | --datadi=* | --datad=*)
+- datadir=$ac_optarg ;;
+-
+- -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+- | --dataroo | --dataro | --datar)
+- ac_prev=datarootdir ;;
+- -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+- | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+- datarootdir=$ac_optarg ;;
+-
+- -disable-* | --disable-*)
+- ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+- # Reject names that are not valid shell variable names.
+- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+- as_fn_error $? "invalid feature name: $ac_useropt"
+- ac_useropt_orig=$ac_useropt
+- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+- case $ac_user_opts in
+- *"
+-"enable_$ac_useropt"
+-"*) ;;
+- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+- ac_unrecognized_sep=', ';;
+- esac
+- eval enable_$ac_useropt=no ;;
+-
+- -docdir | --docdir | --docdi | --doc | --do)
+- ac_prev=docdir ;;
+- -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+- docdir=$ac_optarg ;;
+-
+- -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+- ac_prev=dvidir ;;
+- -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+- dvidir=$ac_optarg ;;
+-
+- -enable-* | --enable-*)
+- ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+- # Reject names that are not valid shell variable names.
+- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+- as_fn_error $? "invalid feature name: $ac_useropt"
+- ac_useropt_orig=$ac_useropt
+- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+- case $ac_user_opts in
+- *"
+-"enable_$ac_useropt"
+-"*) ;;
+- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+- ac_unrecognized_sep=', ';;
+- esac
+- eval enable_$ac_useropt=\$ac_optarg ;;
+-
+- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+- | --exec | --exe | --ex)
+- ac_prev=exec_prefix ;;
+- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+- | --exec=* | --exe=* | --ex=*)
+- exec_prefix=$ac_optarg ;;
+-
+- -gas | --gas | --ga | --g)
+- # Obsolete; use --with-gas.
+- with_gas=yes ;;
+-
+- -help | --help | --hel | --he | -h)
+- ac_init_help=long ;;
+- -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+- ac_init_help=recursive ;;
+- -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+- ac_init_help=short ;;
+-
+- -host | --host | --hos | --ho)
+- ac_prev=host_alias ;;
+- -host=* | --host=* | --hos=* | --ho=*)
+- host_alias=$ac_optarg ;;
+-
+- -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+- ac_prev=htmldir ;;
+- -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+- | --ht=*)
+- htmldir=$ac_optarg ;;
+-
+- -includedir | --includedir | --includedi | --included | --include \
+- | --includ | --inclu | --incl | --inc)
+- ac_prev=includedir ;;
+- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+- | --includ=* | --inclu=* | --incl=* | --inc=*)
+- includedir=$ac_optarg ;;
+-
+- -infodir | --infodir | --infodi | --infod | --info | --inf)
+- ac_prev=infodir ;;
+- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+- infodir=$ac_optarg ;;
+-
+- -libdir | --libdir | --libdi | --libd)
+- ac_prev=libdir ;;
+- -libdir=* | --libdir=* | --libdi=* | --libd=*)
+- libdir=$ac_optarg ;;
+-
+- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+- | --libexe | --libex | --libe)
+- ac_prev=libexecdir ;;
+- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+- | --libexe=* | --libex=* | --libe=*)
+- libexecdir=$ac_optarg ;;
+-
+- -localedir | --localedir | --localedi | --localed | --locale)
+- ac_prev=localedir ;;
+- -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+- localedir=$ac_optarg ;;
+-
+- -localstatedir | --localstatedir | --localstatedi | --localstated \
+- | --localstate | --localstat | --localsta | --localst | --locals)
+- ac_prev=localstatedir ;;
+- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+- | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+- localstatedir=$ac_optarg ;;
+-
+- -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+- ac_prev=mandir ;;
+- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+- mandir=$ac_optarg ;;
+-
+- -nfp | --nfp | --nf)
+- # Obsolete; use --without-fp.
+- with_fp=no ;;
+-
+- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+- | --no-cr | --no-c | -n)
+- no_create=yes ;;
+-
+- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+- no_recursion=yes ;;
+-
+- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+- | --oldin | --oldi | --old | --ol | --o)
+- ac_prev=oldincludedir ;;
+- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+- oldincludedir=$ac_optarg ;;
+-
+- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+- ac_prev=prefix ;;
+- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+- prefix=$ac_optarg ;;
+-
+- -program-prefix | --program-prefix | --program-prefi | --program-pref \
+- | --program-pre | --program-pr | --program-p)
+- ac_prev=program_prefix ;;
+- -program-prefix=* | --program-prefix=* | --program-prefi=* \
+- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+- program_prefix=$ac_optarg ;;
+-
+- -program-suffix | --program-suffix | --program-suffi | --program-suff \
+- | --program-suf | --program-su | --program-s)
+- ac_prev=program_suffix ;;
+- -program-suffix=* | --program-suffix=* | --program-suffi=* \
+- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+- program_suffix=$ac_optarg ;;
+-
+- -program-transform-name | --program-transform-name \
+- | --program-transform-nam | --program-transform-na \
+- | --program-transform-n | --program-transform- \
+- | --program-transform | --program-transfor \
+- | --program-transfo | --program-transf \
+- | --program-trans | --program-tran \
+- | --progr-tra | --program-tr | --program-t)
+- ac_prev=program_transform_name ;;
+- -program-transform-name=* | --program-transform-name=* \
+- | --program-transform-nam=* | --program-transform-na=* \
+- | --program-transform-n=* | --program-transform-=* \
+- | --program-transform=* | --program-transfor=* \
+- | --program-transfo=* | --program-transf=* \
+- | --program-trans=* | --program-tran=* \
+- | --progr-tra=* | --program-tr=* | --program-t=*)
+- program_transform_name=$ac_optarg ;;
+-
+- -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+- ac_prev=pdfdir ;;
+- -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+- pdfdir=$ac_optarg ;;
+-
+- -psdir | --psdir | --psdi | --psd | --ps)
+- ac_prev=psdir ;;
+- -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+- psdir=$ac_optarg ;;
+-
+- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+- | -silent | --silent | --silen | --sile | --sil)
+- silent=yes ;;
+-
+- -runstatedir | --runstatedir | --runstatedi | --runstated \
+- | --runstate | --runstat | --runsta | --runst | --runs \
+- | --run | --ru | --r)
+- ac_prev=runstatedir ;;
+- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+- | --run=* | --ru=* | --r=*)
+- runstatedir=$ac_optarg ;;
+-
+- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+- ac_prev=sbindir ;;
+- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+- | --sbi=* | --sb=*)
+- sbindir=$ac_optarg ;;
+-
+- -sharedstatedir | --sharedstatedir | --sharedstatedi \
+- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+- | --sharedst | --shareds | --shared | --share | --shar \
+- | --sha | --sh)
+- ac_prev=sharedstatedir ;;
+- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+- | --sha=* | --sh=*)
+- sharedstatedir=$ac_optarg ;;
+-
+- -site | --site | --sit)
+- ac_prev=site ;;
+- -site=* | --site=* | --sit=*)
+- site=$ac_optarg ;;
+-
+- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+- ac_prev=srcdir ;;
+- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+- srcdir=$ac_optarg ;;
+-
+- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+- | --syscon | --sysco | --sysc | --sys | --sy)
+- ac_prev=sysconfdir ;;
+- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+- sysconfdir=$ac_optarg ;;
+-
+- -target | --target | --targe | --targ | --tar | --ta | --t)
+- ac_prev=target_alias ;;
+- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+- target_alias=$ac_optarg ;;
+-
+- -v | -verbose | --verbose | --verbos | --verbo | --verb)
+- verbose=yes ;;
+-
+- -version | --version | --versio | --versi | --vers | -V)
+- ac_init_version=: ;;
+-
+- -with-* | --with-*)
+- ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+- # Reject names that are not valid shell variable names.
+- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+- as_fn_error $? "invalid package name: $ac_useropt"
+- ac_useropt_orig=$ac_useropt
+- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+- case $ac_user_opts in
+- *"
+-"with_$ac_useropt"
+-"*) ;;
+- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+- ac_unrecognized_sep=', ';;
+- esac
+- eval with_$ac_useropt=\$ac_optarg ;;
+-
+- -without-* | --without-*)
+- ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+- # Reject names that are not valid shell variable names.
+- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+- as_fn_error $? "invalid package name: $ac_useropt"
+- ac_useropt_orig=$ac_useropt
+- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+- case $ac_user_opts in
+- *"
+-"with_$ac_useropt"
+-"*) ;;
+- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+- ac_unrecognized_sep=', ';;
+- esac
+- eval with_$ac_useropt=no ;;
+-
+- --x)
+- # Obsolete; use --with-x.
+- with_x=yes ;;
+-
+- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+- | --x-incl | --x-inc | --x-in | --x-i)
+- ac_prev=x_includes ;;
+- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+- x_includes=$ac_optarg ;;
+-
+- -x-libraries | --x-libraries | --x-librarie | --x-librari \
+- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+- ac_prev=x_libraries ;;
+- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+- x_libraries=$ac_optarg ;;
+-
+- -*) as_fn_error $? "unrecognized option: \`$ac_option'
+-Try \`$0 --help' for more information"
+- ;;
+-
+- *=*)
+- ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+- # Reject names that are not valid shell variable names.
+- case $ac_envvar in #(
+- '' | [0-9]* | *[!_$as_cr_alnum]* )
+- as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+- esac
+- eval $ac_envvar=\$ac_optarg
+- export $ac_envvar ;;
+-
+- *)
+- # FIXME: should be removed in autoconf 3.0.
+- $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+- $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+- : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
+- ;;
+-
+- esac
+-done
+-
+-if test -n "$ac_prev"; then
+- ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+- as_fn_error $? "missing argument to $ac_option"
+-fi
+-
+-if test -n "$ac_unrecognized_opts"; then
+- case $enable_option_checking in
+- no) ;;
+- fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+- *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+- esac
+-fi
+-
+-# Check all directory arguments for consistency.
+-for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
+- datadir sysconfdir sharedstatedir localstatedir includedir \
+- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+- libdir localedir mandir runstatedir
+-do
+- eval ac_val=\$$ac_var
+- # Remove trailing slashes.
+- case $ac_val in
+- */ )
+- ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+- eval $ac_var=\$ac_val;;
+- esac
+- # Be sure to have absolute directory names.
+- case $ac_val in
+- [\\/$]* | ?:[\\/]* ) continue;;
+- NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+- esac
+- as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
+-done
+-
+-# There might be people who depend on the old broken behavior: `$host'
+-# used to hold the argument of --host etc.
+-# FIXME: To remove some day.
+-build=$build_alias
+-host=$host_alias
+-target=$target_alias
+-
+-# FIXME: To remove some day.
+-if test "x$host_alias" != x; then
+- if test "x$build_alias" = x; then
+- cross_compiling=maybe
+- elif test "x$build_alias" != "x$host_alias"; then
+- cross_compiling=yes
+- fi
+-fi
+-
+-ac_tool_prefix=
+-test -n "$host_alias" && ac_tool_prefix=$host_alias-
+-
+-test "$silent" = yes && exec 6>/dev/null
+-
+-
+-ac_pwd=`pwd` && test -n "$ac_pwd" &&
+-ac_ls_di=`ls -di .` &&
+-ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+- as_fn_error $? "working directory cannot be determined"
+-test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+- as_fn_error $? "pwd does not report name of working directory"
+-
+-
+-# Find the source files, if location was not specified.
+-if test -z "$srcdir"; then
+- ac_srcdir_defaulted=yes
+- # Try the directory containing this script, then the parent directory.
+- ac_confdir=`$as_dirname -- "$as_myself" ||
+-$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+- X"$as_myself" : 'X\(//\)[^/]' \| \
+- X"$as_myself" : 'X\(//\)$' \| \
+- X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+-$as_echo X"$as_myself" |
+- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+- s//\1/
+- q
+- }
+- /^X\(\/\/\)[^/].*/{
+- s//\1/
+- q
+- }
+- /^X\(\/\/\)$/{
+- s//\1/
+- q
+- }
+- /^X\(\/\).*/{
+- s//\1/
+- q
+- }
+- s/.*/./; q'`
+- srcdir=$ac_confdir
+- if test ! -r "$srcdir/$ac_unique_file"; then
+- srcdir=..
+- fi
+-else
+- ac_srcdir_defaulted=no
+-fi
+-if test ! -r "$srcdir/$ac_unique_file"; then
+- test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+- as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+-fi
+-ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+-ac_abs_confdir=`(
+- cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+- pwd)`
+-# When building in place, set srcdir=.
+-if test "$ac_abs_confdir" = "$ac_pwd"; then
+- srcdir=.
+-fi
+-# Remove unnecessary trailing slashes from srcdir.
+-# Double slashes in file names in object file debugging info
+-# mess up M-x gdb in Emacs.
+-case $srcdir in
+-*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+-esac
+-for ac_var in $ac_precious_vars; do
+- eval ac_env_${ac_var}_set=\${${ac_var}+set}
+- eval ac_env_${ac_var}_value=\$${ac_var}
+- eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+- eval ac_cv_env_${ac_var}_value=\$${ac_var}
+-done
+-
+-#
+-# Report the --help message.
+-#
+-if test "$ac_init_help" = "long"; then
+- # Omit some internal or obsolete options to make the list less imposing.
+- # This message is too long to be a string in the A/UX 3.1 sh.
+- cat <<_ACEOF
+-\`configure' configures this package to adapt to many kinds of systems.
+-
+-Usage: $0 [OPTION]... [VAR=VALUE]...
+-
+-To assign environment variables (e.g., CC, CFLAGS...), specify them as
+-VAR=VALUE. See below for descriptions of some of the useful variables.
+-
+-Defaults for the options are specified in brackets.
+-
+-Configuration:
+- -h, --help display this help and exit
+- --help=short display options specific to this package
+- --help=recursive display the short help of all the included packages
+- -V, --version display version information and exit
+- -q, --quiet, --silent do not print \`checking ...' messages
+- --cache-file=FILE cache test results in FILE [disabled]
+- -C, --config-cache alias for \`--cache-file=config.cache'
+- -n, --no-create do not create output files
+- --srcdir=DIR find the sources in DIR [configure dir or \`..']
+-
+-Installation directories:
+- --prefix=PREFIX install architecture-independent files in PREFIX
+- [$ac_default_prefix]
+- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+- [PREFIX]
+-
+-By default, \`make install' will install all the files in
+-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
+-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+-for instance \`--prefix=\$HOME'.
+-
+-For better control, use the options below.
+-
+-Fine tuning of the installation directories:
+- --bindir=DIR user executables [EPREFIX/bin]
+- --sbindir=DIR system admin executables [EPREFIX/sbin]
+- --libexecdir=DIR program executables [EPREFIX/libexec]
+- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
+- --libdir=DIR object code libraries [EPREFIX/lib]
+- --includedir=DIR C header files [PREFIX/include]
+- --oldincludedir=DIR C header files for non-gcc [/usr/include]
+- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+- --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+- --infodir=DIR info documentation [DATAROOTDIR/info]
+- --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+- --mandir=DIR man documentation [DATAROOTDIR/man]
+- --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
+- --htmldir=DIR html documentation [DOCDIR]
+- --dvidir=DIR dvi documentation [DOCDIR]
+- --pdfdir=DIR pdf documentation [DOCDIR]
+- --psdir=DIR ps documentation [DOCDIR]
+-_ACEOF
+-
+- cat <<\_ACEOF
+-_ACEOF
+-fi
+-
+-if test -n "$ac_init_help"; then
+-
+- cat <<\_ACEOF
+-
+-Optional Packages:
+- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+- --without-rlm_eap_teap build without rlm_eap_teap
+- --with-openssl-lib-dir=DIR
+- directory for LDAP library files
+- -with-openssl-include-dir=DIR
+- directory for LDAP include files
+-
+-Some influential environment variables:
+- CC C compiler command
+- CFLAGS C compiler flags
+- LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+- nonstandard directory <lib dir>
+- LIBS libraries to pass to the linker, e.g. -l<library>
+- CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+- you have headers in a nonstandard directory <include dir>
+- CPP C preprocessor
+-
+-Use these variables to override the choices made by `configure' or to help
+-it to find libraries and programs with nonstandard names/locations.
+-
+-Report bugs to the package provider.
+-_ACEOF
+-ac_status=$?
+-fi
+-
+-if test "$ac_init_help" = "recursive"; then
+- # If there are subdirs, report their specific --help.
+- for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+- test -d "$ac_dir" ||
+- { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+- continue
+- ac_builddir=.
+-
+-case "$ac_dir" in
+-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+-*)
+- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+- # A ".." for each directory in $ac_dir_suffix.
+- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+- case $ac_top_builddir_sub in
+- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+- esac ;;
+-esac
+-ac_abs_top_builddir=$ac_pwd
+-ac_abs_builddir=$ac_pwd$ac_dir_suffix
+-# for backward compatibility:
+-ac_top_builddir=$ac_top_build_prefix
+-
+-case $srcdir in
+- .) # We are building in place.
+- ac_srcdir=.
+- ac_top_srcdir=$ac_top_builddir_sub
+- ac_abs_top_srcdir=$ac_pwd ;;
+- [\\/]* | ?:[\\/]* ) # Absolute name.
+- ac_srcdir=$srcdir$ac_dir_suffix;
+- ac_top_srcdir=$srcdir
+- ac_abs_top_srcdir=$srcdir ;;
+- *) # Relative name.
+- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+- ac_top_srcdir=$ac_top_build_prefix$srcdir
+- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+-esac
+-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+-
+- cd "$ac_dir" || { ac_status=$?; continue; }
+- # Check for guested configure.
+- if test -f "$ac_srcdir/configure.gnu"; then
+- echo &&
+- $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+- elif test -f "$ac_srcdir/configure"; then
+- echo &&
+- $SHELL "$ac_srcdir/configure" --help=recursive
+- else
+- $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+- fi || ac_status=$?
+- cd "$ac_pwd" || { ac_status=$?; break; }
+- done
+-fi
+-
+-test -n "$ac_init_help" && exit $ac_status
+-if $ac_init_version; then
+- cat <<\_ACEOF
+-configure
+-generated by GNU Autoconf 2.69
+-
+-Copyright (C) 2012 Free Software Foundation, Inc.
+-This configure script is free software; the Free Software Foundation
+-gives unlimited permission to copy, distribute and modify it.
+-_ACEOF
+- exit
+-fi
+-
+-## ------------------------ ##
+-## Autoconf initialization. ##
+-## ------------------------ ##
+-
+-echo
+-echo Running tests for rlm_eap_teap
+-echo
+-
+-
+-# ac_fn_c_try_compile LINENO
+-# --------------------------
+-# Try to compile conftest.$ac_ext, and return whether this succeeded.
+-ac_fn_c_try_compile ()
+-{
+- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+- rm -f conftest.$ac_objext
+- if { { ac_try="$ac_compile"
+-case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_compile") 2>conftest.err
+- ac_status=$?
+- if test -s conftest.err; then
+- grep -v '^ *+' conftest.err >conftest.er1
+- cat conftest.er1 >&5
+- mv -f conftest.er1 conftest.err
+- fi
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; } && {
+- test -z "$ac_c_werror_flag" ||
+- test ! -s conftest.err
+- } && test -s conftest.$ac_objext; then :
+- ac_retval=0
+-else
+- $as_echo "$as_me: failed program was:" >&5
+-sed 's/^/| /' conftest.$ac_ext >&5
+-
+- ac_retval=1
+-fi
+- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+- as_fn_set_status $ac_retval
+-
+-} # ac_fn_c_try_compile
+-
+-# ac_fn_c_try_link LINENO
+-# -----------------------
+-# Try to link conftest.$ac_ext, and return whether this succeeded.
+-ac_fn_c_try_link ()
+-{
+- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+- rm -f conftest.$ac_objext conftest$ac_exeext
+- if { { ac_try="$ac_link"
+-case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_link") 2>conftest.err
+- ac_status=$?
+- if test -s conftest.err; then
+- grep -v '^ *+' conftest.err >conftest.er1
+- cat conftest.er1 >&5
+- mv -f conftest.er1 conftest.err
+- fi
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; } && {
+- test -z "$ac_c_werror_flag" ||
+- test ! -s conftest.err
+- } && test -s conftest$ac_exeext && {
+- test "$cross_compiling" = yes ||
+- test -x conftest$ac_exeext
+- }; then :
+- ac_retval=0
+-else
+- $as_echo "$as_me: failed program was:" >&5
+-sed 's/^/| /' conftest.$ac_ext >&5
+-
+- ac_retval=1
+-fi
+- # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+- # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+- # interfere with the next link command; also delete a directory that is
+- # left behind by Apple's compiler. We do this before executing the actions.
+- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+- as_fn_set_status $ac_retval
+-
+-} # ac_fn_c_try_link
+-
+-# ac_fn_c_try_cpp LINENO
+-# ----------------------
+-# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+-ac_fn_c_try_cpp ()
+-{
+- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+- if { { ac_try="$ac_cpp conftest.$ac_ext"
+-case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+- ac_status=$?
+- if test -s conftest.err; then
+- grep -v '^ *+' conftest.err >conftest.er1
+- cat conftest.er1 >&5
+- mv -f conftest.er1 conftest.err
+- fi
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; } > conftest.i && {
+- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+- test ! -s conftest.err
+- }; then :
+- ac_retval=0
+-else
+- $as_echo "$as_me: failed program was:" >&5
+-sed 's/^/| /' conftest.$ac_ext >&5
+-
+- ac_retval=1
+-fi
+- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+- as_fn_set_status $ac_retval
+-
+-} # ac_fn_c_try_cpp
+-cat >config.log <<_ACEOF
+-This file contains any messages produced by compilers while
+-running configure, to aid debugging if configure makes a mistake.
+-
+-It was created by $as_me, which was
+-generated by GNU Autoconf 2.69. Invocation command line was
+-
+- $ $0 $@
+-
+-_ACEOF
+-exec 5>>config.log
+-{
+-cat <<_ASUNAME
+-## --------- ##
+-## Platform. ##
+-## --------- ##
+-
+-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+-uname -m = `(uname -m) 2>/dev/null || echo unknown`
+-uname -r = `(uname -r) 2>/dev/null || echo unknown`
+-uname -s = `(uname -s) 2>/dev/null || echo unknown`
+-uname -v = `(uname -v) 2>/dev/null || echo unknown`
+-
+-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+-/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
+-
+-/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
+-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
+-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+-/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
+-/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
+-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
+-/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
+-
+-_ASUNAME
+-
+-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-for as_dir in $PATH
+-do
+- IFS=$as_save_IFS
+- test -z "$as_dir" && as_dir=.
+- $as_echo "PATH: $as_dir"
+- done
+-IFS=$as_save_IFS
+-
+-} >&5
+-
+-cat >&5 <<_ACEOF
+-
+-
+-## ----------- ##
+-## Core tests. ##
+-## ----------- ##
+-
+-_ACEOF
+-
+-
+-# Keep a trace of the command line.
+-# Strip out --no-create and --no-recursion so they do not pile up.
+-# Strip out --silent because we don't want to record it for future runs.
+-# Also quote any args containing shell meta-characters.
+-# Make two passes to allow for proper duplicate-argument suppression.
+-ac_configure_args=
+-ac_configure_args0=
+-ac_configure_args1=
+-ac_must_keep_next=false
+-for ac_pass in 1 2
+-do
+- for ac_arg
+- do
+- case $ac_arg in
+- -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+- | -silent | --silent | --silen | --sile | --sil)
+- continue ;;
+- *\'*)
+- ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+- esac
+- case $ac_pass in
+- 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+- 2)
+- as_fn_append ac_configure_args1 " '$ac_arg'"
+- if test $ac_must_keep_next = true; then
+- ac_must_keep_next=false # Got value, back to normal.
+- else
+- case $ac_arg in
+- *=* | --config-cache | -C | -disable-* | --disable-* \
+- | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+- | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+- | -with-* | --with-* | -without-* | --without-* | --x)
+- case "$ac_configure_args0 " in
+- "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+- esac
+- ;;
+- -* ) ac_must_keep_next=true ;;
+- esac
+- fi
+- as_fn_append ac_configure_args " '$ac_arg'"
+- ;;
+- esac
+- done
+-done
+-{ ac_configure_args0=; unset ac_configure_args0;}
+-{ ac_configure_args1=; unset ac_configure_args1;}
+-
+-# When interrupted or exit'd, cleanup temporary files, and complete
+-# config.log. We remove comments because anyway the quotes in there
+-# would cause problems or look ugly.
+-# WARNING: Use '\'' to represent an apostrophe within the trap.
+-# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+-trap 'exit_status=$?
+- # Save into config.log some information that might help in debugging.
+- {
+- echo
+-
+- $as_echo "## ---------------- ##
+-## Cache variables. ##
+-## ---------------- ##"
+- echo
+- # The following way of writing the cache mishandles newlines in values,
+-(
+- for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+- eval ac_val=\$$ac_var
+- case $ac_val in #(
+- *${as_nl}*)
+- case $ac_var in #(
+- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+- esac
+- case $ac_var in #(
+- _ | IFS | as_nl) ;; #(
+- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+- *) { eval $ac_var=; unset $ac_var;} ;;
+- esac ;;
+- esac
+- done
+- (set) 2>&1 |
+- case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+- *${as_nl}ac_space=\ *)
+- sed -n \
+- "s/'\''/'\''\\\\'\'''\''/g;
+- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+- ;; #(
+- *)
+- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+- ;;
+- esac |
+- sort
+-)
+- echo
+-
+- $as_echo "## ----------------- ##
+-## Output variables. ##
+-## ----------------- ##"
+- echo
+- for ac_var in $ac_subst_vars
+- do
+- eval ac_val=\$$ac_var
+- case $ac_val in
+- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+- esac
+- $as_echo "$ac_var='\''$ac_val'\''"
+- done | sort
+- echo
+-
+- if test -n "$ac_subst_files"; then
+- $as_echo "## ------------------- ##
+-## File substitutions. ##
+-## ------------------- ##"
+- echo
+- for ac_var in $ac_subst_files
+- do
+- eval ac_val=\$$ac_var
+- case $ac_val in
+- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+- esac
+- $as_echo "$ac_var='\''$ac_val'\''"
+- done | sort
+- echo
+- fi
+-
+- if test -s confdefs.h; then
+- $as_echo "## ----------- ##
+-## confdefs.h. ##
+-## ----------- ##"
+- echo
+- cat confdefs.h
+- echo
+- fi
+- test "$ac_signal" != 0 &&
+- $as_echo "$as_me: caught signal $ac_signal"
+- $as_echo "$as_me: exit $exit_status"
+- } >&5
+- rm -f core *.core core.conftest.* &&
+- rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+- exit $exit_status
+-' 0
+-for ac_signal in 1 2 13 15; do
+- trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+-done
+-ac_signal=0
+-
+-# confdefs.h avoids OS command line length limits that DEFS can exceed.
+-rm -f -r conftest* confdefs.h
+-
+-$as_echo "/* confdefs.h */" > confdefs.h
+-
+-# Predefined preprocessor variables.
+-
+-cat >>confdefs.h <<_ACEOF
+-#define PACKAGE_NAME "$PACKAGE_NAME"
+-_ACEOF
+-
+-cat >>confdefs.h <<_ACEOF
+-#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+-_ACEOF
+-
+-cat >>confdefs.h <<_ACEOF
+-#define PACKAGE_VERSION "$PACKAGE_VERSION"
+-_ACEOF
+-
+-cat >>confdefs.h <<_ACEOF
+-#define PACKAGE_STRING "$PACKAGE_STRING"
+-_ACEOF
+-
+-cat >>confdefs.h <<_ACEOF
+-#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+-_ACEOF
+-
+-cat >>confdefs.h <<_ACEOF
+-#define PACKAGE_URL "$PACKAGE_URL"
+-_ACEOF
+-
+-
+-# Let the site file select an alternate cache file if it wants to.
+-# Prefer an explicitly selected file to automatically selected ones.
+-ac_site_file1=NONE
+-ac_site_file2=NONE
+-if test -n "$CONFIG_SITE"; then
+- # We do not want a PATH search for config.site.
+- case $CONFIG_SITE in #((
+- -*) ac_site_file1=./$CONFIG_SITE;;
+- */*) ac_site_file1=$CONFIG_SITE;;
+- *) ac_site_file1=./$CONFIG_SITE;;
+- esac
+-elif test "x$prefix" != xNONE; then
+- ac_site_file1=$prefix/share/config.site
+- ac_site_file2=$prefix/etc/config.site
+-else
+- ac_site_file1=$ac_default_prefix/share/config.site
+- ac_site_file2=$ac_default_prefix/etc/config.site
+-fi
+-for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+-do
+- test "x$ac_site_file" = xNONE && continue
+- if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+-$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+- sed 's/^/| /' "$ac_site_file" >&5
+- . "$ac_site_file" \
+- || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "failed to load site script $ac_site_file
+-See \`config.log' for more details" "$LINENO" 5; }
+- fi
+-done
+-
+-if test -r "$cache_file"; then
+- # Some versions of bash will fail to source /dev/null (special files
+- # actually), so we avoid doing that. DJGPP emulates it as a regular file.
+- if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+-$as_echo "$as_me: loading cache $cache_file" >&6;}
+- case $cache_file in
+- [\\/]* | ?:[\\/]* ) . "$cache_file";;
+- *) . "./$cache_file";;
+- esac
+- fi
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+-$as_echo "$as_me: creating cache $cache_file" >&6;}
+- >$cache_file
+-fi
+-
+-# Check that the precious variables saved in the cache have kept the same
+-# value.
+-ac_cache_corrupted=false
+-for ac_var in $ac_precious_vars; do
+- eval ac_old_set=\$ac_cv_env_${ac_var}_set
+- eval ac_new_set=\$ac_env_${ac_var}_set
+- eval ac_old_val=\$ac_cv_env_${ac_var}_value
+- eval ac_new_val=\$ac_env_${ac_var}_value
+- case $ac_old_set,$ac_new_set in
+- set,)
+- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+-$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+- ac_cache_corrupted=: ;;
+- ,set)
+- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+-$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+- ac_cache_corrupted=: ;;
+- ,);;
+- *)
+- if test "x$ac_old_val" != "x$ac_new_val"; then
+- # differences in whitespace do not lead to failure.
+- ac_old_val_w=`echo x $ac_old_val`
+- ac_new_val_w=`echo x $ac_new_val`
+- if test "$ac_old_val_w" != "$ac_new_val_w"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+-$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+- ac_cache_corrupted=:
+- else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+-$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+- eval $ac_var=\$ac_old_val
+- fi
+- { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+-$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
+- { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+-$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
+- fi;;
+- esac
+- # Pass precious variables to config.status.
+- if test "$ac_new_set" = set; then
+- case $ac_new_val in
+- *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+- *) ac_arg=$ac_var=$ac_new_val ;;
+- esac
+- case " $ac_configure_args " in
+- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+- *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+- esac
+- fi
+-done
+-if $ac_cache_corrupted; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+- { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+-$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+- as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+-fi
+-## -------------------- ##
+-## Main body of script. ##
+-## -------------------- ##
+-
+-ac_ext=c
+-ac_cpp='$CPP $CPPFLAGS'
+-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+-ac_compiler_gnu=$ac_cv_c_compiler_gnu
+-
+-
+-
+-
+-
+-
+-
+-
+-
+-# Check whether --with-rlm_eap_teap was given.
+-if test "${with_rlm_eap_teap+set}" = set; then :
+- withval=$with_rlm_eap_teap;
+-fi
+-
+-
+-
+-mod_ldflags=
+-mod_cflags=
+-
+-
+-fail=
+-fr_status=
+-fr_features=
+-: > "config.report"
+-: > "config.report.tmp"
+-
+-
+-
+-if test x"$with_rlm_eap_teap" != xno; then
+-
+-
+-openssl_lib_dir=
+-
+-# Check whether --with-openssl-lib-dir was given.
+-if test "${with_openssl_lib_dir+set}" = set; then :
+- withval=$with_openssl_lib_dir; case "$withval" in
+- no)
+- as_fn_error $? "Need openssl-lib-dir" "$LINENO" 5
+- ;;
+- yes)
+- ;;
+- *)
+- openssl_lib_dir="$withval"
+- ;;
+- esac
+-fi
+-
+-
+-openssl_include_dir=
+-
+-# Check whether --with-openssl-include-dir was given.
+-if test "${with_openssl_include_dir+set}" = set; then :
+- withval=$with_openssl_include_dir; case "$withval" in
+- no)
+- as_fn_error $? "Need openssl-include-dir" "$LINENO" 5
+- ;;
+- yes)
+- ;;
+- *)
+- openssl_include_dir="$withval"
+- ;;
+- esac
+-fi
+-
+-
+-
+-smart_try_dir=$openssl_include_dir
+-ac_ext=c
+-ac_cpp='$CPP $CPPFLAGS'
+-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+-ac_compiler_gnu=$ac_cv_c_compiler_gnu
+-if test -n "$ac_tool_prefix"; then
+- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+-set dummy ${ac_tool_prefix}gcc; ac_word=$2
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+-$as_echo_n "checking for $ac_word... " >&6; }
+-if ${ac_cv_prog_CC+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- if test -n "$CC"; then
+- ac_cv_prog_CC="$CC" # Let the user override the test.
+-else
+-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-for as_dir in $PATH
+-do
+- IFS=$as_save_IFS
+- test -z "$as_dir" && as_dir=.
+- for ac_exec_ext in '' $ac_executable_extensions; do
+- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+- ac_cv_prog_CC="${ac_tool_prefix}gcc"
+- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+- break 2
+- fi
+-done
+- done
+-IFS=$as_save_IFS
+-
+-fi
+-fi
+-CC=$ac_cv_prog_CC
+-if test -n "$CC"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+-$as_echo "$CC" >&6; }
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-
+-
+-fi
+-if test -z "$ac_cv_prog_CC"; then
+- ac_ct_CC=$CC
+- # Extract the first word of "gcc", so it can be a program name with args.
+-set dummy gcc; ac_word=$2
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+-$as_echo_n "checking for $ac_word... " >&6; }
+-if ${ac_cv_prog_ac_ct_CC+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- if test -n "$ac_ct_CC"; then
+- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+-else
+-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-for as_dir in $PATH
+-do
+- IFS=$as_save_IFS
+- test -z "$as_dir" && as_dir=.
+- for ac_exec_ext in '' $ac_executable_extensions; do
+- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+- ac_cv_prog_ac_ct_CC="gcc"
+- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+- break 2
+- fi
+-done
+- done
+-IFS=$as_save_IFS
+-
+-fi
+-fi
+-ac_ct_CC=$ac_cv_prog_ac_ct_CC
+-if test -n "$ac_ct_CC"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+-$as_echo "$ac_ct_CC" >&6; }
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-
+- if test "x$ac_ct_CC" = x; then
+- CC=""
+- else
+- case $cross_compiling:$ac_tool_warned in
+-yes:)
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+-ac_tool_warned=yes ;;
+-esac
+- CC=$ac_ct_CC
+- fi
+-else
+- CC="$ac_cv_prog_CC"
+-fi
+-
+-if test -z "$CC"; then
+- if test -n "$ac_tool_prefix"; then
+- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+-set dummy ${ac_tool_prefix}cc; ac_word=$2
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+-$as_echo_n "checking for $ac_word... " >&6; }
+-if ${ac_cv_prog_CC+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- if test -n "$CC"; then
+- ac_cv_prog_CC="$CC" # Let the user override the test.
+-else
+-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-for as_dir in $PATH
+-do
+- IFS=$as_save_IFS
+- test -z "$as_dir" && as_dir=.
+- for ac_exec_ext in '' $ac_executable_extensions; do
+- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+- ac_cv_prog_CC="${ac_tool_prefix}cc"
+- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+- break 2
+- fi
+-done
+- done
+-IFS=$as_save_IFS
+-
+-fi
+-fi
+-CC=$ac_cv_prog_CC
+-if test -n "$CC"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+-$as_echo "$CC" >&6; }
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-
+-
+- fi
+-fi
+-if test -z "$CC"; then
+- # Extract the first word of "cc", so it can be a program name with args.
+-set dummy cc; ac_word=$2
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+-$as_echo_n "checking for $ac_word... " >&6; }
+-if ${ac_cv_prog_CC+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- if test -n "$CC"; then
+- ac_cv_prog_CC="$CC" # Let the user override the test.
+-else
+- ac_prog_rejected=no
+-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-for as_dir in $PATH
+-do
+- IFS=$as_save_IFS
+- test -z "$as_dir" && as_dir=.
+- for ac_exec_ext in '' $ac_executable_extensions; do
+- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+- ac_prog_rejected=yes
+- continue
+- fi
+- ac_cv_prog_CC="cc"
+- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+- break 2
+- fi
+-done
+- done
+-IFS=$as_save_IFS
+-
+-if test $ac_prog_rejected = yes; then
+- # We found a bogon in the path, so make sure we never use it.
+- set dummy $ac_cv_prog_CC
+- shift
+- if test $# != 0; then
+- # We chose a different compiler from the bogus one.
+- # However, it has the same basename, so the bogon will be chosen
+- # first if we set CC to just the basename; use the full file name.
+- shift
+- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+- fi
+-fi
+-fi
+-fi
+-CC=$ac_cv_prog_CC
+-if test -n "$CC"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+-$as_echo "$CC" >&6; }
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-
+-
+-fi
+-if test -z "$CC"; then
+- if test -n "$ac_tool_prefix"; then
+- for ac_prog in cl.exe
+- do
+- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+-$as_echo_n "checking for $ac_word... " >&6; }
+-if ${ac_cv_prog_CC+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- if test -n "$CC"; then
+- ac_cv_prog_CC="$CC" # Let the user override the test.
+-else
+-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-for as_dir in $PATH
+-do
+- IFS=$as_save_IFS
+- test -z "$as_dir" && as_dir=.
+- for ac_exec_ext in '' $ac_executable_extensions; do
+- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+- break 2
+- fi
+-done
+- done
+-IFS=$as_save_IFS
+-
+-fi
+-fi
+-CC=$ac_cv_prog_CC
+-if test -n "$CC"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+-$as_echo "$CC" >&6; }
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-
+-
+- test -n "$CC" && break
+- done
+-fi
+-if test -z "$CC"; then
+- ac_ct_CC=$CC
+- for ac_prog in cl.exe
+-do
+- # Extract the first word of "$ac_prog", so it can be a program name with args.
+-set dummy $ac_prog; ac_word=$2
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+-$as_echo_n "checking for $ac_word... " >&6; }
+-if ${ac_cv_prog_ac_ct_CC+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- if test -n "$ac_ct_CC"; then
+- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+-else
+-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-for as_dir in $PATH
+-do
+- IFS=$as_save_IFS
+- test -z "$as_dir" && as_dir=.
+- for ac_exec_ext in '' $ac_executable_extensions; do
+- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+- ac_cv_prog_ac_ct_CC="$ac_prog"
+- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+- break 2
+- fi
+-done
+- done
+-IFS=$as_save_IFS
+-
+-fi
+-fi
+-ac_ct_CC=$ac_cv_prog_ac_ct_CC
+-if test -n "$ac_ct_CC"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+-$as_echo "$ac_ct_CC" >&6; }
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-
+-
+- test -n "$ac_ct_CC" && break
+-done
+-
+- if test "x$ac_ct_CC" = x; then
+- CC=""
+- else
+- case $cross_compiling:$ac_tool_warned in
+-yes:)
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+-ac_tool_warned=yes ;;
+-esac
+- CC=$ac_ct_CC
+- fi
+-fi
+-
+-fi
+-
+-
+-test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "no acceptable C compiler found in \$PATH
+-See \`config.log' for more details" "$LINENO" 5; }
+-
+-# Provide some information about the compiler.
+-$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+-set X $ac_compile
+-ac_compiler=$2
+-for ac_option in --version -v -V -qversion; do
+- { { ac_try="$ac_compiler $ac_option >&5"
+-case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+- ac_status=$?
+- if test -s conftest.err; then
+- sed '10a\
+-... rest of stderr output deleted ...
+- 10q' conftest.err >conftest.er1
+- cat conftest.er1 >&5
+- fi
+- rm -f conftest.er1 conftest.err
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; }
+-done
+-
+-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-ac_clean_files_save=$ac_clean_files
+-ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+-# Try to create an executable without -o first, disregard a.out.
+-# It will help us diagnose broken compilers, and finding out an intuition
+-# of exeext.
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+-$as_echo_n "checking whether the C compiler works... " >&6; }
+-ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+-
+-# The possible output files:
+-ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+-
+-ac_rmfiles=
+-for ac_file in $ac_files
+-do
+- case $ac_file in
+- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+- * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+- esac
+-done
+-rm -f $ac_rmfiles
+-
+-if { { ac_try="$ac_link_default"
+-case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_link_default") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; }; then :
+- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+-# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+-# in a Makefile. We should not override ac_cv_exeext if it was cached,
+-# so that the user can short-circuit this test for compilers unknown to
+-# Autoconf.
+-for ac_file in $ac_files ''
+-do
+- test -f "$ac_file" || continue
+- case $ac_file in
+- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+- ;;
+- [ab].out )
+- # We found the default executable, but exeext='' is most
+- # certainly right.
+- break;;
+- *.* )
+- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+- then :; else
+- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+- fi
+- # We set ac_cv_exeext here because the later test for it is not
+- # safe: cross compilers may not add the suffix if given an `-o'
+- # argument, so we may need to know it at that point already.
+- # Even if this section looks crufty: it has the advantage of
+- # actually working.
+- break;;
+- * )
+- break;;
+- esac
+-done
+-test "$ac_cv_exeext" = no && ac_cv_exeext=
+-
+-else
+- ac_file=''
+-fi
+-if test -z "$ac_file"; then :
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-$as_echo "$as_me: failed program was:" >&5
+-sed 's/^/| /' conftest.$ac_ext >&5
+-
+-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error 77 "C compiler cannot create executables
+-See \`config.log' for more details" "$LINENO" 5; }
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+-$as_echo_n "checking for C compiler default output file name... " >&6; }
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+-$as_echo "$ac_file" >&6; }
+-ac_exeext=$ac_cv_exeext
+-
+-rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+-ac_clean_files=$ac_clean_files_save
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+-$as_echo_n "checking for suffix of executables... " >&6; }
+-if { { ac_try="$ac_link"
+-case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_link") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; }; then :
+- # If both `conftest.exe' and `conftest' are `present' (well, observable)
+-# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
+-# work properly (i.e., refer to `conftest.exe'), while it won't with
+-# `rm'.
+-for ac_file in conftest.exe conftest conftest.*; do
+- test -f "$ac_file" || continue
+- case $ac_file in
+- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+- break;;
+- * ) break;;
+- esac
+-done
+-else
+- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+-See \`config.log' for more details" "$LINENO" 5; }
+-fi
+-rm -f conftest conftest$ac_cv_exeext
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+-$as_echo "$ac_cv_exeext" >&6; }
+-
+-rm -f conftest.$ac_ext
+-EXEEXT=$ac_cv_exeext
+-ac_exeext=$EXEEXT
+-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-#include <stdio.h>
+-int
+-main ()
+-{
+-FILE *f = fopen ("conftest.out", "w");
+- return ferror (f) || fclose (f) != 0;
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-ac_clean_files="$ac_clean_files conftest.out"
+-# Check that the compiler produces executables we can run. If not, either
+-# the compiler is broken, or we cross compile.
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+-$as_echo_n "checking whether we are cross compiling... " >&6; }
+-if test "$cross_compiling" != yes; then
+- { { ac_try="$ac_link"
+-case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_link") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; }
+- if { ac_try='./conftest$ac_cv_exeext'
+- { { case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_try") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; }; }; then
+- cross_compiling=no
+- else
+- if test "$cross_compiling" = maybe; then
+- cross_compiling=yes
+- else
+- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot run C compiled programs.
+-If you meant to cross compile, use \`--host'.
+-See \`config.log' for more details" "$LINENO" 5; }
+- fi
+- fi
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+-$as_echo "$cross_compiling" >&6; }
+-
+-rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+-ac_clean_files=$ac_clean_files_save
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+-$as_echo_n "checking for suffix of object files... " >&6; }
+-if ${ac_cv_objext+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-rm -f conftest.o conftest.obj
+-if { { ac_try="$ac_compile"
+-case "(($ac_try" in
+- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+- *) ac_try_echo=$ac_try;;
+-esac
+-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+-$as_echo "$ac_try_echo"; } >&5
+- (eval "$ac_compile") 2>&5
+- ac_status=$?
+- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+- test $ac_status = 0; }; then :
+- for ac_file in conftest.o conftest.obj conftest.*; do
+- test -f "$ac_file" || continue;
+- case $ac_file in
+- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+- break;;
+- esac
+-done
+-else
+- $as_echo "$as_me: failed program was:" >&5
+-sed 's/^/| /' conftest.$ac_ext >&5
+-
+-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "cannot compute suffix of object files: cannot compile
+-See \`config.log' for more details" "$LINENO" 5; }
+-fi
+-rm -f conftest.$ac_cv_objext conftest.$ac_ext
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+-$as_echo "$ac_cv_objext" >&6; }
+-OBJEXT=$ac_cv_objext
+-ac_objext=$OBJEXT
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+-$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+-if ${ac_cv_c_compiler_gnu+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-#ifndef __GNUC__
+- choke me
+-#endif
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_compile "$LINENO"; then :
+- ac_compiler_gnu=yes
+-else
+- ac_compiler_gnu=no
+-fi
+-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+-ac_cv_c_compiler_gnu=$ac_compiler_gnu
+-
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+-$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+-if test $ac_compiler_gnu = yes; then
+- GCC=yes
+-else
+- GCC=
+-fi
+-ac_test_CFLAGS=${CFLAGS+set}
+-ac_save_CFLAGS=$CFLAGS
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+-$as_echo_n "checking whether $CC accepts -g... " >&6; }
+-if ${ac_cv_prog_cc_g+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- ac_save_c_werror_flag=$ac_c_werror_flag
+- ac_c_werror_flag=yes
+- ac_cv_prog_cc_g=no
+- CFLAGS="-g"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_compile "$LINENO"; then :
+- ac_cv_prog_cc_g=yes
+-else
+- CFLAGS=""
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_compile "$LINENO"; then :
+-
+-else
+- ac_c_werror_flag=$ac_save_c_werror_flag
+- CFLAGS="-g"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_compile "$LINENO"; then :
+- ac_cv_prog_cc_g=yes
+-fi
+-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+-fi
+-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+-fi
+-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+- ac_c_werror_flag=$ac_save_c_werror_flag
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+-$as_echo "$ac_cv_prog_cc_g" >&6; }
+-if test "$ac_test_CFLAGS" = set; then
+- CFLAGS=$ac_save_CFLAGS
+-elif test $ac_cv_prog_cc_g = yes; then
+- if test "$GCC" = yes; then
+- CFLAGS="-g -O2"
+- else
+- CFLAGS="-g"
+- fi
+-else
+- if test "$GCC" = yes; then
+- CFLAGS="-O2"
+- else
+- CFLAGS=
+- fi
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+-$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+-if ${ac_cv_prog_cc_c89+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- ac_cv_prog_cc_c89=no
+-ac_save_CC=$CC
+-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-#include <stdarg.h>
+-#include <stdio.h>
+-struct stat;
+-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+-struct buf { int x; };
+-FILE * (*rcsopen) (struct buf *, struct stat *, int);
+-static char *e (p, i)
+- char **p;
+- int i;
+-{
+- return p[i];
+-}
+-static char *f (char * (*g) (char **, int), char **p, ...)
+-{
+- char *s;
+- va_list v;
+- va_start (v,p);
+- s = g (p, va_arg (v,int));
+- va_end (v);
+- return s;
+-}
+-
+-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+- function prototypes and stuff, but not '\xHH' hex character constants.
+- These don't provoke an error unfortunately, instead are silently treated
+- as 'x'. The following induces an error, until -std is added to get
+- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+- array size at least. It's necessary to write '\x00'==0 to get something
+- that's true only with -std. */
+-int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+-
+-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+- inside strings and character constants. */
+-#define FOO(x) 'x'
+-int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+-
+-int test (int i, double x);
+-struct s1 {int (*f) (int a);};
+-struct s2 {int (*f) (double a);};
+-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+-int argc;
+-char **argv;
+-int
+-main ()
+-{
+-return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
+- ;
+- return 0;
+-}
+-_ACEOF
+-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+-do
+- CC="$ac_save_CC $ac_arg"
+- if ac_fn_c_try_compile "$LINENO"; then :
+- ac_cv_prog_cc_c89=$ac_arg
+-fi
+-rm -f core conftest.err conftest.$ac_objext
+- test "x$ac_cv_prog_cc_c89" != "xno" && break
+-done
+-rm -f conftest.$ac_ext
+-CC=$ac_save_CC
+-
+-fi
+-# AC_CACHE_VAL
+-case "x$ac_cv_prog_cc_c89" in
+- x)
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+-$as_echo "none needed" >&6; } ;;
+- xno)
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+-$as_echo "unsupported" >&6; } ;;
+- *)
+- CC="$CC $ac_cv_prog_cc_c89"
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+-$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+-esac
+-if test "x$ac_cv_prog_cc_c89" != xno; then :
+-
+-fi
+-
+-ac_ext=c
+-ac_cpp='$CPP $CPPFLAGS'
+-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+-ac_compiler_gnu=$ac_cv_c_compiler_gnu
+-
+-
+-
+-
+-ac_safe=`echo "openssl/ec.h" | sed 'y%./+-%__pm%'`
+-old_CPPFLAGS="$CPPFLAGS"
+-smart_include=
+-smart_include_dir="/usr/local/include /opt/include"
+-
+-_smart_try_dir=
+-_smart_include_dir=
+-
+-for _prefix in $smart_prefix ""; do
+- for _dir in $smart_try_dir; do
+- _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}"
+- done
+-
+- for _dir in $smart_include_dir; do
+- _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}"
+- done
+-done
+-
+-if test "x$_smart_try_dir" != "x"; then
+- for try in $_smart_try_dir; do
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h in $try" >&5
+-$as_echo_n "checking for openssl/ec.h in $try... " >&6; }
+- CPPFLAGS="-isystem $try $old_CPPFLAGS"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+- #include <openssl/ec.h>
+-int
+-main ()
+-{
+-int a = 1;
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_compile "$LINENO"; then :
+-
+- smart_include="-isystem $try"
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+- break
+-
+-else
+-
+- smart_include=
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-
+-fi
+-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+- done
+- CPPFLAGS="$old_CPPFLAGS"
+-fi
+-
+-if test "x$smart_include" = "x"; then
+- for _prefix in $smart_prefix; do
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/openssl/ec.h" >&5
+-$as_echo_n "checking for ${_prefix}/openssl/ec.h... " >&6; }
+-
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+- #include <openssl/ec.h>
+-int
+-main ()
+-{
+-int a = 1;
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_compile "$LINENO"; then :
+-
+- smart_include="-isystem ${_prefix}/"
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+- break
+-
+-else
+-
+- smart_include=
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-
+-fi
+-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+- done
+-fi
+-
+-if test "x$smart_include" = "x"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h" >&5
+-$as_echo_n "checking for openssl/ec.h... " >&6; }
+-
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+- #include <openssl/ec.h>
+-int
+-main ()
+-{
+-int a = 1;
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_compile "$LINENO"; then :
+-
+- smart_include=" "
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+- break
+-
+-else
+-
+- smart_include=
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-
+-fi
+-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+-fi
+-
+-if test "x$smart_include" = "x"; then
+-
+- for try in $_smart_include_dir; do
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ec.h in $try" >&5
+-$as_echo_n "checking for openssl/ec.h in $try... " >&6; }
+- CPPFLAGS="-isystem $try $old_CPPFLAGS"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+- #include <openssl/ec.h>
+-int
+-main ()
+-{
+-int a = 1;
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_compile "$LINENO"; then :
+-
+- smart_include="-isystem $try"
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+- break
+-
+-else
+-
+- smart_include=
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-
+-fi
+-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+- done
+- CPPFLAGS="$old_CPPFLAGS"
+-fi
+-
+-if test "x$smart_include" != "x"; then
+- eval "ac_cv_header_$ac_safe=yes"
+- CPPFLAGS="$smart_include $old_CPPFLAGS"
+- SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS"
+-fi
+-
+-smart_prefix=
+-
+-if test "$ac_cv_header_openssl_ec_h" != "yes"; then
+-
+-fail="$fail openssl/ec.h"
+-
+-fi
+-
+-smart_try_dir=$openssl_lib_dir
+-
+-
+-sm_lib_safe=`echo "crypto" | sed 'y%./+-%__p_%'`
+-sm_func_safe=`echo "EVP_CIPHER_CTX_new" | sed 'y%./+-%__p_%'`
+-
+-old_LIBS="$LIBS"
+-old_CPPFLAGS="$CPPFLAGS"
+-smart_lib=
+-smart_ldflags=
+-smart_lib_dir=
+-
+-if test "x$smart_try_dir" != "x"; then
+- for try in $smart_try_dir; do
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto in $try" >&5
+-$as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto in $try... " >&6; }
+- LIBS="-lcrypto $old_LIBS"
+- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-extern char EVP_CIPHER_CTX_new();
+-int
+-main ()
+-{
+-EVP_CIPHER_CTX_new()
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_link "$LINENO"; then :
+-
+- smart_lib="-lcrypto"
+- smart_ldflags="-L$try -Wl,-rpath,$try"
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+- break
+-
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-rm -f core conftest.err conftest.$ac_objext \
+- conftest$ac_exeext conftest.$ac_ext
+- done
+- LIBS="$old_LIBS"
+- CPPFLAGS="$old_CPPFLAGS"
+-fi
+-
+-if test "x$smart_lib" = "x"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto" >&5
+-$as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto... " >&6; }
+- LIBS="-lcrypto $old_LIBS"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-extern char EVP_CIPHER_CTX_new();
+-int
+-main ()
+-{
+-EVP_CIPHER_CTX_new()
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_link "$LINENO"; then :
+-
+- smart_lib="-lcrypto"
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+-
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-rm -f core conftest.err conftest.$ac_objext \
+- conftest$ac_exeext conftest.$ac_ext
+- LIBS="$old_LIBS"
+-fi
+-
+-if test "x$smart_lib" = "x"; then
+- for try in /usr/local/lib /opt/lib; do
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_CIPHER_CTX_new in -lcrypto in $try" >&5
+-$as_echo_n "checking for EVP_CIPHER_CTX_new in -lcrypto in $try... " >&6; }
+- LIBS="-lcrypto $old_LIBS"
+- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS"
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-extern char EVP_CIPHER_CTX_new();
+-int
+-main ()
+-{
+-EVP_CIPHER_CTX_new()
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_link "$LINENO"; then :
+-
+- smart_lib="-lcrypto"
+- smart_ldflags="-L$try -Wl,-rpath,$try"
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+- break
+-
+-else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-fi
+-rm -f core conftest.err conftest.$ac_objext \
+- conftest$ac_exeext conftest.$ac_ext
+- done
+- LIBS="$old_LIBS"
+- CPPFLAGS="$old_CPPFLAGS"
+-fi
+-
+-if test "x$smart_lib" != "x"; then
+- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
+- LIBS="$smart_ldflags $smart_lib $old_LIBS"
+- SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
+-fi
+-
+-if test "x$ac_cv_lib_crypto_EVP_CIPHER_CTX_new" != "xyes"; then
+-
+-fail="$fail libssl"
+-
+-fi
+-
+-ac_ext=c
+-ac_cpp='$CPP $CPPFLAGS'
+-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+-ac_compiler_gnu=$ac_cv_c_compiler_gnu
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+-$as_echo_n "checking how to run the C preprocessor... " >&6; }
+-# On Suns, sometimes $CPP names a directory.
+-if test -n "$CPP" && test -d "$CPP"; then
+- CPP=
+-fi
+-if test -z "$CPP"; then
+- if ${ac_cv_prog_CPP+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- # Double quotes because CPP needs to be expanded
+- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+- do
+- ac_preproc_ok=false
+-for ac_c_preproc_warn_flag in '' yes
+-do
+- # Use a header file that comes with gcc, so configuring glibc
+- # with a fresh cross-compiler works.
+- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+- # <limits.h> exists even on freestanding compilers.
+- # On the NeXT, cc -E runs the code through the compiler's parser,
+- # not just through cpp. "Syntax error" is here to catch this case.
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-#ifdef __STDC__
+-# include <limits.h>
+-#else
+-# include <assert.h>
+-#endif
+- Syntax error
+-_ACEOF
+-if ac_fn_c_try_cpp "$LINENO"; then :
+-
+-else
+- # Broken: fails on valid input.
+-continue
+-fi
+-rm -f conftest.err conftest.i conftest.$ac_ext
+-
+- # OK, works on sane cases. Now check whether nonexistent headers
+- # can be detected and how.
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-#include <ac_nonexistent.h>
+-_ACEOF
+-if ac_fn_c_try_cpp "$LINENO"; then :
+- # Broken: success on invalid input.
+-continue
+-else
+- # Passes both tests.
+-ac_preproc_ok=:
+-break
+-fi
+-rm -f conftest.err conftest.i conftest.$ac_ext
+-
+-done
+-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+-rm -f conftest.i conftest.err conftest.$ac_ext
+-if $ac_preproc_ok; then :
+- break
+-fi
+-
+- done
+- ac_cv_prog_CPP=$CPP
+-
+-fi
+- CPP=$ac_cv_prog_CPP
+-else
+- ac_cv_prog_CPP=$CPP
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+-$as_echo "$CPP" >&6; }
+-ac_preproc_ok=false
+-for ac_c_preproc_warn_flag in '' yes
+-do
+- # Use a header file that comes with gcc, so configuring glibc
+- # with a fresh cross-compiler works.
+- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+- # <limits.h> exists even on freestanding compilers.
+- # On the NeXT, cc -E runs the code through the compiler's parser,
+- # not just through cpp. "Syntax error" is here to catch this case.
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-#ifdef __STDC__
+-# include <limits.h>
+-#else
+-# include <assert.h>
+-#endif
+- Syntax error
+-_ACEOF
+-if ac_fn_c_try_cpp "$LINENO"; then :
+-
+-else
+- # Broken: fails on valid input.
+-continue
+-fi
+-rm -f conftest.err conftest.i conftest.$ac_ext
+-
+- # OK, works on sane cases. Now check whether nonexistent headers
+- # can be detected and how.
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-#include <ac_nonexistent.h>
+-_ACEOF
+-if ac_fn_c_try_cpp "$LINENO"; then :
+- # Broken: success on invalid input.
+-continue
+-else
+- # Passes both tests.
+-ac_preproc_ok=:
+-break
+-fi
+-rm -f conftest.err conftest.i conftest.$ac_ext
+-
+-done
+-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+-rm -f conftest.i conftest.err conftest.$ac_ext
+-if $ac_preproc_ok; then :
+-
+-else
+- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+-as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+-See \`config.log' for more details" "$LINENO" 5; }
+-fi
+-
+-ac_ext=c
+-ac_cpp='$CPP $CPPFLAGS'
+-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+-ac_compiler_gnu=$ac_cv_c_compiler_gnu
+-
+-
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+-$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+-if ${ac_cv_path_GREP+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- if test -z "$GREP"; then
+- ac_path_GREP_found=false
+- # Loop through the user's path and test for each of PROGNAME-LIST
+- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+-do
+- IFS=$as_save_IFS
+- test -z "$as_dir" && as_dir=.
+- for ac_prog in grep ggrep; do
+- for ac_exec_ext in '' $ac_executable_extensions; do
+- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+- as_fn_executable_p "$ac_path_GREP" || continue
+-# Check for GNU ac_path_GREP and select it if it is found.
+- # Check for GNU $ac_path_GREP
+-case `"$ac_path_GREP" --version 2>&1` in
+-*GNU*)
+- ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+-*)
+- ac_count=0
+- $as_echo_n 0123456789 >"conftest.in"
+- while :
+- do
+- cat "conftest.in" "conftest.in" >"conftest.tmp"
+- mv "conftest.tmp" "conftest.in"
+- cp "conftest.in" "conftest.nl"
+- $as_echo 'GREP' >> "conftest.nl"
+- "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+- as_fn_arith $ac_count + 1 && ac_count=$as_val
+- if test $ac_count -gt ${ac_path_GREP_max-0}; then
+- # Best one so far, save it but keep looking for a better one
+- ac_cv_path_GREP="$ac_path_GREP"
+- ac_path_GREP_max=$ac_count
+- fi
+- # 10*(2^10) chars as input seems more than enough
+- test $ac_count -gt 10 && break
+- done
+- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+-esac
+-
+- $ac_path_GREP_found && break 3
+- done
+- done
+- done
+-IFS=$as_save_IFS
+- if test -z "$ac_cv_path_GREP"; then
+- as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+- fi
+-else
+- ac_cv_path_GREP=$GREP
+-fi
+-
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+-$as_echo "$ac_cv_path_GREP" >&6; }
+- GREP="$ac_cv_path_GREP"
+-
+-
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+-$as_echo_n "checking for egrep... " >&6; }
+-if ${ac_cv_path_EGREP+:} false; then :
+- $as_echo_n "(cached) " >&6
+-else
+- if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+- then ac_cv_path_EGREP="$GREP -E"
+- else
+- if test -z "$EGREP"; then
+- ac_path_EGREP_found=false
+- # Loop through the user's path and test for each of PROGNAME-LIST
+- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+-do
+- IFS=$as_save_IFS
+- test -z "$as_dir" && as_dir=.
+- for ac_prog in egrep; do
+- for ac_exec_ext in '' $ac_executable_extensions; do
+- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+- as_fn_executable_p "$ac_path_EGREP" || continue
+-# Check for GNU ac_path_EGREP and select it if it is found.
+- # Check for GNU $ac_path_EGREP
+-case `"$ac_path_EGREP" --version 2>&1` in
+-*GNU*)
+- ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+-*)
+- ac_count=0
+- $as_echo_n 0123456789 >"conftest.in"
+- while :
+- do
+- cat "conftest.in" "conftest.in" >"conftest.tmp"
+- mv "conftest.tmp" "conftest.in"
+- cp "conftest.in" "conftest.nl"
+- $as_echo 'EGREP' >> "conftest.nl"
+- "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+- as_fn_arith $ac_count + 1 && ac_count=$as_val
+- if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+- # Best one so far, save it but keep looking for a better one
+- ac_cv_path_EGREP="$ac_path_EGREP"
+- ac_path_EGREP_max=$ac_count
+- fi
+- # 10*(2^10) chars as input seems more than enough
+- test $ac_count -gt 10 && break
+- done
+- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+-esac
+-
+- $ac_path_EGREP_found && break 3
+- done
+- done
+- done
+-IFS=$as_save_IFS
+- if test -z "$ac_cv_path_EGREP"; then
+- as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+- fi
+-else
+- ac_cv_path_EGREP=$EGREP
+-fi
+-
+- fi
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+-$as_echo "$ac_cv_path_EGREP" >&6; }
+- EGREP="$ac_cv_path_EGREP"
+-
+-
+-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-#include <openssl/crypto.h>
+- #if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
+- yes
+- #endif
+-
+-_ACEOF
+-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+- $EGREP "yes" >/dev/null 2>&1; then :
+-
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL version >= 1.1.1" >&5
+-$as_echo_n "checking for OpenSSL version >= 1.1.1... " >&6; }
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+-
+-else
+-
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL version >= 1.1.1" >&5
+-$as_echo_n "checking for OpenSSL version >= 1.1.1... " >&6; }
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+-
+-fail="$fail OpenSSL>=1.1.1"
+-
+-
+-
+-fi
+-rm -f conftest*
+-
+-
+-
+- targetname=rlm_eap_teap
+-else
+- targetname=
+- echo \*\*\* module rlm_eap_teap is disabled.
+-
+-
+-fr_status="disabled"
+-
+-fi
+-
+-if test x"$fail" != x""; then
+- targetname=""
+-
+-
+- if test x"${enable_strict_dependencies}" = x"yes"; then
+- as_fn_error $? "set --without-rlm_eap_teap to disable it explicitly." "$LINENO" 5
+- else
+-
+- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: silently not building rlm_eap_teap." >&5
+-$as_echo "$as_me: WARNING: silently not building rlm_eap_teap." >&2;}
+- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: FAILURE: rlm_eap_teap requires: $fail." >&5
+-$as_echo "$as_me: WARNING: FAILURE: rlm_eap_teap requires: $fail." >&2;};
+- fail="$(echo $fail)"
+-
+-
+-fr_status="skipping (requires $fail)"
+-
+- fr_features=
+-
+- fi
+-
+-else
+-
+-
+-fr_status="OK"
+-
+-fi
+-
+-if test x"$fr_features" = x""; then
+- $as_echo "$fr_status" > "config.report"
+-else
+- $as_echo_n "$fr_status ... " > "config.report"
+- cat "config.report.tmp" >> "config.report"
+-fi
+-
+-rm "config.report.tmp"
+-
+-
+-
+-
+-
+-
+-
+-ac_config_files="$ac_config_files all.mk"
+-
+-cat >confcache <<\_ACEOF
+-# This file is a shell script that caches the results of configure
+-# tests run on this system so they can be shared between configure
+-# scripts and configure runs, see configure's option --config-cache.
+-# It is not useful on other systems. If it contains results you don't
+-# want to keep, you may remove or edit it.
+-#
+-# config.status only pays attention to the cache file if you give it
+-# the --recheck option to rerun configure.
+-#
+-# `ac_cv_env_foo' variables (set or unset) will be overridden when
+-# loading this file, other *unset* `ac_cv_foo' will be assigned the
+-# following values.
+-
+-_ACEOF
+-
+-# The following way of writing the cache mishandles newlines in values,
+-# but we know of no workaround that is simple, portable, and efficient.
+-# So, we kill variables containing newlines.
+-# Ultrix sh set writes to stderr and can't be redirected directly,
+-# and sets the high bit in the cache file unless we assign to the vars.
+-(
+- for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+- eval ac_val=\$$ac_var
+- case $ac_val in #(
+- *${as_nl}*)
+- case $ac_var in #(
+- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+- esac
+- case $ac_var in #(
+- _ | IFS | as_nl) ;; #(
+- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+- *) { eval $ac_var=; unset $ac_var;} ;;
+- esac ;;
+- esac
+- done
+-
+- (set) 2>&1 |
+- case $as_nl`(ac_space=' '; set) 2>&1` in #(
+- *${as_nl}ac_space=\ *)
+- # `set' does not quote correctly, so add quotes: double-quote
+- # substitution turns \\\\ into \\, and sed turns \\ into \.
+- sed -n \
+- "s/'/'\\\\''/g;
+- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+- ;; #(
+- *)
+- # `set' quotes correctly as required by POSIX, so do not add quotes.
+- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+- ;;
+- esac |
+- sort
+-) |
+- sed '
+- /^ac_cv_env_/b end
+- t clear
+- :clear
+- s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+- t end
+- s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+- :end' >>confcache
+-if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+- if test -w "$cache_file"; then
+- if test "x$cache_file" != "x/dev/null"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+-$as_echo "$as_me: updating cache $cache_file" >&6;}
+- if test ! -f "$cache_file" || test -h "$cache_file"; then
+- cat confcache >"$cache_file"
+- else
+- case $cache_file in #(
+- */* | ?:*)
+- mv -f confcache "$cache_file"$$ &&
+- mv -f "$cache_file"$$ "$cache_file" ;; #(
+- *)
+- mv -f confcache "$cache_file" ;;
+- esac
+- fi
+- fi
+- else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+-$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+- fi
+-fi
+-rm -f confcache
+-
+-test "x$prefix" = xNONE && prefix=$ac_default_prefix
+-# Let make expand exec_prefix.
+-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+-
+-# Transform confdefs.h into DEFS.
+-# Protect against shell expansion while executing Makefile rules.
+-# Protect against Makefile macro expansion.
+-#
+-# If the first sed substitution is executed (which looks for macros that
+-# take arguments), then branch to the quote section. Otherwise,
+-# look for a macro that doesn't take arguments.
+-ac_script='
+-:mline
+-/\\$/{
+- N
+- s,\\\n,,
+- b mline
+-}
+-t clear
+-:clear
+-s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g
+-t quote
+-s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g
+-t quote
+-b any
+-:quote
+-s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g
+-s/\[/\\&/g
+-s/\]/\\&/g
+-s/\$/$$/g
+-H
+-:any
+-${
+- g
+- s/^\n//
+- s/\n/ /g
+- p
+-}
+-'
+-DEFS=`sed -n "$ac_script" confdefs.h`
+-
+-
+-ac_libobjs=
+-ac_ltlibobjs=
+-U=
+-for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+- # 1. Remove the extension, and $U if already installed.
+- ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+- ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+- # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
+- # will be set to the directory where LIBOBJS objects are built.
+- as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+- as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+-done
+-LIBOBJS=$ac_libobjs
+-
+-LTLIBOBJS=$ac_ltlibobjs
+-
+-
+-
+-: "${CONFIG_STATUS=./config.status}"
+-ac_write_fail=0
+-ac_clean_files_save=$ac_clean_files
+-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+-$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+-as_write_fail=0
+-cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+-#! $SHELL
+-# Generated by $as_me.
+-# Run this file to recreate the current configuration.
+-# Compiler output produced by configure, useful for debugging
+-# configure, is in config.log if it exists.
+-
+-debug=false
+-ac_cs_recheck=false
+-ac_cs_silent=false
+-
+-SHELL=\${CONFIG_SHELL-$SHELL}
+-export SHELL
+-_ASEOF
+-cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+-## -------------------- ##
+-## M4sh Initialization. ##
+-## -------------------- ##
+-
+-# Be more Bourne compatible
+-DUALCASE=1; export DUALCASE # for MKS sh
+-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+- emulate sh
+- NULLCMD=:
+- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+- # is contrary to our usage. Disable this feature.
+- alias -g '${1+"$@"}'='"$@"'
+- setopt NO_GLOB_SUBST
+-else
+- case `(set -o) 2>/dev/null` in #(
+- *posix*) :
+- set -o posix ;; #(
+- *) :
+- ;;
+-esac
+-fi
+-
+-
+-as_nl='
+-'
+-export as_nl
+-# Printing a long string crashes Solaris 7 /usr/bin/printf.
+-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+-# Prefer a ksh shell builtin over an external printf program on Solaris,
+-# but without wasting forks for bash or zsh.
+-if test -z "$BASH_VERSION$ZSH_VERSION" \
+- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+- as_echo='print -r --'
+- as_echo_n='print -rn --'
+-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+- as_echo='printf %s\n'
+- as_echo_n='printf %s'
+-else
+- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+- as_echo_n='/usr/ucb/echo -n'
+- else
+- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+- as_echo_n_body='eval
+- arg=$1;
+- case $arg in #(
+- *"$as_nl"*)
+- expr "X$arg" : "X\\(.*\\)$as_nl";
+- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+- esac;
+- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+- '
+- export as_echo_n_body
+- as_echo_n='sh -c $as_echo_n_body as_echo'
+- fi
+- export as_echo_body
+- as_echo='sh -c $as_echo_body as_echo'
+-fi
+-
+-# The user is always right.
+-if test "${PATH_SEPARATOR+set}" != set; then
+- PATH_SEPARATOR=:
+- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+- PATH_SEPARATOR=';'
+- }
+-fi
+-
+-
+-# IFS
+-# We need space, tab and new line, in precisely that order. Quoting is
+-# there to prevent editors from complaining about space-tab.
+-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+-# splitting by setting IFS to empty value.)
+-IFS=" "" $as_nl"
+-
+-# Find who we are. Look in the path if we contain no directory separator.
+-as_myself=
+-case $0 in #((
+- *[\\/]* ) as_myself=$0 ;;
+- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+-for as_dir in $PATH
+-do
+- IFS=$as_save_IFS
+- test -z "$as_dir" && as_dir=.
+- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+- done
+-IFS=$as_save_IFS
+-
+- ;;
+-esac
+-# We did not find ourselves, most probably we were run as `sh COMMAND'
+-# in which case we are not to be found in the path.
+-if test "x$as_myself" = x; then
+- as_myself=$0
+-fi
+-if test ! -f "$as_myself"; then
+- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+- exit 1
+-fi
+-
+-# Unset variables that we do not need and which cause bugs (e.g. in
+-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+-# suppresses any "Segmentation fault" message there. '((' could
+-# trigger a bug in pdksh 5.2.14.
+-for as_var in BASH_ENV ENV MAIL MAILPATH
+-do eval test x\${$as_var+set} = xset \
+- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+-done
+-PS1='$ '
+-PS2='> '
+-PS4='+ '
+-
+-# NLS nuisances.
+-LC_ALL=C
+-export LC_ALL
+-LANGUAGE=C
+-export LANGUAGE
+-
+-# CDPATH.
+-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+-
+-
+-# as_fn_error STATUS ERROR [LINENO LOG_FD]
+-# ----------------------------------------
+-# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+-# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+-# script with STATUS, using 1 if that was 0.
+-as_fn_error ()
+-{
+- as_status=$1; test $as_status -eq 0 && as_status=1
+- if test "$4"; then
+- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+- fi
+- $as_echo "$as_me: error: $2" >&2
+- as_fn_exit $as_status
+-} # as_fn_error
+-
+-
+-# as_fn_set_status STATUS
+-# -----------------------
+-# Set $? to STATUS, without forking.
+-as_fn_set_status ()
+-{
+- return $1
+-} # as_fn_set_status
+-
+-# as_fn_exit STATUS
+-# -----------------
+-# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+-as_fn_exit ()
+-{
+- set +e
+- as_fn_set_status $1
+- exit $1
+-} # as_fn_exit
+-
+-# as_fn_unset VAR
+-# ---------------
+-# Portably unset VAR.
+-as_fn_unset ()
+-{
+- { eval $1=; unset $1;}
+-}
+-as_unset=as_fn_unset
+-# as_fn_append VAR VALUE
+-# ----------------------
+-# Append the text in VALUE to the end of the definition contained in VAR. Take
+-# advantage of any shell optimizations that allow amortized linear growth over
+-# repeated appends, instead of the typical quadratic growth present in naive
+-# implementations.
+-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+- eval 'as_fn_append ()
+- {
+- eval $1+=\$2
+- }'
+-else
+- as_fn_append ()
+- {
+- eval $1=\$$1\$2
+- }
+-fi # as_fn_append
+-
+-# as_fn_arith ARG...
+-# ------------------
+-# Perform arithmetic evaluation on the ARGs, and store the result in the
+-# global $as_val. Take advantage of shells that can avoid forks. The arguments
+-# must be portable across $(()) and expr.
+-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+- eval 'as_fn_arith ()
+- {
+- as_val=$(( $* ))
+- }'
+-else
+- as_fn_arith ()
+- {
+- as_val=`expr "$@" || test $? -eq 1`
+- }
+-fi # as_fn_arith
+-
+-
+-if expr a : '\(a\)' >/dev/null 2>&1 &&
+- test "X`expr 00001 : '.*\(...\)'`" = X001; then
+- as_expr=expr
+-else
+- as_expr=false
+-fi
+-
+-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+- as_basename=basename
+-else
+- as_basename=false
+-fi
+-
+-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+- as_dirname=dirname
+-else
+- as_dirname=false
+-fi
+-
+-as_me=`$as_basename -- "$0" ||
+-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+- X"$0" : 'X\(//\)$' \| \
+- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+-$as_echo X/"$0" |
+- sed '/^.*\/\([^/][^/]*\)\/*$/{
+- s//\1/
+- q
+- }
+- /^X\/\(\/\/\)$/{
+- s//\1/
+- q
+- }
+- /^X\/\(\/\).*/{
+- s//\1/
+- q
+- }
+- s/.*/./; q'`
+-
+-# Avoid depending upon Character Ranges.
+-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+-as_cr_digits='0123456789'
+-as_cr_alnum=$as_cr_Letters$as_cr_digits
+-
+-ECHO_C= ECHO_N= ECHO_T=
+-case `echo -n x` in #(((((
+--n*)
+- case `echo 'xy\c'` in
+- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+- xy) ECHO_C='\c';;
+- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+- ECHO_T=' ';;
+- esac;;
+-*)
+- ECHO_N='-n';;
+-esac
+-
+-rm -f conf$$ conf$$.exe conf$$.file
+-if test -d conf$$.dir; then
+- rm -f conf$$.dir/conf$$.file
+-else
+- rm -f conf$$.dir
+- mkdir conf$$.dir 2>/dev/null
+-fi
+-if (echo >conf$$.file) 2>/dev/null; then
+- if ln -s conf$$.file conf$$ 2>/dev/null; then
+- as_ln_s='ln -s'
+- # ... but there are two gotchas:
+- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+- # In both cases, we have to default to `cp -pR'.
+- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+- as_ln_s='cp -pR'
+- elif ln conf$$.file conf$$ 2>/dev/null; then
+- as_ln_s=ln
+- else
+- as_ln_s='cp -pR'
+- fi
+-else
+- as_ln_s='cp -pR'
+-fi
+-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+-rmdir conf$$.dir 2>/dev/null
+-
+-
+-# as_fn_mkdir_p
+-# -------------
+-# Create "$as_dir" as a directory, including parents if necessary.
+-as_fn_mkdir_p ()
+-{
+-
+- case $as_dir in #(
+- -*) as_dir=./$as_dir;;
+- esac
+- test -d "$as_dir" || eval $as_mkdir_p || {
+- as_dirs=
+- while :; do
+- case $as_dir in #(
+- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+- *) as_qdir=$as_dir;;
+- esac
+- as_dirs="'$as_qdir' $as_dirs"
+- as_dir=`$as_dirname -- "$as_dir" ||
+-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+- X"$as_dir" : 'X\(//\)[^/]' \| \
+- X"$as_dir" : 'X\(//\)$' \| \
+- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+-$as_echo X"$as_dir" |
+- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+- s//\1/
+- q
+- }
+- /^X\(\/\/\)[^/].*/{
+- s//\1/
+- q
+- }
+- /^X\(\/\/\)$/{
+- s//\1/
+- q
+- }
+- /^X\(\/\).*/{
+- s//\1/
+- q
+- }
+- s/.*/./; q'`
+- test -d "$as_dir" && break
+- done
+- test -z "$as_dirs" || eval "mkdir $as_dirs"
+- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+-
+-
+-} # as_fn_mkdir_p
+-if mkdir -p . 2>/dev/null; then
+- as_mkdir_p='mkdir -p "$as_dir"'
+-else
+- test -d ./-p && rmdir ./-p
+- as_mkdir_p=false
+-fi
+-
+-
+-# as_fn_executable_p FILE
+-# -----------------------
+-# Test if FILE is an executable regular file.
+-as_fn_executable_p ()
+-{
+- test -f "$1" && test -x "$1"
+-} # as_fn_executable_p
+-as_test_x='test -x'
+-as_executable_p=as_fn_executable_p
+-
+-# Sed expression to map a string onto a valid CPP name.
+-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+-
+-# Sed expression to map a string onto a valid variable name.
+-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+-
+-
+-exec 6>&1
+-## ----------------------------------- ##
+-## Main body of $CONFIG_STATUS script. ##
+-## ----------------------------------- ##
+-_ASEOF
+-test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+-
+-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+-# Save the log message, to keep $0 and so on meaningful, and to
+-# report actual input values of CONFIG_FILES etc. instead of their
+-# values after options handling.
+-ac_log="
+-This file was extended by $as_me, which was
+-generated by GNU Autoconf 2.69. Invocation command line was
+-
+- CONFIG_FILES = $CONFIG_FILES
+- CONFIG_HEADERS = $CONFIG_HEADERS
+- CONFIG_LINKS = $CONFIG_LINKS
+- CONFIG_COMMANDS = $CONFIG_COMMANDS
+- $ $0 $@
+-
+-on `(hostname || uname -n) 2>/dev/null | sed 1q`
+-"
+-
+-_ACEOF
+-
+-case $ac_config_files in *"
+-"*) set x $ac_config_files; shift; ac_config_files=$*;;
+-esac
+-
+-
+-
+-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+-# Files that config.status was made for.
+-config_files="$ac_config_files"
+-
+-_ACEOF
+-
+-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+-ac_cs_usage="\
+-\`$as_me' instantiates files and other configuration actions
+-from templates according to the current configuration. Unless the files
+-and actions are specified as TAGs, all are instantiated by default.
+-
+-Usage: $0 [OPTION]... [TAG]...
+-
+- -h, --help print this help, then exit
+- -V, --version print version number and configuration settings, then exit
+- --config print configuration, then exit
+- -q, --quiet, --silent
+- do not print progress messages
+- -d, --debug don't remove temporary files
+- --recheck update $as_me by reconfiguring in the same conditions
+- --file=FILE[:TEMPLATE]
+- instantiate the configuration file FILE
+-
+-Configuration files:
+-$config_files
+-
+-Report bugs to the package provider."
+-
+-_ACEOF
+-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+-ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+-ac_cs_version="\\
+-config.status
+-configured by $0, generated by GNU Autoconf 2.69,
+- with options \\"\$ac_cs_config\\"
+-
+-Copyright (C) 2012 Free Software Foundation, Inc.
+-This config.status script is free software; the Free Software Foundation
+-gives unlimited permission to copy, distribute and modify it."
+-
+-ac_pwd='$ac_pwd'
+-srcdir='$srcdir'
+-test -n "\$AWK" || AWK=awk
+-_ACEOF
+-
+-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+-# The default lists apply if the user does not specify any file.
+-ac_need_defaults=:
+-while test $# != 0
+-do
+- case $1 in
+- --*=?*)
+- ac_option=`expr "X$1" : 'X\([^=]*\)='`
+- ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+- ac_shift=:
+- ;;
+- --*=)
+- ac_option=`expr "X$1" : 'X\([^=]*\)='`
+- ac_optarg=
+- ac_shift=:
+- ;;
+- *)
+- ac_option=$1
+- ac_optarg=$2
+- ac_shift=shift
+- ;;
+- esac
+-
+- case $ac_option in
+- # Handling of the options.
+- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+- ac_cs_recheck=: ;;
+- --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+- $as_echo "$ac_cs_version"; exit ;;
+- --config | --confi | --conf | --con | --co | --c )
+- $as_echo "$ac_cs_config"; exit ;;
+- --debug | --debu | --deb | --de | --d | -d )
+- debug=: ;;
+- --file | --fil | --fi | --f )
+- $ac_shift
+- case $ac_optarg in
+- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+- '') as_fn_error $? "missing file argument" ;;
+- esac
+- as_fn_append CONFIG_FILES " '$ac_optarg'"
+- ac_need_defaults=false;;
+- --he | --h | --help | --hel | -h )
+- $as_echo "$ac_cs_usage"; exit ;;
+- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+- | -silent | --silent | --silen | --sile | --sil | --si | --s)
+- ac_cs_silent=: ;;
+-
+- # This is an error.
+- -*) as_fn_error $? "unrecognized option: \`$1'
+-Try \`$0 --help' for more information." ;;
+-
+- *) as_fn_append ac_config_targets " $1"
+- ac_need_defaults=false ;;
+-
+- esac
+- shift
+-done
+-
+-ac_configure_extra_args=
+-
+-if $ac_cs_silent; then
+- exec 6>/dev/null
+- ac_configure_extra_args="$ac_configure_extra_args --silent"
+-fi
+-
+-_ACEOF
+-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+-if \$ac_cs_recheck; then
+- set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+- shift
+- \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+- CONFIG_SHELL='$SHELL'
+- export CONFIG_SHELL
+- exec "\$@"
+-fi
+-
+-_ACEOF
+-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+-exec 5>>config.log
+-{
+- echo
+- sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+-## Running $as_me. ##
+-_ASBOX
+- $as_echo "$ac_log"
+-} >&5
+-
+-_ACEOF
+-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+-_ACEOF
+-
+-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+-
+-# Handling of arguments.
+-for ac_config_target in $ac_config_targets
+-do
+- case $ac_config_target in
+- "all.mk") CONFIG_FILES="$CONFIG_FILES all.mk" ;;
+-
+- *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+- esac
+-done
+-
+-
+-# If the user did not use the arguments to specify the items to instantiate,
+-# then the envvar interface is used. Set only those that are not.
+-# We use the long form for the default assignment because of an extremely
+-# bizarre bug on SunOS 4.1.3.
+-if $ac_need_defaults; then
+- test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+-fi
+-
+-# Have a temporary directory for convenience. Make it in the build tree
+-# simply because there is no reason against having it here, and in addition,
+-# creating and moving files from /tmp can sometimes cause problems.
+-# Hook for its removal unless debugging.
+-# Note that there is a small window in which the directory will not be cleaned:
+-# after its creation but before its name has been assigned to `$tmp'.
+-$debug ||
+-{
+- tmp= ac_tmp=
+- trap 'exit_status=$?
+- : "${ac_tmp:=$tmp}"
+- { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
+-' 0
+- trap 'as_fn_exit 1' 1 2 13 15
+-}
+-# Create a (secure) tmp directory for tmp files.
+-
+-{
+- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+- test -d "$tmp"
+-} ||
+-{
+- tmp=./conf$$-$RANDOM
+- (umask 077 && mkdir "$tmp")
+-} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+-ac_tmp=$tmp
+-
+-# Set up the scripts for CONFIG_FILES section.
+-# No need to generate them if there are no CONFIG_FILES.
+-# This happens for instance with `./config.status config.h'.
+-if test -n "$CONFIG_FILES"; then
+-
+-
+-ac_cr=`echo X | tr X '\015'`
+-# On cygwin, bash can eat \r inside `` if the user requested igncr.
+-# But we know of no other shell where ac_cr would be empty at this
+-# point, so we can use a bashism as a fallback.
+-if test "x$ac_cr" = x; then
+- eval ac_cr=\$\'\\r\'
+-fi
+-ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+-if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+- ac_cs_awk_cr='\\r'
+-else
+- ac_cs_awk_cr=$ac_cr
+-fi
+-
+-echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
+-_ACEOF
+-
+-
+-{
+- echo "cat >conf$$subs.awk <<_ACEOF" &&
+- echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+- echo "_ACEOF"
+-} >conf$$subs.sh ||
+- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+-ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+-ac_delim='%!_!# '
+-for ac_last_try in false false false false false :; do
+- . ./conf$$subs.sh ||
+- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+-
+- ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+- if test $ac_delim_n = $ac_delim_num; then
+- break
+- elif $ac_last_try; then
+- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+- else
+- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+- fi
+-done
+-rm -f conf$$subs.sh
+-
+-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+-cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
+-_ACEOF
+-sed -n '
+-h
+-s/^/S["/; s/!.*/"]=/
+-p
+-g
+-s/^[^!]*!//
+-:repl
+-t repl
+-s/'"$ac_delim"'$//
+-t delim
+-:nl
+-h
+-s/\(.\{148\}\)..*/\1/
+-t more1
+-s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+-p
+-n
+-b repl
+-:more1
+-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+-p
+-g
+-s/.\{148\}//
+-t nl
+-:delim
+-h
+-s/\(.\{148\}\)..*/\1/
+-t more2
+-s/["\\]/\\&/g; s/^/"/; s/$/"/
+-p
+-b
+-:more2
+-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+-p
+-g
+-s/.\{148\}//
+-t delim
+-' <conf$$subs.awk | sed '
+-/^[^""]/{
+- N
+- s/\n//
+-}
+-' >>$CONFIG_STATUS || ac_write_fail=1
+-rm -f conf$$subs.awk
+-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+-_ACAWK
+-cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
+- for (key in S) S_is_set[key] = 1
+- FS = "�"
+-
+-}
+-{
+- line = $ 0
+- nfields = split(line, field, "@")
+- substed = 0
+- len = length(field[1])
+- for (i = 2; i < nfields; i++) {
+- key = field[i]
+- keylen = length(key)
+- if (S_is_set[key]) {
+- value = S[key]
+- line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+- len += length(value) + length(field[++i])
+- substed = 1
+- } else
+- len += 1 + keylen
+- }
+-
+- print line
+-}
+-
+-_ACAWK
+-_ACEOF
+-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+-if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+- sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+-else
+- cat
+-fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
+- || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+-_ACEOF
+-
+-# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+-# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+-# trailing colons and then remove the whole line if VPATH becomes empty
+-# (actually we leave an empty line to preserve line numbers).
+-if test "x$srcdir" = x.; then
+- ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
+-h
+-s///
+-s/^/:/
+-s/[ ]*$/:/
+-s/:\$(srcdir):/:/g
+-s/:\${srcdir}:/:/g
+-s/:@srcdir@:/:/g
+-s/^:*//
+-s/:*$//
+-x
+-s/\(=[ ]*\).*/\1/
+-G
+-s/\n//
+-s/^[^=]*=[ ]*$//
+-}'
+-fi
+-
+-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+-fi # test -n "$CONFIG_FILES"
+-
+-
+-eval set X " :F $CONFIG_FILES "
+-shift
+-for ac_tag
+-do
+- case $ac_tag in
+- :[FHLC]) ac_mode=$ac_tag; continue;;
+- esac
+- case $ac_mode$ac_tag in
+- :[FHL]*:*);;
+- :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
+- :[FH]-) ac_tag=-:-;;
+- :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+- esac
+- ac_save_IFS=$IFS
+- IFS=:
+- set x $ac_tag
+- IFS=$ac_save_IFS
+- shift
+- ac_file=$1
+- shift
+-
+- case $ac_mode in
+- :L) ac_source=$1;;
+- :[FH])
+- ac_file_inputs=
+- for ac_f
+- do
+- case $ac_f in
+- -) ac_f="$ac_tmp/stdin";;
+- *) # Look for the file first in the build tree, then in the source tree
+- # (if the path is not absolute). The absolute path cannot be DOS-style,
+- # because $ac_f cannot contain `:'.
+- test -f "$ac_f" ||
+- case $ac_f in
+- [\\/$]*) false;;
+- *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+- esac ||
+- as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+- esac
+- case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+- as_fn_append ac_file_inputs " '$ac_f'"
+- done
+-
+- # Let's still pretend it is `configure' which instantiates (i.e., don't
+- # use $as_me), people would be surprised to read:
+- # /* config.h. Generated by config.status. */
+- configure_input='Generated from '`
+- $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+- `' by configure.'
+- if test x"$ac_file" != x-; then
+- configure_input="$ac_file. $configure_input"
+- { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+-$as_echo "$as_me: creating $ac_file" >&6;}
+- fi
+- # Neutralize special characters interpreted by sed in replacement strings.
+- case $configure_input in #(
+- *\&* | *\|* | *\\* )
+- ac_sed_conf_input=`$as_echo "$configure_input" |
+- sed 's/[\\\\&|]/\\\\&/g'`;; #(
+- *) ac_sed_conf_input=$configure_input;;
+- esac
+-
+- case $ac_tag in
+- *:-:* | *:-) cat >"$ac_tmp/stdin" \
+- || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+- esac
+- ;;
+- esac
+-
+- ac_dir=`$as_dirname -- "$ac_file" ||
+-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+- X"$ac_file" : 'X\(//\)[^/]' \| \
+- X"$ac_file" : 'X\(//\)$' \| \
+- X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+-$as_echo X"$ac_file" |
+- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+- s//\1/
+- q
+- }
+- /^X\(\/\/\)[^/].*/{
+- s//\1/
+- q
+- }
+- /^X\(\/\/\)$/{
+- s//\1/
+- q
+- }
+- /^X\(\/\).*/{
+- s//\1/
+- q
+- }
+- s/.*/./; q'`
+- as_dir="$ac_dir"; as_fn_mkdir_p
+- ac_builddir=.
+-
+-case "$ac_dir" in
+-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+-*)
+- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+- # A ".." for each directory in $ac_dir_suffix.
+- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+- case $ac_top_builddir_sub in
+- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+- esac ;;
+-esac
+-ac_abs_top_builddir=$ac_pwd
+-ac_abs_builddir=$ac_pwd$ac_dir_suffix
+-# for backward compatibility:
+-ac_top_builddir=$ac_top_build_prefix
+-
+-case $srcdir in
+- .) # We are building in place.
+- ac_srcdir=.
+- ac_top_srcdir=$ac_top_builddir_sub
+- ac_abs_top_srcdir=$ac_pwd ;;
+- [\\/]* | ?:[\\/]* ) # Absolute name.
+- ac_srcdir=$srcdir$ac_dir_suffix;
+- ac_top_srcdir=$srcdir
+- ac_abs_top_srcdir=$srcdir ;;
+- *) # Relative name.
+- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+- ac_top_srcdir=$ac_top_build_prefix$srcdir
+- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+-esac
+-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+-
+-
+- case $ac_mode in
+- :F)
+- #
+- # CONFIG_FILE
+- #
+-
+-_ACEOF
+-
+-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+-# If the template does not know about datarootdir, expand it.
+-# FIXME: This hack should be removed a few years after 2.60.
+-ac_datarootdir_hack=; ac_datarootdir_seen=
+-ac_sed_dataroot='
+-/datarootdir/ {
+- p
+- q
+-}
+-/@datadir@/p
+-/@docdir@/p
+-/@infodir@/p
+-/@localedir@/p
+-/@mandir@/p'
+-case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+-*datarootdir*) ac_datarootdir_seen=yes;;
+-*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+-$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+-_ACEOF
+-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+- ac_datarootdir_hack='
+- s&@datadir@&$datadir&g
+- s&@docdir@&$docdir&g
+- s&@infodir@&$infodir&g
+- s&@localedir@&$localedir&g
+- s&@mandir@&$mandir&g
+- s&\\\${datarootdir}&$datarootdir&g' ;;
+-esac
+-_ACEOF
+-
+-# Neutralize VPATH when `$srcdir' = `.'.
+-# Shell code in configure.ac might set extrasub.
+-# FIXME: do we really want to maintain this feature?
+-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+-ac_sed_extra="$ac_vpsub
+-$extrasub
+-_ACEOF
+-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+-:t
+-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+-s|@configure_input@|$ac_sed_conf_input|;t t
+-s&@top_builddir@&$ac_top_builddir_sub&;t t
+-s&@top_build_prefix@&$ac_top_build_prefix&;t t
+-s&@srcdir@&$ac_srcdir&;t t
+-s&@abs_srcdir@&$ac_abs_srcdir&;t t
+-s&@top_srcdir@&$ac_top_srcdir&;t t
+-s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+-s&@builddir@&$ac_builddir&;t t
+-s&@abs_builddir@&$ac_abs_builddir&;t t
+-s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+-$ac_datarootdir_hack
+-"
+-eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
+- >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+-
+-test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+- { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
+- "$ac_tmp/out"`; test -z "$ac_out"; } &&
+- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+-which seems to be undefined. Please make sure it is defined" >&5
+-$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+-which seems to be undefined. Please make sure it is defined" >&2;}
+-
+- rm -f "$ac_tmp/stdin"
+- case $ac_file in
+- -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+- *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
+- esac \
+- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+- ;;
+-
+-
+-
+- esac
+-
+-done # for ac_tag
+-
+-
+-as_fn_exit 0
+-_ACEOF
+-ac_clean_files=$ac_clean_files_save
+-
+-test $ac_write_fail = 0 ||
+- as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+-
+-
+-# configure is writing to config.log, and then calls config.status.
+-# config.status does its own redirection, appending to config.log.
+-# Unfortunately, on DOS this fails, as config.log is still kept open
+-# by configure, so config.status won't be able to write to it; its
+-# output is simply discarded. So we exec the FD to /dev/null,
+-# effectively closing config.log, so it can be properly (re)opened and
+-# appended to by config.status. When coming back to configure, we
+-# need to make the FD available again.
+-if test "$no_create" != yes; then
+- ac_cs_success=:
+- ac_config_status_args=
+- test "$silent" = yes &&
+- ac_config_status_args="$ac_config_status_args --quiet"
+- exec 5>/dev/null
+- $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+- exec 5>>config.log
+- # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+- # would make configure fail if this is the last instruction.
+- $ac_cs_success || as_fn_exit 1
+-fi
+-if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+-$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+-fi
+-
+diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/configure.ac b/src/modules/rlm_eap/types/rlm_eap_teap/configure.ac
+deleted file mode 100644
+index 6247f4c8aa..0000000000
+--- a/src/modules/rlm_eap/types/rlm_eap_teap/configure.ac
++++ /dev/null
+@@ -1,86 +0,0 @@
+-AC_PREREQ([2.69])
+-AC_INIT
+-AC_CONFIG_SRCDIR([rlm_eap_teap.c])
+-AC_REVISION($Revision$)
+-FR_INIT_MODULE([rlm_eap_teap])
+-
+-mod_ldflags=
+-mod_cflags=
+-
+-FR_MODULE_START_TESTS
+-
+-dnl ############################################################
+-dnl # Check for command line options
+-dnl ############################################################
+-dnl extra argument: --with-openssl-lib-dir
+-openssl_lib_dir=
+-AC_ARG_WITH(openssl-lib-dir,
+- [AS_HELP_STRING([--with-openssl-lib-dir=DIR],
+- [directory for LDAP library files])],
+- [case "$withval" in
+- no)
+- AC_MSG_ERROR(Need openssl-lib-dir)
+- ;;
+- yes)
+- ;;
+- *)
+- openssl_lib_dir="$withval"
+- ;;
+- esac])
+-
+-dnl extra argument: --with-openssl-include-dir
+-openssl_include_dir=
+-AC_ARG_WITH(openssl-include-dir,
+- [AS_HELP_STRING([-with-openssl-include-dir=DIR],
+- [directory for LDAP include files])],
+- [case "$withval" in
+- no)
+- AC_MSG_ERROR(Need openssl-include-dir)
+- ;;
+- yes)
+- ;;
+- *)
+- openssl_include_dir="$withval"
+- ;;
+- esac])
+-
+-dnl ############################################################
+-dnl # Check for header files
+-dnl ############################################################
+-
+-smart_try_dir=$openssl_include_dir
+-FR_SMART_CHECK_INCLUDE(openssl/ec.h)
+-if test "$ac_cv_header_openssl_ec_h" != "yes"; then
+- FR_MODULE_FAIL([openssl/ec.h])
+-fi
+-
+-smart_try_dir=$openssl_lib_dir
+-FR_SMART_CHECK_LIB(crypto, EVP_CIPHER_CTX_new)
+-if test "x$ac_cv_lib_crypto_EVP_CIPHER_CTX_new" != "xyes"; then
+- FR_MODULE_FAIL([libssl])
+-fi
+-
+-AC_EGREP_CPP(yes,
+- [#include <openssl/crypto.h>
+- #if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
+- yes
+- #endif
+- ],
+- [
+- AC_MSG_CHECKING([for OpenSSL version >= 1.1.1])
+- AC_MSG_RESULT(yes)
+- ],
+- [
+- AC_MSG_CHECKING([for OpenSSL version >= 1.1.1])
+- AC_MSG_RESULT(no)
+- FR_MODULE_FAIL([OpenSSL>=1.1.1])
+- ]
+-)
+-
+-FR_MODULE_END_TESTS
+-
+-AC_SUBST(mod_ldflags)
+-AC_SUBST(mod_cflags)
+-
+-AC_CONFIG_FILES([all.mk])
+-AC_OUTPUT
+diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
+deleted file mode 100644
+index 8e372c69f3..0000000000
+--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.c
++++ /dev/null
+@@ -1,1817 +0,0 @@
+-/*
+- * eap_teap.c contains the interfaces that are called from the main handler
+- *
+- * Version: $Id$
+- *
+- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
+- *
+- * This software may not be redistributed in any form without the prior
+- * written consent of Network RADIUS.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- */
+-
+-RCSID("$Id$")
+-
+-#include "eap_teap.h"
+-#include "eap_teap_crypto.h"
+-#include <freeradius-devel/sha1.h>
+-#include <openssl/ssl.h>
+-#include <openssl/rand.h>
+-
+-#define EAPTLS_MPPE_KEY_LEN 32
+-
+-#define RDEBUGHEX(_label, _data, _length) \
+-if (fr_debug_lvl > 2) {\
+- char __buf[8192];\
+- for (size_t i = 0; (i < (size_t) _length) && (3*i < sizeof(__buf)); i++) {\
+- sprintf(&__buf[3*i], " %02x", (uint8_t)(_data)[i]);\
+- }\
+- RDEBUG2("%s - hexdump(len=%zu):%s", _label, (size_t)_length, __buf);\
+-} while (0)
+-
+-#define RANDFILL(x) do { rad_assert(sizeof(x) % sizeof(uint32_t) == 0); for (size_t i = 0; i < sizeof(x); i += sizeof(uint32_t)) *((uint32_t *)&x[i]) = fr_rand(); } while(0)
+-#define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0]))
+-#define MIN(a,b) (((a)>(b)) ? (b) : (a))
+-
+-struct crypto_binding_buffer {
+- uint16_t tlv_type;
+- uint16_t length;
+- eap_tlv_crypto_binding_tlv_t binding;
+- uint8_t eap_type;
+- uint8_t outer_tlvs[1];
+-} CC_HINT(__packed__);
+-#define CRYPTO_BINDING_BUFFER_INIT(_cbb) \
+-do {\
+- _cbb->tlv_type = htons(EAP_TEAP_TLV_MANDATORY | EAP_TEAP_TLV_CRYPTO_BINDING);\
+- _cbb->length = htons(sizeof(struct eap_tlv_crypto_binding_tlv_t));\
+- _cbb->eap_type = PW_EAP_TEAP;\
+-} while (0)
+-
+-static struct teap_imck_t imck_zeros = { };
+-
+-/**
+- * RFC 7170 EAP-TEAP Authentication Phase 1: Key Derivations
+- */
+-static void eap_teap_init_keys(REQUEST *request, tls_session_t *tls_session)
+-{
+- teap_tunnel_t *t = tls_session->opaque;
+-
+- const EVP_MD *md = SSL_CIPHER_get_handshake_digest(SSL_get_current_cipher(tls_session->ssl));
+- const int md_type = EVP_MD_type(md);
+-
+- RDEBUG3("Phase 2: Using MAC %s (%d)", OBJ_nid2sn(md_type), md_type);
+-
+- RDEBUG3("Phase 2: Deriving keys");
+-
+- rad_assert(t->received_version > -1);
+- rad_assert(t->imckc == 0);
+-
+- /* S-IMCK[0] = session_key_seed (RFC7170, Section 5.1) */
+- eaptls_gen_keys_only(request, tls_session->ssl, "EXPORTER: teap session key seed", NULL, 0, t->imck_msk.simck, sizeof(t->imck_msk.simck));
+- memcpy(t->imck_emsk.simck, t->imck_msk.simck, sizeof(t->imck_msk.simck));
+- RDEBUGHEX("Phase 2: S-IMCK[0]", t->imck_msk.simck, sizeof(t->imck_msk.simck));
+-}
+-
+-/**
+- * RFC 7170 EAP-TEAP Intermediate Compound Key Derivations - Section 5.2
+- */
+-/**
+- * RFC 7170 - Intermediate Compound Key Derivations
+- */
+-static void eap_teap_derive_imck(REQUEST *request, tls_session_t *tls_session,
+- uint8_t *msk, size_t msklen,
+- uint8_t *emsk, size_t emsklen)
+-{
+- teap_tunnel_t *t = tls_session->opaque;
+-
+- t->imckc++;
+- RDEBUG2("Phase 2: Calculating ICMK for round (j = %d)", t->imckc);
+-
+- uint8_t imsk_msk[EAP_TEAP_IMSK_LEN] = {0};
+- uint8_t imsk_emsk[EAP_TEAP_IMSK_LEN + 32]; // +32 for EMSK overflow
+- struct teap_imck_t imck_msk, imck_emsk;
+-
+- uint8_t imck_label[27] = "Inner Methods Compound Keys"; // width trims trailing \0
+- struct iovec imck_seed[2] = {
+- { (void *)imck_label, sizeof(imck_label) },
+- { NULL, EAP_TEAP_IMSK_LEN }
+- };
+-
+- if (msklen) {
+- memcpy(imsk_msk, msk, MIN(msklen, EAP_TEAP_IMSK_LEN));
+- RDEBUGHEX("Phase 2: IMSK from MSK", imsk_msk, EAP_TEAP_IMSK_LEN);
+- } else {
+- RDEBUGHEX("Phase 2: IMSK Zero", imsk_msk, EAP_TEAP_IMSK_LEN);
+- }
+- imck_seed[1].iov_base = imsk_msk;
+- TLS_PRF(tls_session->ssl,
+- t->imck_msk.simck, sizeof(t->imck_msk.simck),
+- imck_seed, ARRAY_SIZE(imck_seed),
+- (uint8_t *)&imck_msk, sizeof(imck_msk));
+-
+- /* IMCK[j] 60 octets => S-IMCK[j] first 40 octets, CMK[j] last 20 octets */
+- RDEBUGHEX("Phase 2: MSK S-IMCK[j]", imck_msk.simck, sizeof(imck_msk.simck));
+- RDEBUGHEX("Phase 2: MSK CMK[j]", imck_msk.cmk, sizeof(imck_msk.cmk));
+-
+- if (emsklen) {
+- uint8_t emsk_label[20] = "TEAPbindkey@ietf.org";
+- uint8_t null[1] = {0};
+- uint8_t length[2] = {0,64}; /* length of 64 bytes in two bytes in network order */
+- struct iovec emsk_seed[] = {
+- { (void *)emsk_label, sizeof(emsk_label) },
+- { (void *)null, sizeof(null) },
+- { (void *)length, sizeof(length) }
+- };
+-
+- /*
+- * IMSK[j] = First 32 octets of TLS-PRF(
+- * EMSK[j],
+- * "TEAPbindkey@ietf.org",
+- * 0x00 | 0x00 | 0x40)
+- */
+- TLS_PRF(tls_session->ssl,
+- emsk, emsklen,
+- emsk_seed, ARRAY_SIZE(emsk_seed),
+- imsk_emsk, sizeof(imsk_emsk));
+-
+- RDEBUGHEX("Phase 2: IMSK from EMSK", imsk_emsk, EAP_TEAP_IMSK_LEN);
+-
+- /*
+- * IMCK[j] = the first 60 octets of TLS-PRF(S-IMCK[j-1],
+- * "Inner Methods Compound Keys",
+- * IMSK[j])
+- */
+- imck_seed[1].iov_base = imsk_emsk;
+- TLS_PRF(tls_session->ssl,
+- t->imck_emsk.simck, sizeof(t->imck_emsk.simck),
+- imck_seed, ARRAY_SIZE(imck_seed),
+- (uint8_t *)&imck_emsk, sizeof(imck_emsk));
+-
+- /* IMCK[j] 60 octets => S-IMCK[j] first 40 octets, CMK[j] last 20 octets */
+- RDEBUGHEX("Phase 2: EMSK S-IMCK[j]", imck_emsk.simck, sizeof(imck_emsk.simck));
+- RDEBUGHEX("Phase 2: EMSK CMK[j]", imck_emsk.cmk, sizeof(imck_emsk.cmk));
+-
+- memcpy(&t->imck_emsk, &imck_emsk, sizeof(imck_emsk));
+- }
+-
+- memcpy(&t->imck_msk, &imck_msk, sizeof(imck_msk));
+-}
+-
+-static void eap_teap_tlv_append(tls_session_t *tls_session, int tlv, bool mandatory, int length, const void *data)
+-{
+- uint16_t hdr[2];
+-
+- hdr[0] = htons(tlv | (mandatory ? EAP_TEAP_TLV_MANDATORY : 0));
+- hdr[1] = htons(length);
+-
+- tls_session->record_plus(&tls_session->clean_in, &hdr, 4);
+- tls_session->record_plus(&tls_session->clean_in, data, length);
+-}
+-
+-static void eap_teap_send_error(tls_session_t *tls_session, int error)
+-{
+- uint32_t value;
+- value = htonl(error);
+-
+- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_ERROR, true, sizeof(value), &value);
+-}
+-
+-static void eap_teap_append_identity_type(tls_session_t *tls_session, int value)
+-{
+- uint16_t identity;
+- identity = htons(value);
+- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
+-
+- fr_assert(value != 0);
+- fr_assert(value <= 2);
+-
+- /*
+- * If we send this, it's required.
+- */
+- t->auths[value].required = true;
+- t->auths[value].sent = true;
+-
+- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_IDENTITY_TYPE, false, sizeof(identity), &identity);
+-}
+-
+-static void eap_teap_append_result(REQUEST *request, tls_session_t *tls_session, PW_CODE code)
+-{
+- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
+-
+- int type = (t->result_final)
+- ? EAP_TEAP_TLV_RESULT
+- : EAP_TEAP_TLV_INTERMED_RESULT;
+-
+- char const *name = (t->result_final) ? "Result" : "Intermediate-Result";
+-
+- uint16_t state = (code == PW_CODE_ACCESS_REJECT)
+- ? EAP_TEAP_TLV_RESULT_FAILURE
+- : EAP_TEAP_TLV_RESULT_SUCCESS;
+- state = htons(state);
+-
+- char const *state_name = (code == PW_CODE_ACCESS_REJECT) ? "Failure" : "Success";
+-
+- RDEBUG("Phase 2: %s = %s", name, state_name);
+-
+- eap_teap_tlv_append(tls_session, type, true, sizeof(state), &state);
+-}
+-
+-static void eap_teap_append_eap_identity_request(REQUEST *request, tls_session_t *tls_session, eap_handler_t *eap_session)
+-{
+- eap_packet_raw_t eap_packet;
+-
+- RDEBUG("Phase 2: Sending EAP-Identity");
+-
+- eap_packet.code = PW_EAP_REQUEST;
+- eap_packet.id = eap_session->eap_ds->response->id + 1;
+- eap_packet.length[0] = 0;
+- eap_packet.length[1] = EAP_HEADER_LEN + 1;
+- eap_packet.data[0] = PW_EAP_IDENTITY;
+-
+- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_EAP_PAYLOAD, true, sizeof(eap_packet), &eap_packet);
+-}
+-
+-/*
+- * RFC7170 and the consequences of EID5768, EID5770 and EID5775 makes the path forward unclear,
+- * so just do what hostapd does...which the IETF probably agree with anyway:
+- * https://mailarchive.ietf.org/arch/msg/emu/mXzpSGEn86Zx_fa4f1uULYMhMoM/
+- */
+-static void eap_teap_append_crypto_binding(REQUEST *request, tls_session_t *tls_session,
+- uint8_t *msk, size_t msklen,
+- uint8_t *emsk, size_t emsklen)
+-{
+- teap_tunnel_t *t = tls_session->opaque;
+- uint8_t mac_msk[EVP_MAX_MD_SIZE], mac_emsk[EVP_MAX_MD_SIZE];
+- unsigned int maclen = EVP_MAX_MD_SIZE;
+- uint8_t *buf;
+- size_t olen, buflen;
+- struct crypto_binding_buffer *cbb;
+- uint8_t *outer_tlvs;
+-
+- RDEBUG("Phase 2: Sending Cryptobinding");
+-
+- eap_teap_derive_imck(request, tls_session, msk, msklen, emsk, emsklen);
+-
+- t->imck_emsk_available = emsklen > 0;
+-
+- olen = tls_session->outer_tlvs_octets_server ? talloc_array_length(tls_session->outer_tlvs_octets_server) : 0;
+- olen += tls_session->outer_tlvs_octets_peer ? talloc_array_length(tls_session->outer_tlvs_octets_peer) : 0;
+-
+- buflen = sizeof(struct crypto_binding_buffer) - 1/*outer_tlvs*/ + olen;
+-
+- buf = talloc_zero_array(request, uint8_t, buflen);
+- rad_assert(buf != NULL);
+-
+- cbb = (struct crypto_binding_buffer *)buf;
+-
+- CRYPTO_BINDING_BUFFER_INIT(cbb);
+- cbb->binding.version = EAP_TEAP_VERSION;
+- cbb->binding.received_version = t->received_version;
+-
+- cbb->binding.subtype = ((emsklen ? EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_BOTH : EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK) << 4) | EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST;
+-
+- rad_assert(sizeof(cbb->binding.nonce) % sizeof(uint32_t) == 0);
+- RANDFILL(cbb->binding.nonce);
+- cbb->binding.nonce[sizeof(cbb->binding.nonce) - 1] &= ~0x01; /* RFC 7170, Section 4.2.13 */
+-
+- outer_tlvs = &cbb->outer_tlvs[0];
+-
+- if (tls_session->outer_tlvs_octets_server) {
+- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_server);
+-
+- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_server, len);
+- outer_tlvs += len;
+- }
+-
+- if (tls_session->outer_tlvs_octets_peer) {
+- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_peer);
+-
+- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_peer, len);
+- }
+-
+- RDEBUGHEX("Phase 2: BUFFER for Compound MAC calculation", buf, buflen);
+-
+- const EVP_MD *md = SSL_CIPHER_get_handshake_digest(SSL_get_current_cipher(tls_session->ssl));
+- HMAC(md, &t->imck_msk.cmk, EAP_TEAP_CMK_LEN, buf, buflen, mac_msk, &maclen);
+- if (t->imck_emsk_available) {
+- HMAC(md, &t->imck_emsk.cmk, EAP_TEAP_CMK_LEN, buf, buflen, mac_emsk, &maclen);
+- }
+- memcpy(cbb->binding.msk_compound_mac, &mac_msk, sizeof(cbb->binding.msk_compound_mac));
+- if (t->imck_emsk_available) {
+- memcpy(cbb->binding.emsk_compound_mac, &mac_emsk, sizeof(cbb->binding.emsk_compound_mac));
+- }
+-
+- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_CRYPTO_BINDING, true, sizeof(cbb->binding), (uint8_t *)&cbb->binding);
+-}
+-
+-static int eap_teap_verify(REQUEST *request, tls_session_t *tls_session, uint8_t const *data, unsigned int data_len)
+-{
+- uint16_t attr;
+- uint16_t length;
+- unsigned int remaining = data_len;
+- int total = 0;
+- int num[EAP_TEAP_TLV_MAX] = {0};
+- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
+- uint32_t present = 0;
+- uint32_t error = 0;
+- uint16_t status = 0;
+-
+- rad_assert(sizeof(present) * 8 > EAP_TEAP_TLV_MAX);
+-
+- while (remaining > 0) {
+- if (remaining < 4) {
+- REDEBUG("Phase 2: Data is too small (%u) to contain a TLV header", remaining);
+- return 0;
+- }
+-
+- memcpy(&attr, data, sizeof(attr));
+- attr = ntohs(attr) & EAP_TEAP_TLV_TYPE;
+-
+- switch (attr) {
+- case EAP_TEAP_TLV_RESULT:
+- case EAP_TEAP_TLV_NAK:
+- case EAP_TEAP_TLV_ERROR:
+- case EAP_TEAP_TLV_VENDOR_SPECIFIC:
+- case EAP_TEAP_TLV_EAP_PAYLOAD:
+- case EAP_TEAP_TLV_INTERMED_RESULT:
+- case EAP_TEAP_TLV_CRYPTO_BINDING:
+- case EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP:
+- num[attr]++;
+- present |= 1 << attr;
+-
+- if (num[EAP_TEAP_TLV_EAP_PAYLOAD] > 1) {
+- REDEBUG("Phase 2: Too many EAP-Payload TLVs");
+-unexpected:
+- for (int i = 0; i < EAP_TEAP_TLV_MAX; i++) {
+- DICT_ATTR const *da;
+-
+- if (!(present & (1 << i))) continue;
+-
+- da = dict_attrbyvalue((i << 8) | PW_FREERADIUS_EAP_TEAP_TLV, VENDORPEC_FREERADIUS);
+- if (da) {
+- RDEBUG("Phase 2: - attribute %s is present", da->name);
+- } else {
+- RDEBUG("Phase 2: - attribute %d is present", i);
+- }
+- }
+- eap_teap_send_error(tls_session, EAP_TEAP_ERR_UNEXPECTED_TLV);
+- return 0;
+- }
+-
+- if (num[EAP_TEAP_TLV_INTERMED_RESULT] > 1) {
+- REDEBUG("Phase 2: Too many Intermediate-Result TLVs");
+- goto unexpected;
+- }
+- break;
+- default:
+- if ((data[0] & 0x80) != 0) {
+- REDEBUG("Phase 2: Unknown mandatory TLV %02x", attr);
+- goto unexpected;
+- }
+-
+- num[0]++;
+- }
+-
+- total++;
+-
+- memcpy(&length, data + 2, sizeof(length));
+- length = ntohs(length);
+-
+- data += 4;
+- remaining -= 4;
+-
+- if (length > remaining) {
+- REDEBUG2("Phase 2: TLV %u is longer than room remaining in the packet (%u > %u).", attr,
+- length, remaining);
+- return 0;
+- }
+-
+- /*
+- * If the rest of the TLVs are larger than
+- * this attribute, continue.
+- *
+- * Otherwise, if the attribute over-flows the end
+- * of the TLCs, die.
+- */
+- if (remaining < length) {
+- REDEBUG2("Phase 2: TLV overflows packet.");
+- return 0;
+- }
+-
+- if (attr == EAP_TEAP_TLV_ERROR) {
+- if (length != 4) goto fail_length;
+- error = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];
+- }
+-
+- /*
+- * If there's an error, we bail out of the
+- * authentication process before allocating
+- * memory.
+- */
+- if ((attr == EAP_TEAP_TLV_INTERMED_RESULT) || (attr == EAP_TEAP_TLV_RESULT)) {
+- if (length != 2) {
+- fail_length:
+- REDEBUG("Phase 2: TLV %u is too short. Expected 2, got %d.", attr, length);
+- return 0;
+- }
+-
+- status = (data[0] << 8) | data[1];
+- if (status == 0) goto unknown_value;
+- }
+-
+- /*
+- * 1 octet length + User-Name
+- * 1 octet length + User-Password
+- */
+- if (attr == EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP) {
+- uint8_t const *p = data;
+- uint16_t vlen = length;
+-
+- if (vlen <= 2) {
+- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is too short. Expected >2, got %d.", vlen);
+- return 0;
+- }
+-
+- /*
+- * Can't be zero. We must have MORE than "1 octet length + User-Name"
+- */
+- if (!p[0] || ((p[0] + 1) >= vlen)) {
+- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is invalid. User-Name field has bad lenth %u", p[0]);
+- return 0;
+- }
+-
+- vlen -= p[0] + 1;
+- if (!vlen) {
+- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is invalid. Password field is missing");
+- return 0;
+- }
+-
+- p += p[0] + 1;
+- if (!p[0] || (p[0] >= vlen)) {
+- REDEBUG("Phase 2: Basic-Password-Auth-Resp TLV is invalid. Password field has bad lenth %u", p[0]);
+- return 0;
+- }
+- }
+-
+- if (attr == EAP_TEAP_TLV_IDENTITY_TYPE) {
+- if (length != 2) goto fail_length;
+-
+- if ((data[0] != 0) || (data[1] == 0) || (data[1] > 2)) {
+- REDEBUG("Phase 2: Identity-Type TLV contains invalid value %02x%02x",
+- data[0], data[1]);
+- return 0;
+- }
+- }
+-
+- /*
+- * Check the size of Crypto-Binding TLV, and the TEAP version.
+- */
+- if (attr == EAP_TEAP_TLV_CRYPTO_BINDING) {
+- if (length != sizeof(eap_tlv_crypto_binding_tlv_t)) {
+- REDEBUG("Phase 2: Crypto-Binding TLV has incorrect length %u", length);
+- return 0;
+- }
+-
+- if (data[1] != EAP_TEAP_VERSION) {
+- REDEBUG("Phase 2: Crypto-Binding TLV has incorrect version %u", data[1]);
+- return 0;
+- }
+- }
+-
+- /*
+- * remaining > length, continue.
+- */
+- remaining -= length;
+- data += length;
+- }
+-
+- /*
+- * Check status if we have it.
+- */
+- if (status) {
+- if (status == EAP_TEAP_TLV_RESULT_FAILURE) {
+- if (!error) {
+- REDEBUG("Phase 2: Received Result from peer which indicates failure with error %u. Rejecting request.", error);
+- } else {
+- REDEBUG("Phase 2: Received Result from peer which indicates failure. Rejecting request.");
+- }
+- return 0;
+- }
+-
+- if (status != EAP_TEAP_TLV_RESULT_SUCCESS) {
+- unknown_value:
+- REDEBUG("Phase 2: Received Result from peer with unknown value %u. Rejecting request.", status);
+- goto unexpected;
+- }
+- }
+-
+- /*
+- * Check if the peer mixed & matched TLVs.
+- */
+- if ((num[EAP_TEAP_TLV_NAK] > 0) && (num[EAP_TEAP_TLV_NAK] != total)) {
+- REDEBUG("Phase 2: NAK TLV was sent along with non-NAK TLVs. Rejecting request.");
+- goto unexpected;
+- }
+-
+- /*
+- * RFC7170 EID5844 says we can have Intermediate-Result and Result TLVs all in one
+- */
+-
+- /*
+- * Check mandatory or not mandatory TLVs.
+- */
+- switch (t->stage) {
+- case TLS_SESSION_HANDSHAKE:
+- if (present) {
+- REDEBUG("Phase 2: Unexpected TLVs in TLS Session Handshake stage");
+- goto unexpected;
+- }
+- break;
+- case AUTHENTICATION:
+- if (present & ~((1 << EAP_TEAP_TLV_EAP_PAYLOAD) | (1 << EAP_TEAP_TLV_CRYPTO_BINDING) | (1 << EAP_TEAP_TLV_INTERMED_RESULT) | (1 << EAP_TEAP_TLV_RESULT) | (1 << EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP))) {
+- REDEBUG("Phase 2: Unexpected TLVs in authentication stage");
+- goto unexpected;
+- }
+-
+- /*
+- * A password request must yield a password response.
+- */
+- if (t->sent_basic_password && ((present & (1 << EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP)) == 0)) {
+- REDEBUG("Phase 2: Sent Basic-Password-Auth-Req but reply does not contain Basic-Password-Auth-Resp");
+- goto unexpected;
+- }
+-
+- /*
+- * If we have Identity-Type, the packet must also
+- * contain either EAP-Payload or
+- * Basic-Password-Auth-Resp.
+- */
+- if (((present & (1 << EAP_TEAP_TLV_IDENTITY_TYPE)) != 0) &&
+- ((present & (1 << EAP_TEAP_TLV_EAP_PAYLOAD)) == 0) &&
+- ((present & (1 << EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP)) == 0)) {
+- REDEBUG("Phase 2: Received Identity-Type without EAP-Payload or Basic-Password-Auth-Resp");
+- goto unexpected;
+- }
+-
+- break;
+- case PROVISIONING:
+- if (present & ~(1 << EAP_TEAP_TLV_RESULT)) {
+- REDEBUG("Phase 2: Unexpected TLVs in provisioning stage");
+- goto unexpected;
+- }
+- break;
+- case COMPLETE:
+- if (present) {
+- REDEBUG("Phase 2: Unexpected TLVs in complete stage");
+- goto unexpected;
+- }
+- break;
+- default:
+- REDEBUG("Phase 2: Internal error, invalid stage %d", t->stage);
+- return 0;
+- }
+-
+- /*
+- * We got this far. It looks OK.
+- */
+- return 1;
+-}
+-
+-static ssize_t eap_teap_decode_vp(TALLOC_CTX *request, DICT_ATTR const *parent,
+- uint8_t const *data, size_t const attr_len, VALUE_PAIR **out)
+-{
+- int8_t tag = TAG_NONE;
+- VALUE_PAIR *vp;
+- uint8_t const *p = data;
+-
+- /*
+- * FIXME: Attrlen can be larger than 253 for extended attrs!
+- */
+- if (!parent || !out ) {
+- RERROR("eap_teap_decode_vp: Invalid arguments");
+- return -1;
+- }
+-
+- /*
+- * Silently ignore zero-length attributes.
+- */
+- if (attr_len == 0) return 0;
+-
+- /*
+- * And now that we've verified the basic type
+- * information, decode the actual p.
+- */
+- vp = fr_pair_afrom_da(request, parent);
+- if (!vp) return -1;
+-
+- vp->vp_length = attr_len;
+- vp->tag = tag;
+-
+- switch (parent->type) {
+- case PW_TYPE_STRING:
+- fr_pair_value_bstrncpy(vp, p, attr_len);
+- break;
+-
+- case PW_TYPE_OCTETS:
+- fr_pair_value_memcpy(vp, p, attr_len);
+- break;
+-
+- case PW_TYPE_ABINARY:
+- if (vp->vp_length > sizeof(vp->vp_filter)) {
+- vp->vp_length = sizeof(vp->vp_filter);
+- }
+- memcpy(vp->vp_filter, p, vp->vp_length);
+- break;
+-
+- case PW_TYPE_BYTE:
+- vp->vp_byte = p[0];
+- break;
+-
+- case PW_TYPE_SHORT:
+- vp->vp_short = (p[0] << 8) | p[1];
+- break;
+-
+- case PW_TYPE_INTEGER:
+- case PW_TYPE_SIGNED: /* overloaded with vp_integer */
+- memcpy(&vp->vp_integer, p, 4);
+- vp->vp_integer = ntohl(vp->vp_integer);
+- break;
+-
+- case PW_TYPE_INTEGER64:
+- memcpy(&vp->vp_integer64, p, 8);
+- vp->vp_integer64 = ntohll(vp->vp_integer64);
+- break;
+-
+- case PW_TYPE_DATE:
+- memcpy(&vp->vp_date, p, 4);
+- vp->vp_date = ntohl(vp->vp_date);
+- break;
+-
+- case PW_TYPE_ETHERNET:
+- memcpy(vp->vp_ether, p, 6);
+- break;
+-
+- case PW_TYPE_IPV4_ADDR:
+- memcpy(&vp->vp_ipaddr, p, 4);
+- break;
+-
+- case PW_TYPE_IFID:
+- memcpy(vp->vp_ifid, p, 8);
+- break;
+-
+- case PW_TYPE_IPV6_ADDR:
+- memcpy(&vp->vp_ipv6addr, p, 16);
+- break;
+-
+- case PW_TYPE_IPV6_PREFIX:
+- /*
+- * FIXME: double-check that
+- * (vp->vp_octets[1] >> 3) matches vp->vp_length + 2
+- */
+- memcpy(vp->vp_ipv6prefix, p, vp->vp_length);
+- if (vp->vp_length < 18) {
+- memset(((uint8_t *)vp->vp_ipv6prefix) + vp->vp_length, 0,
+- 18 - vp->vp_length);
+- }
+- break;
+-
+- case PW_TYPE_IPV4_PREFIX:
+- /* FIXME: do the same double-check as for IPv6Prefix */
+- memcpy(vp->vp_ipv4prefix, p, vp->vp_length);
+-
+- /*
+- * /32 means "keep all bits". Otherwise, mask
+- * them out.
+- */
+- if ((p[1] & 0x3f) > 32) {
+- uint32_t addr, mask;
+-
+- memcpy(&addr, vp->vp_octets + 2, sizeof(addr));
+- mask = 1;
+- mask <<= (32 - (p[1] & 0x3f));
+- mask--;
+- mask = ~mask;
+- mask = htonl(mask);
+- addr &= mask;
+- memcpy(vp->vp_ipv4prefix + 2, &addr, sizeof(addr));
+- }
+- break;
+-
+- default:
+- RERROR("eap_teap_decode_vp: type %d Internal sanity check %d ", parent->type, __LINE__);
+- fr_pair_list_free(&vp);
+- return -1;
+- }
+-
+- vp->type = VT_DATA;
+- *out = vp;
+- return attr_len;
+-}
+-
+-
+-VALUE_PAIR *eap_teap_teap2vp(REQUEST *request, SSL *ssl, uint8_t const *data, size_t data_len,
+- DICT_ATTR const *teap_da, vp_cursor_t *out)
+-{
+- uint16_t attr;
+- uint16_t length;
+- size_t data_left = data_len;
+- VALUE_PAIR *first = NULL;
+- VALUE_PAIR *vp = NULL;
+- DICT_ATTR const *da;
+-
+- if (!teap_da)
+- teap_da = dict_attrbyvalue(PW_FREERADIUS_EAP_TEAP_TLV, VENDORPEC_FREERADIUS);
+- rad_assert(teap_da != NULL);
+-
+- if (!out) {
+- out = talloc(request, vp_cursor_t);
+- rad_assert(out != NULL);
+- fr_cursor_init(out, &first);
+- }
+-
+- /*
+- * Decode the TLVs
+- */
+- while (data_left > 0) {
+- ssize_t decoded;
+-
+- /* FIXME do something with mandatory */
+-
+- memcpy(&attr, data, sizeof(attr));
+- attr = ntohs(attr) & EAP_TEAP_TLV_TYPE;
+-
+- memcpy(&length, data + 2, sizeof(length));
+- length = ntohs(length);
+-
+- data += 4;
+- data_left -= 4;
+-
+- /*
+- * Look up the TLV.
+- *
+- * For now, if it doesn't exist, ignore it.
+- */
+- da = dict_attrbyparent(teap_da, attr, teap_da->vendor);
+- if (!da) {
+- RDEBUG3("Phase 2: Skipping unknown attribute %u", attr);
+- goto next_attr;
+- }
+- if (da->type == PW_TYPE_TLV) {
+- eap_teap_teap2vp(request, ssl, data, length, da, out);
+- goto next_attr;
+- }
+- decoded = eap_teap_decode_vp(request, da, data, length, &vp);
+- if (decoded < 0) {
+- REDEBUG3("Phase 2: Failed decoding %s: %s", da->name, fr_strerror());
+- goto next_attr;
+- }
+-
+- fr_cursor_merge(out, vp);
+-
+- next_attr:
+- while (fr_cursor_next(out)) {
+- /* nothing */
+- }
+-
+- data += length;
+- data_left -= length;
+- }
+-
+- /*
+- * We got this far. It looks OK.
+- */
+- return first;
+-}
+-
+-
+-static void eapteap_copy_request_to_tunnel(REQUEST *request, REQUEST *fake) {
+- VALUE_PAIR *copy, *vp;
+- vp_cursor_t cursor;
+-
+- for (vp = fr_cursor_init(&cursor, &request->packet->vps);
+- vp;
+- vp = fr_cursor_next(&cursor)) {
+- /*
+- * The attribute is a server-side thingy,
+- * don't copy it.
+- */
+- if ((vp->da->attr > 255) && (((vp->da->attr >> 16) & 0xffff) == 0)) {
+- continue;
+- }
+-
+- /*
+- * The outside attribute is already in the
+- * tunnel, don't copy it.
+- *
+- * This works for BOTH attributes which
+- * are originally in the tunneled request,
+- * AND attributes which are copied there
+- * from below.
+- */
+- if (fr_pair_find_by_da(fake->packet->vps, vp->da, TAG_ANY)) continue;
+-
+- /*
+- * Some attributes are handled specially.
+- */
+- if (!vp->da->vendor) switch (vp->da->attr) {
+- /*
+- * NEVER copy Message-Authenticator,
+- * EAP-Message, or State. They're
+- * only for outside of the tunnel.
+- */
+- case PW_USER_NAME:
+- case PW_USER_PASSWORD:
+- case PW_CHAP_PASSWORD:
+- case PW_CHAP_CHALLENGE:
+- case PW_PROXY_STATE:
+- case PW_MESSAGE_AUTHENTICATOR:
+- case PW_EAP_MESSAGE:
+- case PW_STATE:
+- continue;
+-
+- /*
+- * By default, copy it over.
+- */
+- default:
+- break;
+- }
+-
+- /*
+- * Don't copy from the head, we've already
+- * checked it.
+- */
+- copy = fr_pair_list_copy_by_num(fake->packet, vp, vp->da->attr, vp->da->vendor, TAG_ANY);
+- fr_pair_add(&fake->packet->vps, copy);
+- }
+-}
+-
+-static const char *stage_name[] = {
+- "TLS session handshake",
+- "Authentication",
+- "Provisioning",
+- "Complete"
+-};
+-
+-/*
+- * Use a reply packet to determine what to do.
+- */
+-static rlm_rcode_t CC_HINT(nonnull) process_reply(eap_handler_t *eap_session,
+- tls_session_t *tls_session,
+- REQUEST *request, RADIUS_PACKET *reply)
+-{
+- rlm_rcode_t rcode = RLM_MODULE_REJECT;
+- VALUE_PAIR *vp;
+- vp_cursor_t cursor;
+- uint8_t msk[2 * CHAP_VALUE_LENGTH] = {0}, emsk[2 * EAPTLS_MPPE_KEY_LEN] = {0};
+- size_t msklen = 0, emsklen = 0;
+- bool doing_eap;
+-
+- teap_tunnel_t *t = tls_session->opaque;
+-
+- rad_assert(eap_session->request == request);
+-
+- RDEBUG("Phase 2: Stage %s", stage_name[t->stage]);
+-
+- /*
+- * If the response packet was Access-Accept, then
+- * we're OK. If not, die horribly.
+- *
+- * FIXME: EAP-Messages can only start with 'identity',
+- * NOT 'eap start', so we should check for that....
+- */
+- switch (reply->code) {
+- case PW_CODE_ACCESS_ACCEPT:
+- RDEBUG("Phase 2: Got tunneled Access-Accept");
+-
+- for (vp = fr_cursor_init(&cursor, &reply->vps); vp; vp = fr_cursor_next(&cursor)) {
+- if (vp->da->attr == PW_EAP_EMSK) {
+- // FIXME check if we should be generating an emsk from MPPE keys below
+- emsklen = MIN(vp->vp_length, sizeof(emsk));
+- memcpy(emsk, vp->vp_octets, emsklen);
+- break;
+- }
+-
+- if (vp->da->vendor != VENDORPEC_MICROSOFT) continue;
+-
+- /* like for EAP-FAST, the keying material is used reversed */
+- switch (vp->da->attr) {
+- case PW_MSCHAP_MPPE_SEND_KEY:
+- if (vp->vp_length == EAPTLS_MPPE_KEY_LEN) {
+- /* do not set emsklen here so not to blat EAP-EMSK */
+- // emsklen = sizeof(emsk);
+- memcpy(emsk, vp->vp_octets, EAPTLS_MPPE_KEY_LEN);
+- } else if (vp->vp_length == CHAP_VALUE_LENGTH) {
+- msklen = sizeof(msk);
+- memcpy(msk, vp->vp_octets, CHAP_VALUE_LENGTH);
+- } else {
+- wrong_length:
+- REDEBUG("Phase 2: Found %s with incorrect length. Expected %u or %u, got %zu",
+- vp->da->name, CHAP_VALUE_LENGTH, EAPTLS_MPPE_KEY_LEN, vp->vp_length);
+- return RLM_MODULE_INVALID;
+- }
+-
+- RDEBUGHEX("Phase 2: MSCHAP-MPPE-SEND-KEY [low MSK]", vp->vp_octets, vp->length);
+- break;
+-
+- case PW_MSCHAP_MPPE_RECV_KEY:
+- /* only do this if there is no EAP-EMSK */
+- if (vp->vp_length == EAPTLS_MPPE_KEY_LEN && emsklen == 0) {
+- msklen = sizeof(msk);
+- memcpy(msk, vp->vp_octets, EAPTLS_MPPE_KEY_LEN);
+- emsklen = sizeof(emsk);
+- memcpy(&emsk[EAPTLS_MPPE_KEY_LEN], vp->vp_octets, EAPTLS_MPPE_KEY_LEN);
+- } else if (vp->vp_length == CHAP_VALUE_LENGTH) {
+- msklen = sizeof(msk);
+- memcpy(&msk[CHAP_VALUE_LENGTH], vp->vp_octets, CHAP_VALUE_LENGTH);
+- } else {
+- goto wrong_length;
+- }
+-
+- RDEBUGHEX("Phase 2: MSCHAP-MPPE-RECV-KEY [high MSK]", vp->vp_octets, vp->vp_length);
+- break;
+-
+- case PW_MSCHAP2_SUCCESS:
+- RDEBUG("Phase 2: Got %s, tunneling it to the client in a challenge", vp->da->name);
+- if (t->use_tunneled_reply) {
+- t->authenticated = true;
+- /*
+- * Clean up the tunneled reply.
+- */
+- fr_pair_delete_by_num(&reply->vps, PW_PROXY_STATE, 0, TAG_ANY);
+- fr_pair_delete_by_num(&reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+- fr_pair_delete_by_num(&reply->vps, PW_MESSAGE_AUTHENTICATOR, 0, TAG_ANY);
+-
+- /*
+- * Delete MPPE keys & encryption policy. We don't
+- * want these here.
+- */
+- fr_pair_delete_by_num(&reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY);
+- fr_pair_delete_by_num(&reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY);
+- fr_pair_delete_by_num(&reply->vps, 16, VENDORPEC_MICROSOFT, TAG_ANY);
+- fr_pair_delete_by_num(&reply->vps, 17, VENDORPEC_MICROSOFT, TAG_ANY);
+-
+- fr_pair_list_free(&t->accept_vps); /* for proxying MS-CHAP2 */
+- fr_pair_list_mcopy_by_num(t, &t->accept_vps, &reply->vps, 0, 0, TAG_ANY);
+- rad_assert(!reply->vps);
+- }
+- break;
+-
+- default:
+- break;
+- }
+- }
+-
+- if (t->use_tunneled_reply) {
+- /*
+- * Clean up the tunneled reply.
+- */
+- fr_pair_delete_by_num(&reply->vps, PW_EAP_EMSK, 0, TAG_ANY);
+- fr_pair_delete_by_num(&reply->vps, PW_EAP_SESSION_ID, 0, TAG_ANY);
+- }
+-
+- eap_teap_append_result(request, tls_session, reply->code);
+- eap_teap_append_crypto_binding(request, tls_session, msk, msklen, emsk, emsklen);
+-
+- vp = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
+- if (vp) {
+- RDEBUG("Phase 2: Continuing with Identity-Type = %s",
+- (vp->vp_short == 1) ? "User" : "Machine");
+-
+- /* RFC3748, Section 2.1 - does not explictly tell us to but we need to eat the EAP-Success */
+- fr_pair_delete_by_num(&reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+-
+- /* new identity */
+- talloc_free(t->username);
+- t->username = NULL;
+-
+- if (t->num_identities == 2) {
+- RDEBUG("Phase 2: Configured to send too many identities, failing the session");
+- goto fail;
+- }
+-
+- t->identity_types[t->num_identities++] = vp->vp_short;
+-
+- /* RFC7170, Appendix C.6 */
+- eap_teap_append_identity_type(tls_session, vp->vp_short);
+-
+- if (t->default_method || t->eap_method[vp->vp_short]) {
+- eap_teap_append_eap_identity_request(request, tls_session, eap_session);
+- }
+-
+- if (!t->auto_chain) goto challenge;
+-
+- if (!(t->default_method || t->eap_method[vp->vp_short])) {
+- RDEBUG("Phase 2: No %s EAP methods configured - assuming password",
+- (vp->vp_short == 1) ? "User" : "Machine");
+-
+- vp = fr_pair_afrom_num(reply, PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, VENDORPEC_FREERADIUS);
+- if (vp) {
+- fr_pair_add(&reply->vps, vp);
+- } else {
+- RERROR("Failed adding attribute &reply:FreeRADIUS-EAP-TEAP-Basic-Password-Auth-Req");
+- goto fail;
+- }
+- }
+-
+- /*
+- * Delete the &session-state:FreeRADIUS-EAP-TEAP-TLV-Identity-Type
+- * which we found.
+- *
+- * If there are more than one, then the
+- * next round will pick up the next one.
+- */
+- RDEBUG("Phase 2: Deleting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += %s",
+- (vp->vp_short == 1) ? "User" : "Machine");
+- fr_pair_delete(&request->state, vp);
+-
+- /*
+- * Always challenge, as we're sending EAP-Identity.
+- */
+- goto challenge;
+- }
+-
+- if (t->auths[1].required && !t->auths[1].received) {
+- REDEBUG("Phase 2: We required Identity-Type = User, but we did not see it - rejecting the session");
+- goto fail;
+- }
+-
+- if (t->auths[2].required && !t->auths[2].received) {
+- REDEBUG("Phase 2: We required Identity-Type = Machine, but we did not see it - rejecting the session");
+- goto fail;
+- }
+-
+- RDEBUG("Phase 2: All inner authentications have succeeded");
+-
+- t->result_final = true;
+- t->sent_basic_password = false;
+- eap_teap_append_result(request, tls_session, reply->code);
+-
+- tls_session->authentication_success = true;
+- rcode = RLM_MODULE_OK;
+-
+- break;
+-
+- case PW_CODE_ACCESS_REJECT:
+- RDEBUG("Phase 2: Got tunneled Access-Reject");
+-
+- fail:
+- eap_teap_append_result(request, tls_session, PW_CODE_ACCESS_REJECT);
+- rcode = RLM_MODULE_REJECT;
+- break;
+-
+- /*
+- * Handle Access-Challenge, but only if we
+- * send tunneled reply data. This is because
+- * an Access-Challenge means that we MUST tunnel
+- * a Reply-Message to the client.
+- */
+- case PW_CODE_ACCESS_CHALLENGE:
+- RDEBUG("Phase 2: Got tunneled Access-Challenge");
+-challenge:
+- /*
+- * Keep the State attribute, if necessary.
+- *
+- * Get rid of the old State, too.
+- */
+- fr_pair_list_free(&t->state);
+- fr_pair_list_mcopy_by_num(t, &t->state, &reply->vps, PW_STATE, 0, TAG_ANY);
+-
+- t->sent_basic_password = false;
+- doing_eap = false;
+-
+- /*
+- * Copy the EAP-Message back to the tunnel. Note
+- * that there can only be one EAP-Message
+- * attribute. The RADIUS encoder takes care of
+- * splitting it into multiple chunks in a RADIUS
+- * packet.
+- *
+- * For TEAP, we can only send one EAP-Payload TLV
+- * in a packet.
+- */
+- vp = fr_pair_find_by_num(reply->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+- if (vp) {
+- doing_eap = true;
+- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_EAP_PAYLOAD, true, vp->vp_length, vp->vp_octets);
+- }
+-
+- /*
+- * When chaining, we 'goto challenge' and can use
+- * that to now signal back to unlang that a
+- * method has completed and we can now move to
+- * the next
+- */
+- rcode = reply->code == PW_CODE_ACCESS_CHALLENGE ? RLM_MODULE_HANDLED : RLM_MODULE_OK;
+-
+- if (!doing_eap) {
+- vp = fr_pair_find_by_num(reply->vps, PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, VENDORPEC_FREERADIUS, TAG_ANY);
+- if (!vp) {
+- RWDEBUG("Phase 2: Not configured to use EAP or passwords. Authentication will likely fail.");
+- break;
+- }
+-
+- t->sent_basic_password = true;
+-
+- RDEBUG("Phase 2: Sending Basic-Password-Auth-Req");
+- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, true, vp->vp_length, vp->vp_strvalue);
+- }
+-
+- break;
+-
+- default:
+- RDEBUG("Phase 2: Unknown RADIUS packet type %d: rejecting tunneled user", reply->code);
+- rcode = RLM_MODULE_INVALID;
+- break;
+- }
+-
+-
+- return rcode;
+-}
+-
+-static PW_CODE eap_teap_phase2(REQUEST *request, eap_handler_t *eap_session,
+- tls_session_t *tls_session, REQUEST *fake)
+-{
+- PW_CODE code = PW_CODE_ACCESS_REJECT;
+- rlm_rcode_t rcode;
+- VALUE_PAIR *vp;
+- teap_tunnel_t *t;
+- int eap_method = 0;
+-
+- RDEBUG3("Phase 2: Processing received EAP Payload");
+-
+- t = (teap_tunnel_t *) tls_session->opaque;
+-
+- RDEBUG("Phase 2: Got tunneled request");
+- rdebug_pair_list(L_DBG_LVL_1, request, fake->packet->vps, NULL);
+-
+- /*
+- * Tell the request that it's a fake one.
+- */
+- fr_pair_make(fake->packet, &fake->packet->vps, "Freeradius-Proxied-To", "127.0.0.1", T_OP_EQ);
+-
+- /*
+- * No User-Name in the stored data, look for
+- * an EAP-Identity, and pull it out of there.
+- */
+- if (!t->username) {
+- vp = fr_pair_find_by_num(fake->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY);
+- if (vp &&
+- (vp->vp_length >= EAP_HEADER_LEN + 2) &&
+- (vp->vp_strvalue[0] == PW_EAP_RESPONSE) &&
+- (vp->vp_strvalue[EAP_HEADER_LEN] == PW_EAP_IDENTITY) &&
+- (vp->vp_strvalue[EAP_HEADER_LEN + 1] != 0)) {
+- /*
+- * Create & remember a User-Name
+- */
+- t->username = fr_pair_make(t, NULL, "User-Name", NULL, T_OP_EQ);
+- rad_assert(t->username != NULL);
+-
+- fr_pair_value_bstrncpy(t->username, vp->vp_octets + 5, vp->vp_length - 5);
+-
+- RDEBUG("Phase 2: Got tunneled identity of %s", t->username->vp_strvalue);
+-
+- } else if (!fake->username) {
+- /*
+- * Don't reject the request outright,
+- * as it's permitted to do EAP without
+- * user-name.
+- */
+- RWDEBUG2("Phase 2: No EAP-Identity found to start EAP conversation");
+- }
+- } /* else there WAS a t->username */
+-
+- if (t->username && !fake->username) {
+- vp = fr_pair_list_copy(fake->packet, t->username);
+- fr_pair_add(&fake->packet->vps, vp);
+- fake->username = vp;
+- }
+-
+- /*
+- * Add the State attribute, too, if it exists.
+- */
+- if (t->state) {
+- vp = fr_pair_list_copy(fake->packet, t->state);
+- if (vp) fr_pair_add(&fake->packet->vps, vp);
+- }
+-
+- if (t->stage == AUTHENTICATION) {
+- VALUE_PAIR *tvp;
+-
+- eap_method = t->default_method;
+-
+- RDEBUG2("Phase 2: Authentication");
+-
+- /*
+- * See which method we're doing. If we're told to do a particular kind of identity
+- * check, AND there's not any EAP-Type already set, THEN do it.
+- */
+- vp = fr_pair_find_by_num(fake->packet->vps, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
+- if (vp) {
+- VALUE_PAIR *teap_type;
+-
+- t->auths[vp->vp_short].received++;
+-
+- /*
+- * User auth. Prefer:
+- * * values set by the admin for this session.
+- * * otherwise configured in the TEAP module
+- * * otherwise default_eap_type
+- * * otherwise ???
+- */
+- if (vp->vp_short == 1) {
+- teap_type = fr_pair_find_by_num(request->state, PW_TEAP_TYPE_USER, 0, TAG_ANY);
+- if (teap_type) {
+- eap_method = teap_type->vp_integer;
+-
+- RDEBUG("Phase 2: Setting User EAP-Type = %s from &config:TEAP-Type-User",
+- eap_type2name(eap_method));
+-
+- } else if (t->eap_method[vp->vp_short]) {
+- eap_method = t->eap_method[vp->vp_short];
+-
+- RDEBUG("Phase 2: Setting User EAP-Type = %s from TEAP configuration user_eap_type",
+- eap_type2name(eap_method));
+-
+- } else if (eap_method) {
+- RDEBUG("Phase 2: Setting User EAP-Type = %s from TEAP configuration default_eap_type",
+- eap_type2name(eap_method));
+-
+- } else if (fake->password) {
+- RDEBUG("Phase 2: User is not doing EAP, but instead is doing User-Password authentication");
+-
+- } else {
+- RWDEBUG("Phase 2: Not setting User EAP-Type");
+- }
+- }
+-
+- if (vp->vp_short == 2) {
+- teap_type = fr_pair_find_by_num(request->state, PW_TEAP_TYPE_MACHINE, 0, TAG_ANY);
+- if (teap_type) {
+- eap_method = teap_type->vp_integer;
+-
+- RDEBUG("Phase 2: Setting Machine EAP-Type = %s from &config:TEAP-Type-Machine",
+- eap_type2name(eap_method));
+-
+- } else if (t->eap_method[vp->vp_short]) {
+- eap_method = t->eap_method[vp->vp_short];
+-
+- RDEBUG("Phase 2: Setting Machine EAP-Type = %s from TEAP configuration machine_eap_type",
+- eap_type2name(eap_method));
+-
+- } else if (eap_method) {
+- RDEBUG("Phase 2: Using Machine EAP-Type = %s from TEAP configuration default_eap_type",
+- eap_type2name(eap_method));
+-
+- } else if (fake->password) {
+- RDEBUG("Phase 2: Machine is not doing EAP, but instead is doing User-Password authentication");
+-
+- } else {
+- RWDEBUG("Phase 2: Not setting Machine EAP-Type");
+- }
+- }
+- }
+-
+- if (eap_method) {
+- /*
+- * RFC 7170 - Authenticating Using EAP-TEAP-MSCHAPv2
+- */
+- if (eap_method == PW_EAP_MSCHAPV2 && t->mode == EAP_TEAP_PROVISIONING_ANON) {
+- tvp = fr_pair_afrom_num(fake, PW_MSCHAP_CHALLENGE, VENDORPEC_MICROSOFT);
+- //fr_pair_value_memcpy(tvp, t->keyblock->server_challenge, CHAP_VALUE_LENGTH);
+- fr_pair_add(&fake->config, tvp);
+-
+- tvp = fr_pair_afrom_num(fake, PW_MS_CHAP_PEER_CHALLENGE, 0);
+- //fr_pair_value_memcpy(tvp, t->keyblock->client_challenge, CHAP_VALUE_LENGTH);
+- fr_pair_add(&fake->config, tvp);
+- }
+-
+- /*
+- * Set the configuration to force a particular EAP-Type.
+- */
+- RDEBUG("Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = %s", eap_type2name(eap_method));
+- vp = fr_pair_afrom_num(fake, PW_EAP_TYPE, 0);
+- if (vp) {
+- fr_pair_add(&fake->config, vp);
+- vp->vp_integer = eap_method;
+- }
+-
+- } else if (!fake->password) {
+- RWDEBUG("Phase 2: No explicit EAP-Type set.");
+- } else {
+- /* else it's User-Password authentication */
+- }
+- }
+-
+- if (t->copy_request_to_tunnel) {
+- eapteap_copy_request_to_tunnel(request, fake);
+- }
+-
+- if ((vp = fr_pair_find_by_num(request->config, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
+- fake->server = vp->vp_strvalue;
+-
+- } else if (t->virtual_server) {
+- fake->server = t->virtual_server;
+-
+- } /* else fake->server == request->server */
+-
+- /*
+- * Call authentication recursively, which will
+- * do PAP, CHAP, MS-CHAP, etc.
+- */
+- rad_virtual_server(fake);
+-
+- /*
+- * Decide what to do with the reply.
+- */
+- switch (fake->reply->code) {
+- case 0:
+- vp = fr_pair_find_by_num(fake->config, PW_RESPONSE_PACKET_TYPE, 0, TAG_ANY);
+- if (vp && (vp->vp_integer == PW_CODE_ACCESS_CHALLENGE)) {
+- fake->reply->code = PW_CODE_ACCESS_CHALLENGE;
+- goto do_reply;
+- }
+-
+- RDEBUG("Phase 2: No tunneled reply was found, rejecting the user.");
+- code = PW_CODE_ACCESS_REJECT;
+- break;
+-
+- default:
+- do_reply:
+- /*
+- * Returns RLM_MODULE_FOO, and we want to return PW_FOO
+- */
+- rcode = process_reply(eap_session, tls_session, request, fake->reply);
+- switch (rcode) {
+- case RLM_MODULE_REJECT:
+- code = PW_CODE_ACCESS_REJECT;
+- break;
+-
+- case RLM_MODULE_HANDLED:
+- code = PW_CODE_ACCESS_CHALLENGE;
+- break;
+-
+- case RLM_MODULE_OK:
+- code = PW_CODE_ACCESS_ACCEPT;
+- break;
+-
+- default:
+- code = PW_CODE_ACCESS_REJECT;
+- break;
+- }
+- break;
+- }
+-
+- return code;
+-}
+-
+-static PW_CODE eap_teap_crypto_binding(REQUEST *request, UNUSED eap_handler_t *eap_session,
+- tls_session_t *tls_session, eap_tlv_crypto_binding_tlv_t const *binding)
+-{
+- teap_tunnel_t *t = tls_session->opaque;
+- uint8_t *buf;
+- size_t olen, buflen;
+- struct crypto_binding_buffer *cbb;
+- uint8_t mac[EVP_MAX_MD_SIZE];
+- unsigned int maclen = sizeof(mac);
+- unsigned int flags;
+- struct teap_imck_t *imck = NULL;
+- uint8_t *outer_tlvs;
+-
+- /*
+- * @todo - put crypto binding calculations into a common function,
+- */
+- olen = tls_session->outer_tlvs_octets_server ? talloc_array_length(tls_session->outer_tlvs_octets_server) : 0;
+- olen += tls_session->outer_tlvs_octets_peer ? talloc_array_length(tls_session->outer_tlvs_octets_peer) : 0;
+-
+- buflen = sizeof(struct crypto_binding_buffer) - 1/*outer_tlvs*/ + olen;
+-
+- buf = talloc_zero_array(request, uint8_t, buflen);
+- rad_assert(buf != NULL);
+-
+- cbb = (struct crypto_binding_buffer *)buf;
+-
+- /*
+- * binding->version is what they are using.
+- * binding->received_version is what they got from us.
+- */
+- if (binding->version != t->received_version || binding->received_version != EAP_TEAP_VERSION) {
+- RDEBUG2("Phase 2: Crypto-Binding TLV version mis-match (possible downgrade attack!)");
+- RDEBUG2("Phase 2: Expected client to send %d, got %d. We sent %d, they echoed back %d",
+- t->received_version, binding->version,
+- EAP_TEAP_VERSION, binding->received_version);
+- return PW_CODE_ACCESS_REJECT;
+- }
+- if ((binding->subtype & 0xf) != EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE) {
+- RDEBUG2("Phase 2: Crypto-Binding TLV contains unexpected response");
+- return PW_CODE_ACCESS_REJECT;
+- }
+- flags = binding->subtype >> 4;
+-
+- CRYPTO_BINDING_BUFFER_INIT(cbb);
+- memcpy(&cbb->binding, binding, sizeof(cbb->binding) - sizeof(cbb->binding.emsk_compound_mac) - sizeof(cbb->binding.msk_compound_mac));
+-
+- outer_tlvs = &cbb->outer_tlvs[0];
+-
+- if (tls_session->outer_tlvs_octets_server) {
+- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_server);
+-
+- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_server, len);
+- outer_tlvs += len;
+- }
+-
+- if (tls_session->outer_tlvs_octets_peer) {
+- size_t len = talloc_array_length(tls_session->outer_tlvs_octets_peer);
+-
+- memcpy(outer_tlvs, tls_session->outer_tlvs_octets_peer, len);
+- }
+-
+- RDEBUGHEX("Phase 2: BUFFER for Compound MAC calculation", buf, buflen);
+-
+- /*
+- * we carry forward the S-IMCK[j] based on what we verified for session key generation
+- *
+- * https://mailarchive.ietf.org/arch/msg/emu/mXzpSGEn86Zx_fa4f1uULYMhMoM/
+- * https://github.com/emu-wg/teap-errata/pull/13
+- */
+- const EVP_MD *md = SSL_CIPHER_get_handshake_digest(SSL_get_current_cipher(tls_session->ssl));
+-
+- /*
+- * We verify cryptobinding MSK and EMSK, but we prefer
+- * EMSK for the later IMCK deriviation.
+- */
+- if ((flags & EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK) != 0) {
+- HMAC(md, &t->imck_msk.cmk, sizeof(t->imck_msk.cmk), buf, buflen, mac, &maclen);
+- if (memcmp(binding->msk_compound_mac, mac, sizeof(binding->msk_compound_mac))) {
+- RDEBUG2("Phase 2: Crypto-Binding TLV (MSK) mis-match");
+- return PW_CODE_ACCESS_REJECT;
+- }
+- imck = &t->imck_msk;
+- }
+-
+- if (((flags & EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_EMSK) != 0) && t->imck_emsk_available) {
+- HMAC(md, &t->imck_emsk.cmk, sizeof(t->imck_emsk.cmk), buf, buflen, mac, &maclen);
+- if (memcmp(binding->emsk_compound_mac, mac, sizeof(binding->emsk_compound_mac))) {
+- RDEBUG2("Phase 2: Crypto-Binding TLV (EMSK) mis-match");
+- return PW_CODE_ACCESS_REJECT;
+- }
+-
+- RDEBUG3("Phase 2: Using all EMSK for ICMK");
+- imck = &t->imck_emsk;
+-
+- } else if (imck) {
+- RDEBUG3("Phase 2: Using all MSK for ICMK");
+-
+- } else {
+- RDEBUG3("Phase 2: Using all zeroes for ICMK");
+- imck = &imck_zeros;
+- }
+-
+- /* IMCK[j] 60 octets => S-IMCK[j] first 40 octets, CMK[j] last 20 octets */
+- RDEBUGHEX("Phase 2: S-IMCK[j]", imck->simck, sizeof(imck->simck));
+-
+- uint8_t mk_msk_label[31] = "Session Key Generating Function";
+-
+- struct iovec mk_msk_seed[1] = {
+- { (void *)mk_msk_label, sizeof(mk_msk_label) }
+- };
+- TLS_PRF(tls_session->ssl,
+- imck->simck, sizeof(imck->simck),
+- mk_msk_seed, ARRAY_SIZE(mk_msk_seed),
+- (uint8_t *)&t->msk, sizeof(t->msk));
+- RDEBUGHEX("Phase 2: Derived key (MSK)", t->msk, sizeof(t->msk));
+-
+- uint8_t mk_emsk_label[40] = "Extended Session Key Generating Function";
+- struct iovec mk_emsk_seed[1] = {
+- { (void *)mk_emsk_label, sizeof(mk_emsk_label) }
+- };
+- TLS_PRF(tls_session->ssl,
+- imck->simck, sizeof(imck->simck),
+- mk_emsk_seed, ARRAY_SIZE(mk_emsk_seed),
+- (uint8_t *)&t->emsk, sizeof(t->emsk));
+- RDEBUGHEX("Phase 2: Derived key (EMSK)", t->emsk, sizeof(t->emsk));
+-
+- return PW_CODE_ACCESS_ACCEPT;
+-}
+-
+-
+-static PW_CODE eap_teap_process_tlvs(REQUEST *request, eap_handler_t *eap_session,
+- tls_session_t *tls_session, VALUE_PAIR *teap_vps)
+-{
+- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
+- VALUE_PAIR *vp, *copy;
+- vp_cursor_t cursor;
+- PW_CODE code = PW_CODE_ACCESS_ACCEPT;
+- uint8_t const *p;
+- bool gotintermedresult = false, gotresult = false, gotcryptobinding = false;
+- REQUEST *fake;
+-
+- /*
+- * Allocate a fake REQUEST structure.
+- */
+- fake = request_alloc_fake(request);
+- rad_assert(!fake->packet->vps);
+-
+- fake->eap_inner_tunnel = true;
+-
+- for (vp = fr_cursor_init(&cursor, &teap_vps); vp; vp = fr_cursor_next(&cursor)) {
+- char *value;
+- DICT_ATTR const *parent_da = NULL;
+- VALUE_PAIR *vp_config;
+-
+- parent_da = dict_parent(vp->da->attr, vp->da->vendor);
+- if (parent_da == NULL || vp->da->vendor != VENDORPEC_FREERADIUS ||
+- ((vp->da->attr & 0xff) != PW_FREERADIUS_EAP_TEAP_TLV)) {
+- continue;
+- }
+-
+- switch (parent_da->attr) {
+- case PW_FREERADIUS_EAP_TEAP_TLV:
+- switch (vp->da->attr >> 8) {
+- case EAP_TEAP_TLV_IDENTITY_TYPE:
+- vp_config = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
+- if (vp_config && (vp_config->vp_short != vp->vp_short)) {
+- RWDEBUG("We requested &session-state:FreeRADIUS-EAP-TEAP-TLV-Identity-Type = %s",
+- (vp_config->vp_short == 1) ? "User" : "Machine");
+- RWDEBUG("But the supplicant returned FreeRADIUS-EAP-TEAP-TLV-Identity-Type = %u",
+- vp->vp_short);
+- RWDEBUG("Authentication will likely fail.");
+- }
+-
+- fr_pair_add(&fake->packet->vps, fr_pair_copy(fake->packet, vp));
+- break;
+-
+- /*
+- * Copy EAP-Payload to EAP-Message
+- */
+- case EAP_TEAP_TLV_EAP_PAYLOAD:
+- copy = fr_pair_afrom_num(fake->packet, PW_EAP_MESSAGE, 0);
+- fr_pair_value_memcpy(copy, vp->vp_octets, vp->vp_length);
+- fr_pair_add(&fake->packet->vps, copy);
+- break;
+-
+- /*
+- * We copy the full attribute, even if the administrator
+- * isn't ever going to use it. The existence of the attribute
+- * is a signal that we have a password response, and not an EAP-Message.
+- */
+- case EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP:
+- fr_pair_add(&fake->packet->vps, fr_pair_copy(fake->packet, vp));
+-
+- p = vp->vp_octets;
+-
+- copy = fr_pair_afrom_num(fake->packet, PW_USER_NAME, 0);
+- fr_pair_value_bstrncpy(copy, p + 1, p[0]);
+- fr_pair_add(&fake->packet->vps, copy);
+- fake->username = copy;
+-
+- p += p[0] + 1;
+-
+- copy = fr_pair_afrom_num(fake->packet, PW_USER_PASSWORD, 0);
+- fr_pair_value_bstrncpy(copy, p + 1, p[0]);
+- fr_pair_add(&fake->packet->vps, copy);
+- fake->password = copy;
+- break;
+-
+- /*
+- * The rest of the TEAP
+- * attributes are signalling, and
+- * aren't needed by the inner-tunnel virtual server.
+- */
+- case EAP_TEAP_TLV_RESULT:
+- gotresult = true;
+- if (vp->vp_short != EAP_TEAP_TLV_RESULT_SUCCESS) {
+- REDEBUG("Phase 2: Peer sent Result = Failure - rejecting the session");
+- code = PW_CODE_ACCESS_REJECT;
+- }
+- break;
+-
+- case EAP_TEAP_TLV_INTERMED_RESULT:
+- gotintermedresult = true;
+- if (vp->vp_short != EAP_TEAP_TLV_RESULT_SUCCESS) {
+- REDEBUG("Phase 2: Peer sent Intermediate-Result = Failure - rejecting the session");
+- code = PW_CODE_ACCESS_REJECT;
+- }
+- break;
+-
+- case EAP_TEAP_TLV_CRYPTO_BINDING:
+- gotcryptobinding = true;
+-
+- code = eap_teap_crypto_binding(request, eap_session, tls_session,
+- (eap_tlv_crypto_binding_tlv_t const *)vp->vp_octets);
+- break;
+-
+- default:
+- value = vp_aprints_value(request->packet, vp, '"');
+- RDEBUG2("Ignoring unknown attribute %s", value);
+- talloc_free(value);
+- }
+- break;
+-
+- default:
+- value = vp_aprints(request->packet, vp, '"');
+- RDEBUG2("Ignoring TEAP TLV %s", value);
+- talloc_free(value);
+- }
+-
+- if (code == PW_CODE_ACCESS_REJECT) {
+- talloc_free(fake);
+- return PW_CODE_ACCESS_REJECT;
+- }
+- }
+-
+- /*
+- * Move to the provisioning stage only if we have a final result.
+- */
+- if ((t->stage == AUTHENTICATION) && t->result_final) {
+- if (gotcryptobinding && gotintermedresult) t->stage = PROVISIONING;
+- /* rollback if we have an EAP sequence (chaining) */
+- if (t->stage == PROVISIONING && !gotresult && vp) t->stage = AUTHENTICATION;
+- }
+-
+- if (t->stage == PROVISIONING) {
+- if (gotcryptobinding && gotresult) t->stage = COMPLETE;
+- }
+-
+- if (t->stage == COMPLETE) {
+- if (!gotcryptobinding) {
+- RWDEBUG("Phase 2: Peer did not send Crypto-Binding - rejecting");
+- talloc_free(fake);
+- return PW_CODE_ACCESS_REJECT;
+- }
+-
+- if (!gotresult) {
+- RWDEBUG("Phase 2: Peer did not send Result - rejecting");
+- talloc_free(fake);
+- return PW_CODE_ACCESS_REJECT;
+- }
+-
+- } else {
+- code = eap_teap_phase2(request, eap_session, tls_session, fake);
+- }
+-
+- talloc_free(fake);
+- return code;
+-}
+-
+-
+-static void print_tunneled_data(uint8_t const *data, size_t data_len)
+-{
+- size_t i;
+-
+- DEBUG2(" TEAP tunnel data total %zu", data_len);
+-
+- if ((rad_debug_lvl > 2) && fr_log_fp) {
+- for (i = 0; i < data_len; i++) {
+- if ((i & 0x0f) == 0) fprintf(fr_log_fp, " TEAP tunnel data in %02x: ", (int) i);
+-
+- fprintf(fr_log_fp, "%02x ", data[i]);
+-
+- if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
+- }
+- if ((data_len & 0x0f) != 0) fprintf(fr_log_fp, "\n");
+- }
+-}
+-
+-
+-/*
+- * Process the inner tunnel data
+- */
+-PW_CODE eap_teap_process(eap_handler_t *eap_session, tls_session_t *tls_session)
+-{
+- PW_CODE code;
+- VALUE_PAIR *teap_vps, *vp;
+- uint8_t const *data;
+- size_t data_len;
+- teap_tunnel_t *t;
+- REQUEST *request = eap_session->request;
+-
+- /*
+- * Just look at the buffer directly, without doing
+- * record_to_buff.
+- */
+- data_len = tls_session->clean_out.used;
+- tls_session->clean_out.used = 0;
+- data = tls_session->clean_out.data;
+-
+- t = (teap_tunnel_t *) tls_session->opaque;
+-
+- if (rad_debug_lvl > 2) print_tunneled_data(data, data_len);
+-
+- /*
+- * See if the tunneled data is well formed.
+- */
+- if (!eap_teap_verify(request, tls_session, data, data_len)) return PW_CODE_ACCESS_REJECT;
+-
+- if (t->stage == TLS_SESSION_HANDSHAKE) {
+- rad_assert(t->mode == EAP_TEAP_UNKNOWN);
+-
+- char buf[256];
+- if (strstr(SSL_CIPHER_description(SSL_get_current_cipher(tls_session->ssl),
+- buf, sizeof(buf)), "Au=None")) {
+- /* FIXME enforce MSCHAPv2 - RFC 7170 */
+- RDEBUG2("Phase 2: Using anonymous provisioning");
+- t->mode = EAP_TEAP_PROVISIONING_ANON;
+- } else {
+- if (SSL_session_reused(tls_session->ssl)) {
+- RDEBUG("Phase 2: Outer session was resumed");
+- t->mode = EAP_TEAP_NORMAL_AUTH;
+- } else {
+- RDEBUG2("Phase 2: Using authenticated provisioning");
+- t->mode = EAP_TEAP_PROVISIONING_AUTH;
+- }
+- }
+-
+- eap_teap_init_keys(request, tls_session);
+-
+-
+- /* RFC7170, Appendix C.6 */
+- vp = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
+- if (vp) {
+- RDEBUG("Phase 2: Sending Identity-Type = %s", (vp->vp_short == 1) ? "User" : "Machine");
+- eap_teap_append_identity_type(tls_session, vp->vp_short);
+-
+- if (t->num_identities == 2) {
+- RDEBUG("Phase 2: Configured to send too many identities, failing the session");
+- goto fail;
+- }
+-
+- t->identity_types[t->num_identities++] = vp->vp_short;
+-
+- RDEBUG("Phase 2: Deleting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += %s",
+- (vp->vp_short == 1) ? "User" : "Machine");
+- fr_pair_delete(&request->state, vp);
+- }
+-
+- /*
+- * We always start off with an EAP-Identity-Request.
+- */
+- if (t->default_method || (vp && t->eap_method[vp->vp_short])) {
+- eap_teap_append_eap_identity_request(request, tls_session, eap_session);
+- } else {
+- RDEBUG("Phase 2: No %s EAP method configured - sending Basic-Password-Auth-Req = \"\"",
+- !vp ? "" : (vp->vp_short == 1) ? "User" : "Machine");
+- eap_teap_tlv_append(tls_session, EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, true, 0, "");
+- }
+-
+- t->stage = AUTHENTICATION;
+-
+- tls_handshake_send(request, tls_session);
+-
+- return PW_CODE_ACCESS_CHALLENGE;
+- }
+-
+- teap_vps = eap_teap_teap2vp(request, tls_session->ssl, data, data_len, NULL, NULL);
+-
+- RDEBUG("Phase 2: Got Tunneled TEAP TLVs");
+- rdebug_pair_list(L_DBG_LVL_1, request, teap_vps, NULL);
+-
+- code = eap_teap_process_tlvs(request, eap_session, tls_session, teap_vps);
+-
+- fr_pair_list_free(&teap_vps);
+-
+- if (code == PW_CODE_ACCESS_REJECT) return PW_CODE_ACCESS_REJECT;
+-
+- switch (t->stage) {
+- case AUTHENTICATION:
+- code = PW_CODE_ACCESS_CHALLENGE;
+- break;
+-
+- case PROVISIONING:
+- if (!t->result_final) {
+- t->result_final = true;
+- eap_teap_append_result(request, tls_session, code);
+- }
+- /* FALL-THROUGH */
+-
+- case COMPLETE:
+- /*
+- * TEAP wants to use it's own MSK, so boo to eap_tls_gen_mppe_keys()
+- */
+- eap_add_reply(request, "MS-MPPE-Recv-Key", t->msk, EAPTLS_MPPE_KEY_LEN);
+- eap_add_reply(request, "MS-MPPE-Send-Key", &t->msk[EAPTLS_MPPE_KEY_LEN], EAPTLS_MPPE_KEY_LEN);
+- eap_add_reply(request, "EAP-MSK", t->msk, sizeof(t->msk));
+- eap_add_reply(request, "EAP-EMSK", t->emsk, sizeof(t->emsk));
+-
+- break;
+-
+- default:
+- RERROR("Internal sanity check failed in EAP-TEAP at %d", t->stage);
+- fail:
+- code = PW_CODE_ACCESS_REJECT;
+- }
+-
+- tls_handshake_send(request, tls_session);
+-
+- return code;
+-}
+diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
+deleted file mode 100644
+index 59f7835a26..0000000000
+--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap.h
++++ /dev/null
+@@ -1,176 +0,0 @@
+-/*
+- * eap_teap.h
+- *
+- * Version: $Id$
+- *
+- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
+- *
+- * This software may not be redistributed in any form without the prior
+- * written consent of Network RADIUS.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- */
+-#ifndef _EAP_TEAP_H
+-#define _EAP_TEAP_H
+-
+-RCSIDH(eap_teap_h, "$Id$")
+-
+-#include "eap_tls.h"
+-
+-#define EAP_TEAP_VERSION 1
+-
+-#define EAP_TEAP_MSK_LEN 64
+-#define EAP_TEAP_EMSK_LEN 64
+-#define EAP_TEAP_IMSK_LEN 32
+-#define EAP_TEAP_SKS_LEN 40
+-#define EAP_TEAP_SIMCK_LEN 40
+-#define EAP_TEAP_CMK_LEN 20
+-
+-#define EAP_TEAP_TLV_MANDATORY 0x8000
+-#define EAP_TEAP_TLV_TYPE 0x3fff
+-
+-#define EAP_TEAP_ERR_TUNNEL_COMPROMISED 2001
+-#define EAP_TEAP_ERR_UNEXPECTED_TLV 2002
+-
+-/* intermediate result values also match */
+-#define EAP_TEAP_TLV_RESULT_SUCCESS 1
+-#define EAP_TEAP_TLV_RESULT_FAILURE 2
+-
+-#define EAP_TEAP_IDENTITY_TYPE_USER 1
+-#define EAP_TEAP_IDENTITY_TYPE_MACHINE 2
+-
+-#define PW_EAP_TEAP_TLV_IDENTITY_TYPE (PW_FREERADIUS_EAP_TEAP_TLV | (EAP_TEAP_TLV_IDENTITY_TYPE << 8))
+-#define PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ (PW_FREERADIUS_EAP_TEAP_TLV | (EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ << 8))
+-#define PW_EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP (PW_FREERADIUS_EAP_TEAP_TLV | (EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP << 8))
+-
+-typedef enum eap_teap_stage_t {
+- TLS_SESSION_HANDSHAKE = 0,
+- AUTHENTICATION,
+- PROVISIONING,
+- COMPLETE
+-} eap_teap_stage_t;
+-
+-typedef enum eap_teap_auth_type {
+- EAP_TEAP_UNKNOWN = 0,
+- EAP_TEAP_PROVISIONING_ANON,
+- EAP_TEAP_PROVISIONING_AUTH,
+- EAP_TEAP_NORMAL_AUTH
+-} eap_teap_auth_type_t;
+-
+-/* RFC 7170, Section 4.2.13 - Crypto-Binding TLV */
+-typedef struct eap_tlv_crypto_binding_tlv_t {
+- uint8_t reserved;
+- uint8_t version;
+- uint8_t received_version;
+- uint8_t subtype; /* Flags[4b] and Sub-Type[4b] */
+- uint8_t nonce[32];
+- uint8_t emsk_compound_mac[20];
+- uint8_t msk_compound_mac[20];
+-} CC_HINT(__packed__) eap_tlv_crypto_binding_tlv_t;
+-
+-typedef enum eap_teap_tlv_type_t {
+- EAP_TEAP_TLV_RESERVED_0 = 0, // 0
+- EAP_TEAP_TLV_AUTHORITY, // 1
+- EAP_TEAP_TLV_IDENTITY_TYPE, // 2
+- EAP_TEAP_TLV_RESULT, // 3
+- EAP_TEAP_TLV_NAK, // 4
+- EAP_TEAP_TLV_ERROR, // 5
+- EAP_TEAP_TLV_CHANNEL_BINDING, // 6
+- EAP_TEAP_TLV_VENDOR_SPECIFIC, // 7
+- EAP_TEAP_TLV_REQUEST_ACTION, // 8
+- EAP_TEAP_TLV_EAP_PAYLOAD, // 9
+- EAP_TEAP_TLV_INTERMED_RESULT, // 10
+- EAP_TEAP_TLV_PAC, // 11
+- EAP_TEAP_TLV_CRYPTO_BINDING, // 12
+- EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_REQ, // 13
+- EAP_TEAP_TLV_BASIC_PASSWORD_AUTH_RESP, // 14
+- EAP_TEAP_TLV_PKCS7, // 15
+- EAP_TEAP_TLV_PKCS10, // 16
+- EAP_TEAP_TLV_TRUSTED_ROOT, // 17
+- EAP_TEAP_TLV_MAX
+-} eap_teap_tlv_type_t;
+-
+-typedef enum eap_teap_tlv_crypto_binding_tlv_flags_t {
+- EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_EMSK = 1, // 1
+- EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_MSK, // 2
+- EAP_TEAP_TLV_CRYPTO_BINDING_FLAGS_CMAC_BOTH // 3
+-} eap_teap_tlv_crypto_binding_tlv_flags_t;
+-
+-typedef enum eap_teap_tlv_crypto_binding_tlv_subtype_t {
+- EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_REQUEST = 0, // 0
+- EAP_TEAP_TLV_CRYPTO_BINDING_SUBTYPE_RESPONSE // 1
+-} eap_teap_tlv_crypto_binding_tlv_subtype_t;
+-
+-typedef struct teap_imck_t {
+- uint8_t simck[EAP_TEAP_SIMCK_LEN];
+- uint8_t cmk[EAP_TEAP_CMK_LEN];
+-} CC_HINT(__packed__) teap_imck_t;
+-
+-typedef struct {
+- bool required;
+- bool sent;
+- uint8_t received;
+-} teap_auth_t;
+-
+-typedef struct teap_tunnel_t {
+- VALUE_PAIR *username;
+- VALUE_PAIR *state;
+- VALUE_PAIR *accept_vps;
+- bool copy_request_to_tunnel;
+- bool use_tunneled_reply;
+-
+- bool authenticated;
+- int received_version;
+-
+- int mode;
+- eap_teap_stage_t stage;
+-
+- int num_identities;
+- uint16_t identity_types[2];
+-
+- teap_auth_t auths[3]; /* so we can index by Identity-Type */
+-
+- int imckc;
+- bool imck_emsk_available;
+- struct teap_imck_t imck_msk;
+- struct teap_imck_t imck_emsk;
+-
+- uint8_t msk[EAP_TEAP_MSK_LEN];
+- uint8_t emsk[EAP_TEAP_EMSK_LEN];
+-
+- int default_method;
+- int eap_method[3];
+-
+- bool result_final;
+- bool auto_chain; //!< do we automatically chain identities
+- bool sent_basic_password;
+-
+-#ifdef WITH_PROXY
+- bool proxy_tunneled_request_as_eap; //!< Proxy tunneled session as EAP, or as de-capsulated
+- //!< protocol.
+-#endif
+- char const *virtual_server;
+-} teap_tunnel_t;
+-
+-/*
+- * Process the TEAP portion of an EAP-TEAP request.
+- */
+-PW_CODE eap_teap_process(eap_handler_t *handler, tls_session_t *tls_session) CC_HINT(nonnull);
+-
+-/*
+- * A bunch of EAP-TEAP helper functions.
+- */
+-VALUE_PAIR *eap_teap_teap2vp(REQUEST *request, UNUSED SSL *ssl, uint8_t const *data,
+- size_t data_len, DICT_ATTR const *teap_da, vp_cursor_t *out);
+-
+-#endif /* _EAP_TEAP_H */
+diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
+deleted file mode 100644
+index 17f49f9dfc..0000000000
+--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.c
++++ /dev/null
+@@ -1,198 +0,0 @@
+-/*
+- * teap-crypto.c Cryptographic functions for EAP-TEAP.
+- *
+- * Version: $Id$
+- *
+- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
+- *
+- * This software may not be redistributed in any form without the prior
+- * written consent of Network RADIUS.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- */
+-
+-RCSID("$Id$")
+-USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */
+-
+-#include <stdio.h>
+-#include <freeradius-devel/libradius.h>
+-
+-#include <openssl/evp.h>
+-#include <openssl/aes.h>
+-#include <openssl/err.h>
+-
+-#include "eap_teap_crypto.h"
+-
+-# define DEBUG if (fr_debug_lvl && fr_log_fp) fr_printf_log
+-
+-static void debug_errors(void)
+-{
+- unsigned long errCode;
+-
+- while((errCode = ERR_get_error())) {
+- char *err = ERR_error_string(errCode, NULL);
+- DEBUG("EAP-TEAP error in OpenSSL - %s", err);
+- }
+-}
+-
+-// https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode
+-int eap_teap_encrypt(uint8_t const *plaintext, size_t plaintext_len,
+- uint8_t const *aad, size_t aad_len,
+- uint8_t const *key, uint8_t *iv, unsigned char *ciphertext,
+- uint8_t *tag)
+-{
+- EVP_CIPHER_CTX *ctx;
+-
+- int len;
+-
+- int ciphertext_len;
+-
+-
+- /* Create and initialise the context */
+- if (!(ctx = EVP_CIPHER_CTX_new())) {
+- debug_errors();
+- return -1;
+- };
+-
+- /* Initialise the encryption operation. */
+- if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
+- debug_errors();
+- return -1;
+- };
+-
+- /* Set IV length if default 12 bytes (96 bits) is not appropriate */
+- if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) {
+- debug_errors();
+- return -1;
+- };
+-
+- /* Initialise key and IV */
+- if (1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) {
+- debug_errors();
+- return -1;
+- };
+-
+- /* Provide any AAD data. This can be called zero or more times as
+- * required
+- */
+- if (1 != EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len)) {
+- debug_errors();
+- return -1;
+- };
+-
+- /* Provide the message to be encrypted, and obtain the encrypted output.
+- * EVP_EncryptUpdate can be called multiple times if necessary
+- */
+- if (1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) {
+- debug_errors();
+- return -1;
+- };
+- ciphertext_len = len;
+-
+- /* Finalise the encryption. Normally ciphertext bytes may be written at
+- * this stage, but this does not occur in GCM mode
+- */
+- if (1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) {
+- debug_errors();
+- return -1;
+- };
+- ciphertext_len += len;
+-
+- /* Get the tag */
+- if (1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) {
+- debug_errors();
+- return -1;
+- };
+-
+- /* Clean up */
+- EVP_CIPHER_CTX_free(ctx);
+-
+- return ciphertext_len;
+-}
+-
+-int eap_teap_decrypt(uint8_t const *ciphertext, size_t ciphertext_len,
+- uint8_t const *aad, size_t aad_len,
+- uint8_t const *tag, uint8_t const *key, uint8_t const *iv, uint8_t *plaintext)
+-{
+- EVP_CIPHER_CTX *ctx;
+- int len;
+- int plaintext_len;
+- int ret;
+-
+- /* Create and initialise the context */
+- if (!(ctx = EVP_CIPHER_CTX_new())) {
+- debug_errors();
+- return -1;
+- };
+-
+- /* Initialise the decryption operation. */
+- if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
+- debug_errors();
+- return -1;
+- };
+-
+- /* Set IV length. Not necessary if this is 12 bytes (96 bits) */
+- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) {
+- debug_errors();
+- return -1;
+- };
+-
+- /* Initialise key and IV */
+- if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) {
+- debug_errors();
+- return -1;
+- };
+-
+- /* Provide any AAD data. This can be called zero or more times as
+- * required
+- */
+- if (!EVP_DecryptUpdate(ctx, NULL, &len, aad, aad_len)) {
+- debug_errors();
+- return -1;
+- };
+-
+- /* Provide the message to be decrypted, and obtain the plaintext output.
+- * EVP_DecryptUpdate can be called multiple times if necessary
+- */
+- if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) {
+- debug_errors();
+- return -1;
+- };
+- plaintext_len = len;
+-
+- {
+- unsigned char *tmp;
+-
+- memcpy(&tmp, &tag, sizeof(tmp));
+-
+- /* Set expected tag value. Works in OpenSSL 1.0.1d and later */
+- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tmp)) {
+- debug_errors();
+- return -1;
+- };
+- }
+-
+- /* Finalise the decryption. A positive return value indicates success,
+- * anything else is a failure - the plaintext is not trustworthy.
+- */
+- ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
+-
+- /* Clean up */
+- EVP_CIPHER_CTX_free(ctx);
+-
+- if (ret < 0) return -1;
+-
+- /* Success */
+- plaintext_len += len;
+- return plaintext_len;
+-}
+diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h b/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
+deleted file mode 100644
+index b02f2b9083..0000000000
+--- a/src/modules/rlm_eap/types/rlm_eap_teap/eap_teap_crypto.h
++++ /dev/null
+@@ -1,39 +0,0 @@
+-/*
+- * eap_teap_crypto.h
+- *
+- * Version: $Id$
+- *
+- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
+- *
+- * This software may not be redistributed in any form without the prior
+- * written consent of Network RADIUS.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- */
+-
+-#ifndef _EAP_TEAP_CRYPTO_H
+-#define _EAP_TEAP_CRYPTO_H
+-
+-RCSIDH(eap_teap_crypto_h, "$Id$")
+-
+-
+-int eap_teap_encrypt(uint8_t const *plaintext, size_t plaintext_len,
+- uint8_t const *aad, size_t aad_len,
+- uint8_t const *key, uint8_t *iv, unsigned char *ciphertext,
+- uint8_t *tag);
+-
+-int eap_teap_decrypt(uint8_t const *ciphertext, size_t ciphertext_len,
+- uint8_t const *aad, size_t aad_len,
+- uint8_t const *tag, uint8_t const *key, uint8_t const *iv, uint8_t *plaintext);
+-
+-#endif /* _EAP_TEAP_CRYPTO_H */
+diff --git a/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c b/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
+deleted file mode 100644
+index f2e2cc3d40..0000000000
+--- a/src/modules/rlm_eap/types/rlm_eap_teap/rlm_eap_teap.c
++++ /dev/null
+@@ -1,569 +0,0 @@
+-/*
+- * rlm_eap_teap.c contains the interfaces that are called from eap
+- *
+- * Version: $Id$
+- *
+- * Copyright (C) 2022 Network RADIUS SARL <legal@networkradius.com>
+- *
+- * This software may not be redistributed in any form without the prior
+- * written consent of Network RADIUS.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- */
+-
+-RCSID("$Id$")
+-USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */
+-
+-#include "eap_teap.h"
+-
+-typedef struct rlm_eap_teap_t {
+- /*
+- * TLS configuration
+- */
+- char const *tls_conf_name;
+- fr_tls_server_conf_t *tls_conf;
+-
+- /*
+- * Default tunneled EAP type
+- */
+- char const *default_method_name;
+- int default_method;
+-
+- /*
+- * User tunneled EAP type
+- */
+- char const *user_method_name;
+-
+- /*
+- * Machine tunneled EAP type
+- */
+- char const *machine_method_name;
+-
+- int eap_method[3];
+-
+-
+- /*
+- * Use the reply attributes from the tunneled session in
+- * the non-tunneled reply to the client.
+- */
+- bool use_tunneled_reply;
+-
+- /*
+- * Use SOME of the request attributes from outside of the
+- * tunneled session in the tunneled request
+- */
+- bool copy_request_to_tunnel;
+-
+- /*
+- * Do we do require a client cert?
+- */
+- bool req_client_cert;
+-
+- char const *authority_identity;
+-
+- uint16_t identity_type[2];
+-
+- char const *identity_type_name;
+-
+- /*
+- * Virtual server for inner tunnel session.
+- */
+- char const *virtual_server;
+-} rlm_eap_teap_t;
+-
+-
+-static CONF_PARSER module_config[] = {
+- { "tls", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, tls_conf_name), NULL },
+- { "default_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, default_method_name), .dflt = "" },
+- { "copy_request_to_tunnel", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_teap_t, copy_request_to_tunnel), "no" },
+- { "use_tunneled_reply", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_teap_t, use_tunneled_reply), "no" },
+- { "require_client_cert", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_teap_t, req_client_cert), "no" },
+- { "authority_identity", FR_CONF_OFFSET(PW_TYPE_STRING | PW_TYPE_REQUIRED, rlm_eap_teap_t, authority_identity), NULL },
+- { "virtual_server", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, virtual_server), NULL },
+- { "identity_types", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, identity_type_name), NULL },
+-
+- { "user_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, user_method_name), .dflt = "" },
+- { "machine_eap_type", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_teap_t, machine_method_name), .dflt = "" },
+- CONF_PARSER_TERMINATOR
+-};
+-
+-static const bool allowed[PW_EAP_MAX_TYPES] = {
+- [PW_EAP_SIM] = true,
+- [PW_EAP_TLS] = true,
+- [PW_EAP_MSCHAPV2] = true,
+- [PW_EAP_PWD] = true,
+-};
+-
+-/*
+- * Attach the module.
+- */
+-static int mod_instantiate(CONF_SECTION *cs, void **instance)
+-{
+- rlm_eap_teap_t *inst;
+-
+- *instance = inst = talloc_zero(cs, rlm_eap_teap_t);
+- if (!inst) return -1;
+-
+- /*
+- * Parse the configuration attributes.
+- */
+- if (cf_section_parse(cs, inst, module_config) < 0) {
+- return -1;
+- }
+-
+- if (!inst->virtual_server) {
+- ERROR("rlm_eap_teap: A 'virtual_server' MUST be defined for security");
+- return -1;
+- }
+-
+- /*
+- * Convert the name to an integer, to make it easier to
+- * handle.
+- */
+- if (inst->default_method_name && *inst->default_method_name) {
+- inst->default_method = eap_name2type(inst->default_method_name);
+- if (inst->default_method < 0) {
+- ERROR("rlm_eap_teap: Unknown EAP type %s",
+- inst->default_method_name);
+- return -1;
+- }
+- }
+-
+- /*
+- * @todo - allow a special value like 'basic-password', which
+- * means that we propose the Basic-Password-Auth-Req TLV during Phase 2.
+- *
+- * @todo - and then also track the username across
+- * multiple rounds, including some kind of State which
+- * can be used to signal where we are in the negotiation
+- * process.
+- */
+- if (inst->user_method_name && *inst->user_method_name) {
+- int method = eap_name2type(inst->user_method_name);
+-
+- if (method < 0) {
+- ERROR("rlm_eap_teap: Unknown User EAP type %s",
+- inst->user_method_name);
+- return -1;
+- }
+-
+- if (!allowed[method]) {
+- ERROR("rlm_eap_teap: Invalid User EAP type %s",
+- inst->user_method_name);
+- return -1;
+- }
+-
+- inst->eap_method[EAP_TEAP_IDENTITY_TYPE_USER] = method;
+- }
+-
+- if (inst->machine_method_name && *inst->machine_method_name) {
+- int method;
+-
+- method = eap_name2type(inst->machine_method_name);
+- if (method < 0) {
+- ERROR("rlm_eap_teap: Unknown Machine EAP type %s",
+- inst->machine_method_name);
+- return -1;
+- }
+-
+- if (!allowed[method]) {
+- ERROR("rlm_eap_teap: Invalid Machine EAP type %s",
+- inst->machine_method_name);
+- return -1;
+- }
+-
+- inst->eap_method[EAP_TEAP_IDENTITY_TYPE_MACHINE] = method;
+- }
+-
+- /*
+- * Read tls configuration, either from group given by 'tls'
+- * option, or from the eap-tls configuration.
+- */
+- inst->tls_conf = eaptls_conf_parse(cs, "tls");
+-
+- if (!inst->tls_conf) {
+- ERROR("rlm_eap_teap: Failed initializing SSL context");
+- return -1;
+- }
+-
+- /*
+- * Parse default identities
+- */
+- if (inst->identity_type_name) {
+- char const *p;
+- int i;
+-
+- p = inst->identity_type_name;
+- i = 0;
+-
+- while (*p) {
+- while (isspace((uint8_t) *p)) p++;
+-
+- if (strncasecmp(p, "user", 4) == 0) {
+- inst->identity_type[i] = 1;
+- p += 4;
+-
+- } else if (strncasecmp(p, "machine", 7) == 0) {
+- inst->identity_type[i] = 2;
+- p += 7;
+-
+- } else {
+- invalid_identity:
+- cf_log_err_cs(cs, "Invalid value in identity_types = '%s' at %s",
+- inst->identity_type_name, p);
+- return -1;
+- }
+-
+- i++;
+-
+- while (isspace((uint8_t) *p)) p++;
+-
+- /*
+- * We only support two things.
+- */
+- if ((i == 2) && *p) goto invalid_identity;
+-
+- if (!*p) break;
+-
+- if (*p != ',') goto invalid_identity;
+-
+- p++;
+- }
+- }
+-
+- return 0;
+-}
+-
+-/*
+- * Allocate the TEAP per-session data
+- */
+-static teap_tunnel_t *teap_alloc(TALLOC_CTX *ctx, rlm_eap_teap_t *inst)
+-{
+- teap_tunnel_t *t;
+-
+- t = talloc_zero(ctx, teap_tunnel_t);
+-
+- t->received_version = -1;
+- t->default_method = inst->default_method;
+- memcpy(&t->eap_method, &inst->eap_method, sizeof(t->eap_method));
+- t->copy_request_to_tunnel = inst->copy_request_to_tunnel;
+- t->use_tunneled_reply = inst->use_tunneled_reply;
+- t->virtual_server = inst->virtual_server;
+- return t;
+-}
+-
+-
+-/*
+- * Send an initial eap-tls request to the peer, using the libeap functions.
+- */
+-static int mod_session_init(void *type_arg, eap_handler_t *handler)
+-{
+- int status;
+- tls_session_t *ssn;
+- rlm_eap_teap_t *inst;
+- VALUE_PAIR *vp;
+- bool client_cert;
+- REQUEST *request = handler->request;
+-
+- inst = type_arg;
+-
+- handler->tls = true;
+-
+- if (request->parent) {
+- RWDEBUG("----------------------------------------------------------------------");
+- RWDEBUG("You have configured TEAP to run inside of TEAP. THIS WILL NOT WORK.");
+- RWDEBUG("Supported inner methods for TEAP are EAP-TLS, EAP-MSCHAPv2, and PAP.");
+- RWDEBUG("Other methods may work, but are not actively supported.");
+- RWDEBUG("----------------------------------------------------------------------");
+- }
+-
+- /*
+- * Check if we need a client certificate.
+- */
+-
+- /*
+- * EAP-TLS-Require-Client-Cert attribute will override
+- * the require_client_cert configuration option.
+- */
+- vp = fr_pair_find_by_num(handler->request->config, PW_EAP_TLS_REQUIRE_CLIENT_CERT, 0, TAG_ANY);
+- if (vp) {
+- client_cert = vp->vp_integer ? true : false;
+- } else {
+- client_cert = inst->req_client_cert;
+- }
+-
+- /*
+- * Disallow TLS 1.3 for now.
+- */
+- ssn = eaptls_session(handler, inst->tls_conf, client_cert, false);
+- if (!ssn) {
+- return 0;
+- }
+-
+- handler->opaque = ((void *)ssn);
+-
+- /*
+- * As TEAP is a unique special snowflake and wants to use its
+- * own rolling MSK for MPPE we we set the label to NULL so in that
+- * eaptls_gen_mppe_keys() is NOT called in eaptls_success.
+- */
+- ssn->label = NULL;
+-
+- /*
+- * Really just protocol version.
+- */
+- ssn->peap_flag = EAP_TEAP_VERSION;
+-
+- /*
+- * hostapd's wpa_supplicant gets upset if we include all the
+- * S+L+O flags but is happy with S+O (TLS payload is zero bytes
+- * for S anyway) - FIXME not true for early-data TLSv1.3!
+- */
+- ssn->length_flag = false;
+-
+- vp = fr_pair_make(ssn, NULL, "FreeRADIUS-EAP-TEAP-Authority-ID", inst->authority_identity, T_OP_EQ);
+- fr_pair_add(&ssn->outer_tlvs_server, vp);
+-
+- /*
+- * Be nice about identity types.
+- */
+- vp = fr_pair_find_by_num(request->state, PW_EAP_TEAP_TLV_IDENTITY_TYPE, VENDORPEC_FREERADIUS, TAG_ANY);
+- if (vp) {
+- RDEBUG("Found &session-state:FreeRADIUS-EAP-TEAP-Identity-Type, not setting from configuration");
+-
+- } else if (!inst->identity_type[0]) {
+- RWDEBUG("No &session-state:FreeRADIUS-EAP-TEAP-Identity-Type was found.");
+- RWDEBUG("No 'identity_types' was set in the configuration. TEAP will likely not work.");
+-
+- } else {
+- teap_tunnel_t *t;
+-
+- fr_assert(ssn->opaque == NULL);
+-
+- ssn->opaque = teap_alloc(ssn, inst);
+- t = (teap_tunnel_t *) ssn->opaque;
+-
+- /*
+- * We automatically add &session-state:FreeRADIUS-EAP-TEAP-Identity-Type
+- * to control the flow.
+- */
+- t->auto_chain = true;
+-
+- vp = fr_pair_make(request->state_ctx, &request->state, "FreeRADIUS-EAP-TEAP-Identity-Type", NULL, T_OP_SET);
+- if (vp) {
+- vp->vp_short = inst->identity_type[0];
+- RDEBUG("Setting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type = %s",
+- (vp->vp_short == 1) ? "User" : "Machine");
+-
+- t->auths[vp->vp_short].required = true;
+- }
+-
+- if (inst->identity_type[1]) {
+- vp = fr_pair_make(request->state_ctx, &request->state, "FreeRADIUS-EAP-TEAP-Identity-Type", NULL, T_OP_ADD);
+- if (vp) {
+- vp->vp_short = inst->identity_type[1];
+- RDEBUG("Followed by &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += %s",
+- (vp->vp_short == 1) ? "User" : "Machine");
+-
+- t->auths[vp->vp_short].required = true;
+- }
+- }
+- }
+-
+- /*
+- * TLS session initialization is over. Now handle TLS
+- * related handshaking or application data.
+- */
+- status = eaptls_request(handler->eap_ds, ssn, true);
+- if ((status == FR_TLS_INVALID) || (status == FR_TLS_FAIL)) {
+- REDEBUG("[eaptls start] = %s", fr_int2str(fr_tls_status_table, status, "<INVALID>"));
+- } else {
+- RDEBUG3("[eaptls start] = %s", fr_int2str(fr_tls_status_table, status, "<INVALID>"));
+- }
+- if (status == 0) return 0;
+-
+- /*
+- * The next stage to process the packet.
+- */
+- handler->stage = PROCESS;
+-
+- return 1;
+-}
+-
+-
+-/*
+- * Do authentication, by letting EAP-TLS do most of the work.
+- */
+-static int mod_process(void *arg, eap_handler_t *handler)
+-{
+- int rcode;
+- int ret = 0;
+- fr_tls_status_t status;
+- rlm_eap_teap_t *inst = (rlm_eap_teap_t *) arg;
+- tls_session_t *tls_session = (tls_session_t *) handler->opaque;
+- teap_tunnel_t *t = (teap_tunnel_t *) tls_session->opaque;
+- REQUEST *request = handler->request;
+-
+- RDEBUG2("Authenticate");
+-
+- /*
+- * Process TLS layer until done.
+- */
+- status = eaptls_process(handler);
+- if ((status == FR_TLS_INVALID) || (status == FR_TLS_FAIL)) {
+- REDEBUG("[eaptls process] = %s", fr_int2str(fr_tls_status_table, status, "<INVALID>"));
+- } else {
+- RDEBUG3("[eaptls process] = %s", fr_int2str(fr_tls_status_table, status, "<INVALID>"));
+- }
+-
+- /*
+- * Make request available to any SSL callbacks
+- */
+- SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, request);
+- switch (status) {
+- /*
+- * EAP-TLS handshake was successful, tell the
+- * client to keep talking.
+- *
+- * If this was EAP-TLS, we would just return
+- * an EAP-TLS-Success packet here.
+- */
+- case FR_TLS_SUCCESS:
+- if (SSL_session_reused(tls_session->ssl)) {
+- RDEBUG("Skipping Phase2 due to session resumption");
+- goto do_keys;
+- }
+-
+- if (t && t->authenticated) {
+- if (t->accept_vps) {
+- RDEBUG2("Using saved attributes from the original Access-Accept");
+- rdebug_pair_list(L_DBG_LVL_2, request, t->accept_vps, NULL);
+- fr_pair_list_mcopy_by_num(handler->request->reply,
+- &handler->request->reply->vps,
+- &t->accept_vps, 0, 0, TAG_ANY);
+- } else if (t->use_tunneled_reply) {
+- RDEBUG2("No saved attributes in the original Access-Accept");
+- }
+-
+- do_keys:
+- /*
+- * Success: Automatically return MPPE keys.
+- */
+- ret = eaptls_success(handler, 0);
+- goto done;
+- }
+- goto phase2;
+-
+- /*
+- * The TLS code is still working on the TLS
+- * exchange, and it's a valid TLS request.
+- * do nothing.
+- */
+- case FR_TLS_HANDLED:
+- ret = 1;
+- goto done;
+-
+- /*
+- * Handshake is done, proceed with decoding tunneled
+- * data.
+- */
+- case FR_TLS_OK:
+- break;
+-
+- /*
+- * Anything else: fail.
+- */
+- default:
+- ret = 0;
+- goto done;
+- }
+-
+-phase2:
+- /*
+- * Session is established, proceed with decoding
+- * tunneled data.
+- */
+- RDEBUG2("Session established. Proceeding to decode tunneled attributes");
+-
+- /*
+- * We may need TEAP data associated with the session, so
+- * allocate it here, if it wasn't already alloacted.
+- */
+- if (!tls_session->opaque) {
+- tls_session->opaque = teap_alloc(tls_session, inst);
+- t = (teap_tunnel_t *) tls_session->opaque;
+- }
+-
+- if (t->received_version < 0) {
+- t->received_version = handler->eap_ds->response->type.data[0] & 0x07;
+-
+- /*
+- * We only support TEAPv1.
+- */
+- if (t->received_version != EAP_TEAP_VERSION) {
+- RDEBUG("Invalid TEAP version received. Expected 1, got %u", t->received_version);
+- goto fail;
+- }
+- }
+-
+- /*
+- * Process the TEAP portion of the request.
+- */
+- rcode = eap_teap_process(handler, tls_session);
+- switch (rcode) {
+- case PW_CODE_ACCESS_REJECT:
+- fail:
+- eaptls_fail(handler, 0);
+- ret = 0;
+- goto done;
+-
+- /*
+- * Access-Challenge, continue tunneled conversation.
+- */
+- case PW_CODE_ACCESS_CHALLENGE:
+- eaptls_request(handler->eap_ds, tls_session, false);
+- ret = 1;
+- goto done;
+-
+- /*
+- * Success: Automatically return MPPE keys.
+- */
+- case PW_CODE_ACCESS_ACCEPT:
+- goto do_keys;
+-
+- default:
+- break;
+- }
+-
+- /*
+- * Something we don't understand: Reject it.
+- */
+- eaptls_fail(handler, 0);
+-
+-done:
+- SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, NULL);
+-
+- return ret;
+-}
+-
+-/*
+- * The module name should be the only globally exported symbol.
+- * That is, everything else should be 'static'.
+- */
+-extern rlm_eap_module_t rlm_eap_teap;
+-rlm_eap_module_t rlm_eap_teap = {
+- .name = "eap_teap",
+- .instantiate = mod_instantiate, /* Create new submodule instance */
+- .session_init = mod_session_init, /* Initialise a new EAP session */
+- .process = mod_process /* Process next round of EAP method */
+-};
+--
+2.34.1
+
@@ -13,6 +13,8 @@ LICENSE = "GPL-2.0-only & LGPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a"
DEPENDS = "openssl-native openssl libidn libtool libpcap libtalloc"
+PATCHTOOL = "git"
+
SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0;;protocol=https \
file://freeradius \
file://volatiles.58_radiusd \
@@ -36,6 +38,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0
file://0016-version.c-don-t-print-build-flags.patch \
file://0017-Add-acinclude.m4-to-include-required-macros.patch \
file://0018-Fix-Service-start-error.patch \
+ file://0019-freeradius-Remove-files-which-have-license-issues.patch \
"
raddbdir = "${sysconfdir}/${MLPREFIX}raddb"
@@ -81,6 +84,7 @@ EXTRA_OECONF = " --enable-strict-dependencies \
--without-rlm_securid \
--without-rlm_unbound \
--without-rlm_python \
+ --without-rlm_eap_teap \
ac_cv_path_PERL=${bindir}/perl \
ax_cv_cc_builtin_choose_expr=no \
ax_cv_cc_builtin_types_compatible_p=no \