From b59013249edd23870197b3da854a90b572733c8e Mon Sep 17 00:00:00 2001
From: Drew Hess <web-github@drewhess.com>
Date: Tue, 17 Oct 2017 01:10:42 -0700
Subject: [PATCH] strongswan: enable openssl plugin (#30494)

The NIST elliptic curve groups (ecp192 etc.) are only available if the
OpenSSL plugin is enabled, and these groups are currently the only EC
groups supported on iOS and macOS devices.
---
 pkgs/tools/networking/strongswan/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/tools/networking/strongswan/default.nix b/pkgs/tools/networking/strongswan/default.nix
index 0671b7d0089..641e1238872 100644
--- a/pkgs/tools/networking/strongswan/default.nix
+++ b/pkgs/tools/networking/strongswan/default.nix
@@ -44,6 +44,7 @@ stdenv.mkDerivation rec {
   configureFlags =
     [ "--enable-swanctl" "--enable-cmd" "--enable-systemd"
       "--enable-farp" "--enable-dhcp"
+      "--enable-openssl"
       "--enable-eap-sim" "--enable-eap-sim-file" "--enable-eap-simaka-pseudonym"
       "--enable-eap-simaka-reauth" "--enable-eap-identity" "--enable-eap-md5"
       "--enable-eap-gtc" "--enable-eap-aka" "--enable-eap-aka-3gpp2"
@@ -55,7 +56,7 @@ stdenv.mkDerivation rec {
     ++ stdenv.lib.optional (stdenv.system == "i686-linux") "--enable-padlock"
     ++ stdenv.lib.optionals enableTNC [
          "--disable-gmp" "--disable-aes" "--disable-md5" "--disable-sha1" "--disable-sha2" "--disable-fips-prf"
-         "--enable-curl" "--enable-openssl"
+         "--enable-curl"
          "--enable-eap-tnc" "--enable-eap-ttls" "--enable-eap-dynamic" "--enable-tnccs-20"
          "--enable-tnc-imc" "--enable-imc-os" "--enable-imc-attestation"
          "--enable-tnc-imv" "--enable-imv-attestation"