1AC_INIT(openconnect, 8.10) 2AC_CONFIG_HEADERS([config.h]) 3 4PKG_PROG_PKG_CONFIG 5AC_LANG_C 6AC_CANONICAL_HOST 7AM_MAINTAINER_MODE([enable]) 8AM_INIT_AUTOMAKE([foreign tar-ustar]) 9m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) 10 11AC_PREREQ([2.62], [], [AC_SUBST([localedir], ['$(datadir)/locale'])]) 12 13# Upstream's pkg.m4 (since 0.27) offers this now, but define our own 14# compatible version in case the local version of pkgconfig isn't new enough. 15# https://bugs.freedesktop.org/show_bug.cgi?id=48743 16m4_ifdef([PKG_INSTALLDIR], [PKG_INSTALLDIR], 17 [AC_ARG_WITH([pkgconfigdir], 18 [AS_HELP_STRING([--with-pkgconfigdir], 19 [install directory for openconnect.pc pkg-config file])], 20 [],[with_pkgconfigdir='$(libdir)/pkgconfig']) 21 AC_SUBST([pkgconfigdir], [${with_pkgconfigdir}])]) 22 23use_openbsd_libtool= 24symver_time= 25symver_getline= 26symver_asprintf= 27symver_vasprintf= 28symver_win32_strerror= 29 30case $host_os in 31 *linux* | *gnu* | *nacl*) 32 AC_MSG_NOTICE([Applying feature macros for GNU build]) 33 AC_DEFINE(_GNU_SOURCE, 1, [_GNU_SOURCE]) 34 ;; 35 *netbsd*) 36 AC_MSG_NOTICE([Applying feature macros for NetBSD build]) 37 AC_DEFINE(_POSIX_C_SOURCE, 200112L, [_POSIX_C_SOURCE]) 38 AC_DEFINE(_NETBSD_SOURCE, 1, [_NETBSD_SOURCE]) 39 ;; 40 *openbsd*) 41 AC_MSG_NOTICE([Applying feature macros for OpenBSD build]) 42 use_openbsd_libtool=true 43 ;; 44 *solaris*|*sunos*) 45 AC_MSG_NOTICE([Applying workaround for broken SunOS time() function]) 46 AC_DEFINE(HAVE_SUNOS_BROKEN_TIME, 1, [On SunOS time() can go backwards]) 47 symver_time="openconnect__time;" 48 ;; 49 *mingw32*|*mingw64*|*msys*) 50 AC_MSG_NOTICE([Applying feature macros for MinGW/Windows build]) 51 # For GetVolumeInformationByHandleW() which is Vista+ 52 AC_DEFINE(_WIN32_WINNT, 0x600, [Windows API version]) 53 have_win=yes 54 # For asprintf() 55 AC_DEFINE(_GNU_SOURCE, 1, [_GNU_SOURCE]) 56 symver_win32_strerror="openconnect__win32_strerror;" 57 # Win32 does have the SCard API 58 system_pcsc_libs="-lwinscard" 59 system_pcsc_cflags= 60 AC_CHECK_TOOL([WINDRES], [windres], []) 61 ;; 62 *darwin*) 63 system_pcsc_libs="-Wl,-framework -Wl,PCSC" 64 system_pcsc_cflags= 65 ;; 66 *) 67 # On FreeBSD the only way to get vsyslog() visible is to define 68 # *nothing*, which makes absolutely everything visible. 69 # On Darwin enabling _POSIX_C_SOURCE breaks <sys/mount.h> because 70 # u_long and other types don't get defined. OpenBSD is similar. 71 ;; 72esac 73AM_CONDITIONAL(OPENCONNECT_WIN32, [ test "$have_win" = "yes" ]) 74 75AC_ARG_WITH([vpnc-script], 76 [AS_HELP_STRING([--with-vpnc-script], 77 [default location of vpnc-script helper])]) 78 79if test "$with_vpnc_script" = "yes" || test "$with_vpnc_script" = ""; then 80 AC_MSG_CHECKING([for vpnc-script in standard locations]) 81 if test "$have_win" = "yes"; then 82 with_vpnc_script=vpnc-script-win.js 83 else 84 for with_vpnc_script in /usr/local/share/vpnc-scripts/vpnc-script /usr/local/sbin/vpnc-script /usr/share/vpnc-scripts/vpnc-script /usr/sbin/vpnc-script /etc/vpnc/vpnc-script; do 85 if test -x "$with_vpnc_script"; then 86 break 87 fi 88 done 89 if ! test -x "$with_vpnc_script"; then 90 AC_MSG_ERROR([${with_vpnc_script} does not seem to be executable.] 91 [OpenConnect will not function correctly without a vpnc-script.] 92 [See http://www.infradead.org/openconnect/vpnc-script.html for more details.] 93 [] 94 [If you are building a distribution package, please ensure that your] 95 [packaging is correct, and that a vpnc-script will be installed when the] 96 [user installs your package. You should provide a --with-vpnc-script=] 97 [argument to this configure script, giving the full path where the script] 98 [will be installed.] 99 [] 100 [The standard location is ${with_vpnc_script}. To bypass this error and] 101 [build OpenConnect to use the script from this location, even though it is] 102 [not present at the time you are building OpenConnect, pass the argument] 103 ["--with-vpnc-script=${with_vpnc_script}"]) 104 else 105 AC_MSG_RESULT([${with_vpnc_script}]) 106 fi 107 fi 108elif test "$with_vpnc_script" = "no"; then 109 AC_ERROR([You cannot disable vpnc-script.] 110 [OpenConnect will not function correctly without it.] 111 [See http://www.infradead.org/openconnect/vpnc-script.html]) 112elif test "$have_win" = "yes"; then 113 # Oh Windows how we hate thee. If user specifies a vpnc-script and it contains 114 # backslashes, double them all up to survive escaping. 115 with_vpnc_script="$(echo "${with_vpnc_script}" | sed s/\\\\/\\\\\\\\/g)" 116fi 117 118AC_DEFINE_UNQUOTED(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}", [Default vpnc-script locatin]) 119AC_SUBST(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}") 120 121AC_CHECK_FUNC(fdevname_r, [AC_DEFINE(HAVE_FDEVNAME_R, 1, [Have fdevname_r() function])], []) 122AC_CHECK_FUNC(statfs, [AC_DEFINE(HAVE_STATFS, 1, [Have statfs() function])], []) 123AC_CHECK_FUNC(getline, [AC_DEFINE(HAVE_GETLINE, 1, [Have getline() function])], 124 [symver_getline="openconnect__getline;"]) 125AC_CHECK_FUNC(strcasestr, [AC_DEFINE(HAVE_STRCASESTR, 1, [Have strcasestr() function])], []) 126AC_CHECK_FUNC(strndup, [AC_DEFINE(HAVE_STRNDUP, 1, [Have strndup() function])], []) 127AC_CHECK_FUNC(asprintf, [AC_DEFINE(HAVE_ASPRINTF, 1, [Have asprintf() function])], 128 [symver_asprintf="openconnect__asprintf;"]) 129AC_CHECK_FUNC(vasprintf, [AC_DEFINE(HAVE_VASPRINTF, 1, [Have vasprintf() function])], 130 [symver_vasprintf="openconnect__vasprintf;"]) 131 132if test -n "$symver_vasprintf"; then 133 AC_MSG_CHECKING([for va_copy]) 134 AC_LINK_IFELSE([AC_LANG_PROGRAM([ 135 #include <stdarg.h> 136 va_list a;],[ 137 va_list b; 138 va_copy(b,a); 139 va_end(b);])], 140 [AC_DEFINE(HAVE_VA_COPY, 1, [Have va_copy()]) 141 AC_MSG_RESULT(va_copy)], 142 [AC_LINK_IFELSE([AC_LANG_PROGRAM([ 143 #include <stdarg.h> 144 va_list a;],[ 145 va_list b; 146 __va_copy(b,a); 147 va_end(b);])], 148 [AC_DEFINE(HAVE___VA_COPY, 1, [Have __va_copy()]) 149 AC_MSG_RESULT(__va_copy)], 150 [AC_MSG_RESULT(no) 151 AC_MSG_ERROR([Your system lacks vasprintf() and va_copy()])]) 152 ]) 153fi 154AC_SUBST(SYMVER_TIME, $symver_time) 155AC_SUBST(SYMVER_GETLINE, $symver_getline) 156AC_SUBST(SYMVER_ASPRINTF, $symver_asprintf) 157AC_SUBST(SYMVER_VASPRINTF, $symver_vasprintf) 158AC_SUBST(SYMVER_WIN32_STRERROR, $symver_win32_strerror) 159 160AS_COMPILER_FLAGS(WFLAGS, 161 "-Wall 162 -Wextra 163 -Wno-missing-field-initializers 164 -Wno-sign-compare 165 -Wno-unused-parameter 166 -Werror=pointer-to-int-cast 167 -Wdeclaration-after-statement 168 -Werror-implicit-function-declaration 169 -Wformat-nonliteral 170 -Wformat-security 171 -Winit-self 172 -Wmissing-declarations 173 -Wmissing-include-dirs 174 -Wnested-externs 175 -Wpointer-arith 176 -Wwrite-strings") 177AC_SUBST(WFLAGS, [$WFLAGS]) 178 179oldCFLAGS="$CFLAGS" 180CFLAGS="$CFLAGS $WFLAGS" 181AC_MSG_CHECKING([For memset_s]) 182AC_LINK_IFELSE([AC_LANG_PROGRAM([ 183 #define __STDC_WANT_LIB_EXT1__ 1 184 #include <string.h>],[[ 185 unsigned char *foo[16]; 186 memset_s(foo, 16, 0, 16);]])], 187 [AC_MSG_RESULT([yes]) 188 AC_DEFINE(__STDC_WANT_LIB_EXT1__, 1, [To request memset_s]) 189 AC_DEFINE(HAVE_MEMSET_S, 1, [Have memset_s() function])], 190 [AC_MSG_RESULT([no]) 191 AC_CHECK_FUNC(explicit_memset, 192 [AC_DEFINE(HAVE_EXPLICIT_MEMSET, 1, [Have explicit_memset() function])], 193 [AC_CHECK_FUNC(explicit_bzero, 194 [AC_DEFINE(HAVE_EXPLICIT_BZERO, 1, [Have explicit_bzero() function])], 195 []) 196 ]) 197 ]) 198CFLAGS="$oldCFLAGS" 199 200AC_MSG_CHECKING([For localtime_r]) 201AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <time.h>],[[ 202 struct tm tm; 203 time_t t = 0; 204 localtime_r(&t, &tm);]])], 205 [AC_MSG_RESULT([yes]) 206 AC_DEFINE(HAVE_LOCALTIME_R, 1, [Have localtime_r() function])], 207 [AC_MSG_RESULT([no])]) 208 209if test "$have_win" = yes; then 210 # Checking "properly" for __attribute__((dllimport,stdcall)) functions is non-trivial 211 LIBS="$LIBS -lws2_32 -lshlwapi -lsecur32 -liphlpapi" 212 AC_MSG_CHECKING([For localtime_s]) 213 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <time.h>],[[ 214 struct tm tm; 215 time_t t = 0; 216 localtime_s(&tm, (time_t)0);]])], 217 [AC_MSG_RESULT([yes]) 218 AC_DEFINE(HAVE_LOCALTIME_S, 1, [Have localtime_s() function])], 219 [AC_MSG_RESULT([no])]) 220else 221 AC_CHECK_FUNC(socket, [], AC_CHECK_LIB(socket, socket, [], AC_ERROR(Cannot find socket() function))) 222fi 223 224have_inet_aton=yes 225AC_CHECK_FUNC(inet_aton, [], AC_CHECK_LIB(nsl, inet_aton, [], have_inet_aton=no)) 226if test "$have_inet_aton" = "yes"; then 227 AC_DEFINE(HAVE_INET_ATON, 1, [Have inet_aton()]) 228fi 229 230AC_MSG_CHECKING([for IPV6_PATHMTU socket option]) 231AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ 232 #include <netinet/in.h> 233 #include <sys/socket.h> 234 #include <sys/types.h>],[ 235 int foo = IPV6_PATHMTU; (void)foo;])], 236 [AC_DEFINE(HAVE_IPV6_PATHMTU, 1, [Have IPV6_PATHMTU socket option]) 237 AC_MSG_RESULT([yes])], 238 [AC_MSG_RESULT([no])]) 239 240AC_CHECK_FUNC(__android_log_vprint, [], AC_CHECK_LIB(log, __android_log_vprint, [], [])) 241 242AC_ENABLE_SHARED 243AC_DISABLE_STATIC 244 245AC_CHECK_FUNC(nl_langinfo, [AC_DEFINE(HAVE_NL_LANGINFO, 1, [Have nl_langinfo() function])], []) 246 247if test "$ac_cv_func_nl_langinfo" = "yes"; then 248 AM_ICONV 249 if test "$am_cv_func_iconv" = "yes"; then 250 AC_SUBST(ICONV_LIBS, [$LTLIBICONV]) 251 AC_SUBST(ICONV_CFLAGS, [$INCICONV]) 252 AC_DEFINE(HAVE_ICONV, 1, [Have iconv() function]) 253 fi 254fi 255AM_CONDITIONAL(OPENCONNECT_ICONV, [test "$am_cv_func_iconv" = "yes"]) 256 257AC_ARG_ENABLE([nls], 258 AS_HELP_STRING([--disable-nls], [Do not use Native Language Support]), 259 [USE_NLS=$enableval], [USE_NLS=yes]) 260LIBINTL= 261if test "$USE_NLS" = "yes"; then 262 AC_PATH_PROG(MSGFMT, msgfmt) 263 if test "$MSGFMT" = ""; then 264 AC_ERROR([msgfmt could not be found. Try configuring with --disable-nls]) 265 fi 266fi 267LIBINTL= 268if test "$USE_NLS" = "yes"; then 269 AC_MSG_CHECKING([for functional NLS support]) 270 AC_LINK_IFELSE([AC_LANG_PROGRAM([ 271 #include <locale.h> 272 #include <libintl.h>],[ 273 setlocale(LC_ALL, ""); 274 bindtextdomain("openconnect", "/tmp"); 275 (void)dgettext("openconnect", "foo");])], 276 [AC_MSG_RESULT(yes)], 277 [AC_LIB_LINKFLAGS_BODY([intl]) 278 oldLIBS="$LIBS" 279 LIBS="$LIBS $LIBINTL" 280 oldCFLAGS="$LIBS" 281 CFLAGS="$CFLAGS $INCINTL" 282 AC_LINK_IFELSE([AC_LANG_PROGRAM([ 283 #include <locale.h> 284 #include <libintl.h>],[ 285 setlocale(LC_ALL, ""); 286 bindtextdomain("openconnect", "/tmp"); 287 (void)dgettext("openconnect", "foo");])], 288 [AC_MSG_RESULT(yes (with $INCINTL $LIBINTL))], 289 [AC_MSG_RESULT(no) 290 USE_NLS=no]) 291 LIBS="$oldLIBS"]) 292fi 293 294if test "$USE_NLS" = "yes"; then 295 AC_SUBST(INTL_LIBS, [$LTLIBINTL]) 296 AC_SUBST(INTL_CFLAGS, [$INCINTL]) 297 AC_DEFINE(ENABLE_NLS, 1, [Enable NLS support]) 298fi 299AM_CONDITIONAL(USE_NLS, [test "$USE_NLS" = "yes"]) 300 301AC_ARG_WITH([system-cafile], 302 AS_HELP_STRING([--with-system-cafile], 303 [Location of the default system CA certificate file for old (<3.0.20) GnuTLS versions])) 304 305# We will use GnuTLS by default if it's present. We used to suppport 306# using GnuTLS for the TLS connections and OpenSSL for DTLS, but none 307# of the reasons for that make sense any more. 308 309AC_ARG_WITH([gnutls], 310 AS_HELP_STRING([--without-gnutls], [Do not attempt to use GnuTLS; use OpenSSL instead])) 311AC_ARG_WITH([openssl], 312 AS_HELP_STRING([--with-openssl], [Location of OpenSSL build dir])) 313 314ssl_library= 315esp= 316dtls= 317 318if test "$with_openssl" != "" -a "$with_openssl" != "no"; then 319 if test "$with_gnutls" = ""; then 320 with_gnutls=no 321 elif test "$with_gnutls" = "yes"; then 322 AC_MSG_ERROR([You cannot choose both GnuTLS and OpenSSL.]) 323 fi 324fi 325 326# First, check if GnuTLS exists and is usable 327if test "$with_gnutls" = "yes" || test "$with_gnutls" = ""; then 328 PKG_CHECK_MODULES(GNUTLS, gnutls, 329 [if ! $PKG_CONFIG --atleast-version=3.2.10 gnutls; then 330 AC_MSG_WARN([Your GnuTLS is too old. At least v3.2.10 is required]) 331 else 332 ssl_library=GnuTLS 333 fi], [:]) 334elif test "$with_gnutls" != "no"; then 335 AC_ERROR([Values other than 'yes' or 'no' for --with-gnutls are not supported]) 336fi 337 338# Do we need to look for OpenSSL? 339if test "$ssl_library" = ""; then 340 if test "$with_gnutls" = "yes" -o "$with_openssl" = "no"; then 341 AC_MSG_ERROR([Suitable GnuTLS required but not found]) 342 elif test "$with_openssl" = "yes" -o "$with_openssl" = ""; then 343 PKG_CHECK_MODULES(OPENSSL, openssl, [AC_SUBST(SSL_PC, [openssl])], 344 [oldLIBS="$LIBS" 345 LIBS="$LIBS -lssl -lcrypto" 346 AC_MSG_CHECKING([for OpenSSL without pkg-config]) 347 AC_LINK_IFELSE([AC_LANG_PROGRAM([ 348 #include <openssl/ssl.h> 349 #include <openssl/err.h>],[ 350 SSL_library_init(); 351 ERR_clear_error(); 352 SSL_load_error_strings(); 353 OpenSSL_add_all_algorithms();])], 354 [AC_MSG_RESULT(yes) 355 AC_SUBST([OPENSSL_LIBS], ["-lssl -lcrypto"]) 356 AC_SUBST([OPENSSL_CFLAGS], [])] 357 AC_SUBST([openssl_pc_libs], [$OPENSSL_LIBS]), 358 [AC_MSG_RESULT(no) 359 AC_ERROR([Could not build against OpenSSL])]) 360 LIBS="$oldLIBS"]) 361 ssl_library=OpenSSL 362 PKG_CHECK_MODULES(P11KIT, p11-kit-1, 363 # libp11 0.4.7 fails to export ERR_LIB_PKCS11 so we don't know what it 364 # is and can't match its errors, which we need to for login checks. 365 [PKG_CHECK_MODULES(LIBP11, libp11 != 0.4.7, 366 [AC_DEFINE(HAVE_LIBP11, 1, [Have libp11 and p11-kit for OpenSSL]) 367 AC_SUBST(P11KIT_PC, ["libp11 p11-kit-1"]) 368 proxy_module="`$PKG_CONFIG --variable=proxy_module p11-kit-1`" 369 pkcs11_support="libp11" 370 AC_DEFINE_UNQUOTED([DEFAULT_PKCS11_MODULE], "${proxy_module}", [p11-kit proxy])], 371 [:])], [:]) 372 else 373 OPENSSL_CFLAGS="-I${with_openssl}/include ${OPENSSL_CFLAGS}" 374 if test -r "${with_openssl}/libssl.a" -a -r "${with_openssl}/libcrypto.a"; then 375 OPENSSL_LIBS="${with_openssl}/libssl.a ${with_openssl}/libcrypto.a -ldl -lz -pthread" 376 elif test -r "${with_openssl}/crypto/.libs/libcrypto.a" -a \ 377 -r "${with_openssl}/ssl/.libs/libssl.a"; then 378 OPENSSL_LIBS="${with_openssl}/ssl/.libs/libssl.a ${with_openssl}/crypto/.libs/libcrypto.a -ldl -lz -pthread" 379 else 380 AC_ERROR([Could not find OpenSSL libraries in ${with_openssl}]); 381 fi 382 AC_SUBST(OPENSSL_CFLAGS) 383 AC_SUBST(OPENSSL_LIBS) 384 enable_static=yes 385 enable_shared=no 386 ssl_library=OpenSSL 387 fi 388fi 389 390AC_ARG_WITH([openssl-version-check], 391 AS_HELP_STRING([--without-openssl-version-check], [Do not check for known-broken OpenSSL versions])) 392AC_ARG_WITH([gnutls-version-check], 393 AS_HELP_STRING([--without-gnutls-version-check], [Do not check for known-broken GnuTLS versions])) 394AC_ARG_WITH([default-gnutls-priority], 395 AS_HELP_STRING([--with-default-gnutls-priority=STRING], 396 [Provide a default string as GnuTLS priority string]), 397 default_gnutls_priority=$withval) 398if test -n "$default_gnutls_priority"; then 399 AC_DEFINE_UNQUOTED([DEFAULT_PRIO], ["$default_gnutls_priority"], [The GnuTLS priority string]) 400fi 401 402tss2lib= 403case "$ssl_library" in 404 OpenSSL) 405 oldLIBS="${LIBS}" 406 oldCFLAGS="${CFLAGS}" 407 LIBS="${LIBS} ${OPENSSL_LIBS}" 408 CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}" 409 410 # Check for the various known-broken versions of OpenSSL, which includes LibreSSL. 411 if test "$with_openssl_version_check" != "no"; then 412 AC_MSG_CHECKING([for known-broken versions of OpenSSL]) 413 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <openssl/opensslv.h>], 414 [#if defined(LIBRESSL_VERSION_NUMBER) 415 #error Bad OpenSSL 416 #endif 417 ])], 418 [], 419 [AC_MSG_RESULT(yes) 420 AC_MSG_ERROR([LibreSSL does not support Cisco DTLS.] 421[Build with OpenSSL or GnuTLS instead.])]) 422 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <openssl/opensslv.h>],[#if \ 423 (OPENSSL_VERSION_NUMBER == 0x10002000L || \ 424 (OPENSSL_VERSION_NUMBER >= 0x100000b0L && OPENSSL_VERSION_NUMBER <= 0x100000c0L) || \ 425 (OPENSSL_VERSION_NUMBER >= 0x10001040L && OPENSSL_VERSION_NUMBER <= 0x10001060L)) 426 #error Bad OpenSSL 427 #endif 428 ])], 429 [], 430 [AC_MSG_RESULT(yes) 431 AC_ERROR([This version of OpenSSL is known to be broken with Cisco DTLS.] 432[See http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest] 433[Add --without-openssl-version-check to configure args to avoid this check, or] 434[perhaps consider building with GnuTLS instead.])]) 435 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <openssl/opensslv.h>],[#if \ 436 (OPENSSL_VERSION_NUMBER == 0x1000200fL) 437 #error Bad OpenSSL 438 #endif 439 ])], 440 [], 441 [AC_MSG_RESULT(yes) 442 AC_ERROR([This version of OpenSSL is known to be broken with Cisco DTLS.] 443[See http://rt.openssl.org/Ticket/Display.html?id=3703&user=guest&pass=guest] 444[and http://rt.openssl.org/Ticket/Display.html?id=3711&user=guest&pass=guest] 445[Add --without-openssl-version-check to configure args to avoid this check, or] 446[perhaps consider building with GnuTLS instead.])]) 447 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <openssl/opensslv.h>],[#if \ 448 ((OPENSSL_VERSION_NUMBER >= 0x10001110L && OPENSSL_VERSION_NUMBER <= 0x10001150L) || \ 449 (OPENSSL_VERSION_NUMBER >= 0x10002050L && OPENSSL_VERSION_NUMBER <= 0x10002090L)) 450 #error Bad OpenSSL 451 #endif 452 ])], 453 [], 454 [AC_MSG_RESULT(yes) 455 AC_ERROR([This version of OpenSSL is known to be broken with Cisco DTLS.] 456[See http://rt.openssl.org/Ticket/Display.html?id=4631&user=guest&pass=guest] 457[Add --without-openssl-version-check to configure args to avoid this check, or] 458[perhaps consider building with GnuTLS instead.])]) 459 AC_MSG_RESULT(no) 460 fi 461 462 AC_MSG_CHECKING([for ENGINE_by_id() in OpenSSL]) 463 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/engine.h>], 464 [ENGINE_by_id("foo");])], 465 [AC_MSG_RESULT(yes) 466 AC_DEFINE(HAVE_ENGINE, [1], [OpenSSL has ENGINE support])], 467 [AC_MSG_RESULT(no) 468 AC_MSG_NOTICE([Building without OpenSSL TPM ENGINE support])]) 469 470 AC_MSG_CHECKING([for dtls1_stop_timer() in OpenSSL]) 471 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h> 472 #include <stdlib.h> 473 extern void dtls1_stop_timer(SSL *);], 474 [dtls1_stop_timer(NULL);])], 475 [AC_MSG_RESULT(yes) 476 AC_DEFINE(HAVE_DTLS1_STOP_TIMER, [1], [OpenSSL has dtls1_stop_timer() function])], 477 [AC_MSG_RESULT(no)]) 478 479 # DTLS_client_method() and DTLSv1_2_client_method() were both added between 480 # OpenSSL v1.0.1 and v1.0.2. DTLSV1.2_client_method() was later deprecated 481 # in v1.1.0 so we use DTLS_client_method() as our check for DTLSv1.2 support 482 # and that's what we actually use in openssl-dtls.c too. 483 AC_MSG_CHECKING([for DTLS_client_method() in OpenSSL]) 484 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>], 485 [DTLS_client_method();])], 486 [AC_MSG_RESULT(yes) 487 AC_DEFINE(HAVE_DTLS12, [1], [OpenSSL has DTLS_client_method() function])], 488 [AC_MSG_RESULT(no)]) 489 490 AC_MSG_CHECKING([for SSL_CTX_set_min_proto_version() in OpenSSL]) 491 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>], 492 [SSL_CTX_set_min_proto_version((void *)0, 0);])], 493 [AC_MSG_RESULT(yes) 494 AC_DEFINE(HAVE_SSL_CTX_PROTOVER, [1], [OpenSSL has SSL_CTX_set_min_proto_version() function])], 495 [AC_MSG_RESULT(no)]) 496 497 AC_MSG_CHECKING([for BIO_meth_free() in OpenSSL]) 498 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/bio.h>], 499 [BIO_meth_free((void *)0);])], 500 [AC_MSG_RESULT(yes) 501 AC_DEFINE(HAVE_BIO_METH_FREE, [1], [OpenSSL has BIO_meth_free() function])], 502 [AC_MSG_RESULT(no)]) 503 504 AC_CHECK_FUNC(HMAC_CTX_copy, 505 [esp=yes], 506 [AC_MSG_WARN([ESP support will be disabled])]) 507 508 AC_MSG_CHECKING([for SSL_CIPHER_find() in OpenSSL]) 509 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>], 510 [SSL_CIPHER_find((void *)0, "");])], 511 [AC_MSG_RESULT(yes) 512 AC_DEFINE(HAVE_SSL_CIPHER_FIND, [1], [OpenSSL has SSL_CIPHER_find() function])], 513 [AC_MSG_RESULT(no)]) 514 515 LIBS="${oldLIBS}" 516 CFLAGS="${oldCFLAGS}" 517 518 dtls=yes 519 AC_DEFINE(OPENCONNECT_OPENSSL, 1, [Using OpenSSL]) 520 AC_SUBST(SSL_LIBS, ['$(OPENSSL_LIBS)']) 521 AC_SUBST(SSL_CFLAGS, ['$(OPENSSL_CFLAGS)']) 522 ;; 523 524 GnuTLS) 525 oldlibs="$LIBS" 526 oldcflags="$CFLAGS" 527 LIBS="$LIBS $GNUTLS_LIBS" 528 CFLAGS="$CFLAGS $GNUTLS_CFLAGS" 529 esp=yes 530 dtls=yes 531 532 # Check for the known-broken versions of GnuTLS, 533 if test "$with_gnutls_version_check" != "no"; then 534 AC_MSG_CHECKING([for known-broken versions of GnuTLS]) 535 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <gnutls/gnutls.h>], 536 [#if GNUTLS_VERSION_NUMBER >= 0x030603 && GNUTLS_VERSION_NUMBER <= 0x03060c 537 #error Bad GnuTLS 538 #endif 539 ])], 540 [], 541 [AC_MSG_RESULT(yes) 542 AC_MSG_ERROR([DTLS is insecure in GnuTLS v3.6.3 through v3.6.12.] 543[See https://gitlab.com/gnutls/gnutls/issues/960] 544[Add --without-gnutls-version-check to configure args to avoid this check (DTLS] 545[will still be disabled at runtime), or build with another version.])]) 546 AC_MSG_RESULT(no) 547 fi 548 549 AC_CHECK_FUNC(gnutls_system_key_add_x509, 550 [AC_DEFINE(HAVE_GNUTLS_SYSTEM_KEYS, 1, [From GnuTLS 3.4.0])], []) 551 AC_CHECK_FUNC(gnutls_pkcs11_add_provider, 552 [PKG_CHECK_MODULES(P11KIT, p11-kit-1, 553 [AC_DEFINE(HAVE_P11KIT, 1, [Have. P11. Kit.]) 554 pkcs11_support=GnuTLS 555 AC_SUBST(P11KIT_PC, p11-kit-1)], 556 [:])], []) 557 LIBS="$oldlibs -ltspi" 558 AC_MSG_CHECKING([for tss library]) 559 AC_LINK_IFELSE([AC_LANG_PROGRAM([ 560 #include <trousers/tss.h> 561 #include <trousers/trousers.h>],[ 562 int err = Tspi_Context_Create((void *)0); 563 Trspi_Error_String(err);])], 564 [AC_MSG_RESULT(yes) 565 AC_SUBST([TSS_LIBS], [-ltspi]) 566 AC_SUBST([TSS_CFLAGS], []) 567 AC_DEFINE(HAVE_TROUSERS, 1, [Have Trousers TSS library])], 568 [AC_MSG_RESULT(no)]) 569 LIBS="$oldlibs" 570 CFLAGS="$oldcflags" 571 572 PKG_CHECK_MODULES(TASN1, [libtasn1], [have_tasn1=yes], [have_tasn1=no]) 573 if test "$have_tasn1" = "yes"; then 574 PKG_CHECK_MODULES(TSS2_ESYS, [tss2-esys tss2-mu], 575 [AC_DEFINE(HAVE_TSS2, 1, [Have TSS2]) 576 AC_SUBST(TPM2_CFLAGS, ['$(TASN1_CFLAGS) $(TSS2_ESYS_CFLAGS)']) 577 AC_SUBST(TPM2_LIBS, ['$(TASN1_LIBS) $(TSS2_ESYS_LIBS)']) 578 tss2lib=tss2-esys], 579 [:]) 580 if test "$tss2lib" = ""; then 581 AC_CHECK_LIB([tss], [TSS_Create], [tss2inc=tss2 582 tss2lib=tss], 583 AC_CHECK_LIB([ibmtss], [TSS_Create], [tss2inc=ibmtss 584 tss2lib=ibmtss], [])) 585 if test "$tss2lib" != ""; then 586 AC_CHECK_HEADER($tss2inc/tss.h, 587 [AC_DEFINE_UNQUOTED(HAVE_TSS2, $tss2inc, [TSS2 library]) 588 AC_SUBST(TSS2_LIBS, [-l$tss2lib]) 589 AC_SUBST(TPM2_CFLAGS, ['$(TASN1_CFLAGS)']) 590 AC_SUBST(TPM2_LIBS, ['$(TASN1_LIBS) $(TSS2_LIBS)'])], 591 [tss2lib=]) 592 fi 593 fi 594 fi 595 596 AC_DEFINE(OPENCONNECT_GNUTLS, 1, [Using GnuTLS]) 597 AC_SUBST(SSL_PC, [gnutls]) 598 AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS) $(TPM2_LIBS)']) 599 AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS) $(TPM2_CFLAGS)']) 600 ;; 601 602 *) 603 # This should never happen 604 AC_MSG_ERROR([No SSL library selected]) 605 ;; 606esac 607 608AM_CONDITIONAL(OPENCONNECT_TSS2_ESYS, [ test "$tss2lib" = "tss2-esys" ]) 609AM_CONDITIONAL(OPENCONNECT_TSS2_IBM, [ test "$tss2lib" = "ibmtss" -o "$tss2lib" = "tss" ]) 610 611test_pkcs11= 612if test "$pkcs11_support" != ""; then 613 AC_CHECK_PROG(test_pkcs11, softhsm2-util, yes) 614fi 615AM_CONDITIONAL(TEST_PKCS11, [ test "$test_pkcs11" = "yes" ]) 616 617# The test is OpenSSL-only for now. 618AM_CONDITIONAL(CHECK_DTLS, [ test "$ssl_library" = "OpenSSL" ]) 619 620AC_ARG_ENABLE([dtls-xfail], 621 AS_HELP_STRING([--enable-dtls-xfail], [Only for gitlab CI. Do not use])) 622AM_CONDITIONAL(DTLS_XFAIL, [test "$enable_dtls_xfail" = "yes" ]) 623 624AC_ARG_ENABLE([dsa-tests], 625 AS_HELP_STRING([--disable-dsa-tests], [Disable DSA keys in self-test]), 626 [], [enable_dsa_tests=yes]) 627AM_CONDITIONAL(TEST_DSA, [test "$enable_dsa_tests" = "yes"]) 628 629AM_CONDITIONAL(OPENCONNECT_GNUTLS, [ test "$ssl_library" = "GnuTLS" ]) 630AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "OpenSSL" ]) 631AM_CONDITIONAL(OPENCONNECT_ESP, [ test "$esp" != "" ]) 632AM_CONDITIONAL(OPENCONNECT_DTLS, [ test "$dtls" != "" ]) 633 634if test "$esp" != ""; then 635 AC_DEFINE(HAVE_ESP, 1, [Build with ESP support]) 636fi 637if test "$dtls" != ""; then 638 AC_DEFINE(HAVE_DTLS, 1, [Build with DTLS support]) 639fi 640 641AC_ARG_WITH(lz4, 642 AS_HELP_STRING([--without-lz4], [disable support for LZ4 compression]), 643 test_for_lz4=$withval, 644 test_for_lz4=yes) 645 646lz4_pkg=no 647if test "$test_for_lz4" = yes; then 648PKG_CHECK_MODULES([LIBLZ4], [liblz4], [ 649 AC_SUBST(LIBLZ4_PC, liblz4) 650 AC_DEFINE([HAVE_LZ4], [], [LZ4 was found]) 651 lz4_pkg=yes 652 oldLIBS="$LIBS" 653 LIBS="$LIBS $LIBLZ4_LIBS" 654 oldCFLAGS="$CFLAGS" 655 CFLAGS="$CFLAGS $LIBLZ4_CFLAGS" 656 AC_MSG_CHECKING([for LZ4_compress_default()]) 657 AC_LINK_IFELSE([AC_LANG_PROGRAM([ 658 #include <lz4.h>],[ 659 LZ4_compress_default("", (char *)0, 0, 0);])], 660 [AC_MSG_RESULT(yes) 661 AC_DEFINE([HAVE_LZ4_COMPRESS_DEFAULT], [], [From LZ4 r129]) 662 ], 663 [AC_MSG_RESULT(no)]) 664 LIBS="$oldLIBS" 665 CFLAGS="$oldCFLAGS" 666], 667[ 668 AC_MSG_WARN([[ 669*** 670*** lz4 not found. 671*** ]]) 672]) 673fi 674 675# For some bizarre reason now that we use AM_ICONV, the mingw32 build doesn't 676# manage to set EGREP properly in the created ./libtool script. Make sure it's 677# found. 678AC_PROG_EGREP 679 680# Needs to happen after we default to static/shared libraries based on OpenSSL 681AC_PROG_LIBTOOL 682if test "$use_openbsd_libtool" = "true" && test -x /usr/bin/libtool; then 683 echo using OpenBSD libtool 684 LIBTOOL=/usr/bin/libtool 685fi 686AM_CONDITIONAL(OPENBSD_LIBTOOL, [ test "$use_openbsd_libtool" = "true" ]) 687 688AX_CHECK_VSCRIPT 689 690PKG_CHECK_MODULES(LIBXML2, libxml-2.0) 691 692PKG_CHECK_MODULES(ZLIB, zlib, [AC_SUBST(ZLIB_PC, [zlib])], 693 [oldLIBS="$LIBS" 694 LIBS="$LIBS -lz" 695 AC_MSG_CHECKING([for zlib without pkg-config]) 696 AC_LINK_IFELSE([AC_LANG_PROGRAM([ 697 #include <zlib.h>],[ 698 z_stream zs; 699 deflateInit2(&zs, Z_DEFAULT_COMPRESSION, Z_DEFLATED, 700 -12, 9, Z_DEFAULT_STRATEGY);])], 701 [AC_MSG_RESULT(yes) 702 AC_SUBST([ZLIB_LIBS], [-lz]) 703 AC_SUBST([ZLIB_CFLAGS], [])], 704 [AC_MSG_RESULT(no) 705 AC_ERROR([Could not build against zlib])]) 706 LIBS="$oldLIBS"]) 707 708AC_ARG_WITH([libproxy], 709 AS_HELP_STRING([--without-libproxy], 710 [Build without libproxy library [default=auto]])) 711AS_IF([test "x$with_libproxy" != "xno"], [ 712 PKG_CHECK_MODULES(LIBPROXY, libproxy-1.0, 713 [AC_SUBST(LIBPROXY_PC, libproxy-1.0) 714 AC_DEFINE([LIBPROXY_HDR], ["proxy.h"], [libproxy header file]) 715 libproxy_pkg=yes], 716 libproxy_pkg=no) 717], [libproxy_pkg=disabled]) 718 719dnl Libproxy *can* exist without a .pc file, and its header may be called 720dnl libproxy.h in that case. 721if (test "$libproxy_pkg" = "no"); then 722 AC_MSG_CHECKING([for libproxy]) 723 oldLIBS="$LIBS" 724 LIBS="$LIBS -lproxy" 725 AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <libproxy.h>], 726 [(void)px_proxy_factory_new();])], 727 [AC_MSG_RESULT(yes (with libproxy.h)) 728 AC_DEFINE([LIBPROXY_HDR], ["libproxy.h"], [libproxy header file]) 729 AC_SUBST([LIBPROXY_LIBS], [-lproxy]) 730 libproxy_pkg=yes], 731 [AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <proxy.h>], 732 [(void)px_proxy_factory_new();])], 733 [AC_MSG_RESULT(yes (with proxy.h)) 734 AC_DEFINE([LIBPROXY_HDR], ["proxy.h"], [libproxy header file]) 735 AC_SUBST([LIBPROXY_LIBS], [-lproxy]) 736 libproxy_pkg=yes], 737 [AC_MSG_RESULT(no)])]) 738 LIBS="$oldLIBS" 739fi 740 741AC_ARG_WITH([stoken], 742 AS_HELP_STRING([--without-stoken], 743 [Build without libstoken library [default=auto]])) 744AS_IF([test "x$with_stoken" != "xno"], [ 745 PKG_CHECK_MODULES(LIBSTOKEN, stoken, 746 [AC_SUBST(LIBSTOKEN_PC, stoken) 747 AC_DEFINE([HAVE_LIBSTOKEN], 1, [Have libstoken]) 748 libstoken_pkg=yes], 749 libstoken_pkg=no) 750], [libstoken_pkg=disabled]) 751AM_CONDITIONAL(OPENCONNECT_STOKEN, [test "$libstoken_pkg" = "yes"]) 752 753AC_ARG_WITH([libpcsclite], 754 AS_HELP_STRING([--without-libpcsclite], 755 [Build without libpcsclite library (for Yubikey support) [default=auto]])) 756AS_IF([test "x$with_libpcsclite" != "xno"], [ 757 if test "$system_pcsc_libs" != ""; then 758 AC_SUBST(LIBPCSCLITE_LIBS, "$system_pcsc_libs") 759 AC_SUBST(LIBPCSCLITE_CFLAGS, "$system_pcsc_cflags") 760 AC_SUBST(system_pcsc_libs) 761 libpcsclite_pkg=yes 762 else 763 PKG_CHECK_MODULES(LIBPCSCLITE, libpcsclite, 764 [AC_SUBST(LIBPCSCLITE_PC, libpcsclite) 765 libpcsclite_pkg=yes], 766 libpcsclite_pkg=no) 767 fi 768], [libpcsclite_pkg=disabled]) 769if test "$libpcsclite_pkg" = "yes"; then 770 AC_DEFINE([HAVE_LIBPCSCLITE], 1, [Have libpcsclite]) 771fi 772AM_CONDITIONAL(OPENCONNECT_LIBPCSCLITE, [test "$libpcsclite_pkg" = "yes"]) 773 774AC_ARG_WITH([libpskc], 775 AS_HELP_STRING([--without-libpskc], 776 [Build without libpskc library [default=auto]])) 777AS_IF([test "x$with_libpskc" != "xno"], [ 778 PKG_CHECK_MODULES(LIBPSKC, [libpskc >= 2.2.0], 779 [AC_SUBST(LIBPSKC_PC, libpskc) 780 AC_DEFINE([HAVE_LIBPSKC], 1, [Have libpskc]) 781 libpskc_pkg=yes], 782 libpskc_pkg=no)]) 783 784linked_gssapi=no 785AC_ARG_WITH([gssapi], 786 AS_HELP_STRING([--without-gssapi], 787 [Build without GSSAPI support [default=auto]])) 788 789AC_DEFUN([GSSAPI_CHECK_BUILD],[ 790 gss_old_libs="$LIBS" 791 LIBS="$LIBS ${GSSAPI_LIBS}" 792 AC_MSG_CHECKING([GSSAPI compilation with "${GSSAPI_LIBS}"]) 793 AC_LINK_IFELSE([AC_LANG_PROGRAM([ 794 #include <stdlib.h> 795 #include GSSAPI_HDR],[ 796 OM_uint32 major, minor; 797 gss_buffer_desc b = GSS_C_EMPTY_BUFFER; 798 gss_ctx_id_t ctx = GSS_C_NO_CONTEXT; 799 gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, &ctx, GSS_C_NO_NAME, GSS_C_NO_OID, 800 GSS_C_MUTUAL_FLAG, GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL, 801 NULL, NULL, NULL);])], 802 [linked_gssapi=yes 803 AC_MSG_RESULT(yes)], 804 [linked_gssapi=no 805 AC_MSG_RESULT(no)]) 806 LIBS="$gss_old_libs" 807]) 808 809# Attempt to work out how to build with GSSAPI. Mostly, krb5-config will 810# exist and work. Tested on FreeBSD 9, OpenBSD 5.5, NetBSD 6.1.4. Solaris 811# has krb5-config but it doesn't do GSSAPI so hard-code the results there. 812# Older OpenBSD (I tested 5.2) lacks krb5-config so leave that as an example. 813if test "$with_gssapi" != "no"; then 814 found_gssapi=no 815 816 if test "${with_gssapi}" != "yes" -a "${with_gssapi}" != "" ; then 817 gssapi_root="${with_gssapi}" 818 else 819 gssapi_root="" 820 fi 821 822 # First: if they specify GSSAPI_LIBS and/or GSSAPI_CFLAGS then use them. 823 if test "$GSSAPI_LIBS$GSSAPI_CFLAGS" != ""; then 824 found_gssapi=yes 825 fi 826 # Second: try finding a viable krb5-config that supports gssapi 827 if test "$found_gssapi" = "no"; then 828 if test -n "${gssapi_root}"; then 829 krb5path="${gssapi_root}/bin:$PATH" 830 else 831 krb5path="/usr/kerberos/bin:$PATH" 832 fi 833 834 if test -n "$host_alias"; then 835 AC_PATH_PROG(KRB5_CONFIG, [${host_alias}-krb5-config], [], [$krb5path]) 836 fi 837 if test "$KRB5_CONFIG" = ""; then 838 AC_PATH_PROG(KRB5_CONFIG, [krb5-config], [], [$krb5path]) 839 fi 840 if test "$KRB5_CONFIG" != ""; then 841 AC_MSG_CHECKING([whether $KRB5_CONFIG supports gssapi]) 842 if "${KRB5_CONFIG}" --cflags gssapi > /dev/null 2>/dev/null; then 843 AC_MSG_RESULT(yes) 844 found_gssapi=yes 845 GSSAPI_LIBS="`"${KRB5_CONFIG}" --libs gssapi`" 846 GSSAPI_CFLAGS="`"${KRB5_CONFIG}" --cflags gssapi`" 847 else 848 AC_MSG_RESULT(no) 849 fi 850 fi 851 fi 852 # Third: look for <gssapi.h> or <gssapi/gssapi.h> in some likely places, 853 # and we'll worry about how to *link* it in a moment... 854 if test "$found_gssapi" = "no"; then 855 if test -n "${gssapi_root}"; then 856 if test -r "${with_gssapi}/include/gssapi.h" -o \ 857 -r "${with_gssapi}/include/gssapi/gssapi.h"; then 858 GSSAPI_CFLAGS="-I\"${with_gssapi}/include\"" 859 fi 860 else 861 if test -r /usr/kerberos/include/gssapi.h -o \ 862 -r /usr/kerberos/include/gssapi/gssapi.h; then 863 GSSAPI_CFLAGS=-I/usr/kerberos/include 864 elif test -r /usr/include/kerberosV/gssapi.h -o \ 865 -r /usr/include/kerberosV/gssapi/gssapi.h; then 866 # OpenBSD 5.2 puts it here 867 GSSAPI_CFLAGS=-I/usr/include/kerberosV 868 else 869 # Maybe it'll Just Work 870 GSSAPI_CFLAGS= 871 fi 872 fi 873 fi 874 875 oldcflags="$CFLAGS" 876 CFLAGS="$CFLAGS ${GSSAPI_CFLAGS}" 877 878 # OK, now see if we've correctly managed to find gssapi.h at least... 879 gssapi_hdr= 880 AC_CHECK_HEADER([gssapi/gssapi.h], 881 [gssapi_hdr="<gssapi/gssapi.h>"], 882 [AC_CHECK_HEADER([gssapi.h], 883 [gssapi_hdr="<gssapi.h>"], 884 [AC_MSG_WARN([Cannot find <gssapi/gssapi.h> or <gssapi.h>])])]) 885 886 # Finally, unless we've already failed, see if we can link it. 887 linked_gssapi=no 888 if test -n "${gssapi_hdr}"; then 889 AC_DEFINE_UNQUOTED(GSSAPI_HDR, $gssapi_hdr, [GSSAPI header]) 890 if test "$found_gssapi" = "yes"; then 891 # We think we have GSSAPI_LIBS already so try it... 892 GSSAPI_CHECK_BUILD 893 else 894 LFLAG= 895 if test -n "$gssapi_root"; then 896 LFLAG="-L\"${gssapi_root}/lib$libsuff\"" 897 fi 898 # Solaris, HPUX, etc. 899 GSSAPI_LIBS="$LFLAG -lgss" 900 GSSAPI_CHECK_BUILD 901 if test "$linked_gssapi" = "no"; then 902 GSSAPI_LIBS="$LFLAG -lgssapi" 903 GSSAPI_CHECK_BUILD 904 fi 905 if test "$linked_gssapi" = "no"; then 906 GSSAPI_LIBS="$LFLAG -lgssapi_krb5" 907 GSSAPI_CHECK_BUILD 908 fi 909 if test "$linked_gssapi" = "no"; then 910 # OpenBSD 5.2 at least 911 GSSAPI_LIBS="$LFLAG -lgssapi -lkrb5 -lcrypto" 912 GSSAPI_CHECK_BUILD 913 fi 914 if test "$linked_gssapi" = "no"; then 915 # MIT 916 GSSAPI_LIBS="$LFLAG -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" 917 GSSAPI_CHECK_BUILD 918 fi 919 if test "$linked_gssapi" = "no"; then 920 # Heimdal 921 GSSAPI_LIBS="$LFLAG -lkrb5 -lcrypto -lasn1 -lcom_err -lroken -lgssapi" 922 GSSAPI_CHECK_BUILD 923 fi 924 if test "$linked_gssapi" = "no"; then 925 AC_MSG_WARN([Cannot find GSSAPI. Try setting GSSAPI_LIBS and GSSAPI_CFLAGS manually]) 926 fi 927 fi 928 fi 929 930 CFLAGS="$oldcflags" 931 932 if test "$linked_gssapi" = "yes"; then 933 AC_DEFINE([HAVE_GSSAPI], 1, [Have GSSAPI support]) 934 AC_SUBST(GSSAPI_CFLAGS) 935 AC_SUBST(GSSAPI_LIBS) 936 elif test "$with_gssapi" = ""; then 937 AC_MSG_WARN([Building without GSSAPI support]); 938 unset GSSAPI_CFLAGS 939 unset GSSAPI_LIBS 940 else 941 AC_MSG_ERROR([GSSAPI support requested but not found. Try setting GSSAPI_LIBS/GSSAPI_CFLAGS]) 942 fi 943fi 944AM_CONDITIONAL(OPENCONNECT_GSSAPI, [test "$linked_gssapi" = "yes"]) 945 946AC_ARG_WITH([java], 947 AS_HELP_STRING([--with-java(=DIR)], 948 [Build JNI bindings using jni.h from DIR [default=no]]), 949 [], [with_java=no]) 950 951if test "$with_java" = "yes"; then 952 AX_JNI_INCLUDE_DIR 953 for JNI_INCLUDE_DIR in $JNI_INCLUDE_DIRS; do 954 JNI_CFLAGS="$JNI_CFLAGS -I$JNI_INCLUDE_DIR" 955 done 956elif test "$with_java" = "no"; then 957 JNI_CFLAGS="" 958else 959 JNI_CFLAGS="-I$with_java" 960fi 961 962if test "x$JNI_CFLAGS" != "x"; then 963 oldCFLAGS="$CFLAGS" 964 CFLAGS="$CFLAGS $JNI_CFLAGS" 965 AC_MSG_CHECKING([jni.h usability]) 966 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <jni.h>], 967 [jint foo = 0; (void)foo;])], 968 AC_MSG_RESULT([yes]), 969 [AC_MSG_RESULT([no]) 970 AC_MSG_ERROR([unable to compile JNI test program])]) 971 CFLAGS="$oldCFLAGS" 972 973 AC_SUBST(JNI_CFLAGS, [$JNI_CFLAGS]) 974fi 975 976AM_CONDITIONAL(OPENCONNECT_JNI, [test "$JNI_CFLAGS" != ""]) 977 978AC_ARG_ENABLE([jni-standalone], 979 AS_HELP_STRING([--enable-jni-standalone], 980 [build JNI stubs directly into libopenconnect.so [default=no]]), 981 [jni_standalone=$enableval], 982 [jni_standalone=no]) 983AM_CONDITIONAL(JNI_STANDALONE, [test $jni_standalone = yes]) 984symver_java= 985if test "$jni_standalone" = "yes" ; then 986 symver_java=$(sed -n '/JNIEXPORT/{s/^JNIEXPORT.*\(Java_.*\) *(/\1;/ p}' ${srcdir}/jni.c) 987 # Remove the newlines between each item. 988 symver_java=$(echo $symver_java) 989fi 990AC_SUBST(SYMVER_JAVA, $symver_java) 991 992AC_CHECK_HEADER([if_tun.h], 993 [AC_DEFINE([IF_TUN_HDR], ["if_tun.h"], [if_tun.h include path])], 994 [AC_CHECK_HEADER([linux/if_tun.h], 995 [AC_DEFINE([IF_TUN_HDR], ["linux/if_tun.h"])], 996 [AC_CHECK_HEADER([net/if_tun.h], 997 [AC_DEFINE([IF_TUN_HDR], ["net/if_tun.h"])], 998 [AC_CHECK_HEADER([net/tun/if_tun.h], 999 [AC_DEFINE([IF_TUN_HDR], ["net/tun/if_tun.h"])])])])]) 1000 1001AC_CHECK_HEADER([net/if_utun.h], AC_DEFINE([HAVE_NET_UTUN_H], 1, [Have net/if_utun.h]), , 1002 [#include <sys/types.h>]) 1003 1004AC_CHECK_HEADER([alloca.h], AC_DEFINE([HAVE_ALLOCA_H], 1, [Have alloca.h])) 1005 1006AC_CHECK_HEADER([endian.h], 1007 [AC_DEFINE([ENDIAN_HDR], [<endian.h>], [endian header include path])], 1008 [AC_CHECK_HEADER([sys/endian.h], 1009 [AC_DEFINE([ENDIAN_HDR], [<sys/endian.h>])], 1010 [AC_CHECK_HEADER([sys/isa_defs.h], 1011 [AC_DEFINE([ENDIAN_HDR], [<sys/isa_defs.h>])])])]) 1012 1013build_www=yes 1014AC_PATH_PROGS(PYTHON, [python3 python2 python], [], $PATH:/bin:/usr/bin) 1015if test -z "${ac_cv_path_PYTHON}"; then 1016 AC_MSG_NOTICE([Python not found; not building HTML pages]) 1017 build_www=no 1018fi 1019if test "${build_www}" = "yes"; then 1020 AC_MSG_CHECKING([if groff can create UTF-8 XHTML]) 1021 AC_PATH_PROGS_FEATURE_CHECK([GROFF], [groff], 1022 [$ac_path_GROFF -t -K UTF-8 -mandoc -Txhtml /dev/null > /dev/null 2>&1 && 1023 ac_cv_path_GROFF=$ac_path_GROFF]) 1024 if test -n "$ac_cv_path_GROFF"; then 1025 AC_MSG_RESULT(yes) 1026 AC_SUBST(GROFF, ${ac_cv_path_GROFF}) 1027 else 1028 AC_MSG_RESULT([no. Not building HTML pages]) 1029 build_www=no 1030 fi 1031fi 1032AM_CONDITIONAL(BUILD_WWW, [test "${build_www}" = "yes"]) 1033 1034# Checks for tests 1035PKG_CHECK_MODULES([CWRAP], [uid_wrapper, socket_wrapper], have_cwrap=yes, have_cwrap=no) 1036AM_CONDITIONAL(HAVE_CWRAP, test "x$have_cwrap" != xno) 1037 1038have_netns=no 1039AC_PATH_PROG(NUTTCP, nuttcp) 1040if test -n "$ac_cv_path_NUTTCP"; then 1041 AC_PATH_PROG(IP, ip, [], $PATH:/sbin:/usr/sbin) 1042 if test -n "$ac_cv_path_IP"; then 1043 AC_MSG_CHECKING([For network namespaces]) 1044 NETNS=openconnect-configure-test-$$ 1045 if ip netns add $NETNS >/dev/null 2>/dev/null; then 1046 ip netns delete $NETNS 1047 have_netns=yes 1048 fi 1049 AC_MSG_RESULT($have_netns) 1050 fi 1051fi 1052AM_CONDITIONAL(HAVE_NETNS, test "x$have_netns" != xno) 1053 1054AC_SUBST([CONFIG_STATUS_DEPENDENCIES], 1055 ['$(top_srcdir)/po/LINGUAS \ 1056 $(top_srcdir)/openconnect.h \ 1057 $(top_srcdir)/libopenconnect.map.in \ 1058 $(top_srcdir)/openconnect.8.in \ 1059 $(top_srcdir)/tests/softhsm2.conf.in \ 1060 $(top_srcdir)/tests/configs/test-user-cert.config.in \ 1061 $(top_srcdir)/tests/configs/test-user-pass.config.in']) 1062 1063RAWLINGUAS=`sed -e "/^#/d" -e "s/#.*//" "${srcdir}/po/LINGUAS"` 1064# Remove newlines 1065LINGUAS=`echo $RAWLINGUAS` 1066AC_SUBST(LINGUAS) 1067 1068APIMAJOR="`sed -n 's/^#define OPENCONNECT_API_VERSION_MAJOR \(.*\)/\1/p' ${srcdir}/openconnect.h`" 1069APIMINOR="`sed -n 's/^#define OPENCONNECT_API_VERSION_MINOR \(.*\)/\1/p' ${srcdir}/openconnect.h`" 1070AC_SUBST(APIMAJOR) 1071AC_SUBST(APIMINOR) 1072 1073# We want version.c to depend on the files that would affect the 1074# output of version.sh. But we cannot assume that they'll exist, 1075# and we cannot use $(wildcard) in a non-GNU makefile. So we just 1076# depend on the files which happen to exist at configure time. 1077GITVERSIONDEPS= 1078for a in ${srcdir}/.git/index ${srcdir}/.git/packed-refs \ 1079 ${srcdir}/.git/refs/tags ${srcdir}/.git/HEAD; do 1080 if test -r $a ; then 1081 GITVERSIONDEPS="$GITVERSIONDEPS $a" 1082 fi 1083done 1084AC_SUBST(GITVERSIONDEPS) 1085 1086AC_SUBST(OCSERV_USER, $(whoami)) 1087AC_SUBST(OCSERV_GROUP, $(groups|cut -f 1 -d ' ')) 1088 1089AC_CONFIG_FILES(Makefile openconnect.pc po/Makefile www/Makefile \ 1090 libopenconnect.map openconnect.8 www/styles/Makefile \ 1091 www/inc/Makefile www/images/Makefile tests/Makefile \ 1092 tests/softhsm2.conf tests/configs/test-user-cert.config \ 1093 tests/configs/test-user-pass.config) 1094AC_OUTPUT 1095 1096AC_DEFUN([SUMMARY], 1097 [pretty="$2" 1098 if test "$pretty" = "openssl"; then 1099 pretty=OpenSSL 1100 elif test "$pretty" = "gnutls" -o "$pretty" = "both"; then 1101 pretty=GnuTLS 1102 elif test "$pretty" = ""; then 1103 pretty=no 1104 fi 1105 echo "AS_HELP_STRING([$1:],[$pretty])"]) 1106 1107echo "BUILD OPTIONS:" 1108SUMMARY([SSL library], [$ssl_library]) 1109SUMMARY([[PKCS#11 support]], [$pkcs11_support]) 1110SUMMARY([DTLS support], [$dtls]) 1111SUMMARY([ESP support], [$esp]) 1112SUMMARY([libproxy support], [$libproxy_pkg]) 1113SUMMARY([RSA SecurID support], [$libstoken_pkg]) 1114SUMMARY([PSKC OATH file support], [$libpskc_pkg]) 1115SUMMARY([GSSAPI support], [$linked_gssapi]) 1116SUMMARY([Yubikey support], [$libpcsclite_pkg]) 1117SUMMARY([LZ4 compression], [$lz4_pkg]) 1118SUMMARY([Java bindings], [$with_java]) 1119SUMMARY([Build docs], [$build_www]) 1120SUMMARY([Unit tests], [$have_cwrap]) 1121SUMMARY([Net namespace tests], [$have_netns]) 1122 1123if test "$ssl_library" = "OpenSSL"; then 1124 AC_MSG_WARN([[ 1125*** 1126*** Be sure to run "make check" to verify OpenSSL DTLS support 1127*** ]]) 1128fi 1129