1# Process this file with autoconf to produce a configure script.
2
3AC_INIT([stunnel],[5.60])
4AC_MSG_NOTICE([**************************************** initialization])
5AC_CONFIG_AUX_DIR(auto)
6AC_CONFIG_MACRO_DIR([m4])
7AC_CONFIG_HEADERS([src/config.h])
8AC_CONFIG_SRCDIR([src/stunnel.c])
9AM_INIT_AUTOMAKE([foreign])
10
11AC_CANONICAL_HOST
12AC_SUBST([host])
13AC_DEFINE_UNQUOTED([HOST], ["$host"], [Host description])
14define([esc], [`echo ]$1[ | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_`])
15AC_DEFINE_UNQUOTED(esc(CPU_$host_cpu))
16AC_DEFINE_UNQUOTED(esc(VENDOR_$host_vendor))
17AC_DEFINE_UNQUOTED(esc(OS_$host_os))
18
19case "$host_os" in
20*darwin*)
21    # OSX does not declare ucontext without _XOPEN_SOURCE
22    AC_DEFINE([_XOPEN_SOURCE], [500], [Use X/Open 5 with POSIX 1995])
23    # OSX does not declare chroot() without _DARWIN_C_SOURCE
24    AC_DEFINE([_DARWIN_C_SOURCE], [1], [Use Darwin source])
25    ;;
26*)
27    AC_DEFINE([_GNU_SOURCE], [1], [Use GNU source])
28    ;;
29esac
30
31AC_PROG_CC
32AM_PROG_CC_C_O
33AC_PROG_INSTALL
34AC_PROG_MAKE_SET
35# silent build by default
36ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
37
38AC_MSG_NOTICE([**************************************** thread model])
39# thread detection should be done first, as it may change the CC variable
40
41AC_ARG_WITH(threads,
42[  --with-threads=model    select threading model (ucontext/pthread/fork)],
43[
44    case "$withval" in
45        ucontext)
46            AC_MSG_NOTICE([UCONTEXT mode selected])
47            AC_DEFINE([USE_UCONTEXT], [1], [Define to 1 to select UCONTEXT mode])
48            ;;
49        pthread)
50            AC_MSG_NOTICE([PTHREAD mode selected])
51            AX_PTHREAD()
52            LIBS="$PTHREAD_LIBS $LIBS"
53            CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
54            CC="$PTHREAD_CC"
55            AC_DEFINE([USE_PTHREAD], [1], [Define to 1 to select PTHREAD mode])
56            ;;
57        fork)
58            AC_MSG_NOTICE([FORK mode selected])
59            AC_DEFINE([USE_FORK], [1], [Define to 1 to select FORK mode])
60            ;;
61        *)
62            AC_MSG_ERROR([Unknown thread model \"${withval}\"])
63            ;;
64    esac
65], [
66    # do not attempt to autodetect UCONTEXT threading
67    AX_PTHREAD([
68        AC_MSG_NOTICE([PTHREAD thread model detected])
69        LIBS="$PTHREAD_LIBS $LIBS"
70        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
71        CC="$PTHREAD_CC"
72        AC_DEFINE([USE_PTHREAD], [1], [Define to 1 to select PTHREAD mode])
73    ], [
74        AC_MSG_NOTICE([FORK thread model detected])
75        AC_DEFINE([USE_FORK], [1], [Define to 1 to select FORK mode])
76    ])
77])
78
79AC_MSG_NOTICE([**************************************** compiler/linker flags])
80if test "$GCC" = yes; then
81    AX_APPEND_COMPILE_FLAGS([-Wall])
82    AX_APPEND_COMPILE_FLAGS([-Wextra])
83    AX_APPEND_COMPILE_FLAGS([-Wpedantic])
84    AX_APPEND_COMPILE_FLAGS([-Wformat=2])
85    AX_APPEND_COMPILE_FLAGS([-Wconversion])
86    AX_APPEND_COMPILE_FLAGS([-Wno-long-long])
87    AX_APPEND_COMPILE_FLAGS([-Wno-deprecated-declarations])
88    AX_APPEND_COMPILE_FLAGS([-fPIE])
89    case "${host}" in
90        avr-*.* | powerpc-*-aix* | rl78-*.* | visium-*.*)
91            ;;
92        *)
93            AX_APPEND_COMPILE_FLAGS([-fstack-protector])
94            ;;
95    esac
96    AX_APPEND_LINK_FLAGS([-fPIE -pie])
97    AX_APPEND_LINK_FLAGS([-Wl,-z,relro])
98    AX_APPEND_LINK_FLAGS([-Wl,-z,now])
99    AX_APPEND_LINK_FLAGS([-Wl,-z,noexecstack])
100fi
101AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2])
102
103AC_MSG_NOTICE([**************************************** libtool])
104LT_INIT([disable-static])
105AC_SUBST([LIBTOOL_DEPS])
106
107AC_MSG_NOTICE([**************************************** types])
108AC_TYPE_INT8_T
109AC_TYPE_INT16_T
110AC_TYPE_INT32_T
111AC_TYPE_INT64_T
112AC_TYPE_UINT8_T
113AC_TYPE_UINT16_T
114AC_TYPE_UINT32_T
115AC_TYPE_UINT64_T
116AC_TYPE_SIZE_T
117AC_TYPE_SSIZE_T
118AC_TYPE_UID_T
119AC_MSG_CHECKING([for socklen_t])
120AC_EGREP_HEADER(socklen_t, sys/socket.h,
121    AC_MSG_RESULT([yes]),
122    AC_MSG_RESULT([no (defined as int)])
123    AC_DEFINE([socklen_t], [int], [Type of socklen_t]))
124AC_CHECK_TYPES([struct sockaddr_un], [], [], [#include <sys/un.h>])
125AC_CHECK_TYPES([struct addrinfo], [], [], [#include <netdb.h>])
126
127AC_MSG_NOTICE([**************************************** PTY device files])
128if test "x$cross_compiling" = "xno"; then
129    AC_CHECK_FILE("/dev/ptmx", AC_DEFINE([HAVE_DEV_PTMX], [1],
130        [Define to 1 if you have '/dev/ptmx' device.]))
131    AC_CHECK_FILE("/dev/ptc", AC_DEFINE([HAVE_DEV_PTS_AND_PTC], [1],
132        [Define to 1 if you have '/dev/ptc' device.]))
133else
134    AC_MSG_WARN([cross-compilation: assuming /dev/ptmx and /dev/ptc are not available])
135fi
136
137AC_MSG_NOTICE([**************************************** entropy sources])
138
139if test "x$cross_compiling" = "xno"; then
140    AC_ARG_WITH(egd-socket,
141        [  --with-egd-socket=FILE  Entropy Gathering Daemon socket path],
142        [EGD_SOCKET="$withval"]
143    )
144    if test -n "$EGD_SOCKET"; then
145        AC_DEFINE_UNQUOTED([EGD_SOCKET], ["$EGD_SOCKET"],
146            [Entropy Gathering Daemon socket path])
147    fi
148
149    # Check for user-specified random device
150    AC_ARG_WITH(random,
151    [  --with-random=FILE      read randomness from file (default=/dev/urandom)],
152        [RANDOM_FILE="$withval"],
153        [
154            # Check for random device
155            AC_CHECK_FILE("/dev/urandom", RANDOM_FILE="/dev/urandom")
156        ]
157    )
158    if test -n "$RANDOM_FILE"; then
159        AC_SUBST([RANDOM_FILE])
160        AC_DEFINE_UNQUOTED([RANDOM_FILE], ["$RANDOM_FILE"], [Random file path])
161    fi
162else
163    AC_MSG_WARN([cross-compilation: assuming entropy sources are not available])
164fi
165
166AC_MSG_NOTICE([**************************************** default group])
167DEFAULT_GROUP=nobody
168if test "x$cross_compiling" = "xno"; then
169    grep '^nogroup:' /etc/group >/dev/null && DEFAULT_GROUP=nogroup
170else
171    AC_MSG_WARN([cross-compilation: assuming nogroup is not available])
172fi
173AC_MSG_CHECKING([for default group])
174AC_MSG_RESULT([$DEFAULT_GROUP])
175AC_SUBST([DEFAULT_GROUP])
176
177AC_SYS_LARGEFILE
178
179AC_MSG_NOTICE([**************************************** header files])
180# AC_HEADER_DIRENT
181# AC_HEADER_STDC
182# AC_HEADER_SYS_WAIT
183AC_CHECK_HEADERS([stdint.h inttypes.h malloc.h ucontext.h pthread.h poll.h \
184    tcpd.h stropts.h grp.h unistd.h util.h libutil.h pty.h limits.h])
185AC_CHECK_HEADERS([sys/types.h sys/select.h sys/poll.h sys/socket.h sys/un.h \
186    sys/ioctl.h sys/filio.h sys/resource.h sys/uio.h sys/syscall.h \
187    sys/param.h])
188AC_CHECK_HEADERS([linux/sched.h])
189AC_CHECK_MEMBERS([struct msghdr.msg_control],
190    [AC_DEFINE([HAVE_MSGHDR_MSG_CONTROL], [1],
191    [Define to 1 if you have 'msghdr.msg_control' structure.])], [], [
192AC_INCLUDES_DEFAULT
193#include <sys/socket.h>
194    ])
195AC_CHECK_HEADERS([linux/netfilter_ipv4.h], , ,
196    [
197#include <limits.h>
198#include <linux/types.h>
199#include <sys/socket.h>
200#include <netdb.h>
201    ])
202
203AC_MSG_NOTICE([**************************************** libraries])
204# Checks for standard libraries
205AC_SEARCH_LIBS([gethostbyname], [nsl])
206AC_SEARCH_LIBS([yp_get_default_domain], [nsl])
207AC_SEARCH_LIBS([socket], [socket])
208AC_SEARCH_LIBS([openpty], [util])
209# Checks for dynamic loader needed by OpenSSL
210AC_SEARCH_LIBS([dlopen], [dl])
211AC_SEARCH_LIBS([shl_load], [dld])
212
213# Add BeOS libraries
214if test "x$host_os" = "xbeos"; then
215    LIBS="$LIBS -lbe -lroot -lbind"
216fi
217
218AC_MSG_NOTICE([**************************************** library functions])
219# safe string operations
220AC_CHECK_FUNCS(snprintf vsnprintf)
221# pseudoterminal
222AC_CHECK_FUNCS(openpty _getpty)
223# Unix
224AC_CHECK_FUNCS(daemon waitpid wait4 setsid setgroups chroot realpath)
225# limits
226AC_CHECK_FUNCS(sysconf getrlimit)
227# threads/reentrant functions
228AC_CHECK_FUNCS(pthread_sigmask localtime_r)
229# threads
230AC_CHECK_FUNCS(getcontext __makecontext_v2)
231# sockets
232AC_CHECK_FUNCS(poll gethostbyname2 endhostent getnameinfo)
233AC_MSG_CHECKING([for getaddrinfo])
234case "$host_os" in
235*androideabi*)
236    # http://stackoverflow.com/questions/7818246/segmentation-fault-in-getaddrinfo
237    AC_MSG_RESULT([no (buggy Android implementation)])
238    ;;
239*)
240    # Tru64 UNIX has getaddrinfo() but has it renamed in libc as
241    # something else so we must include <netdb.h> to get the
242    # redefinition.
243    AC_LINK_IFELSE(
244        [AC_LANG_PROGRAM(
245            [
246AC_INCLUDES_DEFAULT
247#include <sys/socket.h>
248#include <netdb.h>
249            ],
250            [
251getaddrinfo(NULL, NULL, NULL, NULL);
252            ],)],
253        [AC_MSG_RESULT([yes]); AC_DEFINE([HAVE_GETADDRINFO], [1], [Define to 1 if you have 'getaddrinfo' function.])],
254        [AC_MSG_RESULT([no])])
255    ;;
256esac
257# poll() is not recommended on Mac OS X <= 10.3 and broken on Mac OS X 10.4
258AC_MSG_CHECKING([for broken poll() implementation])
259case "$host_os" in
260darwin[0-8].*)
261    AC_MSG_RESULT([yes (poll() disabled)])
262    AC_DEFINE([BROKEN_POLL], [1], [Define to 1 if you have a broken 'poll' implementation.])
263    ;;
264*)
265    AC_MSG_RESULT([no])
266    ;;
267esac
268# GNU extensions
269AC_CHECK_FUNCS(pipe2 accept4)
270
271AC_MSG_NOTICE([**************************************** optional features])
272# Use IPv6?
273AC_MSG_CHECKING([whether to enable IPv6 support])
274AC_ARG_ENABLE(ipv6,
275[  --disable-ipv6          disable IPv6 support],
276    [
277        case "$enableval" in
278            yes) AC_MSG_RESULT([yes])
279                 AC_DEFINE([USE_IPv6], [1],
280                    [Define to 1 to enable IPv6 support])
281                 ;;
282            no)  AC_MSG_RESULT([no])
283                 ;;
284            *)   AC_MSG_RESULT([error])
285                 AC_MSG_ERROR([bad value \"${enableval}\"])
286                 ;;
287        esac
288    ], [
289        AC_MSG_RESULT([yes (default)])
290        AC_DEFINE([USE_IPv6], [1], [Define to 1 to enable IPv6 support])
291    ], [
292        AC_MSG_RESULT([no])
293    ]
294)
295
296# FIPS Mode
297AC_MSG_CHECKING([whether to enable FIPS support])
298AC_ARG_ENABLE(fips,
299[  --disable-fips          disable OpenSSL FIPS support],
300    [
301        case "$enableval" in
302            yes) AC_MSG_RESULT([no])
303                 use_fips="yes"
304                 AC_DEFINE([USE_FIPS], [1],
305                    [Define to 1 to enable OpenSSL FIPS support])
306                 ;;
307            no)  AC_MSG_RESULT([no])
308                 use_fips="no"
309                 ;;
310            *)   AC_MSG_RESULT([error])
311                 AC_MSG_ERROR([bad value \"${enableval}\"])
312                 ;;
313        esac
314    ],
315    [
316        use_fips="auto"
317        AC_MSG_RESULT([autodetecting])
318    ]
319)
320
321# Disable systemd socket activation support
322AC_MSG_CHECKING([whether to enable systemd socket activation support])
323AC_ARG_ENABLE(systemd,
324[  --disable-systemd       disable systemd socket activation support],
325    [
326        case "$enableval" in
327            yes) AC_MSG_RESULT([yes])
328                 AC_SEARCH_LIBS([sd_listen_fds], [systemd systemd-daemon])
329                 AC_DEFINE([USE_SYSTEMD], [1],
330                     [Define to 1 to enable systemd socket activation])
331                 ;;
332            no)  AC_MSG_RESULT([no])
333                 ;;
334            *)   AC_MSG_RESULT([error])
335                 AC_MSG_ERROR([Bad value \"${enableval}\"])
336                 ;;
337        esac
338    ],
339    [
340        AC_MSG_RESULT([autodetecting])
341        # the library name has changed to -lsystemd in systemd 209
342        AC_SEARCH_LIBS([sd_listen_fds], [systemd systemd-daemon],
343            [ AC_CHECK_HEADERS([systemd/sd-daemon.h], [
344                AC_DEFINE([USE_SYSTEMD], [1],
345                    [Define to 1 to enable systemd socket activation])
346                AC_MSG_NOTICE([systemd support enabled])
347            ], [
348                AC_MSG_NOTICE([systemd header not found])
349            ]) ], [
350                AC_MSG_NOTICE([systemd library not found])
351            ])
352    ]
353)
354
355# Disable use of libwrap (TCP wrappers)
356# it should be the last check!
357AC_MSG_CHECKING([whether to enable TCP wrappers support])
358AC_ARG_ENABLE(libwrap,
359[  --disable-libwrap       disable TCP wrappers support],
360    [
361        case "$enableval" in
362            yes) AC_MSG_RESULT([yes])
363                 AC_DEFINE([USE_LIBWRAP], [1],
364                     [Define to 1 to enable TCP wrappers support])
365                 LIBS="$LIBS -lwrap"
366                 ;;
367            no)  AC_MSG_RESULT([no])
368                 ;;
369            *)   AC_MSG_RESULT([error])
370                 AC_MSG_ERROR([Bad value \"${enableval}\"])
371                 ;;
372        esac
373    ],
374    [
375        AC_MSG_RESULT([autodetecting])
376        AC_MSG_CHECKING([for hosts_access in -lwrap])
377        valid_LIBS="$LIBS"
378        LIBS="$valid_LIBS -lwrap"
379        AC_LINK_IFELSE(
380            [
381                AC_LANG_PROGRAM(
382                    [int hosts_access(); int allow_severity, deny_severity;],
383                    [hosts_access()])
384            ], [
385                AC_MSG_RESULT([yes]);
386                AC_DEFINE([USE_LIBWRAP], [1],
387                    [Define to 1 to enable TCP wrappers support])
388                AC_MSG_NOTICE([libwrap support enabled])
389            ], [
390                AC_MSG_RESULT([no])
391                LIBS="$valid_LIBS"
392                AC_MSG_NOTICE([libwrap library not found])
393            ]
394        )
395    ]
396)
397
398AC_MSG_NOTICE([**************************************** TLS])
399
400check_ssl_dir() { :
401    test -n "$1" -a -f "$1/include/openssl/ssl.h" && SSLDIR="$1"
402}
403
404iterate_ssl_dir() { :
405    # OpenSSL directory search order:
406    # - the user-specified prefix
407    # - common locations for packages built from sources
408    # - common locations for non-OS-default package managers
409    # - common locations for OS-default package managers
410    # - empty prefix
411    for main_dir in "/usr/local" "/opt" "/opt/local" "/usr/local/opt" "/opt/csw" "/usr/pkg" "/usr/lib" "/usr" ""; do
412        for sub_dir in "/ssl" "/openssl" "/ossl" ""; do
413            check_ssl_dir "$1$main_dir$sub_dir" && return 0
414        done
415    done
416    return 1
417}
418
419find_ssl_dir() { :
420    # try Android *first*
421    case "$host_os" in
422    *androideabi*)
423        iterate_ssl_dir "$ANDROID_NDK/sysroot" && return
424        ;;
425    esac
426
427    test -d "$lt_sysroot" && iterate_ssl_dir "$lt_sysroot" && return
428    test "$prefix" != "NONE" && iterate_ssl_dir "$prefix" && return
429    test -d "$ac_default_prefix" && iterate_ssl_dir "$ac_default_prefix" && return
430    iterate_ssl_dir "" && return
431
432    # try Xcode *last*
433    if test -x "/usr/bin/xcrun"; then
434        sdk_path=`/usr/bin/xcrun --sdk macosx --show-sdk-path`
435        check_ssl_dir "$sdk_path/usr" && return
436    fi
437    check_ssl_dir "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/swift-migrator/sdk/MacOSX.sdk/usr"
438}
439
440SSLDIR=""
441AC_MSG_CHECKING([for TLS directory])
442AC_ARG_WITH(ssl,
443[  --with-ssl=DIR          location of installed TLS libraries/include files],
444    [check_ssl_dir "$withval"],
445    [find_ssl_dir]
446)
447if test -z "$SSLDIR"; then
448AC_MSG_RESULT([not found])
449AC_MSG_ERROR([
450Could not find your TLS library installation dir
451Use --with-ssl option to fix this problem
452])
453fi
454AC_MSG_RESULT([$SSLDIR])
455AC_SUBST([SSLDIR])
456AC_DEFINE_UNQUOTED([SSLDIR], ["$SSLDIR"], [TLS directory])
457
458valid_CPPFLAGS="$CPPFLAGS"; CPPFLAGS="$CPPFLAGS -I$SSLDIR/include"
459valid_LIBS="$LIBS"; LIBS="$LIBS -L$SSLDIR/lib64 -L$SSLDIR/lib -lssl -lcrypto"
460
461AC_CHECK_FUNCS(FIPS_mode_set OSSL_PROVIDER_available)
462if test "x$use_fips" = "xauto"; then
463    if test "x$ac_cv_func_FIPS_mode_set" = "xyes" -o "x$ac_cv_func_OSSL_PROVIDER_available" = "xyes"; then
464        AC_DEFINE([USE_FIPS], [1], [Define to 1 to enable OpenSSL FIPS support])
465        AC_MSG_NOTICE([FIPS support enabled])
466    else
467        AC_MSG_NOTICE([FIPS support not found])
468    fi
469fi
470
471AC_MSG_CHECKING([whether DH parameters need to be updated])
472# only build src/dhparam.c if sources are located in the current directory
473if test -f src/stunnel.c && ! grep -q " built for $PACKAGE_STRING " src/dhparam.c; then
474    AC_MSG_RESULT([yes])
475    (
476        echo '/* dhparam.c: initial DH parameters for stunnel */'
477        echo '#include "common.h"'
478        echo '#ifndef OPENSSL_NO_DH'
479        echo '#define DN_new DH_new'
480        openssl dhparam -noout -C 2048 | sed 's/static DH/DH/'
481        echo '#endif /* OPENSSL_NO_DH */'
482        echo "/* built for $PACKAGE_STRING */"
483    ) > src/dhparam.c
484    # also update trusted CA certificates
485    curl 'https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites' |
486        sed -e 's/\r//' -e 's/ $//' >tools/ca-certs.pem
487else
488    AC_MSG_RESULT([no])
489fi
490
491SYSROOT="$lt_sysroot"
492CPPFLAGS="$valid_CPPFLAGS"
493LIBS="$valid_LIBS"
494
495AC_MSG_NOTICE([**************************************** write the results])
496AC_CONFIG_FILES([Makefile src/Makefile doc/Makefile tools/Makefile tests/Makefile tests/certs/Makefile])
497AC_OUTPUT
498
499AC_MSG_NOTICE([**************************************** success])
500# vim:ft=automake
501# End of configure.ac
502