1# Process this file with autoconf to produce a configure script. 2 3AC_INIT([stunnel],[5.60]) 4AC_MSG_NOTICE([**************************************** initialization]) 5AC_CONFIG_AUX_DIR(auto) 6AC_CONFIG_MACRO_DIR([m4]) 7AC_CONFIG_HEADERS([src/config.h]) 8AC_CONFIG_SRCDIR([src/stunnel.c]) 9AM_INIT_AUTOMAKE([foreign]) 10 11AC_CANONICAL_HOST 12AC_SUBST([host]) 13AC_DEFINE_UNQUOTED([HOST], ["$host"], [Host description]) 14define([esc], [`echo ]$1[ | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_`]) 15AC_DEFINE_UNQUOTED(esc(CPU_$host_cpu)) 16AC_DEFINE_UNQUOTED(esc(VENDOR_$host_vendor)) 17AC_DEFINE_UNQUOTED(esc(OS_$host_os)) 18 19case "$host_os" in 20*darwin*) 21 # OSX does not declare ucontext without _XOPEN_SOURCE 22 AC_DEFINE([_XOPEN_SOURCE], [500], [Use X/Open 5 with POSIX 1995]) 23 # OSX does not declare chroot() without _DARWIN_C_SOURCE 24 AC_DEFINE([_DARWIN_C_SOURCE], [1], [Use Darwin source]) 25 ;; 26*) 27 AC_DEFINE([_GNU_SOURCE], [1], [Use GNU source]) 28 ;; 29esac 30 31AC_PROG_CC 32AM_PROG_CC_C_O 33AC_PROG_INSTALL 34AC_PROG_MAKE_SET 35# silent build by default 36ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) 37 38AC_MSG_NOTICE([**************************************** thread model]) 39# thread detection should be done first, as it may change the CC variable 40 41AC_ARG_WITH(threads, 42[ --with-threads=model select threading model (ucontext/pthread/fork)], 43[ 44 case "$withval" in 45 ucontext) 46 AC_MSG_NOTICE([UCONTEXT mode selected]) 47 AC_DEFINE([USE_UCONTEXT], [1], [Define to 1 to select UCONTEXT mode]) 48 ;; 49 pthread) 50 AC_MSG_NOTICE([PTHREAD mode selected]) 51 AX_PTHREAD() 52 LIBS="$PTHREAD_LIBS $LIBS" 53 CFLAGS="$CFLAGS $PTHREAD_CFLAGS" 54 CC="$PTHREAD_CC" 55 AC_DEFINE([USE_PTHREAD], [1], [Define to 1 to select PTHREAD mode]) 56 ;; 57 fork) 58 AC_MSG_NOTICE([FORK mode selected]) 59 AC_DEFINE([USE_FORK], [1], [Define to 1 to select FORK mode]) 60 ;; 61 *) 62 AC_MSG_ERROR([Unknown thread model \"${withval}\"]) 63 ;; 64 esac 65], [ 66 # do not attempt to autodetect UCONTEXT threading 67 AX_PTHREAD([ 68 AC_MSG_NOTICE([PTHREAD thread model detected]) 69 LIBS="$PTHREAD_LIBS $LIBS" 70 CFLAGS="$CFLAGS $PTHREAD_CFLAGS" 71 CC="$PTHREAD_CC" 72 AC_DEFINE([USE_PTHREAD], [1], [Define to 1 to select PTHREAD mode]) 73 ], [ 74 AC_MSG_NOTICE([FORK thread model detected]) 75 AC_DEFINE([USE_FORK], [1], [Define to 1 to select FORK mode]) 76 ]) 77]) 78 79AC_MSG_NOTICE([**************************************** compiler/linker flags]) 80if test "$GCC" = yes; then 81 AX_APPEND_COMPILE_FLAGS([-Wall]) 82 AX_APPEND_COMPILE_FLAGS([-Wextra]) 83 AX_APPEND_COMPILE_FLAGS([-Wpedantic]) 84 AX_APPEND_COMPILE_FLAGS([-Wformat=2]) 85 AX_APPEND_COMPILE_FLAGS([-Wconversion]) 86 AX_APPEND_COMPILE_FLAGS([-Wno-long-long]) 87 AX_APPEND_COMPILE_FLAGS([-Wno-deprecated-declarations]) 88 AX_APPEND_COMPILE_FLAGS([-fPIE]) 89 case "${host}" in 90 avr-*.* | powerpc-*-aix* | rl78-*.* | visium-*.*) 91 ;; 92 *) 93 AX_APPEND_COMPILE_FLAGS([-fstack-protector]) 94 ;; 95 esac 96 AX_APPEND_LINK_FLAGS([-fPIE -pie]) 97 AX_APPEND_LINK_FLAGS([-Wl,-z,relro]) 98 AX_APPEND_LINK_FLAGS([-Wl,-z,now]) 99 AX_APPEND_LINK_FLAGS([-Wl,-z,noexecstack]) 100fi 101AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2]) 102 103AC_MSG_NOTICE([**************************************** libtool]) 104LT_INIT([disable-static]) 105AC_SUBST([LIBTOOL_DEPS]) 106 107AC_MSG_NOTICE([**************************************** types]) 108AC_TYPE_INT8_T 109AC_TYPE_INT16_T 110AC_TYPE_INT32_T 111AC_TYPE_INT64_T 112AC_TYPE_UINT8_T 113AC_TYPE_UINT16_T 114AC_TYPE_UINT32_T 115AC_TYPE_UINT64_T 116AC_TYPE_SIZE_T 117AC_TYPE_SSIZE_T 118AC_TYPE_UID_T 119AC_MSG_CHECKING([for socklen_t]) 120AC_EGREP_HEADER(socklen_t, sys/socket.h, 121 AC_MSG_RESULT([yes]), 122 AC_MSG_RESULT([no (defined as int)]) 123 AC_DEFINE([socklen_t], [int], [Type of socklen_t])) 124AC_CHECK_TYPES([struct sockaddr_un], [], [], [#include <sys/un.h>]) 125AC_CHECK_TYPES([struct addrinfo], [], [], [#include <netdb.h>]) 126 127AC_MSG_NOTICE([**************************************** PTY device files]) 128if test "x$cross_compiling" = "xno"; then 129 AC_CHECK_FILE("/dev/ptmx", AC_DEFINE([HAVE_DEV_PTMX], [1], 130 [Define to 1 if you have '/dev/ptmx' device.])) 131 AC_CHECK_FILE("/dev/ptc", AC_DEFINE([HAVE_DEV_PTS_AND_PTC], [1], 132 [Define to 1 if you have '/dev/ptc' device.])) 133else 134 AC_MSG_WARN([cross-compilation: assuming /dev/ptmx and /dev/ptc are not available]) 135fi 136 137AC_MSG_NOTICE([**************************************** entropy sources]) 138 139if test "x$cross_compiling" = "xno"; then 140 AC_ARG_WITH(egd-socket, 141 [ --with-egd-socket=FILE Entropy Gathering Daemon socket path], 142 [EGD_SOCKET="$withval"] 143 ) 144 if test -n "$EGD_SOCKET"; then 145 AC_DEFINE_UNQUOTED([EGD_SOCKET], ["$EGD_SOCKET"], 146 [Entropy Gathering Daemon socket path]) 147 fi 148 149 # Check for user-specified random device 150 AC_ARG_WITH(random, 151 [ --with-random=FILE read randomness from file (default=/dev/urandom)], 152 [RANDOM_FILE="$withval"], 153 [ 154 # Check for random device 155 AC_CHECK_FILE("/dev/urandom", RANDOM_FILE="/dev/urandom") 156 ] 157 ) 158 if test -n "$RANDOM_FILE"; then 159 AC_SUBST([RANDOM_FILE]) 160 AC_DEFINE_UNQUOTED([RANDOM_FILE], ["$RANDOM_FILE"], [Random file path]) 161 fi 162else 163 AC_MSG_WARN([cross-compilation: assuming entropy sources are not available]) 164fi 165 166AC_MSG_NOTICE([**************************************** default group]) 167DEFAULT_GROUP=nobody 168if test "x$cross_compiling" = "xno"; then 169 grep '^nogroup:' /etc/group >/dev/null && DEFAULT_GROUP=nogroup 170else 171 AC_MSG_WARN([cross-compilation: assuming nogroup is not available]) 172fi 173AC_MSG_CHECKING([for default group]) 174AC_MSG_RESULT([$DEFAULT_GROUP]) 175AC_SUBST([DEFAULT_GROUP]) 176 177AC_SYS_LARGEFILE 178 179AC_MSG_NOTICE([**************************************** header files]) 180# AC_HEADER_DIRENT 181# AC_HEADER_STDC 182# AC_HEADER_SYS_WAIT 183AC_CHECK_HEADERS([stdint.h inttypes.h malloc.h ucontext.h pthread.h poll.h \ 184 tcpd.h stropts.h grp.h unistd.h util.h libutil.h pty.h limits.h]) 185AC_CHECK_HEADERS([sys/types.h sys/select.h sys/poll.h sys/socket.h sys/un.h \ 186 sys/ioctl.h sys/filio.h sys/resource.h sys/uio.h sys/syscall.h \ 187 sys/param.h]) 188AC_CHECK_HEADERS([linux/sched.h]) 189AC_CHECK_MEMBERS([struct msghdr.msg_control], 190 [AC_DEFINE([HAVE_MSGHDR_MSG_CONTROL], [1], 191 [Define to 1 if you have 'msghdr.msg_control' structure.])], [], [ 192AC_INCLUDES_DEFAULT 193#include <sys/socket.h> 194 ]) 195AC_CHECK_HEADERS([linux/netfilter_ipv4.h], , , 196 [ 197#include <limits.h> 198#include <linux/types.h> 199#include <sys/socket.h> 200#include <netdb.h> 201 ]) 202 203AC_MSG_NOTICE([**************************************** libraries]) 204# Checks for standard libraries 205AC_SEARCH_LIBS([gethostbyname], [nsl]) 206AC_SEARCH_LIBS([yp_get_default_domain], [nsl]) 207AC_SEARCH_LIBS([socket], [socket]) 208AC_SEARCH_LIBS([openpty], [util]) 209# Checks for dynamic loader needed by OpenSSL 210AC_SEARCH_LIBS([dlopen], [dl]) 211AC_SEARCH_LIBS([shl_load], [dld]) 212 213# Add BeOS libraries 214if test "x$host_os" = "xbeos"; then 215 LIBS="$LIBS -lbe -lroot -lbind" 216fi 217 218AC_MSG_NOTICE([**************************************** library functions]) 219# safe string operations 220AC_CHECK_FUNCS(snprintf vsnprintf) 221# pseudoterminal 222AC_CHECK_FUNCS(openpty _getpty) 223# Unix 224AC_CHECK_FUNCS(daemon waitpid wait4 setsid setgroups chroot realpath) 225# limits 226AC_CHECK_FUNCS(sysconf getrlimit) 227# threads/reentrant functions 228AC_CHECK_FUNCS(pthread_sigmask localtime_r) 229# threads 230AC_CHECK_FUNCS(getcontext __makecontext_v2) 231# sockets 232AC_CHECK_FUNCS(poll gethostbyname2 endhostent getnameinfo) 233AC_MSG_CHECKING([for getaddrinfo]) 234case "$host_os" in 235*androideabi*) 236 # http://stackoverflow.com/questions/7818246/segmentation-fault-in-getaddrinfo 237 AC_MSG_RESULT([no (buggy Android implementation)]) 238 ;; 239*) 240 # Tru64 UNIX has getaddrinfo() but has it renamed in libc as 241 # something else so we must include <netdb.h> to get the 242 # redefinition. 243 AC_LINK_IFELSE( 244 [AC_LANG_PROGRAM( 245 [ 246AC_INCLUDES_DEFAULT 247#include <sys/socket.h> 248#include <netdb.h> 249 ], 250 [ 251getaddrinfo(NULL, NULL, NULL, NULL); 252 ],)], 253 [AC_MSG_RESULT([yes]); AC_DEFINE([HAVE_GETADDRINFO], [1], [Define to 1 if you have 'getaddrinfo' function.])], 254 [AC_MSG_RESULT([no])]) 255 ;; 256esac 257# poll() is not recommended on Mac OS X <= 10.3 and broken on Mac OS X 10.4 258AC_MSG_CHECKING([for broken poll() implementation]) 259case "$host_os" in 260darwin[0-8].*) 261 AC_MSG_RESULT([yes (poll() disabled)]) 262 AC_DEFINE([BROKEN_POLL], [1], [Define to 1 if you have a broken 'poll' implementation.]) 263 ;; 264*) 265 AC_MSG_RESULT([no]) 266 ;; 267esac 268# GNU extensions 269AC_CHECK_FUNCS(pipe2 accept4) 270 271AC_MSG_NOTICE([**************************************** optional features]) 272# Use IPv6? 273AC_MSG_CHECKING([whether to enable IPv6 support]) 274AC_ARG_ENABLE(ipv6, 275[ --disable-ipv6 disable IPv6 support], 276 [ 277 case "$enableval" in 278 yes) AC_MSG_RESULT([yes]) 279 AC_DEFINE([USE_IPv6], [1], 280 [Define to 1 to enable IPv6 support]) 281 ;; 282 no) AC_MSG_RESULT([no]) 283 ;; 284 *) AC_MSG_RESULT([error]) 285 AC_MSG_ERROR([bad value \"${enableval}\"]) 286 ;; 287 esac 288 ], [ 289 AC_MSG_RESULT([yes (default)]) 290 AC_DEFINE([USE_IPv6], [1], [Define to 1 to enable IPv6 support]) 291 ], [ 292 AC_MSG_RESULT([no]) 293 ] 294) 295 296# FIPS Mode 297AC_MSG_CHECKING([whether to enable FIPS support]) 298AC_ARG_ENABLE(fips, 299[ --disable-fips disable OpenSSL FIPS support], 300 [ 301 case "$enableval" in 302 yes) AC_MSG_RESULT([no]) 303 use_fips="yes" 304 AC_DEFINE([USE_FIPS], [1], 305 [Define to 1 to enable OpenSSL FIPS support]) 306 ;; 307 no) AC_MSG_RESULT([no]) 308 use_fips="no" 309 ;; 310 *) AC_MSG_RESULT([error]) 311 AC_MSG_ERROR([bad value \"${enableval}\"]) 312 ;; 313 esac 314 ], 315 [ 316 use_fips="auto" 317 AC_MSG_RESULT([autodetecting]) 318 ] 319) 320 321# Disable systemd socket activation support 322AC_MSG_CHECKING([whether to enable systemd socket activation support]) 323AC_ARG_ENABLE(systemd, 324[ --disable-systemd disable systemd socket activation support], 325 [ 326 case "$enableval" in 327 yes) AC_MSG_RESULT([yes]) 328 AC_SEARCH_LIBS([sd_listen_fds], [systemd systemd-daemon]) 329 AC_DEFINE([USE_SYSTEMD], [1], 330 [Define to 1 to enable systemd socket activation]) 331 ;; 332 no) AC_MSG_RESULT([no]) 333 ;; 334 *) AC_MSG_RESULT([error]) 335 AC_MSG_ERROR([Bad value \"${enableval}\"]) 336 ;; 337 esac 338 ], 339 [ 340 AC_MSG_RESULT([autodetecting]) 341 # the library name has changed to -lsystemd in systemd 209 342 AC_SEARCH_LIBS([sd_listen_fds], [systemd systemd-daemon], 343 [ AC_CHECK_HEADERS([systemd/sd-daemon.h], [ 344 AC_DEFINE([USE_SYSTEMD], [1], 345 [Define to 1 to enable systemd socket activation]) 346 AC_MSG_NOTICE([systemd support enabled]) 347 ], [ 348 AC_MSG_NOTICE([systemd header not found]) 349 ]) ], [ 350 AC_MSG_NOTICE([systemd library not found]) 351 ]) 352 ] 353) 354 355# Disable use of libwrap (TCP wrappers) 356# it should be the last check! 357AC_MSG_CHECKING([whether to enable TCP wrappers support]) 358AC_ARG_ENABLE(libwrap, 359[ --disable-libwrap disable TCP wrappers support], 360 [ 361 case "$enableval" in 362 yes) AC_MSG_RESULT([yes]) 363 AC_DEFINE([USE_LIBWRAP], [1], 364 [Define to 1 to enable TCP wrappers support]) 365 LIBS="$LIBS -lwrap" 366 ;; 367 no) AC_MSG_RESULT([no]) 368 ;; 369 *) AC_MSG_RESULT([error]) 370 AC_MSG_ERROR([Bad value \"${enableval}\"]) 371 ;; 372 esac 373 ], 374 [ 375 AC_MSG_RESULT([autodetecting]) 376 AC_MSG_CHECKING([for hosts_access in -lwrap]) 377 valid_LIBS="$LIBS" 378 LIBS="$valid_LIBS -lwrap" 379 AC_LINK_IFELSE( 380 [ 381 AC_LANG_PROGRAM( 382 [int hosts_access(); int allow_severity, deny_severity;], 383 [hosts_access()]) 384 ], [ 385 AC_MSG_RESULT([yes]); 386 AC_DEFINE([USE_LIBWRAP], [1], 387 [Define to 1 to enable TCP wrappers support]) 388 AC_MSG_NOTICE([libwrap support enabled]) 389 ], [ 390 AC_MSG_RESULT([no]) 391 LIBS="$valid_LIBS" 392 AC_MSG_NOTICE([libwrap library not found]) 393 ] 394 ) 395 ] 396) 397 398AC_MSG_NOTICE([**************************************** TLS]) 399 400check_ssl_dir() { : 401 test -n "$1" -a -f "$1/include/openssl/ssl.h" && SSLDIR="$1" 402} 403 404iterate_ssl_dir() { : 405 # OpenSSL directory search order: 406 # - the user-specified prefix 407 # - common locations for packages built from sources 408 # - common locations for non-OS-default package managers 409 # - common locations for OS-default package managers 410 # - empty prefix 411 for main_dir in "/usr/local" "/opt" "/opt/local" "/usr/local/opt" "/opt/csw" "/usr/pkg" "/usr/lib" "/usr" ""; do 412 for sub_dir in "/ssl" "/openssl" "/ossl" ""; do 413 check_ssl_dir "$1$main_dir$sub_dir" && return 0 414 done 415 done 416 return 1 417} 418 419find_ssl_dir() { : 420 # try Android *first* 421 case "$host_os" in 422 *androideabi*) 423 iterate_ssl_dir "$ANDROID_NDK/sysroot" && return 424 ;; 425 esac 426 427 test -d "$lt_sysroot" && iterate_ssl_dir "$lt_sysroot" && return 428 test "$prefix" != "NONE" && iterate_ssl_dir "$prefix" && return 429 test -d "$ac_default_prefix" && iterate_ssl_dir "$ac_default_prefix" && return 430 iterate_ssl_dir "" && return 431 432 # try Xcode *last* 433 if test -x "/usr/bin/xcrun"; then 434 sdk_path=`/usr/bin/xcrun --sdk macosx --show-sdk-path` 435 check_ssl_dir "$sdk_path/usr" && return 436 fi 437 check_ssl_dir "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/swift-migrator/sdk/MacOSX.sdk/usr" 438} 439 440SSLDIR="" 441AC_MSG_CHECKING([for TLS directory]) 442AC_ARG_WITH(ssl, 443[ --with-ssl=DIR location of installed TLS libraries/include files], 444 [check_ssl_dir "$withval"], 445 [find_ssl_dir] 446) 447if test -z "$SSLDIR"; then 448AC_MSG_RESULT([not found]) 449AC_MSG_ERROR([ 450Could not find your TLS library installation dir 451Use --with-ssl option to fix this problem 452]) 453fi 454AC_MSG_RESULT([$SSLDIR]) 455AC_SUBST([SSLDIR]) 456AC_DEFINE_UNQUOTED([SSLDIR], ["$SSLDIR"], [TLS directory]) 457 458valid_CPPFLAGS="$CPPFLAGS"; CPPFLAGS="$CPPFLAGS -I$SSLDIR/include" 459valid_LIBS="$LIBS"; LIBS="$LIBS -L$SSLDIR/lib64 -L$SSLDIR/lib -lssl -lcrypto" 460 461AC_CHECK_FUNCS(FIPS_mode_set OSSL_PROVIDER_available) 462if test "x$use_fips" = "xauto"; then 463 if test "x$ac_cv_func_FIPS_mode_set" = "xyes" -o "x$ac_cv_func_OSSL_PROVIDER_available" = "xyes"; then 464 AC_DEFINE([USE_FIPS], [1], [Define to 1 to enable OpenSSL FIPS support]) 465 AC_MSG_NOTICE([FIPS support enabled]) 466 else 467 AC_MSG_NOTICE([FIPS support not found]) 468 fi 469fi 470 471AC_MSG_CHECKING([whether DH parameters need to be updated]) 472# only build src/dhparam.c if sources are located in the current directory 473if test -f src/stunnel.c && ! grep -q " built for $PACKAGE_STRING " src/dhparam.c; then 474 AC_MSG_RESULT([yes]) 475 ( 476 echo '/* dhparam.c: initial DH parameters for stunnel */' 477 echo '#include "common.h"' 478 echo '#ifndef OPENSSL_NO_DH' 479 echo '#define DN_new DH_new' 480 openssl dhparam -noout -C 2048 | sed 's/static DH/DH/' 481 echo '#endif /* OPENSSL_NO_DH */' 482 echo "/* built for $PACKAGE_STRING */" 483 ) > src/dhparam.c 484 # also update trusted CA certificates 485 curl 'https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites' | 486 sed -e 's/\r//' -e 's/ $//' >tools/ca-certs.pem 487else 488 AC_MSG_RESULT([no]) 489fi 490 491SYSROOT="$lt_sysroot" 492CPPFLAGS="$valid_CPPFLAGS" 493LIBS="$valid_LIBS" 494 495AC_MSG_NOTICE([**************************************** write the results]) 496AC_CONFIG_FILES([Makefile src/Makefile doc/Makefile tools/Makefile tests/Makefile tests/certs/Makefile]) 497AC_OUTPUT 498 499AC_MSG_NOTICE([**************************************** success]) 500# vim:ft=automake 501# End of configure.ac 502